SECURITY:

Prevent sign extension on integer promotion that leads to a buffer overflow.
Minimal fix from upstream CVS.  CVE-2006-2193.
prodded by bernd@

graphics/tiff/Makefile

@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.44 2006/03/31 20:38:29 naddy Exp $
+# $OpenBSD: Makefile,v 1.45 2006/06/12 17:31:34 naddy Exp $
 
 COMMENT=	"tools and library routines for working with TIFF images"
 
 DISTNAME=	tiff-3.8.2
+PKGNAME=	${DISTNAME}p0
 SHARED_LIBS=	tiff	38.2 \
 		tiffxx	39.2
 CATEGORIES=	graphics

graphics/tiff/patches/patch-tools_tiff2pdf_c

@@ -0,0 +1,32 @@
+$OpenBSD: patch-tools_tiff2pdf_c,v 1.1 2006/06/12 17:31:34 naddy Exp $
+--- tools/tiff2pdf.c.orig	Sun Jun 11 15:58:06 2006
++++ tools/tiff2pdf.c	Sun Jun 11 16:00:21 2006
+@@ -279,8 +279,8 @@ tsize_t t2p_sample_lab_signed_to_unsigne
+ tsize_t t2p_write_pdf_header(T2P*, TIFF*);
+ tsize_t t2p_write_pdf_obj_start(uint32, TIFF*);
+ tsize_t t2p_write_pdf_obj_end(TIFF*);
+-tsize_t t2p_write_pdf_name(char*, TIFF*);
+-tsize_t t2p_write_pdf_string(char*, TIFF*);
++tsize_t t2p_write_pdf_name(unsigned char*, TIFF*);
++tsize_t t2p_write_pdf_string(unsigned char*, TIFF*);
+ tsize_t t2p_write_pdf_stream(tdata_t, tsize_t, TIFF*);
+ tsize_t t2p_write_pdf_stream_start(TIFF*);
+ tsize_t t2p_write_pdf_stream_end(TIFF*);
+@@ -3572,7 +3572,7 @@ tsize_t t2p_write_pdf_obj_end(TIFF* outp
+ 	This function writes a PDF name object to output.
+ */
+ 
+-tsize_t t2p_write_pdf_name(char* name, TIFF* output){
++tsize_t t2p_write_pdf_name(unsigned char* name, TIFF* output){
+ 
+ 	tsize_t written=0;
+ 	uint32 i=0;
+@@ -3657,7 +3657,7 @@ tsize_t t2p_write_pdf_name(char* name, T
+ 	This function writes a PDF string object to output.
+ */
+ 	
+-tsize_t t2p_write_pdf_string(char* pdfstr, TIFF* output){
++tsize_t t2p_write_pdf_string(unsigned char* pdfstr, TIFF* output){
+ 
+ 	tsize_t written=0;
+ 	uint32 i=0;