Remove support for SSLv2 because of DROWN (CVE-2016-0800).
Use of the `--enable-ssl2` flag is now an error; node will print an
error message and exit.
PR-URL: https://github.com/nodejs/node/pull/5536
Reviewed-By: Rod Vagg <rod@vagg.org>
It is possible that the internal handleMessage() might try to send to
a channel that has been closed. The result can be an AssertionError.
Guard against this.
Fixes: https://github.com/nodejs/node/issues/4205
PR-URL: https://github.com/nodejs/node/pull/5153
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit prevents child process stdio streams from being
automatically flushed on child process exit/close if a 'readable'
event handler has been attached at the time of exit.
Without this, child process stdio data can be lost if the process
exits quickly and a `read()` (e.g. from a 'readable' handler)
hasn't had the chance to get called yet.
Fixes: https://github.com/nodejs/node/issues/5034
PR-URL: https://github.com/nodejs/node/pull/5037
Reviewed-By: James M Snell <jasnell@gmail.com>
Fix node exiting due to an exception being thrown rather than emitting
an 'uncaughtException' event on the process object when:
1. no error handler is set on the domain within which an error is thrown
2. an 'uncaughtException' event listener is set on the process
Also fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and --abort-on-uncaught-exception is used.
Fixes#3607 and #3653.
PR: #3885
PR-URL: https://github.com/nodejs/node/pull/3885
Reviewed-By: James M Snell <jasnell@gmail.com>
caeb677
Do not abort the process if an error is thrown from within a domain,
an error handler is setup for the domain and
--abort-on-uncaught-exception was passed on the command line.
However, if an error is thrown from within the top-level domain's
error handler and --abort-on-uncaught-exception was passed on the
command line, make the process abort.
Fixes: #8877
Fixes: https://github.com/nodejs/node-v0.x-archive/issues/8877
PR-URL: https://github.com/nodejs/node-v0.x-archive/pull/25835
Reviewed-By: misterdjules - Julien Gilli <jgilli@nodejs.org>
spawnSync() modifies the options argument. This commit makes
a copy of options before any modifications occur.
PR-URL: https://github.com/joyent/node/pull/9159
Reviewed-By: trevnorris - Trevor Norris <trev.norris@gmail.com>
This reverts commit 67d9a56251.
This commit actually reverts both
67d9a56251 and
02a549ed2b (both related to ciphers list
changes). It does it in one commit because reverting
02a549ed2b results in an empty commit.
These changes are not yet ready to be released, and before they are we
want to be able to publish new releases. We're reverting them so that we
can submit a new PR that will contain all these changes plus what's
necessary to be able to land them properly.
Conflicts:
src/node.cc
PR: #25511
PR-URL: https://github.com/joyent/node/pull/25511
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
When a timer is added in another timer's callback, its underlying timer
handle will be started with a timeout that is actually incorrect.
The reason is that the value that represents the current time is not
updated between the time the original callback is called and the time
the added timer is processed by timers.listOnTimeout. That leads the
logic in timers.listOnTimeout to do an incorrect computation that makes
the added timer fire with a timeout of scheduledTimeout +
timeSpentInCallback.
This change fixes that and make timers scheduled within other timers'
callbacks fire as expected.
Fixes#9333 and #15447.
PR: #17203
PR-URL: https://github.com/joyent/node/pull/17203
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Revert "disable RC4, add --cipher-list command line switch" and
"tls: make --enable-legacy-cipher-list=val less verbose"
This reverts commit f9291a9449 and
b5737bb977.
There is still some work to be done to guarantee secure defaults and a
smooth upgrade path for v0.12.x users. Before this work is finished, we
want to be able to release new versions of v0.12.x. So instead of
waiting for these changes to be ready to ship, revert them and integrate
them when they're ready to be shipped.
Conflicts:
src/node.cc
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25296
Fix the regexp used to detect 'Unexpected token' errors so that they can
be considered as recoverable. This fixes the following use case:
> var foo = 'bar \
... baz';
undefined
> foo
'bar baz'
>
Fixes#8874
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8875
V4MAPPED is not supported on recent FreeBSD versions, at least on 10.1.
Thus, do not set this flag in net.connect on FreeBSD.
Fixes#8540 and #9204.
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/joyent/node/pull/18204
When debug in remote mode with host:port or pid, the interface
spawn child process also. If the debugger agent is running, will
get following output:
```
< Error: listen EADDRINUSE :::5858
< at Object.exports._errnoException (util.js:734:11)
< at exports._exceptionWithHostPort (util.js:757:20)
< at Agent.Server._listen2 (net.js:1155:14)
< at listen (net.js:1181:10)
< at Agent.Server.listen (net.js:1268:5)
< at Object.start (_debug_agent.js:21:9)
< at startup (node.js:68:9)
< at node.js:799:3
```
This fix won't spawn child process and no more error message was
shown.
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/joyent/node/pull/14172
Disable RC4 in the default cipher list
Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST`
environment variable to completely override the default cipher list.
Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST`
environment variable to selectively enable the default cipher list from
previous node.js releases.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/14414
Disable RC4 in the default cipher list
Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST`
environment variable to completely override the default cipher list.
Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST`
environment variable to selectively enable the default cipher list from
previous node.js releases.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/14413
This change is a backport of 1a3ca8223e
from io.js.
Original commit message:
Read all pending data out of the socket on `error` event and ensure that
no `data`/`end` handlers will be invoked on `socket.destroy()`.
Otherwise following assertion happens:
AssertionError: null == true
at TLSSocket.socketOnData (_http_client.js:308:3)
at TLSSocket.emit (events.js:107:17)
at TLSSocket.Readable.read (_stream_readable.js:373:10)
at TLSSocket.socketCloseListener (_http_client.js:229:10)
at TLSSocket.emit (events.js:129:20)
at TCP.close (net.js:476:12)
Fix: https://github.com/joyent/node/issues/9348
PR-URL: https://github.com/iojs/io.js/pull/1103
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Nicu Micleușanu <micnic90@gmail.com>
Fixes#9348.
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/joyent/node/pull/14087
Improve performance by:
+ Not leaking the `arguments` object!
+ Getting the last character of a string by index, instead of
with `.substr()` or `.slice()`
Improve code consistency by:
+ Using `[]` instead of `.charAt()` where possible
+ Using a function declaration instead of a var declaration
+ Using `.slice()` with clearer arguments
+ Checking if `dir` is truthy in `win32.format`
(added tests for this)
Improve both by:
+ Making the reusable `trimArray()` function
+ Standardizing getting certain path statistics with
the new `win32StatPath()` function
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/joyent/node/pull/9289
process.send() should be synchronous, it should block until the message
has been sent in full, but it wasn't after the second-to-last libuv
upgrade because of commit libuv/libuv@393c1c5 ("unix: set non-block
mode in uv_{pipe,tcp,udp}_open"), which made its way into io.js in
commit 07bd05b ("deps: update libuv to 1.2.1").
Commit libuv/libuv@b36d4ff ("unix: implement uv_stream_set_blocking()")
as landed in io.js in commit 9681fca ("deps: update libuv to 1.4.0")
makes it possible to restore the synchronous behavior again and that's
precisely what this commit does.
The same line of reasoning applies to `net.Socket({ fd: 1 })`: creating
a socket object from a stdio file descriptor, like the `process.stdout`
getter does, should put the file descriptor in blocking mode for
compatibility reasons.
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/joyent/node/pull/9179
When slicing global pool - ensure that the underlying buffer's data ptr
is 8-byte alignment to do not ruin expectations of 3rd party C++ addons.
NOTE: 0.10 node.js always returned aligned pointers and v0.12 should do
this too for compatibility.
PR-URL: https://github.com/joyent/node/pull/9375
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This reverts commit ad0684807c.
Initially, this bug fix targeted master, and I pushed to have it
included in v0.10. In retrospect, I'm not sure it should have made into
v0.10 as it seems it could break a lot of existing working code.
In my opinion, this change is still a bug fix, and it is not backward
incompatible per se. However, I'm not sure that taking the risk to break
a lot of users with a new 0.10.x release that would include this fix is
reasonable, especially now that 0.10.x releases are entering
maintenance mode.
PR-URL: https://github.com/joyent/node/pull/9257
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
A significant performance regressions has been introduced in 1fddc1f for
GET requests which send data through response.end(). The number of
requests per second dropped to somewhere around 6% of their previous
level.
The fix consists of removing a part of the lines added by 1fddc1f,
lines which were supposed to affect only HEAD requests, but interfered
with GET requests instead.
The lines removed would not have affected the behaviour in the case of
a HEAD request as this._hasBody would always be false. Therefore, they
were not required to fix the issue reported in #8361.
Fixes#8940.
PR: #9026
PR-URL: https://github.com/joyent/node/pull/9026
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
The added validation allows non-negative numbers and numeric
strings. All other values result in a thrown exception.
Fixes: https://github.com/joyent/node/issues/9194
PR-URL: https://github.com/joyent/node/pull/9268
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@users.noreply.github.com>
this brings the error messaging in line with
other node TypeError messages.
fixes joyent/node#7766.
PR: #8723
PR-URL: https://github.com/joyent/node/pull/8723
Reviewed-By: James M Snell <jasnell@users.noreply.github.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Currently, lib/_tls_legacy.js and lib/crypto.js cannot be loaded when
--use-strict is passed to node. In addition to that, console.trace
throws because it uses arguments.callee.
This change fixes these issues and adds a test that makes sure
every external built-in module can be loaded with require when
--use-strict is enabled.
Please note that this change does not fix all issues with built-in
modules' code running with --use-strict. It is very likely that some
code in the built-in modules still fails when passing this flag.
However, fixing all code would require us to enable strict mode by
default in all builtins modules, which would certainly break existing
applications.
Fixes#9187.
PR: #9237
PR-URL: https://github.com/joyent/node/pull/9237
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
`TLSSocket` wraps the original `net.Socket`, but writes/reads to/from
`TLSSocket` do not touch the timers of original `net.Socket`.
Introduce `socket._parent` property, and iterate through all parents
to unref timers and prevent timeout event on original `net.Socket`.
Fix: https://github.com/joyent/node/issues/9242
PR-URL: https://github.com/iojs/io.js/pull/891
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This is a backport of 6c3647c38d from
v0.12 to v0.10.
Console.prototype.timeEnd() returns NaN if the timer label
corresponds to a property on Object.prototype. In v0.12, this was fixed
by using Object.create(null) to construct the _times object
However, the version of V8 in the v0.10 branch makes this fix not work
as expected. In v0.10, this commit changes the _times object into a
array of objects of the form:
{ label: someLabel, time: staringWallClockTime }
someLabel can thus be any string, including any string that represents
any Object.prototype field.
Fixes#9116.
PR: #9215
PR-URL: https://github.com/joyent/node/pull/9215
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Currently, fs.truncate() silently fails when a file descriptor
is passed as the first argument. This commit changes this
behavior to properly call fs.ftruncate().
PR-URL: https://github.com/joyent/node/pull/9161
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
If the Buffer allocation isn't a slice then there's no need to adjust
the pool offset after realloc'ing the space available.
Fixes: 6462519 "buffer, doc: misc. fix and cleanup"
The NativeModule system passes NativeModule.require transparently and so
is unnecessary to call explicitly.
The only one which should have the prefix is the in line 295, where
actually implements a big fs-based module system and actually requires a
native module. That is left unchanged.
PR-URL: https://github.com/joyent/node/pull/9201
Ref: https://github.com/joyent/node/issues/2009
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Change the fs.F_OK/R_OK/W_OK/X_OK out of fs.js will lead unexpect
exception. Make these properties readonly.
PR-URL: https://github.com/joyent/node/pull/9060
[trev.norris@gmail.com test properties are read only]
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
A number -> uint32 type coercion bug made buffer sizes
larger than kMaxLength (0x3fffffff) wrap around.
Instead of rejecting the requested size with an exception,
the constructor created a buffer with the wrong size.
PR-URL: https://github.com/iojs/io.js/pull/657
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Currently, JSON.stringify() is used to create error messages
on failed assertions. This causes an error when stringifying
objects with circular references. This commit switches out
JSON.stringify() for util.inspect(), which can handle
circular references.
PR: #8734
PR-URL: https://github.com/joyent/node/pull/8734
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
This reverts commit d312b6d15c.
d312b6d15c introduced some confusion in
the existing API of url.format and url.parse.
The way the 'path' property overrides other properties in url.format's
input is too confusing for existing users compared to the issues it
fixes.
Fixes such as https://github.com/joyent/node/pull/9081 have been
proposed, but they do not make the API less confusing.
Instead, this change just reverts the original breaking change so that
it gives us more time after v0.12.0 is released to come up with a better
API for url.format, url.parse and other related APIs in the v0.13
development branch.
Fixes#9070.
Conflicts:
doc/api/url.markdown
PR: #9109
PR-URL: https://github.com/joyent/node/pull/9109
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Fix regression introduced in 6120472036
that broke parsing of some ssh: urls.
An example url is ssh://git@github.com:npm/npm.git
Fixes#9072.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit restricts socket timeouts non-negative, finite
numbers. Any other value throws a TypeError or RangeError.
This prevents subtle bugs that can happen due to type
coercion.
Fixes: https://github.com/joyent/node/issues/8618
PR-URL: https://github.com/joyent/node/pull/8884
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
In order to preserve the potential for a flush method being added to the
streams API, rename flush to flushHeaders which is much more clear about
the behavior of this method.
PR: #9048
PR-URL: https://github.com/joyent/node/pull/9048
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
Previously if a worker's state machine had already transitioned into the
'listening' state when it received the message enabling the debugger,
the worker would never enable its debugger.
Change the logic to allow the 'listening' as a valid state for enabling
the debugger.
Fixes#6440
Signed-off-by: Julien Gilli <julien.gilli@joyent.com>
In general path functions don't change the case of a path. Making an
exception for windows drive letters violates the principle of least
surprise.
Changing the drive letter case has caused a lot of issues, including
joyent/node#7031, joyent/node#7806 and lots of bikeshedding about
whether uppercase is the right case or lowercase.
This effectively reverts joyent/node@a05f973
Reviewed-by: Alexis Campailla <alexis@janeasystems.com>
Reviewed-by: Julien Gilli <julien.gilli@joyent.com>
Workers that are already disconnected but not yet exited should not be
disconnected, trying to do so raises exceptions.
Signed-off-by: Julien Gilli <julien.gilli@joyent.com>
fs.exists() and fs.existsSync() do not follow the typical error first
callback convention. access() and accessSync() are added as alternatives
in this commit.
PR-URL: https://github.com/joyent/node/pull/8714
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Ben Noordhuis
Rich Trott
Brian White
Julien Gilli
James M Snell
Fedor Indutny
Jeremy Whitlock
cjihrig
Devin Nakamura
Ville Skyttä
Jackson Tian
Nathan Woltman
Florin-Cristian Gavrila
Chris Dickinson
Bruno Jouhier
Trevor Norris
Herbert Vojčík
Amir Saboury
Evan Lucas
Timothy J Fontaine
Bert Belder
Sam Roberts