Notable changes:
* url: `url.resolve('/path/to/file', '.')` now returns `/path/to/`
with the trailing slash, `url.resolve('/', '.')` returns `/`.
https://github.com/iojs/io.js/issues/278 (Amir Saboury)
* tls: tls (and in turn https) now rely on a stronger default
cipher suite which excludes the RC4 cipher. If you still want to
use RC4, you have to specify your own ciphers suite.
https://github.com/iojs/io.js/issues/826 (Roman Reiss)
`TLSSocket` wraps the original `net.Socket`, but writes/reads to/from
`TLSSocket` do not touch the timers of original `net.Socket`.
Introduce `socket._parent` property, and iterate through all parents
to unref timers and prevent timeout event on original `net.Socket`.
Fix: https://github.com/joyent/node/issues/9242
PR-URL: https://github.com/iojs/io.js/pull/891
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Currently, nullCheck() will attempt to invoke any truthy value
as a function if the path argument contains a null character.
This commit validates that the callback is actually a function
before trying to invoke it. fs.access() was vulnerable to this
bug, as nullCheck() was called prior to type checking its
callback.
PR-URL: https://github.com/iojs/io.js/pull/887
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This option has been there for a long time, but has never been
documented. It's functionally identical to the server counterpart.
PR-URL: https://github.com/iojs/io.js/pull/845
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Check that stdin, stdout and stderr map to open file descriptors and
remap them to /dev/null if that isn't the case. Protects against
information leaks or worse when io.js is started with closed stdio
file descriptors.
PR-URL: https://github.com/iojs/io.js/pull/875
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
PR-URL: https://github.com/iojs/io.js/pull/875
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
Commit 8aed9d66 ("src: cleanup `Isolate::GetCurrent()`") breaks building
add-ons because of the following:
In file included from ../node_modules/nan/nan.h:27:0,
from ../src/binding.cc:18:
/home/bnoordhuis/src/v1.x/src/node_object_wrap.h: In member function
'v8::Local<v8::Object> node::ObjectWrap::handle()':
/home/bnoordhuis/src/v1.x/src/node_object_wrap.h:39:46: error: base
operand of '->' has non-pointer type 'v8::Persistent<v8::Object>'
return v8::Local<v8::Object>::New(handle_->GetIsolate(),
persistent());
Mea culpa, I was one of the reviewers.
PR-URL: https://github.com/iojs/io.js/pull/868
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
If the Buffer allocation isn't a slice then there's no need to adjust
the pool offset after realloc'ing the space available.
Fixes: 6462519 "buffer, doc: misc. fix and cleanup"
This updates the default cipher suite to an more secure list, which
prefers strong ciphers with Forward Secrecy. Additionally, it enables
`honorCipherOrder` by default.
Noteable effect of this change is that the insecure RC4 ciphers are
disabled and that Chrome negotiates a more secure ECDHE cipher.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/826
The test blindly assumes that the default cipher suite supports RC4
ciphers. This corrects the case where RC4 might not be available in the
default ciphers by setting the client to use the same suite as the
server.
PR-URL: https://github.com/iojs/io.js/pull/853
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit validates the properties of ENOENT error objects
returned by spawn() and spawnSync().
PR-URL: https://github.com/iojs/io.js/pull/838
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
'.' and '..' are directory specs and resolving urls with or
without the hostname with '.' and '..' should add a trailing
slash to the end of the url.
Fixes: https://github.com/joyent/node/issues/8992
PR-URL: https://github.com/iojs/io.js/pull/278
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
The current implementation uses the arguments object in the Server()
constructor. Since both arguments to Server() are optional, there was a
high likelihood of accessing a non-existent element in arguments, which
carries a performance overhead. This commit replaces the arguments
object with named arguments.
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Conflicts:
lib/net.js
Timeout#unref() call returns undefined, not this. The test already
worked before, because the interval was still unref'd, and the test also
succeeds without clearing the interval.
PR-URL: https://github.com/joyent/node/pull/9171
Reviewed-by: Colin Ihrig <cjihrig@gmail.com>
Reviewed-by: Timothy J Fontaine <tjfontaine@gmail.com>
Conflicts:
test/simple/test-timers-unref.js
The NativeModule system passes NativeModule.require transparently and so
is unnecessary to call explicitly.
The only one which should have the prefix is the in line 295, where
actually implements a big fs-based module system and actually requires a
native module. That is left unchanged.
PR-URL: https://github.com/joyent/node/pull/9201
Ref: https://github.com/joyent/node/issues/2009
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Conflicts:
lib/module.js
The message argument is optional for both assert() and
assert.ok(). This commit makes message optional for assert().
PR-URL: https://github.com/joyent/node/pull/9003
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This commit restricts socket timeouts non-negative, finite
numbers. Any other value throws a TypeError or RangeError.
This prevents subtle bugs that can happen due to type
coercion.
Fixes: https://github.com/joyent/node/issues/8618
PR-URL: https://github.com/joyent/node/pull/8884
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Conflicts:
lib/timers.js
test/simple/test-net-settimeout.js
test/simple/test-net-socket-timeout.js
Just added ', it' because the phrasing did not seem correct.
PR-URL: https://github.com/iojs/io.js/pull/815
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
This commit distributes many of the various tests that were previously
strewn about `test-crypto.js` into their own files, such as for Ciphers
and Deciphers, Hashing, and HMACs. Copy pasta, and no style changes
besides removing a few now-unnecessary closures.
Helps eliminate file bloat and allows for easier test prognosis.
PR-URL: https://github.com/iojs/io.js/pull/827
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
does the same thing for firefox as 'antialiased' does for webkit.
PR-URL: https://github.com/iojs/io.js/pull/820
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
The code span is closed with a straight quote instead of the correct
back tick being used.
PR-URL: https://github.com/iojs/io.js/pull/814
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
Fold two integral fields into one and use bitops to access/manipulate
them.
PR-URL: https://github.com/iojs/io.js/pull/667
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
It has been obsoleted by the previous commit. Now it's time to say
goodbye.
PR-URL: https://github.com/iojs/io.js/pull/667
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This commit also breaks up req_wrap.h into req-wrap.h and req-wrap-inl.h
to work around a circular dependency issue in env.h.
PR-URL: https://github.com/iojs/io.js/pull/667
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This is a replacement for the QUEUE macros. It implements the same
functionality but in a way that lets the compiler typecheck it.
PR-URL: https://github.com/iojs/io.js/pull/667
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
These optimizations result in >2x speedup in the ee-add-remove
benchmark:
* Don't mutate array.length when removing the last listener for
an event
* Don't bother checking max listeners if listeners isn't an array
* Don't call delete when removing the last event in _events, just
re-assign a new object instead
PR-URL: https://github.com/iojs/io.js/pull/785
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
This keeps in line with how things are done for the fast path
and *might* even provide a *slight* performance increase.
PR-URL: https://github.com/iojs/io.js/pull/785
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Remove internal object and expose functions directly on binding. This
makes possible to simply use internal functions in other builtin
modules.
PR-URL: https://github.com/iojs/io.js/pull/770
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Ben Noordhuis <info@bnoordhuis.nl>
In the case of using openssl with shared library,
reinterpret_cast<X509V3_EXT_I2V>(i2v_GENERAL_NAMES)) refers plt
pointer so that SafeX509ExtPrint returns false.
Fix it to check it with method of NID_subject_alt_name
This patch originally was created by Fedor Indutny
and Ben Noordhuis
Fixes: https://github.com/iojs/io.js/issues/617
PR-URL: https://github.com/iojs/io.js/pull/800
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>