This is a security release of the 'Boron' release line to upgrade
OpenSSL to version 1.0.2k
Although the OpenSSL team have determined a maximum severity rating
of "moderate", the Node.js crypto team (Ben Noordhuis, Shigeki Ohtsu
and Fedor Indutny) have determined the impact to Node users is "low".
Details on this determination can be found on the Nodejs.org website
https://nodejs.org/en/blog/vulnerability/openssl-january-2017/
Notable Changes:
* deps:
- upgrade openssl sources to 1.0.2k (Shigeki Ohtsu)
https://github.com/nodejs/node/pull/11021
PR-URL: https://github.com/nodejs/node/pull/11083
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs
PR-URL: https://github.com/nodejs/node/pull/11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.
Fixes: https://github.com/nodejs/io.js/issues/1461
PR-URL: https://github.com/nodejs/io.js/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
PR-URL: https://github.com/nodejs/node/pull/11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This replaces all sources of openssl-1.0.2k.tar.gz into
deps/openssl/openssl
PR-URL: https://github.com/nodejs/node/pull/11021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This is a special release that contains 0 commits. While promoting
additional platforms for v4.7.1 after the release, the tarballs on the
release server were overwritten and now have different shasums. In
order to remove any ambiguity around the release we have opted to do a
semver patch release with no changes.
* More precise length assertion.
* Fix incorrect use of string instead of RegExp in `throws` assertions.
* Add missing RegExp to `throws` assertions.
PR-URL: https://github.com/nodejs/node/pull/9811
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
* var -> const.
* Group and sort imports.
* Correctly align function arguments.
* Fix incorrect use of string instead of RegExp in `throws` assertions.
* assert.equal -> assert.strictEqual.
* Verify that callbacks are called with common.mustCall.
PR-URL: https://github.com/nodejs/node/pull/9810
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
* var -> const.
* Group and sort imports.
* Replace use of the deprecated crypto.createCredentials.
* Fix incorrect use of string instead of RegExp in `throws` assertions.
* Clone array with `.slice()` and remove dependency on util.
* assert.notEqual -> assert.notStrictEqual.
* indexOf -> includes.
PR-URL: https://github.com/nodejs/node/pull/9807
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Fix incorrect use of string instead of RegExp in `throws` assertions.
PR-URL: https://github.com/nodejs/node/pull/9809
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
In this change, I've added the regex pattern to the assert.throws()
in order to provide the validation argument for the call.
PR-URL: https://github.com/nodejs/node/pull/9918
Reviewed-By: Teddy Katz <teddy.katz@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Use assert.strictEqual instead of assert.equal.
PR-URL: https://github.com/nodejs/node/pull/9950
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
* var -> const.
* Verify that callbacks are called with common.mustCall.
* Replace usage of deprecated `server.connections`.
* Use common.fail instead of rethrowing errors.
* Remove console.log statements.
* assert.equal -> assert.strictEqual.
* Correct order of arguments in assert.strictEqual.
PR-URL: https://github.com/nodejs/node/pull/9812
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Use port 0 instead of common.PORT.
PR-URL: https://github.com/nodejs/node/pull/9573
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Use port 0 instead of common.PORT, and use server address
instead of localhost to follow writing test guideline.
This is a part of Code And Learn at NodeFest 2016 Challenge in Tokyo.
PR-URL: https://github.com/nodejs/node/pull/9572
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>
The test `debugger/test-debugger-repl-break-in-module` (and probably
others) was failing because the handshake message for debugging is no
longer `listening on port <port>` but is instead `listening on
<address>:<port>`.
This change makes the check less strict so as to hopefully future-proof
it at least a little bit against subsequent changes.
This test failure is not caught in CI because currently debugger tests
are not run in CI.
PR-URL: https://github.com/nodejs/node/pull/9486
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
This commit splits several large event emitter tests into smaller
block scoped tests. This keeps the tests more isolated. This
commit also replaces var with const, assert.equal() with
assert.stictEqual(), and other small enhancements.
PR-URL: https://github.com/nodejs/node/pull/6446
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
For consistency, changed all `Return:` to `Returns:` in the API docs.
PR-URL: https://github.com/nodejs/node/pull/9554
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
The depth benchmark for timers sets a timer that sets a timer that sets
a timer that... 500K of them.
Since each timer has to wait for the next tick of the event loop this
benchmark takes a very long time to run compared to the breadth
test that is already in the file. This may be more of an event loop
benchmark than a timer benchmark.
Reduce the number of iterations for the depth test as it's really just
running the iterations in sequence, not in parallel. And even on an
infinitely fast machine, it would take over 8 minutes to run because
each tick of the event loop would have to wait 1ms before firing the
timer.
Split the depth and breadth benchmarks so that their `N` values can be
set independently.
Do some minor refactoring to the benchmarks (but no ES6 additions so
that the benchmarks can still be run with old versions of Node.js).
Refs: https://github.com/nodejs/node/issues/9493
PR-URL: https://github.com/nodejs/node/pull/9497
Reviewed-By: Andreas Madsen <amwebdk@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
(Patch by David Benjamin.)
Rather than reach into the SSL_SESSION, use the intended API,
SSL_get_servername. This will also help the transition to OpenSSL 1.1.0.
Also don't fill in the tlsTicket field here. This is never read by
oncertcb and was always false anyway; that field is maintained by
clients and tracks whether the server issued a ticket or a session ID.
(Note this is distinct from the copy passed to onclienthello which is
used and is not a no-op.)
PR-URL: https://github.com/nodejs/node/pull/9347
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
There are multiple tests that use the same boilerplate to test that
warnings are correctly emitted. This adds a new common function to do that
and changes the tests to use it.
PR-URL: https://github.com/nodejs/node/pull/8662
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* Add RegExp arguments to throws assertions.
* Use common.mustCall for emitter callback.
PR-URL: https://github.com/nodejs/node/pull/9844
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Display python3-compatible error message for some systems use python3 as
default.
PR-URL: https://github.com/nodejs/node/pull/9657
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Currently, when building the addons the following warning is displayed:
make[2]: warning: jobserver unavailable: using -j1. Add `+' to parent
make rule.
Adding the MAKEFLAGS="-j1" to avoid the warning.
Also updated the log message to say that it is building the addon and
not running the test as I think that is more accurate.
PR-URL: https://github.com/nodejs/node/pull/9450
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
As it is, node-gyp produces a lot of build related verbose messages.
Latest node-gyp upgrade allows us to specify --silent flag to suppress
those messages. Except for CI, addons build will run silently.
PR-URL: https://github.com/nodejs/node/pull/8990
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
As the comments are indented in Makefile, they are actually echoed
on the screen. This patch makes sure that the comments actually start
at the beginning of the line, and so not echoed and ignored.
PR-URL: https://github.com/nodejs/node/pull/9375
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* use `assert.strictEqual`
PR-URL: https://github.com/nodejs/node/pull/9975
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: https://github.com/nodejs/node/pull/10015
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Use const and let instead of var and assert.strictEqual() instead of
assert.equal()
PR-URL: https://github.com/nodejs/node/pull/10105
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
- replaced var with const/let.
- removed all console.log() statements.
- removed deaths and revivals vars.
- wrapped beforexit listener callbacks with
common.mustCall().
- removed exit event listener.
PR-URL: https://github.com/nodejs/node/pull/10121
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>