PURIFY makes OpenSSL zero out some buffers. It also stops RAND_bytes()
from using the existing contents of the destination buffer as a source
of entropy, which according to some papers, is a possible attack vector
for reducing the overall entropy.
PR-URL: https://github.com/nodejs/node/pull/6582
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
SSL compression was first disabled at runtime in March 2011 in commit
e83c6959 ("Disable compression with OpenSSL.") for performance reasons
and was later shown to be vulnerable to information leakage (CRIME.)
Let's stop compiling it in altogether.
This commit removes a broken CHECK from src/node_crypto.cc; broken
because sk_SSL_COMP_num() returns -1 for a NULL stack, not 0. As a
result, node.js would abort when linked to an OPENSSL_NO_COMP build
of openssl.
PR-URL: https://github.com/nodejs/node/pull/6582
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-4.8.4. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs.
Fixes: https://github.com/nodejs/node/issues/6458
PR-URL: https://github.com/nodejs/node/pull/6550
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.
Fixes: https://github.com/nodejs/io.js/issues/1461
PR-URL: https://github.com/nodejs/io.js/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
Fixes: https://github.com/nodejs/node/issues/6458
PR-URL: https://github.com/nodejs/node/pull/6550
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Pick up the latest bug fix from the V8 5.0 branch.
Original commit message:
V8-Commit: https://github.com/v8/v8/commit/c1d51c7c
Version 5.0.71.35 (cherry-pick)
Merged 2837cb387
disallow left-trim fast path when sampling heap profiler is active
R=hablich@chromium.org, hpayer@chromium.org
BUG=v8:4937
Review URL: https://codereview.chromium.org/1918453002 .
PR-URL: https://github.com/nodejs/node/pull/6372
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
The next major release will make it a fatal error to use non-primitive
values in function templates and object templates.
Print a warning that includes the C and JS stack trace to tell people to
upgrade their add-ons. The C stack trace is only printed on platforms
that support it (the BSDs, OS X and Linux+glibc.)
The warning can be disabled with the new `--nowarn_template_set` flag.
Refs: https://github.com/nodejs/node/issues/6216
PR-URL: https://github.com/nodejs/node/pull/6277
Reviewed-By: James M Snell <jasnell@gmail.com>
Many places in cares library, when the stream data arrives
from the network with respect to dns and reverse dns
resolution, they are populated into data structures created
dymaically based on the size of the data. Malloc is heavily
used for such cases.
Often, based on the data length, malloc(0) is invoked. Linux
behavior on zero byte allocation is to return a valid pointer
where in AIX, it always return NULL.
This manifestst as test failure of test/internet/test-dns.js
Solution is to build cares with Linux compatible malloc behavior
PR-URL: https://github.com/nodejs/node/pull/6305
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-by: Michael Dawson <michael_dawson@ca.ibm.com>
There were 2 issues which either the v8 team was reluctant to
backport the fix because the fix was for a disabled feature (wasm) or
that we did not have time to investigate before 5.0 was cut
which result in v8 test failures for PPC in 5.0. These are test
issues and are already resolved in v8 master. This PR
excludes these tests so that our v8 tests in the CI will
be green so that we can detect any real regressions.
PR-URL: https://github.com/nodejs/node/pull/6267
Fixes: https://github.com/nodejs/node/issues/6236
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Original commit message:
Improved diagnostic message for JS heap out of memory
This patch replaces the unused 'take_snapshot' parameter on
FatalProcessOutOfMemory() with a 'is_heap_oom' parameter.
The parameter is set to true on error paths where the
JS heap is out of memory, as distinct from a malloc()
failure i.e. process out of memory. The message output to
stderr or passed to embedding applications via FatalErrorCallback
is 'Javascript heap out of memory' rather than
'process out of memory'.
BUG=
R=jochen@chromium.org, verwaest@chromium.org, michael_dawson@ca.ibm.com
Review URL: https://codereview.chromium.org/1873443002
Cr-Commit-Position: refs/heads/master@{#35431}
We'd like this in 6.x to help with diagnosing customer problems.
It provides a better message on OOM so that it is easier to
be able to tell whether the OOM was due to heap exhaustion
or running out of native memory.
PR-URL: https://github.com/nodejs/node/pull/6218
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Original commit message:
tools: fix tickprocessor Cpp symbols on mac
Despite man page documentation:
-f Display the symbol table of a dynamic library flat (as one
file not separate modules).
`nm` on mac treats `-f` as a shorthand for `-format`. The `-f` argument
does not seem to be required, so just remove it completely.
(For `-format` documentation - see `nm --help` on mac).
BUG=
Review URL: https://codereview.chromium.org/1840633002
Cr-Commit-Position: refs/heads/master@{#35445}
Fix: #5903
PR-URL: https://github.com/nodejs/node/pull/6179
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Changes to Node core in order to allow compilation for linuxOne.
The ../archs/linux32-s390x/opensslconf.h and
../archs/linux64-s390x/opensslconf.h were automatically
generated by running make linux-ppc linux-ppc64 in the
deps/openssl/config directory as per our standard
practice
After these changes we still need a version of v8
which supports linuxOne but that will be coming soon
in the 5.1 version of v8. Until then with these changes
we'll be able to create a hybrid build which pulls in
v8 from the http://github/andrewlow repo.
PR-URL: https://github.com/nodejs/node/pull/5941
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The upstream and dep were slightly out of sync due to the way the
recent security update had to be done. This brings the two back
into sync. This update includes a couple of fixed tests and a
performance related semver-patch update to the http method parsing.
PR-URL: https://github.com/nodejs/node/pull/5600
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Use the "Apple LLVM" version number since the banner has changed in
newer versions of Mac OS X, resulting in the obsolete assembler path
being used to compile OpenSSL.
PR-URL: https://github.com/nodejs/node/pull/5553
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Ported by exinfinitum from a PR by jasnell:
see https://github.com/nodejs/node-v0.x-archive/pull/14185
Allows the running of v8 tests on node's packaged v8 source code.
Note that the limited win32 support added by jasnell has NOT been ported,
and so these tests are currently UNIX ONLY.
Note that gclient depot tools
(see https://commondatastorage.googleapis.com/
chrome-infra-docs/flat/depot_tools/docs/html/
depot_tools_tutorial.html#_setting_up) and subversion are required
to run tests.
To perform tests, run the following commands:
make v8 DESTCPU=(ARCH)
make test-v8 DESTCPU=(ARCH)
where (ARCH) is your CPU architecture, e.g. x64, ia32.
DESTCPU MUST be specified for this to work properly.
Can also do tests on debug build by using "make test-v8 DESTCPU=(ARCH)
BUILDTYPE=Debug", or perform intl or benchmark tests via make
test-v8-intl or test-v8-benchmarks respectively.
Note that by default, quickcheck and TAP output are disabled, and i18n
is enabled. To activate these options, use options"QUICKCHECK=True" and
"ENABLE_V8_TAP=True" respectively.
Use "DISABLE_V8_I18N" to disable i18n.
Use V8_BUILD_OPTIONS to allow custom user-defined flags to be
appended onto "make v8".
Any tests performed after changes to the packaged v8 file will require
recompiling of v8, which can be done using "make v8 DESTCPU=(ARCH)".
Finally, two additional files necessary for one of the v8 tests have
been added to the v8 folder.
PR-URL: https://github.com/nodejs/node/pull/4704
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
On Windows, when compiling with `UNICODE` defined, `LoadLibrary` becomes
`LoadLibraryW`. When an ASCII string is passed to that function it
crashes.
PR-URL: https://github.com/iojs/io.js/pull/226
Reviewed-By: Bert Belder <bertbelder@gmail.com>