* npm: Upgrade to v1.2.11
* http: Do not let Agent hand out destroyed sockets (isaacs)
* http: Raise hangup error on destroyed socket write (isaacs)
* http: protect against response splitting attacks (Bert Belder)
Prior to v0.10, Node ignored ECONNRESET errors in many situations.
There *are* valid cases in which ECONNRESET should be ignored as a
normal part of the TCP dance, but in many others, it's a very relevant
signal that must be heeded with care.
Exacerbating this problem, if the OutgoingMessage does not have a
req.connection._handle, it assumes that it is in the process of
connecting, and thus buffers writes up in an array.
The problem happens when you reuse a socket between two requests, and it
is destroyed abruptly in between them. The writes will be buffered,
because the socket has no handle, but it's not ever going to GET a
handle, because it's not connecting, it's destroyed.
The proper fix is to treat ECONNRESET correctly. However, this is a
behavior/semantics change, and cannot land in a stable branch.
Fix#4775
Running repl.start without the prompt set produces this error:
repl.js:95
throw new Error('An options Object, or a prompt String are required');
^
Error: An options Object, or a prompt String are required
at new REPLServer (repl.js:95:11)
at Object.exports.start (repl.js:321:14)
at Object.<anonymous> (/Users/dan/Dropbox/Documents/dev/nextgen/repl_test.js:5:6)
at Module._compile (module.js:449:26)
at Object.Module._extensions..js (module.js:467:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Module.runMain (module.js:492:10)
at process.startup.processNextTick.process._tickCallback (node.js:244:9)
Expose the file descriptor as a read-only property on the internal
handle objects. Intended for debugging purposes, not part of the API
proper. The property is always null on Windows.
Fixes#4754.
Previously, we were only destroying sockets on end if their readable
side had already been ended. This causes a problem for non-readable
streams, since we don't expect to ever see an 'end' event from those.
Treat the lack of a 'readable' flag the same as if it was an ended
readable stream.
Fix#4751
node 0.9.6 introduced Buffer changes that cause the key argument of
Hmac::HmacInit (used in crypto.createHmac) to be NULL when the key is
empty. This argument is passed to OpenSSL's HMAC_Init, which does not
like NULL keys.
This change works around the issue by passing an empty string to
HMAC_Init when the key is empty, and adds crypto.createHmac tests for
the edge cases of empty keys and values.
This is causing the CryptoStreams to get into an awful state when
there is a tight loop calling connection.write(chunk) waiting for
a false return.
Because CryptoStreams use read(0) to cycle data, this was causing
the encrypted side to pull way too much data in from the cleartext
side, since the read(0) would make it always call _read.
The unfortunate side effect, fixed in the next patch, is that
CryptoStreams don't automatically cycle when the Socket drains.
Let ECONNRESET network errors bubble up so clients can detect them.
Commit c4454d2e suppressed and turned them into regular end-of-stream
events to fix the then-failing simple/test-regress-GH-1531 test. See
also issue #1571 for (scant) details.
It turns out that special handling is no longer necessary. Remove the
special casing and let the error bubble up naturally.
pummel/test-https-ci-reneg-attack and pummel/test-tls-ci-reneg-attack
are updated because they expected an EPIPE error code that is now an
ECONNRESET. Suppression of the ECONNRESET prevented the test from
detecting that the connection has been severed whereupon the next
write would fail with an EPIPE.
Fixes#1776.
Fix an exception that was raised when the WriteStream was closed
immediately after creating it:
TypeError: Cannot read property 'fd' of undefined
at WriteStream.close (fs.js:1537:18)
<snip>
Avoid the TypeError and make sure the file descriptor is closed.
Fixes#4745.
Don't run the 'has function been called?' checks if the test is exiting
with an error because a failed check will mask the real exception.
v0.8 doesn't have the _fatalException machinery in src/node.js and
src/node.cc so it doesn't have this issue.
Convert the Buffer to an ArrayBuffer. The typed_array.buffer property
should be an ArrayBuffer to avoid confusion: a Buffer doesn't have a
byteLength property and more importantly, its slice() method works
subtly different.
That means that before this commit:
var buf = new Buffer(1);
var arr = new Int8Array(buf);
assert.equal(arr.buffer, buf);
assert(arr.buffer instanceof Buffer);
And now:
var buf = new Buffer(1);
var arr = new Int8Array(buf);
assert.notEqual(arr.buffer, buf);
assert(arr.buffer instanceof ArrayBuffer);
Noteworthy installer improvements provided here:
* Support in the Installer UI for not installing shortcuts.
* Support in the Installer UI for choosing a custom install directory.
* Command line support for not installing shortcuts (ADDDEFAULT=nodejs)
* Command line support for custom install directory (INSTALLDIR=c:\tools\node)
http.ServerRequest and http.ClientResponse are merged into http.IncomingMessage
which has fields for both, and acts as a Readable Stream and EventEmitter.
Fixes#3851.
isaacs
Ben Noordhuis
Dan Kohn
Fedor Indutny
Victor Costan
Nathan Rajlich
Scott Blomquist
Jim Schubert
Nikhil Marathe
Bert Belder