From 06de83c3cc5d813f42736875d6785c5d5032d9c0 Mon Sep 17 00:00:00 2001
From: naddy <naddy@openbsd.org>
Date: Mon, 12 Jun 2006 17:31:34 +0000
Subject: [PATCH] SECURITY: Prevent sign extension on integer promotion that
 leads to a buffer overflow. Minimal fix from upstream CVS.  CVE-2006-2193.
 prodded by bernd@

---
 graphics/tiff/Makefile                       |  3 +-
 graphics/tiff/patches/patch-tools_tiff2pdf_c | 32 ++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 graphics/tiff/patches/patch-tools_tiff2pdf_c

diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index ea0ee94a55f..b83489f55e6 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.44 2006/03/31 20:38:29 naddy Exp $
+# $OpenBSD: Makefile,v 1.45 2006/06/12 17:31:34 naddy Exp $
 
 COMMENT=	"tools and library routines for working with TIFF images"
 
 DISTNAME=	tiff-3.8.2
+PKGNAME=	${DISTNAME}p0
 SHARED_LIBS=	tiff	38.2 \
 		tiffxx	39.2
 CATEGORIES=	graphics
diff --git a/graphics/tiff/patches/patch-tools_tiff2pdf_c b/graphics/tiff/patches/patch-tools_tiff2pdf_c
new file mode 100644
index 00000000000..eccf39c218b
--- /dev/null
+++ b/graphics/tiff/patches/patch-tools_tiff2pdf_c
@@ -0,0 +1,32 @@
+$OpenBSD: patch-tools_tiff2pdf_c,v 1.1 2006/06/12 17:31:34 naddy Exp $
+--- tools/tiff2pdf.c.orig	Sun Jun 11 15:58:06 2006
++++ tools/tiff2pdf.c	Sun Jun 11 16:00:21 2006
+@@ -279,8 +279,8 @@ tsize_t t2p_sample_lab_signed_to_unsigne
+ tsize_t t2p_write_pdf_header(T2P*, TIFF*);
+ tsize_t t2p_write_pdf_obj_start(uint32, TIFF*);
+ tsize_t t2p_write_pdf_obj_end(TIFF*);
+-tsize_t t2p_write_pdf_name(char*, TIFF*);
+-tsize_t t2p_write_pdf_string(char*, TIFF*);
++tsize_t t2p_write_pdf_name(unsigned char*, TIFF*);
++tsize_t t2p_write_pdf_string(unsigned char*, TIFF*);
+ tsize_t t2p_write_pdf_stream(tdata_t, tsize_t, TIFF*);
+ tsize_t t2p_write_pdf_stream_start(TIFF*);
+ tsize_t t2p_write_pdf_stream_end(TIFF*);
+@@ -3572,7 +3572,7 @@ tsize_t t2p_write_pdf_obj_end(TIFF* outp
+ 	This function writes a PDF name object to output.
+ */
+ 
+-tsize_t t2p_write_pdf_name(char* name, TIFF* output){
++tsize_t t2p_write_pdf_name(unsigned char* name, TIFF* output){
+ 
+ 	tsize_t written=0;
+ 	uint32 i=0;
+@@ -3657,7 +3657,7 @@ tsize_t t2p_write_pdf_name(char* name, T
+ 	This function writes a PDF string object to output.
+ */
+ 	
+-tsize_t t2p_write_pdf_string(char* pdfstr, TIFF* output){
++tsize_t t2p_write_pdf_string(unsigned char* pdfstr, TIFF* output){
+ 
+ 	tsize_t written=0;
+ 	uint32 i=0;