File CVE-2023-23920.patch of Package nodejs10.28613
commit 97a0443f1369e65cf656a529b2f5433bfd56ad92
Author: RafaelGSS <rafael.nunu@hotmail.com>
Date: Wed Jan 18 17:37:37 2023 -0300
build: build ICU with ICU_NO_USER_DATA_OVERRIDE
CVE-ID: CVE-2023-23920
Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/377
PR-URL: https://github.com/nodejs-private/node-private/pull/374
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1625036
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
diff --git a/configure.py b/configure.py
index 892e1d4202..9a75dbb76d 100755
--- a/configure.py
+++ b/configure.py
@@ -1487,6 +1487,9 @@ def configure_intl(o):
# always set icu_small, node.gyp depends on it being defined.
o['variables']['icu_small'] = b(False)
+ # prevent data override
+ o['defines'] += ['ICU_NO_USER_DATA_OVERRIDE']
+
with_intl = options.with_intl
with_icu_source = options.with_icu_source
have_icu_path = bool(options.with_icu_path)