Dynamic checks that CallbackInfo holds an ArrayBuffer handle can be
converted into compiler enforced checks. Removed unused code, and
other minor cleanup.
PR-URL: https://github.com/nodejs/node/pull/5204
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Proxies support is now complete in V8. The tests needed slight modification to
match the spec implementation.
PR-URL: https://github.com/nodejs/node/pull/4722
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
- An error message changed for undefined references
- `let` is now allowed in sloppy mode
- ES2015 proxies are shipped and the `Proxy` global is now a function
PR-URL: https://github.com/nodejs/node/pull/4722
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Notable changes:
* http_parser: Update to http-parser 1.2 to fix an unintentionally
strict limitation of allowable header characters.
(James M Snell) https://github.com/nodejs/node/pull/5242
* domains:
- Prevent an exit due to an exception being thrown rather than
emitting an 'uncaughtException' event on the `process` object when
no error handler is set on the domain within which an error is
thrown and an 'uncaughtException' event listener is set on
`process`. (Julien Gilli) https://github.com/nodejs/node/pull/3887
- Fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.
(Julien Gilli) https://github.com/nodejs/node/pull/3887
* openssl: Upgrade from 1.0.1r to 1.0.1s
(Ben Noordhuis) https://github.com/nodejs/node/pull/5508
- Fix a double-free defect in parsing malformed DSA keys that may
potentially be used for DoS or memory corruption attacks. It is
likely to be very difficult to use this defect for a practical
attack and is therefore considered low severity for Node.js users.
More info is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0705
- Fix a defect that can cause memory corruption in certain very rare
cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()`
functions. It is believed that Node.js is not invoking the code
paths that use these functions so practical attacks via Node.js
using this defect are _unlikely_ to be possible. More info is
available at
https://www.openssl.org/news/vulnerabilities.html#2016-0797
- Fix a defect that makes the CacheBleed Attack
(https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible.
This defect enables attackers to execute side-channel attacks
leading to the potential recovery of entire RSA private keys. It
only affects the Intel Sandy Bridge (and possibly older)
microarchitecture when using hyper-threading. Newer
microarchitectures, including Haswell, are unaffected. More info
is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0702
- Remove SSLv2 support, the `--enable-ssl2` command line argument
will now produce an error. The DROWN Attack
(https://drownattack.com/) creates a vulnerability where SSLv2 is
enabled by a server, even if a client connection is not using
SSLv2. The SSLv2 protocol is widely considered unacceptably broken
and should not be supported. More information is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0800
PR-URL: https://github.com/nodejs/node/pull/5404
Notable changes:
* http_parser: Update to http-parser 2.3.2 to fix an unintentionally
strict limitation of allowable header characters.
(James M Snell) https://github.com/nodejs/node/pull/5241
* domains:
- Prevent an exit due to an exception being thrown rather than
emitting an 'uncaughtException' event on the `process` object when
no error handler is set on the domain within which an error is
thrown and an 'uncaughtException' event listener is set on
`process`. (Julien Gilli) https://github.com/nodejs/node/pull/3885
- Fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.
(Julien Gilli) https://github.com/nodejs/node/pull/3885
* openssl: Upgrade from 1.0.2f to 1.0.2g
(Ben Noordhuis) https://github.com/nodejs/node/pull/5509
- Fix a double-free defect in parsing malformed DSA keys that may
potentially be used for DoS or memory corruption attacks. It is
likely to be very difficult to use this defect for a practical
attack and is therefore considered low severity for Node.js users.
More info is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0705
- Fix a defect that can cause memory corruption in certain very rare
cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()`
functions. It is believed that Node.js is not invoking the code
paths that use these functions so practical attacks via Node.js
using this defect are _unlikely_ to be possible. More info is
available at
https://www.openssl.org/news/vulnerabilities.html#2016-0797
- Fix a defect that makes the CacheBleed Attack
(https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This
defect enables attackers to execute side-channel attacks leading
to the potential recovery of entire RSA private keys. It only
affects the Intel Sandy Bridge (and possibly older)
microarchitecture when using hyper-threading. Newer
microarchitectures, including Haswell, are unaffected. More info
is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0702
PR-URL: https://github.com/nodejs/node/pull/5403
Rework the doc a bit to tighten it up, including removing the
use of `you`
Fix some line wrapping issues.
PR-URL: https://github.com/nodejs/node/pull/5287
Reviewed-By: Roman Klauke <romaaan.git@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
...
Looping rapidly and making new connections causes problems on pi2.
Instead create a new connection when an old connection has already been
made. Running a stress test of 600 times and they all passed.
Fixes: https://github.com/nodejs/node/issues/5302
PR-URL: https://github.com/nodejs/node/pull/5537
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Alexis Campailla <orangemocha@nodejs.org>
Also fixed a minor color issue with :focus on the title.
PR-URL: https://github.com/nodejs/node/pull/5548
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/5517
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/5517
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Enable `no-extra-parens`. This rule restricts the use of parentheses to
only where they are necessary. It is set to be restricted to report only
function expressions.
PR-URL: https://github.com/nodejs/node/pull/5512
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Notable changes:
* governance: The Core Technical Committee (CTC) added four new members
to help guide Node.js core development: Evan Lucas, Rich Trott, Ali
Ijaz Sheikh and Сковорода Никита Андреевич (Nikita Skovoroda).
* openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis)
https://github.com/nodejs/node/pull/5507
- Fix a double-free defect in parsing malformed DSA keys that may
potentially be used for DoS or memory corruption attacks. It is likely
to be very difficult to use this defect for a practical attack and is
therefore considered low severity for Node.js users. More info is
available at https://www.openssl.org/news/vulnerabilities.html#2016-0705
- Fix a defect that can cause memory corruption in certain very rare
cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()`
functions. It is believed that Node.js is not invoking the code paths
that use these functions so practical attacks via Node.js using this
defect are _unlikely_ to be possible. More info is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0797
- Fix a defect that makes the CacheBleed Attack
(https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This
defect enables attackers to execute side-channel attacks leading to the
potential recovery of entire RSA private keys. It only affects the
Intel Sandy Bridge (and possibly older) microarchitecture when using
hyper-threading. Newer microarchitectures, including Haswell, are
unaffected. More info is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0702
* Fixed several regressions that appeared in v5.7.0:
- path.relative():
- Output is no longer unnecessarily verbose (Brian White)
https://github.com/nodejs/node/pull/5389
- Resolving UNC paths on Windows now works correctly (Owen Smith)
https://github.com/nodejs/node/pull/5456
- Resolving paths with prefixes now works correctly from the root
directory (Owen Smith) https://github.com/nodejs/node/pull/5490
- url: Fixed an off-by-one error with `parse()` (Brian White)
https://github.com/nodejs/node/pull/5394
- dgram: Now correctly handles a default address case when offset and
length are specified (Matteo Collina)
https://github.com/nodejs/node/pull/5407
PR-URL: https://github.com/nodejs/node/pull/5464
This is a security release with only a single commit, an update to openssl due to a recent security advisory. You can read more about the security advisory on the Node.js website https://nodejs.org/en/blog/vulnerability/openssl-march-2016/
* openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) https://github.com/nodejs/node/pull/5507
- Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at CVE-2016-0705 https://www.openssl.org/news/vulnerabilities.html#2016-0705.
- Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at CVE-2016-0797 https://www.openssl.org/news/vulnerabilities.html#2016-0797.
- Fix a defect that makes the _CacheBleed Atta https://ssrg.nicta.com.au/projects/TS/cachebleed/ _ possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at CVE-2016-0702 https://www.openssl.org/news/vulnerabilities.html#2016-0702.
PR-URL: https://github.com/nodejs/node/pull/5526
Do not treat crypto inputs as `binary` strings, convert them to Buffers
using `new Buffer(..., 'utf8')`, or using newly updated StringBytes
APIs.
PR-URL: https://github.com/nodejs/node/pull/5522
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/5472
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
All eslint rules are configured to report as errors. Remove useless
--quiet flag from eslint invocation in Makefile and vcbuild.bat.
PR-URL: https://github.com/nodejs/node/pull/5519
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Array#pop() is known to be faster than Array#shift().
To be exact, it's O(1) vs. O(n). In this case there's no difference
from which side of the "pool" array the object is retrieved,
so .pop() should be preferred.
PR-URL: https://github.com/nodejs/node/pull/2174
Reviewed-By: mscdex - Brian White <mscdex@mscdex.net>
Reviewed-By: jasnell - James M Snell <jasnell@gmail.com>
Reviewed-By: ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
PR-URL: https://github.com/nodejs/node/pull/5410
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Do not try Ubuntu/SUSE/Debian-specific hostnames for IPv6 localhost
unless we are on Linux.
Fixes: https://github.com/nodejs/node/issues/4546
PR-URL: https://github.com/nodejs/node/pull/5471
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Ben Noorhduis <info@bnoordhuis.nl>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Have `make test` run linting tools before tests rather than after. Lint
is likely to find issues quickly. Tests may take a while to run. So do
the linting first.
Refs: https://github.com/nodejs/node/issues/4546#issuecomment-189755007
PR-URL: https://github.com/nodejs/node/pull/5470
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
In order to comply with linting rules used in the rest of the code base,
eliminate redeclared variables. A conservative approach is used so as to
avoid unintentional performance issues (for example, as might be seen in
some situations when using `let` instead of `var`).
PR-URL: https://github.com/nodejs/node/pull/5468
Reviewed-By: Brian White <mscdex@mscdex.net>
Make `HTTPParser` an instance of `AsyncWrap` and make it use
`MakeCallback`. This means that async wrap hooks will be called on
consumed TCP sockets as well as on non-consumed ones.
Additional uses of `AsyncCallbackScope` are necessary to prevent
improper state from progressing that triggers failure in the
test-http-pipeline-flood.js test. Optimally this wouldn't be necessary,
but for the time being it's the most sure way to allow operations to
proceed as they have.
Fix: https://github.com/nodejs/node/issues/4416
PR-URL: https://github.com/nodejs/node/pull/5419
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Change types of all PBKDF2 params to `int` as they are `int` in `evp.h`.
Check that `raw_keylen` fits into `int` before passing it to OpenSSL.
Fix: #5396
PR-URL: https://github.com/nodejs/node/pull/5397
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Ben Noorhduis <info@bnoordhuis.nl>
Reorder slashed protocols so they are grouped by protocol name. This is
done so it doesn't look like we're duplicating protocol names at the
bottom of the list.
PR-URL: https://github.com/nodejs/node/pull/5380
Reviewed-By: Evan Lucas <evanlucas@me.com>
Ali Ijaz Sheikh
Michaël Zasso
Rod Vagg
James M Snell
Trevor Norris
Wyatt Preul
silverwind
Rich Trott
Jeremiah Senkpiel
Craig Akimoto
Myles Borins
Fedor Indutny
ronkorving
firedfox
Anton Khlynovskiy
Ben Noordhuis
Michael Dawson
nettofarah