Check that stdin, stdout and stderr map to open file descriptors and
remap them to /dev/null if that isn't the case. Protects against
information leaks or worse when io.js is started with closed stdio
file descriptors.
PR-URL: https://github.com/iojs/io.js/pull/875
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
PR-URL: https://github.com/iojs/io.js/pull/875
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
Commit 8aed9d66 ("src: cleanup `Isolate::GetCurrent()`") breaks building
add-ons because of the following:
In file included from ../node_modules/nan/nan.h:27:0,
from ../src/binding.cc:18:
/home/bnoordhuis/src/v1.x/src/node_object_wrap.h: In member function
'v8::Local<v8::Object> node::ObjectWrap::handle()':
/home/bnoordhuis/src/v1.x/src/node_object_wrap.h:39:46: error: base
operand of '->' has non-pointer type 'v8::Persistent<v8::Object>'
return v8::Local<v8::Object>::New(handle_->GetIsolate(),
persistent());
Mea culpa, I was one of the reviewers.
PR-URL: https://github.com/iojs/io.js/pull/868
Reviewed-By: Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
If the Buffer allocation isn't a slice then there's no need to adjust
the pool offset after realloc'ing the space available.
Fixes: 6462519 "buffer, doc: misc. fix and cleanup"
This updates the default cipher suite to an more secure list, which
prefers strong ciphers with Forward Secrecy. Additionally, it enables
`honorCipherOrder` by default.
Noteable effect of this change is that the insecure RC4 ciphers are
disabled and that Chrome negotiates a more secure ECDHE cipher.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/iojs/io.js/pull/826
The test blindly assumes that the default cipher suite supports RC4
ciphers. This corrects the case where RC4 might not be available in the
default ciphers by setting the client to use the same suite as the
server.
PR-URL: https://github.com/iojs/io.js/pull/853
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit validates the properties of ENOENT error objects
returned by spawn() and spawnSync().
PR-URL: https://github.com/iojs/io.js/pull/838
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
'.' and '..' are directory specs and resolving urls with or
without the hostname with '.' and '..' should add a trailing
slash to the end of the url.
Fixes: https://github.com/joyent/node/issues/8992
PR-URL: https://github.com/iojs/io.js/pull/278
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
The current implementation uses the arguments object in the Server()
constructor. Since both arguments to Server() are optional, there was a
high likelihood of accessing a non-existent element in arguments, which
carries a performance overhead. This commit replaces the arguments
object with named arguments.
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Conflicts:
lib/net.js
Timeout#unref() call returns undefined, not this. The test already
worked before, because the interval was still unref'd, and the test also
succeeds without clearing the interval.
PR-URL: https://github.com/joyent/node/pull/9171
Reviewed-by: Colin Ihrig <cjihrig@gmail.com>
Reviewed-by: Timothy J Fontaine <tjfontaine@gmail.com>
Conflicts:
test/simple/test-timers-unref.js
The NativeModule system passes NativeModule.require transparently and so
is unnecessary to call explicitly.
The only one which should have the prefix is the in line 295, where
actually implements a big fs-based module system and actually requires a
native module. That is left unchanged.
PR-URL: https://github.com/joyent/node/pull/9201
Ref: https://github.com/joyent/node/issues/2009
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Conflicts:
lib/module.js
The message argument is optional for both assert() and
assert.ok(). This commit makes message optional for assert().
PR-URL: https://github.com/joyent/node/pull/9003
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This commit restricts socket timeouts non-negative, finite
numbers. Any other value throws a TypeError or RangeError.
This prevents subtle bugs that can happen due to type
coercion.
Fixes: https://github.com/joyent/node/issues/8618
PR-URL: https://github.com/joyent/node/pull/8884
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Conflicts:
lib/timers.js
test/simple/test-net-settimeout.js
test/simple/test-net-socket-timeout.js
Just added ', it' because the phrasing did not seem correct.
PR-URL: https://github.com/iojs/io.js/pull/815
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
This commit distributes many of the various tests that were previously
strewn about `test-crypto.js` into their own files, such as for Ciphers
and Deciphers, Hashing, and HMACs. Copy pasta, and no style changes
besides removing a few now-unnecessary closures.
Helps eliminate file bloat and allows for easier test prognosis.
PR-URL: https://github.com/iojs/io.js/pull/827
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
does the same thing for firefox as 'antialiased' does for webkit.
PR-URL: https://github.com/iojs/io.js/pull/820
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
The code span is closed with a straight quote instead of the correct
back tick being used.
PR-URL: https://github.com/iojs/io.js/pull/814
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
Fold two integral fields into one and use bitops to access/manipulate
them.
PR-URL: https://github.com/iojs/io.js/pull/667
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
It has been obsoleted by the previous commit. Now it's time to say
goodbye.
PR-URL: https://github.com/iojs/io.js/pull/667
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This commit also breaks up req_wrap.h into req-wrap.h and req-wrap-inl.h
to work around a circular dependency issue in env.h.
PR-URL: https://github.com/iojs/io.js/pull/667
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This is a replacement for the QUEUE macros. It implements the same
functionality but in a way that lets the compiler typecheck it.
PR-URL: https://github.com/iojs/io.js/pull/667
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
These optimizations result in >2x speedup in the ee-add-remove
benchmark:
* Don't mutate array.length when removing the last listener for
an event
* Don't bother checking max listeners if listeners isn't an array
* Don't call delete when removing the last event in _events, just
re-assign a new object instead
PR-URL: https://github.com/iojs/io.js/pull/785
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
This keeps in line with how things are done for the fast path
and *might* even provide a *slight* performance increase.
PR-URL: https://github.com/iojs/io.js/pull/785
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Remove internal object and expose functions directly on binding. This
makes possible to simply use internal functions in other builtin
modules.
PR-URL: https://github.com/iojs/io.js/pull/770
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Ben Noordhuis <info@bnoordhuis.nl>
In the case of using openssl with shared library,
reinterpret_cast<X509V3_EXT_I2V>(i2v_GENERAL_NAMES)) refers plt
pointer so that SafeX509ExtPrint returns false.
Fix it to check it with method of NID_subject_alt_name
This patch originally was created by Fedor Indutny
and Ben Noordhuis
Fixes: https://github.com/iojs/io.js/issues/617
PR-URL: https://github.com/iojs/io.js/pull/800
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Notable changes:
* stream:
- Simpler stream construction, see
https://github.com/iojs/readable-stream/issues/102 for details.
This extends the streams base objects to make their constructors
accept default implementation methods, reducing the boilerplate
required to implement custom streams. An updated version of
readable-stream will eventually be released to match this change
in core. (@sonewman)
* dns:
- `lookup()` now supports an `'all'` boolean option, default to
`false` but when turned on will cause the method to return an
array of *all* resolved names for an address, see,
https://github.com/iojs/io.js/pull/744 (@silverwind)
* assert:
- Remove `prototype` property comparison in `deepEqual()`,
considered a bugfix, see https://github.com/iojs/io.js/pull/636
(@vkurchatkin)
- Introduce a `deepStrictEqual()` method to mirror `deepEqual()`
but performs strict equality checks on primitives, see
https://github.com/iojs/io.js/pull/639 (@vkurchatkin)
* **tracing**:
- Add LTTng (Linux Trace Toolkit Next Generation) when compiled
with the `--with-lttng` option. Trace points match those
available for DTrace and ETW.
https://github.com/iojs/io.js/pull/702 (@thekemkid)
* npm upgrade to 2.5.1
* **libuv** upgrade to 1.4.0
* Add new collaborators:
- Aleksey Smolenchuk (@lxe)
- Shigeki Ohtsu (@shigeki)
This commit improves `readFile` performance by
reducing number of closure allocations and using
`FSReqWrap` directly.
PR-URL: https://github.com/iojs/io.js/pull/718
Reviewed-By: Trevor Norris <trev.norris@gmail.com>