This reverts commit 67d9a56251.
This commit actually reverts both
67d9a56251 and
02a549ed2b (both related to ciphers list
changes). It does it in one commit because reverting
02a549ed2b results in an empty commit.
These changes are not yet ready to be released, and before they are we
want to be able to publish new releases. We're reverting them so that we
can submit a new PR that will contain all these changes plus what's
necessary to be able to land them properly.
Conflicts:
src/node.cc
PR: #25511
PR-URL: https://github.com/joyent/node/pull/25511
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Per feedback on the commit, make the PrintHelp for
--enable-legacy-cipher-list less verbose.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/14413
Disable RC4 in the default cipher list
Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST`
environment variable to completely override the default cipher list.
Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST`
environment variable to selectively enable the default cipher list from
previous node.js releases.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/14413
caeb67735b introduced a regression where
the domains stack would not be cleared after an error had been handled
by the top-level domain.
This change clears the domains stack regardless of the position of the
active domain in the stack.
PR: #9364
PR-URL: https://github.com/joyent/node/pull/9364
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
In very unlikely case, where `deflateInit2()` may return error (right
now happening only on exhausting all memory), the `ZCtx::Error()` will
be called and will try to `Unref()` the handle. But the problem is that
this handle was never `Ref()`ed, so it will trigger an assertion error
and crash the program.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/joyent/node/pull/8687
Do not abort the process if an error is thrown from within a domain, an
error handler is setup for the domain and --abort-on-uncaught-exception
was passed on the command line.
However, if an error is thrown from within the top-level domain's error
handler and --abort-on-uncaught-exception was passed on the command
line, make the process abort.
Fixes: https://github.com/joyent/node/issues/8631
Fixes: https://github.com/joyent/node/issues/8630
PR-URL: https://github.com/joyent/node/pull/8666
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
* openssl: Update to 1.0.1j (Addressing multiple CVEs)
* uv: Update to v0.10.29
* child_process: properly support optional args (cjihrig)
* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny,
Timothy J Fontaine, Alexis Campailla)
This is a behavior change, by default we will not allow the negotiation to
SSLv2 or SSLv3. If you want this behavior, run Node.js with either
`--enable-ssl2` or `--enable-ssl3` respectively.
This does not change the behavior for users specifically requesting
`SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
assumed you know what you're doing since you're specifically asking to use
these methods.
Always set ssl2/ssl3 disabled based on whether they are enabled in Node.
In some corner-case scenario, node with OPENSSL_NO_SSL3 defined could
be linked to openssl that has SSL3 enabled.
This change disables SSLv2/SSLv3 use by default, and introduces a
command line flag to opt into using SSLv2/SSLv3.
SSLv2 and SSLv3 are considered unsafe, and should only be used in
situations where compatibility with other components is required and
they cannot be upgrade to support newer forms of TLS.
* npm: Update to 1.4.28
* v8: fix a crash introduced by previous release (Fedor Indutny)
* configure: add --openssl-no-asm flag (Fedor Indutny)
* crypto: use domains for any callback-taking method (Chris Dickinson)
* http: do not send `0rnrn` in TE HEAD responses (Fedor Indutny)
* querystring: fix unescape override (Tristan Berger)
* url: Add support for RFC 3490 separators (Mathias Bynens)
This adds domains coverage for pdbkdf2, pseudoRandomBytes, and randomBytes.
All others should be covered by event emitters.
Fixes#5801.
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
When backporting f8193ab into v0.10, a regression was introduced. Timers
with non-integer timeout could trigger a infinite recursion with 100%
cpu usage. This commit backports 93b0624 which fixes the regression.
After backporting f8193ab, instead of using Date.now(), timers would use
Timer.now() to determine if they had expired. However, Timer.now() is
based on loop->time, which is not updated when a timer's remaining time
is > 0 and < 1. Timers would thus never timeout if their remaining time
was at some point > 0 and < 1.
With this commit, Timer.now() updates loop->time itself, and timers
always timeout eventually.
Fixes#8065 and #8068.
Original commit message:
timers: use uv_now instead of Date.now
This saves a few calls to gettimeofday which can be expensive, and
potentially subject to clock drift. Instead use the loop time which
uses hrtime internally.
In addition to the backport, this commit:
- keeps _idleStart timers' property which is still set to
Date.now() to avoid breaking existing code that uses it, even if
its use is discouraged.
- adds automated tests. These tests use a specific branch of
libfaketime that hasn't been submitted upstream yet. libfaketime
is git cloned if needed when running automated tests.
Signed-off-by: Timothy J Fontaine <tjfontaine@gmail.com>
* openssl: to 1.0.1h (CVE-2014-0224)
* npm: upgrade to 1.4.10
* utf8: Prevent Node from sending invalid UTF-8 (Felix Geisendörfer)
- *NOTE* this introduces a breaking change, previously you could construct
invalid UTF-8 and invoke an error in a client that was expecting valid
UTF-8, now unmatched surrogate pairs are replaced with the unknown UTF-8
character. To restore the old functionality simply have NODE_INVALID_UTF8
environment variable set.
* child_process: do not set args before throwing (Greg Sabia Tucker)
* child_process: spawn() does not throw TypeError (Greg Sabia Tucker)
* constants: export O_NONBLOCK (Fedor Indutny)
* crypto: improve memory usage (Alexis Campailla)
* fs: close file if fstat() fails in readFile() (cjihrig)
* lib: name EventEmitter prototype methods (Ben Noordhuis)
* tls: fix performance issue (Alexis Campailla)
Previously v8's WriteUtf8 function would produce invalid utf-8 output
when encountering unmatched surrogate code units [1]. The new
REPLACE_INVALID_UTF8 option fixes that by replacing invalid code points
with the unicode replacement character.
[1]: JS Strings are defined as arrays of 16 bit unsigned integers. There
is no unicode enforcement, so one can easily end up with invalid unicode
code unit sequences inside a string.
ClientHelloParser used to contain an 18k buffer that was kept around
for the life of the connection, even though it was not needed in many
situations. I changed it to be deallocated when it's determined to
be no longer needed.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
Julien Gilli
Ben Noordhuis
James M Snell
Jonas Dohse
Timothy J Fontaine
Chris Dickinson
Trevor Norris
Fedor Indutny
Alexis Campailla
Oguz Bastemur
Felix Geisendörfer