Switch branches/tags
Commits on May 2, 2014
  1. 2014.05.01, Version 0.10.28 (Stable)

    * npm: upgrade to v1.4.9
    tjfontaine committed May 2, 2014
Commits on May 1, 2014
  1. npm: upgrade to v1.4.9

    * Send referer header (with any potentially private stuff redacted)
    * Fix critical typo bug in previous npm release
    isaacs committed May 1, 2014
  2. Now working on 0.10.28

    tjfontaine committed May 1, 2014
  3. 2014.05.01, Version 0.10.27 (Stable)

    * npm: upgrade to v1.4.8
    * openssl: upgrade to 1.0.1g
    * uv: update to v0.10.27
    * dns: fix certain txt entries (Fedor Indutny)
    * assert: Ensure reflexivity of deepEqual (Mike Pennisi)
    * child_process: fix deadlock when sending handles (Fedor Indutny)
    * child_process: fix sending handle twice (Fedor Indutny)
    * crypto: do not lowercase cipher/hash names (Fedor Indutny)
    * dtrace: workaround linker bug on FreeBSD (Fedor Indutny)
    * http: do not emit EOF non-readable socket (Fedor Indutny)
    * http: invoke createConnection when no agent (Nathan Rajlich)
    * stream: remove useless check (Brian White)
    * timer: don't reschedule timer bucket in a domain (Greg Brail)
    * url: treat  the same as / (isaacs)
    * util: format as Error if instanceof Error (Rod Vagg)
    tjfontaine committed May 1, 2014
  4. npm: upgrade to v1.4.8

    * Check SHA before using files from cache
    * adduser: allow change of the saved password
    * Make `npm install` respect `config.unicode`
    * Fix lifecycle to pass `Infinity` for config env value
    * Don't return 0 exit code on invalid command
    * cache: Handle 404s and other HTTP errors as errors
    * bump tap dep, make tests stderr a bit quieter
    * Resolve ~ in path configs to env.HOME
    * Include npm version in default user-agent conf
    * npm init: Use ISC as default license, use save-prefix for deps
    * Many test and doc fixes
    isaacs committed May 1, 2014
  5. uv: update to v0.10.27

    tjfontaine committed May 1, 2014
Commits on Apr 29, 2014
  1. docs: add cautionary note to emitter.removeAllListeners

    Signed-off-by: Fedor Indutny <>
    othiym23 committed with indutny Apr 28, 2014
Commits on Apr 28, 2014
  1. deps: fix v8 link error with glibc < 2.17

    Commit f9ced08 switches V8 on Linux over from gettimeofday() to
    clock_getres() and clock_gettime().  As of glibc 2.17, those functions
    live in libc.  For older versions, we need to pull them in from librt.
    Fixes the following link-time error;
        In function `v8::internal::OS::Ticks()':
        undefined reference to `clock_gettime'
        undefined reference to `clock_getres'
    Fixes #7514.
    Signed-off-by: Fedor Indutny <>
    bnoordhuis committed with indutny Apr 28, 2014
Commits on Apr 25, 2014
  1. util: format as Error if instanceof Error

    This is a backport to fix #7253
    Signed-off-by: Fedor Indutny <>
    rvagg committed with indutny Oct 15, 2013
Commits on Apr 24, 2014
  1. deps: make v8 use CLOCK_REALTIME_COARSE indirectly calls gettimeofday() on Linux and that's a system
    call that is extremely expensive on virtualized systems when the host
    operating system has to emulate access to the hardware clock.
    Case in point: output from `perf record -c 10000 -e cycles:u -g -i`
    for a benchmark/http_simple bytes/8 benchmark with a light load of
    50 concurrent clients:
        53.69%     node  node                 [.] v8::internal::OS::TimeCurrentMillis()
                   --- v8::internal::OS::TimeCurrentMillis()
                      |--99.77%-- v8::internal::Runtime_DateCurrentTime(v8::internal::Arguments, v8::internal::Isolate*)
                      |          0x23587880618e
    That's right - over half of user time spent inside the V8 function that
    calls gettimeofday().
    Notably, nearly all system time gets attributed to acpi_pm_read(), the
    kernel function that reads the ACPI power management timer:
        32.49%     node  [kernel.kallsyms]    [k] acpi_pm_read
                   --- acpi_pm_read
                      |--98.40%-- __getnstimeofday
                      |          getnstimeofday
                      |          |
                      |          |--71.61%-- do_gettimeofday
                      |          |          sys_gettimeofday
                      |          |          system_call_fastpath
                      |          |          0x7fffbbaf6dbc
                      |          |          |
                      |          |          |--98.72%-- v8::internal::OS::TimeCurrentMillis()
    The cost of the gettimeofday() system call is normally measured in
    nanoseconds but we were seeing 100 us averages and spikes >= 1000 us.
    The numbers were so bad, my initial hunch was that the node process was
    continuously getting rescheduled inside the system call...
    v8::internal::OS::TimeCurrentMillis()'s most frequent caller is
    v8::internal::Runtime_DateCurrentTime(), the V8 run-time function
    that's behind  The timeout handling logic in lib/http.js
    and lib/net.js calls into lib/timers.js and that module will happily
    call hundreds or even thousands of times per second.
    If you saw exports._unrefActive() show up in --prof output a lot,
    now you know why.
    That's why this commit makes V8 switch over to clock_gettime() on Linux.
    In particular, it checks if CLOCK_REALTIME_COARSE is available and has
    a resolution <= 1 ms because in that case the clock_gettime() call can
    be fully serviced from the vDSO.
    It speeds up the aforementioned benchmark by about 100% on the affected
    systems and should go a long way toward addressing the latency issues
    that StrongLoop customers have been reporting.
    This patch will be upstreamed as a CR against V8 3.26.  I'm sending it
    as a pull request for v0.10 first because that's what our users are
    running and because the delta between 3.26 and 3.14 is too big to
    reasonably back-port the patch.  I'll open a pull request for the
    master branch once the CR lands upstream.
    Signed-off-by: Trevor Norris <>
    Signed-off-by: Fedor Indutny <>
    Ben Noordhuis committed with trevnorris Apr 24, 2014
  2. doc: fix missing link in net api

    Signed-off-by: Fedor Indutny <>
    juliangruber committed with indutny Apr 24, 2014
  3. doc: fix order in net api

    Signed-off-by: Fedor Indutny <>
    juliangruber committed with indutny Apr 24, 2014
  4. Revert "deps: backport b5135bbc from c-ares repo"

    This reverts commit 896e193.
    Proper handling of TXT records requires API change, we can't afford it
    in v0.10.
    See #7371 for details.
    indutny committed Apr 24, 2014
Commits on Apr 15, 2014
  1. npm: upgrade to 1.4.7

    * isaacs, Robert Kowalski, Benjamin Coe: Test Improvements
    * isaacs doc: Add canonical url
    * isaacs view: handle unpublished packages properly
    * Raynos (Jake Verbaten) do not log if silent
    * Julian Gruber fix no such property error
    * isaacs npmconf@0.1.14
    * Thorsten Lorenz adding save-prefix configuration option
    * isaacs npm-registry-client@0.4.7
    * isaacs cache: treat missing versions as a 404
    * isaacs cache: Save shasum, write resolved/etc data to cache
    * isaacs cache: Always fetch root doc
    * isaacs cache: don't repack unnecessarily from tmp
    * Andrey Kislyuk Don't crash if shrinkwrap-dependencies were not passed in pkginfo
    * Robert Kowalski fix link in faq
    * Jean Lauliac Add a peerDependencies section in package.json doc
    * isaacs read-installed@2.0.2
    isaacs committed Apr 15, 2014
  2. url: treat \ the same as /

    Parse URLs with backslashes the same as web browsers, by replacing all
    backslashes with forward slashes, except those that occur after the
    first # character.
    isaacs committed Mar 25, 2014
Commits on Apr 14, 2014
  1. child_process: fix deadlock when sending handles

    Fix possible deadlock, when handles are sent in both direction
    simultaneously. In such rare cases, both sides may queue their
    `NODE_HANDLE_ACK` replies and wait for them.
    fix #7465
    indutny committed Apr 14, 2014
Commits on Apr 10, 2014
  1. docs: fix links to streams

    Signed-off-by: Fedor Indutny <>
    sandinmyjoints committed with indutny Apr 9, 2014
  2. src: use monotonic time for process.uptime()

    `process.uptime()` interface will return the amount of time the
    current process has been running. To achieve this it was caching the
    `uv_uptime` value at program start, and then on the call to
    `process.uptime()` returning the delta between the two values.
    `uv_uptime` is defined as the number of seconds the operating system
    has been up since last boot. On sunos this interface uses `kstat`s
    which can be a significantly expensive operation as it requires
    exclusive access, but because of the design of `process.uptime()` node
    *had* to always call this on start. As a result if you had many node
    processes all starting at the same time you would suffer lock
    contention as they all tried to read kstats.
    Instead of using `uv_uptime` to achieve this, the libuv loop already
    has a concept of current loop time in the form of `uv_now()` which is
    in fact monotonically increasing, and already stored directly on the
    loop. By using this value at start every platform performs at least
    one fewer syscall during initialization.
    Since the interface to `uv_uptime` is defined as seconds, in the call
    to `process.uptime()` we now `uv_update_time` get our delta, divide by
    1000 to get seconds, and then convert to an `Integer`. In 0.12 we can
    move back to `Number::New` instead and not lose precision.
    Caveat: For some platforms `uv_uptime` reports time monotonically
    increasing regardless of system hibernation, `uv_now` interface is
    also monotonically increasing but may not reflect time spent in
    tjfontaine committed Apr 5, 2014
Commits on Apr 8, 2014
Commits on Apr 7, 2014
  1. deps: update openssl to 1.0.1g

    indutny committed Apr 7, 2014
  2. http: do not emit EOF non-readable socket

    Socket may become not `readable`, but http should not rely on this
    property and should not think that it means that no data will ever
    arrive from it. In fact, it may arrive in a next tick and, since
    `this.push(null)` was already called, it will result in a error like
        Error: stream.push() after EOF
            at readableAddChunk (_stream_readable.js:143:15)
            at IncomingMessage.Readable.push (_stream_readable.js:123:10)
            at HTTPParser.parserOnBody (_http_common.js:132:22)
            at Socket.socketOnData (_http_client.js:277:20)
            at Socket.EventEmitter.emit (events.js:101:17)
            at (_stream_readable.js:367:10)
            at Socket.socketCloseListener (_http_client.js:196:10)
            at Socket.EventEmitter.emit (events.js:123:20)
            at TCP.close (net.js:479:12)
    fix #6784
    indutny committed with indutny Jan 24, 2014
  3. doc: add missing space

    Signed-off-by: Fedor Indutny <>
    mscdex committed with indutny Apr 7, 2014
Commits on Apr 2, 2014
  1. docs: correct tls docs. server -> client

    when a pfx file is passed to tls.connection,
    it is the client private key, not the server's private key.
    dominictarr committed with indutny Mar 30, 2014
Commits on Mar 31, 2014
  1. doc: typo clean up in tls

    9Y5 committed with tjfontaine Mar 29, 2014
Commits on Mar 27, 2014
  1. build: windows signing should include timestamps

    Previously the build artifacts did not include a signed timestamp, so
    when the certificate expired the validation of the artifact would fail.
    Now we sign against a timestamp server such that the artifact will
    always be valid regardless of the disposition of the certificate.
    Closes #7360 and #7059.
    daguej committed with tjfontaine Mar 26, 2014
Commits on Mar 26, 2014
  1. src: ensure that openssl's PRNG is fully seeded

    Ensure that OpenSSL has enough entropy (at least 256 bits) for its PRNG.
    The entropy pool starts out empty and needs to fill up before the PRNG
    can be used securely.
    OpenSSL normally fills the pool automatically but not when someone
    starts generating random numbers before the pool is full: in that case
    OpenSSL keeps lowering the entropy estimate to thwart attackers trying
    to guess the initial state of the PRNG.
    When that happens, we wait until enough entropy is available, something
    that normally should never take longer than a few milliseconds.
    Fixes #7338.
    bnoordhuis committed with indutny Mar 25, 2014
  2. src: seed V8's random number generator at startup

    The default entropy source is /dev/urandom on UNIX platforms, which is
    okay but we can do better by seeding it from OpenSSL's entropy pool.
    On Windows we can certainly do better; on that platform, V8 seeds the
    random number generator using only the current system time.
    Fixes #6250.
    NB: This is a back-port of commit 7ac2391 from the master branch that
    for some reason never got back-ported to the v0.10 branch.
    The default on UNIX platforms in v0.10 is different and arguably worse
    than it is with master: if no entropy source is provided, V8 3.14 calls
    srandom() with a xor of the PID and the current time in microseconds.
    That means that on systems with a coarse system clock, the initial
    state of the PRNG may be easily guessable.
    The situation on Windows is even more dire because there the PRNG is
    seeded with only the current time... in milliseconds.
    bnoordhuis committed with indutny Sep 20, 2013
  3. npm: upgrade to 1.4.6

    * Documentation upgrades
    * Fix glob bug which prevents proper README publishing
    * node-gyp upgrade to 0.13
    * Documentation updates
    * Add --save-exact to save an exact dep (instead of a range)
    * alias 't' to 'test'
    isaacs committed Mar 19, 2014
Commits on Mar 23, 2014
  1. build: fix g++ 4.8 build, disable -Werror

    Turn off -Werror when building V8, it hits -Werror=unused-local-typedefs
    with g++ 4.8.  The warning itself is harmless so don't abort the build.
    This was originally implemented in commit d2ab314 back in 2011 but the
    build process has gone through a few iterations since then, that change
    no longer works.
    bnoordhuis committed with tjfontaine Mar 6, 2014
Commits on Mar 10, 2014
  1. doc: remove an unused arg in process.stdin.

    The argument of process.stdin's readable event handler is not used.
    shuhei committed with tjfontaine Mar 9, 2014
  2. crypto: do not lowercase cipher/hash names

    `crypto.getCiphers()` and `crypto.getHashes()` should prefer lower-case
    variants of names, but should not introduce them.
    fix #7282
    indutny committed Mar 10, 2014
Commits on Mar 6, 2014
  1. deps: fix v8 valgrind warning

    Fix the following valgrind warning:
        Conditional jump or move depends on uninitialised value(s)
            at 0x7D64E7: v8::internal::GlobalHandles::IterateAllRootsWithClassIds(v8::internal::ObjectVisitor*) (
            by 0x94DCDC: v8::internal::NativeObjectsExplorer::FillRetainedObjects() (
            # etc.
    This was fixed upstream in r12903 and released in 3.15.2 but that commit
    was never back-ported to the 3.14 branch that node.js v0.10 uses.
    The code itself works okay; this commit simply shuffles the clauses in
    an `if` statement to check that the node is in use before checking its
    class id (which is uninitialized if the node is not in use.)
    bnoordhuis committed with indutny Mar 6, 2014
Commits on Mar 5, 2014
  1. child_process: fix sending handle twice

    When sending a socket to a child process via IPC pipe,
    `child_process.js` picks a raw UV handle from `_handle` property, sends
    it, and assigns `null` to the property. Sending the same socket twice
    was resulting in a runtime error, since we weren't handling the empty
    `_handle` case.
    In case of `null` `_handle` we should send just a plain text message
    as passed it was passed to `.send()` and ignore the handle, letting
    users handle such cases themselves instead of throwing the error at
    fix #5469
    indutny committed with tjfontaine Feb 26, 2014
  2. test: test sending a handle twice

    Added test-cluster-send-handle-twice.js testing to send a handle
    twice to the parent process.
    Benoit Vallée committed with tjfontaine May 14, 2013