Revert "disable RC4, add --cipher-list command line switch" and
"tls: make --enable-legacy-cipher-list=val less verbose"
This reverts commit f9291a9449 and
b5737bb977.
There is still some work to be done to guarantee secure defaults and a
smooth upgrade path for v0.12.x users. Before this work is finished, we
want to be able to release new versions of v0.12.x. So instead of
waiting for these changes to be ready to ship, revert them and integrate
them when they're ready to be shipped.
Conflicts:
src/node.cc
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/25296
Fix the regexp used to detect 'Unexpected token' errors so that they can
be considered as recoverable. This fixes the following use case:
> var foo = 'bar \
... baz';
undefined
> foo
'bar baz'
>
Fixes#8874
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8875
V4MAPPED is not supported on recent FreeBSD versions, at least on 10.1.
Thus, do not set this flag in net.connect on FreeBSD.
Fixes#8540 and #9204.
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/joyent/node/pull/18204
When debug in remote mode with host:port or pid, the interface
spawn child process also. If the debugger agent is running, will
get following output:
```
< Error: listen EADDRINUSE :::5858
< at Object.exports._errnoException (util.js:734:11)
< at exports._exceptionWithHostPort (util.js:757:20)
< at Agent.Server._listen2 (net.js:1155:14)
< at listen (net.js:1181:10)
< at Agent.Server.listen (net.js:1268:5)
< at Object.start (_debug_agent.js:21:9)
< at startup (node.js:68:9)
< at node.js:799:3
```
This fix won't spawn child process and no more error message was
shown.
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/joyent/node/pull/14172
Disable RC4 in the default cipher list
Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST`
environment variable to completely override the default cipher list.
Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST`
environment variable to selectively enable the default cipher list from
previous node.js releases.
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/joyent/node/pull/14414
This change is a backport of 1a3ca8223e
from io.js.
Original commit message:
Read all pending data out of the socket on `error` event and ensure that
no `data`/`end` handlers will be invoked on `socket.destroy()`.
Otherwise following assertion happens:
AssertionError: null == true
at TLSSocket.socketOnData (_http_client.js:308:3)
at TLSSocket.emit (events.js:107:17)
at TLSSocket.Readable.read (_stream_readable.js:373:10)
at TLSSocket.socketCloseListener (_http_client.js:229:10)
at TLSSocket.emit (events.js:129:20)
at TCP.close (net.js:476:12)
Fix: https://github.com/joyent/node/issues/9348
PR-URL: https://github.com/iojs/io.js/pull/1103
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Nicu Micleușanu <micnic90@gmail.com>
Fixes#9348.
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/joyent/node/pull/14087
Improve performance by:
+ Not leaking the `arguments` object!
+ Getting the last character of a string by index, instead of
with `.substr()` or `.slice()`
Improve code consistency by:
+ Using `[]` instead of `.charAt()` where possible
+ Using a function declaration instead of a var declaration
+ Using `.slice()` with clearer arguments
+ Checking if `dir` is truthy in `win32.format`
(added tests for this)
Improve both by:
+ Making the reusable `trimArray()` function
+ Standardizing getting certain path statistics with
the new `win32StatPath()` function
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/joyent/node/pull/9289
process.send() should be synchronous, it should block until the message
has been sent in full, but it wasn't after the second-to-last libuv
upgrade because of commit libuv/libuv@393c1c5 ("unix: set non-block
mode in uv_{pipe,tcp,udp}_open"), which made its way into io.js in
commit 07bd05b ("deps: update libuv to 1.2.1").
Commit libuv/libuv@b36d4ff ("unix: implement uv_stream_set_blocking()")
as landed in io.js in commit 9681fca ("deps: update libuv to 1.4.0")
makes it possible to restore the synchronous behavior again and that's
precisely what this commit does.
The same line of reasoning applies to `net.Socket({ fd: 1 })`: creating
a socket object from a stdio file descriptor, like the `process.stdout`
getter does, should put the file descriptor in blocking mode for
compatibility reasons.
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: https://github.com/joyent/node/pull/9179
When slicing global pool - ensure that the underlying buffer's data ptr
is 8-byte alignment to do not ruin expectations of 3rd party C++ addons.
NOTE: 0.10 node.js always returned aligned pointers and v0.12 should do
this too for compatibility.
PR-URL: https://github.com/joyent/node/pull/9375
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This reverts commit ad0684807c.
Initially, this bug fix targeted master, and I pushed to have it
included in v0.10. In retrospect, I'm not sure it should have made into
v0.10 as it seems it could break a lot of existing working code.
In my opinion, this change is still a bug fix, and it is not backward
incompatible per se. However, I'm not sure that taking the risk to break
a lot of users with a new 0.10.x release that would include this fix is
reasonable, especially now that 0.10.x releases are entering
maintenance mode.
PR-URL: https://github.com/joyent/node/pull/9257
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
A significant performance regressions has been introduced in 1fddc1f for
GET requests which send data through response.end(). The number of
requests per second dropped to somewhere around 6% of their previous
level.
The fix consists of removing a part of the lines added by 1fddc1f,
lines which were supposed to affect only HEAD requests, but interfered
with GET requests instead.
The lines removed would not have affected the behaviour in the case of
a HEAD request as this._hasBody would always be false. Therefore, they
were not required to fix the issue reported in #8361.
Fixes#8940.
PR: #9026
PR-URL: https://github.com/joyent/node/pull/9026
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
The added validation allows non-negative numbers and numeric
strings. All other values result in a thrown exception.
Fixes: https://github.com/joyent/node/issues/9194
PR-URL: https://github.com/joyent/node/pull/9268
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@users.noreply.github.com>
this brings the error messaging in line with
other node TypeError messages.
fixes joyent/node#7766.
PR: #8723
PR-URL: https://github.com/joyent/node/pull/8723
Reviewed-By: James M Snell <jasnell@users.noreply.github.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Currently, lib/_tls_legacy.js and lib/crypto.js cannot be loaded when
--use-strict is passed to node. In addition to that, console.trace
throws because it uses arguments.callee.
This change fixes these issues and adds a test that makes sure
every external built-in module can be loaded with require when
--use-strict is enabled.
Please note that this change does not fix all issues with built-in
modules' code running with --use-strict. It is very likely that some
code in the built-in modules still fails when passing this flag.
However, fixing all code would require us to enable strict mode by
default in all builtins modules, which would certainly break existing
applications.
Fixes#9187.
PR: #9237
PR-URL: https://github.com/joyent/node/pull/9237
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
`TLSSocket` wraps the original `net.Socket`, but writes/reads to/from
`TLSSocket` do not touch the timers of original `net.Socket`.
Introduce `socket._parent` property, and iterate through all parents
to unref timers and prevent timeout event on original `net.Socket`.
Fix: https://github.com/joyent/node/issues/9242
PR-URL: https://github.com/iojs/io.js/pull/891
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This is a backport of 6c3647c38d from
v0.12 to v0.10.
Console.prototype.timeEnd() returns NaN if the timer label
corresponds to a property on Object.prototype. In v0.12, this was fixed
by using Object.create(null) to construct the _times object
However, the version of V8 in the v0.10 branch makes this fix not work
as expected. In v0.10, this commit changes the _times object into a
array of objects of the form:
{ label: someLabel, time: staringWallClockTime }
someLabel can thus be any string, including any string that represents
any Object.prototype field.
Fixes#9116.
PR: #9215
PR-URL: https://github.com/joyent/node/pull/9215
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Currently, fs.truncate() silently fails when a file descriptor
is passed as the first argument. This commit changes this
behavior to properly call fs.ftruncate().
PR-URL: https://github.com/joyent/node/pull/9161
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
If the Buffer allocation isn't a slice then there's no need to adjust
the pool offset after realloc'ing the space available.
Fixes: 6462519 "buffer, doc: misc. fix and cleanup"
The NativeModule system passes NativeModule.require transparently and so
is unnecessary to call explicitly.
The only one which should have the prefix is the in line 295, where
actually implements a big fs-based module system and actually requires a
native module. That is left unchanged.
PR-URL: https://github.com/joyent/node/pull/9201
Ref: https://github.com/joyent/node/issues/2009
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Change the fs.F_OK/R_OK/W_OK/X_OK out of fs.js will lead unexpect
exception. Make these properties readonly.
PR-URL: https://github.com/joyent/node/pull/9060
[trev.norris@gmail.com test properties are read only]
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
A number -> uint32 type coercion bug made buffer sizes
larger than kMaxLength (0x3fffffff) wrap around.
Instead of rejecting the requested size with an exception,
the constructor created a buffer with the wrong size.
PR-URL: https://github.com/iojs/io.js/pull/657
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Currently, JSON.stringify() is used to create error messages
on failed assertions. This causes an error when stringifying
objects with circular references. This commit switches out
JSON.stringify() for util.inspect(), which can handle
circular references.
PR: #8734
PR-URL: https://github.com/joyent/node/pull/8734
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
This reverts commit d312b6d15c.
d312b6d15c introduced some confusion in
the existing API of url.format and url.parse.
The way the 'path' property overrides other properties in url.format's
input is too confusing for existing users compared to the issues it
fixes.
Fixes such as https://github.com/joyent/node/pull/9081 have been
proposed, but they do not make the API less confusing.
Instead, this change just reverts the original breaking change so that
it gives us more time after v0.12.0 is released to come up with a better
API for url.format, url.parse and other related APIs in the v0.13
development branch.
Fixes#9070.
Conflicts:
doc/api/url.markdown
PR: #9109
PR-URL: https://github.com/joyent/node/pull/9109
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Fix regression introduced in 6120472036
that broke parsing of some ssh: urls.
An example url is ssh://git@github.com:npm/npm.git
Fixes#9072.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit restricts socket timeouts non-negative, finite
numbers. Any other value throws a TypeError or RangeError.
This prevents subtle bugs that can happen due to type
coercion.
Fixes: https://github.com/joyent/node/issues/8618
PR-URL: https://github.com/joyent/node/pull/8884
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
In order to preserve the potential for a flush method being added to the
streams API, rename flush to flushHeaders which is much more clear about
the behavior of this method.
PR: #9048
PR-URL: https://github.com/joyent/node/pull/9048
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
Previously if a worker's state machine had already transitioned into the
'listening' state when it received the message enabling the debugger,
the worker would never enable its debugger.
Change the logic to allow the 'listening' as a valid state for enabling
the debugger.
Fixes#6440
Signed-off-by: Julien Gilli <julien.gilli@joyent.com>
In general path functions don't change the case of a path. Making an
exception for windows drive letters violates the principle of least
surprise.
Changing the drive letter case has caused a lot of issues, including
joyent/node#7031, joyent/node#7806 and lots of bikeshedding about
whether uppercase is the right case or lowercase.
This effectively reverts joyent/node@a05f973
Reviewed-by: Alexis Campailla <alexis@janeasystems.com>
Reviewed-by: Julien Gilli <julien.gilli@joyent.com>
Workers that are already disconnected but not yet exited should not be
disconnected, trying to do so raises exceptions.
Signed-off-by: Julien Gilli <julien.gilli@joyent.com>
fs.exists() and fs.existsSync() do not follow the typical error first
callback convention. access() and accessSync() are added as alternatives
in this commit.
PR-URL: https://github.com/joyent/node/pull/8714
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Socket.prototype.connect() sometimes throws on bad inputs
after an asynchronous operation. This commit makes the input
validation synchronous. This commit also removes some hard
coded IP addresses.
PR-URL: https://github.com/joyent/node/pull/8180
Fixes: https://github.com/joyent/node/issues/8140
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
The url.parse() function now checks whether an escapable character is in
the URL before trying to escape it.
PR-URL: https://github.com/joyent/node/pull/8638
[trev.norris@gmail.com: Switch to use continue instead of if]
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Commit 934bfe23a1 had introduced a
regression where node would crash trying to access a null unref timer if
a given unref timer's callback would remove other unref timers set to
fire in the future.
More generally, it makes the unrefTimeout function more solid by not
mutating the unrefList while traversing it.
Fixes#8897.
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This change fixes a regression introduced by commit
0d051238be, which contained a typo that
would cause every unrefd interval to fire only once.
Fixes#8900.
Reviewed-By: Timothy J Fontaine <tjfontaine@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
In cases where many small writes are made to a stream
lacking _writev, the array data structure backing the
WriteReq buffer would greatly increase GC pressure.
Specifically, in the fs.WriteStream case, the
clearBuffer routine would only clear a single WriteReq
from the buffer before exiting, but would cause the
entire backing array to be GC'd. Switching to [].shift
lessened pressure, but still the bulk of the time was
spent in memcpy.
This replaces that structure with a linked list-backed
queue so that adding and removing from the queue is O(1).
In the _writev case, collecting the buffer requires an
O(N) loop over the buffer, but that was already being
performed to collect callbacks, so slowdown should be
neglible.
PR-URL: https://github.com/joyent/node/pull/8826
Reviewed-by: Timothy J Fontaine <tjfontaine@gmail.com>
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Fix Interface.setBreakpoint() to correctly handle an attempt to set a
breakpoint in the current script when there is no current script.
This usually happens when the debugged process is not paused.
Fixes: https://github.com/joyent/node/issues/6453
PR-URL: https://github.com/joyent/node/pull/6460
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Before this change, _unrefActive would keep the unrefList sorted when
adding a new timer.
Because _unrefActive is called extremely frequently, this linear scan
(O(n) at worse) would make _unrefActive show high in the list of
contributors when profiling CPU usage.
This commit changes _unrefActive so that it doesn't try to keep the
unrefList sorted. The insertion thus happens in constant time.
However, when a timer expires, unrefTimeout has to go through the whole
unrefList because it's not ordered anymore.
It is usually not large enough to have a significant impact on
performance because:
- Most of the time, the timers will be removed before unrefTimeout is
called because their users (sockets mainly) cancel them when an I/O
operation takes place.
- If they're not, it means that some I/O took a long time to happen, and
the initiator of subsequents I/O operations that would add more timers
has to wait for them to complete.
With this change, _unrefActive does not show as a significant
contributor in CPU profiling reports anymore.
Fixes#8160.
PR-URL: #8751
Signed-off-by: Timothy J Fontaine <tjfontaine@gmail.com>
Instead of simply creating a new v8::Object to contain the connection
information, instantiate a new instance of a FunctionTemplate. This will
allow future improvements for debugging and performance probes.
Additionally, the "provider" argument in the ReqWrap constructor is no
longer optional.
PR-URL: https://github.com/joyent/node/pull/8110
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Fedor Indutny <fedor@indutny.com>
Reviewed-by: Alexis Campailla <alexis@janeasystems.com>
Reviewed-by: Julien Gilli <julien.gilli@joyent.com>
Async Listener was the name of the user-facing JS API, and is being
completely removed. Instead low level hooks directly into the mechanism
that AL used will be introduced in a future commit.
PR-URL: https://github.com/joyent/node/pull/8110
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Fedor Indutny <fedor@indutny.com>
Reviewed-by: Alexis Campailla <alexis@janeasystems.com>
Reviewed-by: Julien Gilli <julien.gilli@joyent.com>
Julien Gilli
Jackson Tian
James M Snell
Fedor Indutny
Nathan Woltman
Ben Noordhuis
Florin-Cristian Gavrila
cjihrig
Chris Dickinson
Bruno Jouhier
Trevor Norris
Herbert Vojčík
Amir Saboury
Evan Lucas
Timothy J Fontaine
Bert Belder
Sam Roberts
Miroslav Bajtoš
Luis Reis
Juanjo
Jonathan Johnson
Yazhong Liu
Vladimir Kurchatkin