Added some information around usages of how to use iterations, how to
choose decent salts and updating the example to have a significant
work factor and to use sha512.
PR-URL: https://github.com/nodejs/node/pull/3290
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
This has been supperted for long but never tested nor documented.
PR-URL: https://github.com/nodejs/node/pull/3641
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
This has been supperted for long but never tested nor documented.
PR-URL: https://github.com/nodejs/node/pull/3641
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
This clarifies that fs.createReadStream and fs.createWriteStream, when
passed a fd, expects the fd to be blocking, and suggests net.Socket as
an alternative.
PR-URL: https://github.com/nodejs/node/pull/3641
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
`v8_use_snapshot` should be either `true` or `false`, not 1 or 0.
PR-URL: https://github.com/nodejs/node/pull/3962
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.
PR-URL: https://github.com/nodejs/node/pull/3951
Reviewed-By: Fedor Indutny <fedor@indutny.com>
`options` is already a param of the function.
PR-URL: https://github.com/nodejs/node/pull/3943
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Because Node modules are wrapped, errors on the first line
of a file leak the wrapper to the user and report the wrong
column number. This commit adds a line break to the module
wrapper so that the first line is treated the same as all
other lines. To compensate for the additional line, a line
offset of -1 is also applied to errors.
Fixes: https://github.com/nodejs/node/issues/2860
PR-URL: https://github.com/nodejs/node/pull/2867
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
The type and range checks performed by this function can be done more
efficiently in native code.
PR-URL: https://github.com/nodejs/node/pull/3763
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit moves the deprecation message for fs.existsSync()
above the function description, making message placement
uniform across the documentation.
PR-URL: https://github.com/nodejs/node/pull/3942
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
The original test was only testing some of the headers that shouldn't be
concatenated as per lib/_http_incoming.js, so now the full list is
there.
'content-length` gives a parse error if you set it to a string, so the
test for that header uses numbers.
PR-URL: https://github.com/nodejs/node/pull/3930
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
FIPS 140-2 disallows use of MD5, which is used to derive the
initialization vector and key for createCipher(). Modify
all tests to expect exceptions in FIPS mode when disallowed
API is used, or to avoid testing such API in FIPS Mode.
PR-URL: https://github.com/nodejs/node/pull/3754
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>
FIPS 140-2 does not permit the use of MD5 and RC4, skip or tests
that use them, or substitute with stronger crypto where applicable.
PR-URL: https://github.com/nodejs/node/pull/3757
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James Snell <jasnell@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
The module loading system will not append node_modules to a
path already ending in node_modules. This used to be documented,
but it was lost.
Fixes: https://github.com/nodejs/node/issues/3873
PR-URL: https://github.com/nodejs/node/pull/3920
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Generating 1024-bit primes on rpi test machines sometimes
causes timeouts. Avoid this situation by using 256-bit
primes when not running in FIPS mode.
Fixes: https://github.com/nodejs/node/issues/3881
PR-URL: https://github.com/nodejs/node/pull/3902
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Move portion of `test-child-process-spawnsync-input.js` (that has been
flaky on CentOS in CI) to its own file. This allows us to more easily
eliminate the cause of the flakiness without affecting other unrelated
portions of the test.
Fixes: https://github.com/nodejs/node/issues/3863
PR-URL: https://github.com/nodejs/node/pull/3889
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Previously, this test was not supported on OS X. This change makes sure
that it is no longer skipped.
PR-URL: https://github.com/nodejs/node/pull/3901
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
- refactor test to accept multiple error messages per platform
- add new message to be found in Solaris 11.3 as per #3798
PR-URL: https://github.com/nodejs/node/pull/3855
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
In debugger, the usage of `repl` very ugly. I'd like there is a `p`
like gdb. So the `exec` is coming.
Usage:
```
$ ./iojs debug ~/git/node_research/server.js
< Debugger listening on port 5858
connecting to 127.0.0.1:5858 ... ok
break in /Users/jacksontian/git/node_research/server.js:1
> 1 var http = require('http');
2
3 http.createServer(function (req, res) {
debug> exec process.title
/Users/jacksontian/git/io.js/out/Release/iojs
debug>
```
And the `repl`:
```
debug> repl
Press Ctrl + C to leave debug repl
> process.title
'/Users/jacksontian/git/io.js/out/Release/iojs'
debug>
(^C again to quit)
```
The enter and leave debug repl is superfluous.
R-URL: https://github.com/nodejs/node/pull/1491
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Soften language for CVE-2015-3193 as impact may not be as great as
expected, also trim to match v4.2.3 language
* Clarify that CVE-2015-3194 affects TLS servers using _client
certificate authentication_
* Include reference to CVE-2015-6764
PR-URL: https://github.com/nodejs/node/pull/4156
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Security Update
Notable items:
* **http**: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
* **openssl**: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against DH, an attack against RSA
and DSA is considered possible but unlikely, EC algorithms are not
affected. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
in out-of-bounds reads for arrays. (Ben Noordhuis)
PR-URL: https://github.com/nodejs/node-private/pull/11
This just replaces all sources of openssl-1.0.2e.tar.gz into
deps/openssl/openssl
deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
deps: fix openssl assembly error on ia32 win32
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .
deps: fix asm build error of openssl in x86_win32
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html
node needs to stop using masm and move to nasm or yasm on Win32.
openssl: fix keypress requirement in apps on win32
Reapply b910613792 .
deps: add -no_rand_screen to openssl s_client
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.
deps: update openssl config files
Regenrate config files for supported platforms with Makefile.
deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-4.8.4. Also asm files in asm_obsolete dir to support old compiler
and assmebler are regenerated without CC and ASM envs.
PR-URL: https://github.com/nodejs/node/pull/4134
Reviewed-By: Fedor Indutny <fedor@indutny.com>
FIPS 140-2 disallows use of MD5, which is used to derive the
default sessionIdContext for tls.createServer().
PR-URL: https://github.com/nodejs/node/pull/3755
Reviewed-By: Fedor Indutny <fedor@indutny.com>
None of these regular expressions will change, so there is no need to
generate them every time in hot code paths.
Provides a small performance improvement in module loading. (5-10%)
PR-URL: https://github.com/nodejs/node/pull/3869
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reorders, with no contextual changes, the repl documentation with class
definitions at the top and alphabetically.
PR-URL: https://github.com/nodejs/node/pull/3859
Reviewed-By: Roman Klauke <romaaan.git@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
common.checkSpawnSyncRet is only used in one test. Move it out of
common.js and into that test (test-child-process-spawnsync-input.js).
PR-URL: https://github.com/nodejs/node/pull/3871
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Documentation currently states that setting noAssert and passing a value
larger than can fit in the Buffer will cause data to be silently
dropped. Change implementation to match documented behavior.
Fixes: https://github.com/nodejs/node/issues/3766
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Moved all the URLs in API docs to the bottom of the files as
reference-style links.
PR-URL: https://github.com/nodejs/node/pull/3845
Reviewed-By: James M Snell <jasnell@gmail.com>
`test/internet/test-dgram-broadcast-multi-process.js` fails if it is in
a FreeBSD jail. This issue is with the way FreeBSD jails work and not
with Node. Skip the test if in a FreeBSD jail.
PR-URL: https://github.com/nodejs/node/pull/3839
Fixes: https://github.com/nodejs/node/issues/2472
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Fix configure_library() to produce correct LDFLAGS when configuring with
prebuilt 3rd-party libraries (libuv, openssl, etc) using `pkg-config' or
`--shared-{LIBRARY}-includes=xxx --shared-{LIBRARY}-libpath=xxx'.
PR-URL: https://github.com/nodejs/node/pull/3135
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Use path join to construct the path instead of concatenating strings.
Replace backslash with double backslash so that they are escaped
correctly in the string passed to REPL.
PR-URL: https://github.com/nodejs/node/pull/3608
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.
PR-URL: https://github.com/nodejs/node/pull/3758
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>
This test assures that if flush is called while the zlib object needs
to be drained that it will defer the callback until after the drain.
PR-URL: https://github.com/nodejs/node/pull/3534
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>