nodejs-lts: prevent calling setgroups(), setuid(), setgid(

packages/nodejs-lts/build.sh

@@ -2,6 +2,7 @@ TERMUX_PKG_HOMEPAGE=https://nodejs.org/
 TERMUX_PKG_DESCRIPTION="Platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications"
 TERMUX_PKG_LICENSE="MIT"
 TERMUX_PKG_VERSION=10.16.3
+TERMUX_PKG_REVISION=1
 TERMUX_PKG_SRCURL=https://nodejs.org/dist/v${TERMUX_PKG_VERSION}/node-v${TERMUX_PKG_VERSION}.tar.xz
 TERMUX_PKG_SHA256=7bf1123d7415964775b8f81fe6ec6dd5c3c08abb42bb71dfe4409dbeeba26bbd
 # Note that we do not use a shared libuv to avoid an issue with the Android

packages/nodejs-lts/deps-uv-src-unix-process.c.patch

@@ -0,0 +1,31 @@
+diff -uNr node-v12.10.0/deps/uv/src/unix/process.c node-v12.10.0.mod/deps/uv/src/unix/process.c
+--- node-v12.10.0/deps/uv/src/unix/process.c	2019-09-04 18:36:23.000000000 +0300
++++ node-v12.10.0.mod/deps/uv/src/unix/process.c	2019-09-23 01:39:39.069030779 +0300
+@@ -351,27 +351,6 @@
+     _exit(127);
+   }
+ 
+-  if (options->flags & (UV_PROCESS_SETUID | UV_PROCESS_SETGID)) {
+-    /* When dropping privileges from root, the `setgroups` call will
+-     * remove any extraneous groups. If we don't call this, then
+-     * even though our uid has dropped, we may still have groups
+-     * that enable us to do super-user things. This will fail if we
+-     * aren't root, so don't bother checking the return value, this
+-     * is just done as an optimistic privilege dropping function.
+-     */
+-    SAVE_ERRNO(setgroups(0, NULL));
+-  }
+-
+-  if ((options->flags & UV_PROCESS_SETGID) && setgid(options->gid)) {
+-    uv__write_int(error_fd, UV__ERR(errno));
+-    _exit(127);
+-  }
+-
+-  if ((options->flags & UV_PROCESS_SETUID) && setuid(options->uid)) {
+-    uv__write_int(error_fd, UV__ERR(errno));
+-    _exit(127);
+-  }
+-
+   if (options->env != NULL) {
+     environ = options->env;
+   }