From d0716b8e463105a2fe7cba66ecf51f9b3505879e6b3575bfb4e16cabb4e6fb5a Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Fri, 8 Nov 2019 11:15:17 +0000
Subject: [PATCH] - security update - added patches   CVE-2019-18804
 [bsc#1156188]   + djvulibre-CVE-2019-18804.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/djvulibre?expand=0&rev=33
---
 djvulibre-CVE-2019-18804.patch | 23 +++++++++++++++++++++++
 djvulibre.changes              |  8 ++++++++
 djvulibre.spec                 |  3 +++
 3 files changed, 34 insertions(+)
 create mode 100644 djvulibre-CVE-2019-18804.patch

diff --git a/djvulibre-CVE-2019-18804.patch b/djvulibre-CVE-2019-18804.patch
new file mode 100644
index 0000000..b58809f
--- /dev/null
+++ b/djvulibre-CVE-2019-18804.patch
@@ -0,0 +1,23 @@
+--- a/libdjvu/IW44EncodeCodec.cpp	
++++ a/libdjvu/IW44EncodeCodec.cpp	
+@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale)
+   int y = 0;
+   int s = scale*rowsize;
+   int s3 = s+s+s;
+-  h = ((h-1)/scale)+1;
++  h = (h>0) ? ((h-1)/scale)+1 : 0;
+   y += 1;
+   p += s;
+   while (y-3 < h)
+--- a/tools/ddjvu.cpp	
++++ a/tools/ddjvu.cpp	
+@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno)
+       prect.h = (ih * 100) / dpi;
+     }
+   /* Process aspect ratio */
+-  if (flag_aspect <= 0)
++  if (flag_aspect <= 0 && iw>0 && ih>0)
+     {
+       double dw = (double)iw / prect.w;
+       double dh = (double)ih / prect.h;
+
diff --git a/djvulibre.changes b/djvulibre.changes
index 9f3c05a..6a60182 100644
--- a/djvulibre.changes
+++ b/djvulibre.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Nov  8 11:15:02 UTC 2019 - pgajdos@suse.com
+
+- security update
+- added patches
+  CVE-2019-18804 [bsc#1156188]
+  + djvulibre-CVE-2019-18804.patch
+
 -------------------------------------------------------------------
 Fri Oct 18 08:33:20 UTC 2019 - pgajdos@suse.com
 
diff --git a/djvulibre.spec b/djvulibre.spec
index 8abec89..8cc405d 100644
--- a/djvulibre.spec
+++ b/djvulibre.spec
@@ -41,6 +41,8 @@ Patch4:         djvulibre-CVE-2019-15142.patch
 Patch5:         djvulibre-invalid-tiff.patch
 # https://sourceforge.net/p/djvu/bugs/293/
 Patch6:         djvulibre-always-assume-that-cpuid-works-on-x86_64.patch
+# CVE-2019-18804 [bsc#1156188]
+Patch7:         djvulibre-CVE-2019-18804.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  hicolor-icon-theme
@@ -101,6 +103,7 @@ This package contains the documentation.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 %configure \