Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: v0.10.24-relea…
Commits on Dec 18, 2013
  1. @tjfontaine

    2013.12.18, Version 0.10.24 (Stable)

    tjfontaine authored
    * uv: Upgrade to v0.10.21
    
    * npm: upgrade to 1.3.21
    
    * v8: backport fix for CVE-2013-{6639|6640}
    
    * build: unix install node and dep library headers (Timothy J Fontaine)
    
    * cluster, v8: fix --logfile=%p.log (Ben Noordhuis)
    
    * module: only cache package main (Wyatt Preul)
  2. @tjfontaine

    uv: Upgrade to v0.10.21

    tjfontaine authored
  3. @bnoordhuis @tjfontaine

    cluster, v8: fix --logfile=%p.log

    bnoordhuis authored tjfontaine committed
    The %p is replaced with the current PID.  This used to work in node.js
    v0.9.7 but it seems to have been lost somewhere along the way.
    
    This commit makes the fix from 6b713b5 ("cluster: make --prof work for
    workers") work again.  Without it, all log data ends up in a single
    file and is unusable because the addresses are all wrong.
  4. @tjfontaine

    build: unix install node and dep library headers

    tjfontaine authored
    Restores functionality from v0.8 where module authors may not be
    relying on gyp for building their modules.
Commits on Dec 17, 2013
  1. @isaacs

    npm: upgrade to 1.3.21

    isaacs authored
  2. @isaacs

    npm: upgrade to 1.3.20

    isaacs authored
    The 1.3.19 release had a critical bug: any packages published with it
    could not be installed, because the shasum would be incorrect.
    
    Thankfully, 1.3.19 was published using 1.3.19, so could not be installed
    by any users!  However, if it goes out as part of a Node.js release,
    then obviously that would be a problem.
  3. @isaacs

    npm: Upgrade to 1.3.19

    isaacs authored
Commits on Dec 13, 2013
  1. @indutny

    v8: backport fix for CVE-2013-{6639|6640}

    jkummerow@chromium.org authored indutny committed
    Quoting CVE-2013-6639:
    
        The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
        before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
        allows remote attackers to cause a denial of service (out-of-bounds
        write) or possibly have unspecified other impact via JavaScript code
        that sets the value of an array element with a crafted index.
    
    Quoting CVE-2013-6640:
    
        The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
        before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
        allows remote attackers to cause a denial of service (out-of-bounds
        read) via JavaScript code that sets a variable to the value of an
        array element with a crafted index.
    
    Like 6b92a7, this is unlikely to affect node.js because it only runs
    local, trusted code.  However, if there exists some module somewhere
    that populates an array index with remotely provided data this could
    very well be used to crash a remote server running node.  Defense in
    depth and all.
    
    This is a backport of upstream commit r17801. Original commit log:
    
        Limit size of dehoistable array indices
    
        LOG=Y
        BUG=chromium:319835,chromium:319860
        R=dslomov@chromium.org
    
        Review URL: https://codereview.chromium.org/74113002
Commits on Dec 12, 2013
  1. @geek @isaacs

    module: only cache package main

    geek authored isaacs committed
  2. @tjfontaine

    blog: Post for v0.10.23

    tjfontaine authored
  3. @tjfontaine

    Now working on 0.10.24

    tjfontaine authored
  4. @tjfontaine
  5. @tjfontaine

    2013.12.12, Version 0.10.23 (Stable)

    tjfontaine authored
    * uv: Upgrade to v0.10.20 (Timothy J Fontaine)
    
    * npm: Upgrade to 1.3.17 (isaacs)
    
    * gyp: update to 78b26f7 (Timothy J Fontaine)
    
    * build: include postmortem symbols on linux (Timothy J Fontaine)
    
    * crypto: Make Decipher._flush() emit errors. (Kai Groner)
    
    * dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny)
    
    * events: do not accept NaN in setMaxListeners (Fedor Indutny)
    
    * events: avoid calling `once` functions twice (Tim Wood)
    
    * events: fix TypeError in removeAllListeners (Jeremy Martin)
    
    * fs: report correct path when EEXIST (Fedor Indutny)
    
    * process: enforce allowed signals for kill (Sam Roberts)
    
    * tls: emit 'end' on .receivedShutdown (Fedor Indutny)
    
    * tls: fix potential data corruption (Fedor Indutny)
    
    * tls: handle `ssl.start()` errors appropriately (Fedor Indutny)
    
    * tls: reset NPN callbacks after SNI (Fedor Indutny)
  6. @nikai3d @tjfontaine

    doc: fix typos in node.1

    nikai3d authored tjfontaine committed
  7. @mathiasbynens @tjfontaine

    doc: mention `binary` as deafult for Hash strings

    mathiasbynens authored tjfontaine committed
  8. @gsf @tjfontaine

    doc: "finish" event is on the writable stream

    gsf authored tjfontaine committed
  9. @tjfontaine

    uv: Upgrade v0.10.20

    tjfontaine authored
  10. @tjfontaine

    gyp: update to 78b26f7

    tjfontaine authored
Commits on Dec 11, 2013
  1. @isaacs

    npm: Upgrade to 1.3.17

    isaacs authored
Commits on Dec 10, 2013
  1. @indutny

    fs: report correct path when EEXIST

    indutny authored
    When `symlink`, `link` or `rename` report EEXIST, ENOTEMPTY or EPERM -
    the destination file name should be included in the error message,
    instead of source file name.
    
    fix #6510
  2. @indutny

    tls: emit 'end' on .receivedShutdown

    indutny authored
    NOTE: Also removed `.receivedShutdown` method of `Connection` it wasn't
    documented anywhere, and was rewritten with `true` after receiving
    `close_notify`.
    
    fix #6638
  3. @tjfontaine
Commits on Dec 7, 2013
  1. @tjfontaine

    build: pass --no-parallel by default to gyp

    tjfontaine authored
    gyp by default now tries to process gyp files in parallel by using
    python's multiprocessing module, but it has problems on oddball
    platforms. We don't have many files or complex dependency chains that
    would benefit from parallel processing so disable by deafult
    
    fixes #6640
  2. @tjfontaine

    build: ./configure pass positional args to gyp

    tjfontaine authored
    use `--` to specify the arguments you want to pass directly to gyp.
    
    for example: `./configure -- --no-parallel -Dsome_define=foo`
    
    fixes #6370
Commits on Dec 6, 2013
  1. @yorkie @tjfontaine

    doc: mention execArgv in setupMaster

    yorkie authored tjfontaine committed
  2. @indutny @tjfontaine

    doc: document 'error' event for stream.Writable

    indutny authored tjfontaine committed
    fix #5255
Commits on Dec 4, 2013
  1. @groner @indutny

    crypto: Make Decipher._flush() emit errors.

    groner authored indutny committed
    When Decipher processes a stream using an incorrect key, the
    DecipherFinal() method throws an unhandled exception at the end of the
    stream.
  2. @isaacs

    blog: bnoordhuis departure

    isaacs authored
Commits on Dec 2, 2013
  1. @indutny @tjfontaine

    tls: fix pool usage race

    indutny authored tjfontaine committed
    When calling `encOut` in loop, `maybeInitFinished()` may invoke
    `clearOut`'s loop, leading to the writing of interleaved data
    (encrypted and cleartext) into the one shared pool.
    
    Move `maybeInitFinished()` out of the loop and add assertion for
    future.
  2. @yorkie @tjfontaine

    doc: list execArgv option for child_process.fork()

    yorkie authored tjfontaine committed
  3. @gabrielf @tjfontaine

    doc: change constant to consistent

    gabrielf authored tjfontaine committed
  4. @sam-github @trevnorris

    process: document kill(0), disallow kill(O_RDWR)

    sam-github authored trevnorris committed
    The null signal test existed, but only tested the case where the target
    process existed, not when it did not exist.
    
    Also clarified that SIGUSR1 is reserved by Node.js only for receiveing,
    its not at all reserved when sending a signal with kill().
    
    kill(pid, 'O_RDWR'), or any other node constant, "worked". I fixed this
    by also checking for 'SIG'. The same as done in the isSignal() function.
    Now the signal names supported by process.kill() are the same as those
    supported by process.on().
  5. @indutny

    tls: reset NPN callbacks after SNI

    indutny authored
    SNI callback selects a new SSL_CTX for the connection, which doesn't
    have NPN callbacks set up.
  6. @tjfontaine

    build: include postmortem symbols on linux

    tjfontaine authored
    Previously we were building the symbols, but the linker was garbage
    collecting the symbols because they weren't used. Inform the linker
    that we want to keep all symbols from v8 around.
Commits on Nov 30, 2013
  1. @yorkie @bnoordhuis

    doc: net: fix typo in example code

    yorkie authored bnoordhuis committed
Something went wrong with that request. Please try again.