diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 16c8efb827a1..c366e74fb66d 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,123 +1,123 @@
 # Created by: Richard Hwang <rhwang@bigpanda.com>, Mikhail Teterin <mi@aldan.algebra.com>, Jun-ichiro itojun Itoh <itojun@itojun.org>
 # $FreeBSD$
 
 PORTNAME=	tiff
 PORTVERSION=	4.0.6
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://ftp.remotesensing.org/pub/libtiff/ \
 		http://download.osgeo.org/libtiff/
 
 MAINTAINER=	portmgr@FreeBSD.org
 COMMENT=	Tools and library routines for working with TIFF images
 
 LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/COPYRIGHT
 
 LIB_DEPENDS=	libjbig.so:graphics/jbigkit
 
 USES=		cpe jpeg libtool
 CPE_PRODUCT=	libtiff
 CPE_VERSION=	${DISTVERSION:C/[a-z]+//}
 CPE_UPDATE=	${DISTVERSION:C/[0-9.]+//}
 USE_LDCONFIG=	yes
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS+=	--with-jpeg-include-dir=${LOCALBASE}/include \
 			--with-jpeg-lib-dir=${LOCALBASE}/lib \
 			--without-x
 INSTALL_TARGET=	install-strip
 TEST_TARGET=	check
 
 MLNKS=	TIFFError.3tiff          TIFFSetErrorHandler.3tiff \
 	TIFFFlush.3tiff          TIFFFlushData.3tiff \
 	TIFFGetField.3tiff       TIFFGetFieldDefaulted.3tiff \
 	TIFFGetField.3tiff       TIFFVGetField.3tiff \
 	TIFFGetField.3tiff       TIFFVGetFieldDefaulted.3tiff \
 	TIFFOpen.3tiff           TIFFFdOpen.3tiff \
 	TIFFOpen.3tiff           TIFFClientOpen.3tiff \
 	TIFFRGBAImage.3tiff      TIFFRGBAImageOK.3tiff \
 	TIFFRGBAImage.3tiff      TIFFRGBAImageBegin.3tiff \
 	TIFFRGBAImage.3tiff      TIFFRGBAImageGet.3tiff \
 	TIFFRGBAImage.3tiff      TIFFRGBAImageEnd.3tiff \
 	TIFFRGBAImage.3tiff      TIFFReadRGBAImageOriented.3tiff \
 	TIFFSetDirectory.3tiff   TIFFSetSubDirectory.3tiff \
 	TIFFSetField.3tiff       TIFFVSetField.3tiff \
 	TIFFWarning.3tiff        TIFFSetWarningHandler.3tiff \
 	TIFFWriteDirectory.3tiff TIFFRewriteDirectory.3tiff \
 	TIFFbuffer.3tiff         TIFFReadBufferSetup.3tiff \
 	TIFFbuffer.3tiff         TIFFWriteBufferSetup.3tiff \
 	TIFFcodec.3tiff          TIFFFindCODEC.3tiff \
 	TIFFcodec.3tiff          TIFFRegisterCODEC.3tiff \
 	TIFFcodec.3tiff          TIFFUnRegisterCODEC.3tiff \
 	TIFFmemory.3tiff         TIFFfree.3tiff \
 	TIFFmemory.3tiff         TIFFmalloc.3tiff \
 	TIFFmemory.3tiff         TIFFmemcmp.3tiff \
 	TIFFmemory.3tiff         TIFFmemcpy.3tiff \
 	TIFFmemory.3tiff         TIFFmemset.3tiff \
 	TIFFmemory.3tiff         TIFFrealloc.3tiff \
 	TIFFquery.3tiff          TIFFCurrentDirectory.3tiff \
 	TIFFquery.3tiff          TIFFCurrentRow.3tiff \
 	TIFFquery.3tiff          TIFFCurrentStrip.3tiff \
 	TIFFquery.3tiff          TIFFCurrentTile.3tiff \
 	TIFFquery.3tiff          TIFFFileName.3tiff \
 	TIFFquery.3tiff          TIFFFileno.3tiff \
 	TIFFquery.3tiff          TIFFGetMode.3tiff \
 	TIFFquery.3tiff          TIFFIsTiled.3tiff \
 	TIFFquery.3tiff          TIFFIsByteSwapped.3tiff \
 	TIFFquery.3tiff          TIFFIsUpSampled.3tiff \
 	TIFFquery.3tiff          TIFFIsMSB2LSB.3tiff \
 	TIFFquery.3tiff          TIFFLastDirectory.3tiff \
 	TIFFsize.3tiff           TIFFScanlineSize.3tiff \
 	TIFFstrip.3tiff          TIFFComputeStrip.3tiff \
 	TIFFstrip.3tiff          TIFFDefaultStripSize.3tiff \
 	TIFFstrip.3tiff          TIFFNumberOfStrips.3tiff \
 	TIFFstrip.3tiff          TIFFStripSize.3tiff \
 	TIFFstrip.3tiff          TIFFVStripSize.3tiff \
 	TIFFswab.3tiff           TIFFReverseBits.3tiff \
 	TIFFswab.3tiff           TIFFSwabArrayOfLong.3tiff \
 	TIFFswab.3tiff           TIFFSwabArrayOfShort.3tiff \
 	TIFFswab.3tiff           TIFFSwabLong.3tiff \
 	TIFFswab.3tiff           TIFFSwabShort.3tiff \
 	TIFFtile.3tiff           TIFFCheckTile.3tiff \
 	TIFFtile.3tiff           TIFFComputeTile.3tiff \
 	TIFFtile.3tiff           TIFFDefaultTileSize.3tiff \
 	TIFFtile.3tiff           TIFFNumberOfTiles.3tiff \
 	TIFFtile.3tiff           TIFFTileSize.3tiff \
 	TIFFtile.3tiff           TIFFTileRowSize.3tiff \
 	TIFFtile.3tiff           TIFFVTileSize.3tiff
 
 OPTIONS_DEFINE=	DOCS
 
 .include <bsd.port.options.mk>
 
 .if !defined(BUILDING_INDEX)
 __pmlinks3!=	${ECHO_CMD} '${MLNKS:S/    / /}' | ${AWK} \
 	'{ if (NF % 2 != 0) { print "broken"; exit; } \
 	for (i=1; i<=NF; i++) { \
 		if ( i % 2 == 0) { print " " $$i " ;"; } \
 		else { print "${LN} -s " $$i " "; } \
 	} }'
 .endif
 
 post-patch:
 	@${REINPLACE_CMD} "/\.po 0/d" ${WRKSRC}/man/*
 
 pre-configure:
 	${REINPLACE_CMD} \
 		-e 's|tiffgt.1 ||' \
 		${WRKSRC}/man/Makefile.in
 	${REINPLACE_CMD} -e 's|^docfiles|no-docfiles|' \
 		-e 's|man html|man|' ${WRKSRC}/Makefile.in
 
 post-install:
 	${LN} -s libtiff.so.5 ${STAGEDIR}${PREFIX}/lib/libtiff.so.4
 	( cd ${STAGEDIR}${PREFIX}/man/man3 && ${__pmlinks3} )
 .if ${PORT_OPTIONS:MDOCS}
 	${MKDIR} ${STAGEDIR}${DOCSDIR}/images ${STAGEDIR}${DOCSDIR}/man
 	${INSTALL_DATA} ${WRKSRC}/html/*.html ${STAGEDIR}${DOCSDIR}/
 	${INSTALL_DATA} ${WRKSRC}/html/images/*.jpg ${STAGEDIR}${DOCSDIR}/images/
 	${INSTALL_DATA} ${WRKSRC}/html/images/*.gif ${STAGEDIR}${DOCSDIR}/images/
 	${INSTALL_DATA} ${WRKSRC}/html/man/*.html ${STAGEDIR}${DOCSDIR}/man/
 .endif
 
 .include <bsd.port.mk>
diff --git a/graphics/tiff/files/patch-libtiff_tif__pixarlog.c b/graphics/tiff/files/patch-libtiff_tif__pixarlog.c
new file mode 100644
index 000000000000..4976524bba73
--- /dev/null
+++ b/graphics/tiff/files/patch-libtiff_tif__pixarlog.c
@@ -0,0 +1,34 @@
+CVE-2016-5875(, dup?)
+https://marc.info/?l=oss-security&m=146720235906569&w=2
+
+--- libtiff/tif_pixarlog.c.orig	Sat Aug 29 00:16:22 2015
++++ libtiff/tif_pixarlog.c	Fri Jul  1 13:04:52 2016
+@@ -457,6 +457,7 @@ horizontalAccumulate8abgr(uint16 *wp, int n, int strid
+ typedef	struct {
+ 	TIFFPredictorState	predict;
+ 	z_stream		stream;
++	tmsize_t		tbuf_size; /* only set/used on reading for now */
+ 	uint16			*tbuf; 
+ 	uint16			stride;
+ 	int			state;
+@@ -692,6 +693,7 @@ PixarLogSetupDecode(TIFF* tif)
+ 	sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
+ 	if (sp->tbuf == NULL)
+ 		return (0);
++	sp->tbuf_size = tbuf_size;
+ 	if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
+ 		sp->user_datafmt = PixarLogGuessDataFmt(td);
+ 	if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) {
+@@ -779,6 +781,12 @@ PixarLogDecode(TIFF* tif, uint8* op, tmsize_t occ, uin
+ 	if (sp->stream.avail_out != nsamples * sizeof(uint16))
+ 	{
+ 		TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size");
++		return (0);
++	}
++	/* Check that we will not fill more than what was allocated */
++	if (sp->stream.avail_out > sp->tbuf_size)
++	{
++		TIFFErrorExt(tif->tif_clientdata, module, "sp->stream.avail_out > sp->tbuf_size");
+ 		return (0);
+ 	}
+ 	do {
diff --git a/graphics/tiff/files/patch-tools_gif2tiff.c b/graphics/tiff/files/patch-tools_gif2tiff.c
new file mode 100644
index 000000000000..cba2d90e21c2
--- /dev/null
+++ b/graphics/tiff/files/patch-tools_gif2tiff.c
@@ -0,0 +1,14 @@
+CVE-2016-3186, patch from:
+https://bugzilla.redhat.com/show_bug.cgi?id=1319666
+
+--- tools/gif2tiff.c.orig	Fri Jul  1 13:11:43 2016
++++ tools/gif2tiff.c	Fri Jul  1 13:12:07 2016
+@@ -349,7 +349,7 @@ readextension(void)
+     int status = 1;
+ 
+     (void) getc(infile);
+-    while ((count = getc(infile)) && count <= 255)
++    while ((count = getc(infile)) && count >= 0 && count <= 255)
+         if (fread(buf, 1, count, infile) != (size_t) count) {
+             fprintf(stderr, "short read from file %s (%s)\n",
+                     filename, strerror(errno));