From be8dcd2c36de5df914fa4608e41d70be4b48711a Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Wed, 10 Jun 2020 15:16:55 -0500
Subject: user/node: [CVE] bump to 10.21.0 (#300), unvendor openssl

---
 user/node/APKBUILD | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

(limited to 'user/node')

diff --git a/user/node/APKBUILD b/user/node/APKBUILD
index d60a359af..c74516b71 100644
--- a/user/node/APKBUILD
+++ b/user/node/APKBUILD
@@ -1,15 +1,16 @@
 # Contributor: A. Wilcox <awilfox@adelielinux.org>
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=node
-pkgver=10.19.0
+pkgver=10.21.0
 pkgrel=0
 pkgdesc="JavaScript runtime"
 url="https://nodejs.org/"
 arch="all"
-license="MIT AND ICU AND BSD-3-Clause AND BSD-2-Clause AND ISC AND OpenSSL AND Public-Domain AND Zlib AND Artistic-2.0 AND Apache-2.0 AND CC0-1.0"
+options="net"  # Required in check()
+license="MIT AND ICU AND BSD-3-Clause AND BSD-2-Clause AND ISC AND Public-Domain AND Zlib AND Artistic-2.0 AND Apache-2.0 AND CC0-1.0"
 depends=""
 makedepends="c-ares-dev http-parser-dev icu-dev libexecinfo-dev libuv-dev
-	nghttp2-dev python3 zlib-dev"
+	nghttp2-dev>=1.41 openssl-dev python3 zlib-dev"
 subpackages="$pkgname-dev $pkgname-doc"
 source="https://nodejs.org/download/release/v$pkgver/node-v$pkgver.tar.xz
 	https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tar.xz
@@ -30,11 +31,15 @@ builddir="$srcdir/$pkgname-v$pkgver"
 #     - CVE-2019-9516
 #     - CVE-2019-9517
 #     - CVE-2019-9518
+#   10.21.0-r0:
+#     - CVE-2020-7598
+#     - CVE-2020-8174
 
 unpack() {
 	default_unpack
 	[ -z $SKIP_PYTHON ] || return 0
 
+	# TODO: when bumping to 12.x, python3 should be usable
 	msg "Killing all remaining hope for humanity and building Python 2..."
 	cd "$srcdir/Python-2.7.15"
 	[ -d ../python ] && rm -r ../python
@@ -47,7 +52,6 @@ unpack() {
 
 build() {
 	export PATH="$srcdir/python/bin:$PATH"
-	# We can't use --shared-openssl until 1.1 is available.
 	python ./configure.py \
 		--prefix=/usr \
 		--with-intl=system-icu \
@@ -55,15 +59,24 @@ build() {
 		--shared-http-parser \
 		--shared-libuv \
 		--shared-nghttp2 \
-		--openssl-no-asm \
+		--shared-openssl \
+		--openssl-use-def-ca-store \
 		--shared-zlib
 	# keep DESTDIR set, to avoid a full rebuild in package()
 	make DESTDIR="$pkgdir"
 }
 
 check() {
+	case "$CARCH" in
+	pmmx)
+		# https://bts.adelielinux.org/show_bug.cgi?id=306
+		_skip="parallel/test-http-invalid-te,parallel/test-worker-stdio"
+		;;
+	esac
+
 	export PATH="$srcdir/python/bin:$PATH"
-	make DESTDIR="$pkgdir" test-only
+	make DESTDIR="$pkgdir" test-only \
+		${_skip:+CI_SKIP_TESTS="$_skip"}
 }
 
 package() {
@@ -71,7 +84,7 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="512efc58415ed789938c434af131d76bdd51772cac9f7e380afaa79d83cc9c433a979068fc7272adba6ba6551d195267978e1fc819236926b0d1fd6cf91c5eee  node-v10.19.0.tar.xz
+sha512sums="613d3c1bca79ea5f127dc6793de2b5cfdfa056c01ec092e3b7ee79205894b21ca5ec4a367265122641dd1d360c675cfb36a4f7892894194ddd18abd1b2206544  node-v10.21.0.tar.xz
 27ea43eb45fc68f3d2469d5f07636e10801dee11635a430ec8ec922ed790bb426b072da94df885e4dfa1ea8b7a24f2f56dd92f9b0f51e162330f161216bd6de6  Python-2.7.15.tar.xz
 8f64922d586bce9d82c83042a989739cc55ecc5e015778cdfbda21c257aa50527ddb18740985bcb2068e4a749b71eb8a135d9a8152b374d361589df7f33c9b60  libatomic.patch
 6d37794c7c78ef92ebb845852af780e22dc8c14653b63a8609c21ab6860877b9dffc5cf856a8516b7978ec704f312c0627075c6440ace55d039f95bdc4c85add  ppc32.patch
-- 
cgit v1.2.3-60-g2f50