Commits on Dec 18, 2013
  1. @tjfontaine

    2013.12.18, Version 0.10.24 (Stable)

    * uv: Upgrade to v0.10.21
    
    * npm: upgrade to 1.3.21
    
    * v8: backport fix for CVE-2013-{6639|6640}
    
    * build: unix install node and dep library headers (Timothy J Fontaine)
    
    * cluster, v8: fix --logfile=%p.log (Ben Noordhuis)
    
    * module: only cache package main (Wyatt Preul)
    tjfontaine committed Dec 18, 2013
  2. @tjfontaine

    uv: Upgrade to v0.10.21

    tjfontaine committed Dec 18, 2013
  3. @bnoordhuis @tjfontaine

    cluster, v8: fix --logfile=%p.log

    The %p is replaced with the current PID.  This used to work in node.js
    v0.9.7 but it seems to have been lost somewhere along the way.
    
    This commit makes the fix from 6b713b5 ("cluster: make --prof work for
    workers") work again.  Without it, all log data ends up in a single
    file and is unusable because the addresses are all wrong.
    bnoordhuis committed with tjfontaine Dec 17, 2013
  4. @tjfontaine

    build: unix install node and dep library headers

    Restores functionality from v0.8 where module authors may not be
    relying on gyp for building their modules.
    tjfontaine committed Oct 10, 2013
Commits on Dec 17, 2013
  1. @isaacs

    npm: upgrade to 1.3.21

    isaacs committed Dec 17, 2013
  2. @isaacs

    npm: upgrade to 1.3.20

    The 1.3.19 release had a critical bug: any packages published with it
    could not be installed, because the shasum would be incorrect.
    
    Thankfully, 1.3.19 was published using 1.3.19, so could not be installed
    by any users!  However, if it goes out as part of a Node.js release,
    then obviously that would be a problem.
    isaacs committed Dec 17, 2013
  3. @isaacs

    npm: Upgrade to 1.3.19

    isaacs committed Dec 16, 2013
Commits on Dec 13, 2013
  1. @indutny

    v8: backport fix for CVE-2013-{6639|6640}

    Quoting CVE-2013-6639:
    
        The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
        before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
        allows remote attackers to cause a denial of service (out-of-bounds
        write) or possibly have unspecified other impact via JavaScript code
        that sets the value of an array element with a crafted index.
    
    Quoting CVE-2013-6640:
    
        The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
        before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
        allows remote attackers to cause a denial of service (out-of-bounds
        read) via JavaScript code that sets a variable to the value of an
        array element with a crafted index.
    
    Like 6b92a7, this is unlikely to affect node.js because it only runs
    local, trusted code.  However, if there exists some module somewhere
    that populates an array index with remotely provided data this could
    very well be used to crash a remote server running node.  Defense in
    depth and all.
    
    This is a backport of upstream commit r17801. Original commit log:
    
        Limit size of dehoistable array indices
    
        LOG=Y
        BUG=chromium:319835,chromium:319860
        R=dslomov@chromium.org
    
        Review URL: https://codereview.chromium.org/74113002
    jkummerow@chromium.org committed with indutny Dec 13, 2013
Commits on Dec 12, 2013
  1. @geek @isaacs

    module: only cache package main

    geek committed with isaacs Dec 12, 2013
  2. @tjfontaine

    blog: Post for v0.10.23

    tjfontaine committed Dec 11, 2013
  3. @tjfontaine

    Now working on 0.10.24

    tjfontaine committed Dec 11, 2013
  4. @tjfontaine
  5. @tjfontaine

    2013.12.12, Version 0.10.23 (Stable)

    * uv: Upgrade to v0.10.20 (Timothy J Fontaine)
    
    * npm: Upgrade to 1.3.17 (isaacs)
    
    * gyp: update to 78b26f7 (Timothy J Fontaine)
    
    * build: include postmortem symbols on linux (Timothy J Fontaine)
    
    * crypto: Make Decipher._flush() emit errors. (Kai Groner)
    
    * dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny)
    
    * events: do not accept NaN in setMaxListeners (Fedor Indutny)
    
    * events: avoid calling `once` functions twice (Tim Wood)
    
    * events: fix TypeError in removeAllListeners (Jeremy Martin)
    
    * fs: report correct path when EEXIST (Fedor Indutny)
    
    * process: enforce allowed signals for kill (Sam Roberts)
    
    * tls: emit 'end' on .receivedShutdown (Fedor Indutny)
    
    * tls: fix potential data corruption (Fedor Indutny)
    
    * tls: handle `ssl.start()` errors appropriately (Fedor Indutny)
    
    * tls: reset NPN callbacks after SNI (Fedor Indutny)
    tjfontaine committed Dec 11, 2013
  6. @nikai3d @tjfontaine

    doc: fix typos in node.1

    nikai3d committed with tjfontaine Dec 7, 2013
  7. @mathiasbynens @tjfontaine
  8. @gsf @tjfontaine
  9. @tjfontaine

    uv: Upgrade v0.10.20

    tjfontaine committed Dec 11, 2013
  10. @tjfontaine

    gyp: update to 78b26f7

    tjfontaine committed Dec 11, 2013
Commits on Dec 11, 2013
  1. @isaacs

    npm: Upgrade to 1.3.17

    isaacs committed Dec 11, 2013
Commits on Dec 10, 2013
  1. @indutny

    fs: report correct path when EEXIST

    When `symlink`, `link` or `rename` report EEXIST, ENOTEMPTY or EPERM -
    the destination file name should be included in the error message,
    instead of source file name.
    
    fix #6510
    indutny committed Nov 16, 2013
  2. @indutny

    tls: emit 'end' on .receivedShutdown

    NOTE: Also removed `.receivedShutdown` method of `Connection` it wasn't
    documented anywhere, and was rewritten with `true` after receiving
    `close_notify`.
    
    fix #6638
    indutny committed Dec 9, 2013
  3. @tjfontaine
Commits on Dec 7, 2013
  1. @tjfontaine

    build: pass --no-parallel by default to gyp

    gyp by default now tries to process gyp files in parallel by using
    python's multiprocessing module, but it has problems on oddball
    platforms. We don't have many files or complex dependency chains that
    would benefit from parallel processing so disable by deafult
    
    fixes #6640
    tjfontaine committed Dec 6, 2013
  2. @tjfontaine

    build: ./configure pass positional args to gyp

    use `--` to specify the arguments you want to pass directly to gyp.
    
    for example: `./configure -- --no-parallel -Dsome_define=foo`
    
    fixes #6370
    tjfontaine committed Dec 6, 2013
Commits on Dec 6, 2013
  1. @yorkie @tjfontaine
  2. @indutny @tjfontaine
Commits on Dec 4, 2013
  1. @groner @indutny

    crypto: Make Decipher._flush() emit errors.

    When Decipher processes a stream using an incorrect key, the
    DecipherFinal() method throws an unhandled exception at the end of the
    stream.
    groner committed with indutny Apr 18, 2013
  2. @isaacs

    blog: bnoordhuis departure

    isaacs committed Dec 4, 2013
Commits on Dec 2, 2013
  1. @indutny @tjfontaine

    tls: fix pool usage race

    When calling `encOut` in loop, `maybeInitFinished()` may invoke
    `clearOut`'s loop, leading to the writing of interleaved data
    (encrypted and cleartext) into the one shared pool.
    
    Move `maybeInitFinished()` out of the loop and add assertion for
    future.
    indutny committed with tjfontaine Nov 29, 2013
  2. @yorkie @tjfontaine
  3. @gabrielf @tjfontaine
  4. @sam-github @trevnorris

    process: document kill(0), disallow kill(O_RDWR)

    The null signal test existed, but only tested the case where the target
    process existed, not when it did not exist.
    
    Also clarified that SIGUSR1 is reserved by Node.js only for receiveing,
    its not at all reserved when sending a signal with kill().
    
    kill(pid, 'O_RDWR'), or any other node constant, "worked". I fixed this
    by also checking for 'SIG'. The same as done in the isSignal() function.
    Now the signal names supported by process.kill() are the same as those
    supported by process.on().
    sam-github committed with trevnorris Oct 10, 2013
  5. @indutny

    tls: reset NPN callbacks after SNI

    SNI callback selects a new SSL_CTX for the connection, which doesn't
    have NPN callbacks set up.
    indutny committed Nov 22, 2013
  6. @tjfontaine

    build: include postmortem symbols on linux

    Previously we were building the symbols, but the linker was garbage
    collecting the symbols because they weren't used. Inform the linker
    that we want to keep all symbols from v8 around.
    tjfontaine committed Dec 1, 2013
Commits on Nov 30, 2013
  1. @yorkie @bnoordhuis