* v8: upgrade to 3.20.11 * uv: upgrade to v0.11.7 * buffer: return offset for end of last write (Trevor Norris) * build: embed the mdb_v8.so into the binary (Timothy J Fontaine) * build: fix --without-ssl build (Ben Noordhuis) * child_process: add 'shell' option to .exec() (Ben Noordhuis) * dgram: report send errors to cb, don't pass bytes (Ben Noordhuis) * fs: write strings directly to disk (Trevor Norris) * https: fix default port (Koichi Kobayashi) * openssl: use asm for sha, md5, rmd (Fedor Indutny) * os: add mac address to networkInterfaces() output (Brian White) * smalloc: introduce smalloc module (Trevor Norris) * stream: Simplify flowing, passive data listening (streams3) (isaacs) * tls: asynchronous SNICallback (Fedor Indutny) * tls: share tls tickets key between cluster workers (Fedor Indutny) * util: don't throw on circular %j input to format() (Ben Noordhuis)
`server.SNICallback` was initialized with `SNICallback.bind(this)`, and therefore check `this.SNICallback === SNICallback` was always false, and `_tls_wrap.js` always thought that it was a custom callback instead of default one. Which in turn was causing clienthello parser to be enabled regardless of presence of SNI contexts.
The type of the expression `(uint16_t) server_names_len + 2` gets implicitly widened to int. Change the type of server_names_len to uint32_t to avoid the following warnings: ../../src/node_crypto_clienthello.cc:144: warning: comparison between signed and unsigned integer expressions ../../src/node_crypto_clienthello.cc:146: warning: comparison between signed and unsigned integer expressions
Quoting the CVE: Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." Likely has zero impact on node.js because it only runs local, trusted code but let's apply it anyway. This is a back-port of upstream commit r15665. Original commit log: Use internal array as API function cache. Rfirstname.lastname@example.org BUG=chromium:260106 TEST=cctest/test-api/Regress260106 Review URL: https://codereview.chromium.org/19159003 Fixes #5973.
Flags and modes aren't the same, symlinks are followed in all of the path but the last component, docs should say something about what the mode argument is for and when its used, fs.openSync should point to the function that contains the docs for its args, as fs.writeSync does.
It shouldn't ignore it! There're two possibile cases, which should be handled properly: 1. Having a default `SNICallback` which is using contexts, added with `server.addContext(...)` routine 2. Having a custom `SNICallback`. In first case we may want to opt-out setting `.onsniselect` method (and thus save some CPU time), if there're no contexts added. But, if custom `SNICallback` is used, `.onsniselect` should always be set, because server contexts don't affect it.
* Numeric values passed to alloc were converted to int32, not uint32 before the range check, which allows wrap around on ToUint32. This would cause massive malloc calls and v8 fatal errors. * dispose would not check if value was an Object, causing segfault if a Primitive was passed. * kMaxLength was not enumerable.