This commit adds a configuration option named
openssl-default-cipher-list which takes a colon separated string
specifying ciphers that should be used as the default ciphers instead of
the ones defined in node_constants.
The motivation for this is a use case where Fedora/RHEL would like
to be able to specify a default cipher in the format PROFILE=SYSTEM.
This would enable Fedora/RHEL to have a system wide security level for
all applications.
PR-URL: https://github.com/nodejs/node/pull/33708
Refs: https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
This commit removes the reported unused using declarations from
cache_builder.cc
PR-URL: https://github.com/nodejs/node/pull/33697
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit adds the prerequisites which contains all the files to lint.
Currently the only the files in 'src' will be checked.
PR-URL: https://github.com/nodejs/node/pull/33697
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit replaces FromJust() calls with Check() in places where the
value that FromJust() returns is not used.
PR-URL: https://github.com/nodejs/node/pull/33706
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Disable lint checks (enable prohibited-strings remark-lint) for
doc-style-guide.md:66. This was producing lint errors in builds
on master.
PR-URL: https://github.com/nodejs/node/pull/33787
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/33755
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
The phrasing "pre Node.js v0.10" is not grammatical, as "pre" is not a
word. This also changes "Node.js v0.10" to "Node.js 0.10". We dropped
use of the "v" prefix in prose some time ago to avoid confusion as to
whether "v8" referred to the V8 JavaScript engine or Node.js 8.x.
PR-URL: https://github.com/nodejs/node/pull/33754
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
In the docs, we specify the default value of function parameters in the
list below the header. There is one exception where we use default
parameter notation. Change that instance to be like the rest of the docs
instead.
I rather like the default parameter notation, and I get why we didn't
use it to begin with. (The notation didn't exist in JavaScript at the
time.) I wouldn't mind switching to it, but that would result in big
churn. That can be a separate topic of discussion. For now, though,
let's get the docs consistent.
PR-URL: https://github.com/nodejs/node/pull/33752
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Original commit message:
[turbofan] Fixes for integrating the fast C API
This commit adds a few fixes neccessary for integrating the
fast C API into Blink:
- added default constructor for CFunction
- removed a bogus template specialization allowing void* params
- extended the public Isolate class
Bug: chromium:1052746
Change-Id: I4f2ba84299920e2cc9d66ec1ed59302313db6c0b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2120587
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66986}
Refs: 0d6debcc5f
PR-URL: https://github.com/nodejs/node/pull/33600
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
In the benchmark, because it performs asynchronous operations before
writing its HTTP replies, the underlying socket can be closed by the
peer before the response is written. Since 28e6626ce7, that means
that attempting to `.end()` the HTTP response results in an uncaught
exception, breaking the benchmark.
Fix that by checking whether the response object has been destroyed
or not before attempting to call `.end()`.
https://github.com/nodejs/node/issues/33591
PR-URL: https://github.com/nodejs/node/pull/33642
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Signed-off-by: Michaël Zasso <targos@protonmail.com>
PR-URL: https://github.com/nodejs/node/pull/33696
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Convert callback functions that are anonymous
to arrow functions for better readability.
PR-URL: https://github.com/nodejs/node/pull/33711
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Zeyu Yang <himself65@outlook.com>
PR-URL: https://github.com/nodejs/node/pull/33615
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Zeyu Yang <himself65@outlook.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
It's still experimental, but make the flag non-op
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/33527
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
AbortController impl based very closely on:
https://github.com/mysticatea/abort-controller
Marked experimental.
Not currently used by any of the existing promise apis.
Signed-off-by: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/33527
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
This commit replaces the IsEmpty call to use ToLocal instead which
allows for the following ToLocalChecked function call to be avoided.
PR-URL: https://github.com/nodejs/node/pull/33695
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
This commit suggests using getauxval in node_main.cc.
The motivation for this is that getauxval was introduced in glibc 2.16
and looking at BUILDING.md, in the 'Platform list' section, it looks
like we now support glibc >= 2.17 and perhaps this change would be
alright now.
PR-URL: https://github.com/nodejs/node/pull/33693
Refs: https://github.com/nodejs/node/pull/12548
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/33683
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Event#cancelBubble is property (and not a function). Change
Event#cancelBubble to a property and add a test.
PR-URL: https://github.com/nodejs/node/pull/33613
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
Related to https://github.com/nodejs/remark-preset-lint-node/pull/94
PR-URL: https://github.com/nodejs/node/pull/33692
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Disable linting for prohibited strings in the collaborator list so that
sam-github does not have to be sam-GitHub.
Refs: https://github.com/nodejs/remark-preset-lint-node/pull/96
Signed-off-by: Rich Trott <rtrott@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/33719
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
`common.gypi` is used by `node-gyp` to compile addons. Default values
must be provided for variables that may not exist on older versions of
Node.js so that older versions of Node.js can be used to compile addons
for later versions of Node.js.
Add default values for `v8_enable_pointer_compression` and
`v8_enable_31bit_smis_on_64bit_arch`.
PR-URL: https://github.com/nodejs/node/pull/33688
Refs: https://github.com/nodejs/node/pull/30463
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Signed-off-by: Richard Lau <riclau@uk.ibm.com>
PR-URL: https://github.com/nodejs/node/pull/33612
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Update the "End-of-Life" casing in the deprecation documentation
for consistency. Similar to #26251.
PR-URL: https://github.com/nodejs/node/pull/33691
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
The API docs have been migrating to **Default:** when providing
default values. This commit updates the events documentation page
for consistency.
PR-URL: https://github.com/nodejs/node/pull/33678
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
In the spirit of #30108, remove the use of "it is important" in
the new EventTarget docs.
PR-URL: https://github.com/nodejs/node/pull/33678
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
This is a security release.
Vulnerabilities fixed:
- CVE-2020-8174: napi_get_value_string_*() allows various kinds of
memory corruption (High).
- CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
PR-URL: https://github.com/nodejs-private/node-private/pull/211
This is a security release.
Notable changes:
Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: `napi_get_value_string_*()` allows various kinds of memory corruption (High).
PR-URL: https://github.com/nodejs-private/node-private/pull/213
This is a security release.
Notable changes:
Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: `napi_get_value_string_*()` allows various kinds of memory corruption (High).
PR-URL: https://github.com/nodejs-private/node-private/pull/212
Prior to this patch `session` event was emitted after `secure` event on
TLSSocket, but before `secureConnect` event. This is problematic for
`https.Agent` because it must cache session only after verifying the
remote peer's certificate.
Connecting to a server that presents an invalid certificate resulted
in the session being cached after the handshake with the server and
evicted right after a certifiate validation error and socket's
destruction. A request initiated during this narrow window would pick
the faulty session, send it to the malicious server and skip the
verification of the server's certificate.
Fixes: https://hackerone.com/reports/811502
CVE-ID: CVE-2020-8172
PR-URL: https://github.com/nodejs-private/node-private/pull/200
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Original commit message:
Reland "[snapshot] rehash JSMap and JSSet during deserialization"
This is a reland of 8374feed55a5b3010f2e9593560a2d84f9f6725f.
Fixed rehashing of global proxy keys by creating its identity hash
early, before the deserialization of the context snapshot.
Original change's description:
> [snapshot] rehash JSMap and JSSet during deserialization
>
> To rehash JSMap and JSSet, we simply replace the backing store
> with a new one created with the new hash.
>
> Bug: v8:9187
> Change-Id: I90c25b18b33b7bc2b6ffe1b89fe17aa5f978b517
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2143983
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Reviewed-by: Camillo Bruni <cbruni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#67663}
Bug: v8:9187, v8:10523
Change-Id: I7a0319b1d10ff07644de902fec43e7c2b1dd8da9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2212085
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Cr-Commit-Position: refs/heads/master@{#67999}
Refs: 22014de001
PR-URL: https://github.com/nodejs/node/pull/33300
Refs: ea0719b8ed
Refs: bb9f0c2b2f
Refs: https://github.com/nodejs/node/issues/17058
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Original commit message:
[snapshot] Do not defer ArrayBuffers during snapshotting
ArrayBuffer instances are serialized by first re-assigning a index
to the backing store field, then serializing the object, and then
storing the actual backing store address again (and the same for the
ArrayBufferExtension). If serialization of the object itself is deferred,
the real backing store address is written into the snapshot, which cannot be
processed when deserializing, leading to a crash.
This fixes this by not deferring ArrayBuffer serialization and adding a DCHECK
for the crash that previously occurred.
Change-Id: Id9bea8268061bd0770cde7bfeb6695248978f994
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2144123
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67114}
Refs: ea0719b8ed
PR-URL: https://github.com/nodejs/node/pull/33300
Refs: bb9f0c2b2f
Refs: 22014de001
Refs: https://github.com/nodejs/node/issues/17058
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>