Security fix for CVE-2006-2193:

"A vulnerability in LibTIFF can be exploited by malicious people to
 cause a DoS (Denial of Service) and potentially compromise a user's
 system.

 The vulnerability is caused due to a boundary error within tiff2pdf
 when handling a TIFF file with a "DocumentName" tag that contains
 UTF-8 characters.  This can be exploited to cause a stack-based buffer
 overflow and may allow arbitrary code execution."

http://secunia.com/advisories/20488/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193

Patch from Ubuntu.

3 files changed, 19 insertions, 3 deletions

diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index df5aeb1a3ea..0e315f525b3 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.81 2006/04/14 07:08:08 heinz Exp $
+# $NetBSD: Makefile,v 1.82 2006/06/08 11:05:14 salo Exp $
 
 DISTNAME=	tiff-3.8.2
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://ftp.remotesensing.org/pub/libtiff/ \
 		http://libtiff.maptools.org/dl/
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index dc438891d05..d5be039a8e6 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.37 2006/03/31 14:31:03 drochner Exp $
+$NetBSD: distinfo,v 1.38 2006/06/08 11:05:14 salo Exp $
 
 SHA1 (tiff-3.8.2.tar.gz) = 549e67b6a15b42bfcd72fe17cda7c9a198a393eb
 RMD160 (tiff-3.8.2.tar.gz) = 1b4d825e3be08764e953fc58246d0c25ab4dd17d
@@ -6,3 +6,4 @@ Size (tiff-3.8.2.tar.gz) = 1336295 bytes
 SHA1 (patch-aa) = edac79a6f3b61e9fc787fe14f750d88023a29bfa
 SHA1 (patch-ab) = b517cb8bc2212d3e6c5a70db1bdf45b85b78fc72
 SHA1 (patch-at) = 4006ed90f6ab88aff30e2537d613a1b44b5c7347
+SHA1 (patch-au) = c53ed7521c3918081526ad63cd0c1c45c9a0b9ff
diff --git a/graphics/tiff/patches/patch-au b/graphics/tiff/patches/patch-au
new file mode 100644
index 00000000000..822d33121a3
--- /dev/null
+++ b/graphics/tiff/patches/patch-au
@@ -0,0 +1,15 @@
+$NetBSD: patch-au,v 1.5 2006/06/08 11:05:14 salo Exp $
+
+Security fix for CVE-2006-2193, from Ubuntu.
+
+--- tools/tiff2pdf.c.orig	2006-03-21 17:42:51.000000000 +0100
++++ tools/tiff2pdf.c	2006-06-08 12:39:11.000000000 +0200
+@@ -3668,7 +3668,7 @@
+ 	written += TIFFWriteFile(output, (tdata_t) "(", 1);
+ 	for (i=0;i<len;i++){
+ 		if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
+-			sprintf(buffer, "\\%.3o", pdfstr[i]);
++			sprintf(buffer, "\\%.3hho", pdfstr[i]);
+ 			written += TIFFWriteFile(output, (tdata_t) buffer, 4);
+ 		} else {
+ 			switch (pdfstr[i]){