On 2026/04/14 20:04, Stuart Henderson wrote:
> On 2026/04/14 18:02, Christian Weisgerber wrote:
> > Grab upstream fixes for integer overflows that lead to heap overflows.
> > One is a fix for CVE-2026-4775.  While looking over the commit history,
> > I also noticed another fix that looked worthwhile.  This is a game
> > of whack-a-mole ...
> > 
> > OK?
> 
> yes.
> 
> when checking commits for those I noticed
> https://gitlab.com/libtiff/libtiff/-/commit/200e5ca51e477ac439ef9514c3c3ac8c9799a5c8
> which would be worth grabbing too, I think - I'll prepare a diff.

(bump intentionally not included in the diff, will do at commit)

Index: patches/patch-libtiff_tif_jpeg_c
===================================================================
RCS file: patches/patch-libtiff_tif_jpeg_c
diff -N patches/patch-libtiff_tif_jpeg_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-libtiff_tif_jpeg_c	14 Apr 2026 19:08:26 -0000
@@ -0,0 +1,26 @@
+From 200e5ca51e477ac439ef9514c3c3ac8c9799a5c8 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 16 Mar 2026 02:06:02 +0100
+Subject: [PATCH] JPEG: fix generation of tiled 12-bit JPEG compressed files
+ with libjpeg-turbo 3.0.3
+
+Fixes https://gitlab.com/libtiff/libtiff/-/work_items/773
+
+Index: libtiff/tif_jpeg.c
+--- libtiff/tif_jpeg.c.orig
++++ libtiff/tif_jpeg.c
+@@ -2276,7 +2276,13 @@ static int JPEGPreEncode(TIFF *tif, uint16_t s)
+         /* an existing file */
+         suppress_huff_table(sp, 0);
+         suppress_huff_table(sp, 1);
+-        sp->cinfo.c.optimize_coding = FALSE;
++
++        /* We want to keep optimize_coding = TRUE for 12-bit JPEG */
++        /* See lengthy explanation at
++         * https://gitlab.com/libtiff/libtiff/-/work_items/773#note_3009836854
++         */
++        if (sp->cinfo.c.data_precision == 8)
++            sp->cinfo.c.optimize_coding = FALSE;
+     }
+     else
+         sp->cinfo.c.optimize_coding = TRUE;