From d5a80804c66400edaa78db9c65dd175c962a7fd5 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Apr 02 2020 07:24:01 +0000
Subject: import nodejs-12.16.1-2.module+el8.1.0+6117+b25a342c


---

diff --git a/SOURCES/0004-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch b/SOURCES/0004-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
new file mode 100644
index 0000000..8f86a30
--- /dev/null
+++ b/SOURCES/0004-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
@@ -0,0 +1,17 @@
+diff --git a/deps/icu-small/source/common/unistr.cpp b/deps/icu-small/source/common/unistr.cpp
+index eeb0c3a..1c59de9 100644
+--- a/deps/icu-small/source/common/unistr.cpp
++++ b/deps/icu-small/source/common/unistr.cpp
+@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
+   }
+
+   int32_t oldLength = length();
+-  int32_t newLength = oldLength + srcLength;
++  int32_t newLength;
++  if (uprv_add32_overflow(oldLength, srcLength, &newLength)) {
++    setToBogus();
++    return *this;
++  }
+
+   // Check for append onto ourself
+   const UChar* oldArray = getArrayStart();
diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec
index d052f29..d33e00f 100644
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@@ -29,7 +29,7 @@
 %global nodejs_soversion 72
 %endif
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
-%global nodejs_release 1
+%global nodejs_release 2
 
 # == Bundled Dependency Versions ==
 # v8 - from deps/v8/include/v8-version.h
@@ -152,6 +152,8 @@ Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
 Patch3: 0003-Install-both-binaries-and-use-libdir.patch
 %endif
 
+Patch4: 0004-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch
+
 BuildRequires: python2-devel
 BuildRequires: python3-devel
 BuildRequires: zlib-devel
@@ -359,6 +361,8 @@ rm -rf deps/zlib
 %patch3 -p1
 %endif
 
+%patch4 -p1
+
 # Replace any instances of unversioned python' with python2
 pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
 find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \;
@@ -384,12 +388,12 @@ export CXX='g++'
 # build with debugging symbols and add defines from libuv (#892601)
 # Node's v8 breaks with GCC 6 because of incorrect usage of methods on
 # NULL objects. We need to pass -fno-delete-null-pointer-checks
-export CFLAGS='%{optflags} \
+export CFLAGS='%{optflags} -g \
                -D_LARGEFILE_SOURCE \
                -D_FILE_OFFSET_BITS=64 \
                -DZLIB_CONST \
                -fno-delete-null-pointer-checks'
-export CXXFLAGS='%{optflags} \
+export CXXFLAGS='%{optflags} -g \
                  -D_LARGEFILE_SOURCE \
                  -D_FILE_OFFSET_BITS=64 \
                  -DZLIB_CONST \
@@ -739,6 +743,9 @@ end
 
 
 %changelog
+* Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
+- Fix CVE-2020-10531
+
 * Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
 - Resolves: RHBZ#1800393, RHBZ#1800394, RHBZ#1800380
 - Rebase to 12.16.1