Accepting request 746558 from graphics

- security update
- added patches
  CVE-2019-18804 [bsc#1156188]
  + djvulibre-CVE-2019-18804.patch

OBS-URL: https://build.opensuse.org/request/show/746558
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/djvulibre?expand=0&rev=39

djvulibre-CVE-2019-18804.patch

@@ -0,0 +1,23 @@
+--- a/libdjvu/IW44EncodeCodec.cpp	
++++ a/libdjvu/IW44EncodeCodec.cpp	
+@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale)
+   int y = 0;
+   int s = scale*rowsize;
+   int s3 = s+s+s;
+-  h = ((h-1)/scale)+1;
++  h = (h>0) ? ((h-1)/scale)+1 : 0;
+   y += 1;
+   p += s;
+   while (y-3 < h)
+--- a/tools/ddjvu.cpp	
++++ a/tools/ddjvu.cpp	
+@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno)
+       prect.h = (ih * 100) / dpi;
+     }
+   /* Process aspect ratio */
+-  if (flag_aspect <= 0)
++  if (flag_aspect <= 0 && iw>0 && ih>0)
+     {
+       double dw = (double)iw / prect.w;
+       double dh = (double)ih / prect.h;
+

djvulibre.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Nov  8 11:15:02 UTC 2019 - pgajdos@suse.com
+
+- security update
+- added patches
+  CVE-2019-18804 [bsc#1156188]
+  + djvulibre-CVE-2019-18804.patch
+
 -------------------------------------------------------------------
 Fri Oct 18 08:33:20 UTC 2019 - pgajdos@suse.com
 

djvulibre.spec

@@ -41,6 +41,8 @@ Patch4:         djvulibre-CVE-2019-15142.patch
 Patch5:         djvulibre-invalid-tiff.patch
 # https://sourceforge.net/p/djvu/bugs/293/
 Patch6:         djvulibre-always-assume-that-cpuid-works-on-x86_64.patch
+# CVE-2019-18804 [bsc#1156188]
+Patch7:         djvulibre-CVE-2019-18804.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  hicolor-icon-theme
@@ -101,6 +103,7 @@ This package contains the documentation.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 %configure \