Notable changes
* buffer: Fixed a bug introduced in v4.1.0 where allocating a new
zero-length buffer can result in the next allocation of a TypedArray
in JavaScript not being zero-filled. In certain circumstances this
could result in data leakage via reuse of memory space in
TypedArrays, breaking the normally safe assumption that TypedArrays
should be always zero-filled. (Trevor Norris) #2931.
* http: Guard against response-splitting of HTTP trailing headers
added via response.addTrailers() by removing new-line ([\r\n])
characters from values. Note that standard header values are already
stripped of new-line characters. The expected security impact is low
because trailing headers are rarely used. (Ben Noordhuis) #2945.
* npm: Upgrade to npm 2.14.4 from 2.14.3, see release notes for full
details (Kat Marchán) #2958
- Upgrades graceful-fs on multiple dependencies to no longer rely on
monkey-patching fs
- Fix npm link for pre-release / RC builds of Node
* v8: Update post-mortem metadata to allow post-mortem debugging tools
to find and inspect:
- JavaScript objects that use dictionary properties
(Julien Gilli) #2959
- ScopeInfo and thus closures (Julien Gilli) #2974
PR-URL: https://github.com/nodejs/node/pull/2995
The `events` module already exports `EventEmitter` constructor function
So, we don't have to use `events.EventEmitter` to access it.
Refer: https://github.com/nodejs/node/pull/2896
PR-URL: https://github.com/nodejs/node/pull/2921
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
The `events` module already exports `EventEmitter` constructor function
So, we don't have to use `events.EventEmitter` to access it.
Refer: https://github.com/nodejs/node/pull/2896
PR-URL: https://github.com/nodejs/node/pull/2921
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Logic for calling the passed in socket method and/or callback
was duplicated. This commit refactors the relevant code to
remove the redundancy.
PR-URL: https://github.com/nodejs/node/pull/2769
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
The actual problem was with the line parsing logic for string literals.
When we use backslash in the string literals, it used to remember the
`\` as the previous character even after we parsed the character next
to it. This leads to REPL thinking that the end of string literals is
not reached.
This patch replaces the previous character with `null`, so that it will
properly skip the character next to it.
Previous Discussion: https://github.com/nodejs/node/pull/2952
Fixes: https://github.com/nodejs/node/issues/2749
PR-URL: https://github.com/nodejs/node/pull/2968
Reviewed-By: Roman Reiss <me@silverwind.io>
Backport 357e6b99ee3927cc075dd8d27c99b89d858f9dd5 from V8's upstream.
Original commit message:
Add ScopeInfo constants to post-mortem metadata
mdb_v8, a post-mortem debugging tool for Node.js, allows users to
inspect ScopeInfo structures in order to get more information about
closures.
Currently, it hardcodes the metadata it uses to find this information.
This change allows it to get this metadata from the node binary itself,
and thus to adapt to future changes made to the layout of the ScopeInfo
data structure.
BUG=
R=bmeurer@chromium.org
PR: #2974
PR-URL: https://github.com/nodejs/node/pull/2974
Reviewed-By: Rod Vagg <r@va.gg>
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
v8::HandleScope does not seem to be required for addon functions.
PR-URL: https://github.com/nodejs/node/pull/2983
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Detect mipsel before mips because mipsel has __mips__ flag as well.
PR-URL: https://github.com/nodejs/node/pull/2971
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
This patch includes tests for sync versions of mkdir and rmdir.
Also, it moves the test to `parallel`.
PR-URL: https://github.com/nodejs/node/pull/2588
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Original commit message:
Update BitField3 type in gen-postmortem-metadata.py
Since https://codereview.chromium.org/272163002, BitField3 is a raw
uint32 field, and not a SMI anymore.
Update tools/gen-postmortem-metadata.py so that post-mortem tools can
work with versions of V8 that shipped after that change.
This change was merged in github.com/joyent/node right before node
v0.12.0 was released.
R=danno@chromium.org
TEST=mdb_v8, a post-mortem debugging tool running on SmartOS, has been
using this change since Node.js v0.12.0 was released
BUG=
Review URL: https://codereview.chromium.org/1296743003
Cr-Commit-Position: refs/heads/master@{#30839}
PR: #2959
PR-URL: https://github.com/nodejs/node/pull/2959
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Rod Vagg <r@va.gg>
This patch
- makes the test use tmp directory instead of the fixtures directory,
- simplifies the code
- moves the test to `parallel`.
PR-URL: https://github.com/nodejs/node/pull/2587
Reviewed-By: Rich Trott <rtrott@gmail.com>
`freeParser` deallocates `Parser` instances early if they do not fit
into the free list. This does not play well with recent socket
consumption change, because it will try to deallocate the parser while
executing on its stack.
Regression was introduced in: 1bc4468
Fix: https://github.com/nodejs/node/issues/2928
PR-URL: https://github.com/nodejs/node/pull/2956
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
This fixes a few typographical errors (comma splices and the like) and
clarifies the description of assert.ifError(). It also standardizes the
document on "inequality" rather than having both "inequality" and "non-
equality".
PR-URL: https://github.com/nodejs/node/pull/2941
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Commit 3c293ba ("http: protect against response splitting attacks")
filters out newline characters from HTTP headers but forgot to apply
the same logic to trailing HTTP headers, i.e., headers that come after
the response body. This commit rectifies that.
The expected security impact is low because approximately no one uses
trailing headers. Some HTTP clients can't even parse them.
PR-URL: https://github.com/nodejs/node/pull/2945
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Rod Vagg <r@va.gg>
The test verified the output of http.OutgoingMessage#writeHead() but
not http.OutgoingMessage#setHeader(). Also check the response body.
PR-URL: https://github.com/nodejs/node/pull/2945
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Rod Vagg <r@va.gg>
Adding a Windows test to verify that a node process spawned via
cmd with named pipes can access its stdio streams.
Ref: https://github.com/nodejs/node-v0.x-archive/issues/7345
PR-URL: https://github.com/nodejs/node/pull/2770
Reviewed-By: cjihrig - Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: thefourtheye - Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: evanlucas - Evan Lucas <evanlucas@me.com>
Instantiating a Buffer of length zero would set the kNoZeroFill flag to
true but never actually call ArrayBuffer::Allocator(). Which means the
flag was never set back to false. The result was that the next
allocation would unconditionally not be zero filled.
Add test to ensure Uint8Array's are zero-filled after creating a Buffer
of length zero. This test may falsely succeed, but will not falsely fail.
Fix: https://github.com/nodejs/node/issues/2930
PR-URL: https://github.com/nodejs/node/pull/2931
Reviewed-By: Rod Vagg <rod@vagg.org>
Currently there are three separate tick processor scripts for
mac, windows, and linux. These have been replaced with a single
node.js script to improve maintainability and remove the need
to preserve parallel logic in these separate places.
PR-URL: https://github.com/nodejs/node/pull/2868
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Add corrections about when exit event fires and how .kill() works on
Windows.
PR-URL: https://github.com/nodejs/node/pull/2918
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Fix regression introduced in 0af4c9ea74
that ignores the --abort-on-uncaught-exception flag. Prior to that
commit, the flag was passed through to v8. After that commit, the
process just calls exit(1).
PR-URL: https://github.com/nodejs/node/pull/2776
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Windows 8+ compiled in Release mode exits with code 0xC0000409 when
abort() is called. This prevents us from being able to reliably verify
an abort exit code (3) on windows.
PR-URL: https://github.com/nodejs/node/pull/2776
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Fix a build error that occurs when icutrim is run to cut down
the ICU locale set on Big-Endian platforms when building with
--with-intl=small-icu (which is done by the "make binary" target).
This fixes the binary build on POWER platforms.
Fixes: https://github.com/nodejs/node/issues/2601
PR-URL: https://github.com/nodejs/node/pull/2602
Reviewed-By: Steven Loomis <srloomis@us.ibm.com>
Port f3f4e28216
to master, updating to guard changes for AIX as requested
PR-URL: https://github.com/nodejs/node/pull/2891
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
On AIX you can not remove a directory that you are currently inside of
as it results in an EBUSY error. "EBUSY: resource busy or locked".
Updated the tests accordingly so that they are skipped on AIX.
PR-URL: https://github.com/nodejs/node/pull/2909
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Original commit message:
[es6] Bound function name
Instead of updating the SharedFuntionInfo set the name property on
the function directly.
BUG=v8:4278
LOG=N
R=verwaest@chromium.org, littledan@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1227523003
Cr-Commit-Position: refs/heads/master@{#29558}
Fixes: https://github.com/nodejs/node/issues/2754
PR-URL: https://github.com/nodejs/node/pull/2916
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
As `raw` and `raws` encodings are deprecated for such a long time, and
they both are undocumented, this patch removes the support for those
encodings completely.
Previous discussion: https://github.com/nodejs/node/pull/2829
PR-URL: https://github.com/nodejs/node/pull/2859
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This patch
- makes chdir test to use the tmp directory
- moves the test to parallel
- renames the file to test-process-chdir as chdir is in process module
PR-URL: https://github.com/nodejs/node/pull/2589
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This change:
* notes that the exit event is not guaranteed to fire
* provides an example situation where the exit event may not fire
* makes a minor copyediting change
* enforces 80 character wrap in one place where it was not honored
Fixes: https://github.com/nodejs/node/issues/2853
PR-URL: https://github.com/nodejs/node/pull/2861
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Now that Buffers instantiate the Uint8Array in JS the error message has
changed in case the allocation fails due to OOM. Tests have been updated
to match.
PR-URL: https://github.com/nodejs/node/pull/2915
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
The env_ field in ArrayBufferAllocator needs to be null'd out since it
is used during initialization and checked prior to properly being set by
set_env().
Fixes: 74178a5 "buffer: construct Uint8Array in JS"
PR-URL: https://github.com/nodejs/node/pull/2913
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Most calls to ref() and unref() are chainable, timers should be
chainable, too.
Typical use:
var to = setTimeout(ontimeout, 123).unref();
PR-URL: https://github.com/nodejs/node/pull/2905
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trevnorris@nodejs.org>
By default v8 allocates typed arrays <= 64 bytes inside the v8 heap. In
these cases the memory pointer returned by Buffer::Data() can change
while the memory is being operated on. Resolve by passing a flag that
forces all typed arrays outside the v8 heap.
Fixes: 74178a5 "buffer: construct Uint8Array in JS"
PR-URL: https://github.com/nodejs/node/pull/2893
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Overall construction time of Typed Arrays is faster in JS, but the
problem with using it normally is zero-fill of memory. Get around this
by using a flag in the ArrayBuffer::Allocator to trigger when memory
should or shouldn't be zero-filled.
Remove Buffer::Create() as it is no longer called.
The creation of the Uint8Array() was done at each callsite because at
the time of this patch there was a performance penalty for centralizing
the call in a single function.
PR-URL: https://github.com/nodejs/node/pull/2866
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Refactor out the if/else statement checking for option.host.
Add whitespace to make concatenation chunks more readable and
consistent with the https version of Agent.getName().
PR-URL: https://github.com/nodejs/node/pull/2825
Reviewed-By: Julian Duque <julianduquej@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Following the IBM+StrongLoop announcement last week, we
(@piscisaureus, @bnoordhuis, @srl295, @mhdawson, and myself)
want to take a moment to reiterate our personal commitment
to Node.js and the Foundation.
Per the TSC rules, any one company is limited to no more than
1/4 of the voting seats on the TSC and after talking it over
amongst ourselves, @srl295 and @mhdawson have elected to step
back from the TSC for now.
What I would propose is that they continue to participate in the
weekly TSC meetings as observers; and that once the membership
expands, they be considered once again for full TSC status.
Both Steven and Michael will continue to be actively involved
with Node.js. Both are active members of various Working Groups.
(Michael chairs the Benchmarking workgroup and Steven chairs the
Intl workgroup.)
/cc @nodejs/tsc
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Alexis Campailla <orangemocha@nodejs.org>
Reviewed-By: Rod Vagg <r@va.gg>
Reviewed-By: Trevor Norris <trevnorris@nodejs.org>
PR-URL: https://github.com/nodejs/node/pull/2858
These are the core changes that allow AIX to compile. There
are still some test failures as there are some patches needed for
libuv and npm that we'll need to contribute through those
communities but this set allows node to be built on AIX and
pass most of the core tests
The change in js2c is because AIX does not support $ in
identifier names. See the discussion/agreement in
https://github.com/nodejs/node/issues/2272
PR-URL: https://github.com/nodejs/node/pull/2364
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Reviewed-By: Rod Vagg <r@va.gg>
In Python, the default values of parameters are evaluated only once
during their declaration. So, whenever the default parameter is used
the same object will be used. Since we use a list, which is a mutable
object, this could lead to unexpected results.
PR-URL: https://github.com/nodejs/node/pull/2553
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>