Previously, the reason argument passed to ServerResponse#writeHead was
not being properly validated. One could pass CRLFs which could lead to
http response splitting. This commit changes the behavior to throw an
error in the event any invalid characters are included in the reason.
CVE-2016-5325
PR-URL: https://github.com/nodejs/node-private/pull/46
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.
Fixes: https://github.com/nodejs/io.js/issues/1461
PR-URL: https://github.com/nodejs/io.js/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
PR-URL: https://github.com/nodejs/node/pull/8786
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
This replaces all sources of openssl-1.0.2j.tar.gz into
deps/openssl/openssl
PR-URL: https://github.com/nodejs/node/pull/8786
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
openssl command does not allow to both "-ssl3" and "-no_tls1".
A protocol connecting to the server is only specified.
PR-URL: https://github.com/nodejs/node/pull/8714
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-5.4.0. Also asm files in asm_obsolete dir to support old compiler
and assembler are regenerated without CC and ASM envs.
PR-URL: https://github.com/nodejs/node/pull/8714
Reviewed-By: Fedor Indutny <fedor@indutny.com>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.
Fixes: https://github.com/nodejs/io.js/issues/1461
PR-URL: https://github.com/nodejs/io.js/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
PR-URL: https://github.com/nodejs/node/pull/8714
Reviewed-By: Fedor Indutny <fedor@indutny.com>
This replaces all sources of openssl-1.0.2i.tar.gz into
deps/openssl/openssl
PR-URL: https://github.com/nodejs/node/pull/8714
Reviewed-By: Fedor Indutny <fedor@indutny.com>
This benchmark fails on Windows when trying to execute command which
is more than 32k in size. This commits skips this one case when running
under Windows.
PR-URL: https://github.com/nodejs/node/pull/7178
Reviewed-By: Trott - Rich Trott <rtrott@gmail.com>
Reviewed-By: orangemocha - Alexis Campailla <orangemocha@nodejs.org>
Backported from
99bf6face5
We can tell when `node-gyp` is changed by creating a prerequisite on
`deps/npm/node_modules/node-gyp/package.json`. The prerequisite is added
to the `test/addons/.buildstamp` since `build-addons` is .PHONY.
Testing for this change was entirely manual.
$ make clean test-build # Initial build
$ make test-build # Make sure build-addons doesn't rebuild
$ touch deps/npm/node_modules/node-gyp/package.json # simulate change
$ make test-build # Ensure build-addons rebuilds
PR-URL: https://github.com/nodejs/node/pull/6787
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
This helps to prevent issues where a failed test can keep a bound
socket open long enough to cause other tests to fail with EADDRINUSE
because the same port number is used.
PR-URL: https://github.com/nodejs/node/pull/7045
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
This commit removes some unnecessary signed checks on unsigned
variables.
PR-URL: https://github.com/nodejs/node/pull/7174
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
GCM cipher IV length can be >=1 bytes.
When not the default 12 bytes (96 bits) sets the IV length using
`EVP_CIPHER_CTX_ctrl` with type `EVP_CTRL_GCM_SET_IVLEN`
PR-URL: https://github.com/nodejs/node/pull/6376
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
After the #3888 it was not possible to "make doc-only"
in some situations. This now fallsback to any installed
node version and throws "node not found" in error case.
Ref: https://github.com/nodejs/node/pull/3888
PR-URL: https://github.com/nodejs/node/pull/6906
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Add a `REPLACEME` tag that should be used when introducing
docs for new features, so that they can be updated when releases
are made.
Ref: https://github.com/nodejs/node/issues/6578
PR-URL: https://github.com/nodejs/node/pull/6864
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Previously, output files which were created using includes (notably,
the single-page all.html) had basically broken internal links all
over the place because references like `errors.html#errors_class_error`
are being used, yet `id` attributes were generated that looked like
`all_class_error`.
This PR adds generation of comments from the include preprocessor
that indicate from which file the current markdown bits come and
lets the HTML output generation take advantage of that so that more
appropriate `id` attributes can be generated.
PR-URL: https://github.com/nodejs/node/pull/6943
Reviewed-By: Robert Jefe Lindstaedt <robert.lindstaedt@gmail.com>
Reviewed-By: Daniel Wang <wangyang0123@gmail.com>
These signatures were originally converted to opts hashes in #3888. That
change was misinterpreted as the intrinsic cause of a test failure and
reverted in #6680.
PR-URL: https://github.com/nodejs/node/pull/6690
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Robert Jefe Lindstaedt <robert.lindstaedt@gmail.com>
Adjust style in doctool tests to conform with predominant style of the
rest of the project. The biggest changes are:
* Replace string concatenation with `path.join()`
* Remove unnecessary quotes from property names
PR-URL: https://github.com/nodejs/node/pull/6719
Reviewed-By: James M Snell <jasnell@gmail.com>
101dd1e introduced a regression in the doctool. This commit reverts
the changes that were made to the function signature of the various
doctool functions while maintaining support for passing in specific
node versions.
Refs: https://github.com/nodejs/node/commit/101dd1e
PR-URL: https://github.com/nodejs/node/pull/6680
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Robert Lindstaedt <robert.lindstaedt@gmail.com>
Allows building just docs using existing Node instead of building Node
first.
PR-URL: https://github.com/nodejs/node/pull/3888
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Introduced in commit 3f69ea5 ("tools: update marked dependency"), it
stopped the embedded addons in the documentation from getting built.
PR-URL: https://github.com/nodejs/node/pull/6652
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
* Make the 'extract embedded addons in the documentations' step a normal
prerequisite. As an order-only prerequisite, it's sometimes skipped
when it shouldn't be.
* Make `tools/doc/addon-verify.js` a dependency of that step. Changes
to that file should result in a rebuild.
PR-URL: https://github.com/nodejs/node/pull/6652
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Use the overload of `v8::Function::NewInstance()` that returns a
`v8::MaybeLocal<v8::Object>`. The overloads that return a simple
`v8::Local<v8::Object>` are deprecated.
PR-URL: https://github.com/nodejs/node/pull/6652
Reviewed-By: Anna Henningsen <anna@addaleax.net>
There has been occasional nits for spacing in object literals in PRs but
the project does not lint for it and it is not always handled
consistently in the existing code, even on adjacent lines of a file.
This change enables a linting rule requiring no space between the key
and the colon, and requiring at least one space (but allowing for more
so property values can be lined up if desired) between the colon and the
value. This appears to be the most common style used in the current code
base.
Example code the complies with lint rule:
myObj = { foo: 'bar' };
Examples that do not comply with the lint rule:
myObj = { foo : 'bar' };
myObj = { foo:'bar' };
PR-URL: https://github.com/nodejs/node/pull/6592
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Update module marked. Customize renderer to remove id from heading.
PR-URL: https://github.com/nodejs/node/pull/6396
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Allow multiple `added:` version entries, since semver-minors
can trickle down to previous major versions, and thus
features may have been added in multiple versions.
Also include `deprecated:` entries and apply the same logic
to them for consistency.
Stylize the added HTML as `Added in:` and `Deprecated since:`.
PR-URL: https://github.com/nodejs/node/pull/6495
Reviewed-By: Robert Jefe Lindstaedt <robert.lindstaedt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Add checks that make sure the doctool parses metadata correctly.
PR-URL: https://github.com/nodejs/node/pull/6495
Reviewed-By: Robert Jefe Lindstaedt <robert.lindstaedt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Add a hack js-yaml module to the doctool dependencies that simply
loads the one that’s included with eslint.
This helps avoiding to check in the whole dependency tree into
the core repo.
PR-URL: https://github.com/nodejs/node/pull/6495
Reviewed-By: Robert Jefe Lindstaedt <robert.lindstaedt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Add `added:` and `deprecated:` entries to buffer.md.
These are incomplete (particularly for some of the ancient features),
but correct to the best of my knowledge. This serves as a
demonstration of how the `added:`/`deprecated:` metadata may be
implemented in 'real' docs.
PR-URL: https://github.com/nodejs/node/pull/6495
Reviewed-By: Robert Jefe Lindstaedt <robert.lindstaedt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
If a socket is sent to a child, any data that is buffered in the socket
will not be sent to the child. The child will only receive data from the
socket that is sent after the child has the socket.
PR-URL: #6951
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Most of the information is gleaned from changelogs. The rest is inferred
from git history.
Omitted cpuUsage() since it's not yet in a release.
Also omitted the streams, events and signals, since I didn't really
think it made sense for those.
Ref: https://github.com/nodejs/node/issues/6578
PR-URL: https://github.com/nodejs/node/pull/6589
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Alexander Makarenko <estliberitas@gmail.com>