Replace Certificate C++ class with simple functions. Update
crypto.Certificate methods accordingly.
PR-URL: https://github.com/nodejs/node/pull/5382
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Replacing the regexp and replace function with a loop improves
performance by ~60-200%.
PR-URL: https://github.com/nodejs/node/pull/5360
Reviewed-By: James M Snell <jasnell@gmail.com>
By manually copying arguments and breaking the try/catch out, we are
able to improve the performance of util.format by 20-100% (depending on
the types).
PR-URL: https://github.com/nodejs/node/pull/5360
Reviewed-By: James M Snell <jasnell@gmail.com>
Use the "Apple LLVM" version number since the banner has changed in
newer versions of Mac OS X, resulting in the obsolete assembler path
being used to compile OpenSSL.
PR-URL: https://github.com/nodejs/node/pull/5553
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit adds a failing test case for the vm module.
Currently, if runInContext() defines a function, and a later call
to runInContext() redefines the same function, the original
function is not overwritten.
Refs: https://github.com/nodejs/node/issues/548
PR-URL: https://github.com/nodejs/node/pull/5528
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Wyatt Preul <wpreul@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This commit adds a known_issues directory to the test directory
for scripts that reproduce known bugs. Since these scripts are
expected to fail, it also adds a --expect-fail flag to test.py
which reports tests as successful when they fail.
Refs: https://github.com/nodejs/testing/issues/18
PR-URL: https://github.com/nodejs/node/pull/5528
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Wyatt Preul <wpreul@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Avoid 'delete this' as it can be hazardous and/or dependent on
implementations.
PR-URL: https://github.com/nodejs/node/pull/5494
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
V8 String::NewExternal is deprecated in 4.9. Migrate string_bytes.cc to
the alternatives.
PR-URL: https://github.com/nodejs/node/pull/5462
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Simplify how node_contextify was keeping a weak reference to the
sandbox object in order to prepare for new style phantom weakness V8
API. It is simpler (and more robust) for the context to hold a
reference to the sandbox in an embedder data field. Doing otherwise
meant that the sandbox could become weak while the context was still
alive. This wasn't a problem because we would make the reference
strong at that point.
Since the sandbox must live at least as long as the context, it
would be better for the context to hold onto the sandbox.
PR-URL: https://github.com/nodejs/node/pull/5392
Reviewed-By: Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Cleanup how node_contextify keeps weak references in order to prepare
for new style phantom weakness API. We didn't need to keep a weak
reference to the context's global proxy, as the context holds it.
PR-URL: https://github.com/nodejs/node/pull/5392
Reviewed-By: Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Old style SetWeak is now deprecated, and weakness now works like
phantom references. This means we no longer have a reference to the
object in the weak callback. We use a kInternalFields style weak
callback which provides us with the contents of 2 internal fields
where we can squirrel away the native buffer pointer.
We can no longer neuter the buffer in the weak callback, but that
should be unnecessary as the object is going to be GC'd during the
current gc cycle.
PR-URL: https://github.com/nodejs/node/pull/5204
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Dynamic checks that CallbackInfo holds an ArrayBuffer handle can be
converted into compiler enforced checks. Removed unused code, and
other minor cleanup.
PR-URL: https://github.com/nodejs/node/pull/5204
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Proxies support is now complete in V8. The tests needed slight modification to
match the spec implementation.
PR-URL: https://github.com/nodejs/node/pull/4722
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
- An error message changed for undefined references
- `let` is now allowed in sloppy mode
- ES2015 proxies are shipped and the `Proxy` global is now a function
PR-URL: https://github.com/nodejs/node/pull/4722
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Notable changes:
* http_parser: Update to http-parser 1.2 to fix an unintentionally
strict limitation of allowable header characters.
(James M Snell) https://github.com/nodejs/node/pull/5242
* domains:
- Prevent an exit due to an exception being thrown rather than
emitting an 'uncaughtException' event on the `process` object when
no error handler is set on the domain within which an error is
thrown and an 'uncaughtException' event listener is set on
`process`. (Julien Gilli) https://github.com/nodejs/node/pull/3887
- Fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.
(Julien Gilli) https://github.com/nodejs/node/pull/3887
* openssl: Upgrade from 1.0.1r to 1.0.1s
(Ben Noordhuis) https://github.com/nodejs/node/pull/5508
- Fix a double-free defect in parsing malformed DSA keys that may
potentially be used for DoS or memory corruption attacks. It is
likely to be very difficult to use this defect for a practical
attack and is therefore considered low severity for Node.js users.
More info is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0705
- Fix a defect that can cause memory corruption in certain very rare
cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()`
functions. It is believed that Node.js is not invoking the code
paths that use these functions so practical attacks via Node.js
using this defect are _unlikely_ to be possible. More info is
available at
https://www.openssl.org/news/vulnerabilities.html#2016-0797
- Fix a defect that makes the CacheBleed Attack
(https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible.
This defect enables attackers to execute side-channel attacks
leading to the potential recovery of entire RSA private keys. It
only affects the Intel Sandy Bridge (and possibly older)
microarchitecture when using hyper-threading. Newer
microarchitectures, including Haswell, are unaffected. More info
is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0702
- Remove SSLv2 support, the `--enable-ssl2` command line argument
will now produce an error. The DROWN Attack
(https://drownattack.com/) creates a vulnerability where SSLv2 is
enabled by a server, even if a client connection is not using
SSLv2. The SSLv2 protocol is widely considered unacceptably broken
and should not be supported. More information is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0800
PR-URL: https://github.com/nodejs/node/pull/5404
Notable changes:
* http_parser: Update to http-parser 2.3.2 to fix an unintentionally
strict limitation of allowable header characters.
(James M Snell) https://github.com/nodejs/node/pull/5241
* domains:
- Prevent an exit due to an exception being thrown rather than
emitting an 'uncaughtException' event on the `process` object when
no error handler is set on the domain within which an error is
thrown and an 'uncaughtException' event listener is set on
`process`. (Julien Gilli) https://github.com/nodejs/node/pull/3885
- Fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.
(Julien Gilli) https://github.com/nodejs/node/pull/3885
* openssl: Upgrade from 1.0.2f to 1.0.2g
(Ben Noordhuis) https://github.com/nodejs/node/pull/5509
- Fix a double-free defect in parsing malformed DSA keys that may
potentially be used for DoS or memory corruption attacks. It is
likely to be very difficult to use this defect for a practical
attack and is therefore considered low severity for Node.js users.
More info is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0705
- Fix a defect that can cause memory corruption in certain very rare
cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()`
functions. It is believed that Node.js is not invoking the code
paths that use these functions so practical attacks via Node.js
using this defect are _unlikely_ to be possible. More info is
available at
https://www.openssl.org/news/vulnerabilities.html#2016-0797
- Fix a defect that makes the CacheBleed Attack
(https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This
defect enables attackers to execute side-channel attacks leading
to the potential recovery of entire RSA private keys. It only
affects the Intel Sandy Bridge (and possibly older)
microarchitecture when using hyper-threading. Newer
microarchitectures, including Haswell, are unaffected. More info
is available at
https://www.openssl.org/news/vulnerabilities.html#2016-0702
PR-URL: https://github.com/nodejs/node/pull/5403
Rework the doc a bit to tighten it up, including removing the
use of `you`
Fix some line wrapping issues.
PR-URL: https://github.com/nodejs/node/pull/5287
Reviewed-By: Roman Klauke <romaaan.git@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
...
Looping rapidly and making new connections causes problems on pi2.
Instead create a new connection when an old connection has already been
made. Running a stress test of 600 times and they all passed.
Fixes: https://github.com/nodejs/node/issues/5302
PR-URL: https://github.com/nodejs/node/pull/5537
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Alexis Campailla <orangemocha@nodejs.org>
Also fixed a minor color issue with :focus on the title.
PR-URL: https://github.com/nodejs/node/pull/5548
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/5517
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/5517
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Matteo Collina
Alexander Makarenko
Brian White
Evan Lucas
Stefan Budeanu
cjihrig
Michaël Zasso
Ali Ijaz Sheikh
Rod Vagg
James M Snell
Trevor Norris
Wyatt Preul
silverwind
Rich Trott