DES-CBC-SHA is LOW cipher and disabled by default and it is used in
tests of hornorcipherorder. They are changed as to
- use RC4-SHA instead of DES-CBC-SHA.
- add ECDHE-RSA-AES256-SHA to entries to keep the number of ciphers.
- remove tests for non-default cipher because only SEED and IDEA are
available in !RC4:!HIGH:ALL.
Fixes: https://github.com/nodejs/LTS/issues/85
PR-URL: https://github.com/nodejs/node/pull/5712
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
backport fix for test-http-get-pipeline-problem.js from master
to 0.12.X. We've been seeing an intermittent failure
in runs for zLinux with SLES 12. We confirmed that this fix
resolves the issue so would like it in 0.12.X
The original commit does not apply cleanly as the paths were
changed, but the actual change is identical. The original commit was:
3ba4f71fc4
PR-URL: https://github.com/nodejs/node/pull/3013
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: James M Snell <jasnell@gmail.com>
Remove support for SSLv2 because of DROWN (CVE-2016-0800).
Use of the `--enable-ssl2` flag is now an error; node will print an
error message and exit.
PR-URL: https://github.com/nodejs/node/pull/5536
Reviewed-By: Rod Vagg <rod@vagg.org>
Fixes http-parser regression with IS_HEADER_CHAR check
Add test case for obstext characters (> 0x80) in header
PR-URL: https://github.com/nodejs/node/pull/5241
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
It is possible that the internal handleMessage() might try to send to
a channel that has been closed. The result can be an AssertionError.
Guard against this.
Fixes: https://github.com/nodejs/node/issues/4205
PR-URL: https://github.com/nodejs/node/pull/5153
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit prevents child process stdio streams from being
automatically flushed on child process exit/close if a 'readable'
event handler has been attached at the time of exit.
Without this, child process stdio data can be lost if the process
exits quickly and a `read()` (e.g. from a 'readable' handler)
hasn't had the chance to get called yet.
Fixes: https://github.com/nodejs/node/issues/5034
PR-URL: https://github.com/nodejs/node/pull/5037
Reviewed-By: James M Snell <jasnell@gmail.com>
Fix node exiting due to an exception being thrown rather than emitting
an 'uncaughtException' event on the process object when:
1. no error handler is set on the domain within which an error is thrown
2. an 'uncaughtException' event listener is set on the process
Also fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and --abort-on-uncaught-exception is used.
Fixes#3607 and #3653.
PR: #3885
PR-URL: https://github.com/nodejs/node/pull/3885
Reviewed-By: James M Snell <jasnell@gmail.com>
d1ba82af1c2528c71e1b6b6a57844a7519b66ccb "fixed"
test-domain-exit-dispose-again by changing its logic to test that
process.domain was cleared properly in case an error was thrown from
a timer's callback.
However, it became clear when reviewing a recent change that refactors
lib/timers.js that it was not quite the intention of the original test.
Thus, this change adds the original implementation of
test-domain-exit-dispose-again back, with comments that make its
implementation easier to understand.
It also preserves the changes made by
d1ba82af1c2528c71e1b6b6a57844a7519b66ccb, but it moves them to a new
test file named test-timers-reset-process-domain-on-throw.js.
PR: #4278
PR-URL: https://github.com/nodejs/node/pull/4278
Reviewed-By: James M Snell <jasnell@gmail.com>
test-domain-exit-dispose-again had been written for node v0.10.x, and
was using the fact that callbacks scheduled with `process.nextTick`
wouldn't run if the domain attached to it was disposed.
This is not longer the case, and as a result the test would not catch
any regression: it would always pass.
This change rewrites that test to check that the current domain is
cleared properly when processing the rest of the timers list if a
timer's callback throws an error. This makes the test fail without the
original fix, and pass with the original fix, as expected.
PR: #3991
PR-URL: https://github.com/nodejs/node/pull/3991
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
As part of the fix for logjam, node was upgraded to a
level of openssl which rejects connections to servers that
are using keys smaller than 768 bits. It is still possible,
however, to create a server that uses a smaller key size
and and older client may be able to connect to it.
This PR moves us to a secure by default stance on the
server side as well, preventing the creation of a server
using a dhe key size less than 768. This can be overridden
with the command line option which is also added.
It is derived from
9b35be5810
which was landed in later io.js/node versions but makes
the limit 1024. This PR uses the smaller limit in order
to meet the recomendations for logjam while matching was
was done on the client side in openssl to minimize the
potential impacton users.
The command line option will only be documented in the
release notes and will not be added to the tls
documentation. The goal is that people who are
upgrading are aware and can use the option if they
run into issues, but otherwise the option is not
visible/used.
PR-URL: https://github.com/nodejs/node/pull/3890
Fixes: https://github.com/nodejs/LTS/issues/49
Reviewed-By: Myles Borins <mborins@us.ibm.com>
Reviewed-By: James Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <r@va.gg>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
caeb677
Do not abort the process if an error is thrown from within a domain,
an error handler is setup for the domain and
--abort-on-uncaught-exception was passed on the command line.
However, if an error is thrown from within the top-level domain's
error handler and --abort-on-uncaught-exception was passed on the
command line, make the process abort.
Fixes: #8877
Fixes: https://github.com/nodejs/node-v0.x-archive/issues/8877
PR-URL: https://github.com/nodejs/node-v0.x-archive/pull/25835
Reviewed-By: misterdjules - Julien Gilli <jgilli@nodejs.org>
spawnSync() modifies the options argument. This commit makes
a copy of options before any modifications occur.
PR-URL: https://github.com/joyent/node/pull/9159
Reviewed-By: trevnorris - Trevor Norris <trev.norris@gmail.com>
This test just failed on Ubuntu in Jenkins, for a change that
is 100% Windows-specific.
Reviewed-By: Joao Reis <reis@janeasystems.com>
PR-URL: https://github.com/joyent/node/pull/25750
This change is a backport of 2b4b600660
from io.js.
Original commit message:
This test was failing because the spawned process was terminated
before anything could be done, by calling child.stdin.end. With this
change, the child's stdin is no longer closed. When the stdin is not
a tty, io.js waits for the whole input before starting, so the child
must be run with --interactive to process the command sent by the
parent. The child is killed explicitly by the parent before it exits.
This test was failing silently because the asserts were not called if
nothing was received from the child. This fix moves assertOutputLines
to always run on exit.
Fixes: https://github.com/nodejs/io.js/issues/2177
Refs: https://github.com/nodejs/io.js/issues/2094
PR-URL: https://github.com/nodejs/io.js/pull/2186
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25748
- `test-crypto-domains` was fixed by
joyent/node@2afa3d8a03f1f0798d83dc57abc252bb78b7e591
- All tests under linux appear to be fixed and have not failed recently
on Jenkins
- `test-http-dns-fail` was fixed by the DNS configuration change
mentioned in joyent/node#8056
Fixes#25656Fixes#25673
Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
PR-URL: https://github.com/joyent/node/pull/25676
test-microtask-queue-run and test-microtask-queue-run-domain fail very
rarely at least on linux x64, windows 2012r2 x64 and smartos x86
Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
PR-URL: https://github.com/joyent/node/pull/25606
This reverts commit 67d9a56251.
This commit actually reverts both
67d9a56251 and
02a549ed2b (both related to ciphers list
changes). It does it in one commit because reverting
02a549ed2b results in an empty commit.
These changes are not yet ready to be released, and before they are we
want to be able to publish new releases. We're reverting them so that we
can submit a new PR that will contain all these changes plus what's
necessary to be able to land them properly.
Conflicts:
src/node.cc
PR: #25511
PR-URL: https://github.com/joyent/node/pull/25511
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Test of 512 bits key is failed after upgrading openssl-1.0.1o due to
its limit of 768 bits key size. Remove it and start from 1024 bits
test.
Reviewed-By: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/joyent/node/pull/25533
When a timer is added in another timer's callback, its underlying timer
handle will be started with a timeout that is actually incorrect.
The reason is that the value that represents the current time is not
updated between the time the original callback is called and the time
the added timer is processed by timers.listOnTimeout. That leads the
logic in timers.listOnTimeout to do an incorrect computation that makes
the added timer fire with a timeout of scheduledTimeout +
timeSpentInCallback.
This change fixes that and make timers scheduled within other timers'
callbacks fire as expected.
Fixes#9333 and #15447.
PR: #17203
PR-URL: https://github.com/joyent/node/pull/17203
Reviewed-By: Fedor Indutny <fedor@indutny.com>
A deadlock happens when sampler initiated by SIGPROF tries to lock
the thread and the thread is already locked by the same thread. As
a result, other thread involved in sampling process hangs. The
patch adds a check for thread lock before continuing sampler
operation.
The fix has been tested on a sample app under load with and without
profiling turned on.
Fixes issue #14576 and specifically the duplicate issue #25295
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/joyent/node/pull/25309
This improves the performance of openssl s_client on Windows and
gains several seconds to finish test-tls-server-verify.
(cherry picked from commit 2ff517e0e410ea33ba5a3d289a82fc315d120e8e)
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25368
For better performance of the test, the parent kills child processes
so as not to wait them to be ended.
(cherry picked from commit 833b23636045f7afc929196139021630a390391a)
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25368
Now that the test is fixed, node-accept-pull-request should
fail when the test fails.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25368
When running in parallel, it is not easy to identify what server and
client failed when the test fails. This adds identifiers to all lines
of console output.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25368
Different servers must use different ports. Since we can count only on
common.PORT and common.PORT+1, run only 2 servers in parallel.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25368
OpenSSL s_client introduces some delay on Windows. With all clients
running sequentially, this delay is big enough to break CI. This fix runs
the clients in parallel (unless the test includes renegotiation),
reducing the total run time.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25368
With additional load in the system, the child process which runs sleep
command takes more time to run - typically slightly above 1 second,
but above 2 seconds under stress.
While the intent of the test is to test the functionality of spawnSync
and the child process in general, in effect it is testing the system
command sleep, and further, it's responsiveness.
Since from the name the purpose of the test seems to be unrelated to
the sleep behaviour, I believe a more meaningful assertion would be to
see the time taken is more than 1 second.
Reviewed-By: Michael Dawson <mhdawsonibm@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25291
This test currently fails when run on machines without
IPv6 enabled. Futher it was delete in io.js under
3143d732f6 as the test
was known to have problems across platforms and
releases.
The existing test was hard to understand so I wrote
a new version but then found exactly what was
reported in the io.js pull request. Behaviour varies
across platforms such that writing a solid test would
either be infeasible or test so little that
it does not seem to make sense to keep it.
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25326
Revert "disable RC4, add --cipher-list command line switch" and
"tls: make --enable-legacy-cipher-list=val less verbose"
This reverts commit f9291a9449 and
b5737bb977.
There is still some work to be done to guarantee secure defaults and a
smooth upgrade path for v0.12.x users. Before this work is finished, we
want to be able to release new versions of v0.12.x. So instead of
waiting for these changes to be ready to ship, revert them and integrate
them when they're ready to be shipped.
Conflicts:
src/node.cc
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25296
Fix the regexp used to detect 'Unexpected token' errors so that they can
be considered as recoverable. This fixes the following use case:
> var foo = 'bar \
... baz';
undefined
> foo
'bar baz'
>
Fixes#8874
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8875
test-tls-server-verify takes a lont time to execute and times
out on the Jenkins machines.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25284
The loopback on AIX is slower by default than on other platforms
and we've seen a number of tests fail on AIX for this reason. This
looks to be another instance. Changing the test to bind to the
host ip instead of the loopback makes it pass reliably.
This change extends the timeout so that it passes reliably on AIX
even with the slower loopback behaviour
modified: test/simple/test-tls-wrap-timeout.js
Reviewed-By: coln Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25138
072460265226c047369558b23e9ff2748965bf6c floats a patch on V8 that fixes
issue #9113 that would cause let bindings and continue statements in for
loops to not work properly.
This change adds a regression test that fails if that patch is not
properly floated, thus preventing us from not floating that patch after
future V8 upgrades.
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/joyent/node/pull/23948
simple/test-child-process-stdout-flush-exit.js fails with an assertion.
The root cause for this assertion is that the expected boolean value of
true for the variable gotBye was false. This is set to true when the
piped stdout stream of the child writes the end token "goodbye". So the
error message would indicate that the end token was never received by
the parent, but in fact it did. The only difference is that the first
chunk itself had both 'hello' and 'goodbye' (as well as the filler
words in between) in AIX, while Linux receives them separately.
While this issue is not reproducible in Linux, the number of bytes
received each time a callback is called is not consistent across runs,
which is ratified as the actual content size of a UNIX domain data packet
is determined outside of the node's logic, instead in OS tunables, as well
as the runtime context of data transfer (depending on contigeous free
memory available in OS data structures at the time of sending).
In addition, around 200 filler words sent in between the 'hello' and
'goodbye' seem to indicate that the coalescence of chunks was a possibility
in Linux as well, and was devised to separate the first word from the last,
through an arbitrary delimiter.
Parser logic seem to be rigid and have assumptions about the order and size
of the data arrival. For example, it checks for 'goodbye' only when it does
not find 'hello' in it, as if they would always come separately. This
exclusiveness is what makes the test to fail in AIX.
Reviewed-By:
PR-URL: https://github.com/joyent/node/pull/14410
Disable RC4 in the default cipher list
Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST`
environment variable to completely override the default cipher list.
Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST`
environment variable to selectively enable the default cipher list from
previous node.js releases.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/14414
Disable RC4 in the default cipher list
Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST`
environment variable to completely override the default cipher list.
Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST`
environment variable to selectively enable the default cipher list from
previous node.js releases.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/14413
In Linux, simple/test-child-process-fork-net2.js fails intermittently.
In SuSE Linux system, under network high load situations, this failure is
consistently reproducible.
The test case tests whether the TCP connections which were established between
the processes terminate in a timely and clean manner. After some iterations of
data transfer on established connections, the server is closed. The server does
not get closed immediately, instead waits for all the active connections to
terminate. A timed (200ms) callback closes the connections, which eventually
closes the server.
The start is the time when the server close is invoked.
The end is the time when the server is actually closed(onClose call back invoked).
Given that there is a minimum delay of 200ms before the connections are
terminated, expecting the elapsed time above 190 is reasonable and fair,
but looks like the leeway of 800ms for the upper bounds seem to be too
stringent, and breaking some scenarios of network load.
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
PR-URL: https://github.com/joyent/node/pull/14129
Gibson Fahnestock
Shigeki Ohtsu
Michael Dawson
Ben Noordhuis
James M Snell
Rich Trott
Brian White
Julien Gilli
Fedor Indutny
Jeremy Whitlock
cjihrig
Devin Nakamura
Evan Lucas
João Reis
Alexis Campailla
Dmitri Melikyan
Gireesh Punathil