Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: v0.8.27-release
Commits on Jun 9, 2014
  1. @tjfontaine
  2. @tjfontaine

    2014.06.09, Version 0.8.27 (maintenance)

    tjfontaine authored
    * openssl: update to 1.0.0m (CVE-2014-0224)
    
    * utf8: Prevent Node from sending invalid UTF-8 (Felix Geisendörfer)
      - *NOTE* this introduces a breaking change, previously you could construct
    invalid UTF-8 and invoke an error in a client that was expecting valid
    UTF-8, now unmatched surrogate pairs are replaced with the unknown UTF-8
    character. To restore the old functionality simply have NODE_INVALID_UTF8
    environment variable set.
    
    * tls: fix pool usage race (Fedor Indutny)
    
    * fs: close file if fstat() fails in readFile() (cjihrig)
Commits on Jun 6, 2014
  1. @tjfontaine

    openssl: regenerate asm

    tjfontaine authored
  2. @tjfontaine

    openssl: apply upstream ccb0398 commit

    Matt Caswell authored tjfontaine committed
    Fixed Windows compilation failure
  3. @tjfontaine

    openssl: update to 1.0.0m

    tjfontaine authored
  4. @tjfontaine

    src: replace usage of String::Utf8Value

    tjfontaine authored
    v8::String::Utf8Value previously could allow invalid surrogates when
    interpreting values.
  5. @felixge @tjfontaine

    string_bytes: Guarantee valid utf-8 output

    felixge authored tjfontaine committed
    Previously v8's WriteUtf8 function would produce invalid utf-8 output
    when encountering unmatched surrogate code units [1]. The new
    REPLACE_INVALID_UTF8 option fixes that by replacing invalid code points
    with the unicode replacement character.
    
    [1]: JS Strings are defined as arrays of 16 bit unsigned integers. There
    is no unicode enforcement, so one can easily end up with invalid unicode
    code unit sequences inside a string.
  6. @felixge @tjfontaine

    deps/v8: Apply REPLACE_INVALID_UTF8 patch

    felixge authored tjfontaine committed
    - https://codereview.chromium.org/121173009/
    - https://code.google.com/p/v8/source/detail?r=18683
    
    Note: The v8 test case did not cleanly apply, so it's missing from this
    patch. I'm assuming this is not a problem if the v8 test suite is not
    part of the node build / test system. If that's the case I'll fix it.
    Otherwise the test case will be integrated once v8 is upgraded.
  7. @felixge @tjfontaine

    string_decoder: Add more comments

    felixge authored tjfontaine committed
  8. @felixge @tjfontaine

    string_decoder: Fix failures from new test cases

    felixge authored tjfontaine committed
    This patch simplifies the implementation of StringDecoder, fixes the
    failures from the new test cases, and also no longer relies on v8's
    WriteUtf8 function to encode individual surrogates.
  9. @felixge @tjfontaine

    string_decoder: Improve test coverage

    felixge authored tjfontaine committed
    The test cases are still essentially the same, but now all possible ways
    of writing a buffer into the decoder are tested, which has exposed a few
    failing scenarios that had not been discovered so far!
  10. @tjfontaine
Commits on May 29, 2014
  1. @cjihrig @piscisaureus

    fs: close file if fstat() fails in readFile()

    cjihrig authored piscisaureus committed
    Currently, if fstat() fails in readFile(), the callback
    is invoked without closing the file. This commit closes
    the file before calling back.
    
    Closes #7697
Commits on Jan 8, 2014
  1. @indutny

    tls: fix pool usage race

    indutny authored
    When calling `encOut` in loop, `maybeInitFinished()` may invoke
    `clearOut`'s loop, leading to the writing of interleaved data
    (encrypted and cleartext) into the one shared pool.
    
    Move `maybeInitFinished()` out of the loop and add assertion for
    future.
    
    backport of 60f777d
Commits on Nov 7, 2013
  1. @egirshov @indutny

    test: fix http backpressure test case

    egirshov authored indutny committed
    - use socket timeout event,
    - pause socket from the client side.
Commits on Oct 31, 2013
  1. @indutny
Commits on Oct 18, 2013
  1. @tjfontaine

    Now working on 0.8.27

    tjfontaine authored
  2. @tjfontaine
  3. @tjfontaine

    2013.10.13, Version 0.8.26 (maintenance)

    tjfontaine authored
    * v8: Upgrade to 3.11.10.26
    
    * crypto: clear openssl error stack when handled (Ben Noordhuis)
    
    * crypto: clear errors from verify failure (Timothy J Fontaine)
    
    * crypto: fix memory leak in LoadPKCS12 (Fedor Indutny)
    
    * http: provide backpressure for pipeline flood (isaacs)
    
    * http_parser: expose pause/resume method for parser (Timothy J Fontaine)
    
    * readline: pause stdin before turning off terminal raw mode (Daniel Chatfield)
  4. @bnoordhuis @tjfontaine

    crypto: clear openssl error stack when handled

    bnoordhuis authored tjfontaine committed
    Clear OpenSSL's error stack on return from Connection::HandleSSLError().
    This stops stale errors from popping up later in the lifecycle of the
    SSL connection where they would cause spurious failures.
    
    This commit causes a 1-2% performance regression on `make bench-tls`.
    We'll address that in follow-up commits if possible but let's ensure
    correctness first.
    
    Backport of c6e2db2
  5. @tjfontaine

    crypto: clear errors from verify failure

    tjfontaine authored
    OpenSSL will push errors onto the stack when a verify fails, which can
    disrupt TLS and other routines if we don't clear the error stack
    
    Fixes #6304
  6. @isaacs @tjfontaine

    http: provide backpressure for pipeline flood

    isaacs authored tjfontaine committed
    If a client sends a lot more pipelined requests than we can handle, then
    we need to provide backpressure so that the client knows to back off.
    Do this by pausing both the stream and the parser itself when the
    responses are not being read by the downstream client.
    
    Backport of 085dd30
Commits on Oct 16, 2013
  1. @tjfontaine
Commits on Aug 17, 2013
  1. @danielchatfield @piscisaureus

    readline: pause stdin before turning off terminal raw mode

    danielchatfield authored piscisaureus committed
    On windows, libuv will immediately make a `ReadConsole` call (in the
    thread pool) when a 'flowing' `uv_tty_t` handle is switched to
    line-buffered mode. That causes an immediate issue for some users,
    since libuv can't cancel the `ReadConsole` operation on Windows 8 /
    Server 2012 and up if the program switches back to raw mode later.
    
    But even if this will be fixed in libuv at some point, it's better to
    avoid the overhead of starting work in the thread pool and immediately
    cancelling it afther that.
    
    See also f34f1e3, where the same change is made for the opposite
    flow, e.g. move `resume()` after `_setRawMode(true)`.
    
    Fixes #5927
    
    This is a backport of dfb0461 (see #5930) to the v0.8 branch.
Commits on Jul 29, 2013
  1. @indutny

    crypto: fix memory leak in LoadPKCS12

    indutny authored
    X509_STORE_add_cert increment reference of passed `x509` cert,
    `X509_free` must be called to avoid memory leak.
    
    This is a back-port of commit c1db1ec from the master branch.
Commits on Jun 26, 2013
  1. @isaacs
  2. @bnoordhuis @isaacs

    v8: remove optimization switches

    bnoordhuis authored isaacs committed
    Remove compiler switches from $(TOPLEVEL)/deps/v8/build/common.gypi, we set
    them globally in $(TOPLEVEL)/common.gypi.
    
    Commit 29d12c7 accidentally reintroduced the switches again. In particular,
    the 'cflags!': ['-O2','-Os'] section forced building V8 without any
    optimizations, resulting in a steep (~66%) performance drop on some benchmarks.
    
    Fixes #4191.
  3. @isaacs

    V8: Reapply patches

    isaacs authored
  4. @isaacs

    v8: Upgrade to 3.11.10.26

    isaacs authored
Commits on Jun 13, 2013
  1. @isaacs

    Now working on 0.8.26

    isaacs authored
  2. @isaacs
  3. @isaacs

    2013.06.13, Version 0.8.25 (maintenance)

    isaacs authored
    * npm: Upgrade to 1.2.30
    
    * child_process: fix handle delivery (Ben Noordhuis)
Commits on Jun 12, 2013
  1. @isaacs

    npm: Upgrade to 1.2.30

    isaacs authored
Commits on Jun 6, 2013
  1. @bnoordhuis

    child_process: fix handle delivery

    bnoordhuis authored
    node.js and libuv depend on the fact that none of the supported systems
    ever emit more than one SCM_RIGHTS message from a recvmsg() syscall.
    
    SCM_RIGHTS messages are never coalesced. SCM_RIGHTS and normal messages
    however _are_ coalesced. That is, recvmsg() might return this:
    
      recvmsg();  // { "message-with-fd", "message", "message" }
    
    The operating system implicitly breaks pending messages along
    SCM_RIGHTS boundaries. Most Unices break before such messages but Linux
    also breaks _after_ them.  When the sender looks like this:
    
      sendmsg("message");
      sendmsg("message-with-fd");
      sendmsg("message");
    
    Then on most Unices the receiver sees messages arriving like this:
    
      recvmsg();  // { "message" }
      recvmsg();  // { "message-with-fd", "message" }
    
    The bug fix in commit 9352c19 assumes this behavior. On Linux however,
    those messages can also come in like this:
    
      recvmsg();  // { "message", "message-with-fd" }
      recvmsg();  // { "message" }
    
    In other words, it's incorrect to assume that the file descriptor is
    always attached to the first message. This commit makes node wise up.
    
    This is a back-port of commit 21bd456 from the v0.10 branch. The test
    has been dropped as it's not compatible with the v0.8 process model.
    
    Fixes #5330.
    
    Conflicts:
    	lib/child_process.js
  2. @isaacs

    npm: Upgrade to 1.2.27

    isaacs authored
Something went wrong with that request. Please try again.