Skip to content
This repository
branch: v0.8.24-release

Jun 03, 2013

  1. Isaac Z. Schlueter

    2013.06.04, Version 0.8.24 (maintenance)

    * npm: Upgrade to v1.2.24
    
    * url: Properly parse certain oddly formed urls (isaacs)
    
    * http: Don't try to destroy nonexistent sockets (isaacs)
    
    * handle_wrap: fix NULL pointer dereference (Ben Noordhuis)
    isaacs authored
  2. Isaac Z. Schlueter

    npm: Upgrade to 1.2.24

    isaacs authored
  3. Isaac Z. Schlueter

    url: Properly parse certain oddly formed urls

    In cases where there are multiple @-chars in a url, Node currently
    parses the hostname and auth sections differently than web browsers.
    
    This part of the bug is serious, and should be landed in v0.10, and
    also ported to v0.8, and releases made as soon as possible.
    
    The less serious issue is that there are many other sorts of malformed
    urls which Node either accepts when it should reject, or interprets
    differently than web browsers.  For example, `http://a.com*foo` is
    interpreted by Node like `http://a.com/*foo` when web browsers treat
    this as `http://a.com%3Bfoo/`.
    
    In general, *only* the `hostEndingChars` should be the characters that
    delimit the host portion of the URL.  Most of the current `nonHostChars`
    that appear in the hostname should be escaped, but some of them (such as
    `;` and `%` when it does not introduce a hex pair) should raise an
    error.
    
    We need to have a broader discussion about whether it's best to throw in
    these cases, and potentially break extant programs, or return an object
    that has every field set to `null` so that any attempt to read the
    hostname/auth/etc. will appear to be empty.
    isaacs authored

Apr 22, 2013

  1. Isaac Z. Schlueter

    http: Don't try to destroy nonexistent sockets

    Fixes #3740
    
    In the case of pipelined requests, you can have a situation where
    the socket gets destroyed via one req/res object, but then trying
    to destroy *another* req/res on the same socket will cause it to
    call undefined.destroy(), since it was already removed from that
    message.
    
    Add a guard to OutgoingMessage.destroy and IncomingMessage.destroy
    to prevent this error.
    isaacs authored

Apr 17, 2013

  1. Ben Noordhuis

    test: make stdout-close-unref work in test runner

    process.stdout isn't fully initialized yet by the time the test starts
    when invoked with `python tools/test.py`. Use process.stdin instead and
    force initialization with process.stdin.resume().
    
    This is a back-port of commit 2e70dda from the v0.10 branch.
    bnoordhuis authored

Apr 16, 2013

  1. Ben Noordhuis

    handle_wrap: fix NULL pointer dereference

    Fix a NULL pointer dereference in src/handle_wrap.cc which is really a
    use-after-close bug.
    
    The test checks that unref() after close() works on process.stdout but
    this bug affects everything that derives from HandleWrap. I discovered
    it because child processes would sometimes quit for no reason (that is,
    no reason until I turned on core dumps.)
    
    This is a back-port of commit ccd3722 from the v0.10 branch.
    bnoordhuis authored

Apr 09, 2013

  1. Isaac Z. Schlueter

    Now working on 0.8.24

    isaacs authored
  2. Isaac Z. Schlueter

    Merge branch 'v0.8.23-release' into v0.8

    isaacs authored

Apr 08, 2013

  1. Isaac Z. Schlueter

    2013.04.09, Version 0.8.23 (maintenance)

    * npm: Upgrade to v1.2.18
    
    * http: Avoid EE warning on ECONNREFUSED handling (isaacs)
    
    * tls: Re-enable check of CN-ID in cert verification (Tobias Müllerleile)
    
    * child_process: fix sending utf-8 to child process (Ben Noordhuis)
    
    * crypto: check key type in GetPeerCertificate() (Ben Noordhuis)
    
    * win/openssl: mark assembled object files as seh safe (Bert Belder)
    
    * windows/msi: fix msi build issue with WiX 3.7/3.8 (Raymond Feng)
    isaacs authored
  2. Isaac Z. Schlueter

    npm: Upgrade to v1.2.18

    isaacs authored
  3. Isaac Z. Schlueter

    http: Avoid EE warning on ECONNREFUSED handling

    This is a back-port of the same fix in
    deb1dc2, for v0.8.
    isaacs authored

Apr 07, 2013

  1. Tobias Müllerleile

    tls: Re-enable check of CN-ID in cert verification

    RFC 6125 explicitly states that a client "MUST NOT seek a match
    for a reference identifier of CN-ID if the presented identifiers
    include a DNS-ID, SRV-ID, URI-ID, or any application-specific
    identifier types supported by the client", but it MAY do so if
    none of the mentioned identifier types (but others) are present.
    tmuellerleile authored indutny committed

Mar 25, 2013

  1. Ben Noordhuis

    child_process: fix sending utf-8 to child process

    In process#send() and child_process.ChildProcess#send(), use 'utf8' as
    the encoding and correctly handle partial character sequences by
    introducing a StringDecoder. Before this commit, it used 'ascii' and
    partial sequences were dropped or corrupted.
    
    This is a back-port of commit 44843a6 from the v0.10 branch.
    
    Fixes #4999 and #5011.
    bnoordhuis authored

Mar 13, 2013

  1. Ben Noordhuis

    crypto: check key type in GetPeerCertificate()

    Works around the following exception:
    
      Error: 140463203215168:error:0607907F:digital envelope
      routines:EVP_PKEY_get1_RSA:expecting an rsa key:
      ../deps/openssl/openssl/crypto/evp/p_lib.c:288:
        at CleartextStream._pusher (tls.js:656:24)
        at SlabBuffer.use (tls.js:199:18)
        at CleartextStream.CryptoStream._push (tls.js:483:33)
        at SecurePair.cycle (tls.js:880:20)
        <snip>
    
    The issue has been solved properly in v0.10 and the master branch as of
    commit c6e2db2 ("crypto: clear error stack"). This is the "back-port"
    to v0.8.
    
    For some (rather unquantifiable) reason the original fix only works for
    the tls module in v0.8 but not the https module unless OpenSSL is
    downgraded to 0.9.8. Upgrading OpenSSL does *not* fix it, however.
    
    The https module doesn't appear to be at fault; upgrading it to v0.10
    doesn't fix the issue. That leaves either the tls or the http module
    (that https derives from) but the changes to those modules are too
    massive to back-port as-is.
    
    `git bisect` over the v0.8 -> v0.10 commits didn't show up anything
    useful, it pinpoints c6e2db2 as the commit that fixes things.
    
    I've spent several hours on this now and seeing that v0.8 is in
    maintenance mode, this cheap hack will have to do.
    
    Fixes #4771.
    bnoordhuis authored

Mar 08, 2013

  1. Bert Belder

    Revert "build, windows: disable SEH"

    This is no longer necessary - the underlying issue was fixed in 01fa5ee.
    This reverts commit d879042.
    piscisaureus authored
  2. Bert Belder

    win/openssl: mark assembled object files as seh safe

    There are no unsafe structured exception handlers in object files
    generated from hand-crafted assembly - because they contain no exception
    handlers at all.
    piscisaureus authored
  3. Raymond Feng

    windows/msi: fix msi build issue with WiX 3.7/3.8

    The `heat` tool that gathers NPM source files wasn't getting called.
    Closes #4896
    raymondfeng authored piscisaureus committed

Mar 07, 2013

  1. Isaac Z. Schlueter

    blog: Post for v0.8.22

    isaacs authored
  2. Isaac Z. Schlueter

    Now working on 0.8.23

    isaacs authored
  3. Isaac Z. Schlueter

    Merge branch 'v0.8.22-release' into v0.8

    isaacs authored

Mar 06, 2013

  1. Isaac Z. Schlueter

    2013.03.07, Version 0.8.22 (Stable)

    * npm: Update to 1.2.14
    
    * cluster: propagate bind errors (Ben Noordhuis)
    
    * crypto: don't assert when calling Cipher#final() twice (Ben Noordhuis)
    
    * build, windows: disable SEH (Ben Noordhuis)
    isaacs authored
  2. Isaac Z. Schlueter

    npm: Update to 1.2.14

    isaacs authored
  3. Isaac Z. Schlueter

    blog: Update streams2 feature post to match actual doc

    isaacs authored
  4. Isaac Z. Schlueter

    blog: Post for 0.9.12

    isaacs authored
  5. Nathan Rajlich

    process: invoke EventEmitter on `process`

    This properly sets the `_maxListeners` property, which
    fixes the max listener warning. Closes #4924.
    TooTallNate authored

Mar 05, 2013

  1. Ben Noordhuis

    cluster: propagate bind errors

    This commit fixes a bug where the cluster module fails to propagate
    EADDRINUSE errors.
    
    When a worker starts a (net, http) server, it requests the listen socket
    from its master who then creates and binds the socket.
    
    Now, OS X and Windows don't always signal EADDRINUSE from bind() but
    instead defer the error until a later syscall. libuv mimics this
    behaviour to provide consistent behaviour across platforms but that
    means the worker could end up with a socket that is not actually bound
    to the requested addresss.
    
    That's why the worker now checks if the socket is bound, raising
    EADDRINUSE if that's not the case.
    
    Fixes #2721.
    bnoordhuis authored

Mar 04, 2013

  1. Ben Noordhuis

    doc: add url.resolve() usage examples

    Fixes #4913.
    bnoordhuis authored
  2. Rod Vagg

    link to LevelUP modules wiki page, not level-hooks

    rvagg authored isaacs committed

Mar 02, 2013

  1. Ben Noordhuis

    test: make simple/test-dgram-pingpong respect PORT

    Don't use hard-coded port numbers, use common.PORT instead.
    
    Should fix the occasional Jenkins failure; the builds run in parallel.
    bnoordhuis authored
  2. Timothy J Fontaine

    test: optionally set common.PORT via env variable

    This is a back-port of commit 17a8126 from the master branch.
    tjfontaine authored bnoordhuis committed
  3. Ben Noordhuis

    crypto: don't assert when calling Cipher#final() twice

    Remove the assert() that triggered when Cipher#final() or
    Decipher#final() was called twice.
    
    Fixes #4886.
    bnoordhuis authored

Mar 01, 2013

  1. Isaac Z. Schlueter

    blog: Post about v0.9.11

    isaacs authored
  2. Ben Noordhuis

    http: use socket.once, not socket.on

    Register the 'close' event listener with .once(), not .on().
    
    It doesn't matter in the grand scheme of things because the listener
    doesn't keep references to any heavy-weight objects but using .once()
    for a oneshot listener is something of a best practice.
    bnoordhuis authored

Feb 28, 2013

  1. Eugene Girshov

    doc: remove note about close event

    egirshov authored bnoordhuis committed
  2. Timothy J Fontaine

    test: fix tap output on windows

    Test output is always \n and not platform dependent
    tjfontaine authored bnoordhuis committed
Something went wrong with that request. Please try again.