Add fix for CVE-2016-7568.

Bump PKGREVISION.

3 files changed, 25 insertions, 2 deletions

diff --git a/graphics/gd/Makefile b/graphics/gd/Makefile
index aa6b8d5ded6..a8994dfb8d7 100644
--- a/graphics/gd/Makefile
+++ b/graphics/gd/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.111 2016/08/02 18:29:21 adam Exp $
+# $NetBSD: Makefile,v 1.112 2016/10/05 03:10:31 taca Exp $
 
 DISTNAME=	libgd-2.2.3
+PKGREVISION=	1
 PKGNAME=	${DISTNAME:S/libgd/gd/}
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_GITHUB:=libgd/}
diff --git a/graphics/gd/distinfo b/graphics/gd/distinfo
index 43590cff930..101b6c76195 100644
--- a/graphics/gd/distinfo
+++ b/graphics/gd/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.41 2016/08/02 18:29:21 adam Exp $
+$NetBSD: distinfo,v 1.42 2016/10/05 03:10:31 taca Exp $
 
 SHA1 (libgd-2.2.3.tar.xz) = 2f8cebec5afd6c83a3d5cb92f40ea4926b4daa98
 RMD160 (libgd-2.2.3.tar.xz) = e6c29133c2ea33c8ba16571892d2798ef0f5afea
 SHA512 (libgd-2.2.3.tar.xz) = bdc6d086bc054beda6574ec46baa4cd94048a5f2f357f875ba05983e92d247f1b731434b9e438c6aef09d46fa96f1a7e1f330a25a77ffd2dd78aa8a32d652557
 Size (libgd-2.2.3.tar.xz) = 2164152 bytes
+SHA1 (patch-src_gd__webp.c) = 55c5929007ffe0d9ab23b7fed9abf373bc188de8
diff --git a/graphics/gd/patches/patch-src_gd__webp.c b/graphics/gd/patches/patch-src_gd__webp.c
new file mode 100644
index 00000000000..de9f9bd80de
--- /dev/null
+++ b/graphics/gd/patches/patch-src_gd__webp.c
@@ -0,0 +1,21 @@
+$NetBSD: patch-src_gd__webp.c,v 1.1 2016/10/05 03:10:31 taca Exp $
+
+Fix for CVE-2016-7568.
+
+--- src/gd_webp.c.orig	2016-07-21 08:06:42.000000000 +0000
++++ src/gd_webp.c
+@@ -126,6 +126,14 @@ void gdImageWebpCtx (gdImagePtr im, gdIO
+ 		quantization = 80;
+ 	}
+ 
++	if (overflow2(gdImageSX(im), 4)) {
++		return;
++	}
++
++	if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
++		return;
++	}
++
+ 	argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
+ 	if (!argb) {
+ 		return;