Add description of user responsibility in the choice of cypto
algorithms and its key length. Some of recommendations for the safer
use are also described.
PR-URL: https://github.com/nodejs/node/pull/3479
Reviewed-By: James M Snell <jasnell@gmail.com>
When the user hits `^C` in the REPL show more info about `.exit`.
The idea was to give more info to the user when they hit ^C.
Current version just displays `(^C again to quit)` and most
of the users are not aware of the `.exit` command that would
Exit the repl.
PR-URL: https://github.com/nodejs/node/pull/3368
Reviewed-By: James M Snell <jasnell@gmail.com>
Update the documentation for `process.stdout` and `process.stdout` to
clarify that writes can block when stdio is redirected to a file. In
all other cases, it's non-blocking.
PR-URL: https://github.com/nodejs/node/pull/3170
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
PR-URL: https://github.com/nodejs/node/pull/2796
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
Fix configure_library() to produce correct LDFLAGS when configuring with
prebuilt 3rd-party libraries (libuv, openssl, etc) using `pkg-config' or
`--shared-{LIBRARY}-includes=xxx --shared-{LIBRARY}-libpath=xxx'.
PR-URL: https://github.com/nodejs/node/pull/3135
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
This patch
- issues a TAP plugin parsable message on non darwin/windows boxes
- uses `const` wherever applicable
- moves the test to parallel
PR-URL: https://github.com/nodejs/node/pull/2599
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
Security Update
Notable items:
* http: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
* openssl: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against a Node.js TLS server using
DHE key exchange. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
in out-of-bounds reads for arrays. (Ben Noordhuis)
PR-URL: https://github.com/nodejs/node-private/pull/12
This just replaces all sources of openssl-1.0.2e.tar.gz into
deps/openssl/openssl
deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
deps: fix openssl assembly error on ia32 win32
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .
deps: fix asm build error of openssl in x86_win32
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html
node needs to stop using masm and move to nasm or yasm on Win32.
openssl: fix keypress requirement in apps on win32
Reapply b910613792 .
deps: add -no_rand_screen to openssl s_client
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.
deps: update openssl config files
Regenrate config files for supported platforms with Makefile.
deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-4.8.4. Also asm files in asm_obsolete dir to support old compiler
and assmebler are regenerated without CC and ASM envs.
PR-URL: https://github.com/nodejs/node/pull/4134
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Move ENOENT related tests out of general fs.watch() test file and into
its own file. This may help diagnose
https://github.com/nodejs/node/issues/3541.
PR-URL: https://github.com/nodejs/node/pull/3548
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
This adds an example of a semi-common promise pattern that could
result in false-positive 'unhandledRejection' events, to help motivate
why there is a dual 'rejectionHandled' event. I anticipate it being
helpful to users who encounter 'unhandledRejection' events that do not
stem from obvious typos such as the JSON.pasre example.
Also cleans up the promise rejection tracking sample. By using a Map
instead of array we can get O(1) deletion and actually record the errors.
And, fixed indentation and backtick usage there to align with the rest of
the document.
Reviewed-By: Stephan Belanger <admin@stephenbelanger.com>
Reviewed-By: Petka Antonov <petka.antonov@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/3438
When v8 implemented proper one-byte string support Node's internal
"binary" encoding implementation was removed in favor of it. The result
was that "binary" encoding effectively became "latin-1" encoding.
Because of this and because one-byte strings are natively supported by
v8 the buffer encoding is not deprecated and will not be removed.
Ref: 83261e7 "deps: update v8 to 3.17.13"
PR-URL: https://github.com/nodejs/node/pull/3441
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Tests normally use common.PORT to allow the user to select which port
number to listen on. Hardcoding the port number will cause parallel
instances of the test to fail.
PR-URL: https://github.com/nodejs/node/pull/3557
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Fix the following error message in windows using VS 2013:
LINK : fatal error LNK1194: cannot delay-load 'node.exe'
due to import of data symbol '"__declspec(dllimport)
const v8::OutputStream::`vftable'"
(__imp_??_7OutputStream@v8@@6B@)'; link without
/DELAYLOAD:node.exe
PR-URL: https://github.com/nodejs/node/pull/3572
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This is to ensure that it is evaluated the same way it would be if it
were to be run by node or required.
Before, the following would pass if run by node, but fail if run via
the syntax check flag:
if (true) {
return;
}
Now, this will pass the syntax check
PR-URL: https://github.com/nodejs/node/pull/3587
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Check that `node --debug-brk -e 0` immediately quits.
PR-URL: https://github.com/nodejs/node/pull/3585
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This is a reland of https://github.com/nodejs/node/pull/3165. The patch abates
the truncation of script filenames in the perf-event output produced by V8.
V8 commits:
Original: 03ef3cd004
Reland: 010897c16a
Original commit message:
improve perf_basic_prof filename reporting
The buffer used for appending filenames to the string printed to the
perf_basic_prof log was unnecessarily too small. Bump it up to be at least
kUtf8BufferSize.
Truncation of filenames makes it really hard to work with profiles gathered on
Node.js. Because of the way Node.js works, you can have node module dependencies
in deeply nested directories. The last thing you want when investigating a
performance problem is to have script names be truncated.
This patch is a stop-gap. Ideally, I want no truncation of the filename at all
and use a dynamically growing buffer. That would be a larger change, and I
wanted to have a quick fix available that can be back-ported to Node.js LTS
release.
R=yangguo@chromium.org,yurys@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1388543002
PR-URL: https://github.com/nodejs/node/pull/3520
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Before this commit, sending a SIGUSR1 at program exit could trigger a
hard to reproduce race condition where `v8::Debug::DebugBreak(isolate)`
got called when the isolate was in the process of being torn down.
A similar race condition is in theory possible when sending signals
to two threads simultaneously but I haven't been able to reproduce
that myself (and I tried, oh how I tried.)
This commit fixes the race condition by turning `node_isolate` into
a `std::atomic` and using it as an ad hoc synchronization primitive
in places where that is necessary.
A bare minimum std::atomic polyfill is added for OS X because Apple
wouldn't be Apple if things just worked out of the box.
PR-URL: https://github.com/nodejs/node/pull/3528
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
As it is, the comments are not handled properly in REPL. So, if the
comments have `'` or `"`, then they are treated as incomplete string
literals and the error is thrown in REPL.
This patch refactors the existing logic and groups everything in a
class.
Fixes: https://github.com/nodejs/node/issues/3421
PR-URL: https://github.com/nodejs/node/pull/3515
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Instead of creating new timer - reuse the timer from the freelist. This
won't make the freelist timer active for the duration of `uv_close()`,
and will let the event-loop exit properly.
Fix: #1264
PR-URL: https://github.com/nodejs/node/pull/3407
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
f2a45caf2e contained a test for a
regression that had been introduced by the original change that
77a10ed05f ported. While
77a10ed05f did not contain that
regression, the test that f2a45caf2e
contained should still be in the code base to prevent any regression
from happening in the future.
Original message for the commit that contained the test:
domains: fix stack clearing after error handled
caeb67735b introduced a regression where
the domains stack would not be cleared after an error had been handled
by the top-level domain.
This change clears the domains stack regardless of the position of the
active domain in the stack.
PR: #9364
PR-URL: https://github.com/joyent/node/pull/9364
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR: #3356
PR-URL: https://github.com/nodejs/node/pull/3356
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
util is loaded just for one use of util.format(). Replace it with a
string template. While we're at it, delete nearby lengthy comment
justifying use of fs.readFileSync().
PR-URL: https://github.com/nodejs/node/pull/3324
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed By: Evan Lucas <evanlucas@me.com>
The Pi 1's in CI don't always fail on the buffer.toString() tests. But
they time out sometimes, so let's split the tests up so they don't.
PR-URL: https://github.com/nodejs/node/pull/3323
Reviewed By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed By: Trevor Norris <trev.norris@gmail.com>
Fixes a persistently troublesome failing test by splitting it
out into multiple parallel tests.
Reviewed By: Evan Lucas <evanlucas@me.com>
Reviewed By: Trevor Norris <trev.norris@gmail.com>
Reviewed By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/3287
common.Error() is just util.isError() which is deprecated. Use
assert.throws() instead.
PR-URL: https://github.com/nodejs/node/pull/3084
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Original commit message:
[heap] fix crash during the scavenge of ArrayBuffer
Scavenger should not attempt to visit ArrayBuffer's storage, it is a
user-supplied pointer that may have any alignment. Visiting it, may
result in a crash.
BUG=
R=jochen
Review URL: https://codereview.chromium.org/1406133003
Cr-Commit-Position: refs/heads/master@{#31611}
PR-URL: https://github.com/nodejs/node/pull/3549
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
inherits is used in lib and tests but its functionality itself is not
tested yet.
PR-URL: https://github.com/nodejs/node/pull/3507
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
The test sometimes fail on an assertion but no useful error message
was generated for debugging. Modify the test to generate useful
debugging message.
PR-URL: https://github.com/nodejs/node/pull/3501
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Add SIGTRAP and the corresponding exit code to the list of signals/exit
codes that are expected when running tests that throw an uncaught error
and have --abort-on-uncaught-exception enabled.
Also refactor a bit related comments so that they better reflect what's
actually happening.
Fixes#3239.
PR: #3354
PR-URL: https://github.com/nodejs/node/pull/3354
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Previously the wrong end of the history was limited on load.
PR-URL: https://github.com/nodejs/node/pull/2356
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed By: Evan Lucas <evanlucas@me.com>