Permalink
Switch branches/tags
Commits on Mar 28, 2013
  1. 2013.03.28, Version 0.10.2 (Stable)

    isaacs committed Mar 28, 2013
    * npm: Upgrade to 1.2.15
    
    * uv: Upgrade to 0.10.3
    
    * tls: handle SSL_ERROR_ZERO_RETURN (Fedor Indutny)
    
    * tls: handle errors before calling C++ methods (Fedor Indutny)
    
    * tls: remove harmful unnecessary bounds checking (Marcel Laverdet)
    
    * crypto: make getCiphers() return non-SSL ciphers (Ben Noordhuis)
    
    * crypto: check randomBytes() size argument (Ben Noordhuis)
    
    * timers: do not calculate Timeout._when property (Alexey Kupershtokh)
    
    * timers: fix off-by-one ms error (Alexey Kupershtokh)
    
    * timers: handle signed int32 overflow in enroll() (Fedor Indutny)
    
    * stream: Fix stall in Transform under very specific conditions (Gil Pedersen)
    
    * stream: Handle late 'readable' event listeners (isaacs)
    
    * stream: Fix early end in Writables on zero-length writes (isaacs)
    
    * domain: fix domain callback from MakeCallback (Trevor Norris)
    
    * child_process: don't emit same handle twice (Ben Noordhuis)
    
    * child_process: fix sending utf-8 to child process (Ben Noordhuis)
  2. npm: Upgrade to v1.2.15

    isaacs committed Mar 28, 2013
  3. tls: handle SSL_ERROR_ZERO_RETURN

    indutny committed Mar 28, 2013
    see #5004
  4. setTimeout: do not calculate Timeout._when property

    wicked committed with isaacs Oct 25, 2012
    Dramatically improves Timer performance.
  5. stream: Emit readable on ended streams via read(0)

    isaacs committed Mar 27, 2013
    cc: @mjijackson
  6. stream: Handle late 'readable' event listeners

    isaacs committed Mar 26, 2013
    In cases where a stream may have data added to the read queue before the
    user adds a 'readable' event, there is never any indication that it's
    time to start reading.
    
    True, there's already data there, which the user would get if they
    checked However, as we use 'readable' event listening as the signal to
    start the flow of data with a read(0) call internally, we ought to
    trigger the same effect (ie, emitting a 'readable' event) even if the
    'readable' listener is added after the first emission.
    
    To avoid confusing weirdness, only the *first* 'readable' event listener
    is granted this privileged status.  After we've started the flow (or,
    alerted the consumer that the flow has started) we don't need to start
    it again.  At that point, it's the consumer's responsibility to consume
    the stream.
    
    Closes #5141
  7. doc: Add 'don't ignore errors' section to domain

    isaacs committed Mar 28, 2013
    Also, an example program of using cluster and domain to handle errors
    safely, with zero downtime, using process isolation.
Commits on Mar 27, 2013
  1. test: Accept either kind of NaN

    isaacs committed Mar 27, 2013
    A llvm/clang bug on Darwin ia32 makes these tests fail 100% of
    the time.  Since no one really seems to mind overly much, and we
    can't reasonably fix this in node anyway, just accept both types
    of NaN for now.
  2. tls: handle errors before calling C++ methods

    indutny committed Mar 27, 2013
    Calling `this.pair.encrypted._internallyPendingBytes()` before
    handling/resetting error will result in assertion failure:
    
    ../src/node_crypto.cc:962: void node::crypto::Connection::ClearError():
    Assertion `handle_->Get(String::New("error"))->BooleanValue() == false'
    failed.
    
    see #5058
  3. doc: addon: fix grammar

    bruston committed with bnoordhuis Mar 27, 2013
  4. openssl: disable HEARTBEAT TLS extension

    indutny committed Mar 26, 2013
    Microsoft's IIS doesn't support it, and is not replying with ServerHello
    after receiving ClientHello which contains it.
    
    The good way might be allowing to opt-out this at runtime from
    javascript-land, but unfortunately OpenSSL doesn't support it right now.
    
    see #5119
  5. domain: fix domain callback from MakeCallback

    trevnorris committed with isaacs Mar 26, 2013
    Since _tickCallback and _tickDomainCallback were both called from
    MakeCallback, it was possible for a callback to be called that required
    a domain directly to _tickCallback.
    
    The fix was to implement process.usingDomains(). This will set all
    applicable functions to their domain counterparts, and set a flag in cc
    to let MakeCallback know domain callbacks always need to be checked.
    
    Added test in own file. It's important that the test remains isolated.
Commits on Mar 26, 2013
  1. doc: child_process: document 'error' event

    bnoordhuis committed Mar 26, 2013
    Fixes #5130.
  2. doc: fix formatting in tty.markdown

    bnoordhuis committed Mar 26, 2013
    Fixes #5135.
Commits on Mar 25, 2013
  1. test: test name is the last elem, not second

    tjfontaine committed with bnoordhuis Mar 25, 2013
    When a test requires node to have parameters passed (--expose-gc) the
    test name will be the last element in the command array, not the second.
  2. child_process: don't emit same handle twice

    bnoordhuis committed Mar 24, 2013
    It's possible to read multiple messages off the parent/child channel.
    When that happens, make sure that recvHandle is cleared after emitting
    the first message so it doesn't get emitted twice.
  3. crypto: make getCiphers() return non-SSL ciphers

    bnoordhuis committed Mar 18, 2013
    Commit f53441a added crypto.getCiphers() as a function that returns the
    names of SSL ciphers.
    
    Commit 14a6c4e then added crypto.getHashes(), which returns the names of
    digest algorithms, but that creates a subtle inconsistency: the return
    values of crypto.getHashes() are valid arguments to crypto.createHash()
    but that is not true for crypto.getCiphers() - the returned values are
    only valid for SSL/TLS functions.
    
    Rectify that by adding tls.getCiphers() and making crypto.getCiphers()
    return proper cipher names.
  4. child_process: fix sending utf-8 to child process

    bnoordhuis committed Mar 14, 2013
    In process#send() and child_process.ChildProcess#send(), use 'utf8' as
    the encoding instead of 'ascii' because 'ascii' mutilates non-ASCII
    input. Correctly handle partial character sequences by introducing
    a StringDecoder.
    
    Sending over UTF-8 no longer works in v0.10 because the high bit of
    each byte is now cleared when converting a Buffer to ASCII. See
    commit 96a314b for details.
    
    Fixes #4999 and #5011.
Commits on Mar 24, 2013
  1. deps: fix openssl build on windows

    bnoordhuis committed Mar 24, 2013
    Commit 8632af3 ("tools: update gyp to r1601") broke the Windows build.
    
    Older versions of GYP link to kernel32.lib, user32.lib, etc. but that
    was changed in r1584. See https://codereview.chromium.org/12256017
    
    Fix the build by explicitly linking to the required libraries.
  2. stream: Fix early end in Writables on zero-length writes

    isaacs committed Mar 22, 2013
    Doing this causes problems:
    
        z.write(Buffer(0));
        z.end();
    
    Fix by not ending Writable streams while they're still in the process of
    writing something.
  3. tools: update gyp to r1601

    bnoordhuis committed Mar 24, 2013
    Among other things, this should make it easier for people to build
    node.js on openbsd.
  4. doc: update CONTRIBUTING.md

    bnoordhuis committed Mar 24, 2013
    * Latest stable is v0.10 now.
    * Add example of what the first line of the commit log should look like.
  5. timer: fix off-by-one ms error

    AlexeyKupershtokh committed with isaacs Oct 26, 2012
    Fix #5103
Commits on Mar 23, 2013
  1. tls: remove harmful unnecessary bounds checking

    laverdet committed with indutny Mar 21, 2013
    The EncIn, EncOut, ClearIn & ClearOut functions are victims of some code
    copy + pasting. A common line copied to all of them is:
    
    `if (off >= buffer_length) { ...`
    
    448e0f4 corrected ClearIn's check from `>=` to `>`, but left the others
    unchanged (with an incorrect bounds check). However, if you look down at
    the next very next bounds check you'll see:
    
    `if (off + len > buffer_length) { ...`
    
    So the check is actually obviated by the next line, and should be
    removed.
    
    This fixes an issue where writing a zero-length buffer to an encrypted
    pair's *encrypted* stream you would get a crash.
  2. v8: Unify kMaxArguments with number of bits used to encode it.

    verwaest committed with bnoordhuis Mar 18, 2013
    Increase the number of bits by 1 by making Flags unsigned.
    
    BUG=chromium:211741
    
    Review URL: https://chromiumcodereview.appspot.com/12886008
    
    This is a back-port of commits 13964 and 13988 addressing CVE-2013-2632.
  3. crypto: check randomBytes() size argument

    bnoordhuis committed Mar 23, 2013
    Throw a TypeError if size > 0x3fffffff. Avoids the following V8 fatal
    error:
    
      FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData()
      length exceeds max acceptable value
    
    Fixes #5126.
Commits on Mar 22, 2013
  1. stream: Fix stall in Transform under very specific conditions

    kanongil committed with isaacs Mar 17, 2013
    The stall is exposed in the test, though the test itself asserts before
    it stalls.
    
    The test is constructed to replicate the stalling state of a complex
    Passthrough usecase since I was not able to reliable trigger the stall.
    
    Some of the preconditions for triggering the stall are:
      * rs.length >= rs.highWaterMark
      * !rs.needReadable
      * _transform() handler that can return empty transforms
      * multiple sync write() calls
    
    Combined this can trigger a case where rs.reading is not cleared when
    further progress requires this. The fix is to always clear rs.reading.
Commits on Mar 21, 2013
  1. timers: handle signed int32 overflow in enroll()

    indutny committed Mar 21, 2013
    Before this patch calling `socket.setTimeout(0xffffffff)` will result in
    signed int32 overflow in C++ which resulted in assertion error:
    
        Assertion failed: (timeout >= -1), function uv__io_poll, file
        ../deps/uv/src/unix/kqueue.c, line 121.
    
    see #5101
  2. blog: Post for v0.10.1

    isaacs committed Mar 21, 2013