2 files changed, 47 insertions, 3 deletions
diff --git a/user/djvulibre/APKBUILD b/user/djvulibre/APKBUILD
index 2b4a3ed0e..fa2ce6059 100644
--- a/user/djvulibre/APKBUILD
+++ b/user/djvulibre/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=djvulibre
 pkgver=3.5.27
-pkgrel=1
+pkgrel=2
 pkgdesc="Format for distributing documents and images"
 url="http://djvu.sourceforge.net/"
 arch="all"
@@ -15,7 +15,9 @@ source="https://downloads.sourceforge.net/djvu/djvulibre-$pkgver.tar.gz
 	CVE-2019-15142.patch
 	CVE-2019-15143.patch
 	CVE-2019-15144.patch
-	CVE-2019-15145.patch"
+	CVE-2019-15145.patch
+	CVE-2019-18804.patch
+	"
 
 # secfixes:
 #   3.5.27-r1:
@@ -23,6 +25,8 @@ source="https://downloads.sourceforge.net/djvu/djvulibre-$pkgver.tar.gz
 #     - CVE-2019-15143
 #     - CVE-2019-15144
 #     - CVE-2019-15145
+#   3.5.27-r2:
+#     - CVE-2019-18804
 
 build() {
 	./configure \
@@ -48,4 +52,5 @@ sha512sums="62abcaa2fe7edab536477929ba38b882453dab1a06e119a3f838b38d5c61f5d8c252
 d9e4301fb98a35b8c2f1854eb4be53611f98b3fc9fdd357dd5502b5b189bdf61957a48b220f3ab7465bbf1df8606ce04513e10df74643a9e289c349f94721561  CVE-2019-15142.patch
 3527e1c84f7c7d36f902cb3d7e9ddb6866acbdd4b47675ce3ffd164accf2e2931a4c6bbaae2ea775b4710d88ae34dd4dcd39a5846fce13bef2c82a99d608b8c1  CVE-2019-15143.patch
 f8f1abf328a97d69514b2626e4c6449c0c7b7e2b5518d56bba6a61a944aaf4b7fffd1371c26396353728f6a1399c6d87492af5c17e6b623dae7751b81eac11f9  CVE-2019-15144.patch
-790ef1e05874635c762600c990ecbd3e29e2eb01c59e25a0f8b2a15dbadbd3673d9dbb651d9dcb53fd3e5f4cb6bded47c3eefaaef8b4ccac39bd28f8bbec2068  CVE-2019-15145.patch"
+790ef1e05874635c762600c990ecbd3e29e2eb01c59e25a0f8b2a15dbadbd3673d9dbb651d9dcb53fd3e5f4cb6bded47c3eefaaef8b4ccac39bd28f8bbec2068  CVE-2019-15145.patch
+e5d6cd98f208db49880c6237f7cd8ab097d02f9771936c04a5acc48d9d18876d5cf48bcc61b14f1affc501ee63e8d6337fa83af259485ef35d4faa5086f06d10  CVE-2019-18804.patch"
diff --git a/user/djvulibre/CVE-2019-18804.patch b/user/djvulibre/CVE-2019-18804.patch
new file mode 100644
index 000000000..7c66c3989
--- /dev/null
+++ b/user/djvulibre/CVE-2019-18804.patch
@@ -0,0 +1,39 @@
+From c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 Mon Sep 17 00:00:00 2001
+From: Leon Bottou <leon@bottou.org>
+Date: Thu, 17 Oct 2019 22:20:31 -0400
+Subject: [PATCH] Fixed bug 309
+
+---
+ libdjvu/IW44EncodeCodec.cpp | 2 +-
+ tools/ddjvu.cpp             | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp
+index 00752a0..f81eaeb 100644
+--- a/libdjvu/IW44EncodeCodec.cpp
++++ b/libdjvu/IW44EncodeCodec.cpp
+@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale)
+   int y = 0;
+   int s = scale*rowsize;
+   int s3 = s+s+s;
+-  h = ((h-1)/scale)+1;
++  h = (h>0) ? ((h-1)/scale)+1 : 0;
+   y += 1;
+   p += s;
+   while (y-3 < h)
+diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp
+index 6d0df3b..7109952 100644
+--- a/tools/ddjvu.cpp
++++ b/tools/ddjvu.cpp
+@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno)
+       prect.h = (ih * 100) / dpi;
+     }
+   /* Process aspect ratio */
+-  if (flag_aspect <= 0)
++  if (flag_aspect <= 0 && iw>0 && ih>0)
+     {
+       double dw = (double)iw / prect.w;
+       double dh = (double)ih / prect.h;
+-- 
+2.20.1
+