- Fix CVE-2007-3387.

- Bump portrevision.

Submitted by:	Vladislav Sekulic Sys POC <pocsys@cs.toronto.edu> (based on)
Approved by:	secteam blanket
Security:	http://www.FreeBSD.org/ports/portaudit/0e43a14d-3f3f-11dc-a79a-0016179b2dd5.html

2 files changed, 23 insertions, 1 deletions

diff --git a/textproc/pdftohtml/Makefile b/textproc/pdftohtml/Makefile
index 7899b7536bbc..ba7a3fe5604c 100644
--- a/textproc/pdftohtml/Makefile
+++ b/textproc/pdftohtml/Makefile
@@ -8,7 +8,7 @@
 
 PORTNAME=	pdftohtml
 PORTVERSION=	0.39
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	textproc
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff --git a/textproc/pdftohtml/files/patch-cve-2007-3387 b/textproc/pdftohtml/files/patch-cve-2007-3387
new file mode 100644
index 000000000000..573487ee06df
--- /dev/null
+++ b/textproc/pdftohtml/files/patch-cve-2007-3387
@@ -0,0 +1,22 @@
+--- xpdf/Stream.cc.orig	2009-04-29 01:11:24.000000000 +0400
++++ xpdf/Stream.cc	2009-04-29 01:15:47.000000000 +0400
+@@ -33,6 +33,7 @@
+ #include "JBIG2Stream.h"
+ #include "JPXStream.h"
+ #include "Stream-CCITT.h"
++#include "Function.h"
+ 
+ #ifdef __DJGPP__
+ static GBool setDJSYSFLAGS = gFalse;
+@@ -417,8 +418,9 @@
+   ok = gFalse;
+ 
+   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX/nBits ||
+-      width >= INT_MAX/nComps/nBits) {
++      nComps > funcMaxOutputs || nBits > 16 ||
++      width >= INT_MAX / nComps ||
++      nVals >= (INT_MAX - 7) / nBits) {
+     return;
+   }
+   nVals = width * nComps;