Update tiff to version 4.0.8.

Pkgsrc changes:
 * Adapt PLIST, remove patches for now-integrated bugfixes.

As the release announcement says:

   All of the changes are bug and security fixes.

Upstream changes:

CHANGES IN LIBTIFF:
 * libtiff/tif_getimage.c, libtiff/tif_open.c: add parenthesis to
   fix cppcheck clarifyCalculation warnings * libtiff/tif_predict.c,
   libtiff/tif_print.c: fix printf unsigned vs signed formatting
   (cppcheck invalidPrintfArgType_uint warnings)
 * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
   TIFFReadEncodedStrip() that caused an integer division by zero.
   Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2596
 * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer
   overflow on generation of PixarLog / LUV compressed files, with
   ColorMap, TransferFunction attached and nasty plays with
   bitspersample. The fix for LUV has not been tested, but suffers
   from the same kind of issue of PixarLog. Reported by Agostino
   Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604
 * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips()
   done for http://bugzilla.maptools.org/show_bug.cgi?id=2587 /
   CVE-2016-9273 since the above change is a better fix that makes
   it unnecessary.
 * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip()
   to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength,
   rowsperstrip), instead of a logic based on the total size of
   data. Which is faulty is the total size of data is not sufficient
   to fill the whole image, and thus results in reading outside of
   the StripByCounts/StripOffsets arrays when using TIFFReadScanline().
   Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2608.
 * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of
   failure in OJPEGPreDecode(). This will avoid a divide by zero,
   and potential other issues. Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2611
 * libtiff/tif_write.c: fix misleading indentation as warned by GCC.
 * libtiff/tif_fax3.h: revert change done on 2016-01-09 that made
   Param member of TIFFFaxTabEnt structure a uint16 to reduce size
   of the binary. It happens that the Hylafax software uses the
   tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable,
   TIFFFaxBlackTable), although they are not in a public libtiff
   header. Raised by Lee Howard. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2636
 * libtiff/tiffio.h, libtiff/tif_getimage.c: add TIFFReadRGBAStripExt()
   and TIFFReadRGBATileExt() variants of the functions without ext,
   with an extra argument to control the stop_on_error behaviour.
 * libtiff/tif_getimage.c: fix potential memory leaks in error code
   path of TIFFRGBAImageBegin(). Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2627
 * libtiff/tif_jpeg.c: increase libjpeg max memory usable to 10 MB
   instead of libjpeg 1MB default. This helps when creating files
   with "big" tile, without using libjpeg temporary files. Related
   to https://trac.osgeo.org/gdal/ticket/6757
 * libtiff/tif_jpeg.c: avoid integer division by zero in
   JPEGSetupEncode() when horizontal or vertical sampling is set
   to 0. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653
 * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedRational,
   replace assertion by runtime check to error out if passed value
   is strictly negative. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2535
 * libtiff/tif_dirread.c: avoid division by floating point 0 in
   TIFFReadDirEntryCheckedRational() and
   TIFFReadDirEntryCheckedSrational(), and return 0 in that case
   (instead of infinity as before presumably) Apparently some
   sanitizers do not like those divisions by zero. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2644
 * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement
   various clampings of double to other data types to avoid undefined
   behaviour if the output range isn't big enough to hold the input
   value. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643
   http://bugzilla.maptools.org/show_bug.cgi?id=2642
   http://bugzilla.maptools.org/show_bug.cgi?id=2646
   http://bugzilla.maptools.org/show_bug.cgi?id=2647
 * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode()
   to avoid undefined behaviour caused by invalid shift exponent.
   Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
 * libtiff/tif_read.c: avoid potential undefined behaviour on signed
   integer addition in TIFFReadRawStrip1() in isMapped() case.
   Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
 * libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile
   to avoid UndefinedBehaviorSanitizer warning. Patch by Nicolás
   Peña. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
 * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to
   zero initialize tif_rawdata. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2651
 * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add _TIFFcalloc()
 * libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c: return 0 in Encode
   functions instead of -1 when TIFFFlushData1() fails. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2130
 * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
   OJPEGReadHeaderInfoSecTablesDcTable and
   OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by
   Nicolás Peña. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
 * libtiff/tif_jpeg.c: only run JPEGFixupTagsSubsampling() if the
   YCbCrSubsampling tag is not explicitly present. This helps a
   bit to reduce the I/O amount when the tag is present (especially
   on cloud hosted files).
 * libtiff/tif_lzw.c: in LZWPostEncode(), increase, if necessary,
   the code bit-width after flushing the remaining code and before
   emitting the EOI code. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=1982
 * libtiff/tif_pixarlog.c: fix memory leak in error code path of
   PixarLogSetupDecode(). Patch by Nicolás Peña. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2665
 * libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c: fix GCC 7
   -Wimplicit-fallthrough warnings.
 * libtiff/tif_dirread.c: fix memory leak in non DEFER_STRILE_LOAD
   mode (ie default) when there is both a StripOffsets and TileOffsets
   tag, or a StripByteCounts and TileByteCounts Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2689
 * libtiff/tif_ojpeg.c: fix potential memory leak in
   OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable
   and OJPEGReadHeaderInfoSecTablesAcTable Patch by Nicolás Peña.
   Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670
 * libtiff/tif_fax3.c: avoid crash in Fax3Close() on empty file.
   Patch by Alan Coopersmith + complement by myself. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2673
 * libtiff/tif_read.c: TIFFFillStrip(): add limitation to the number
   of bytes read in case td_stripbytecount[strip] is bigger than
   reasonable, so as to avoid excessive memory allocation.
 * libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c: fix memory
   leak when the underlying codec (ZIP, PixarLog) succeeds its
   setupdecode() method, but PredictorSetup fails. Credit to OSS-Fuzz
   (locally run, on GDAL)
 * libtiff/tif_read.c: TIFFFillStrip() and TIFFFillTile(): avoid
   excessive memory allocation in case of shorten files. Only
   effective on 64 bit builds and non-mapped cases. Credit to
   OSS-Fuzz (locally run, on GDAL)
 * libtiff/tif_read.c: TIFFFillStripPartial() / TIFFSeek(), avoid
   potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT
   mode. Should especially occur on 32 bit platforms.
 * libtiff/tif_read.c: TIFFFillStripPartial(): avoid excessive
   memory allocation in case of shorten files. Only effective on
   64 bit builds. Credit to OSS-Fuzz (locally run, on GDAL)
 * libtiff/tif_read.c: update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT
   mode with tif_rawdataloaded when calling TIFFStartStrip() or
   TIFFFillStripPartial(). This avoids reading beyond tif_rawdata
   when bytecount > tif_rawdatasize. Fixes
   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545.
   Credit to OSS-Fuzz
 * libtiff/tif_color.c: avoid potential int32 overflow in
   TIFFYCbCrToRGBInit() Fixes
   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 Credit
   to OSS-Fuzz
 * libtiff/tif_pixarlog.c, tif_luv.c: avoid potential int32 overflows
   in multiply_ms() and add_ms(). Fixes
   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 Credit
   to OSS-Fuzz
 * libtiff/tif_packbits.c: fix out-of-buffer read in PackBitsDecode()
   Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563
   Credit to OSS-Fuzz
 * libtiff/tif_luv.c: LogL16InitState(): avoid excessive memory
   allocation when RowsPerStrip tag is missing. Credit to OSS-Fuzz
   (locally run, on GDAL)
 * libtiff/tif_lzw.c: update dec_bitsleft at beginning of LZWDecode(),
   and update tif_rawcc at end of LZWDecode(). This is needed to
   properly work with the latest chnges in tif_read.c in
   CHUNKY_STRIP_READ_SUPPORT mode.
 * libtiff/tif_pixarlog.c: PixarLogDecode(): resync tif_rawcp with
   next_in and tif_rawcc with avail_in at beginning and end of
   function, similarly to what is done in LZWDecode(). Likely needed
   so that it works properly with latest chnges in tif_read.c in
   CHUNKY_STRIP_READ_SUPPORT mode. But untested...
 * libtiff/tif_getimage.c: initYCbCrConversion(): add basic validation
   of luma and refBlackWhite coefficients (just check they are not
   NaN for now), to avoid potential float to int overflows. Fixes
   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663 Credit
   to OSS Fuzz
 * libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of
   double to float. Credit to Google Autofuzz project
 * libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is
   not zero to avoid division by zero. Fixes
   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit
   to OSS Fuzz
 * libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of
   double to float. Credit to Google Autofuzz project
 * libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is
   not zero to avoid division by zero. Fixes
   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit
   to OSS Fuzz
 * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation
   for refBlackWhite coefficients values. To avoid invalid float->int32
   conversion. Fixes
   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718 Credit
   to OSS Fuzz


CHANGES IN THE TOOLS:
 * tools/fax2tiff.c (main): Applied patch by Jörg Ahrens to fix
   passing client data for Win32 builds using tif_win32.c
   (USE_WIN32_FILEIO defined) for file I/O. Patch was provided via
   email on November 20, 2016.
 * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that
   can cause various issues, such as buffer overflows in the library.
   Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2598
 * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore)
   mode so that the output buffer is correctly incremented to avoid
   write outside bounds. Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2620
 * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in
   readSeparateStripsIntoBuffer() to avoid read outside of heap
   allocated buffer. Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2621
 * tools/tiffcrop.c: fix integer division by zero when BitsPerSample
   is missing. Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2619
 * tools/tiffinfo.c: fix null pointer dereference in -r mode when
   the image has no StripByteCount tag. Reported by Agostino Sarubbo.
   Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594
 * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
   tag is missing. Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2597
 * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is
   called, limit the return number of inks to SamplesPerPixel, so
   that code that parses ink names doesn't go past the end of the
   buffer. Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2599
 * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
   tag is missing. Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2607
 * tools/tiffcp.c: fix uint32 underflow/overflow that can cause
   heap-based buffer overflow. Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2610
 * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert
   check. Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2605
 * tools/tiff2ps.c: fix 2 heap-based buffer overflows (in PSDataBW
   and PSDataColorContig). Reported by Agostino Sarubbo. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2633 and
   http://bugzilla.maptools.org/show_bug.cgi?id=2634.
 * tools/tiff2pdf.c: prevent heap-based buffer overflow in -j mode
   on a paletted image. Note: this fix errors out before the overflow
   happens. There could probably be a better fix. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2635
 * tools/tiff2pdf.c: fix wrong usage of memcpy() that can trigger
   unspecified behaviour. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2638
 * tools/tiff2pdf.c: avoid potential invalid memory read in
   t2p_writeproc. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639
 * tools/tiff2pdf.c: avoid potential heap-based overflow in
   t2p_readwrite_pdf_image_tile(). Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2640
 * tools/tiffcrop.c: remove extraneous TIFFClose() in error code
   path, that caused double free. Related to
   http://bugzilla.maptools.org/show_bug.cgi?id=2535
 * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
   cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
   overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656
   and http://bugzilla.maptools.org/show_bug.cgi?id=2657
 * tools/raw2tiff.c: avoid integer division by zero. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2631
 * tools/tiff2ps.c: call TIFFClose() in error code paths.
 * tools/fax2tiff.c: emit appropriate message if the input file is
   empty. Patch by Alan Coopersmith. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2672
 * tools/tiff2bw.c: close TIFF handle in error code path. Fixes
   http://bugzilla.maptools.org/show_bug.cgi?id=2677

22 files changed, 9 insertions, 986 deletions

diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 7b72869c129..6e21c5a3d7c 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.135 2017/05/07 21:52:16 he Exp $
+# $NetBSD: Makefile,v 1.136 2017/05/29 13:44:05 he Exp $
 
-DISTNAME=	tiff-4.0.7
-PKGREVISION=	11
+DISTNAME=	tiff-4.0.8
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://download.osgeo.org/libtiff/
 
diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST
index caca9dc3722..a193dcb60ed 100644
--- a/graphics/tiff/PLIST
+++ b/graphics/tiff/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.23 2016/11/23 13:51:29 he Exp $
+@comment $NetBSD: PLIST,v 1.24 2017/05/29 13:44:05 he Exp $
 bin/fax2ps
 bin/fax2tiff
 bin/pal2rgb
@@ -232,4 +232,5 @@ share/doc/tiff/html/v4.0.4.html
 share/doc/tiff/html/v4.0.4beta.html
 share/doc/tiff/html/v4.0.5.html
 share/doc/tiff/html/v4.0.6.html
+share/doc/tiff/html/v4.0.7.html
 share/doc/tiff/html/v${PKGVERSION}.html
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index 038719daafd..ec7639020b9 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,26 +1,7 @@
-$NetBSD: distinfo,v 1.81 2017/05/07 21:52:16 he Exp $
+$NetBSD: distinfo,v 1.82 2017/05/29 13:44:05 he Exp $
 
-SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648
-RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb
-SHA512 (tiff-4.0.7.tar.gz) = 941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc
-Size (tiff-4.0.7.tar.gz) = 2076392 bytes
+SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f
+RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8
+SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6
+Size (tiff-4.0.8.tar.gz) = 2065574 bytes
 SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
-SHA1 (patch-html_man_Makefile.in) = 705604e2a3065da192e7354a4a9cdcd16bd6823d
-SHA1 (patch-libtiff_tif__luv.c) = c2e8ce7474119ffa02d226932ad6c8c2b230062c
-SHA1 (patch-libtiff_tif__pixarlog.c) = ad16681cf3fcb5fded048eb70c0a93f1b6447147
-SHA1 (patch-libtiff_tif__strip.c) = f7dc7b24378d0541a8f3bcc3cad78ea2d6ae14d7
-SHA1 (patch-libtiff_tif_dir.c) = 28c45b95cedeebe005b44b45393d66f61e0ea6f7
-SHA1 (patch-libtiff_tif_dirread.c) = f6d442da817457d7ac801a3005e21c357ac31f8a
-SHA1 (patch-libtiff_tif_dirwrite.c) = 07ccbf8cf210b95d5ca7710cc2982368783b4dcb
-SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6
-SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc
-SHA1 (patch-libtiff_tif_ojpeg.c) = 1c43555434525157c1783de4802af4508c5113a4
-SHA1 (patch-libtiff_tif_read.c) = d43b10fa74a51da21f44abb7bd0251b88e8a702b
-SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617
-SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc
-SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c
-SHA1 (patch-libtiff_tiffiop.h) = 1100e55483da58037fa3f4168fffdfcbc5407456
-SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f
-SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1
-SHA1 (patch-tools_tiffcp.c) = bd6abd9dc6e044ff04d761d999fabfb0919ba0db
-SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25
diff --git a/graphics/tiff/patches/patch-html_man_Makefile.in b/graphics/tiff/patches/patch-html_man_Makefile.in
deleted file mode 100644
index 925e99b7095..00000000000
--- a/graphics/tiff/patches/patch-html_man_Makefile.in
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-html_man_Makefile.in,v 1.1 2016/11/23 13:51:29 he Exp $
-
-Don't install man pages for binaries which we leave uninstalled.
-
---- html/man/Makefile.in.orig	2016-11-19 17:40:21.000000000 +0000
-+++ html/man/Makefile.in
-@@ -383,8 +383,6 @@ docfiles = \
- 	pal2rgb.1.html \
- 	ppm2tiff.1.html \
- 	raw2tiff.1.html \
--	rgb2ycbcr.1.html \
--	thumbnail.1.html \
- 	tiff2bw.1.html \
- 	tiff2pdf.1.html \
- 	tiff2ps.1.html \
diff --git a/graphics/tiff/patches/patch-libtiff_tif__luv.c b/graphics/tiff/patches/patch-libtiff_tif__luv.c
deleted file mode 100644
index ec80f6d3047..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif__luv.c
+++ /dev/null
@@ -1,56 +0,0 @@
-$NetBSD: patch-libtiff_tif__luv.c,v 1.1 2017/05/06 21:02:00 he Exp $
-
-Fix CVE-2016-10269, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2604
-and
-https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86
-
---- libtiff/tif_luv.c.orig	2016-09-08 13:23:57.000000000 +0000
-+++ libtiff/tif_luv.c
-@@ -158,6 +158,7 @@
- typedef struct logLuvState LogLuvState;
- 
- struct logLuvState {
-+	int			encoder_state;	/* 1 if encoder correctly initialized */
- 	int                     user_datafmt;   /* user data format */
- 	int                     encode_meth;    /* encoding method */
- 	int                     pixel_size;     /* bytes per pixel */
-@@ -1552,6 +1553,7 @@ LogLuvSetupEncode(TIFF* tif)
- 		    td->td_photometric, "must be either LogLUV or LogL");
- 		break;
- 	}
-+	sp->encoder_state = 1;
- 	return (1);
- notsupported:
- 	TIFFErrorExt(tif->tif_clientdata, module,
-@@ -1563,19 +1565,27 @@ notsupported:
- static void
- LogLuvClose(TIFF* tif)
- {
-+	LogLuvState* sp = (LogLuvState*) tif->tif_data;
- 	TIFFDirectory *td = &tif->tif_dir;
- 
-+	assert(sp != 0);
- 	/*
- 	 * For consistency, we always want to write out the same
- 	 * bitspersample and sampleformat for our TIFF file,
- 	 * regardless of the data format being used by the application.
- 	 * Since this routine is called after tags have been set but
- 	 * before they have been recorded in the file, we reset them here.
-+	 * Note: this is really a nasty approach. See PixarLogClose
- 	 */
--	td->td_samplesperpixel =
--	    (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
--	td->td_bitspersample = 16;
--	td->td_sampleformat = SAMPLEFORMAT_INT;
-+	if( sp->encoder_state )
-+	{
-+	    /* See PixarLogClose. Might avoid issues with tags whose size depends
-+	     * on those below, but not completely sure this is enough. */
-+	    td->td_samplesperpixel =
-+	        (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
-+	    td->td_bitspersample = 16;
-+	    td->td_sampleformat = SAMPLEFORMAT_INT;
-+	}
- }
- 
- static void
diff --git a/graphics/tiff/patches/patch-libtiff_tif__pixarlog.c b/graphics/tiff/patches/patch-libtiff_tif__pixarlog.c
deleted file mode 100644
index b4d8c999433..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif__pixarlog.c
+++ /dev/null
@@ -1,41 +0,0 @@
-$NetBSD: patch-libtiff_tif__pixarlog.c,v 1.1 2017/05/06 21:02:00 he Exp $
-
-Fix CVE-2016-10269, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2604
-and
-https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86
-
---- libtiff/tif_pixarlog.c.orig	2016-09-23 22:56:06.000000000 +0000
-+++ libtiff/tif_pixarlog.c
-@@ -1233,8 +1233,10 @@ PixarLogPostEncode(TIFF* tif)
- static void
- PixarLogClose(TIFF* tif)
- {
-+	PixarLogState* sp = (PixarLogState*) tif->tif_data;
- 	TIFFDirectory *td = &tif->tif_dir;
- 
-+	assert(sp != 0);
- 	/* In a really sneaky (and really incorrect, and untruthful, and
- 	 * troublesome, and error-prone) maneuver that completely goes against
- 	 * the spirit of TIFF, and breaks TIFF, on close, we covertly
-@@ -1243,8 +1245,19 @@ PixarLogClose(TIFF* tif)
- 	 * readers that don't know about PixarLog, or how to set
- 	 * the PIXARLOGDATFMT pseudo-tag.
- 	 */
--	td->td_bitspersample = 8;
--	td->td_sampleformat = SAMPLEFORMAT_UINT;
-+
-+	if (sp->state&PLSTATE_INIT) {
-+	    /* We test the state to avoid an issue such as in
-+	     * http://bugzilla.maptools.org/show_bug.cgi?id=2604
-+	     * What appends in that case is that the bitspersample is 1 and
-+	     * a TransferFunction is set. The size of the TransferFunction
-+	     * depends on 1<<bitspersample. So if we increase it, an access
-+	     * out of the buffer will happen at directory flushing.
-+	     * Another option would be to clear those targs. 
-+	     */
-+	    td->td_bitspersample = 8;
-+	    td->td_sampleformat = SAMPLEFORMAT_UINT;
-+	}
- }
- 
- static void
diff --git a/graphics/tiff/patches/patch-libtiff_tif__strip.c b/graphics/tiff/patches/patch-libtiff_tif__strip.c
deleted file mode 100644
index 29d4f76f59b..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif__strip.c
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-libtiff_tif__strip.c,v 1.1 2017/05/06 21:29:16 he Exp $
-
-Fix CVE-2016-10270, ref.
-http://bugzilla.maptools.org/show_bug.cgi?id=2608
-https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
-
---- libtiff/tif_strip.c.orig	2016-11-10 02:12:36.000000000 +0000
-+++ libtiff/tif_strip.c
-@@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif)
- 	TIFFDirectory *td = &tif->tif_dir;
- 	uint32 nstrips;
- 
--    /* If the value was already computed and store in td_nstrips, then return it,
--       since ChopUpSingleUncompressedStrip might have altered and resized the
--       since the td_stripbytecount and td_stripoffset arrays to the new value
--       after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
--       tif_dirread.c ~line 3612.
--       See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
--    if( td->td_nstrips )
--        return td->td_nstrips;
--
- 	nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
- 	     TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
- 	if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dir.c b/graphics/tiff/patches/patch-libtiff_tif_dir.c
deleted file mode 100644
index 05551f99e0f..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_dir.c
+++ /dev/null
@@ -1,63 +0,0 @@
-$NetBSD: patch-libtiff_tif_dir.c,v 1.1 2017/05/05 20:14:05 sevan Exp $
-
-CVE-2017-7596
-CVE-2017-7597
-CVE-2017-7599
-CVE-2017-7600
-https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
-
---- libtiff/tif_dir.c.orig	2016-10-29 23:03:18.000000000 +0000
-+++ libtiff/tif_dir.c
-@@ -31,6 +31,7 @@
-  * (and also some miscellaneous stuff)
-  */
- #include "tiffiop.h"
-+#include <float.h>
- 
- /*
-  * These are used in the backwards compatibility code...
-@@ -154,6 +155,15 @@ bad:
- 	return (0);
- }
- 
-+static float TIFFClampDoubleToFloat( double val )
-+{
-+    if( val > FLT_MAX )
-+        return FLT_MAX;
-+    if( val < -FLT_MAX )
-+        return -FLT_MAX;
-+    return (float)val;
-+}
-+
- static int
- _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
- {
-@@ -312,13 +322,13 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va
-         dblval = va_arg(ap, double);
-         if( dblval < 0 )
-             goto badvaluedouble;
--		td->td_xresolution = (float) dblval;
-+		td->td_xresolution = TIFFClampDoubleToFloat( dblval );
- 		break;
- 	case TIFFTAG_YRESOLUTION:
-         dblval = va_arg(ap, double);
-         if( dblval < 0 )
-             goto badvaluedouble;
--		td->td_yresolution = (float) dblval;
-+		td->td_yresolution = TIFFClampDoubleToFloat( dblval );
- 		break;
- 	case TIFFTAG_PLANARCONFIG:
- 		v = (uint16) va_arg(ap, uint16_vap);
-@@ -327,10 +337,10 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va
- 		td->td_planarconfig = (uint16) v;
- 		break;
- 	case TIFFTAG_XPOSITION:
--		td->td_xposition = (float) va_arg(ap, double);
-+		td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
- 		break;
- 	case TIFFTAG_YPOSITION:
--		td->td_yposition = (float) va_arg(ap, double);
-+		td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
- 		break;
- 	case TIFFTAG_RESOLUTIONUNIT:
- 		v = (uint16) va_arg(ap, uint16_vap);
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirread.c b/graphics/tiff/patches/patch-libtiff_tif_dirread.c
deleted file mode 100644
index 7120290293d..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_dirread.c
+++ /dev/null
@@ -1,122 +0,0 @@
-$NetBSD: patch-libtiff_tif_dirread.c,v 1.3 2017/05/06 21:29:16 he Exp $
-
-CVE-2017-7596
-CVE-2017-7597
-CVE-2017-7598
-CVE-2017-7599
-CVE-2017-7600
-https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
-https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
-
-and
-
-CVE-2016-10270
-http://bugzilla.maptools.org/show_bug.cgi?id=2608
-https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
-
---- libtiff/tif_dirread.c.orig	2016-11-18 02:42:46.000000000 +0000
-+++ libtiff/tif_dirread.c
-@@ -40,6 +40,7 @@
-  */
- 
- #include "tiffiop.h"
-+#include <float.h>
- 
- #define IGNORE 0          /* tag placeholder used below */
- #define FAILED_FII    ((uint32) -1)
-@@ -2406,7 +2407,14 @@ static enum TIFFReadDirEntryErr TIFFRead
- 				ma=(double*)origdata;
- 				mb=data;
- 				for (n=0; n<count; n++)
--					*mb++=(float)(*ma++);
-+                                {
-+                                    double val = *ma++;
-+                                    if( val > FLT_MAX )
-+                                        val = FLT_MAX;
-+                                    else if( val < -FLT_MAX )
-+                                        val = -FLT_MAX;
-+                                    *mb++=(float)val;
-+                                }
- 			}
- 			break;
- 	}
-@@ -2872,7 +2880,10 @@ static enum TIFFReadDirEntryErr TIFFRead
- 		m.l = direntry->tdir_offset.toff_long8;
- 	if (tif->tif_flags&TIFF_SWAB)
- 		TIFFSwabArrayOfLong(m.i,2);
--	if (m.i[0]==0)
-+        /* Not completely sure what we should do when m.i[1]==0, but some */
-+        /* sanitizers do not like division by 0.0: */
-+        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
-+	if (m.i[0]==0 || m.i[1]==0)
- 		*value=0.0;
- 	else
- 		*value=(double)m.i[0]/(double)m.i[1];
-@@ -2900,7 +2911,10 @@ static enum TIFFReadDirEntryErr TIFFRead
- 		m.l=direntry->tdir_offset.toff_long8;
- 	if (tif->tif_flags&TIFF_SWAB)
- 		TIFFSwabArrayOfLong(m.i,2);
--	if ((int32)m.i[0]==0)
-+        /* Not completely sure what we should do when m.i[1]==0, but some */
-+        /* sanitizers do not like division by 0.0: */
-+        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
-+	if ((int32)m.i[0]==0 || m.i[1]==0)
- 		*value=0.0;
- 	else
- 		*value=(double)((int32)m.i[0])/(double)m.i[1];
-@@ -5502,8 +5516,7 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
- 	uint64 rowblockbytes;
- 	uint64 stripbytes;
- 	uint32 strip;
--	uint64 nstrips64;
--	uint32 nstrips32;
-+	uint32 nstrips;
- 	uint32 rowsperstrip;
- 	uint64* newcounts;
- 	uint64* newoffsets;
-@@ -5534,18 +5547,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
- 	    return;
- 
- 	/*
--	 * never increase the number of strips in an image
-+	 * never increase the number of rows per strip
- 	 */
- 	if (rowsperstrip >= td->td_rowsperstrip)
- 		return;
--	nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
--	if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
-+	nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
-+	if( nstrips == 0 )
- 	    return;
--	nstrips32 = (uint32)nstrips64;
- 
--	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
- 				"for chopped \"StripByteCounts\" array");
--	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
-+	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
- 				"for chopped \"StripOffsets\" array");
- 	if (newcounts == NULL || newoffsets == NULL) {
- 		/*
-@@ -5562,18 +5574,18 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
- 	 * Fill the strip information arrays with new bytecounts and offsets
- 	 * that reflect the broken-up format.
- 	 */
--	for (strip = 0; strip < nstrips32; strip++) {
-+	for (strip = 0; strip < nstrips; strip++) {
- 		if (stripbytes > bytecount)
- 			stripbytes = bytecount;
- 		newcounts[strip] = stripbytes;
--		newoffsets[strip] = offset;
-+		newoffsets[strip] = stripbytes ? offset : 0;
- 		offset += stripbytes;
- 		bytecount -= stripbytes;
- 	}
- 	/*
- 	 * Replace old single strip info with multi-strip info.
- 	 */
--	td->td_stripsperimage = td->td_nstrips = nstrips32;
-+	td->td_stripsperimage = td->td_nstrips = nstrips;
- 	TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
- 
- 	_TIFFfree(td->td_stripbytecount);
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirwrite.c b/graphics/tiff/patches/patch-libtiff_tif_dirwrite.c
deleted file mode 100644
index 2181abf395c..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_dirwrite.c
+++ /dev/null
@@ -1,192 +0,0 @@
-$NetBSD: patch-libtiff_tif_dirwrite.c,v 1.1 2017/05/05 20:14:05 sevan Exp $
-
-Dependency for applying advisory patch below without creating a variant.
-http://bugzilla.maptools.org/show_bug.cgi?id=2535
-https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
-
-CVE-2017-7596
-CVE-2017-7597
-CVE-2017-7599
-CVE-2017-7600
-https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
-
---- libtiff/tif_dirwrite.c.orig	2017-05-05 18:56:07.000000000 +0000
-+++ libtiff/tif_dirwrite.c
-@@ -30,6 +30,7 @@
-  * Directory Write Support Routines.
-  */
- #include "tiffiop.h"
-+#include <float.h>
- 
- #ifdef HAVE_IEEEFP
- #define TIFFCvtNativeToIEEEFloat(tif, n, fp)
-@@ -939,6 +940,69 @@ bad:
- 	return(0);
- }
- 
-+static float TIFFClampDoubleToFloat( double val )
-+{
-+    if( val > FLT_MAX )
-+        return FLT_MAX;
-+    if( val < -FLT_MAX )
-+        return -FLT_MAX;
-+    return (float)val;
-+}
-+
-+static int8 TIFFClampDoubleToInt8( double val )
-+{
-+    if( val > 127 )
-+        return 127;
-+    if( val < -128 || val != val )
-+        return -128;
-+    return (int8)val;
-+}
-+
-+static int16 TIFFClampDoubleToInt16( double val )
-+{
-+    if( val > 32767 )
-+        return 32767;
-+    if( val < -32768 || val != val )
-+        return -32768;
-+    return (int16)val;
-+}
-+
-+static int32 TIFFClampDoubleToInt32( double val )
-+{
-+    if( val > 0x7FFFFFFF )
-+        return 0x7FFFFFFF;
-+    if( val < -0x7FFFFFFF-1 || val != val )
-+        return -0x7FFFFFFF-1;
-+    return (int32)val;
-+}
-+
-+static uint8 TIFFClampDoubleToUInt8( double val )
-+{
-+    if( val < 0 )
-+        return 0;
-+    if( val > 255 || val != val )
-+        return 255;
-+    return (uint8)val;
-+}
-+
-+static uint16 TIFFClampDoubleToUInt16( double val )
-+{
-+    if( val < 0 )
-+        return 0;
-+    if( val > 65535 || val != val )
-+        return 65535;
-+    return (uint16)val;
-+}
-+
-+static uint32 TIFFClampDoubleToUInt32( double val )
-+{
-+    if( val < 0 )
-+        return 0;
-+    if( val > 0xFFFFFFFFU || val != val )
-+        return 0xFFFFFFFFU;
-+    return (uint32)val;
-+}
-+
- static int
- TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value)
- {
-@@ -959,7 +1023,7 @@ TIFFWriteDirectoryTagSampleformatArray(T
- 			if (tif->tif_dir.td_bitspersample<=32)
- 			{
- 				for (i = 0; i < count; ++i)
--					((float*)conv)[i] = (float)value[i];
-+					((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]);
- 				ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv);
- 			}
- 			else
-@@ -971,19 +1035,19 @@ TIFFWriteDirectoryTagSampleformatArray(T
- 			if (tif->tif_dir.td_bitspersample<=8)
- 			{
- 				for (i = 0; i < count; ++i)
--					((int8*)conv)[i] = (int8)value[i];
-+					((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]);
- 				ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv);
- 			}
- 			else if (tif->tif_dir.td_bitspersample<=16)
- 			{
- 				for (i = 0; i < count; ++i)
--					((int16*)conv)[i] = (int16)value[i];
-+					((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]);
- 				ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv);
- 			}
- 			else
- 			{
- 				for (i = 0; i < count; ++i)
--					((int32*)conv)[i] = (int32)value[i];
-+					((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]);
- 				ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv);
- 			}
- 			break;
-@@ -991,19 +1055,19 @@ TIFFWriteDirectoryTagSampleformatArray(T
- 			if (tif->tif_dir.td_bitspersample<=8)
- 			{
- 				for (i = 0; i < count; ++i)
--					((uint8*)conv)[i] = (uint8)value[i];
-+					((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]);
- 				ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv);
- 			}
- 			else if (tif->tif_dir.td_bitspersample<=16)
- 			{
- 				for (i = 0; i < count; ++i)
--					((uint16*)conv)[i] = (uint16)value[i];
-+					((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]);
- 				ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv);
- 			}
- 			else
- 			{
- 				for (i = 0; i < count; ++i)
--					((uint32*)conv)[i] = (uint32)value[i];
-+					((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]);
- 				ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv);
- 			}
- 			break;
-@@ -2094,15 +2158,25 @@ TIFFWriteDirectoryTagCheckedSlong8Array(
- static int
- TIFFWriteDirectoryTagCheckedRational(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, double value)
- {
-+        static const char module[] = "TIFFWriteDirectoryTagCheckedRational";
- 	uint32 m[2];
--	assert(value>=0.0);
- 	assert(sizeof(uint32)==4);
--	if (value<=0.0)
-+        if( value < 0 )
-+        {
-+            TIFFErrorExt(tif->tif_clientdata,module,"Negative value is illegal");
-+            return 0;
-+        }
-+        else if( value != value )
-+        {
-+            TIFFErrorExt(tif->tif_clientdata,module,"Not-a-number value is illegal");
-+            return 0;
-+        }
-+	else if (value==0.0)
- 	{
- 		m[0]=0;
- 		m[1]=1;
- 	}
--	else if (value==(double)(uint32)value)
-+	else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value)
- 	{
- 		m[0]=(uint32)value;
- 		m[1]=1;
-@@ -2143,12 +2217,13 @@ TIFFWriteDirectoryTagCheckedRationalArra
- 	}
- 	for (na=value, nb=m, nc=0; nc<count; na++, nb+=2, nc++)
- 	{
--		if (*na<=0.0)
-+		if (*na<=0.0 || *na != *na)
- 		{
- 			nb[0]=0;
- 			nb[1]=1;
- 		}
--		else if (*na==(float)(uint32)(*na))
-+		else if (*na >= 0 && *na <= (float)0xFFFFFFFFU &&
-+                         *na==(float)(uint32)(*na))
- 		{
- 			nb[0]=(uint32)(*na);
- 			nb[1]=1;
diff --git a/graphics/tiff/patches/patch-libtiff_tif_getimage.c b/graphics/tiff/patches/patch-libtiff_tif_getimage.c
deleted file mode 100644
index 89bf66e1fc7..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_getimage.c
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-libtiff_tif_getimage.c,v 1.1 2017/05/03 23:00:59 sevan Exp $
-
-https://nvd.nist.gov/vuln/detail/CVE-2017-7592
-http://bugzilla.maptools.org/show_bug.cgi?id=2658
-https://github.com/vadz/libtiff/commit/48780b4fcc42
-
---- libtiff/tif_getimage.c.orig	2016-11-18 02:47:45.000000000 +0000
-+++ libtiff/tif_getimage.c
-@@ -1305,7 +1305,7 @@ DECLAREContigPutFunc(putagreytile)
-     while (h-- > 0) {
- 	for (x = w; x-- > 0;)
-         {
--            *cp++ = BWmap[*pp][0] & (*(pp+1) << 24 | ~A1);
-+            *cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1);
-             pp += samplesperpixel;
-         }
- 	cp += toskew;
diff --git a/graphics/tiff/patches/patch-libtiff_tif_jpeg.c b/graphics/tiff/patches/patch-libtiff_tif_jpeg.c
deleted file mode 100644
index ac654a5b945..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_jpeg.c
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-libtiff_tif_jpeg.c,v 1.1 2017/05/03 23:00:59 sevan Exp $
-
-CVE-2017-7595
-https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
-
-CVE-2017-7601
-https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
-
---- libtiff/tif_jpeg.c.orig	2017-05-03 22:26:09.000000000 +0000
-+++ libtiff/tif_jpeg.c
-@@ -1626,6 +1626,20 @@ JPEGSetupEncode(TIFF* tif)
- 	case PHOTOMETRIC_YCBCR:
- 		sp->h_sampling = td->td_ycbcrsubsampling[0];
- 		sp->v_sampling = td->td_ycbcrsubsampling[1];
-+                if( sp->h_sampling == 0 || sp->v_sampling == 0 )
-+                {
-+                    TIFFErrorExt(tif->tif_clientdata, module,
-+                            "Invalig horizontal/vertical sampling value");
-+                    return (0);
-+                }
-+                if( td->td_bitspersample > 16 )
-+                {
-+                    TIFFErrorExt(tif->tif_clientdata, module,
-+                                 "BitsPerSample %d not allowed for JPEG",
-+                                 td->td_bitspersample);
-+                    return (0);
-+                }
-+
- 		/*
- 		 * A ReferenceBlackWhite field *must* be present since the
- 		 * default value is inappropriate for YCbCr.  Fill in the
diff --git a/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c b/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c
deleted file mode 100644
index 6a59d1f7de2..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_ojpeg.c
+++ /dev/null
@@ -1,77 +0,0 @@
-$NetBSD: patch-libtiff_tif_ojpeg.c,v 1.2 2017/05/07 21:52:16 he Exp $
-
-CVE-2017-7594
-http://bugzilla.maptools.org/show_bug.cgi?id=2659
-https://github.com/vadz/libtiff/commit/8283e4d1b7e5
-https://github.com/vadz/libtiff/commit/2ea32f7372b6
-
-CVE-2016-10267
-http://bugzilla.maptools.org/show_bug.cgi?id=2611
-https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
-
---- libtiff/tif_ojpeg.c.orig	2016-09-08 13:23:57.000000000 +0000
-+++ libtiff/tif_ojpeg.c
-@@ -244,6 +244,7 @@ typedef enum {
- 
- typedef struct {
- 	TIFF* tif;
-+	int decoder_ok;
- 	#ifndef LIBJPEG_ENCAP_EXTERNAL
- 	JMP_BUF exit_jmpbuf;
- 	#endif
-@@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s)
- 		}
- 		sp->write_curstrile++;
- 	}
-+	sp->decoder_ok = 1;
- 	return(1);
- }
- 
-@@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif)
- static int
- OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
- {
-+	static const char module[]="OJPEGDecode";
- 	OJPEGState* sp=(OJPEGState*)tif->tif_data;
- 	(void)s;
-+	if( !sp->decoder_ok )
-+	{
-+	    TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
-+	    return 0;
-+        }
- 	if (sp->libjpeg_jpeg_query_style==0)
- 	{
- 		if (OJPEGDecodeRaw(tif,buf,cc)==0)
-@@ -1782,7 +1790,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF*
- 			TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); 
- 			p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
- 			if (p!=64)
-+                        {
-+                                _TIFFfree(ob);
- 				return(0);
-+                        }
- 			sp->qtable[m]=ob;
- 			sp->sof_tq[m]=m;
- 		}
-@@ -1846,7 +1857,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF
- 				rb[sizeof(uint32)+5+n]=o[n];
- 			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
- 			if (p!=q)
-+                        {
-+                                _TIFFfree(rb);
- 				return(0);
-+                        }
- 			sp->dctable[m]=rb;
- 			sp->sos_tda[m]=(m<<4);
- 		}
-@@ -1910,7 +1924,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF
- 				rb[sizeof(uint32)+5+n]=o[n];
- 			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
- 			if (p!=q)
-+                        {
-+                                _TIFFfree(rb);
- 				return(0);
-+                        }
- 			sp->actable[m]=rb;
- 			sp->sos_tda[m]=(sp->sos_tda[m]|m);
- 		}
diff --git a/graphics/tiff/patches/patch-libtiff_tif_read.c b/graphics/tiff/patches/patch-libtiff_tif_read.c
deleted file mode 100644
index bc4dd57d859..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_read.c
+++ /dev/null
@@ -1,70 +0,0 @@
-$NetBSD: patch-libtiff_tif_read.c,v 1.2 2017/05/07 21:32:30 he Exp $
-
-CVE-2017-7593
-http://bugzilla.maptools.org/show_bug.cgi?id=2651
-https://github.com/vadz/libtiff/commit/d60332057b95
-
-CVE-2017-7602
-https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
-
-CVE-2016-10266
-http://bugzilla.maptools.org/show_bug.cgi?id=2596
-https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
-
---- libtiff/tif_read.c.orig	2016-07-13 13:28:17.000000000 +0000
-+++ libtiff/tif_read.c
-@@ -346,7 +346,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 s
- 	rowsperstrip=td->td_rowsperstrip;
- 	if (rowsperstrip>td->td_imagelength)
- 		rowsperstrip=td->td_imagelength;
--	stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
-+	stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
- 	stripinplane=(strip%stripsperplane);
- 	plane=(uint16)(strip/stripsperplane);
- 	rows=td->td_imagelength-stripinplane*rowsperstrip;
-@@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 stri
- 			return ((tmsize_t)(-1));
- 		}
- 	} else {
--		tmsize_t ma,mb;
-+		tmsize_t ma;
- 		tmsize_t n;
--		ma=(tmsize_t)td->td_stripoffset[strip];
--		mb=ma+size;
--		if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
--			n=0;
--		else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
--			n=tif->tif_size-ma;
--		else
--			n=size;
-+		if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
-+                    ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
-+                {
-+                    n=0;
-+                }
-+                else if( ma > TIFF_TMSIZE_T_MAX - size )
-+                {
-+                    n=0;
-+                }
-+                else
-+                {
-+                    tmsize_t mb=ma+size;
-+                    if (mb>tif->tif_size)
-+                            n=tif->tif_size-ma;
-+                    else
-+                            n=size;
-+                }
- 		if (n!=size) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			TIFFErrorExt(tif->tif_clientdata, module,
-@@ -976,7 +985,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp,
- 				 "Invalid buffer size");
- 		    return (0);
- 		}
--		tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
-+		/* Initialize to zero to avoid uninitialized buffers in case of */
-+                /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
-+		tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
- 		tif->tif_flags |= TIFF_MYBUFFER;
- 	}
- 	if (tif->tif_rawdata == NULL) {
diff --git a/graphics/tiff/patches/patch-libtiff_tif_unix.c b/graphics/tiff/patches/patch-libtiff_tif_unix.c
deleted file mode 100644
index f531662f125..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_unix.c
+++ /dev/null
@@ -1,23 +0,0 @@
-$NetBSD: patch-libtiff_tif_unix.c,v 1.1 2017/05/03 23:00:59 sevan Exp $
-
-CVE-2017-7593
-http://bugzilla.maptools.org/show_bug.cgi?id=2651
-https://github.com/vadz/libtiff/commit/d60332057b95
-
---- libtiff/tif_unix.c.orig	2015-08-28 22:16:22.000000000 +0000
-+++ libtiff/tif_unix.c
-@@ -316,6 +316,14 @@ _TIFFmalloc(tmsize_t s)
- 	return (malloc((size_t) s));
- }
- 
-+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
-+{
-+    if( nmemb == 0 || siz == 0 )
-+        return ((void *) NULL);
-+
-+    return calloc((size_t) nmemb, (size_t)siz);
-+}
-+
- void
- _TIFFfree(void* p)
- {
diff --git a/graphics/tiff/patches/patch-libtiff_tif_win32.c b/graphics/tiff/patches/patch-libtiff_tif_win32.c
deleted file mode 100644
index a5b29cff74d..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_win32.c
+++ /dev/null
@@ -1,23 +0,0 @@
-$NetBSD: patch-libtiff_tif_win32.c,v 1.1 2017/05/03 23:00:59 sevan Exp $
-
-CVE-2017-7593
-http://bugzilla.maptools.org/show_bug.cgi?id=2651
-https://github.com/vadz/libtiff/commit/d60332057b95
-
---- libtiff/tif_win32.c.orig	2015-08-28 22:16:22.000000000 +0000
-+++ libtiff/tif_win32.c
-@@ -360,6 +360,14 @@ _TIFFmalloc(tmsize_t s)
- 	return (malloc((size_t) s));
- }
- 
-+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
-+{
-+    if( nmemb == 0 || siz == 0 )
-+        return ((void *) NULL);
-+
-+    return calloc((size_t) nmemb, (size_t)siz);
-+}
-+
- void
- _TIFFfree(void* p)
- {
diff --git a/graphics/tiff/patches/patch-libtiff_tiffio.h b/graphics/tiff/patches/patch-libtiff_tiffio.h
deleted file mode 100644
index 94ddbc30e55..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tiffio.h
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-libtiff_tiffio.h,v 1.1 2017/05/03 23:00:59 sevan Exp $
-
-CVE-2017-7593
-http://bugzilla.maptools.org/show_bug.cgi?id=2651
-https://github.com/vadz/libtiff/commit/d60332057b95
-
---- libtiff/tiffio.h.orig	2016-01-24 15:39:51.000000000 +0000
-+++ libtiff/tiffio.h
-@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODEC
-  */
- 
- extern void* _TIFFmalloc(tmsize_t s);
-+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
- extern void* _TIFFrealloc(void* p, tmsize_t s);
- extern void _TIFFmemset(void* p, int v, tmsize_t c);
- extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
diff --git a/graphics/tiff/patches/patch-libtiff_tiffiop.h b/graphics/tiff/patches/patch-libtiff_tiffiop.h
deleted file mode 100644
index 407206f9e32..00000000000
--- a/graphics/tiff/patches/patch-libtiff_tiffiop.h
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-libtiff_tiffiop.h,v 1.3 2017/05/07 21:32:30 he Exp $
-
-CVE-2016-10266
-http://bugzilla.maptools.org/show_bug.cgi?id=2596
-https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
-
---- libtiff/tiffiop.h.orig	2016-01-24 15:39:51.000000000 +0000
-+++ libtiff/tiffiop.h
-@@ -250,6 +250,10 @@ struct tiff {
- #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
- 			   ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
- 			   0U)
-+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
-+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
-+#define TIFFhowmany_32_maxuint_compat(x, y) \
-+			   (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
- #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
- #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
- #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
diff --git a/graphics/tiff/patches/patch-man_Makefile.in b/graphics/tiff/patches/patch-man_Makefile.in
deleted file mode 100644
index c6c090f37ef..00000000000
--- a/graphics/tiff/patches/patch-man_Makefile.in
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-man_Makefile.in,v 1.1 2016/11/23 13:51:29 he Exp $
-
-Omit installing man pages for binaries which are only left
-in the build tree.
-
---- man/Makefile.in.orig	2016-11-19 17:40:22.000000000 +0000
-+++ man/Makefile.in
-@@ -335,8 +335,6 @@ dist_man1_MANS = \
- 	pal2rgb.1 \
- 	ppm2tiff.1 \
- 	raw2tiff.1 \
--	rgb2ycbcr.1 \
--	thumbnail.1 \
- 	tiff2bw.1 \
- 	tiff2pdf.1 \
- 	tiff2ps.1 \
diff --git a/graphics/tiff/patches/patch-tools_tiff2pdf.c b/graphics/tiff/patches/patch-tools_tiff2pdf.c
deleted file mode 100644
index 3aaba95844d..00000000000
--- a/graphics/tiff/patches/patch-tools_tiff2pdf.c
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-tools_tiff2pdf.c,v 1.3 2017/05/06 20:34:40 he Exp $
-
-Fix CVE-2016-10094, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2640
-and https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76
-
---- tools/tiff2pdf.c.orig	2016-11-12 14:58:09.000000000 +0000
-+++ tools/tiff2pdf.c
-@@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P
- 				return(0);
- 			}
- 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
--				if (count >= 4) {
-+				if (count > 4) {
-                     /* Ignore EOI marker of JpegTables */
- 					_TIFFmemcpy(buffer, jpt, count - 2);
- 					bufferoffset += count - 2;
diff --git a/graphics/tiff/patches/patch-tools_tiffcp.c b/graphics/tiff/patches/patch-tools_tiffcp.c
deleted file mode 100644
index ea1eb05cd56..00000000000
--- a/graphics/tiff/patches/patch-tools_tiffcp.c
+++ /dev/null
@@ -1,109 +0,0 @@
-$NetBSD: patch-tools_tiffcp.c,v 1.3 2017/05/06 21:37:16 he Exp $
-
-CVE-2017-5225
-http://bugzilla.maptools.org/show_bug.cgi?id=2656
-http://bugzilla.maptools.org/show_bug.cgi?id=2657
-https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
-
-and
-
-CVE-2016-10093
-http://bugzilla.maptools.org/show_bug.cgi?id=2610
-https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
-
-and
-
-CVE-2016-10268
-http://bugzilla.maptools.org/show_bug.cgi?id=2598
-https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
-
---- tools/tiffcp.c.orig	2016-10-12 01:45:17.000000000 +0000
-+++ tools/tiffcp.c
-@@ -592,7 +592,7 @@ static	copyFunc pickCopyFunc(TIFF*, TIFF
- static int
- tiffcp(TIFF* in, TIFF* out)
- {
--	uint16 bitspersample, samplesperpixel = 1;
-+	uint16 bitspersample = 1, samplesperpixel = 1;
- 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
- 	copyFunc cf;
- 	uint32 width, length;
-@@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips)
- 		tstrip_t s, ns = TIFFNumberOfStrips(in);
- 		uint32 row = 0;
- 		_TIFFmemset(buf, 0, stripsize);
--		for (s = 0; s < ns; s++) {
-+		for (s = 0; s < ns && row < imagelength; s++) {
- 			tsize_t cc = (row + rowsperstrip > imagelength) ?
- 			    TIFFVStripSize(in, imagelength - row) : stripsize;
- 			if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
-@@ -1068,6 +1068,16 @@ DECLAREcpFunc(cpContig2SeparateByRow)
- 	register uint32 n;
- 	uint32 row;
- 	tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpContig2SeparateByRow");
-+            return 0;
-+        }
- 
- 	inbuf = _TIFFmalloc(scanlinesizein);
- 	outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1121,6 +1131,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow)
- 	register uint32 n;
- 	uint32 row;
- 	tsample_t s;
-+        uint16 bps = 0;
-+
-+        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+        if( bps != 8 )
-+        {
-+            TIFFError(TIFFFileName(in),
-+                      "Error, can only handle BitsPerSample=8 in %s",
-+                      "cpSeparate2ContigByRow");
-+            return 0;
-+        }
- 
- 	inbuf = _TIFFmalloc(scanlinesizein);
- 	outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1163,7 +1183,7 @@ bad:
- 
- static void
- cpStripToTile(uint8* out, uint8* in,
--    uint32 rows, uint32 cols, int outskew, int inskew)
-+    uint32 rows, uint32 cols, int outskew, int64 inskew)
- {
- 	while (rows-- > 0) {
- 		uint32 j = cols;
-@@ -1320,7 +1340,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe
- 	tdata_t tilebuf;
- 	uint32 imagew = TIFFScanlineSize(in);
- 	uint32 tilew  = TIFFTileRowSize(in);
--	int iskew = imagew - tilew;
-+	int64 iskew = (int64)imagew - (int64)tilew;
- 	uint8* bufp = (uint8*) buf;
- 	uint32 tw, tl;
- 	uint32 row;
-@@ -1348,7 +1368,7 @@ DECLAREreadFunc(readContigTilesIntoBuffe
- 				status = 0;
- 				goto done;
- 			}
--			if (colb + tilew > imagew) {
-+			if (colb > iskew) {
- 				uint32 width = imagew - colb;
- 				uint32 oskew = tilew - width;
- 				cpStripToTile(bufp + colb,
-@@ -1763,7 +1783,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16
- 	uint32 w, l, tw, tl;
- 	int bychunk;
- 
--	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
-+	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
- 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
- 		fprintf(stderr,
- 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
diff --git a/graphics/tiff/patches/patch-tools_tiffcrop.c b/graphics/tiff/patches/patch-tools_tiffcrop.c
deleted file mode 100644
index 026b4659a6b..00000000000
--- a/graphics/tiff/patches/patch-tools_tiffcrop.c
+++ /dev/null
@@ -1,28 +0,0 @@
-$NetBSD$
-
-CVE-2016-10092
-http://bugzilla.maptools.org/show_bug.cgi?id=2620
-https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
-Fix double free
-http://bugzilla.maptools.org/show_bug.cgi?id=2535
-https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
-
---- tools/tiffcrop.c.orig	2016-11-19 01:45:30.000000000 +0000
-+++ tools/tiffcrop.c
-@@ -3698,7 +3698,7 @@ static int readContigStripsIntoBuffer (T
-                                   (unsigned long) strip, (unsigned long)rows);
-                         return 0;
-                 }
--                bufp += bytes_read;
-+                bufp += stripsize;
-         }
- 
-         return 1;
-@@ -7986,7 +7986,6 @@ writeCroppedImage(TIFF *in, TIFF *out, s
-   if (!TIFFWriteDirectory(out))
-     {
-     TIFFError("","Failed to write IFD for page number %d", pagenum);
--    TIFFClose(out);
-     return (-1);
-     }
-