Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secure pair fix #2441

Closed
wants to merge 1 commit into from
Closed

Secure pair fix #2441

wants to merge 1 commit into from

Conversation

@socketpair
Copy link
Contributor

@socketpair socketpair commented Aug 19, 2015

No description provided.

@mscdex
Copy link
Contributor

@mscdex mscdex commented Aug 19, 2015

The parameter list is getting a bit unwieldy :-)

@socketpair
Copy link
Contributor Author

@socketpair socketpair commented Aug 24, 2015

bump. all tests passed!

@thefourtheye
thefourtheye reviewed Aug 24, 2015
View changes
doc/api/tls.markdown Outdated
@@ -487,6 +487,8 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
automatically reject clients with invalid certificates. Only applies to
servers with `requestCert` enabled.

- `options`: An object with common SSL options. See [new tls.TLSSocket][].

This comment has been minimized.

@thefourtheye

thefourtheye Aug 24, 2015
Contributor

new should not be there.

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

I have copy-pasted from another place in this doc. OK, I will remove.

@thefourtheye
thefourtheye reviewed Aug 24, 2015
View changes
test/simple/test-tls-securepair-fiftharg.js Outdated
@@ -0,0 +1,69 @@
// Copyright Joyent, Inc. and other Node contributors.
//

This comment has been minimized.

@thefourtheye

thefourtheye Aug 24, 2015
Contributor

The copyright notice is not necessary.

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

OK, will remove, just copy-pasted...

@thefourtheye
thefourtheye reviewed Aug 24, 2015
View changes
test/simple/test-tls-securepair-fiftharg.js Outdated
// USE OR OTHER DEALINGS IN THE SOFTWARE.
//

var common = require('../common');

This comment has been minimized.

@thefourtheye

thefourtheye Aug 24, 2015
Contributor

Use const wherever the value is assigned only once and never changed.

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

Not sure if I should use ES6 feature in tests....

This comment has been minimized.

@ChALkeR

ChALkeR Aug 24, 2015
Member

Why not?

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

There is no reason to write higher-level standard code, when this will not bring profit.

P.S.
If you strongly require that, I will fix.

@thefourtheye
thefourtheye reviewed Aug 24, 2015
View changes
test/simple/test-tls-securepair-fiftharg.js Outdated
]);

pair.encrypted.write(ssl_hello_with_SNI);
assert.equal('www.google.com', catched_servername);

This comment has been minimized.

@thefourtheye

thefourtheye Aug 24, 2015
Contributor

The value is assigned only in the callback. Will it be available synchronously?

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

in fact, yes, will be available, test is passed. But really, no one guarantee that this call back will be called in same ioloop iteration. How to write test ? using timeout ?

This comment has been minimized.

@targos

targos Aug 24, 2015
Member

You can do the assertion in process.on('exit')

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

fixed.

@targos
targos reviewed Aug 24, 2015
View changes
test/simple/test-tls-securepair-fiftharg.js Outdated
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
//

This comment has been minimized.

@targos

targos Aug 24, 2015
Member

'use strict';

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

fixed

@thefourtheye
thefourtheye reviewed Aug 24, 2015
View changes
test/simple/test-tls-securepair-fiftharg.js Outdated
var fs = require('fs');
var tls = require('tls');

test1();

This comment has been minimized.

@thefourtheye

thefourtheye Aug 24, 2015
Contributor

You don't need this function, as you are simply invoking it anyway.

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

fixed

@socketpair socketpair force-pushed the socketpair:SecurePairFix branch Aug 24, 2015
@targos
Copy link
Member

@targos targos commented Aug 24, 2015

@socketpair I believe you copy-pasted from the joyent/node repository ?
There is no test/simple directory here. I think your test can go in test/parallel.

@thefourtheye
thefourtheye reviewed Aug 24, 2015
View changes
test/simple/test-tls-securepair-fiftharg.js Outdated
@@ -0,0 +1,44 @@
'use strict';

var common = require('../common');

This comment has been minimized.

@thefourtheye

thefourtheye Aug 24, 2015
Contributor

use const at least for the requires.

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

I have said in another comment, that there is no requirements to use ES6 features. If io.js claim to suppoer ES6 completely, I will fix.

If you strongly require to fix that, I will fix anyway.

@thefourtheye
thefourtheye reviewed Aug 24, 2015
View changes
test/simple/test-tls-securepair-fiftharg.js Outdated
}
});

// captured trafic from browser's request to https://www.google.com

This comment has been minimized.

@thefourtheye

thefourtheye Aug 24, 2015
Contributor

traffic

This comment has been minimized.

@socketpair

socketpair Aug 24, 2015
Author Contributor

fixed :)

@socketpair
Copy link
Contributor Author

@socketpair socketpair commented Aug 24, 2015

fixed

@socketpair socketpair force-pushed the socketpair:SecurePairFix branch 2 times, most recently Aug 24, 2015
@socketpair
Copy link
Contributor Author

@socketpair socketpair commented Aug 24, 2015

I have fixed all remarks (except const). Will you merge that ?

@rvagg rvagg force-pushed the nodejs:master branch from 11c25c2 to ba02bd0 Sep 6, 2015
@socketpair
Copy link
Contributor Author

@socketpair socketpair commented Sep 20, 2015

Okay, I have moved to parallel dir

@thefourtheye
Copy link
Contributor

@thefourtheye thefourtheye commented Sep 20, 2015

@targos
Copy link
Member

@targos targos commented Sep 20, 2015

CI: https://ci.nodejs.org/job/node-test-commit/640/

Linter is unhappy with the test:
https://ci.nodejs.org/job/node-linter/763/nodes=linter/console
Perhaps it would be simpler to put the binary data in a separate file in the fixture directory ?

@socketpair
Copy link
Contributor Author

@socketpair socketpair commented Sep 20, 2015

@targos How I can run linter manually, before pushing ?

@thefourtheye
Copy link
Contributor

@thefourtheye thefourtheye commented Sep 20, 2015

@socketpair If you do ./configure; make -j8 test, it will take care of compiling, linting and testing.

@socketpair
Copy link
Contributor Author

@socketpair socketpair commented Sep 20, 2015

Thanks, previous versions of node did not check for lint errors during testing....I'm building now :)

@thefourtheye
thefourtheye reviewed Sep 20, 2015
View changes
test/parallel/test-tls-securepair-fiftharg.js Outdated
cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'),
key: fs.readFileSync(common.fixturesDir + '/test_key.pem'),
});
var catched_servername = null;

This comment has been minimized.

@thefourtheye

thefourtheye Sep 20, 2015
Contributor

snake case is not preferred. Use camel casing.

@thefourtheye
thefourtheye reviewed Sep 20, 2015
View changes
test/parallel/test-tls-securepair-fiftharg.js Outdated
});
var catched_servername = null;
var pair = tls.createSecurePair(sslcontext, true, false, false, {
SNICallback: function(servername, cb) {

This comment has been minimized.

@thefourtheye

thefourtheye Sep 20, 2015
Contributor

In fact, this test can be written better with common.mustCall, like this

SNICallback: common.mustCall(function(servername) {
  assert.strictEqual(servername, 'www.google.com');
})

You don't need the catched_servername variable.

@thefourtheye
thefourtheye reviewed Sep 20, 2015
View changes
test/parallel/test-tls-securepair-fiftharg.js Outdated
@@ -0,0 +1,47 @@
'use strict';

var common = require('../common');

This comment has been minimized.

@thefourtheye

thefourtheye Sep 20, 2015
Contributor

const is supported by Node.js, I would prefer if you changed your variables to const wherever the value is assigned only once.

This comment has been minimized.

@socketpair

socketpair Sep 20, 2015
Author Contributor

fixed

rvagg added a commit to rvagg/io.js that referenced this pull request Oct 29, 2015
Notable changes:

* buffer: (Breaking) Removed both 'raw' and 'raws' encoding types from Buffer,
  these have been deprecated for a long time (Sakthipriyan Vairamani) nodejs#2859.
* console: (Breaking) Values reported by console.time() now have 3 decimals of
  accuracy added (Michaël Zasso) nodejs#3166.
* fs:
  - fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also accept a file
    descriptor as their first argument (Johannes Wüller) nodejs#3163.
  - (Breaking) In fs.readFile(), if an encoding is specified and the internal
    toString() fails the error is no longer thrown but is passed to the callback
    (Evan Lucas) nodejs#3485.
  - (Breaking) In fs.read() (using the fs.read(fd, length, position, encoding,
    callback) form), if the internal toString() fails the error is no longer
    thrown but is passed to the callback (Evan Lucas) nodejs#3503.
* http:
  - Fixed a bug where pipelined http requests would stall (Fedor Indutny) nodejs#3342.
  - (Breaking) When parsing HTTP, don't add duplicates of the following headers:
    Retry-After, ETag, Last-Modified, Server, Age, Expires. This is in addition
    to the following headers which already block duplicates: Content-Type,
    Content-Length, User-Agent, Referer, Host, Authorization,
    Proxy-Authorization, If-Modified-Since, If-Unmodified-Since, From, Location,
    Max-Forwards (James M Snell) nodejs#3090.
  - (Breaking) The callback argument to OutgoingMessage#setTimeout() must be a
    function or a TypeError is thrown (James M Snell) nodejs#3090.
  - (Breaking) HTTP methods and header names must now conform to the RFC 2616
    "token" rule, a list of allowed characters that excludes control characters
    and a number of separator characters. Specifically, methods and header names
    must now match /^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/ or a TypeError will be thrown
    (James M Snell) nodejs#2526.
* node:
  - (Breaking) Deprecated the _linklist module (Rich Trott) nodejs#3078.
  - (Breaking) Removed require.paths and require.registerExtension(), both had
    been previously set to throw Error when accessed
    (Sakthipriyan Vairamani) nodejs#2922.
* npm: Upgraded to version 3.3.6 from 2.14.7, see
  https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a
  major version bump for npm and it has seen a significant amount of change.
  Please see the original npm v3.0.0 release notes for a list of major changes
  (Rebecca Turner) nodejs#3310.
* src: (Breaking) Bumped NODE_MODULE_VERSION to 47 from 46, this is necessary
  due to the V8 upgrade. Native add-ons will need to be recompiled
  (Rod Vagg) nodejs#3400.
* timers: Attempt to reuse the timer handle for setTimeout().unref(). This fixes
  a long-standing known issue where unrefed timers would perviously hold
  beforeExit open (Fedor Indutny) nodejs#3407.
* tls:
  - Added ALPN Support (Shigeki Ohtsu) nodejs#2564.
  - TLS options can now be passed in an object to createSecurePair()
    (Коренберг Марк) nodejs#2441.
  - (Breaking) The default minimum DH key size for tls.connect() is now 1024
    bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new minDHSize TLS
    option can be used to override the default. (Shigeki Ohtsu) nodejs#1831.
* util:
  - (Breaking) util.p() was deprecated for years, and has now been removed
    (Wyatt Preul) nodejs#3432.
  - (Breaking) util.inherits() can now work with ES6 classes. This is considered
    a breaking change because of potential subtle side-effects caused by a
    change from directly reassigning the prototype of the constructor using
    `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })`
    to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)`
    (Michaël Zasso) nodejs#3455.
* v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) nodejs#3351.
  - Implements the spread operator, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator
    for further information.
  - Implements new.target, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target
    for further information.
* zlib: Decompression now throws on truncated input (e.g. unexpected end of
  file) (Yuval Brik) nodejs#2595.

PR-URL: nodejs#3466
rvagg added a commit that referenced this pull request Oct 29, 2015
Notable changes:

* buffer: (Breaking) Removed both 'raw' and 'raws' encoding types from Buffer,
  these have been deprecated for a long time (Sakthipriyan Vairamani) #2859.
* console: (Breaking) Values reported by console.time() now have 3 decimals of
  accuracy added (Michaël Zasso) #3166.
* fs:
  - fs.readFile*(), fs.writeFile*(), and fs.appendFile*() now also accept a file
    descriptor as their first argument (Johannes Wüller) #3163.
  - (Breaking) In fs.readFile(), if an encoding is specified and the internal
    toString() fails the error is no longer thrown but is passed to the callback
    (Evan Lucas) #3485.
  - (Breaking) In fs.read() (using the fs.read(fd, length, position, encoding,
    callback) form), if the internal toString() fails the error is no longer
    thrown but is passed to the callback (Evan Lucas) #3503.
* http:
  - Fixed a bug where pipelined http requests would stall (Fedor Indutny) #3342.
  - (Breaking) When parsing HTTP, don't add duplicates of the following headers:
    Retry-After, ETag, Last-Modified, Server, Age, Expires. This is in addition
    to the following headers which already block duplicates: Content-Type,
    Content-Length, User-Agent, Referer, Host, Authorization,
    Proxy-Authorization, If-Modified-Since, If-Unmodified-Since, From, Location,
    Max-Forwards (James M Snell) #3090.
  - (Breaking) The callback argument to OutgoingMessage#setTimeout() must be a
    function or a TypeError is thrown (James M Snell) #3090.
  - (Breaking) HTTP methods and header names must now conform to the RFC 2616
    "token" rule, a list of allowed characters that excludes control characters
    and a number of separator characters. Specifically, methods and header names
    must now match /^[a-zA-Z0-9_!#$%&'*+.^`|~-]+$/ or a TypeError will be thrown
    (James M Snell) #2526.
* node:
  - (Breaking) Deprecated the _linklist module (Rich Trott) #3078.
  - (Breaking) Removed require.paths and require.registerExtension(), both had
    been previously set to throw Error when accessed
    (Sakthipriyan Vairamani) #2922.
* npm: Upgraded to version 3.3.6 from 2.14.7, see
  https://github.com/npm/npm/releases/tag/v3.3.6 for more details. This is a
  major version bump for npm and it has seen a significant amount of change.
  Please see the original npm v3.0.0 release notes for a list of major changes
  (Rebecca Turner) #3310.
* src: (Breaking) Bumped NODE_MODULE_VERSION to 47 from 46, this is necessary
  due to the V8 upgrade. Native add-ons will need to be recompiled
  (Rod Vagg) #3400.
* timers: Attempt to reuse the timer handle for setTimeout().unref(). This fixes
  a long-standing known issue where unrefed timers would perviously hold
  beforeExit open (Fedor Indutny) #3407.
* tls:
  - Added ALPN Support (Shigeki Ohtsu) #2564.
  - TLS options can now be passed in an object to createSecurePair()
    (Коренберг Марк) #2441.
  - (Breaking) The default minimum DH key size for tls.connect() is now 1024
    bits and a warning is shown when DH key size is less than 2048 bits. This a security consideration to prevent "logjam" attacks. A new minDHSize TLS
    option can be used to override the default. (Shigeki Ohtsu) #1831.
* util:
  - (Breaking) util.p() was deprecated for years, and has now been removed
    (Wyatt Preul) #3432.
  - (Breaking) util.inherits() can now work with ES6 classes. This is considered
    a breaking change because of potential subtle side-effects caused by a
    change from directly reassigning the prototype of the constructor using
    `ctor.prototype = Object.create(superCtor.prototype, { constructor: { ... } })`
    to using `Object.setPrototypeOf(ctor.prototype, superCtor.prototype)`
    (Michaël Zasso) #3455.
* v8: (Breaking) Upgraded to 4.6.85.25 from 4.5.103.35 (Ali Ijaz Sheikh) #3351.
  - Implements the spread operator, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator
    for further information.
  - Implements new.target, see
    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/new.target
    for further information.
* zlib: Decompression now throws on truncated input (e.g. unexpected end of
  file) (Yuval Brik) #2595.

PR-URL: #3466
MylesBorins pushed a commit that referenced this pull request Feb 17, 2016
Helps in implementation of #6204, where some options passed to
`createSecurePair()` are ignored before this patch.

These options are very helpful if someone wants to pass
`options.servername` or `options.SNICallback` to securepair.

PR-URL: #2441
Reviewed-By: Fedor Indutny <fedor@indutny.com>
MylesBorins pushed a commit that referenced this pull request Feb 18, 2016
Helps in implementation of #6204, where some options passed to
`createSecurePair()` are ignored before this patch.

These options are very helpful if someone wants to pass
`options.servername` or `options.SNICallback` to securepair.

PR-URL: #2441
Reviewed-By: Fedor Indutny <fedor@indutny.com>
@MylesBorins MylesBorins mentioned this pull request Feb 18, 2016
MylesBorins pushed a commit that referenced this pull request Feb 18, 2016
Notable changes:

This update to the LTS line includes a number of semver minor changes
that have been staged for a number of months. This includes:

  * deps: backport 9da3ab6 from V8 upstream (Ali Ijaz Sheikh)
    - #3609
  * http: handle errors on idle sockets (José F. Romaniello)
    - #4482
  * src: add BE support to StringBytes::Encode() (Bryon Leung)
    - #3410
  * tls: add `options` argument to createSecurePair (Коренберг Марк)
    - #2441

There are also quite a large number of semver patch changes
including over 20 doc fixes and almost 50 test fixes.

Notable semver patch changes include:

  * deps: upgrade to npm 2.14.18 (Kat Marchán)
    - #5245
  * https: evict cached sessions on error (Fedor Indutny)
    - #4982
  * process: support symbol events (cjihrig)
    - #4798
  * querystring: improve parse() performance (Brian White)
    - #4675

PR-URL: #5301
MylesBorins pushed a commit that referenced this pull request Feb 23, 2016
In December we announced that we would be doing a minor release in
order to get a number of voted on SEMVER-MINOR changes into LTS.
Our ability to release this was delayed due to the unforeseen security
release v4.3. We are quickly bumping to v4.4 in order to bring you the
features that we had committed to releasing.

Notable changes:

The SEMVER-MINOR changes include:
  * **deps**:
    - An update to v8 that introduces a new flag
      --perf_basic_prof_only_functions (Ali Ijaz Sheikh)
      #3609
  * **http**:
    - A new feature in http(s) agent that catches errors on
      *keep alived* connections (José F. Romaniello)
      #4482
  * **src**:
    - Better support for Big-Endian systems (Bryon Leung)
      #3410
  * **tls**:
    - A new feature that allows you to pass common SSL options to
      `tls.createSecurePair` (Коренберг Марк)
      #2441

Notable semver patch changes include:

  * **npm**
    - upgrade to npm 2.14.19 (Kat Marchán)
      #5335
  * **https**:
    - A potential fix for #3692)
      HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny)
      #4982
  * **process**:
    - Add support for symbols in event emitters. Symbols didn't exist
      when it was written ¯\_(ツ)_/¯ (cjihrig)
      #4798
  * **querystring**:
    - querystring.parse() is now 13-22% faster! (Brian White)
      #4675

PR-URL: #5301
MylesBorins pushed a commit that referenced this pull request Mar 1, 2016
In December we announced that we would be doing a minor release in order to
get a number of voted on SEMVER-MINOR changes into LTS. Our ability to release this
was delayed due to the unforeseen security release v4.3. We are quickly bumping to
v4.4 in order to bring you the features that we had committed to releasing.

This release also includes security updates to openssl. More information can be found [on nodejs.org](https://nodejs.org/en/blog/vulnerability/openssl-march-2016/)

This release also includes over 70 fixes to our docs and over 50 fixes to tests.

The SEMVER-MINOR changes include:
  * deps:
    - An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) #3609
  * http:
    - A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) #4482
  * src:
    - Better support for Big-Endian systems (Bryon Leung) #3410
  * tls:
    - A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) #2441
  * tools
    - a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) #4021

Notable semver patch changes include:

  * buld:
    - Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) #4841
  * https:
    - A potential fix for #3692 HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) #4982
  * installer:
    - More readable profiling information from isolate tick logs (Matt Loring) #3032
  * *npm:
    - upgrade to npm 2.14.20 (Kat Marchán) #5510
  * *openssl:
    - upgrade openssl to 1.0.2g (Ben Noordhuis) #5507
  * process:
    - Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) #4798
  * querystring:
    - querystring.parse() is now 13-22% faster! (Brian White) #4675
  * streams:
    - performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) #4354
  * tools:
    - eslint has been updated to version 2.1.0 (Rich Trott) #5214

PR-URL: #5301
MylesBorins pushed a commit to MylesBorins/node that referenced this pull request Mar 1, 2016
In December we announced that we would be doing a minor release in order to
get a number of voted on SEMVER-MINOR changes into LTS. Our ability to release this
was delayed due to the unforeseen security release v4.3. We are quickly bumping to
v4.4 in order to bring you the features that we had committed to releasing.

This release also includes security updates to openssl. More information can be found [on nodejs.org](https://nodejs.org/en/blog/vulnerability/openssl-march-2016/)

This release also includes over 70 fixes to our docs and over 50 fixes to tests.

The SEMVER-MINOR changes include:
  * deps:
    - An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) nodejs#3609
  * http:
    - A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) nodejs#4482
  * src:
    - Better support for Big-Endian systems (Bryon Leung) nodejs#3410
  * tls:
    - A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) nodejs#2441
  * tools
    - a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) nodejs#4021

Notable semver patch changes include:

  * buld:
    - Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) nodejs#4841
  * https:
    - A potential fix for nodejs#3692 HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) nodejs#4982
  * installer:
    - More readable profiling information from isolate tick logs (Matt Loring) nodejs#3032
  * *npm:
    - upgrade to npm 2.14.20 (Kat Marchán) nodejs#5510
  * *openssl:
    - upgrade openssl to 1.0.2g (Ben Noordhuis) nodejs#5507
  * process:
    - Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) nodejs#4798
  * querystring:
    - querystring.parse() is now 13-22% faster! (Brian White) nodejs#4675
  * streams:
    - performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) nodejs#4354
  * tools:
    - eslint has been updated to version 2.1.0 (Rich Trott) nodejs#5214

PR-URL: nodejs#5301
MylesBorins pushed a commit that referenced this pull request Mar 2, 2016
Helps in implementation of #6204, where some options passed to
`createSecurePair()` are ignored before this patch.

These options are very helpful if someone wants to pass
`options.servername` or `options.SNICallback` to securepair.

PR-URL: #2441
Reviewed-By: Fedor Indutny <fedor@indutny.com>
MylesBorins pushed a commit that referenced this pull request Mar 2, 2016
In December we announced that we would be doing a minor release in order to
get a number of voted on SEMVER-MINOR changes into LTS. Our ability to release this
was delayed due to the unforeseen security release v4.3. We are quickly bumping to
v4.4 in order to bring you the features that we had committed to releasing.

This release also includes over 70 fixes to our docs and over 50 fixes to tests.

The SEMVER-MINOR changes include:
  * deps:
    - An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) #3609
  * http:
    - A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) #4482
  * src:
    - Better support for Big-Endian systems (Bryon Leung) #3410
  * tls:
    - A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) #2441
  * tools
    - a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) #4021

Notable semver patch changes include:

  * buld:
    - Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) #4841
  * https:
    - A potential fix for #3692 HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) #4982
  * installer:
    - More readable profiling information from isolate tick logs (Matt Loring) #3032
  * *npm:
    - upgrade to npm 2.14.20 (Kat Marchán) #5510
  * process:
    - Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) #4798
  * querystring:
    - querystring.parse() is now 13-22% faster! (Brian White) #4675
  * streams:
    - performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) #4354
  * tools:
    - eslint has been updated to version 2.1.0 (Rich Trott) #5214

PR-URL: #5301
MylesBorins pushed a commit that referenced this pull request Mar 3, 2016
In December we announced that we would be doing a minor release in order to
get a number of voted on SEMVER-MINOR changes into LTS. Our ability to release this
was delayed due to the unforeseen security release v4.3. We are quickly bumping to
v4.4 in order to bring you the features that we had committed to releasing.

This release also includes over 70 fixes to our docs and over 50 fixes to tests.

The SEMVER-MINOR changes include:
  * deps:
    - An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) #3609
  * http:
    - A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) #4482
  * src:
    - Better support for Big-Endian systems (Bryon Leung) #3410
  * tls:
    - A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) #2441
  * tools
    - a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) #4021

Notable semver patch changes include:

  * buld:
    - Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) #4841
  * https:
    - A potential fix for #3692 HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) #4982
  * installer:
    - More readable profiling information from isolate tick logs (Matt Loring) #3032
  * *npm:
    - upgrade to npm 2.14.20 (Kat Marchán) #5510
  * process:
    - Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) #4798
  * querystring:
    - querystring.parse() is now 13-22% faster! (Brian White) #4675
  * streams:
    - performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) #4354
  * tools:
    - eslint has been updated to version 2.1.0 (Rich Trott) #5214

PR-URL: #5301
MylesBorins pushed a commit that referenced this pull request Mar 8, 2016
In December we announced that we would be doing a minor release in order to
get a number of voted on SEMVER-MINOR changes into LTS. Our ability to release this
was delayed due to the unforeseen security release v4.3. We are quickly bumping to
v4.4 in order to bring you the features that we had committed to releasing.

This release also includes over 70 fixes to our docs and over 50 fixes to tests.

The SEMVER-MINOR changes include:
  * deps:
    - An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) #3609
  * http:
    - A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) #4482
  * src:
    - Better support for Big-Endian systems (Bryon Leung) #3410
  * tls:
    - A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) #2441
  * tools
    - a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) #4021

Notable semver patch changes include:

  * buld:
    - Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) #4841
  * https:
    - A potential fix for #3692 HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) #4982
  * installer:
    - More readable profiling information from isolate tick logs (Matt Loring) #3032
  * *npm:
    - upgrade to npm 2.14.20 (Kat Marchán) #5510
  * process:
    - Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) #4798
  * querystring:
    - querystring.parse() is now 13-22% faster! (Brian White) #4675
  * streams:
    - performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) #4354
  * tools:
    - eslint has been updated to version 2.1.0 (Rich Trott) #5214

PR-URL: #5301
MylesBorins pushed a commit that referenced this pull request Mar 9, 2016
In December we announced that we would be doing a minor release in order to
get a number of voted on SEMVER-MINOR changes into LTS. Our ability to release this
was delayed due to the unforeseen security release v4.3. We are quickly bumping to
v4.4 in order to bring you the features that we had committed to releasing.

This release also includes over 70 fixes to our docs and over 50 fixes to tests.

The SEMVER-MINOR changes include:
  * deps:
    - An update to v8 that introduces a new flag --perf_basic_prof_only_functions (Ali Ijaz Sheikh) #3609
  * http:
    - A new feature in http(s) agent that catches errors on *keep alived* connections (José F. Romaniello) #4482
  * src:
    - Better support for Big-Endian systems (Bryon Leung) #3410
  * tls:
    - A new feature that allows you to pass common SSL options to `tls.createSecurePair` (Коренберг Марк) #2441
  * tools
    - a new flag `--prof-process` which will execute the tick processor on the provided isolate files (Matt Loring) #4021

Notable semver patch changes include:

  * buld:
    - Support python path that includes spaces. This should be of particular interest to our Windows users who may have python living in `c:/Program Files` (Felix Becker) #4841
  * https:
    - A potential fix for #3692 HTTP/HTTPS client requests throwing EPROTO (Fedor Indutny) #4982
  * installer:
    - More readable profiling information from isolate tick logs (Matt Loring) #3032
  * *npm:
    - upgrade to npm 2.14.20 (Kat Marchán) #5510
  * process:
    - Add support for symbols in event emitters. Symbols didn't exist when it was written ¯\_(ツ)_/¯ (cjihrig) #4798
  * querystring:
    - querystring.parse() is now 13-22% faster! (Brian White) #4675
  * streams:
    - performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change! (Matteo Collina) #4354
  * tools:
    - eslint has been updated to version 2.1.0 (Rich Trott) #5214

PR-URL: #5301
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

9 participants
You can’t perform that action at this time.