Added checks where necessary to prevent hard crashes and gave
precedence to returning the OpenSSL error strings instead of generic
error strings.
PR-URL: https://github.com/nodejs/node/pull/3753
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Since util.isBuffer is deprecated, we should be explicit that
Buffer.isBuffer should be used instead.
PR-URL: https://github.com/nodejs/node/pull/3790
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
On my slow Ubuntu 14.04 machine, this fails to resolve the host name
used (`no.way.you.will.resolve.this`) and it times out in local testing.
This patch uses an invalid name (`...`) and does stricter validation of
the error returned.
PR-URL: https://github.com/nodejs/node/pull/3711
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
When getaddrinfo linked-list results contain entries other than AF_INET
and AF_INET6, the resulting v8::Array will contain undefined values.
That's because initialization of v8::Array pre-allocates entries for all
linked-list nodes, but not all of them will be in the final results.
This commit ensures that the array only contains valid results.
PR-URL: https://github.com/nodejs/node/pull/3696
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/nodejs/node/pull/3689
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
test fails intermittently due to the assertion that the 'disconnect'
event should come before the 'exit' event. This is caused be the
non-deteministic behaviour of pollset_poll[1] on AIX
(see deps/uv/src/unix/aix.c). This API makes no garauntee for the order
in which file descriptors are returned. On linux epoll_wait[2] is used,
which also does not make a garauntee on order of file descriptors
returned. In the failing case we recieve our file descriptor with a
callback of uv__signal_event (which causes JavaScript to receive the
exit event) before our file descriptor with uv__stream_io as its
callback (which in turn causes JavaScript receive the disconnect event).
This change simply removes the assertion that the disconnect event
happens before exit event and processes the test regardless of which
event comes first.
[1] https://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.ai
x.basetrf1/pollset.htm
[2] http://linux.die.net/man/2/epoll_pwait
PR-URL: https://github.com/nodejs/node/pull/3666
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
There is currently no information in the Collaborators guide regarding
LTS. This commit adds some basic copy explaining what LTS is, what is
considered for LTS, and a simple way collaborators can help.
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Steven R. Loomis <srloomis@us.ibm.com>
PR-URL: https://github.com/nodejs/node/pull/3442
When a compiled library file does not have the proper format,
musl returns the error message ENOEXEC as 'Exec format error' but
glibc returns 'file too short' if the file is under a certain size.
Reference:
http://git.musl-libc.org/cgit/musl/tree/src/errno/__strerror.h#n46
This patch consists of tolerating musl's error.
PR-URL: https://github.com/nodejs/node/pull/3657
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Fixed an intermittent issue on AIX where the 600ms timeout was reached
before the 'connection' event was fired. This resulted in a failure as
serverConnection would be undefined and the assert.equal would throw an
error. Changed the flow of the test so that the timeout is only set
after a connection has been made.
PR-URL: https://github.com/nodejs/node/pull/3646
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
* A known issue was resolved but not removed from the list
* The wrong date was documented in the changelog for v4.2.2
PR-URL: https://github.com/nodejs/node/pull/3650
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Fix regarding description of the following functions:
Certificate.exportPublicKey(spkac)
Certificate.exportChallenge(spkac)
The descriptions were applied incorrectly.
PR-URL: https://github.com/nodejs/node/pull/3614
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Use path join to construct the path instead of concatenating strings.
Replace backslash with double backslash so that they are escaped
correctly in the string passed to REPL.
PR-URL: https://github.com/nodejs/node/pull/3608
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The examples for implementing the simplified constructor API
was missing some details on its correct usages.
PR-URL: https://github.com/nodejs/node/pull/3602
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Chris Dickinson <chris@neversaw.us>
`debuglog` uses `%j` as a placeholder for replacement with
`JSON.stringify`. So that `JSON.stringify` is only called when the
appropriate debug flag is on. The other `%s` changes are for style
consistency.
PR-URL: https://github.com/nodejs/node/pull/3578
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This makes the code spans in the API docs more visible and
therefore readable by adding some background color.
PR-URL: https://github.com/nodejs/node/pull/3573
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
This test assures that if flush is called while the zlib object needs
to be drained that it will defer the callback until after the drain.
PR-URL: https://github.com/nodejs/node/pull/3534
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
When stream.flush() is called without a callback, an empty listener is
being added. Since flush may be called multiple times to push SSE's
down to the client, multiple noop listeners are being added. This in
turn causes the memory leak detected message.
PR-URL: https://github.com/nodejs/node/pull/3534
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
When setTimeout() and setInterval() are called with `delay` greater than
TIMEOUT_MAX (2147483647), the supplied value is ignored and 1 is used
instead. Add a note about this in the timers docs.
PR-URL: https://github.com/nodejs/node/pull/3512
Reviewed-By: Trevor Norris <trev.norris@gmai.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This reverts 8cee8f5 which was causing stdin to behave strangely on
Windows 8 and 10. The suspected explanation for the issue is that there
might be a race condition occuring when stdin._readableState.reading is
set indirectly through `push('')`.
PR-URL: https://github.com/nodejs/node/pull/3490
Fixes: https://github.com/nodejs/node/issues/2996
Fixes: https://github.com/nodejs/node/issues/2504
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Add description of user responsibility in the choice of cypto
algorithms and its key length. Some of recommendations for the safer
use are also described.
PR-URL: https://github.com/nodejs/node/pull/3479
Reviewed-By: James M Snell <jasnell@gmail.com>
When the user hits `^C` in the REPL show more info about `.exit`.
The idea was to give more info to the user when they hit ^C.
Current version just displays `(^C again to quit)` and most
of the users are not aware of the `.exit` command that would
Exit the repl.
PR-URL: https://github.com/nodejs/node/pull/3368
Reviewed-By: James M Snell <jasnell@gmail.com>
Update the documentation for `process.stdout` and `process.stdout` to
clarify that writes can block when stdio is redirected to a file. In
all other cases, it's non-blocking.
PR-URL: https://github.com/nodejs/node/pull/3170
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
PR-URL: https://github.com/nodejs/node/pull/2796
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: James M Snell <jasnell@gmail.com>
Fix configure_library() to produce correct LDFLAGS when configuring with
prebuilt 3rd-party libraries (libuv, openssl, etc) using `pkg-config' or
`--shared-{LIBRARY}-includes=xxx --shared-{LIBRARY}-libpath=xxx'.
PR-URL: https://github.com/nodejs/node/pull/3135
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
This patch
- issues a TAP plugin parsable message on non darwin/windows boxes
- uses `const` wherever applicable
- moves the test to parallel
PR-URL: https://github.com/nodejs/node/pull/2599
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>
Security Update
Notable items:
* http: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
* openssl: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against a Node.js TLS server using
DHE key exchange. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
in out-of-bounds reads for arrays. (Ben Noordhuis)
PR-URL: https://github.com/nodejs/node-private/pull/12
This just replaces all sources of openssl-1.0.2e.tar.gz into
deps/openssl/openssl
deps: copy all openssl header files to include dir
All symlink files in `deps/openssl/openssl/include/openssl/`
are removed and replaced with real header files to avoid
issues on Windows. Two files of opensslconf.h in crypto and
include dir are replaced to refer config/opensslconf.h.
deps: fix openssl assembly error on ia32 win32
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .
deps: fix asm build error of openssl in x86_win32
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html
node needs to stop using masm and move to nasm or yasm on Win32.
openssl: fix keypress requirement in apps on win32
Reapply b910613792 .
deps: add -no_rand_screen to openssl s_client
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.
deps: update openssl config files
Regenrate config files for supported platforms with Makefile.
deps: update openssl asm and asm_obsolete files
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where
gcc-4.8.4. Also asm files in asm_obsolete dir to support old compiler
and assmebler are regenerated without CC and ASM envs.
PR-URL: https://github.com/nodejs/node/pull/4134
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Move ENOENT related tests out of general fs.watch() test file and into
its own file. This may help diagnose
https://github.com/nodejs/node/issues/3541.
PR-URL: https://github.com/nodejs/node/pull/3548
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Stefan Budeanu
Evan Lucas
Roman Klauke
Saúl Ibarra Corretgé
Myles Borins
cjihrig
Sakthipriyan Vairamani
Junliang Yan
qinjia
Imran Iqbal
James M Snell
Hugues Malphettes
Sam P Gallagher-Bishop
Steven R. Loomis
Jason Gerfen
Michael Cornacchia
Tom Gallacher
Andres Suarez
phijohns
Ömer Fadıl Usta
Manuel B
Craig Cavalier
David Woods
Guilherme Souza
Roman Reiss
Shigeki Ohtsu
Hemanth.HM
Alejandro Oviedo
Ben Noordhuis
fansworld-claudio
Markus Tzoe
Forrest L Norvell
Rod Vagg
Fedor Indutny
reggi
Rich Trott