commit djvulibre for openSUSE:Factory

Sun, 10 Nov 2019 13:24:03 -0800 

Hello community,

here is the log from the commit of package djvulibre for openSUSE:Factory 
checked in at 2019-11-10 22:23:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/djvulibre (Old)
 and      /work/SRC/openSUSE:Factory/.djvulibre.new.2990 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "djvulibre"

Sun Nov 10 22:23:37 2019 rev:39 rq:746558 version:3.5.27

Changes:
--------
--- /work/SRC/openSUSE:Factory/djvulibre/djvulibre.changes      2019-10-22 
15:42:45.461532904 +0200
+++ /work/SRC/openSUSE:Factory/.djvulibre.new.2990/djvulibre.changes    
2019-11-10 22:23:39.243999505 +0100
@@ -1,0 +2,8 @@
+Fri Nov  8 11:15:02 UTC 2019 - [email protected]
+
+- security update
+- added patches
+  CVE-2019-18804 [bsc#1156188]
+  + djvulibre-CVE-2019-18804.patch
+
+-------------------------------------------------------------------

New:
----
  djvulibre-CVE-2019-18804.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ djvulibre.spec ++++++
--- /var/tmp/diff_new_pack.L7K6cC/_old  2019-11-10 22:23:40.848001716 +0100
+++ /var/tmp/diff_new_pack.L7K6cC/_new  2019-11-10 22:23:40.852001722 +0100
@@ -41,6 +41,8 @@
 Patch5:         djvulibre-invalid-tiff.patch
 # https://sourceforge.net/p/djvu/bugs/293/
 Patch6:         djvulibre-always-assume-that-cpuid-works-on-x86_64.patch
+# CVE-2019-18804 [bsc#1156188]
+Patch7:         djvulibre-CVE-2019-18804.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  hicolor-icon-theme
@@ -101,6 +103,7 @@
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 %configure \

++++++ djvulibre-CVE-2019-18804.patch ++++++
--- a/libdjvu/IW44EncodeCodec.cpp       
+++ a/libdjvu/IW44EncodeCodec.cpp       
@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale)
   int y = 0;
   int s = scale*rowsize;
   int s3 = s+s+s;
-  h = ((h-1)/scale)+1;
+  h = (h>0) ? ((h-1)/scale)+1 : 0;
   y += 1;
   p += s;
   while (y-3 < h)
--- a/tools/ddjvu.cpp   
+++ a/tools/ddjvu.cpp   
@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno)
       prect.h = (ih * 100) / dpi;
     }
   /* Process aspect ratio */
-  if (flag_aspect <= 0)
+  if (flag_aspect <= 0 && iw>0 && ih>0)
     {
       double dw = (double)iw / prect.w;
       double dh = (double)ih / prect.h;

Reply via email to