Use a stronger criterion to identify objects in the prototype chain that store
pointers to native data that were added by previous calls to `napi_wrap()`.
Whereas the old criterion for identifying `napi_wrap()`-injected prototype
chain objects was to consider an object with an internal field
count of 1 to be such an object, the new criterion is to consider an object
with an internal field count of 2 such that the second field holds a
`v8::External` which itself contains a pointer to a global static string unique
to N-API to be a `napi_wrap()`-injected prototype chain object.
This greatly reduces the possibility of returning a pointer that was not
previously added with `napi_wrap()`, and it allows us to recognize that an
object has already undergone `napi_wrap()` and we can thus prevent a chain of
wrappers only the first of which is accessible from appearing in the prototype
chain, as would be the result of multiple calls to `napi_wrap()` using the same
object.
PR-URL: https://github.com/nodejs/node/pull/13872
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
Notable changes
* **build**:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
(Ali Ijaz Sheikh)
* **deps**:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks that
there is enough data for the required elements of an NAPTR record (2
int16, 3 bytes for string lengths) before processing a record. (David
Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/91
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
* **build**:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
(Ali Ijaz Sheikh)
* **deps**:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks that
there is enough data for the required elements of an NAPTR record (2
int16, 3 bytes for string lengths) before processing a record. (David
Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/92
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
Notable Changes:
* build:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node
up to collision attacks which could result in a Denial of Service.
We have temporarily disabled snapshots until a more robust solution
is found (Ali Ijaz Sheikh)
* deps:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks
that there is enough data for the required elements of an NAPTR
record (2 int16, 3 bytes for string lengths) before processing a
record. (David Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/89
This is a security release. All Node.js users should consult the
security release summary at:
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
for details on patched vulnerabilities.
Notable Changes:
* build:
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node
up to collision attacks which could result in a Denial of Service.
We have temporarily disabled snapshots until a more robust solution
is found (Ali Ijaz Sheikh)
* deps:
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(),
which is used for parsing NAPTR responses, could be triggered to
read memory outside of the given input buffer if the passed in DNS
response packet was crafted in a particular way. This patch checks
that there is enough data for the required elements of an NAPTR
record (2 int16, 3 bytes for string lengths) before processing a
record. (David Drysdale)
PR-URL: https://github.com/nodejs/node-private/pull/90
If allowHalfOpen is set to false, the stream will automatically end the
writable side when the readable side ends, but not the other way around.
PR-URL: https://github.com/nodejs/node/pull/14127
Fixes: https://github.com/nodejs/node/issues/4044
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
V8 options allow either '_' or '-' to be used in options as a seperator,
such as "--abort-on_uncaught-exception". Allow these case variations
when used with NODE_OPTIONS.
PR-URL: https://github.com/nodejs/node/pull/14093
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
If the first parameter of `request.end` `data` is specified, it should
be equivalent to calling `request.write(data, encoding)` (not
`response.write(data, encoding)`) followed by `request.end(callback)`.
This mistake was introduced in commit
14b3aab7d289a568e4a9efa6cd07a6ced370e318:
date: 28 November 2015 at 7:30:32 AM GMT+8
author: jpersson <jonathan.persson@creuna.se>
committer: James M Snell <jasnell@gmail.com>
summary: doc: add links and backticks around names
PR-URL: https://github.com/nodejs/node/pull/14126
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: David Cai <davidcai1993@yahoo.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Its important for post-mortem diagnostics and should be more prominently
documented.
PR-URL: https://github.com/nodejs/node/pull/13931
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Julien Gilli <jgilli@nodejs.org>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Allow --abort-on-uncaught-exception in NODE_OPTIONS, its useful to
enable for post-mortem debugging.
PR-URL: https://github.com/nodejs/node/pull/13932
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* Remove pinning of eslint-plugin-markdown
An issue affecting Node.js source has been fixed in
eslint-plugin-markdown so we don't need to pin it to beta-4 anymore.
Refs: https://github.com/eslint/eslint-plugin-markdown/issues/69
* Update eslint-plugin-markdown up to 1.0.0-beta.7
* Fix docs for eslint-plugin-markdown@1.0.0-beta.7
PR-URL: https://github.com/nodejs/node/pull/14047
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Add clarification to the documentation on util.format()
and console.log() regarding how excessive arguments are treated
when the first argument is a non-format string
compared to when it is not a string at all.
PR-URL: https://github.com/nodejs/node/pull/14027
Fixes: https://github.com/nodejs/node/issues/13908
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
doc/api/cluster.md
L337: Use the definition link
doc/api/deprecations.md
L106: Fix the definition link name
doc/api/errors.md
L901: Remove unused definition
PR-URL: https://github.com/nodejs/node/pull/13970
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: David Cai <davidcai1993@yahoo.com>
PR-URL: https://github.com/nodejs/node/pull/13811
Reviewed-By: Jackson Tian <shyvo1987@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13974
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13733
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Use stricter ESLint indent checking for sample code in docs.
PR-URL: https://github.com/nodejs/node/pull/13950
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
In preparation for stricter ESLint indentation checking, fix a few
issues in sample code.
PR-URL: https://github.com/nodejs/node/pull/13950
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Using objectMode with stream_wrap has not worked properly
before and would end in an error.
Therefore prohibit the usage of objectMode alltogether.
This also improves the handling performance due to the
cheaper chunk check and by using explicit statements as they
produce better code from the compiler.
PR-URL: https://github.com/nodejs/node/pull/13863
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13972
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13659
Fixes: https://github.com/nodejs/node/issues/12609
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> i
PR-URL: https://github.com/nodejs/node/pull/13952
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Document the lifetime of the structure returned
by napi_get_last_error_info
PR-URL: https://github.com/nodejs/node/pull/13939
Fixes: https://github.com/nodejs/abi-stable-node/issues/251
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Hitesh Kanwathirtha <digitalinfinity@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13857
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
The docs implied that the parameters `from` and `to` are invalid only
if neither of them is a string; in fact, they are invalid as soon as one
of them is not a string.
PR-URL: https://github.com/nodejs/node/pull/13912
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: David Cai <davidcai1993@yahoo.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13930
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
* also update STYLE_GUIDE comment about Em dashes
PR-URL: https://github.com/nodejs/node/pull/13749
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
This commit aims to improve the documentation examples that send
sockets over IPC channels. Specifically, pauseOnConnect is added
to a server that inspects the socket before sending and a
'message' handler adds a check that the socket still exists.
PR-URL: https://github.com/nodejs/node/pull/13196
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
This seems to have been removed inadvertently by
330c8d743e in PR 12925.
PR-URL: https://github.com/nodejs/node/pull/13838
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13820
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: David Cai <davidcai1993@yahoo.com>
Mention that the staging branch should be rebased on top of the release
branch after merging a release proposal.
PR-URL: https://github.com/nodejs/node/pull/13742
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
allow `dns.setServers` parameter to contain port
e.g.
```
dns.setServers([ '103.238.225.181:666' ]);
```
And `dns.getServers` will return IP with port if not the default port.
PR-URL: https://github.com/nodejs/node/pull/13723
Refs: https://github.com/nodejs/node/issues/7903
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>