Apply fix from upstream to fix CVE-2016-10092, ref.

http://bugzilla.maptools.org/show_bug.cgi?id=2620 and
https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
Bump PKGREVISION.

2 files changed, 19 insertions, 2 deletions

diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 594ebe22081..e03848ef6ff 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.126 2017/05/03 23:00:59 sevan Exp $
+# $NetBSD: Makefile,v 1.127 2017/05/05 19:16:57 he Exp $
 
 DISTNAME=	tiff-4.0.7
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://download.osgeo.org/libtiff/
 
diff --git a/graphics/tiff/patches/patch-tools_tiffcrop.c b/graphics/tiff/patches/patch-tools_tiffcrop.c
new file mode 100644
index 00000000000..9c3a6230d84
--- /dev/null
+++ b/graphics/tiff/patches/patch-tools_tiffcrop.c
@@ -0,0 +1,17 @@
+$NetBSD$
+
+Fix for CVE-2016-10092, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2620
+and
+https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
+
+--- tools/tiffcrop.c.orig	2016-11-19 01:45:30.000000000 +0000
++++ tools/tiffcrop.c
+@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (T
+                                   (unsigned long) strip, (unsigned long)rows);
+                         return 0;
+                 }
+-                bufp += bytes_read;
++                bufp += stripsize;
+         }
+ 
+         return 1;