From 975b6a3945fcfc2d2d1b044ea5fb1d32f8cda08f Mon Sep 17 00:00:00 2001
From: Jakub Jirutka <jakub@jirutka.cz>
Date: Fri, 7 Feb 2020 15:39:07 +0100
Subject: [PATCH] main/nodejs: security upgrade to 10.19.0

---
 main/nodejs/APKBUILD | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/main/nodejs/APKBUILD b/main/nodejs/APKBUILD
index d025612fd4c7..19e80ed7d529 100644
--- a/main/nodejs/APKBUILD
+++ b/main/nodejs/APKBUILD
@@ -6,6 +6,10 @@
 # Maintainer: Jakub Jirutka <jakub@jirutka.cz>
 #
 # secfixes:
+#   10.19.0-r0:
+#     - CVE-2019-15606
+#     - CVE-2019-15605
+#     - CVE-2019-15604
 #   10.16.3-r0:
 #     - CVE-2019-9511
 #     - CVE-2019-9512
@@ -44,7 +48,7 @@
 pkgname=nodejs
 # Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
 # Odd-numbered versions are supported only for 9 months by upstream.
-pkgver=10.16.3
+pkgver=10.19.0
 pkgrel=0
 pkgdesc="JavaScript runtime built on V8 engine - LTS version"
 url="https://nodejs.org/"
@@ -113,9 +117,17 @@ package() {
 	paxmark -m "$pkgdir"/usr/bin/node
 
 	cp -pr "$pkgdir"/usr/lib/node_modules/npm/man "$pkgdir"/usr/share
-	local d; for d in doc html man; do
+	local d; for d in docs man; do
 		rm -r "$pkgdir"/usr/lib/node_modules/npm/$d
 	done
+
+	# XXX: Workaround for https://github.com/npm/cli/issues/780.
+	(cd "$pkgdir"/usr/share/man/man5 && find * \
+		-type f ! \( -name 'package-json.*' -or -name 'npmrc.*' -or -name 'npm-*' \) \
+		-exec mv {} npm-{} \;)
+	(cd "$pkgdir"/usr/share/man/man7 && find * \
+		-type f ! \( -name 'semver.*' -or -name 'npm-*' \) \
+		-exec mv {} npm-{} \;)
 }
 
 dev() {
@@ -137,6 +149,6 @@ npm() {
 	mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/
 }
 
-sha512sums="c3a95d8810599db8e9a17932c55ff57223cf9e66028e776088420023ab7ba393e9b60518a189fcab46ca2597d213f8a6414abba282a73c9501c294dbc7b041e6  node-v10.16.3.tar.gz
+sha512sums="59f584e27dfd99453a031722ca3e094d658a90e77316a85a7048868fe6a6164b8aef0f03b60cbe681ace273d902434210bf3cd10a638583b74264d8b42bf2565  node-v10.19.0.tar.gz
 9d09a88074bf0093f35c5b610e73ebf4c5381df2a2b29feb69da1af0b18776a683b13f1276375bbcfc60936cc27769539e1f01b4ba94b22cad2d5f4daae14c46  dont-run-gyp-files-for-bundled-deps.patch
 4fd3f10bd82d1e851ed000169c2635c001a4a051283edf96f1efb2260e2d395199dd5843f79f1cff8f2c0c65462c44241c508ea67835dfbd9880d9196fae290a  link-with-libatomic-on-mips32.patch"
-- 
GitLab