From 37bad4e251eaf1d80cc13e56bcce73f11bbe27d0 Mon Sep 17 00:00:00 2001
From: Jindrich Novy <jnovy@fedoraproject.org>
Date: Tue, 5 Sep 2006 12:04:37 +0000
Subject: [PATCH] - fix CVE-2006-2193, tiff2pdf buffer overflow (#194362) - fix
 typo in man page for tiffset (#186297) - use %%{?dist}

---
 libtiff-3.8.2-CVE-2006-2193.patch | 11 +++++++++++
 libtiff-3.8.2-mantypo.patch       | 11 +++++++++++
 libtiff.spec                      | 11 ++++++++++-
 3 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 libtiff-3.8.2-CVE-2006-2193.patch
 create mode 100644 libtiff-3.8.2-mantypo.patch

diff --git a/libtiff-3.8.2-CVE-2006-2193.patch b/libtiff-3.8.2-CVE-2006-2193.patch
new file mode 100644
index 0000000..ffd81bf
--- /dev/null
+++ b/libtiff-3.8.2-CVE-2006-2193.patch
@@ -0,0 +1,11 @@
+--- tiff-3.8.2/tools/tiff2pdf.c.CVE-2006-2193	2006-03-21 17:42:51.000000000 +0100
++++ tiff-3.8.2/tools/tiff2pdf.c	2006-09-05 10:47:51.000000000 +0200
+@@ -3668,7 +3668,7 @@
+ 	written += TIFFWriteFile(output, (tdata_t) "(", 1);
+ 	for (i=0;i<len;i++){
+ 		if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
+-			sprintf(buffer, "\\%.3o", pdfstr[i]);
++			snprintf(buffer, sizeof(buffer), "\\%.3o", (unsigned char) pdfstr[i]);
+ 			written += TIFFWriteFile(output, (tdata_t) buffer, 4);
+ 		} else {
+ 			switch (pdfstr[i]){
diff --git a/libtiff-3.8.2-mantypo.patch b/libtiff-3.8.2-mantypo.patch
new file mode 100644
index 0000000..dd2811e
--- /dev/null
+++ b/libtiff-3.8.2-mantypo.patch
@@ -0,0 +1,11 @@
+--- tiff-3.8.2/man/tiffset.1.mantypo	2005-12-02 17:01:33.000000000 +0100
++++ tiff-3.8.2/man/tiffset.1	2006-09-05 10:10:02.000000000 +0200
+@@ -60,7 +60,7 @@
+ "Anonymous":
+ .RS
+ .nf
+-tiffset -s 305 Anonymous a.tif
++tiffset -s 315 Anonymous a.tif
+ .fi
+ .RE
+ .PP
diff --git a/libtiff.spec b/libtiff.spec
index 13338eb..538904b 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,12 +1,14 @@
 Summary: Library of functions for manipulating TIFF format image files
 Name: libtiff
 Version: 3.8.2
-Release: 5
+Release: 6%{?dist}
 License: distributable
 Group: System Environment/Libraries
 Source: ftp://ftp.remotesensing.org/pub/libtiff/tiff-%{version}.tar.gz
 Patch0: tiffsplit-overflow.patch
 Patch1: libtiff-3.8.2-ormandy.patch
+Patch2: libtiff-3.8.2-CVE-2006-2193.patch
+Patch3: libtiff-3.8.2-mantypo.patch
 URL: http://www.libtiff.org/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: zlib-devel libjpeg-devel
@@ -39,6 +41,8 @@ install the libtiff package.
 %setup -q -n tiff-%{version}
 %patch0 -p1 -b .overflow
 %patch1 -p1 -b .ormandy
+%patch2 -p1 -b .CVE-2006-2193
+%patch3 -p1 -b .mantypo
 
 %build
 %configure
@@ -111,6 +115,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man3/*
 
 %changelog
+* Tue Sep  5 2006 Jindrich Novy <jnovy@redhat.com> - 3.8.2-6
+- fix CVE-2006-2193, tiff2pdf buffer overflow (#194362)
+- fix typo in man page for tiffset (#186297)
+- use %%{?dist}
+
 * Mon Jul 24 2006 Matthias Clasen <mclasen@redhat.com>
 - Fix several vulnerabilities (CVE-2006-3460 CVE-2006-3461
   CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)