Mail archive
alpine-aports

[alpine-aports] [PATCH v3.3] main/tiff: security upgrade to 4.0.7 - fixes #6666

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Thu, 19 Jan 2017 14:13:04 +0000

CVE-2016-9273: heap-buffer-overflow in cpStrips
CVE-2016-9297: segfault in _TIFFPrintField
CVE-2016-9448: Invalid read of size 1 in TIFFFetchNormalTag
CVE-2016-9453: out-of-bounds Write Caused by memcpy and no bound check in tiff2pdf
CVE-2016-3186: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool
CVE-2016-3622: Divide By Zero in the tiff2rgba tool
CVE-2016-3623, CVE-2016-3624: Divide By Zero in the rgb2ycbcr tool
CVE-2016-3625: Out-of-bounds Read in the tiff2bw tool
CVE-2016-3658, CVE-2014-8127: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c
CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317: PixarLogDecode() out-of-bound writes
CVE-2016-5320, CVE-2016-5875: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c
  bugzilla suppose that CVE-2016-5320 is a duplicate of CVE-2016-5314 (https://bugs.alpinelinux.org/issues/6661) which was fixed in tiff 4.0.7 (http://bugzilla.maptools.org/show_bug.cgi?id=2554#c1)
CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function
CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function
CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
---
CVE-2016-5318 remains unfixed still (http://bugzilla.maptools.org/show_bug.cgi?id=2561)
 #6662 could not be marked as fixed for now
4.0.7 contains lots of fixes:
http://libtiff.maptools.org/v4.0.7.html
https://fossies.org/diffs/tiff/4.0.6_vs_4.0.7/ChangeLog-diff.html
There is only one major change mentioned: The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution. These tools were written in the late 1980s and early 1990s for test and demonstration purposes. In some cases the tools were never updated to support updates to the file format, or the file formats are now rarely used. In all cases these tools increased the libtiff security and maintenance exposure beyond the value offered by the tool.
http://libtiff.maptools.org/v4.0.7.html
Patches: CVE-2015-7554.patch, CVE-2015-8665.patch, CVE-2015-8668.patch, CVE-2015-8781-8782-8783.patch, CVE-2015-8784.patch, CVE-2016-3632.patch, CVE-2016-3945.patch, CVE-2016-3990.patch, CVE-2016-3991.patch
are not needed anymore, because these issues were fixed in 4.0.7
main/tiff/APKBUILD                      |  75 ++++++--------
 main/tiff/CVE-2015-7554.patch           |  25 -----
 main/tiff/CVE-2015-8665.patch           | 113 ---------------------
 main/tiff/CVE-2015-8668.patch           |  42 --------
 main/tiff/CVE-2015-8781-8782-8783.patch | 171 --------------------------------
 main/tiff/CVE-2015-8784.patch           |  49 ---------
 main/tiff/CVE-2016-3632.patch           |  23 -----
 main/tiff/CVE-2016-3945.patch           |  97 ------------------
 main/tiff/CVE-2016-3990.patch           |  37 -------
 main/tiff/CVE-2016-3991.patch           | 126 -----------------------
 10 files changed, 31 insertions(+), 727 deletions(-)
 delete mode 100644 main/tiff/CVE-2015-7554.patch
 delete mode 100644 main/tiff/CVE-2015-8665.patch
 delete mode 100644 main/tiff/CVE-2015-8668.patch
 delete mode 100644 main/tiff/CVE-2015-8781-8782-8783.patch
 delete mode 100644 main/tiff/CVE-2015-8784.patch
 delete mode 100644 main/tiff/CVE-2016-3632.patch
 delete mode 100644 main/tiff/CVE-2016-3945.patch
 delete mode 100644 main/tiff/CVE-2016-3990.patch
 delete mode 100644 main/tiff/CVE-2016-3991.patch
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
index 85efc94..4d002ec 100644
--- a/main/tiff/APKBUILD
+++ b/main/tiff/APKBUILD
_at_@ -1,9 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Leonardo Arena <rnalrd_at_alpinelinux.org>
-# Contributor: Sergey Lukin <sergej.lukin_at_gmail.com>
 # Maintainer: Michael Mason <ms13sp_at_gmail.com>
 pkgname=tiff
-pkgver=4.0.6
-pkgrel=4
+pkgver=4.0.7
+pkgrel=0
 pkgdesc="Provides support for the Tag Image File Format or TIFF"
 url="http://www.libtiff.org/"
 arch="all"
_at_@ -12,17 +12,31 @@ depends=
 depends_dev="zlib-dev libjpeg-turbo-dev"
 makedepends="libtool autoconf automake $depends_dev"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
-source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz
-	CVE-2015-7554.patch
-	CVE-2015-8665.patch
-	CVE-2015-8668.patch
-	CVE-2015-8781-8782-8783.patch
-	CVE-2015-8784.patch
-	CVE-2016-3632.patch
-	CVE-2016-3945.patch
-	CVE-2016-3990.patch
-	CVE-2016-3991.patch
-	"
+source="http://download.osgeo.org/libtiff/$pkgname-$pkgver.tar.gz"
+
+# secfixes:
+#   4.0.7-r0:
+#     - CVE-2016-9273
+#     - CVE-2016-9297
+#     - CVE-2016-9448
+#     - CVE-2016-9453
+#     - CVE-2016-3186
+#     - CVE-2016-3621
+#     - CVE-2016-3622
+#     - CVE-2016-3623
+#     - CVE-2016-3624
+#     - CVE-2016-3625
+#     - CVE-2016-3658
+#     - CVE-2014-8127
+#     - CVE-2016-5314
+#     - CVE-2016-5315
+#     - CVE-2016-5316
+#     - CVE-2016-5317
+#     - CVE-2016-5320
+#     - CVE-2016-5875
+#     - CVE-2016-5321
+#     - CVE-2016-5323
+#     - CVE-2016-5652
 
 builddir="$srcdir"/$pkgname-$pkgver
 
_at_@ -63,33 +77,6 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="d1d2e940dea0b5ad435f21f03d96dd72  tiff-4.0.6.tar.gz
-1023c7deacbb5d8dc61e6d1e9959b172  CVE-2015-7554.patch
-1ed2295ff179a6b64803d33f0f865740  CVE-2015-8665.patch
-b6e064713f307a2bbf815fb6f46f5317  CVE-2015-8668.patch
-96d2a934914a548d244e0a055f370334  CVE-2015-8781-8782-8783.patch
-8b3e84314fc2c0eeabd8d2c410f85727  CVE-2015-8784.patch
-0bf7599f2d566038fb583250590716d3  CVE-2016-3632.patch
-e1de46d39bda11acf73d6430f5108d19  CVE-2016-3945.patch
-ee98f9ec234ac11bd5764b1d3ae0aa00  CVE-2016-3990.patch
-f060dad3d0bc8a65e2dba9bb4cba4ff4  CVE-2016-3991.patch"
-sha256sums="4d57a50907b510e3049a4bba0d7888930fdfc16ce49f1bf693e5b6247370d68c  tiff-4.0.6.tar.gz
-2da0ab2927cdaebc790d4cf80a674124a3a08e511bbf6a39a5b232df46068b1b  CVE-2015-7554.patch
-1e4158f2a85e4c597b2a6d290c54d4ee815c8930f80824363945506bda3fc798  CVE-2015-8665.patch
-962abf920444bc02d4086d17acfc24d6a163010b1639384fecff1460dca07f7d  CVE-2015-8668.patch
-f7c953c51f4f14b8627aad9bfe5b183b5d56e62e96e24d80a233e0b849c0c743  CVE-2015-8781-8782-8783.patch
-504332761f3e72d8424fd59d4e2c75dd280f61efbbd4e60f6bc0e1f91ed9e972  CVE-2015-8784.patch
-de53c724507a2ab2796b4ae52bd12e8ca358aa03a3ea69664e3986804b9c1b38  CVE-2016-3632.patch
-e89921b4e26ffc49fb37a219fa6fc6078949f6f62154e037dbbe66051b97f731  CVE-2016-3945.patch
-28a16234ea69877de83ee5e269929b7a05fcce1ff6400db3005c94328c9e1751  CVE-2016-3990.patch
-e85df1c5ae13cd6fbf38f13cdb34e6fc7e744005bd8948d97751be1a18208870  CVE-2016-3991.patch"
-sha512sums="2c8dbaaaab9f82a7722bfe8cb6fcfcf67472beb692f1b7dafaf322759e7016dad1bc58457c0f03db50aa5bd088fef2b37358fcbc1524e20e9e14a9620373fdf8  tiff-4.0.6.tar.gz
-4d902d55d3f796f6f6e266ee1c1237a765ffb0595e0af8c325d08ad3eff76d87409ae4edae5bf3f8adb06796e2ddd2439f598c24760aa2444e30efb3f78e8ce8  CVE-2015-7554.patch
-4507d3852d57922574897d53f366d80d71d0d83850aa3c3993b956fabce26165f315838c17430d1abd41f160c40a4e3d8e6b31ff150e81059669ccfe29f90126  CVE-2015-8665.patch
-aaa315f45a0410a4173afbd0c913891d9a0df0c447b09fd1be6080ee78366294909b2d599b7908b591b7e3911ed6f5b6d97c054bb5a1e17540204b7542268d23  CVE-2015-8668.patch
-4ca7823f666df8f29eba0f62a14f71e440eef20fcc8d3a1a77cf65a07e1e737bdcfb49641ee5b62ce28877ef428106996254989d2100615dc7cf2be7aa903002  CVE-2015-8781-8782-8783.patch
-46c917d435bca839bc2bcdb170e1a9724e07da9ba9cdf1230168f1cef7b1e62c4af19ebe4892d9d56f29fcf2820b8f55e81539eca70120893b2f0894efcc370f  CVE-2015-8784.patch
-93dfd29c884daaaa72196cc66537dba25d088ab86f09e8f9a69a3cb91e380e1b62860ae8aa459c4972c609422ac3a026e3a8b0e384438f48e697ab56c6af71f1  CVE-2016-3632.patch
-5aa686e8164eea39c0968d2748dcd02f536741b1d2c387dee60891f8768bc343c34f0851fe700f1457949bf3f534f49370f8b114663af977cb45d9a431b38425  CVE-2016-3945.patch
-289651ae11fc5c6ddfbab94af7f598165637cf8b827b1cffb5e4522c7d566c96a4fd07acc7195705a655e4c8f95ef0957df8d924f76bdf2bebcf918f4cec3a9d  CVE-2016-3990.patch
-048cff76de85f51a942e15e5b2d72b63b75a79adba5e9d4a7a7fac8ca47b1caf48c4a4af28b226c3146a235aba7734f525b40f1274bc4f639bb9d870a637aa84  CVE-2016-3991.patch"
+md5sums="77ae928d2c6b7fb46a21c3a29325157b  tiff-4.0.7.tar.gz"
+sha256sums="9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019  tiff-4.0.7.tar.gz"
+sha512sums="941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc  tiff-4.0.7.tar.gz"
diff --git a/main/tiff/CVE-2015-7554.patch b/main/tiff/CVE-2015-7554.patch
deleted file mode 100644
index 426a8ea..0000000
--- a/main/tiff/CVE-2015-7554.patch
+++ /dev/null
_at_@ -1,25 +0,0 @@
-https://git.centos.org/blob/rpms!libtiff.git/1ad9335dc0c1325262c62842eda01476243ec821/SOURCES!libtiff-CVE-2015-7554.patch
-
-diff -pur tiff-4.0.4/tools/tiffsplit.c tiff-4.0.4_patch/tools/tiffsplit.c
---- tiff-4.0.4/tools/tiffsplit.c	2015-05-28 15:10:26.000000000 +0200
-+++ tiff-4.0.4_patch/tools/tiffsplit.c	2016-02-12 19:15:30.532005041 +0100
-_at_@ -179,8 +179,9 @@ tiffcp(TIFF* in, TIFF* out)
- 		    TIFFSetField(out, TIFFTAG_JPEGTABLES, count, table);
- 		}
- 	}
-+	uint32 count = 0;
-         CopyField(TIFFTAG_PHOTOMETRIC, shortv);
--	CopyField(TIFFTAG_PREDICTOR, shortv);
-+	CopyField2(TIFFTAG_PREDICTOR, count, shortv);
- 	CopyField(TIFFTAG_THRESHHOLDING, shortv);
- 	CopyField(TIFFTAG_FILLORDER, shortv);
- 	CopyField(TIFFTAG_ORIENTATION, shortv);
-_at_@ -188,7 +189,7 @@ tiffcp(TIFF* in, TIFF* out)
- 	CopyField(TIFFTAG_MAXSAMPLEVALUE, shortv);
- 	CopyField(TIFFTAG_XRESOLUTION, floatv);
- 	CopyField(TIFFTAG_YRESOLUTION, floatv);
--	CopyField(TIFFTAG_GROUP3OPTIONS, longv);
-+	CopyField2(TIFFTAG_GROUP3OPTIONS, count, longv);
- 	CopyField(TIFFTAG_GROUP4OPTIONS, longv);
- 	CopyField(TIFFTAG_RESOLUTIONUNIT, shortv);
- 	CopyField(TIFFTAG_PLANARCONFIG, shortv);
diff --git a/main/tiff/CVE-2015-8665.patch b/main/tiff/CVE-2015-8665.patch
deleted file mode 100644
index f80d736..0000000
--- a/main/tiff/CVE-2015-8665.patch
+++ /dev/null
_at_@ -1,113 +0,0 @@
-From f94a29a822f5528d2334592760fbb7938f15eb55 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sat, 26 Dec 2015 17:32:03 +0000
-Subject: [PATCH] * libtiff/tif_getimage.c: fix out-of-bound reads in
- TIFFRGBAImage interface in case of unsupported values of
- SamplesPerPixel/ExtraSamples for LogLUV / CIELab. Add explicit call to
- TIFFRGBAImageOK() in TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by
- limingxing and CVE-2015-8683 reported by zzf of Alibaba.
-
----
- libtiff/tif_getimage.c | 35 ++++++++++++++++++++++-------------
- 2 files changed, 30 insertions(+), 13 deletions(-)
-
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index cdeff08..261aad6 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
-_at_@ -182,20 +182,22 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
- 				    "Planarconfiguration", td->td_planarconfig);
- 				return (0);
- 			}
--			if( td->td_samplesperpixel != 3 )
-+			if( td->td_samplesperpixel != 3 || colorchannels != 3 )
-             {
-                 sprintf(emsg,
--                        "Sorry, can not handle image with %s=%d",
--                        "Samples/pixel", td->td_samplesperpixel);
-+                        "Sorry, can not handle image with %s=%d, %s=%d",
-+                        "Samples/pixel", td->td_samplesperpixel,
-+                        "colorchannels", colorchannels);
-                 return 0;
-             }
- 			break;
- 		case PHOTOMETRIC_CIELAB:
--            if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 )
-+            if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 )
-             {
-                 sprintf(emsg,
--                        "Sorry, can not handle image with %s=%d and %s=%d",
-+                        "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
-                         "Samples/pixel", td->td_samplesperpixel,
-+                        "colorchannels", colorchannels,
-                         "Bits/sample", td->td_bitspersample);
-                 return 0;
-             }
-_at_@ -255,6 +257,9 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024])
- 	int colorchannels;
- 	uint16 *red_orig, *green_orig, *blue_orig;
- 	int n_color;
-+	
-+	if( !TIFFRGBAImageOK(tif, emsg) )
-+		return 0;
- 
- 	/* Initialize to normal values */
- 	img->row_offset = 0;
-_at_@ -2509,29 +2514,33 @@ PickContigCase(TIFFRGBAImage* img)
- 		case PHOTOMETRIC_RGB:
- 			switch (img->bitspersample) {
- 				case 8:
--					if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
-+					if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
-+						img->samplesperpixel >= 4)
- 						img->put.contig = putRGBAAcontig8bittile;
--					else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
-+					else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
-+							 img->samplesperpixel >= 4)
- 					{
- 						if (BuildMapUaToAa(img))
- 							img->put.contig = putRGBUAcontig8bittile;
- 					}
--					else
-+					else if( img->samplesperpixel >= 3 )
- 						img->put.contig = putRGBcontig8bittile;
- 					break;
- 				case 16:
--					if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
-+					if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
-+						img->samplesperpixel >=4 )
- 					{
- 						if (BuildMapBitdepth16To8(img))
- 							img->put.contig = putRGBAAcontig16bittile;
- 					}
--					else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
-+					else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
-+							 img->samplesperpixel >=4 )
- 					{
- 						if (BuildMapBitdepth16To8(img) &&
- 						    BuildMapUaToAa(img))
- 							img->put.contig = putRGBUAcontig16bittile;
- 					}
--					else
-+					else if( img->samplesperpixel >=3 )
- 					{
- 						if (BuildMapBitdepth16To8(img))
- 							img->put.contig = putRGBcontig16bittile;
-_at_@ -2540,7 +2549,7 @@ PickContigCase(TIFFRGBAImage* img)
- 			}
- 			break;
- 		case PHOTOMETRIC_SEPARATED:
--			if (buildMap(img)) {
-+			if (img->samplesperpixel >=4 && buildMap(img)) {
- 				if (img->bitspersample == 8) {
- 					if (!img->Map)
- 						img->put.contig = putRGBcontig8bitCMYKtile;
-_at_@ -2636,7 +2645,7 @@ PickContigCase(TIFFRGBAImage* img)
- 			}
- 			break;
- 		case PHOTOMETRIC_CIELAB:
--			if (buildMap(img)) {
-+			if (img->samplesperpixel == 3 && buildMap(img)) {
- 				if (img->bitspersample == 8)
- 					img->put.contig = initCIELabConversion(img);
- 				break;
diff --git a/main/tiff/CVE-2015-8668.patch b/main/tiff/CVE-2015-8668.patch
deleted file mode 100644
index 3f2f4e4..0000000
--- a/main/tiff/CVE-2015-8668.patch
+++ /dev/null
_at_@ -1,42 +0,0 @@
-https://git.centos.org/blob/rpms!libtiff.git/1ad9335dc0c1325262c62842eda01476243ec821/SOURCES!libtiff-CVE-2015-8668.patch
-
-diff --git a/tools/bmp2tiff.c b/tools/bmp2tiff.c
-index 376f4e6..c747c13 100644
---- a/tools/bmp2tiff.c
-+++ b/tools/bmp2tiff.c
-_at_@ -614,18 +614,27 @@ main(int argc, char* argv[])
- 			    || info_hdr.iCompression == BMPC_RLE4 ) {
- 			uint32		i, j, k, runlength;
- 			uint32		compr_size, uncompr_size;
-+			uint32      bits = 0;
- 			unsigned char   *comprbuf;
- 			unsigned char   *uncomprbuf;
- 
- 			compr_size = file_hdr.iSize - file_hdr.iOffBits;
--			uncompr_size = width * length;
--                        /* Detect int overflow */
--                        if( uncompr_size / width != length ) {
--                                TIFFError(infilename,
--                                          "Invalid dimensions of BMP file" );
--                                close(fd);
--                                return -1;
--                        }
-+
-+			bits = info_hdr.iBitCount;
-+
-+			if (bits > 8) // bit depth is > 8bit, adjust size
-+			{
-+				uncompr_size = width * length * (bits / 8);
-+				/* Detect int overflow */
-+				if (uncompr_size / width / (bits / 8) != length) {
-+					TIFFError(infilename,
-+							   "Invalid dimensions of BMP file");
-+					close(fd);
-+					return -1;
-+				}
-+			}
-+			else
-+				uncompr_size = width * length;
-                         if ( (compr_size == 0) ||
-                              (compr_size > ((uint32) ~0) >> 1) ||
-                              (uncompr_size == 0) ||
diff --git a/main/tiff/CVE-2015-8781-8782-8783.patch b/main/tiff/CVE-2015-8781-8782-8783.patch
deleted file mode 100644
index c8073ba..0000000
--- a/main/tiff/CVE-2015-8781-8782-8783.patch
+++ /dev/null
_at_@ -1,171 +0,0 @@
-From aaab5c3c9d2a2c6984f23ccbc79702610439bc65 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 27 Dec 2015 16:25:11 +0000
-Subject: [PATCH] * libtiff/tif_luv.c: fix potential out-of-bound writes in
- decode functions in non debug builds by replacing assert()s by regular if
- checks (bugzilla #2522). Fix potential out-of-bound reads in case of short
- input data.
-
----
- libtiff/tif_luv.c | 55 ++++++++++++++++++++++++++++++++++++++++++++-----------
- 2 files changed, 51 insertions(+), 11 deletions(-)
-
-diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
-index 3dc13f1..b66ff64 100644
---- a/libtiff/tif_luv.c
-+++ b/libtiff/tif_luv.c
-_at_@ -202,7 +202,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	if (sp->user_datafmt == SGILOGDATAFMT_16BIT)
- 		tp = (int16*) op;
- 	else {
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		tp = (int16*) sp->tbuf;
- 	}
- 	_TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
-_at_@ -211,9 +215,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	cc = tif->tif_rawcc;
- 	/* get each byte string */
- 	for (shft = 2*8; (shft -= 8) >= 0; ) {
--		for (i = 0; i < npixels && cc > 0; )
-+		for (i = 0; i < npixels && cc > 0; ) {
- 			if (*bp >= 128) {		/* run */
--				rc = *bp++ + (2-128);   /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+				if( cc < 2 )
-+					break;
-+				rc = *bp++ + (2-128);
- 				b = (int16)(*bp++ << shft);
- 				cc -= 2;
- 				while (rc-- && i < npixels)
-_at_@ -223,6 +229,7 @@ LogL16Decode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 				while (--cc && rc-- && i < npixels)
- 					tp[i++] |= (int16)*bp++ << shft;
- 			}
-+		}
- 		if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			TIFFErrorExt(tif->tif_clientdata, module,
-_at_@ -268,13 +275,17 @@ LogLuvDecode24(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- 		tp = (uint32 *)op;
- 	else {
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		tp = (uint32 *) sp->tbuf;
- 	}
- 	/* copy to array of uint32 */
- 	bp = (unsigned char*) tif->tif_rawcp;
- 	cc = tif->tif_rawcc;
--	for (i = 0; i < npixels && cc > 0; i++) {
-+	for (i = 0; i < npixels && cc >= 3; i++) {
- 		tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2];
- 		bp += 3;
- 		cc -= 3;
-_at_@ -325,7 +336,11 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- 		tp = (uint32*) op;
- 	else {
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		tp = (uint32*) sp->tbuf;
- 	}
- 	_TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
-_at_@ -334,11 +349,13 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 	cc = tif->tif_rawcc;
- 	/* get each byte string */
- 	for (shft = 4*8; (shft -= 8) >= 0; ) {
--		for (i = 0; i < npixels && cc > 0; )
-+		for (i = 0; i < npixels && cc > 0; ) {
- 			if (*bp >= 128) {		/* run */
-+				if( cc < 2 )
-+					break;
- 				rc = *bp++ + (2-128);
- 				b = (uint32)*bp++ << shft;
--				cc -= 2;                /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+				cc -= 2;
- 				while (rc-- && i < npixels)
- 					tp[i++] |= b;
- 			} else {			/* non-run */
-_at_@ -346,6 +363,7 @@ LogLuvDecode32(TIFF* tif, uint8* op, tmsize_t occ, uint16 s)
- 				while (--cc && rc-- && i < npixels)
- 					tp[i++] |= (uint32)*bp++ << shft;
- 			}
-+		}
- 		if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- 			TIFFErrorExt(tif->tif_clientdata, module,
-_at_@ -413,6 +431,7 @@ LogLuvDecodeTile(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- static int
- LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+	static const char module[] = "LogL16Encode";
- 	LogLuvState* sp = EncoderState(tif);
- 	int shft;
- 	tmsize_t i;
-_at_@ -433,7 +452,11 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- 		tp = (int16*) bp;
- 	else {
- 		tp = (int16*) sp->tbuf;
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		(*sp->tfunc)(sp, bp, npixels);
- 	}
- 	/* compress each byte string */
-_at_@ -506,6 +529,7 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- static int
- LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+	static const char module[] = "LogLuvEncode24";
- 	LogLuvState* sp = EncoderState(tif);
- 	tmsize_t i;
- 	tmsize_t npixels;
-_at_@ -521,7 +545,11 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- 		tp = (uint32*) bp;
- 	else {
- 		tp = (uint32*) sp->tbuf;
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		(*sp->tfunc)(sp, bp, npixels);
- 	}
- 	/* write out encoded pixels */
-_at_@ -553,6 +581,7 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- static int
- LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+	static const char module[] = "LogLuvEncode32";
- 	LogLuvState* sp = EncoderState(tif);
- 	int shft;
- 	tmsize_t i;
-_at_@ -574,7 +603,11 @@ LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- 		tp = (uint32*) bp;
- 	else {
- 		tp = (uint32*) sp->tbuf;
--		assert(sp->tbuflen >= npixels);
-+		if(sp->tbuflen < npixels) {
-+			TIFFErrorExt(tif->tif_clientdata, module,
-+						 "Translation buffer too short");
-+			return (0);
-+		}
- 		(*sp->tfunc)(sp, bp, npixels);
- 	}
- 	/* compress each byte string */
diff --git a/main/tiff/CVE-2015-8784.patch b/main/tiff/CVE-2015-8784.patch
deleted file mode 100644
index ab48ddf..0000000
--- a/main/tiff/CVE-2015-8784.patch
+++ /dev/null
_at_@ -1,49 +0,0 @@
-From b18012dae552f85dcc5c57d3bf4e997a15b1cc1c Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 27 Dec 2015 16:55:20 +0000
-Subject: [PATCH] * libtiff/tif_next.c: fix potential out-of-bound write in
- NeXTDecode() triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
- (bugzilla #2508)
-
----
- libtiff/tif_next.c | 10 ++++++++--
- 2 files changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
-index dd669cc..0a5b635 100644
---- a/libtiff/tif_next.c
-+++ b/libtiff/tif_next.c
-_at_@ -37,7 +37,7 @@
- 	case 0:	op[0]  = (unsigned char) ((v) << 6); break;	\
- 	case 1:	op[0] |= (v) << 4; break;	\
- 	case 2:	op[0] |= (v) << 2; break;	\
--	case 3:	*op++ |= (v);	   break;	\
-+	case 3:	*op++ |= (v);	   op_offset++; break;	\
- 	}					\
- }
- 
-_at_@ -106,6 +106,7 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 			uint32 imagewidth = tif->tif_dir.td_imagewidth;
-             if( isTiled(tif) )
-                 imagewidth = tif->tif_dir.td_tilewidth;
-+            tmsize_t op_offset = 0;
- 
- 			/*
- 			 * The scanline is composed of a sequence of constant
-_at_@ -122,10 +123,15 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
- 				 * bounds, potentially resulting in a security
- 				 * issue.
- 				 */
--				while (n-- > 0 && npixels < imagewidth)
-+				while (n-- > 0 && npixels < imagewidth && op_offset < scanline)
- 					SETPIXEL(op, grey);
- 				if (npixels >= imagewidth)
- 					break;
-+                if (op_offset >= scanline ) {
-+                    TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld",
-+                        (long) tif->tif_row);
-+                    return (0);
-+                }
- 				if (cc == 0)
- 					goto bad;
- 				n = *bp++, cc--;
diff --git a/main/tiff/CVE-2016-3632.patch b/main/tiff/CVE-2016-3632.patch
deleted file mode 100644
index 7640d1b..0000000
--- a/main/tiff/CVE-2016-3632.patch
+++ /dev/null
_at_@ -1,23 +0,0 @@
-https://git.centos.org/blob/rpms!libtiff.git/1ad9335dc0c1325262c62842eda01476243ec821/SOURCES!libtiff-CVE-2016-3632.patch
-
-From d3f9829a37661749b200760ad6525f77cf77d77a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro_at_redhat.com>
-Date: Mon, 11 Jul 2016 16:04:34 +0200
-Subject: [PATCH 4/8] Fix CVE-2016-3632
----
- tools/thumbnail.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/tools/thumbnail.c b/tools/thumbnail.c
-index fd1cba5..75e7009 100644
---- a/tools/thumbnail.c
-+++ b/tools/thumbnail.c
-_at_@ -253,7 +253,8 @@ static struct cpTag {
-     { TIFFTAG_WHITEPOINT,		2, TIFF_RATIONAL },
-     { TIFFTAG_PRIMARYCHROMATICITIES,	(uint16) -1,TIFF_RATIONAL },
-     { TIFFTAG_HALFTONEHINTS,		2, TIFF_SHORT },
--    { TIFFTAG_BADFAXLINES,		1, TIFF_LONG },
-+    // disable BADFAXLINES, CVE-2016-3632
-+    //{ TIFFTAG_BADFAXLINES,		1, TIFF_LONG },
-     { TIFFTAG_CLEANFAXDATA,		1, TIFF_SHORT },
-     { TIFFTAG_CONSECUTIVEBADFAXLINES,	1, TIFF_LONG },
-     { TIFFTAG_INKSET,			1, TIFF_SHORT },
diff --git a/main/tiff/CVE-2016-3945.patch b/main/tiff/CVE-2016-3945.patch
deleted file mode 100644
index 53c6dc5..0000000
--- a/main/tiff/CVE-2016-3945.patch
+++ /dev/null
_at_@ -1,97 +0,0 @@
-https://git.centos.org/blob/rpms!libtiff.git/1ad9335dc0c1325262c62842eda01476243ec821/SOURCES!libtiff-CVE-2016-3945.patch;jsessionid=1rcllyzw1i6tk1nli211rmjqnf
-
-From 7c39352ccd9060d311d3dc9a1f1bc00133a160e6 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 15 Aug 2016 20:06:40 +0000
-Subject: [PATCH] * tools/tiff2rgba.c: Fix integer overflow in size of
- allocated buffer, when -b mode is enabled, that could result in out-of-bounds
- write. Based initially on patch tiff-CVE-2016-3945.patch from
- libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for invalid
- tests that rejected valid files.
-
-CVE: CVE-2016-3945
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6
-
-Signed-off-by: Yi Zhao <yi.zhao_at_windirver.com>
----
-diff --git a/tools/tiff2rgba.c b/tools/tiff2rgba.c
-index b7a81eb..16e3dc4 100644
---- a/tools/tiff2rgba.c
-+++ b/tools/tiff2rgba.c
-_at_@ -147,6 +147,7 @@ cvt_by_tile( TIFF *in, TIFF *out )
-     uint32  row, col;
-     uint32  *wrk_line;
-     int	    ok = 1;
-+    uint32  rastersize, wrk_linesize;
- 
-     TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
-     TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
-_at_@ -163,7 +164,13 @@ cvt_by_tile( TIFF *in, TIFF *out )
-     /*
-      * Allocate tile buffer
-      */
--    raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32));
-+    rastersize = tile_width * tile_height * sizeof (uint32);
-+    if (tile_width != (rastersize / tile_height) / sizeof( uint32))
-+    {
-+	TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
-+	exit(-1);
-+    }
-+    raster = (uint32*)_TIFFmalloc(rastersize);
-     if (raster == 0) {
-         TIFFError(TIFFFileName(in), "No space for raster buffer");
-         return (0);
-_at_@ -173,7 +180,13 @@ cvt_by_tile( TIFF *in, TIFF *out )
-      * Allocate a scanline buffer for swapping during the vertical
-      * mirroring pass.
-      */
--    wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32));
-+    wrk_linesize = tile_width * sizeof (uint32);
-+    if (tile_width != wrk_linesize / sizeof (uint32))
-+    {
-+        TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
-+	exit(-1);
-+    }
-+    wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
-     if (!wrk_line) {
-         TIFFError(TIFFFileName(in), "No space for raster scanline buffer");
-         ok = 0;
-_at_@ -249,6 +262,7 @@ cvt_by_strip( TIFF *in, TIFF *out )
-     uint32  row;
-     uint32  *wrk_line;
-     int	    ok = 1;
-+    uint32  rastersize, wrk_linesize;
- 
-     TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
-     TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
-_at_@ -263,7 +277,13 @@ cvt_by_strip( TIFF *in, TIFF *out )
-     /*
-      * Allocate strip buffer
-      */
--    raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32));
-+    rastersize = width * rowsperstrip * sizeof (uint32);
-+    if (width != (rastersize / rowsperstrip) / sizeof( uint32))
-+    {
-+	TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
-+	exit(-1);
-+    }
-+    raster = (uint32*)_TIFFmalloc(rastersize);
-     if (raster == 0) {
-         TIFFError(TIFFFileName(in), "No space for raster buffer");
-         return (0);
-_at_@ -273,7 +293,13 @@ cvt_by_strip( TIFF *in, TIFF *out )
-      * Allocate a scanline buffer for swapping during the vertical
-      * mirroring pass.
-      */
--    wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32));
-+    wrk_linesize = width * sizeof (uint32);
-+    if (width != wrk_linesize / sizeof (uint32))
-+    {
-+        TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
-+	exit(-1);
-+    }
-+    wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
-     if (!wrk_line) {
-         TIFFError(TIFFFileName(in), "No space for raster scanline buffer");
-         ok = 0;
diff --git a/main/tiff/CVE-2016-3990.patch b/main/tiff/CVE-2016-3990.patch
deleted file mode 100644
index b198014..0000000
--- a/main/tiff/CVE-2016-3990.patch
+++ /dev/null
_at_@ -1,37 +0,0 @@
-https://patchwork.openembedded.org/patch/133225/
-
-From 6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 15 Aug 2016 20:49:48 +0000
-Subject: [PATCH] * libtiff/tif_pixarlog.c: Fix write buffer overflow in
- PixarLogEncode if more input samples are provided than expected by
- PixarLogSetupEncode. Idea based on libtiff-CVE-2016-3990.patch from
- libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, but with different and
- simpler check. (bugzilla #2544)
-
-invalid tests that rejected valid files. (bugzilla #2545)
-
-CVE: CVE-2016-3990
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1
-
-Signed-off-by: Yi Zhao <yi.zhao_at_windirver.com>
----
-diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
-index e78f788..28329d1 100644
---- a/libtiff/tif_pixarlog.c
-+++ b/libtiff/tif_pixarlog.c
-_at_@ -1141,6 +1141,13 @@ PixarLogEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- 	}
- 
- 	llen = sp->stride * td->td_imagewidth;
-+    /* Check against the number of elements (of size uint16) of sp->tbuf */
-+    if( n > td->td_rowsperstrip * llen )
-+    {
-+        TIFFErrorExt(tif->tif_clientdata, module,
-+                     "Too many input bytes provided");
-+        return 0;
-+    }
- 
- 	for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) {
- 		switch (sp->user_datafmt)  {
diff --git a/main/tiff/CVE-2016-3991.patch b/main/tiff/CVE-2016-3991.patch
deleted file mode 100644
index 0a75bba..0000000
--- a/main/tiff/CVE-2016-3991.patch
+++ /dev/null
_at_@ -1,126 +0,0 @@
-https://patchwork.openembedded.org/patch/133226/
-
-From e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 15 Aug 2016 21:05:40 +0000
-Subject: [PATCH 2/2] * tools/tiffcrop.c: Fix out-of-bounds write in
- loadImage(). From patch libtiff-CVE-2016-3991.patch from
- libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543)
-
-CVE: CVE-2016-3991
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba
-
-Signed-off-by: Yi Zhao <yi.zhao_at_windirver.com>
----
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index 27abc0b..ddba7b9 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-_at_@ -798,6 +798,11 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8* buf,
-     }
- 
-   tile_buffsize = tilesize;
-+  if (tilesize == 0 || tile_rowsize == 0)
-+  {
-+     TIFFError("readContigTilesIntoBuffer", "Tile size or tile rowsize is zero");
-+     exit(-1);
-+  }
- 
-   if (tilesize < (tsize_t)(tl * tile_rowsize))
-     {
-_at_@ -807,7 +812,12 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8* buf,
-               tilesize, tl * tile_rowsize);
- #endif
-     tile_buffsize = tl * tile_rowsize;
--    } 
-+    if (tl != (tile_buffsize / tile_rowsize))
-+    {
-+    	TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size.");
-+        exit(-1);
-+    }
-+    }
- 
-   tilebuf = _TIFFmalloc(tile_buffsize);
-   if (tilebuf == 0)
-_at_@ -1210,6 +1220,12 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength,
-       !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) )
-       return 1;
- 
-+  if (tilesize == 0 || tile_rowsize == 0 || tl == 0 || tw == 0)
-+  {
-+    TIFFError("writeBufferToContigTiles", "Tile size, tile row size, tile width, or tile length is zero");
-+    exit(-1);
-+  }
-+
-   tile_buffsize = tilesize;
-   if (tilesize < (tsize_t)(tl * tile_rowsize))
-     {
-_at_@ -1219,6 +1235,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength,
-               tilesize, tl * tile_rowsize);
- #endif
-     tile_buffsize = tl * tile_rowsize;
-+    if (tl != tile_buffsize / tile_rowsize)
-+    {
-+	TIFFError("writeBufferToContigTiles", "Integer overflow when calculating buffer size");
-+	exit(-1);
-+    }
-     }
- 
-   tilebuf = _TIFFmalloc(tile_buffsize);
-_at_@ -5945,12 +5966,27 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
-     TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
- 
-     tile_rowsize  = TIFFTileRowSize(in);      
-+    if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0)
-+    {
-+	TIFFError("loadImage", "File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.");
-+	exit(-1);
-+    }
-     buffsize = tlsize * ntiles;
-+    if (tlsize != (buffsize / ntiles))
-+    {
-+	TIFFError("loadImage", "Integer overflow when calculating buffer size");
-+	exit(-1);
-+    }
- 
--        
-     if (buffsize < (uint32)(ntiles * tl * tile_rowsize))
-       {
-       buffsize = ntiles * tl * tile_rowsize;
-+      if (ntiles != (buffsize / tl / tile_rowsize))
-+      {
-+	TIFFError("loadImage", "Integer overflow when calculating buffer size");
-+	exit(-1);
-+      }
-+      
- #ifdef DEBUG2
-       TIFFError("loadImage",
- 	        "Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu",
-_at_@ -5969,8 +6005,25 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
-     TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
-     stsize = TIFFStripSize(in);
-     nstrips = TIFFNumberOfStrips(in);
-+    if (nstrips == 0 || stsize == 0)
-+    {
-+	TIFFError("loadImage", "File appears to be striped, but the number of stipes or stripe size is zero.");
-+	exit(-1);
-+    }
-+
-     buffsize = stsize * nstrips;
--    
-+    if (stsize != (buffsize / nstrips))
-+    {
-+	TIFFError("loadImage", "Integer overflow when calculating buffer size");
-+	exit(-1);
-+    }
-+    uint32 buffsize_check;
-+    buffsize_check = ((length * width * spp * bps) + 7);
-+    if (length != ((buffsize_check - 7) / width / spp / bps))
-+    {
-+	TIFFError("loadImage", "Integer overflow detected.");
-+	exit(-1);
-+    }
-     if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8))
-       {
-       buffsize =  ((length * width * spp * bps) + 7) / 8;
-- 
2.6.6
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Thu Jan 19 2017 - 14:13:04 GMT