Notable changes:
* npm: Upgrade to v2.15.1. IMPORTANT: This is a major upgrade to npm
v2 LTS from the previously deprecated npm v1. (Forrest L Norvell)
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
authentication tokens in HTTP requests that would allow an attacker
to set up a server that could collect tokens from users of the
command-line interface. Authentication tokens have previously been
sent with every request made by the CLI for logged-in users,
regardless of the destination of the request. This update fixes this
by only including those tokens for requests made against the
registry or registries used for the current install. IMPORTANT:
This is a major upgrade to npm v2 LTS from the previously deprecated
npm v1. (Forrest L Norvell) https://github.com/nodejs/node/pull/5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
are obsolete and not considered safe. This release of Node.js turns
on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
included in these lists which can be used in SSLv3 and higher. Full
details can be found in our LTS discussion on the matter
(https://github.com/nodejs/LTS/issues/85).
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
PR-URL: https://github.com/nodejs/node/pull/5968
Notable changes:
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
authentication tokens in HTTP requests that would allow an attacker
to set up a server that could collect tokens from users of the
command-line interface. Authentication tokens have previously been
sent with every request made by the CLI for logged-in users,
regardless of the destination of the request. This update fixes this
by only including those tokens for requests made against the
registry or registries used for the current install.
(Forrest L Norvell) https://github.com/nodejs/node/pull/5967
* openssl: OpenSSL v1.0.1s disables the EXPORT and LOW ciphers as they
are obsolete and not considered safe. This release of Node.js turns
on `OPENSSL_NO_WEAK_SSL_CIPHERS` to fully disable the 27 ciphers
included in these lists which can be used in SSLv3 and higher. Full
details can be found in our LTS discussion on the matter
(https://github.com/nodejs/LTS/issues/85).
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/5712
PR-URL: https://github.com/nodejs/node/pull/5967
All JS files have been moved out of the `src` directory so the
`.eslintrc` file in that directory can also be removed.
PR-URL: https://github.com/nodejs/node/pull/5959
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Roman Klauke <romankl@users.noreply.github.com>
`test-stdtout-close-unref.js` will fail if `process.stdin._handle` does
not exist. On UNIX-like operating systems, you can see this failure this
way:
./node test/parallel/test-stdout-close-unref.js < /dev/null
This issue has been experienced by @bengl and @drewfish in a Docker
container. I'm not sure why they are experiencing it in their
environment, but since it is possible that the `_handle` property does
not exist, let's use `child_process.spawn()` to make sure it exists.
PR-URL: https://github.com/nodejs/node/pull/5916
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Notable Changes
* https:
- Under certain conditions ssl sockets may have been causing a memory
leak when keepalive is enabled. This is no longer the case.
- (Alexander Penev) https://github.com/nodejs/node/pull/5713
* lib:
- The way that we were internally passing arguments was causing a
potential leak. By copying the arguments into an array we can avoid this
- (Nathan Woltman) https://github.com/nodejs/node/pull/4361
* npm:
- Upgrade to v2.15.1. Fixes a security flaw in the use of authentication
tokens in HTTP requests that would allow an attacker to set up a server
that could collect tokens from users of the command-line interface.
Authentication tokens have previously been sent with every request made
by the CLI for logged-in users, regardless of the destination of the
request. This update fixes this by only including those tokens for
requests made against the registry or registries used for the current
install. (Forrest L Norvell)
* repl:
- Previously if you were using the repl in strict mode the column number
would be wrong in a stack trace. This is no longer an issue.
- (Prince J Wesley) https://github.com/nodejs/node/pull/5416
PR-URL: https://github.com/nodejs/node/pull/5961
Do not convert typed arrays to `Buffer` for deepEqual since
their values may not be accurately represented by 8-bit ints.
Instead perform binary comparison of underlying `ArrayBuffer`s,
but only when the array types match.
Never apply any kind of optimization for floating-point typed
arrays since bit pattern equality is not the right kind of check
for them.
PR-URL: https://github.com/nodejs/node/pull/5910
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Fixes: https://github.com/nodejs/node/issues/5907
`<`-ing a file into stdin actually results in a `fs.ReadStream`, rather
than a `tty.ReadStream`, and as such does not inherit from net.Socket,
unlike the other possible stdin options.
Refs: https://github.com/nodejs/node/pull/5916
PR-URL: https://github.com/nodejs/node/pull/5935
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Make sure that, even if an `inflate()` call only sees the first
few bytes of a following gzip member, all members are decompressed
and part of the full output.
This change also modifies behaviour for trailing garbage:
If there is trailing garbage which happens to start with the
gzip magic bytes, it is no longer discarded but rather throws
an error, since we cannot reliably tell random garbage from
a valid gzip member anyway and have to try and decompress it.
(Null byte padding is not affected, since it has been pointed
out at various occasions that such padding is normal and
discarded by `gzip(1)`, too.)
Adds tests for the special case that the first `inflate()` call
receives only the first few bytes of a second gzip member but
not the whole header (or even just the magic bytes).
PR-URL: https://github.com/nodejs/node/pull/5883
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/5881
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Some old version parameter comments are left in fs.markdown. Remove
them.
PR-URL: https://github.com/nodejs/node/pull/5952
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Robert Lindstädt <robert.lindstaedt@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
PR-URL: https://github.com/nodejs/node/pull/5879
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Check that piping a large chunk of data from `process.stdin`
into `process.stdout` does not lose any data by verifying that
the output has the same size as the input.
This is a regression test for #5927 and fails for the commits
in the range [ace100945..89abe8680).
PR-URL: https://github.com/nodejs/node/pull/5949
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Changes to Node core in order to allow compilation for linuxOne.
The ../archs/linux32-s390x/opensslconf.h and
../archs/linux64-s390x/opensslconf.h were automatically
generated by running make linux-ppc linux-ppc64 in the
deps/openssl/config directory as per our standard
practice
After these changes we still need a version of v8
which supports linuxOne but that will be coming soon
in the 5.1 version of v8. Until then with these changes
we'll be able to create a hybrid build which pulls in
v8 from the http://github/andrewlow repo.
PR-URL: https://github.com/nodejs/node/pull/5941
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
There were 2 tests using curl:
`test-http-304.js` is removed because it was initially included to test
that the 304 response does not contain a body, and this is already
covered by `test-http-chunked-304.js`.
`test-http-curl-chunk-problem` has been renamed and refactored so
instead of using curl, it uses 2 child node processes: one for sending
the HTTP request and the other to calculate the sha1sum. Originally,
this test was introduced to fix a bug in `nodejs@0.2.x`, and it was not
fixed until `nodejs@0.2.5`. A modified version of this test has been run
with `nodejs@0.2.0` and reproduces the problem. This same test has been
run with `nodejs@0.2.6` and runs correctly.
Fixes: https://github.com/nodejs/node/issues/5174
PR-URL: https://github.com/nodejs/node/pull/5750
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Currently we are not testing that resolution of local paths is
resolved first in the repl. This addition to `test-repl-require`
adds an additional fixture an ensures we won't regress in the future
PR-URL: https://github.com/nodejs/node/pull/5689
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
This fixes a bug where a 3rd party module found in node_modules,
would be preferred over a ./local module with the same name.
Fixes: https://github.com/nodejs/node/issues/5684
PR-URL: https://github.com/nodejs/node/pull/5689
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
We can assume the Windows SDK is installed, hence the intermediate
files generated from manifest should not be part of the source tree.
This also fixes incorrect detection of ctrpp.exe, that should be in
the path.
PR-URL: https://github.com/nodejs/node/pull/5657
Reviewed-By: Alexis Campailla <orangemocha@nodejs.org>
Added build-addons task, it allows to build and test native addons
during test-ci task. Basically it should work in same way like
Makefile "build-addons" task.
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: João Reis <reis@janeasystems.com>
PR-URL: https://github.com/nodejs/node/pull/5886
Fixes: https://github.com/nodejs/node/issues/2537
As per https://github.com/nodejs/node/issues/5085
exclude new test from AIX until we have fixes for
libuv for fs watching on AIX. Excluding test
so AIX tests are green and we don't miss
other regressions
PR-URL: https://github.com/nodejs/node/pull/5937
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Added safe internal references for 'clearTimeout(..)', 'active(..)', and
'unenroll(..)'. Changed various API refs from 'export.*' to use these
safe internal references.
Now, overwriting the global API identifiers does not create potential
breakage and/or race conditions. See Issue #2493.
PR-URL: https://github.com/nodejs/node/pull/5882
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Fixes: https://github.com/nodejs/node/issues/2493
Rather than abort if the init/pre/post/final/destroy callbacks throw,
force the exception to propagate and not be made catchable. This way
the application is still not allowed to proceed but also allowed the
location of the failure to print before exiting. Though the stack itself
may not be of much use since all callbacks except init are called from
the bottom of the call stack.
/tmp/async-test.js:14
throw new Error('pre');
^
Error: pre
at InternalFieldObject.pre (/tmp/async-test.js:14:9)
PR-URL: https://github.com/nodejs/node/pull/5756
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Andreas Madsen <amwebdk@gmail.com>
The second argument of the post callback is a boolean indicating whether
the callback threw and was intercepted by uncaughtException or a domain.
Currently node::MakeCallback has no way of retrieving a uid for the
object. This is coming in a future patch.
PR-URL: https://github.com/nodejs/node/pull/5756
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Andreas Madsen <amwebdk@gmail.com>
The number of callbacks accepted to setupHooks was getting unwieldy.
Instead change the implementation to accept an object with all callbacks
PR-URL: https://github.com/nodejs/node/pull/5756
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Andreas Madsen <amwebdk@gmail.com>
Make comment clear that Undefined() is returned for legacy
compatibility. This will change in the future as a semver-major change,
but to be able to port this to previous releases it needs to stay as is.
PR-URL: https://github.com/nodejs/node/pull/5756
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Andreas Madsen <amwebdk@gmail.com>
Now that HTTPParser uses MakeCallback it is unnecessary to manually
process the nextTickQueue.
The KickNextTick function is now no longer needed so code has moved back
to node::MakeCallback to simplify implementation.
Include minor cleanup moving Environment::tick_info() call below the
early return to save an operation.
PR-URL: https://github.com/nodejs/node/pull/5756
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Andreas Madsen <amwebdk@gmail.com>
Prior to c9fd9e2162, UDP sockets
would callback with a null error on successful send() calls. The
current behavior is to pass 0 as the error. This commit restores
the previous, more expected behavior.
PR-URL: https://github.com/nodejs/node/pull/5929
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Convert anything to string, but Buffer, TypedArray and ArrayBuffer
```
var uint8 = new Uint8Array([0xf0, 0x9f, 0x90]);
Buffer.byteLength(uint8); // should be 3, but returns 11
Buffer.byteLength(uint8.buffer); // should be 3, but return 20
```
PR-URL: https://github.com/nodejs/node/pull/5255
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
When create Buffer from empty string will touch
C++ binding also.
This patch can improve edge case ~70% faster.
PR-URL: https://github.com/nodejs/node/pull/4414
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Refactor unused self=this code to code without without this pattern
making it more consistent with the rest of our code.
PR-URL: https://github.com/nodejs/node/pull/5857
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Roman Klauke <romankl@users.noreply.github.com>
The socket list module (used by child_process) currently uses the
`var self = this;` pattern for context in several places, this PR
replaces this with arrow functions or passing a parameter in where
appropriate.
Note that the `var self = this` in the _request is intentioanlly
left in place since it is not trivial to refactor it and the current
pattern isn't bad given the use case.
PR-URL: https://github.com/nodejs/node/pull/5860
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Update example of readInt32LE method. buf.readInt32LE(1) is supposed to
throw an error as it has only four elements and it tries to read 32
bits from three bytes.
Fixes: https://github.com/nodejs/node/issues/5889
PR-URL: https://github.com/nodejs/node/pull/5890
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Introduce a new MACRO to check if the data is a String object and
update existing MACROs to include the actual object description to
be printed in case of an error.
PR-URL: https://github.com/nodejs/node/pull/3100
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
parallel/test-dns-cares-domains needs a working internet connection
to function (or a local DNS resolver that returns an answer quickly),
otherwise it times out. Move it to test/internet.
PR-URL: https://github.com/nodejs/node/pull/5905
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Introduce `--no-browser-globals` configure flag. With this flag set, following
globals won't be exported:
- `setTimeout`, `clearTimeout`, `setInterval`, `clearInterval`,
`setImmediate`, `clearImmediate`
- `console`
These are provided by the DOM implementation in browser, so the
`--no-browser-globals` flag may be helpful when embedding node.js within
chromium/webkit.
Inspired-By: 82e10ce94f
PR-URL: https://github.com/nodejs/node/pull/5853
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
This makes several changes:
1. Allow path/filename to be passed in as a Buffer on fs methods
2. Add `options.encoding` to fs.readdir, fs.readdirSync, fs.readlink,
fs.readlinkSync and fs.watch.
3. Documentation updates
For 1... it's now possible to do:
```js
fs.open(Buffer('/fs/foo/bar'), 'w+', (err, fd) => { });
```
For 2...
```js
fs.readdir('/fs/foo/bar', {encoding:'hex'}, (err,list) => { });
fs.readdir('/fs/foo/bar', {encoding:'buffer'}, (err, list) => { });
```
encoding can also be passed as a string
```js
fs.readdir('/fs/foo/bar', 'hex', (err,list) => { });
```
The default encoding is set to UTF8 so this addresses the
discrepency that existed previously between fs.readdir and
fs.watch handling filenames differently.
Fixes: https://github.com/nodejs/node/issues/2088
Refs: https://github.com/nodejs/node/issues/3519
PR-URL: https://github.com/nodejs/node/pull/5616
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
