8 files changed, 3 insertions, 685 deletions
diff --git a/media-libs/tiff/Manifest b/media-libs/tiff/Manifest
index a52da9aa6fa3..5b4cb24c3543 100644
--- a/media-libs/tiff/Manifest
+++ b/media-libs/tiff/Manifest
@@ -1,18 +1,11 @@
-AUX tiff-3.9.7-CVE-2012-4447.patch 5706 BLAKE2B a72c6e4f643906273bd89689dcefa5696fe00536ad84329320bb8719bd37b07fa35e00c25e51998be6eeda2436ef93673dfbe6eda063f7d293df64e60c27c524 SHA512 defb8251401b7d65c2cd8f60df30d35551c1b1d0a1dcf514dd95da89572873177ea116e9373dd07cd260e00434235090e1d8864199d5fdfa84c445cb6905ddd6
-AUX tiff-3.9.7-CVE-2012-4564.patch 1987 BLAKE2B a56084760a03fc70e42d4ccff14b7f45d2c24f120515f7e23e8a5a6ada58f9325df1dfcc54327bb1324060aa91a4e497d83c74bbb62bc85daae5c6642aea14d5 SHA512 24ebe60ce6361561c15c8c5fb46b47942e58912de5efbf128374defc4382a7e800fae3dc0a9fe04876a5e2f61a109edc1c9533be2f8a15b4b0ed7215d7b08c9b
-AUX tiff-3.9.7-CVE-2012-5581.patch 8156 BLAKE2B 39457d90041b04014970c8b0bb9275353eca34fef6660810537294348ff33103b735523f5b84f0de2b1003014ace561a2c3bb498ff771b5c4101fef6fd89adf6 SHA512 2e215edeb6f4f5d6e14753874a67d76cfec34b3f6ffc420e1c7ede2007a6b2f64c09505e879e83db1de87f28c82c806c4379b38bf7f8735bb2bae675543683f0
-AUX tiff-3.9.7-printdir-width.patch 1523 BLAKE2B a0bfeda833e604137529537bed29dcb50308e3f6493d2985390c4528a4ac38f432104d796ec3368462d331017db4393f58622d17e1f068811913df78e98c7444 SHA512 9bf2edcbda2ed5dba01839cf1bb34316801b4c5a2b6c71ed46f8777518cf1bc77084db94eaf1ebde84583fa2e1749a5fc5151e321b4d83975b13c3e9ebe96436
-AUX tiff-3.9.7-tiffinfo-exif.patch 1847 BLAKE2B c6e55e92ebe86558cfabec730d2f15836390fa1789d57ada01fb1c6037699898706a051dab415db35e1ac2d39902301c1639e944f177b4b098227279c98c00c5 SHA512 6f211dc864bfb314a1c7edb8855b68cfbbdbbde1ba9422c1c578acbb15e5769323eec366bef618a8100b0ccb8057b2997762ebbd0f943be10882411861ec72fb
 AUX tiff-4.0.7-pdfium-0006-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch 930 BLAKE2B 52d77fcdd773ce52232257da2c60f8b90417f102238df2039262e3afa7275908c74817ddd6958e430d7cfcff58d2d04ebd6ddd49f553f0f261883b67f557c599 SHA512 822ccc22304d23b4f50efe1f0fb7890fda8b9edf2075b8add814c0bac0a153fa0ed5d7ee5f47e23799b24f11678c8e0bf9c90ad59c5cc61fd9546b2dca4714a9
 AUX tiff-4.0.7-pdfium-0008-HeapBufferOverflow-ChopUpSingleUncompressedStrip.patch 924 BLAKE2B 03160ce33639620b1deb918d358f559b8bc6296d28530b440d0d770438453c25aecc393b8cfcc582ed2d0ec1decd557a212c91f43f7923c9e94387e235680021 SHA512 43973cc5512eb8fe2e0beab1a98ff0d3bd999ed1adbf7c08c344b3442559cc2cdc99a9f2e9c1bb2bffa4be027945b12b120fa27ec6c8006367932039b8d8dd37
 AUX tiff-4.0.9-CVE-2017-18013.patch 1531 BLAKE2B e0b825408ba684084153ebd19c13bc7124733ba9b84393534b57481aabb8f1de5529f0a31c997b6e4947be8f01970c711e1f23ce30919bcbcef489939a0ed31e SHA512 e0598c4702fbe22379182c78191305b3769b7cb7f927ad4372e220aad9567e43adee6baa164696852ce6fa4f1f307c666a4fc3fc2b942baca16cd2b8fe9998cb
 AUX tiff-4.0.9-CVE-2017-9935-fix-incorrect-type.patch 2443 BLAKE2B e18f4acec3dc8088eec5080272e6d759c0823cb1f8036d45bc5289cc22e8a487ff5d8761e0d2e49d4c450f407e859c00913988df9c45e51318b53c5fbec01483 SHA512 a489d4bdf5b3861fdf18107ff4a0224e2d458acf719af9d7eb6ef230285ceb5d37bc483c32800cc8180ccc69ffbc80d8887b8660265466ddd52a3447f1f44e61
 AUX tiff-4.0.9-CVE-2017-9935.patch 6636 BLAKE2B b7660dee9e379aea59f7225024697ea35b820837502e9e19157391c569c6b85473c4da5163f2e6fa8934c68cc32cbc45d025a2c336d21d79f461723a68a6e49f SHA512 ca1beda6e1550ac8a4bdf2bdefaba38f5fc40d2e842709ed1a803aeef5c34cd466f93fc6e7bb8e7ffb7e21a702d54584b84615e7c3dc3a8d2d29ceeadaeca7f6
 AUX tiff-4.0.9-CVE-2018-5784.patch 4251 BLAKE2B defd555ebc53e178439331cd04f3099c4ad77584efd0a4312802307ce90828e63513df738e992905af824f25d987d43e095d313d359c3de9eebba5bf4c843bf1 SHA512 ebff45d1ecc1fb783f806eb556ccb01316289e190786378309a51a0c4d10b53ae6c86a1310ea59bc79946e633163916700e17752d0a7add10c22b8824b000b7b
-DIST tiff-3.9.7.tar.gz 1468097 BLAKE2B 303339acf9bb48558695b13fcc2b41acacbbf2ce6d2ec497067761895cb2de7674108e8ca2f35f845dcd2e45801777fe25d234af1c308acf59846c2f5617ab53 SHA512 ca89584a9ffa33b4986e4bc2165043cec239896f1f0ab73db00818d0442b570efaa6345b2ed422e884202324d359713df849bf14782bb0cf3b959655febddd77
 DIST tiff-4.0.10.tar.gz 2402867 BLAKE2B 0305453f22150c31d00d2de756736f58c49a288e19b2a66bdd01319ce4688742f6eab4009eaf1817125d41f53a23de17eb6265a3ebae458ec24f5dbb3d49764e SHA512 d213e5db09fd56b8977b187c5a756f60d6e3e998be172550c2892dbdb4b2a8e8c750202bc863fe27d0d1c577ab9de1710d15e9f6ed665aadbfd857525a81eea8
 DIST tiff-4.0.9.tar.gz 2305681 BLAKE2B 3de03408d2974b9f9f5f2444029cc3018ef43beb67e9fd21be68ee400cdcc6deca1247f055d880841a18b92284ce81f112682c8b5f083ddc61e5255d73a7de3f SHA512 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
-EBUILD tiff-3.9.7-r1.ebuild 1941 BLAKE2B 38e7fc7b06adec30d32dce66390c5174fa8ca514d8fdc12d6486ed3b8a78b95ea2efb3e083c959892ea65e46853b4c5b7236508c9812736ff0bebce26961d64f SHA512 659c879ae594501bb3a88dde00797d67fd004cbbefbb4403a2374876a6c909cb38f4a7d56256325c5d53fd7ed107849e7c2862f9de777ab6b6d996ec279fe997
-EBUILD tiff-4.0.10.ebuild 2324 BLAKE2B 798ebc306c03368078da1d24d28c61fe3d69376fbbaf95238ecc92b73cfa62c1db54900895bd83ae890be231322a91a9f238fc69b4cc85f0db3e1b8abb1f38b1 SHA512 2886e2136317e5576847297dff4fdee2f1b8ef459f9d0f4cb4ac168d09119b3c4b12c0aacd4fc4b7dd9078938abe36ec5890325d9d3534d0b78d2ac3be79c910
+EBUILD tiff-4.0.10.ebuild 2320 BLAKE2B 4d31a67539f9bc1c732db69bf57446f96ec13e573ac0531ce7fa3c7be39c28dee1fb9a275593d94f8ba11f6b5c3b4a0f5a82a47588b4542d4d1502aeb2149bc1 SHA512 a208da6710cbba1ff103b6399ee3f0186ac5e756e432fe7ac3c3333d1afa090620a9452d81b08de7b2eb052977cb313c043d9a2311e84b029a84f84ad3f1b978
 EBUILD tiff-4.0.9-r4.ebuild 2354 BLAKE2B 272c6c559ca76d81689caefa8dbd66aa22b8e29fd2cf35ba0699abaf2e85fa1f542237c9eb3b85735921617b76790bdbaede55b0c113a7cc2d35b192d3821e85 SHA512 ee3c1ab75d4694bce0e9523394ed0bf9daca1de6bc276199d96b655192a59f72ddc4bbbc7981e26c6f44531da334bbaab94fb9fa72191d6c241e861b71e78e4b
 MISC metadata.xml 640 BLAKE2B faec0c1b8ddc13c849f3814532d7886a7b1fcc7aee14eb1ff26dc0265d51bd7516c779e2dba8e9dc8c1116f3be46db6dd06bfe46dd4b5dc3300f29b402bb666a SHA512 9445f36944e1018afcb83e3f5d9382d8e91d52924171786a40606ab46bfe0c0de744b40fc2adb58ece5d0168bca967d2bef73de05a81cd46615bd50502d08a29
diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch
deleted file mode 100644
index 6c28dc6ec9a8..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4447.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-Upstream patch for CVE-2012-4447.  This also covers an out-of-bounds-read
-possibility in the same file, which wasn't given a separate CVE.
-
-
-diff -Naur tiff-3.9.4.orig/libtiff/tif_pixarlog.c tiff-3.9.4/libtiff/tif_pixarlog.c
---- tiff-3.9.4.orig/libtiff/tif_pixarlog.c	2010-06-08 14:50:42.000000000 -0400
-+++ tiff-3.9.4/libtiff/tif_pixarlog.c	2012-12-10 15:50:14.421538317 -0500
-@@ -117,9 +117,9 @@
-     if (n >= stride) {
- 	mask = CODE_MASK;
- 	if (stride == 3) {
--	    t0 = ToLinearF[cr = wp[0]];
--	    t1 = ToLinearF[cg = wp[1]];
--	    t2 = ToLinearF[cb = wp[2]];
-+	    t0 = ToLinearF[cr = (wp[0] & mask)];
-+	    t1 = ToLinearF[cg = (wp[1] & mask)];
-+	    t2 = ToLinearF[cb = (wp[2] & mask)];
- 	    op[0] = t0;
- 	    op[1] = t1;
- 	    op[2] = t2;
-@@ -136,10 +136,10 @@
- 		op[2] = t2;
- 	    }
- 	} else if (stride == 4) {
--	    t0 = ToLinearF[cr = wp[0]];
--	    t1 = ToLinearF[cg = wp[1]];
--	    t2 = ToLinearF[cb = wp[2]];
--	    t3 = ToLinearF[ca = wp[3]];
-+	    t0 = ToLinearF[cr = (wp[0] & mask)];
-+	    t1 = ToLinearF[cg = (wp[1] & mask)];
-+	    t2 = ToLinearF[cb = (wp[2] & mask)];
-+	    t3 = ToLinearF[ca = (wp[3] & mask)];
- 	    op[0] = t0;
- 	    op[1] = t1;
- 	    op[2] = t2;
-@@ -183,9 +183,9 @@
-     if (n >= stride) {
- 	mask = CODE_MASK;
- 	if (stride == 3) {
--	    t0 = ToLinearF[cr = wp[0]] * SCALE12;
--	    t1 = ToLinearF[cg = wp[1]] * SCALE12;
--	    t2 = ToLinearF[cb = wp[2]] * SCALE12;
-+	    t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12;
-+	    t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12;
-+	    t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12;
- 	    op[0] = CLAMP12(t0);
- 	    op[1] = CLAMP12(t1);
- 	    op[2] = CLAMP12(t2);
-@@ -202,10 +202,10 @@
- 		op[2] = CLAMP12(t2);
- 	    }
- 	} else if (stride == 4) {
--	    t0 = ToLinearF[cr = wp[0]] * SCALE12;
--	    t1 = ToLinearF[cg = wp[1]] * SCALE12;
--	    t2 = ToLinearF[cb = wp[2]] * SCALE12;
--	    t3 = ToLinearF[ca = wp[3]] * SCALE12;
-+	    t0 = ToLinearF[cr = (wp[0] & mask)] * SCALE12;
-+	    t1 = ToLinearF[cg = (wp[1] & mask)] * SCALE12;
-+	    t2 = ToLinearF[cb = (wp[2] & mask)] * SCALE12;
-+	    t3 = ToLinearF[ca = (wp[3] & mask)] * SCALE12;
- 	    op[0] = CLAMP12(t0);
- 	    op[1] = CLAMP12(t1);
- 	    op[2] = CLAMP12(t2);
-@@ -247,9 +247,9 @@
-     if (n >= stride) {
- 	mask = CODE_MASK;
- 	if (stride == 3) {
--	    op[0] = ToLinear16[cr = wp[0]];
--	    op[1] = ToLinear16[cg = wp[1]];
--	    op[2] = ToLinear16[cb = wp[2]];
-+	    op[0] = ToLinear16[cr = (wp[0] & mask)];
-+	    op[1] = ToLinear16[cg = (wp[1] & mask)];
-+	    op[2] = ToLinear16[cb = (wp[2] & mask)];
- 	    n -= 3;
- 	    while (n > 0) {
- 		wp += 3;
-@@ -260,10 +260,10 @@
- 		op[2] = ToLinear16[(cb += wp[2]) & mask];
- 	    }
- 	} else if (stride == 4) {
--	    op[0] = ToLinear16[cr = wp[0]];
--	    op[1] = ToLinear16[cg = wp[1]];
--	    op[2] = ToLinear16[cb = wp[2]];
--	    op[3] = ToLinear16[ca = wp[3]];
-+	    op[0] = ToLinear16[cr = (wp[0] & mask)];
-+	    op[1] = ToLinear16[cg = (wp[1] & mask)];
-+	    op[2] = ToLinear16[cb = (wp[2] & mask)];
-+	    op[3] = ToLinear16[ca = (wp[3] & mask)];
- 	    n -= 4;
- 	    while (n > 0) {
- 		wp += 4;
-@@ -342,9 +342,9 @@
-     if (n >= stride) {
- 	mask = CODE_MASK;
- 	if (stride == 3) {
--	    op[0] = ToLinear8[cr = wp[0]];
--	    op[1] = ToLinear8[cg = wp[1]];
--	    op[2] = ToLinear8[cb = wp[2]];
-+	    op[0] = ToLinear8[cr = (wp[0] & mask)];
-+	    op[1] = ToLinear8[cg = (wp[1] & mask)];
-+	    op[2] = ToLinear8[cb = (wp[2] & mask)];
- 	    n -= 3;
- 	    while (n > 0) {
- 		n -= 3;
-@@ -355,10 +355,10 @@
- 		op[2] = ToLinear8[(cb += wp[2]) & mask];
- 	    }
- 	} else if (stride == 4) {
--	    op[0] = ToLinear8[cr = wp[0]];
--	    op[1] = ToLinear8[cg = wp[1]];
--	    op[2] = ToLinear8[cb = wp[2]];
--	    op[3] = ToLinear8[ca = wp[3]];
-+	    op[0] = ToLinear8[cr = (wp[0] & mask)];
-+	    op[1] = ToLinear8[cg = (wp[1] & mask)];
-+	    op[2] = ToLinear8[cb = (wp[2] & mask)];
-+	    op[3] = ToLinear8[ca = (wp[3] & mask)];
- 	    n -= 4;
- 	    while (n > 0) {
- 		n -= 4;
-@@ -393,9 +393,9 @@
- 	mask = CODE_MASK;
- 	if (stride == 3) {
- 	    op[0] = 0;
--	    t1 = ToLinear8[cb = wp[2]];
--	    t2 = ToLinear8[cg = wp[1]];
--	    t3 = ToLinear8[cr = wp[0]];
-+	    t1 = ToLinear8[cb = (wp[2] & mask)];
-+	    t2 = ToLinear8[cg = (wp[1] & mask)];
-+	    t3 = ToLinear8[cr = (wp[0] & mask)];
- 	    op[1] = t1;
- 	    op[2] = t2;
- 	    op[3] = t3;
-@@ -413,10 +413,10 @@
- 		op[3] = t3;
- 	    }
- 	} else if (stride == 4) {
--	    t0 = ToLinear8[ca = wp[3]];
--	    t1 = ToLinear8[cb = wp[2]];
--	    t2 = ToLinear8[cg = wp[1]];
--	    t3 = ToLinear8[cr = wp[0]];
-+	    t0 = ToLinear8[ca = (wp[3] & mask)];
-+	    t1 = ToLinear8[cb = (wp[2] & mask)];
-+	    t2 = ToLinear8[cg = (wp[1] & mask)];
-+	    t3 = ToLinear8[cr = (wp[0] & mask)];
- 	    op[0] = t0;
- 	    op[1] = t1;
- 	    op[2] = t2;
-@@ -630,10 +630,10 @@
- 	return guess;
- }
- 
--static uint32
--multiply(size_t m1, size_t m2)
-+static tsize_t
-+multiply(tsize_t m1, tsize_t m2)
- {
--	uint32	bytes = m1 * m2;
-+	tsize_t	bytes = m1 * m2;
- 
- 	if (m1 && bytes / m1 != m2)
- 		bytes = 0;
-@@ -641,6 +641,20 @@
- 	return bytes;
- }
- 
-+static tsize_t
-+add_ms(tsize_t m1, tsize_t m2)
-+{
-+	tsize_t bytes = m1 + m2;
-+
-+	/* if either input is zero, assume overflow already occurred */
-+	if (m1 == 0 || m2 == 0)
-+		bytes = 0;
-+	else if (bytes <= m1 || bytes <= m2)
-+		bytes = 0;
-+
-+	return bytes;
-+}
-+
- static int
- PixarLogSetupDecode(TIFF* tif)
- {
-@@ -661,6 +675,8 @@
- 	    td->td_samplesperpixel : 1);
- 	tbuf_size = multiply(multiply(multiply(sp->stride, td->td_imagewidth),
- 				      td->td_rowsperstrip), sizeof(uint16));
-+	/* add one more stride in case input ends mid-stride */
-+	tbuf_size = add_ms(tbuf_size, sizeof(uint16) * sp->stride);
- 	if (tbuf_size == 0)
- 		return (0);
- 	sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch
deleted file mode 100644
index 98a6e6c4409d..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-4564.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Upstream patch for CVE-2012-4564.
-
-
-diff -Naur tiff-3.9.4.orig/tools/ppm2tiff.c tiff-3.9.4/tools/ppm2tiff.c
---- tiff-3.9.4.orig/tools/ppm2tiff.c	2010-06-08 14:50:44.000000000 -0400
-+++ tiff-3.9.4/tools/ppm2tiff.c	2012-12-10 16:16:05.154045877 -0500
-@@ -68,6 +68,17 @@
- 	exit(-2);
- }
- 
-+static tsize_t
-+multiply_ms(tsize_t m1, tsize_t m2)
-+{
-+	tsize_t bytes = m1 * m2;
-+
-+	if (m1 && bytes / m1 != m2)
-+		bytes = 0;
-+
-+	return bytes;
-+}
-+
- int
- main(int argc, char* argv[])
- {
-@@ -85,6 +96,7 @@
- 	int c;
- 	extern int optind;
- 	extern char* optarg;
-+	tsize_t scanline_size;
- 
- 	if (argc < 2) {
- 	    fprintf(stderr, "%s: Too few arguments\n", argv[0]);
-@@ -217,7 +229,8 @@
- 	}
- 	switch (bpp) {
- 		case 1:
--			linebytes = (spp * w + (8 - 1)) / 8;
-+			/* if round-up overflows, result will be zero, OK */
-+			linebytes = (multiply_ms(spp, w) + (8 - 1)) / 8;
- 			if (rowsperstrip == (uint32) -1) {
- 				TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, h);
- 			} else {
-@@ -226,15 +239,31 @@
- 			}
- 			break;
- 		case 8:
--			linebytes = spp * w;
-+			linebytes = multiply_ms(spp, w);
- 			TIFFSetField(out, TIFFTAG_ROWSPERSTRIP,
- 			    TIFFDefaultStripSize(out, rowsperstrip));
- 			break;
- 	}
--	if (TIFFScanlineSize(out) > linebytes)
-+	if (linebytes == 0) {
-+		fprintf(stderr, "%s: scanline size overflow\n", infile);
-+		(void) TIFFClose(out);
-+		exit(-2);					
-+	}
-+	scanline_size = TIFFScanlineSize(out);
-+	if (scanline_size == 0) {
-+		/* overflow - TIFFScanlineSize already printed a message */
-+		(void) TIFFClose(out);
-+		exit(-2);					
-+	}
-+	if (scanline_size < linebytes)
- 		buf = (unsigned char *)_TIFFmalloc(linebytes);
- 	else
--		buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
-+		buf = (unsigned char *)_TIFFmalloc(scanline_size);
-+	if (buf == NULL) {
-+		fprintf(stderr, "%s: Not enough memory\n", infile);
-+		(void) TIFFClose(out);
-+		exit(-2);
-+	}
- 	if (resolution > 0) {
- 		TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
- 		TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
diff --git a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch b/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch
deleted file mode 100644
index a6bdca137029..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-CVE-2012-5581.patch
+++ /dev/null
@@ -1,245 +0,0 @@
-Fix unsafe handling of DotRange and related tags.  Back-port of upstream
-patch for CVE-2012-5581.  (Note: I have not pushed this into upstream CVS
-for the 3.9 branch, because I'm not entirely convinced that it won't create
-application compatibility issues --- tgl)
-
-
-diff -Naur tiff-3.9.7.orig/libtiff/tif_dir.c tiff-3.9.7/libtiff/tif_dir.c
---- tiff-3.9.7.orig/libtiff/tif_dir.c	2012-09-22 10:48:09.000000000 -0400
-+++ tiff-3.9.7/libtiff/tif_dir.c	2012-12-13 13:39:20.448864070 -0500
-@@ -494,32 +494,28 @@
- 		    goto end;
- 		}
- 
--		if ((fip->field_passcount
-+		if (fip->field_tag == TIFFTAG_DOTRANGE 
-+		    && strcmp(fip->field_name,"DotRange") == 0) {
-+			/* TODO: This is an evil exception and should not have been
-+			   handled this way ... likely best if we move it into
-+			   the directory structure with an explicit field in 
-+			   libtiff 4.1 and assign it a FIELD_ value */
-+			uint16 v[2];
-+			v[0] = (uint16)va_arg(ap, int);
-+			v[1] = (uint16)va_arg(ap, int);
-+			_TIFFmemcpy(tv->value, v, 4);
-+		}
-+		else if (fip->field_passcount
- 		    || fip->field_writecount == TIFF_VARIABLE
- 		    || fip->field_writecount == TIFF_VARIABLE2
- 		    || fip->field_writecount == TIFF_SPP
--		    || tv->count > 1)
--		    && fip->field_tag != TIFFTAG_PAGENUMBER
--		    && fip->field_tag != TIFFTAG_HALFTONEHINTS
--		    && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
--		    && fip->field_tag != TIFFTAG_DOTRANGE
--		    && fip->field_tag != TIFFTAG_WHITELEVEL) {
-+		    || tv->count > 1) {
-                     _TIFFmemcpy(tv->value, va_arg(ap, void *),
- 				tv->count * tv_size);
- 		} else {
--		    /*
--		     * XXX: The following loop required to handle
--		     * TIFFTAG_PAGENUMBER, TIFFTAG_HALFTONEHINTS,
--		     * TIFFTAG_YCBCRSUBSAMPLING and TIFFTAG_DOTRANGE tags.
--		     * These tags are actually arrays and should be passed as
--		     * array pointers to TIFFSetField() function, but actually
--		     * passed as a list of separate values. This behaviour
--		     * must be changed in the future!
--		     */
--		    int i;
- 		    char *val = (char *)tv->value;
- 
--		    for (i = 0; i < tv->count; i++, val += tv_size) {
-+		    assert( tv->count == 1 );
- 			    switch (fip->field_type) {
- 				case TIFF_BYTE:
- 				case TIFF_UNDEFINED:
-@@ -578,7 +574,6 @@
- 				    status = 0;
- 				    break;
- 			    }
--		    }
- 		}
- 	    }
-           }
-@@ -869,24 +864,27 @@
- 				*va_arg(ap, uint16*) = (uint16)tv->count;
- 			*va_arg(ap, void **) = tv->value;
- 			ret_val = 1;
--                } else {
--			if ((fip->field_type == TIFF_ASCII
-+		} else if (fip->field_tag == TIFFTAG_DOTRANGE
-+			   && strcmp(fip->field_name,"DotRange") == 0) {
-+			/* TODO: This is an evil exception and should not have been
-+			   handled this way ... likely best if we move it into
-+			   the directory structure with an explicit field in 
-+			   libtiff 4.1 and assign it a FIELD_ value */
-+			*va_arg(ap, uint16*) = ((uint16 *)tv->value)[0];
-+			*va_arg(ap, uint16*) = ((uint16 *)tv->value)[1];
-+			ret_val = 1;
-+		} else {
-+			if (fip->field_type == TIFF_ASCII
- 			    || fip->field_readcount == TIFF_VARIABLE
- 			    || fip->field_readcount == TIFF_VARIABLE2
- 			    || fip->field_readcount == TIFF_SPP
--			    || tv->count > 1)
--			    && fip->field_tag != TIFFTAG_PAGENUMBER
--			    && fip->field_tag != TIFFTAG_HALFTONEHINTS
--			    && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
--			    && fip->field_tag != TIFFTAG_DOTRANGE) {
-+			    || tv->count > 1) {
- 				*va_arg(ap, void **) = tv->value;
- 				ret_val = 1;
- 			} else {
--			    int j;
- 			    char *val = (char *)tv->value;
- 
--			    for (j = 0; j < tv->count;
--				 j++, val += _TIFFDataSize(tv->info->field_type)) {
-+			    assert( tv->count == 1 );
- 				switch (fip->field_type) {
- 					case TIFF_BYTE:
- 					case TIFF_UNDEFINED:
-@@ -936,7 +934,6 @@
- 						ret_val = 0;
- 						break;
- 				}
--			    }
- 			}
-                 }
- 		break;
-diff -Naur tiff-3.9.7.orig/libtiff/tif_print.c tiff-3.9.7/libtiff/tif_print.c
---- tiff-3.9.7.orig/libtiff/tif_print.c	2010-07-08 12:17:59.000000000 -0400
-+++ tiff-3.9.7/libtiff/tif_print.c	2012-12-13 13:42:12.773478278 -0500
-@@ -112,16 +112,22 @@
- }
- 
- static int
--_TIFFPrettyPrintField(TIFF* tif, FILE* fd, ttag_t tag,
-+_TIFFPrettyPrintField(TIFF* tif, const TIFFFieldInfo *fip, FILE* fd, ttag_t tag,
- 		      uint32 value_count, void *raw_data)
- {
- 	TIFFDirectory *td = &tif->tif_dir;
- 
-+	/* do not try to pretty print auto-defined fields */
-+	if (strncmp(fip->field_name,"Tag ", 4) == 0) {
-+		return 0;
-+	}
-+
- 	switch (tag)
- 	{
- 		case TIFFTAG_INKSET:
--			fprintf(fd, "  Ink Set: ");
--			switch (*((uint16*)raw_data)) {
-+			if (value_count == 2 && fip->field_type == TIFF_SHORT) {
-+				fprintf(fd, "  Ink Set: ");
-+				switch (*((uint16*)raw_data)) {
- 				case INKSET_CMYK:
- 					fprintf(fd, "CMYK\n");
- 					break;
-@@ -130,11 +136,18 @@
- 						*((uint16*)raw_data),
- 						*((uint16*)raw_data));
- 					break;
-+				}
-+				return 1;
- 			}
--			return 1;
-+			return 0;
-+
- 		case TIFFTAG_WHITEPOINT:
--			fprintf(fd, "  White Point: %g-%g\n",
--				((float *)raw_data)[0], ((float *)raw_data)[1]);			return 1;
-+			if (value_count == 2 && fip->field_type == TIFF_RATIONAL) {
-+				fprintf(fd, "  White Point: %g-%g\n",
-+					((float *)raw_data)[0], ((float *)raw_data)[1]);			return 1;
-+			}
-+			return 0;
-+
- 		case TIFFTAG_REFERENCEBLACKWHITE:
- 		{
- 			uint16 i;
-@@ -174,10 +187,13 @@
- 				(unsigned long) value_count);
- 			return 1;
- 		case TIFFTAG_STONITS:
--			fprintf(fd,
--				"  Sample to Nits conversion factor: %.4e\n",
--				*((double*)raw_data));
--			return 1;
-+			if (value_count == 1 && fip->field_type == TIFF_DOUBLE) {
-+				fprintf(fd,
-+					"  Sample to Nits conversion factor: %.4e\n",
-+					*((double*)raw_data));
-+				return 1;
-+			}
-+			return 0;
-         }
- 
- 	return 0;
-@@ -524,44 +540,28 @@
- 				value_count = td->td_samplesperpixel;
- 			else
- 				value_count = fip->field_readcount;
--			if ((fip->field_type == TIFF_ASCII
-+			if (fip->field_tag == TIFFTAG_DOTRANGE
-+			    && strcmp(fip->field_name,"DotRange") == 0) {
-+				/* TODO: This is an evil exception and should not have been
-+				   handled this way ... likely best if we move it into
-+				   the directory structure with an explicit field in 
-+				   libtiff 4.1 and assign it a FIELD_ value */
-+				static uint16 dotrange[2];
-+				raw_data = dotrange;
-+				TIFFGetField(tif, tag, dotrange+0, dotrange+1);
-+			} else if (fip->field_type == TIFF_ASCII
- 			     || fip->field_readcount == TIFF_VARIABLE
- 			     || fip->field_readcount == TIFF_VARIABLE2
- 			     || fip->field_readcount == TIFF_SPP
--			     || value_count > 1)
--			    && fip->field_tag != TIFFTAG_PAGENUMBER
--			    && fip->field_tag != TIFFTAG_HALFTONEHINTS
--			    && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
--			    && fip->field_tag != TIFFTAG_DOTRANGE) {
-+			     || value_count > 1) {
- 				if(TIFFGetField(tif, tag, &raw_data) != 1)
- 					continue;
--			} else if (fip->field_tag != TIFFTAG_PAGENUMBER
--				   && fip->field_tag != TIFFTAG_HALFTONEHINTS
--				   && fip->field_tag != TIFFTAG_YCBCRSUBSAMPLING
--				   && fip->field_tag != TIFFTAG_DOTRANGE) {
--				raw_data = _TIFFmalloc(
--					_TIFFDataSize(fip->field_type)
--					* value_count);
--				mem_alloc = 1;
--				if(TIFFGetField(tif, tag, raw_data) != 1) {
--					_TIFFfree(raw_data);
--					continue;
--				}
- 			} else {
--				/* 
--				 * XXX: Should be fixed and removed, see the
--				 * notes related to TIFFTAG_PAGENUMBER,
--				 * TIFFTAG_HALFTONEHINTS,
--				 * TIFFTAG_YCBCRSUBSAMPLING and
--				 * TIFFTAG_DOTRANGE tags in tif_dir.c. */
--				char *tmp;
- 				raw_data = _TIFFmalloc(
- 					_TIFFDataSize(fip->field_type)
- 					* value_count);
--				tmp = raw_data;
- 				mem_alloc = 1;
--				if(TIFFGetField(tif, tag, tmp,
--				tmp + _TIFFDataSize(fip->field_type)) != 1) {
-+				if(TIFFGetField(tif, tag, raw_data) != 1) {
- 					_TIFFfree(raw_data);
- 					continue;
- 				}
-@@ -574,7 +574,7 @@
- 		 * _TIFFPrettyPrintField() fall down and print it as any other
- 		 * tag.
- 		 */
--		if (_TIFFPrettyPrintField(tif, fd, tag, value_count, raw_data)) {
-+		if (_TIFFPrettyPrintField(tif, fip, fd, tag, value_count, raw_data)) {
- 			if(mem_alloc)
- 				_TIFFfree(raw_data);
- 			continue;
diff --git a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch b/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch
deleted file mode 100644
index 6ad7534ac6fe..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-printdir-width.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Make TIFFPrintDirectory cope with both TIFF_VARIABLE and TIFF_VARIABLE2
-conventions for field_passcount fields, ie, either 16- or 32-bit counts.
-This patch is taken from upstream commits dated 2012-05-23 ("fix crash
-with odd 16bit count types for some custom fields") and 2012-12-12 ("Fix
-TIFF_VARIABLE/TIFF_VARIABLE2 confusion in TIFFPrintDirectory").
-
-This doesn't qualify as a security issue in itself, mainly because
-TIFFPrintDirectory is unlikely to be used in any security-exposed
-scenarios; but we need to fix it so that our test case for CVE-2012-5581
-works on all platforms.
-
-
-diff -Naur tiff-3.9.4.orig/libtiff/tif_print.c tiff-3.9.4/libtiff/tif_print.c
---- tiff-3.9.4.orig/libtiff/tif_print.c	2010-06-08 14:50:42.000000000 -0400
-+++ tiff-3.9.4/libtiff/tif_print.c	2012-12-13 12:17:33.726765771 -0500
-@@ -518,8 +518,19 @@
- 			continue;
- 
- 		if(fip->field_passcount) {
--			if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1)
-+			if (fip->field_readcount == TIFF_VARIABLE2 ) {
-+				if(TIFFGetField(tif, tag, &value_count, &raw_data) != 1)
-+					continue;
-+			} else if (fip->field_readcount == TIFF_VARIABLE ) {
-+				uint16 small_value_count;
-+				if(TIFFGetField(tif, tag, &small_value_count, &raw_data) != 1)
-+					continue;
-+				value_count = small_value_count;
-+			} else {
-+				assert (fip->field_readcount == TIFF_VARIABLE
-+					|| fip->field_readcount == TIFF_VARIABLE2);
- 				continue;
-+			} 
- 		} else {
- 			if (fip->field_readcount == TIFF_VARIABLE
- 			    || fip->field_readcount == TIFF_VARIABLE2)
diff --git a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch b/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch
deleted file mode 100644
index a326e21e298b..000000000000
--- a/media-libs/tiff/files/tiff-3.9.7-tiffinfo-exif.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Teach "tiffinfo -D" to not try to print image data inside an EXIF subdirectory,
-because there isn't any.  Back-patched from an upstream 4.0.2 fix.
-
-This is not a security issue in itself (it crashes, but with a simple NULL
-pointer dereference).  However, our test case for CVE-2012-5581 tickles this
-bug, so it seems easier to fix this than make a new test case.
-
-
-diff -Naur tiff-3.9.4.orig/tools/tiffinfo.c tiff-3.9.4/tools/tiffinfo.c
---- tiff-3.9.4.orig/tools/tiffinfo.c	2010-06-08 14:50:44.000000000 -0400
-+++ tiff-3.9.4/tools/tiffinfo.c	2012-12-11 16:33:17.062228558 -0500
-@@ -49,7 +49,7 @@
- int	stoponerr = 1;			/* stop on first read error */
- 
- static	void usage(void);
--static	void tiffinfo(TIFF*, uint16, long);
-+static	void tiffinfo(TIFF*, uint16, long, int);
- 
- int
- main(int argc, char* argv[])
-@@ -124,19 +124,20 @@
- 		if (tif != NULL) {
- 			if (dirnum != -1) {
- 				if (TIFFSetDirectory(tif, (tdir_t) dirnum))
--					tiffinfo(tif, order, flags);
-+					tiffinfo(tif, order, flags, 1);
- 			} else if (diroff != 0) {
- 				if (TIFFSetSubDirectory(tif, diroff))
--					tiffinfo(tif, order, flags);
-+					tiffinfo(tif, order, flags, 1);
- 			} else {
- 				do {
- 					uint32 offset;
- 
--					tiffinfo(tif, order, flags);
-+					tiffinfo(tif, order, flags, 1);
- 					if (TIFFGetField(tif, TIFFTAG_EXIFIFD,
- 							 &offset)) {
--						if (TIFFReadEXIFDirectory(tif, offset))
--							tiffinfo(tif, order, flags);
-+						if (TIFFReadEXIFDirectory(tif, offset)) {
-+							tiffinfo(tif, order, flags, 0);
-+						}
- 					}
- 				} while (TIFFReadDirectory(tif));
- 			}
-@@ -426,10 +427,10 @@
- }
- 
- static void
--tiffinfo(TIFF* tif, uint16 order, long flags)
-+tiffinfo(TIFF* tif, uint16 order, long flags, int is_image)
- {
- 	TIFFPrintDirectory(tif, stdout, flags);
--	if (!readdata)
-+	if (!readdata || !is_image)
- 		return;
- 	if (rawdata) {
- 		if (order) {
diff --git a/media-libs/tiff/tiff-3.9.7-r1.ebuild b/media-libs/tiff/tiff-3.9.7-r1.ebuild
deleted file mode 100644
index 467c3bb64906..000000000000
--- a/media-libs/tiff/tiff-3.9.7-r1.ebuild
+++ /dev/null
@@ -1,67 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-# this ebuild is only for the libtiff.so.3 (+ 4) and libtiffxx.so.3 (+ 4) SONAME for ABI compat
-
-inherit eutils libtool multilib multilib-minimal
-
-DESCRIPTION="Library for manipulation of TIFF (Tag Image File Format) images"
-HOMEPAGE="http://libtiff.maptools.org"
-SRC_URI="ftp://ftp.remotesensing.org/pub/libtiff/${P}.tar.gz"
-
-LICENSE="libtiff"
-SLOT="3"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 m68k ~mips ~ppc ~ppc64 s390 sh ~sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="+cxx jbig jpeg zlib"
-
-RDEPEND="jpeg? ( >=virtual/jpeg-0-r2[${MULTILIB_USEDEP}] )
-	jbig? ( >=media-libs/jbigkit-2.1[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	!media-libs/tiff-compat
-	!=media-libs/tiff-3*:0"
-DEPEND="${RDEPEND}"
-
-src_prepare() {
-	epatch \
-		"${FILESDIR}"/${P}-CVE-2012-{4447,4564,5581}.patch \
-		"${FILESDIR}"/${P}-tiffinfo-exif.patch \
-		"${FILESDIR}"/${P}-printdir-width.patch
-
-	elibtoolize
-}
-
-multilib_src_configure() {
-	ECONF_SOURCE="${S}" econf \
-		--libdir=/libdir \
-		--disable-static \
-		$(use_enable cxx) \
-		$(use_enable zlib) \
-		$(use_enable jpeg) \
-		$(use_enable jbig) \
-		--without-x
-}
-
-multilib_src_install() {
-	# Let `make install` and libtool handle insecure runpath(s)
-	dodir tmp
-	emake DESTDIR="${ED}/tmp" install
-
-	# .so.3 (upstream) is used by sci-chemistry/icm
-	# .so.4 (Debian) is used by net-im/skype
-	exeinto /usr/$(get_libdir)
-	doexe "${ED}"/tmp/libdir/libtiff$(get_libname 3)
-	dosym libtiff$(get_libname 3) /usr/$(get_libdir)/libtiff$(get_libname 4)
-	if use cxx; then
-		doexe "${ED}"/tmp/libdir/libtiffxx$(get_libname 3)
-		dosym libtiffxx$(get_libname 3) /usr/$(get_libdir)/libtiffxx$(get_libname 4)
-	fi
-
-	rm -rf "${ED}"/tmp
-}
-
-multilib_src_install_all() {
-	# (avoid installing docs)
-	:
-}
diff --git a/media-libs/tiff/tiff-4.0.10.ebuild b/media-libs/tiff/tiff-4.0.10.ebuild
index a41a3102657c..8373253c0284 100644
--- a/media-libs/tiff/tiff-4.0.10.ebuild
+++ b/media-libs/tiff/tiff-4.0.10.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -12,7 +12,7 @@ SRC_URI="http://download.osgeo.org/libtiff/${P}.tar.gz
 
 LICENSE="libtiff"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~x64-cygwin ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="+cxx jbig jpeg lzma static-libs test webp zlib zstd"
 
 RDEPEND="