git: 332c8dded3e6 - 2026Q2 - graphics/tiff: Fix CVE-2026-4775
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 12 Apr 2026 18:24:59 UTC
The branch 2026Q2 has been updated by diizzy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=332c8dded3e6c7b4ce07f92281e277da45999bf0
commit 332c8dded3e6c7b4ce07f92281e277da45999bf0
Author: Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2026-04-11 06:03:40 +0000
Commit: Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2026-04-12 18:21:07 +0000
graphics/tiff: Fix CVE-2026-4775
Backport upstream commit 782a11d6b5b61c6dc21e714950a4af5bf89f023c
Reference:
https://gitlab.com/libtiff/libtiff/-/commit/782a11d6b5b61c6dc21e714950a4af5bf89f023c
PR: 294370
Reviewed by: desktop (arrowd)
(cherry picked from commit a7af345cb919c0cab70b0801abaff2b528f1eaff)
---
graphics/tiff/Makefile | 1 +
graphics/tiff/files/patch-libtiff_tif__getimage.c | 38 +++++++++++++++++++++++
2 files changed, 39 insertions(+)
diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index f4c8b7119511..635c491ea844 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,5 +1,6 @@
PORTNAME= tiff
DISTVERSION= 4.7.1
+PORTREVISION= 1
CATEGORIES= graphics
MASTER_SITES= https://download.osgeo.org/libtiff/
diff --git a/graphics/tiff/files/patch-libtiff_tif__getimage.c b/graphics/tiff/files/patch-libtiff_tif__getimage.c
new file mode 100644
index 000000000000..c3c3ed3a62a0
--- /dev/null
+++ b/graphics/tiff/files/patch-libtiff_tif__getimage.c
@@ -0,0 +1,38 @@
+--- libtiff/tif_getimage.c.orig 2025-06-25 17:20:35 UTC
++++ libtiff/tif_getimage.c
+@@ -2216,7 +2216,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr44tile)
+ uint32_t *cp1 = cp + w + toskew;
+ uint32_t *cp2 = cp1 + w + toskew;
+ uint32_t *cp3 = cp2 + w + toskew;
+- int32_t incr = 3 * w + 4 * toskew;
++ const tmsize_t incr = 3 * (tmsize_t)w + 4 * (tmsize_t)toskew;
+
+ (void)y;
+ /* adjust fromskew */
+@@ -2356,7 +2356,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
+ DECLAREContigPutFunc(putcontig8bitYCbCr42tile)
+ {
+ uint32_t *cp1 = cp + w + toskew;
+- int32_t incr = 2 * toskew + w;
++ const tmsize_t incr = 2 * (tmsize_t)toskew + w;
+
+ (void)y;
+ fromskew = (fromskew / 4) * (4 * 2 + 2);
+@@ -2512,7 +2512,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
+ DECLAREContigPutFunc(putcontig8bitYCbCr22tile)
+ {
+ uint32_t *cp2;
+- int32_t incr = 2 * toskew + w;
++ const tmsize_t incr = 2 * (tmsize_t)toskew + w;
+ (void)y;
+ fromskew = (fromskew / 2) * (2 * 2 + 2);
+ cp2 = cp + w + toskew;
+@@ -2615,7 +2615,7 @@ DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
+ DECLAREContigPutFunc(putcontig8bitYCbCr12tile)
+ {
+ uint32_t *cp2;
+- int32_t incr = 2 * toskew + w;
++ const tmsize_t incr = 2 * (tmsize_t)toskew + w;
+ (void)y;
+ fromskew = (fromskew / 1) * (1 * 2 + 2);
+ cp2 = cp + w + toskew;