diff --git a/SOURCES/0004-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch b/SOURCES/0004-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch new file mode 100644 index 0000000..8f86a30 --- /dev/null +++ b/SOURCES/0004-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch @@ -0,0 +1,17 @@ +diff --git a/deps/icu-small/source/common/unistr.cpp b/deps/icu-small/source/common/unistr.cpp +index eeb0c3a..1c59de9 100644 +--- a/deps/icu-small/source/common/unistr.cpp ++++ b/deps/icu-small/source/common/unistr.cpp +@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng + } + + int32_t oldLength = length(); +- int32_t newLength = oldLength + srcLength; ++ int32_t newLength; ++ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) { ++ setToBogus(); ++ return *this; ++ } + + // Check for append onto ourself + const UChar* oldArray = getArrayStart(); diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec index 104a8db..ebac453 100644 --- a/SPECS/nodejs.spec +++ b/SPECS/nodejs.spec @@ -24,7 +24,7 @@ %global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} -%global nodejs_release 1 +%global nodejs_release 2 # == Bundled Dependency Versions == # v8 - from deps/v8/include/v8-version.h @@ -124,6 +124,8 @@ Patch1: 0001-Disable-running-gyp-on-shared-deps.patch # This does bad things on an RPM-managed npm. Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch +Patch4: 0004-ICU-20958-Prevent-SEGV_MAPERR-in-append.patch + BuildRequires: python2-devel BuildRequires: python3-devel BuildRequires: zlib-devel @@ -281,6 +283,8 @@ rm -rf deps/zlib %patch2 -p1 +%patch4 -p1 + # Replace any instances of unversioned python' with python2 pathfix.py -i %{__python2} -pn $(find -type f) find . -type f -exec sed -i "s~/usr\/bin\/env python~/usr/bin/python2~" {} \; @@ -509,6 +513,9 @@ end %changelog +* Wed Mar 18 2020 Zuzana Svetlikova - 1:10.19.0-2 +- Resolves: RHBZ#1811498 + * Mon Feb 10 2020 Jan Staněk - 1:10.19.0-1 - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606