* http: allow multiple WebSocket RFC6455 headers (Einar Otto Stangvik)
* http: allow multiple WWW-Authenticate headers (Ben Noordhuis)
* windows: support unicode argv and environment variables (Bert Belder)
* tls: mitigate session renegotiation attacks (Ben Noordhuis)
* tcp, pipe: don't assert on uv_accept() errors (Ben Noordhuis)
* tls: Allow establishing secure connection on the existing socket (koichik)
* dgram: handle close of dgram socket before DNS lookup completes (Seth Fitzsimmons)
* windows: Support half-duplex pipes (Igor Zinkovsky)
* build: disable omit-frame-pointer on solaris systems (Dave Pacheco)
* debugger: fix --debug-brk (Ben Noordhuis)
* net: fix large file downloads failing (koichik)
* fs: fix ReadStream failure to read from existing fd (Christopher Jeffrey)
* net: destroy socket on DNS error (Stefan Rusu)
* dtrace: add missing translator (Dave Pacheco)
* unix: don't flush tty on switch to raw mode (Ben Noordhuis)
* windows: reset brightness when reverting to default text color (Bert Belder)
* npm: update to 1.1.1
- Update which, fstream, mkdirp, request, and rimraf
- Fix#2123 Set path properly for lifecycle scripts on windows
- Mark the root as seen, so we don't recurse into it. Fixes#1838. (Martin Cooper)
This commit fixes a bug where the cluster module failed to propagate EADDRINUSE
errors.
When a worker starts a (net, http) server, it requests the listen socket from
its master who then creates and binds the socket.
Now, OS X and Windows don't always signal EADDRINUSE from bind() but instead
defer the error until a later syscall. libuv mimics this behaviour to provide
consistent behaviour across platforms but that means the worker could end up
with a socket that is not actually bound to the requested addresss.
That's why the worker now checks if the socket is bound, raising EADDRINUSE if
that's not the case.
Fixes#2721.
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.
To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
It's possible for a new connection to be closed in the window between the
accept() syscall and the call to uv_accept(). Deal with it and move on, don't
assert.
This reverts commit 11d1eca9f3.
It sporadically (but reproducibly) triggers an assert inside V8:
Fatal error in /path/to/node/deps/v8/src/isolate.cc, line 1857
CHECK(CurrentPerIsolateThreadData()->isolate_ == this) failed
Needs further investigation.
v8 requires a lock of each thread using the vm, but if none is
explicitly is created it will implicitly create one for you. This
creates issues when trying to build modules which use v8's
multi-threading features because there's no lock to unlock.