- Jun 23, 2016
-
-
Evan Lucas authored
Notable changes: This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases for details on patched vulnerabilities. * **buffer** * backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169](https://github.com/nodejs/node/pull/7169) * ignore negative allocation lengths (Anna Henningsen) [#7221](https://github.com/nodejs/node/pull/7221) * **deps**: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40](https://github.com/nodejs/node-private/pull/40) * Fixes a Buffer overflow vulnerability discovered in v8. More details can be found in the CVE (CVE-2016-1699). PR-URL: https://github.com/nodejs/node-private/pull/51
-
Natanael Copa authored
Replace '...' as invalid hostname with '***', which will give a more consisten error message on different systems. The hostname '...' returns EAI_AGAIN on musl libc and EAI_NONAME on most other systems. By changing the testcase we get same restult on all known platforms. PR-URL: https://github.com/nodejs/node/pull/5099 Reviewed-By:
Rich Trott <rtrott@gmail.com> Reviewed-By:
Rod Vagg <rod@vagg.org>
-
Ben Noordhuis authored
Original commit message: Fix overflow issue in Zone::New When requesting a large allocation near the end of the address space, the computation could overflow and erroneously *not* grow the Zone as required. BUG=chromium:606115 LOG=y Review-Url: https://codereview.chromium.org/1930873002 Cr-Commit-Position: refs/heads/master@{#35903} PR-URL: https://github.com/nodejs/node-private/pull/40 Reviewed-By:
Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By:
Myles Borins <myles.borins@gmail.com> Reviewed-By:
-
- Jun 17, 2016
-
-
Сковорода Никита Андреевич authored
Test failed or zero-sized Buffer allocations not affecting subsequent creations of typed arrays. PR-URL: https://github.com/nodejs/node/pull/7169 Reviewed-By:
James M Snell <jasnell@gmail.com> Reviewed-By:
Anna Henningsen <anna@addaleax.net>
-
Сковорода Никита Андреевич authored
This backports the new `Buffer.allocUnsafeSlow()` API for v5. This backport includes the new API, test cases, and docs additions. Already present API and testcases were not changed. PR-URL: https://github.com/nodejs/node/pull/7169 Reviewed-By:
-
Anna Henningsen authored
Treat negative length arguments to `Buffer()`/`allocUnsafe()` as if they were zero so the allocation does not affect the pool’s offset. Fixes: https://github.com/nodejs/node/issues/7047 Refs: https://github.com/nodejs/node/pull/7051 PR-URL: https://github.com/nodejs/node/pull/7221 Reviewed-By:
Trevor Norris <trev.norris@gmail.com> Reviewed-By:
-
- May 05, 2016
-
-
Evan Lucas authored
PR-URL: https://github.com/nodejs/node/pull/6597
-
Evan Lucas authored
Notable changes * buffer: safeguard against accidental kNoZeroFill (Сковорода Никита Андреевич) [nodejs/node-private#35](https://github.com/nodejs/node-private/pull/35) * deps: upgrade openssl sources to 1.0.2h (Shigeki Ohtsu) [#6552](https://github.com/nodejs/node/pull/6552)
-
Сковорода Никита Андреевич authored
This makes sure that `kNoZeroFill` flag is not accidentally set by moving the all the flag operations directly inside `createBuffer()`. It safeguards against logical errors like https://github.com/nodejs/node/issues/6006. This also ensures that `kNoZeroFill` flag is always restored to 0 using a try-finally block, as it could be not restored to 0 in cases of failed or zero-size `Uint8Array` allocation. It safeguards against errors like https://github.com/nodejs/node/issues/2930. It also makes the `size > 0` check not needed there. PR-URL: https://github.com/nodejs/node-private/pull/35 Reviewed-By:
-
- May 04, 2016
-
-
Shigeki Ohtsu authored
https://github.com/openssl/openssl/commit/af2db04c9979554ada88d969da6332a827a47599 changed some ALPN behaviors. The tests when ALPN has no selection should be fixed because openssl was changed NPN callback to be invoked in this case. PR-URL: https://github.com/nodejs/node/pull/6552 Reviewed-By:
Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By:
Shigeki Ohtsu <ohtsu@iij.ad.jp>
-
Shigeki Ohtsu authored
Regenerate asm files with Makefile and CC=gcc and ASM=gcc where gcc-4.8.4. Also asm files in asm_obsolete dir to support old compiler and assembler are regenerated without CC and ASM envs. PR-URL: https://github.com/nodejs/node/pull/6552 Reviewed-By:
-
Shigeki Ohtsu authored
In openssl s_client on Windows, RAND_screen() is invoked to initialize random state but it takes several seconds in each connection. This added -no_rand_screen to openssl s_client on Windows to skip RAND_screen() and gets a better performance in the unit test of test-tls-server-verify. Do not enable this except to use in the unit test. Fixes: https://github.com/nodejs/io.js/issues/1461 PR-URL: https://github.com/nodejs/io.js/pull/1836 Reviewed-By:
-
Shigeki Ohtsu authored
Reapply b9106137 . Fixes: https://github.com/iojs/io.js/issues/589 PR-URL: https://github.com/iojs/io.js/pull/1389 Reviewed-By:
Fedor Indutny <fedor@indutny.com> Reviewed-By:
-
Shigeki Ohtsu authored
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: https://github.com/iojs/io.js/issues/589 PR-URL: https://github.com/iojs/io.js/pull/1389 Reviewed-By:
-
Fedor Indutny authored
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: https://github.com/iojs/io.js/issues/589 PR-URL: https://github.com/iojs/io.js/pull/1389 Reviewed-By:
-
Shigeki Ohtsu authored
All symlink files in `deps/openssl/openssl/include/openssl/` are removed and replaced with real header files to avoid issues on Windows. Two files of opensslconf.h in crypto and include dir are replaced to refer config/opensslconf.h. PR-URL: https://github.com/nodejs/node/pull/6552 Reviewed-By:
-
Shigeki Ohtsu authored
This replaces all sources of openssl-1.0.2h.tar.gz into deps/openssl/openssl PR-URL: https://github.com/nodejs/node/pull/6552 Reviewed-By:
-
- Apr 26, 2016
-
-
Mr C0B authored
fixes `Buffer(.from[1, 2, 3])` into `Buffer.from(...)` (v5.x only) https://nodejs.org/dist/latest-v5.x/docs/api/buffer.html Commented in: https://github.com/nodejs/node/commit/c1534e7#commitcomment-17228215 PR-URL: https://github.com/nodejs/node/pull/6361 Reviewed-By:
Brian White <mscdex@mscdex.net> Reviewed-By:
Colin Ihrig <cjihrig@gmail.com> Reviewed-By:
-
- Apr 21, 2016
-
-
Myles Borins authored
PR-URL: https://github.com/nodejs/node/pull/6322
-
Myles Borins authored
Buffer: * Buffer.prototype.compare can now compare sub-ranges of two Buffers (James M Snell) https://github.com/nodejs/node/pull/5880 deps: * update to http-parser 2.7.0 (Fedor Indutny) https://github.com/nodejs/node/pull/6279 * update ESLint to 2.7.0 (silverwind) https://github.com/nodejs/node/pull/6132 net: * adds support for passing DNS lookup hints to createConnection() (Colin Ihrig) https://github.com/nodejs/node/pull/6000 node: * Make the builtin libraries available for the --eval and --print CLI options (Anna Henningsen) https://github.com/nodejs/node/pull/6207 npm: * upgrade npm to 3.8.6 (Kat Marchán) https://github.com/nodejs/node/pull/6153 repl: * Pressing enter in the repl will repeat the last command by default if no input has been received. This behaviour was in node previously and was not removed intentionally. (Rich Trott) https://github.com/nodejs/node/pull/6090 src: * add SIGINFO to supported signals (James Reggio) https://github.com/nodejs/node/pull/6093 streams: * Fix a regression that caused by net streams requesting multiple chunks synchronously when combined with cork/uncork (Matteo Collina) https://github.com/nodejs/node/pull/6164 zlib: * The flushing flag is now configurable allowing for decompression of partial data (Anna Henningsen) https://github.com/nodejs/node/pull/6069 PR-URL: https://github.com/nodejs/node/pull/6322
-
- Apr 20, 2016
-
-
Anna Henningsen authored
Add a regression test based on the report in https://github.com/nodejs/node/issues/6034. PR-URL: https://github.com/nodejs/node/pull/6270 Reviewed-By:
Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By:
-
James Lal authored
An internal zlib error may cause _handle to be set to null. Close now will check if there is a _handle prior to calling .close on it. PR-URL: https://github.com/nodejs/node/pull/5982 Fixes: https://github.com/nodejs/node/issues/6034 Reviewed-By:
-
Brian White authored
PR-URL: https://github.com/nodejs/node/pull/6291 Reviewed-By:
Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By:
Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By:
Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By:
-
Robert Jefe Lindstaedt authored
* doc: rename .markdown references in content * doc: rename to .md in tools * doc: rename to .md in CONTRIBUTING.md PR-URL: https://github.com/nodejs/node/pull/4747 Reviewed-By:
Johan Bergström <bugs@bergstroem.nu> Reviewed-By:
-
Anna Henningsen authored
Add a full example using `zlib.flush()` for the common use case of writing partial compressed HTTP output to the client. PR-URL: https://github.com/nodejs/node/pull/6172 Reviewed-By:
Robert Jefe Lindstädt <robert.lindstaedt@gmail.com>
-
Anna Henningsen authored
Describe that `zlib.flush()` may wait for pending writes and until output is being read from the stream. Fixes: https://github.com/nodejs/node/issues/3782 PR-URL: https://github.com/nodejs/node/pull/6172 Reviewed-By:
-
Anna Henningsen authored
Make sure that the built-in modules in the repl stay non-enumerable. Previously, they would pop up as enumerable properties of the global object after having been accessed for the first time. PR-URL: https://github.com/nodejs/node/pull/6207 Reviewed-By:
-
Anna Henningsen authored
Make the builtin libraries available for the `--eval` and `--print` CLI options, using the same mechanism that the REPL uses. This renders workarounds like `node -e 'require("fs").doStuff()'` unnecessary. As part of this, the list of builtin modules and the code for adding the corresponding properties to the target context is moved to `internal/module.js`, and the previously missing `repl` entry is added. PR-URL: https://github.com/nodejs/node/pull/6207 Reviewed-By: -
Anna Henningsen authored
Up to now, `Z_FINISH` was always the flushing flag that was used for the last chunk of input data. This patch makes this choice configurable so that advanced users can perform e.g. decompression of partial data using `Z_SYNC_FLUSH`, if that suits their needs. Add tests to make sure that an error is thrown upon encountering invalid `flush` or `finishFlush` flags. Fixes: https://github.com/nodejs/node/issues/5761 PR-URL: https://github.com/nodejs/node/pull/6069 Reviewed-By:
-
Anna Henningsen authored
Detect whether a gzip file is being passed to `unzip*` by testing the first bytes for the gzip magic bytes, and setting the decompression mode to `GUNZIP` or `INFLATE` according to the result. This enables gzip-only features like multi-member support to be used together with the `unzip*` autodetection support and thereby makes `gunzip*` and `unzip*` return identical results for gzip input again. Add a simple test for checking that features specific to `zlib.gunzip`, notably support for multiple members, also work when using `zlib.unzip`. PR-URL: https://github.com/nodejs/node/pull/5884 Reviewed-By:
-
Rich Trott authored
PR-URL: https://github.com/nodejs/node/pull/6090 Reviewed-By:
Claudio Rodriguez <cjrodr@yahoo.com> Reviewed-By:
-
Santiago Gimeno authored
Only `test-stdin-from-file.js` has been modified so that the `stdin.txt` is written in a temp directory instead of the `fixtures` directory. PR-URL: https://github.com/nodejs/node/pull/6187 Reviewed-By:
-
Anna Henningsen authored
Add `CHECK_NE(·, nullptr)` after allocations made when spawning child processes. PR-URL: https://github.com/nodejs/node/pull/6256 Reviewed-By:
-
Surya Panikkal authored
PR-URL: https://github.com/nodejs/node/pull/6241 Reviewed-By:
-
Rich Trott authored
The test directory had linting for undefined variables disabled. It is enabled everywhere else in the code base. Let's disable the fule for individual lines in the handful of tests that use undefined variables. PR-URL: https://github.com/nodejs/node/pull/6255 Reviewed-By:
Roman Reiss <me@silverwind.io>
-
Rich Trott authored
`assert.fail()` is often mistakenly used with a single argument even in Node.js core. (See fixes to previous instances in b7f4b1ba, 28e9a022. and 676e6187.) This commit adds a linting rule to identify instances of this issue. PR-URL: https://github.com/nodejs/node/pull/6261 Reviewed-By:
Minwoo Jung <jmwsoft@gmail.com> Reviewed-By:
-
Rich Trott authored
`lib/internal/v8_prof_processor.js` was being excluded from linting, but the only lint issue it has is that it cannot run in strict mode. Disable the `strict` rule with a comment and remove the file from `.eslintignore`. PR-URL: https://github.com/nodejs/node/pull/6262 Reviewed-By:
Roman Klauke <romaaan.git@gmail.com> Reviewed-By:
-
Gibson Fahnestock authored
The tar-headers target tries to find and delete links in the tar folder, which fails as no links are found. Use rm -f to avoid this. Remove the config.gypi dependency, as the target runs configure itself. PR-URL: https://github.com/nodejs/node/pull/5978 Reviewed-By:
Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By:
-
Josh Leder authored
See: https://github.com/nodejs/node/pull/6198 PR-URL: https://github.com/nodejs/node/pull/6279 Reviewed-By:
-
Fedor Indutny authored
When handling a response to `CONNECT` request - skip message body and do not attempt to parse the next message. `CONNECT` requests are used in similar sense to HTTP Upgrade. Fix: https://github.com/nodejs/node/pull/6198 PR-URL: https://github.com/nodejs/node/pull/6279 Reviewed-By:
-
