Permalink
Commits on Aug 21, 2013
  1. 2013.08.21, Version 0.10.17 (Stable)

    * uv: Upgrade v0.10.14
    
    * http_parser: Do not accept PUN/GEM methods as PUT/GET (Chris Dickinson)
    
    * tls: fix assertion when ssl is destroyed at read (Fedor Indutny)
    
    * stream: Throw on 'error' if listeners removed (isaacs)
    
    * dgram: fix assertion on bad send() arguments (Ben Noordhuis)
    
    * readline: pause stdin before turning off terminal raw mode (Daniel Chatfield)
    tjfontaine committed Aug 21, 2013
  2. uv: Upgrade v0.10.14

    tjfontaine committed Aug 21, 2013
  3. blog: v0.11.6

    tjfontaine committed Aug 21, 2013
  4. doc: Mention python dep in downloads page

    Closes #3604
    isaacs committed Aug 21, 2013
  5. deps: upgrade http_parser to 303c4e4

    Upgrade to nodejs/http-parser@303c4e4. Changes:
    
      * Do not accept PUN/GEM methods as PUT/GET.
      * Further request method check strengthening.
    bnoordhuis committed Aug 21, 2013
  6. tls: fix assertion when ssl is destroyed at read

    `maybeInitFinished()` can emit the 'secure' event which
    in turn destroys the connection in case of authentication
    failure and sets `this.pair.ssl` to `null`.
    
    If such condition appeared after non-empty read - loop will continue
    and `clearOut` will be called on `null` object instead of
    `crypto::Connection` instance. Resulting in the following assertion:
    
        ERROR: Error: Hostname/IP doesn't match certificate's altnames
        Assertion failed: handle->InternalFieldCount() > 0
    
    fix #5756
    indutny committed Aug 21, 2013
Commits on Aug 20, 2013
  1. doc: Minor typos in dgram doc

    a/an usage.  Thanks @KenanSulayman
    isaacs committed Aug 20, 2013
Commits on Aug 19, 2013
  1. doc: Add callback parameter to dgram socket.bind()

    Also, describe more details of bind().
    duanyao committed with isaacs Dec 4, 2012
  2. stream: Throw on 'error' if listeners removed

    In this situation:
    
        writable.on('error', handler);
        readable.pipe(writable);
        writable.removeListener('error', handler);
        writable.emit('error', new Error('boom'));
    
    there is actually no error handler, but it doesn't throw, because of the
    fix for stream.once('error', handler), in 23d92ec.
    
    Note that simply reverting that change is not valid either, because
    otherwise this will emit twice, being handled the first time, and then
    throwing the second:
    
        writable.once('error', handler);
        readable.pipe(writable);
        writable.emit('error', new Error('boom'));
    
    Fix this with a horrible hack to make the stream pipe onerror handler
    added before any other userland handlers, so that our handler is not
    affected by adding or removing any userland handlers.
    
    Closes #6007.
    isaacs committed Aug 19, 2013
Commits on Aug 17, 2013
  1. dgram: fix assertion on bad send() arguments

    Add range checks for the offset, length and port arguments to
    dgram.Socket#send().  Fixes the following assertion:
    
        node: ../../src/udp_wrap.cc:264: static v8::Handle<v8::Value>
        node::UDPWrap::DoSend(const v8::Arguments&, int): Assertion
        `offset < Buffer::Length(buffer_obj)' failed.
    
    And:
    
        node: ../../src/udp_wrap.cc:265: static v8::Handle<v8::Value>
        node::UDPWrap::DoSend(const v8::Arguments&, int): Assertion
        `length <= Buffer::Length(buffer_obj) - offset' failed.
    
    Interestingly enough, a negative port number was accepted until now but
    silently ignored.  (In other words, it would send the datagram to a
    random port.)
    
    This commit exposed a bug in the simple/test-dgram-close test which
    has also been fixed.
    
    This is a back-port of commit 41ec6d0 from the master branch.
    
    Fixes #6025.
    bnoordhuis committed Aug 9, 2013
  2. readline: pause stdin before turning off terminal raw mode

    On windows, libuv will immediately make a `ReadConsole` call (in the
    thread pool) when a 'flowing' `uv_tty_t` handle is switched to
    line-buffered mode. That causes an immediate issue for some users,
    since libuv can't cancel the `ReadConsole` operation on Windows 8 /
    Server 2012 and up if the program switches back to raw mode later.
    
    But even if this will be fixed in libuv at some point, it's better to
    avoid the overhead of starting work in the thread pool and immediately
    cancelling it afther that.
    
    See also f34f1e3, where the same change is made for the opposite
    flow, e.g. move `resume()` after `_setRawMode(true)`.
    
    Fixes #5927
    
    This is a backport of dfb0461 (see #5930) to the v0.10 branch.
    danielchatfield committed with piscisaureus Jul 30, 2013
Commits on Aug 16, 2013
  1. blog: v0.10.16

    isaacs committed Aug 16, 2013
  2. Now working on v0.10.17

    isaacs committed Aug 16, 2013
  3. 2013.08.16, Version 0.10.16 (Stable)

    * v8: back-port fix for CVE-2013-2882
    
    * npm: Upgrade to 1.3.8
    
    * crypto: fix assert() on malformed hex input (Ben Noordhuis)
    
    * crypto: fix memory leak in randomBytes() error path (Ben Noordhuis)
    
    * events: fix memory leak, don't leak event names (Ben Noordhuis)
    
    * http: Handle hex/base64 encodings properly (isaacs)
    
    * http: improve chunked res.write(buf) performance (Ben Noordhuis)
    
    * stream: Fix double pipe error emit (Eran Hammer)
    isaacs committed Aug 16, 2013
  4. npm: Upgrade to 1.3.8

    isaacs committed Aug 16, 2013
  5. crypto: fix memory leak in randomBytes() error path

    This is the conceptual back-port of commit ec54873 from the master
    branch.
    bnoordhuis committed Aug 16, 2013
Commits on Aug 15, 2013
  1. http: Handle hex/base64 encodings properly

    This is a backport of 6d3d60a for
    v0.10.
    isaacs committed Aug 15, 2013
Commits on Aug 7, 2013
  1. blog: Post for v0.11.5

    tjfontaine committed Aug 7, 2013
Commits on Aug 6, 2013
  1. stream: Fix double pipe error emit

    If an error listener is added to a stream using once() before it is
    piped, it is invoked and removed during pipe() but before pipe() sees it
    which causes it to be emitted again.
    
    Fixes #4155 #4978
    hueniverse committed with isaacs Aug 5, 2013
Commits on Aug 5, 2013
  1. v8: back-port fix for CVE-2013-2882

    Quoting the CVE:
    
        Google V8, as used in Google Chrome before 28.0.1500.95, allows
        remote attackers to cause a denial of service or possibly have
        unspecified other impact via vectors that leverage "type confusion."
    
    Likely has zero impact on node.js because it only runs local, trusted
    code but let's apply it anyway.
    
    This is a back-port of upstream commit r15665. Original commit log:
    
        Use internal array as API function cache.
    
        R=yangguo@chromium.org
        BUG=chromium:260106
        TEST=cctest/test-api/Regress260106
    
        Review URL: https://codereview.chromium.org/19159003
    
    Fixes #5973.
    mstarzinger@chromium.org committed with bnoordhuis Jul 15, 2013
  2. doc: document domain.enter() and domain.exit()

    Adds the documentation requested in #5017.
    othiym23 committed with bnoordhuis Mar 14, 2013
  3. doc: fs.open, fix flag/mode confusion, etc.

    Flags and modes aren't the same, symlinks are followed in all of the
    path but the last component, docs should say something about what the
    mode argument is for and when its used, fs.openSync should point to the
    function that contains the docs for its args, as fs.writeSync does.
    sam-github committed with bnoordhuis Aug 2, 2013
Commits on Aug 2, 2013
  1. npm: Upgrade to 1.3.7

    isaacs committed Aug 2, 2013
Commits on Aug 1, 2013
  1. test: future-proof simple/test-event-emitter-memory-leak

    Run the garbage collector before running the actual test. It doesn't
    matter now but if in the future something in node.js core creates a lot
    of reclaimable garbage, that will break the test's expectation.
    bnoordhuis committed Aug 1, 2013
  2. test: fix pummel/test-net-connect-memleak

    * Run the garbage collector before creating the big array. It doesn't
      matter now but if in the future something in node.js core creates
      a lot of reclaimable garbage, that will break the test's expectation.
    
    * The first RSS check was being done too late. The garbage collector
      might have run before the check, throwing off the 'reclaimed memory'
      calculation.
    
    * Due to changes in how V8 represents the big array internally, the
      actual memory usage is just below 256 MB on x64. Update the test's
      expectation.
    bnoordhuis committed Aug 1, 2013
  3. events: fix memory leak, don't leak event names

    Before this commit, events were set to undefined rather than deleted
    from the EventEmitter's backing dictionary for performance reasons:
    `delete obj.key` causes a transition of the dictionary's hidden class
    and that can be costly.
    
    Unfortunately, that introduces a memory leak when many events are added
    and then removed again. The strings containing the event names are never
    reclaimed by the garbage collector because they remain part of the
    dictionary.
    
    That's why this commit makes EventEmitter delete events again. This
    effectively reverts commit 0397223.
    
    Fixes #5970.
    bnoordhuis committed Aug 1, 2013
Commits on Jul 31, 2013
  1. http: improve chunked res.write(buf) performance

    Avoid a costly buffer-to-string operation. Instead, allocate a new
    buffer, copy the chunk header and data into it and send that.
    
    The speed difference is negligible on small payloads but it really
    shines with larger (10+ kB) chunks. benchmark/http/end-vs-write-end
    with 64 kB chunks gives 45-50% higher throughput. With 1 MB chunks,
    the difference is a staggering 590%.
    
    Of course, YMMV will vary with real workloads and networks but this
    commit should have a positive impact on CPU and memory consumption.
    
    Big kudos to Wyatt Preul (@wpreul) for reporting the issue and providing
    the initial patch.
    
    Fixes #5941 and #5944.
    bnoordhuis committed Jul 31, 2013
Commits on Jul 30, 2013
  1. docs: Warning about consuming response

    geek committed with isaacs Jun 11, 2013
  2. crypto: fix assert() on malformed hex input

    Use the StringBytes::IsValidString() function introduced in commit
    dce26cc to ensure that the input string meets the expectations of the
    other StringBytes functions before processing it further.
    
    Fixes the following assertion:
    
        Assertion failed: (str->Length() % 2 == 0 && "invalid hex string
        length"), function StorageSize, file ../../src/string_bytes.cc,
        line 301.
    
    Fixes #5725.
    bnoordhuis committed Jul 30, 2013