libtiff5/libtiff-3.8.2-cve_2006_2193.patch

  * SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
  * Add debian/patches/tiff2pdf-octal-printf.patch:
    - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
      signed char (it printed a signed integer, which overflow the buffer and
      was wrong anyway).
    - CVE-2006-2193

--- tiff-3.8.2/tools/tiff2pdf.c	2006-03-21 17:42:51.000000000 +0100
+++ tiff-3.8.2/tools/tiff2pdf.c.fix	2006-06-15 17:00:23.000000000 +0200
@@ -3668,7 +3668,7 @@
 	written += TIFFWriteFile(output, (tdata_t) "(", 1);
 	for (i=0;i<len;i++){
 		if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
-			sprintf(buffer, "\\%.3o", pdfstr[i]);
+			sprintf(buffer, "\\%.3hho", pdfstr[i]);
 			written += TIFFWriteFile(output, (tdata_t) buffer, 4);
 		} else {
 			switch (pdfstr[i]){
update to 4.4.0 [release 4.4.0-1mamba;Sat May 28 2022] 2024-01-06 05:55:28 +01:00			`* SECURITY UPDATE: Arbitrary command execution with crafted TIF files.`
			`* Add debian/patches/tiff2pdf-octal-printf.patch:`
			`- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal`
			`signed char (it printed a signed integer, which overflow the buffer and`
			`was wrong anyway).`
			`- CVE-2006-2193`

			`--- tiff-3.8.2/tools/tiff2pdf.c 2006-03-21 17:42:51.000000000 +0100`
			`+++ tiff-3.8.2/tools/tiff2pdf.c.fix 2006-06-15 17:00:23.000000000 +0200`
			`@@ -3668,7 +3668,7 @@`
			`written += TIFFWriteFile(output, (tdata_t) "(", 1);`
			`for (i=0;i<len;i++){`
			`if((pdfstr[i]&0x80) \|\| (pdfstr[i]==127) \|\| (pdfstr[i]<32)){`
			`- sprintf(buffer, "\\%.3o", pdfstr[i]);`
			`+ sprintf(buffer, "\\%.3hho", pdfstr[i]);`
			`written += TIFFWriteFile(output, (tdata_t) buffer, 4);`
			`} else {`
			`switch (pdfstr[i]){`