diff --git a/graphics/tiff/Makefile b/graphics/tiff/Makefile
index 7c12477304702..a24b5f5efb9ce 100644
--- a/graphics/tiff/Makefile
+++ b/graphics/tiff/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.137 2017/06/21 01:08:33 tez Exp $
+# $NetBSD: Makefile,v 1.139 2017/12/03 09:07:06 maya Exp $
 
-DISTNAME=	tiff-4.0.8
+DISTNAME=	tiff-4.0.9
 PKGREVISION=	1
 CATEGORIES=	graphics
 MASTER_SITES=	ftp://download.osgeo.org/libtiff/
diff --git a/graphics/tiff/PLIST b/graphics/tiff/PLIST
index a193dcb60ed6c..442bf8655a79d 100644
--- a/graphics/tiff/PLIST
+++ b/graphics/tiff/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2017/05/29 13:44:05 he Exp $
+@comment $NetBSD: PLIST,v 1.25 2017/11/19 16:31:04 he Exp $
 bin/fax2ps
 bin/fax2tiff
 bin/pal2rgb
@@ -233,4 +233,5 @@ share/doc/tiff/html/v4.0.4beta.html
 share/doc/tiff/html/v4.0.5.html
 share/doc/tiff/html/v4.0.6.html
 share/doc/tiff/html/v4.0.7.html
+share/doc/tiff/html/v4.0.8.html
 share/doc/tiff/html/v${PKGVERSION}.html
diff --git a/graphics/tiff/distinfo b/graphics/tiff/distinfo
index 14cd4cc9a969d..9f2b509f83432 100644
--- a/graphics/tiff/distinfo
+++ b/graphics/tiff/distinfo
@@ -1,10 +1,8 @@
-$NetBSD: distinfo,v 1.86 2017/06/21 02:47:45 pgoyette Exp $
+$NetBSD: distinfo,v 1.88 2017/12/03 09:07:06 maya Exp $
 
-SHA1 (tiff-4.0.8.tar.gz) = 88717c97480a7976c94d23b6d9ed4ac74715267f
-RMD160 (tiff-4.0.8.tar.gz) = 0d8bc26c98035810c73b8f876f76dc48efba7da8
-SHA512 (tiff-4.0.8.tar.gz) = 5d010ec4ce37aca733f7ab7db9f432987b0cd21664bd9d99452a146833c40f0d1e7309d1870b0395e947964134d5cfeb1366181e761fe353ad585803ff3d6be6
-Size (tiff-4.0.8.tar.gz) = 2065574 bytes
+SHA1 (tiff-4.0.9.tar.gz) = 87d4543579176cc568668617c22baceccd568296
+RMD160 (tiff-4.0.9.tar.gz) = ab5b3b7297e79344775b1e70c4d54c90c06836a3
+SHA512 (tiff-4.0.9.tar.gz) = 04f3d5eefccf9c1a0393659fe27f3dddd31108c401ba0dc587bca152a1c1f6bc844ba41622ff5572da8cc278593eff8c402b44e7af0a0090e91d326c2d79f6cd
+Size (tiff-4.0.9.tar.gz) = 2305681 bytes
 SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6
-SHA1 (patch-libtiff_tif_dir.h) = 50f565eac6a7157a7c99923f4b3ffaf31b021644
-SHA1 (patch-libtiff_tif_dirinfo.c) = cd0e4da46f62d888128e558c16ebcc6a867274df
-SHA1 (patch-libtiff_tif_dirread.c) = d98b5cb0ceca8f5923c015b09f04da3b8af094e5
+SHA1 (patch-tools_pal2rgb.c) = f91652e8013940c162add870ceb9845e2730bc2c
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dir.h b/graphics/tiff/patches/patch-libtiff_tif_dir.h
deleted file mode 100644
index 5394f4f7a3785..0000000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_dir.h
+++ /dev/null
@@ -1,25 +0,0 @@
-$NetBSD: patch-libtiff_tif_dir.h,v 1.3 2017/06/21 02:47:45 pgoyette Exp $
-
-fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
-per http://bugzilla.maptools.org/show_bug.cgi?id=2580
-
-also CVE-2017-9147
-(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
-
-
-Index: tif_dir.h
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v
-retrieving revision 1.54
-retrieving revision 1.55
-diff -w -u -b -r1.54 -r1.55
---- libtiff/tif_dir.h.orig	18 Feb 2011 20:53:05 -0000	1.54
-+++ libtiff/tif_dir.h	1 Jun 2017 12:44:04 -0000	1.55
-@@ -291,6 +291,7 @@
- extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
- extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
- extern  TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
-+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
- 
- #if defined(__cplusplus)
- }
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c b/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c
deleted file mode 100644
index 1e9a4f64e9a28..0000000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_dirinfo.c
+++ /dev/null
@@ -1,127 +0,0 @@
-$NetBSD: patch-libtiff_tif_dirinfo.c,v 1.3 2017/06/21 02:47:45 pgoyette Exp $
-
-fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
-per http://bugzilla.maptools.org/show_bug.cgi?id=2580
-
-also CVE-2017-9147 
-(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
-
-
-Index: tif_dirinfo.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v
-retrieving revision 1.126
-retrieving revision 1.127
-diff -w -u -b -r1.126 -r1.127
---- libtiff/tif_dirinfo.c.orig	18 Nov 2016 02:52:13 -0000	1.126
-+++ libtiff/tif_dirinfo.c	1 Jun 2017 12:44:04 -0000	1.127
-@@ -956,6 +956,109 @@
- 	return 0;
- }
- 
-+int
-+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
-+{
-+	/* Filter out non-codec specific tags */
-+	switch (tag) {
-+	    /* Shared tags */
-+	    case TIFFTAG_PREDICTOR:
-+	    /* JPEG tags */
-+	    case TIFFTAG_JPEGTABLES:
-+	    /* OJPEG tags */
-+	    case TIFFTAG_JPEGIFOFFSET:
-+	    case TIFFTAG_JPEGIFBYTECOUNT:
-+	    case TIFFTAG_JPEGQTABLES:
-+	    case TIFFTAG_JPEGDCTABLES:
-+	    case TIFFTAG_JPEGACTABLES:
-+	    case TIFFTAG_JPEGPROC:
-+	    case TIFFTAG_JPEGRESTARTINTERVAL:
-+	    /* CCITT* */
-+	    case TIFFTAG_BADFAXLINES:
-+	    case TIFFTAG_CLEANFAXDATA:
-+	    case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+	    case TIFFTAG_GROUP3OPTIONS:
-+	    case TIFFTAG_GROUP4OPTIONS:
-+		break;
-+	    default:
-+		return 1;
-+	}
-+	/* Check if codec specific tags are allowed for the current
-+	 * compression scheme (codec) */
-+	switch (tif->tif_dir.td_compression) {
-+	    case COMPRESSION_LZW:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+	    case COMPRESSION_PACKBITS:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_THUNDERSCAN:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_NEXT:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_JPEG:
-+		if (tag == TIFFTAG_JPEGTABLES)
-+		    return 1;
-+		break;
-+	    case COMPRESSION_OJPEG:
-+		switch (tag) {
-+		    case TIFFTAG_JPEGIFOFFSET:
-+		    case TIFFTAG_JPEGIFBYTECOUNT:
-+		    case TIFFTAG_JPEGQTABLES:
-+		    case TIFFTAG_JPEGDCTABLES:
-+		    case TIFFTAG_JPEGACTABLES:
-+		    case TIFFTAG_JPEGPROC:
-+		    case TIFFTAG_JPEGRESTARTINTERVAL:
-+			return 1;
-+		}
-+		break;
-+	    case COMPRESSION_CCITTRLE:
-+	    case COMPRESSION_CCITTRLEW:
-+	    case COMPRESSION_CCITTFAX3:
-+	    case COMPRESSION_CCITTFAX4:
-+		switch (tag) {
-+		    case TIFFTAG_BADFAXLINES:
-+		    case TIFFTAG_CLEANFAXDATA:
-+		    case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+			return 1;
-+		    case TIFFTAG_GROUP3OPTIONS:
-+			if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
-+			    return 1;
-+			break;
-+		    case TIFFTAG_GROUP4OPTIONS:
-+			if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
-+			    return 1;
-+			break;
-+		}
-+		break;
-+	    case COMPRESSION_JBIG:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_DEFLATE:
-+	    case COMPRESSION_ADOBE_DEFLATE:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+	   case COMPRESSION_PIXARLOG:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+	    case COMPRESSION_SGILOG:
-+	    case COMPRESSION_SGILOG24:
-+		/* No codec-specific tags */
-+		break;
-+	    case COMPRESSION_LZMA:
-+		if (tag == TIFFTAG_PREDICTOR)
-+		    return 1;
-+		break;
-+
-+	}
-+	return 0;
-+}
-+
- /* vim: set ts=8 sts=8 sw=8 noet: */
- 
- /*
diff --git a/graphics/tiff/patches/patch-libtiff_tif_dirread.c b/graphics/tiff/patches/patch-libtiff_tif_dirread.c
deleted file mode 100644
index dc6f2ecc009e5..0000000000000
--- a/graphics/tiff/patches/patch-libtiff_tif_dirread.c
+++ /dev/null
@@ -1,28 +0,0 @@
-$NetBSD: patch-libtiff_tif_dirread.c,v 1.7 2017/06/21 02:47:45 pgoyette Exp $
-
-fix CVE-2014-8128, CVE-2016-5318, CVE-2015-7554 & CVE-2016-10095
-per http://bugzilla.maptools.org/show_bug.cgi?id=2580
-
-also CVE-2017-9147 
-(http://bugzilla.maptools.org/show_bug.cgi?id=2693)
-
-
-Index: tif_dirread.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
-retrieving revision 1.208
-retrieving revision 1.209
-diff -w -u -b -r1.208 -r1.209
---- libtiff/tif_dirread.c.orig	27 Apr 2017 15:46:22 -0000	1.208
-+++ libtiff/tif_dirread.c	1 Jun 2017 12:44:04 -0000	1.209
-@@ -3580,6 +3580,10 @@
- 							goto bad;
- 						dp->tdir_tag=IGNORE;
- 						break;
-+                                        default:
-+                                            if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
-+                                                dp->tdir_tag=IGNORE;
-+                                            break;
- 				}
- 			}
- 		}
diff --git a/graphics/tiff/patches/patch-tools_pal2rgb.c b/graphics/tiff/patches/patch-tools_pal2rgb.c
new file mode 100644
index 0000000000000..43506087056bf
--- /dev/null
+++ b/graphics/tiff/patches/patch-tools_pal2rgb.c
@@ -0,0 +1,23 @@
+$NetBSD: patch-tools_pal2rgb.c,v 1.1 2017/12/03 09:07:06 maya Exp $
+
+CVE-2017-17095 Heap-based buffer overflow bug in pal2rgb
+
+--- tools/pal2rgb.c.orig	2015-08-28 22:17:08.172200823 +0000
++++ tools/pal2rgb.c
+@@ -39,6 +39,7 @@
+ # include "libport.h"
+ #endif
+ 
++#include "tiffiop.h"
+ #include "tiffio.h"
+ 
+ #define	streq(a,b)	(strcmp(a,b) == 0)
+@@ -185,7 +186,7 @@
+ 	  register unsigned char* pp;
+ 	  register uint32 x;
+ 	  ibuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(in));
+-	  obuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(out));
++	  obuf = (unsigned char*)_TIFFmalloc(TIFFSafeMultiply(tmsize_t, imagewidth, 3*sizeof(short)));
+ 	  switch (config) {
+ 	  case PLANARCONFIG_CONTIG:
+ 		for (row = 0; row < imagelength; row++) {