platform/upstream/nodejs.git
10 years agoMerge branch 'v0.10.29-release' into v0.10
Timothy J Fontaine [Mon, 9 Jun 2014 17:51:53 +0000 (10:51 -0700)]
Merge branch 'v0.10.29-release' into v0.10

10 years ago2014.06.05, Version 0.10.29 (Stable) v0.10.29
Timothy J Fontaine [Mon, 9 Jun 2014 17:04:36 +0000 (10:04 -0700)]
2014.06.05, Version 0.10.29 (Stable)

* openssl: to 1.0.1h (CVE-2014-0224)

* npm: upgrade to 1.4.10

* utf8: Prevent Node from sending invalid UTF-8 (Felix Geisendörfer)
  - *NOTE* this introduces a breaking change, previously you could construct
invalid UTF-8 and invoke an error in a client that was expecting valid
UTF-8, now unmatched surrogate pairs are replaced with the unknown UTF-8
character. To restore the old functionality simply have NODE_INVALID_UTF8
environment variable set.

* child_process: do not set args before throwing (Greg Sabia Tucker)

* child_process: spawn() does not throw TypeError (Greg Sabia Tucker)

* constants: export O_NONBLOCK (Fedor Indutny)

* crypto: improve memory usage (Alexis Campailla)

* fs: close file if fstat() fails in readFile() (cjihrig)

* lib: name EventEmitter prototype methods (Ben Noordhuis)

* tls: fix performance issue (Alexis Campailla)

10 years agofs: remove duplicate check
Brian White [Sat, 7 Jun 2014 15:53:23 +0000 (11:53 -0400)]
fs: remove duplicate check

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agov8: shift heap space for aslr on 64bit
Timothy J Fontaine [Thu, 5 Jun 2014 22:55:48 +0000 (15:55 -0700)]
v8: shift heap space for aslr on 64bit

Previously we were only shifting the address space for ASLR on 32bit
processes, apply the same shift for 64bit so processes don't
get artificially limited native heap.

10 years agonpm: upgrade to v1.4.14
Timothy J Fontaine [Thu, 5 Jun 2014 22:18:15 +0000 (15:18 -0700)]
npm: upgrade to v1.4.14

10 years agosrc: replace usage of String::Utf8Value
Timothy J Fontaine [Thu, 10 Apr 2014 00:33:33 +0000 (17:33 -0700)]
src: replace usage of String::Utf8Value

v8::String::Utf8Value previously could allow invalid surrogates when
interpreting values.

10 years agostring_bytes: Guarantee valid utf-8 output
Felix Geisendörfer [Mon, 20 Jan 2014 08:47:19 +0000 (09:47 +0100)]
string_bytes: Guarantee valid utf-8 output

Previously v8's WriteUtf8 function would produce invalid utf-8 output
when encountering unmatched surrogate code units [1]. The new
REPLACE_INVALID_UTF8 option fixes that by replacing invalid code points
with the unicode replacement character.

[1]: JS Strings are defined as arrays of 16 bit unsigned integers. There
is no unicode enforcement, so one can easily end up with invalid unicode
code unit sequences inside a string.

10 years agodeps/v8: Apply REPLACE_INVALID_UTF8 patch
Felix Geisendörfer [Mon, 20 Jan 2014 08:43:43 +0000 (09:43 +0100)]
deps/v8: Apply REPLACE_INVALID_UTF8 patch

- https://codereview.chromium.org/121173009/
- https://code.google.com/p/v8/source/detail?r=18683

Note: The v8 test case did not cleanly apply, so it's missing from this
patch. I'm assuming this is not a problem if the v8 test suite is not
part of the node build / test system. If that's the case I'll fix it.
Otherwise the test case will be integrated once v8 is upgraded.

10 years agostring_decoder: Add more comments
Felix Geisendörfer [Tue, 13 May 2014 15:42:48 +0000 (17:42 +0200)]
string_decoder: Add more comments

10 years agostring_decoder: Fix failures from new test cases
Felix Geisendörfer [Tue, 13 May 2014 15:36:40 +0000 (17:36 +0200)]
string_decoder: Fix failures from new test cases

This patch simplifies the implementation of StringDecoder, fixes the
failures from the new test cases, and also no longer relies on v8's
WriteUtf8 function to encode individual surrogates.

10 years agostring_decoder: Improve test coverage
Felix Geisendörfer [Tue, 13 May 2014 15:30:25 +0000 (17:30 +0200)]
string_decoder: Improve test coverage

The test cases are still essentially the same, but now all possible ways
of writing a buffer into the decoder are tested, which has exposed a few
failing scenarios that had not been discovered so far!

10 years agostream: start old-mode read in a next tick
Fedor Indutny [Fri, 16 May 2014 09:10:34 +0000 (13:10 +0400)]
stream: start old-mode read in a next tick

Calling `.read()` in the same tick with `.on('data', ...)` may cause
users missing `error` events, because no `error` listeners were set yet.

fix #7618

10 years agodeps: update openssl to 1.0.1h
Fedor Indutny [Thu, 5 Jun 2014 14:09:35 +0000 (07:09 -0700)]
deps: update openssl to 1.0.1h

10 years agodoc: fixed wording in child_process
Chris Barber [Fri, 30 May 2014 21:25:52 +0000 (14:25 -0700)]
doc: fixed wording in child_process

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agofs: close file if fstat() fails in readFile()
cjihrig [Wed, 28 May 2014 22:34:04 +0000 (18:34 -0400)]
fs: close file if fstat() fails in readFile()

Currently, if fstat() fails in readFile(), the callback
is invoked without closing the file. This commit closes
the file before calling back.

Closes #7697

10 years agotls: fix performance issue
Alexis Campailla [Fri, 23 May 2014 18:55:34 +0000 (14:55 -0400)]
tls: fix performance issue

See https://github.com/orangemocha/node-connection-drop

I have pinpointed the performance degradation to
https://github.com/joyent/node/commit/ac2263b77f3f346458d06fc019de27e24c63cee0

This change brings performance back to the orginal levels.

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agodoc: document url `slashes` property
Yazhong Liu [Wed, 7 May 2014 10:59:23 +0000 (18:59 +0800)]
doc: document url `slashes` property

Slashes should be documented, because 3rd-party protocols -- those
postfixed with `://` -- would incorrectly `format` and `parse` if they
didn't set/get the `slashes` option.

Signed-off-by: Timothy J Fontaine <tjfontaine@gmail.com>
10 years agodoc: clarify `end` vs `finish` in streams
Calvin Metcalf [Tue, 13 May 2014 15:52:38 +0000 (11:52 -0400)]
doc: clarify `end` vs `finish` in streams

Adds a section to the transform stream docs to clarify the
difference between the `end` event and the `finish` events.
Also clarifies the wording on the `end` event.

10 years agoconfigure: allow V8 snapshot for cross-compilation
Andrei Sedoi [Thu, 15 May 2014 23:11:51 +0000 (02:11 +0300)]
configure: allow V8 snapshot for cross-compilation

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agocrypto: improve memory usage
Alexis Campailla [Wed, 14 May 2014 17:07:29 +0000 (13:07 -0400)]
crypto: improve memory usage

ClientHelloParser used to contain an 18k buffer that was kept around
for the life of the connection, even though it was not needed in many
situations. I changed it to be deallocated when it's determined to
be no longer needed.

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agochild_process: do not set args before throwing
Greg Sabia Tucker [Wed, 14 May 2014 05:32:57 +0000 (22:32 -0700)]
child_process: do not set args before throwing

No point in setting args and options if TypeError
is being thrown.

fix #7456

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agosrc: fix _XOPEN_SOURCE redefinition warning
Ben Noordhuis [Tue, 13 May 2014 11:45:21 +0000 (13:45 +0200)]
src: fix _XOPEN_SOURCE redefinition warning

Fix the following compiler warning on systems where _XOPEN_SOURCE is
defined by default:

    ../src/node_constants.cc:35:0: warning: "_XOPEN_SOURCE" redefined
     #define _XOPEN_SOURCE 500

Move the (re)definition of _XOPEN_SOURCE to the top of the file while
we're here.  Commit 00890e4 adds a `#define _XOPEN_SOURCE 500` in order
to make <fcntl.h> expose O_NONBLOCK but it does so after other system
headers have been included.  If those headers include <fcntl.h>, then
the #include in node_constants.cc will be a no-op and O_NONBLOCK won't
be visible.

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agochild_process: spawn() does not throw TypeError
Greg Sabia Tucker [Wed, 30 Apr 2014 01:24:44 +0000 (18:24 -0700)]
child_process: spawn() does not throw TypeError

Ensure TypeError is thrown, fix a bug where `env` option was
assuming the option was actually an object.

This case is especially bad because it then sets `env == null`
instead of using `process.env`.

Fix #7456

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agolib: name EventEmitter prototype methods
Ben Noordhuis [Mon, 5 May 2014 14:48:51 +0000 (16:48 +0200)]
lib: name EventEmitter prototype methods

Before this commit the EventEmitter methods were anonymous functions.
V8 tries to infer names for anonymous functions based on the execution
context but it frequently gets it wrong and when that happens, the
stack trace is usually confusing and unhelpful.  This commit names all
methods so V8 can fall back to the method.name property.

The above gotcha applies to all anonymous functions but is exacerbated
for EventEmitter methods because those are invoked with a plenitude of
different receivers.

Signed-off-by: Trevor Norris <trev.norris@gmail.com>
10 years agonpm: upgrade to 1.4.10
isaacs [Tue, 6 May 2014 01:20:40 +0000 (18:20 -0700)]
npm: upgrade to 1.4.10

* Don't set referer if already set
* fetch: Send referer and npm-session headers
* run-script: Support --parseable and --json
* list runnable scripts (Evan Lucas)
* Use marked instead of ronn for html docs

10 years agoconstants: export O_NONBLOCK
Fedor Indutny [Thu, 6 Mar 2014 16:29:21 +0000 (20:29 +0400)]
constants: export O_NONBLOCK

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agodeps: backport 23f2736a from v8 upstream
Fedor Indutny [Fri, 2 May 2014 18:44:45 +0000 (22:44 +0400)]
deps: backport 23f2736a from v8 upstream

Original text:

    Fix corner case in x64 compare stubs.

    BUG=v8:2416

    Review URL: https://codereview.chromium.org/11413087

fix #7528

10 years agoNow working on 0.10.29
Timothy J Fontaine [Fri, 2 May 2014 14:46:15 +0000 (07:46 -0700)]
Now working on 0.10.29

10 years agoMerge branch 'v0.10.28-release' into v0.10
Timothy J Fontaine [Fri, 2 May 2014 14:46:05 +0000 (07:46 -0700)]
Merge branch 'v0.10.28-release' into v0.10

10 years ago2014.05.01, Version 0.10.28 (Stable) v0.10.28
Timothy J Fontaine [Fri, 2 May 2014 00:47:47 +0000 (17:47 -0700)]
2014.05.01, Version 0.10.28 (Stable)

* npm: upgrade to v1.4.9

10 years agonpm: upgrade to v1.4.9
isaacs [Thu, 1 May 2014 23:30:33 +0000 (16:30 -0700)]
npm: upgrade to v1.4.9

* Send referer header (with any potentially private stuff redacted)
* Fix critical typo bug in previous npm release

10 years agoNow working on 0.10.28
Timothy J Fontaine [Thu, 1 May 2014 22:30:07 +0000 (15:30 -0700)]
Now working on 0.10.28

10 years agoMerge branch 'v0.10.27-release' into v0.10
Timothy J Fontaine [Thu, 1 May 2014 22:29:52 +0000 (15:29 -0700)]
Merge branch 'v0.10.27-release' into v0.10

10 years ago2014.05.01, Version 0.10.27 (Stable) v0.10.27
Timothy J Fontaine [Thu, 1 May 2014 21:04:20 +0000 (14:04 -0700)]
2014.05.01, Version 0.10.27 (Stable)

* npm: upgrade to v1.4.8

* openssl: upgrade to 1.0.1g

* uv: update to v0.10.27

* dns: fix certain txt entries (Fedor Indutny)

* assert: Ensure reflexivity of deepEqual (Mike Pennisi)

* child_process: fix deadlock when sending handles (Fedor Indutny)

* child_process: fix sending handle twice (Fedor Indutny)

* crypto: do not lowercase cipher/hash names (Fedor Indutny)

* dtrace: workaround linker bug on FreeBSD (Fedor Indutny)

* http: do not emit EOF non-readable socket (Fedor Indutny)

* http: invoke createConnection when no agent (Nathan Rajlich)

* stream: remove useless check (Brian White)

* timer: don't reschedule timer bucket in a domain (Greg Brail)

* url: treat  the same as / (isaacs)

* util: format as Error if instanceof Error (Rod Vagg)

10 years agonpm: upgrade to v1.4.8
isaacs [Thu, 1 May 2014 18:09:00 +0000 (11:09 -0700)]
npm: upgrade to v1.4.8

* Check SHA before using files from cache
* adduser: allow change of the saved password
* Make `npm install` respect `config.unicode`
* Fix lifecycle to pass `Infinity` for config env value
* Don't return 0 exit code on invalid command
* cache: Handle 404s and other HTTP errors as errors
* bump tap dep, make tests stderr a bit quieter
* Resolve ~ in path configs to env.HOME
* Include npm version in default user-agent conf
* npm init: Use ISC as default license, use save-prefix for deps
* Many test and doc fixes

10 years agouv: update to v0.10.27
Timothy J Fontaine [Thu, 1 May 2014 16:27:39 +0000 (09:27 -0700)]
uv: update to v0.10.27

10 years agodocs: add cautionary note to emitter.removeAllListeners
Forrest L Norvell [Mon, 28 Apr 2014 19:38:06 +0000 (12:38 -0700)]
docs: add cautionary note to emitter.removeAllListeners

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agodeps: fix v8 link error with glibc < 2.17
Ben Noordhuis [Mon, 28 Apr 2014 11:05:00 +0000 (13:05 +0200)]
deps: fix v8 link error with glibc < 2.17

Commit f9ced08 switches V8 on Linux over from gettimeofday() to
clock_getres() and clock_gettime().  As of glibc 2.17, those functions
live in libc.  For older versions, we need to pull them in from librt.

Fixes the following link-time error;

    Release/obj.target/deps/v8/tools/gyp/libv8_base.a(platform-posix.o):
    In function `v8::internal::OS::Ticks()':
    platform-posix.cc:(.text+0x93c):
    undefined reference to `clock_gettime'
    platform-posix.cc:(.text+0x989):
    undefined reference to `clock_getres'

Fixes #7514.

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agoutil: format as Error if instanceof Error
Rod Vagg [Tue, 15 Oct 2013 01:26:18 +0000 (12:26 +1100)]
util: format as Error if instanceof Error

Conflicts:
lib/util.js
test/simple/test-util-format.js

This is a backport to fix #7253

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agodeps: make v8 use CLOCK_REALTIME_COARSE
Ben Noordhuis [Thu, 24 Apr 2014 02:27:40 +0000 (04:27 +0200)]
deps: make v8 use CLOCK_REALTIME_COARSE

Date.now() indirectly calls gettimeofday() on Linux and that's a system
call that is extremely expensive on virtualized systems when the host
operating system has to emulate access to the hardware clock.

Case in point: output from `perf record -c 10000 -e cycles:u -g -i`
for a benchmark/http_simple bytes/8 benchmark with a light load of
50 concurrent clients:

    53.69%     node  node                 [.] v8::internal::OS::TimeCurrentMillis()
               |
               --- v8::internal::OS::TimeCurrentMillis()
                  |
                  |--99.77%-- v8::internal::Runtime_DateCurrentTime(v8::internal::Arguments, v8::internal::Isolate*)
                  |          0x23587880618e

That's right - over half of user time spent inside the V8 function that
calls gettimeofday().

Notably, nearly all system time gets attributed to acpi_pm_read(), the
kernel function that reads the ACPI power management timer:

    32.49%     node  [kernel.kallsyms]    [k] acpi_pm_read
               |
               --- acpi_pm_read
                  |
                  |--98.40%-- __getnstimeofday
                  |          getnstimeofday
                  |          |
                  |          |--71.61%-- do_gettimeofday
                  |          |          sys_gettimeofday
                  |          |          system_call_fastpath
                  |          |          0x7fffbbaf6dbc
                  |          |          |
                  |          |          |--98.72%-- v8::internal::OS::TimeCurrentMillis()

The cost of the gettimeofday() system call is normally measured in
nanoseconds but we were seeing 100 us averages and spikes >= 1000 us.
The numbers were so bad, my initial hunch was that the node process was
continuously getting rescheduled inside the system call...

v8::internal::OS::TimeCurrentMillis()'s most frequent caller is
v8::internal::Runtime_DateCurrentTime(), the V8 run-time function
that's behind Date.now().  The timeout handling logic in lib/http.js
and lib/net.js calls into lib/timers.js and that module will happily
call Date.now() hundreds or even thousands of times per second.
If you saw exports._unrefActive() show up in --prof output a lot,
now you know why.

That's why this commit makes V8 switch over to clock_gettime() on Linux.
In particular, it checks if CLOCK_REALTIME_COARSE is available and has
a resolution <= 1 ms because in that case the clock_gettime() call can
be fully serviced from the vDSO.

It speeds up the aforementioned benchmark by about 100% on the affected
systems and should go a long way toward addressing the latency issues
that StrongLoop customers have been reporting.

This patch will be upstreamed as a CR against V8 3.26.  I'm sending it
as a pull request for v0.10 first because that's what our users are
running and because the delta between 3.26 and 3.14 is too big to
reasonably back-port the patch.  I'll open a pull request for the
master branch once the CR lands upstream.

Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agodoc: fix missing link in net api
Julian Gruber [Thu, 24 Apr 2014 11:19:14 +0000 (04:19 -0700)]
doc: fix missing link in net api

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agodoc: fix order in net api
Julian Gruber [Thu, 24 Apr 2014 11:18:31 +0000 (04:18 -0700)]
doc: fix order in net api

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agoRevert "deps: backport b5135bbc from c-ares repo"
Fedor Indutny [Thu, 24 Apr 2014 06:19:30 +0000 (10:19 +0400)]
Revert "deps: backport b5135bbc from c-ares repo"

This reverts commit 896e19330ad06ace8973c5d7b75d2de538228062.

Proper handling of TXT records requires API change, we can't afford it
in v0.10.

See #7371 for details.

10 years agonpm: upgrade to 1.4.7
isaacs [Tue, 15 Apr 2014 22:31:36 +0000 (15:31 -0700)]
npm: upgrade to 1.4.7

* isaacs, Robert Kowalski, Benjamin Coe: Test Improvements
* isaacs doc: Add canonical url
* isaacs view: handle unpublished packages properly
* Raynos (Jake Verbaten) do not log if silent
* Julian Gruber fix no such property error
* isaacs npmconf@0.1.14
* Thorsten Lorenz adding save-prefix configuration option
* isaacs npm-registry-client@0.4.7
* isaacs cache: treat missing versions as a 404
* isaacs cache: Save shasum, write resolved/etc data to cache
* isaacs cache: Always fetch root doc
* isaacs cache: don't repack unnecessarily from tmp
* Andrey Kislyuk Don't crash if shrinkwrap-dependencies were not passed in pkginfo
* Robert Kowalski fix link in faq
* Jean Lauliac Add a peerDependencies section in package.json doc
* isaacs read-installed@2.0.2

10 years agourl: treat \ the same as /
isaacs [Tue, 25 Mar 2014 21:16:55 +0000 (14:16 -0700)]
url: treat \ the same as /

See https://code.google.com/p/chromium/issues/detail?id=25916

Parse URLs with backslashes the same as web browsers, by replacing all
backslashes with forward slashes, except those that occur after the
first # character.

10 years agochild_process: fix deadlock when sending handles
Fedor Indutny [Mon, 14 Apr 2014 09:33:22 +0000 (13:33 +0400)]
child_process: fix deadlock when sending handles

Fix possible deadlock, when handles are sent in both direction
simultaneously. In such rare cases, both sides may queue their
`NODE_HANDLE_ACK` replies and wait for them.

fix #7465

10 years agodocs: fix links to streams
William Bert [Wed, 9 Apr 2014 20:50:08 +0000 (16:50 -0400)]
docs: fix links to streams

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agosrc: use monotonic time for process.uptime()
Timothy J Fontaine [Sat, 5 Apr 2014 20:49:47 +0000 (13:49 -0700)]
src: use monotonic time for process.uptime()

`process.uptime()` interface will return the amount of time the
current process has been running. To achieve this it was caching the
`uv_uptime` value at program start, and then on the call to
`process.uptime()` returning the delta between the two values.

`uv_uptime` is defined as the number of seconds the operating system
has been up since last boot. On sunos this interface uses `kstat`s
which can be a significantly expensive operation as it requires
exclusive access, but because of the design of `process.uptime()` node
*had* to always call this on start. As a result if you had many node
processes all starting at the same time you would suffer lock
contention as they all tried to read kstats.

Instead of using `uv_uptime` to achieve this, the libuv loop already
has a concept of current loop time in the form of `uv_now()` which is
in fact monotonically increasing, and already stored directly on the
loop. By using this value at start every platform performs at least
one fewer syscall during initialization.

Since the interface to `uv_uptime` is defined as seconds, in the call
to `process.uptime()` we now `uv_update_time` get our delta, divide by
1000 to get seconds, and then convert to an `Integer`. In 0.12 we can
move back to `Number::New` instead and not lose precision.

Caveat: For some platforms `uv_uptime` reports time monotonically
increasing regardless of system hibernation, `uv_now` interface is
also monotonically increasing but may not reflect time spent in
hibernation.

10 years agobuild: make sure changelog.html is generated
Timothy J Fontaine [Tue, 8 Apr 2014 16:05:59 +0000 (09:05 -0700)]
build: make sure changelog.html is generated

10 years agodeps: update openssl to 1.0.1g
Fedor Indutny [Mon, 7 Apr 2014 20:58:37 +0000 (00:58 +0400)]
deps: update openssl to 1.0.1g

10 years agohttp: do not emit EOF non-readable socket
Fedor Indutny [Fri, 24 Jan 2014 12:25:11 +0000 (16:25 +0400)]
http: do not emit EOF non-readable socket

Socket may become not `readable`, but http should not rely on this
property and should not think that it means that no data will ever
arrive from it. In fact, it may arrive in a next tick and, since
`this.push(null)` was already called, it will result in a error like
this:

    Error: stream.push() after EOF
        at readableAddChunk (_stream_readable.js:143:15)
        at IncomingMessage.Readable.push (_stream_readable.js:123:10)
        at HTTPParser.parserOnBody (_http_common.js:132:22)
        at Socket.socketOnData (_http_client.js:277:20)
        at Socket.EventEmitter.emit (events.js:101:17)
        at Socket.Readable.read (_stream_readable.js:367:10)
        at Socket.socketCloseListener (_http_client.js:196:10)
        at Socket.EventEmitter.emit (events.js:123:20)
        at TCP.close (net.js:479:12)

fix #6784

10 years agodoc: add missing space
Brian White [Mon, 7 Apr 2014 02:08:50 +0000 (22:08 -0400)]
doc: add missing space

Signed-off-by: Fedor Indutny <fedor@indutny.com>
10 years agodocs: correct tls docs. server -> client
Dominic Tarr [Sun, 30 Mar 2014 22:25:41 +0000 (11:25 +1300)]
docs: correct tls docs. server -> client

when a pfx file is passed to tls.connection,
it is the client private key, not the server's private key.

10 years agodoc: typo clean up in tls
Goh Yisheng (Andrew) [Sat, 29 Mar 2014 00:20:14 +0000 (08:20 +0800)]
doc: typo clean up in tls

10 years agobuild: windows signing should include timestamps
Josh Dague [Wed, 26 Mar 2014 05:26:17 +0000 (01:26 -0400)]
build: windows signing should include timestamps

Previously the build artifacts did not include a signed timestamp, so
when the certificate expired the validation of the artifact would fail.
Now we sign against a timestamp server such that the artifact will
always be valid regardless of the disposition of the certificate.

Closes #7360 and #7059.

10 years agosrc: ensure that openssl's PRNG is fully seeded
Ben Noordhuis [Tue, 25 Mar 2014 22:35:28 +0000 (23:35 +0100)]
src: ensure that openssl's PRNG is fully seeded

Ensure that OpenSSL has enough entropy (at least 256 bits) for its PRNG.

The entropy pool starts out empty and needs to fill up before the PRNG
can be used securely.

OpenSSL normally fills the pool automatically but not when someone
starts generating random numbers before the pool is full: in that case
OpenSSL keeps lowering the entropy estimate to thwart attackers trying
to guess the initial state of the PRNG.

When that happens, we wait until enough entropy is available, something
that normally should never take longer than a few milliseconds.

Fixes #7338.

10 years agosrc: seed V8's random number generator at startup
Ben Noordhuis [Fri, 20 Sep 2013 20:01:49 +0000 (22:01 +0200)]
src: seed V8's random number generator at startup

The default entropy source is /dev/urandom on UNIX platforms, which is
okay but we can do better by seeding it from OpenSSL's entropy pool.

On Windows we can certainly do better; on that platform, V8 seeds the
random number generator using only the current system time.

Fixes #6250.

NB: This is a back-port of commit 7ac2391 from the master branch that
for some reason never got back-ported to the v0.10 branch.

The default on UNIX platforms in v0.10 is different and arguably worse
than it is with master: if no entropy source is provided, V8 3.14 calls
srandom() with a xor of the PID and the current time in microseconds.

That means that on systems with a coarse system clock, the initial
state of the PRNG may be easily guessable.

The situation on Windows is even more dire because there the PRNG is
seeded with only the current time... in milliseconds.

10 years agonpm: upgrade to 1.4.6
isaacs [Wed, 19 Mar 2014 16:25:40 +0000 (09:25 -0700)]
npm: upgrade to 1.4.6

* Documentation upgrades
* Fix glob bug which prevents proper README publishing
* node-gyp upgrade to 0.13
* Documentation updates
* Add --save-exact to save an exact dep (instead of a range)
* alias 't' to 'test'

10 years agobuild: fix g++ 4.8 build, disable -Werror
Ben Noordhuis [Thu, 6 Mar 2014 04:11:07 +0000 (05:11 +0100)]
build: fix g++ 4.8 build, disable -Werror

Turn off -Werror when building V8, it hits -Werror=unused-local-typedefs
with g++ 4.8.  The warning itself is harmless so don't abort the build.

This was originally implemented in commit d2ab314e back in 2011 but the
build process has gone through a few iterations since then, that change
no longer works.

10 years agodoc: remove an unused arg in process.stdin.
Shuhei Kagawa [Sun, 9 Mar 2014 11:16:39 +0000 (20:16 +0900)]
doc: remove an unused arg in process.stdin.

The argument of process.stdin's readable event handler is not used.

10 years agocrypto: do not lowercase cipher/hash names
Fedor Indutny [Mon, 10 Mar 2014 10:59:18 +0000 (14:59 +0400)]
crypto: do not lowercase cipher/hash names

`crypto.getCiphers()` and `crypto.getHashes()` should prefer lower-case
variants of names, but should not introduce them.

fix #7282

10 years agodeps: fix v8 valgrind warning
Ben Noordhuis [Thu, 6 Mar 2014 21:59:56 +0000 (22:59 +0100)]
deps: fix v8 valgrind warning

Fix the following valgrind warning:

    Conditional jump or move depends on uninitialised value(s)
        at 0x7D64E7: v8::internal::GlobalHandles::IterateAllRootsWithClassIds(v8::internal::ObjectVisitor*) (global-handles.cc:613)
        by 0x94DCDC: v8::internal::NativeObjectsExplorer::FillRetainedObjects() (profile-generator.cc:2849)
        # etc.

This was fixed upstream in r12903 and released in 3.15.2 but that commit
was never back-ported to the 3.14 branch that node.js v0.10 uses.

The code itself works okay; this commit simply shuffles the clauses in
an `if` statement to check that the node is in use before checking its
class id (which is uninitialized if the node is not in use.)

10 years agochild_process: fix sending handle twice
Fedor Indutny [Wed, 26 Feb 2014 10:37:13 +0000 (14:37 +0400)]
child_process: fix sending handle twice

When sending a socket to a child process via IPC pipe,
`child_process.js` picks a raw UV handle from `_handle` property, sends
it, and assigns `null` to the property. Sending the same socket twice
was resulting in a runtime error, since we weren't handling the empty
`_handle` case.

In case of `null` `_handle` we should send just a plain text message
as passed it was passed to `.send()` and ignore the handle, letting
users handle such cases themselves instead of throwing the error at
runtime.

fix #5469

10 years agotest: test sending a handle twice
Benoit Vallée [Tue, 14 May 2013 03:10:07 +0000 (11:10 +0800)]
test: test sending a handle twice

Added test-cluster-send-handle-twice.js testing to send a handle
twice to the parent process.

10 years agosrc: add default visibility to NODE_MODULE
Ben Noordhuis [Tue, 4 Mar 2014 13:10:05 +0000 (14:10 +0100)]
src: add default visibility to NODE_MODULE

It's currently not really possible to compile native add-ons with
-fvisibility=hidden because that also hides the struct containing
the module definition.

The NODE_MODULE() and NODE_MODULE_DECL() macros are structured in
a way that makes it impossible to add a visibility attribute manually
so there is no escape hatch there.

That's why this commit adds an explicit visibility attribute to
the module definition.  It doesn't help with node.js releases that
are already out there but at least it improves the situation going
forward.

10 years agotimer: don't reschedule timer bucket in a domain
Greg Brail [Wed, 29 Jan 2014 01:36:22 +0000 (17:36 -0800)]
timer: don't reschedule timer bucket in a domain

If two timers run on the same tick, and the first timer uses a domain,
and then catches an exception and disposes of the domain, then the
second timer never runs. (And even if the first timer does not dispose
of the domain, the second timer could run under the wrong domain.)

This happens because timer.js uses "process.nextTick()" to schedule
continued processing of the timers for that tick. However, there was
an exception inside a domain, then "process.nextTick()" runs under
the domain of the first timer function, and will do nothing if
the domain has been disposed.

To avoid this, we temporarily save the value of "process.domain"
before calling nextTick so that it does not run inside any domain.

10 years agosrc: domain should not replace nextTick function
Timothy J Fontaine [Tue, 4 Mar 2014 00:27:58 +0000 (16:27 -0800)]
src: domain should not replace nextTick function

Previously if you cached process.nextTick and then require('domain')
subsequent nextTick() calls would not be caught because enqueued
functions were taking the wrong path. This keeps nextTick to a single
function reference and changes the implementation details after domain
has been required.

10 years agotest: add `agent: null` http client request test
Nathan Rajlich [Wed, 26 Feb 2014 19:39:53 +0000 (11:39 -0800)]
test: add `agent: null` http client request test

This is just the test portion from #7012 / #7189,
but targetted for the v0.10 branch.

10 years agohttp: invoke createConnection when no agent
Nathan Rajlich [Wed, 26 Feb 2014 02:17:35 +0000 (18:17 -0800)]
http: invoke createConnection when no agent

This makes it so that the user may pass in a
`createConnection()` option, and they don't have
to pass `agent: false` at the same time.

Also adding a test for the `createConnection` option,
since none was in place before.

See #7014.

10 years agoassert: Ensure reflexivity of deepEqual
Mike Pennisi [Mon, 24 Feb 2014 19:16:40 +0000 (14:16 -0500)]
assert: Ensure reflexivity of deepEqual

Ensure that the behavior of `assert.deepEqual` does not depend on
argument ordering  when comparing an `arguments` object with a
non-`arguments` object.

10 years agostream: remove useless check
Brian White [Sun, 23 Feb 2014 19:00:28 +0000 (14:00 -0500)]
stream: remove useless check

10 years agodoc: update assert.markdown
Nicolas Talle [Sat, 22 Feb 2014 15:02:10 +0000 (16:02 +0100)]
doc: update assert.markdown

Update assert.throws() and assert.doesNotThrow() docs

10 years agoinstaller: copy `node.d` only with node_use_dtrace
Fedor Indutny [Thu, 20 Feb 2014 21:03:03 +0000 (01:03 +0400)]
installer: copy `node.d` only with node_use_dtrace

10 years agodtrace: workaround linker bug on FreeBSD
Fedor Indutny [Thu, 20 Feb 2014 20:56:17 +0000 (00:56 +0400)]
dtrace: workaround linker bug on FreeBSD

10 years agoconfigure: allow --with-dtrace on freebsd
Fedor Indutny [Thu, 20 Feb 2014 17:00:29 +0000 (21:00 +0400)]
configure: allow --with-dtrace on freebsd

10 years agogyp: specialize node.d for freebsd
Fedor Indutny [Thu, 20 Feb 2014 16:52:26 +0000 (20:52 +0400)]
gyp: specialize node.d for freebsd

`node.d` should use `psinfo.d` instead of `procfs.d` and have statically
defined architecture on FreeBSD.

10 years agotools: update to support separate website repo
Timothy J Fontaine [Wed, 19 Feb 2014 02:57:45 +0000 (18:57 -0800)]
tools: update to support separate website repo

10 years agoNow working on v0.10.27
Timothy J Fontaine [Wed, 19 Feb 2014 00:43:12 +0000 (16:43 -0800)]
Now working on v0.10.27

10 years agoMerge branch 'v0.10.26-release' into v0.10
Timothy J Fontaine [Wed, 19 Feb 2014 00:40:23 +0000 (16:40 -0800)]
Merge branch 'v0.10.26-release' into v0.10

10 years agobuild: readd missing installer resources v0.10.26
Timothy J Fontaine [Tue, 18 Feb 2014 23:34:29 +0000 (15:34 -0800)]
build: readd missing installer resources

This were accidentally moved during the website refactor

10 years ago2014.02.18, Version 0.10.26 (Stable)
Timothy J Fontaine [Tue, 18 Feb 2014 22:55:58 +0000 (14:55 -0800)]
2014.02.18, Version 0.10.26 (Stable)

* uv: Upgrade to v0.10.25 (Timothy J Fontaine)

* npm: upgrade to 1.4.3 (isaacs)

* v8: support compiling with VS2013 (Fedor Indutny)

* cares: backport TXT parsing fix (Fedor Indutny)

* crypto: throw on SignFinal failure (Fedor Indutny)

* crypto: update root certificates (Ben Noordhuis)

* debugger: Fix breakpoint not showing after restart (Farid Neshat)

* fs: make unwatchFile() insensitive to path (iamdoron)

* net: do not re-emit stream errors (Fedor Indutny)

* net: make Socket destroy() re-entrance safe (Jun Ma)

* net: reset `endEmitted` on reconnect (Fedor Indutny)

* node: do not close stdio implicitly (Fedor Indutny)

* zlib: avoid assertion in close (Fedor Indutny)

10 years agodocs: clarify process.stdin and old mode
Anton Khlynovskiy [Mon, 8 Jul 2013 17:09:44 +0000 (21:09 +0400)]
docs: clarify process.stdin and old mode

10 years agodoc: stdout blocking or non-blocking behaviour
Pedro Ballesteros [Mon, 17 Feb 2014 15:22:05 +0000 (16:22 +0100)]
doc: stdout blocking or non-blocking behaviour

Makes clear that the behaviour of stdout is blocking
in Linux/Unix even when they refer to pipes.

10 years agotest: make test-net-error-twice less racey
Timothy J Fontaine [Tue, 18 Feb 2014 21:09:41 +0000 (13:09 -0800)]
test: make test-net-error-twice less racey

10 years agouv: Upgrade to v0.10.25
Timothy J Fontaine [Tue, 18 Feb 2014 21:04:29 +0000 (13:04 -0800)]
uv: Upgrade to v0.10.25

10 years agodoc: mention objectMode for Writable streams
Raynos [Tue, 21 May 2013 21:10:34 +0000 (15:10 -0600)]
doc: mention objectMode for Writable streams

10 years agodebugger: Fix breakpoint not showing after restart
Farid Neshat [Sat, 15 Feb 2014 03:30:30 +0000 (11:30 +0800)]
debugger: Fix breakpoint not showing after restart

The reason this wasn't working was because after restart, when restoring
breakpoints the scripts wasn't loaded, so the breakpoint.script was
undefined. As a fix I added another check to use breakpoint.scriptReq
instead of breakpoint.script, which is the same except when the
breakpoint is a function.

fixes #7027

10 years agonpm: upgrade to 1.4.3
isaacs [Mon, 17 Feb 2014 04:43:16 +0000 (20:43 -0800)]
npm: upgrade to 1.4.3

10 years agozlib: introduce pending close state
Fedor Indutny [Thu, 13 Feb 2014 13:17:59 +0000 (17:17 +0400)]
zlib: introduce pending close state

zlib should not crash in `close()` if the write is still in progress.

fix #7101

10 years agodoc: re-add node.1 man page
Timothy J Fontaine [Fri, 14 Feb 2014 19:01:49 +0000 (11:01 -0800)]
doc: re-add node.1 man page

The man page was accidentally removed in 37376de for the website
refactor, bring it back.

Fixes #7117

10 years agonpm: Upgrade to v1.4.0
isaacs [Thu, 13 Feb 2014 02:16:32 +0000 (18:16 -0800)]
npm: Upgrade to v1.4.0

- Removes 'npm publish -f'
- Documentation
- Bug-fixes
- Update license etc to refer to npm, Inc. rather than @isaacs personally

10 years agowebsite: move website to joyent/node-website
Timothy J Fontaine [Thu, 13 Feb 2014 23:52:01 +0000 (15:52 -0800)]
website: move website to joyent/node-website

The website will no longer be living in the source repository instead
it can be found at http://github.com/joyent/node-website

10 years agodoc: changed timer id to object
Christian [Sun, 9 Feb 2014 09:37:55 +0000 (10:37 +0100)]
doc: changed timer id to object

fix #7074

10 years agonet: do not re-emit stream errors
Fedor Indutny [Sun, 9 Feb 2014 10:59:31 +0000 (14:59 +0400)]
net: do not re-emit stream errors

fix #7015

10 years agosrc: refactor buffer bounds checking
Timothy J Fontaine [Wed, 5 Feb 2014 16:50:40 +0000 (08:50 -0800)]
src: refactor buffer bounds checking

Consolidate buffer bounds checking logic into Buffer namespace and use
it consistently throughout the source.

10 years agonpm: upgrade to 1.3.26
isaacs [Mon, 3 Feb 2014 04:24:09 +0000 (20:24 -0800)]
npm: upgrade to 1.3.26

10 years agodoc: fix diffieHellman.getGenerator() description
Brian White [Sat, 8 Feb 2014 18:19:04 +0000 (13:19 -0500)]
doc: fix diffieHellman.getGenerator() description

10 years agoRevert "dns: validate arguments in resolve"
Fedor Indutny [Fri, 7 Feb 2014 22:15:33 +0000 (02:15 +0400)]
Revert "dns: validate arguments in resolve"

This reverts commit 56e80a37e0df0d131d3a3ad6426d52f887ef8e94.

10 years agoRevert "dns: verify argument is valid function in resolve"
Fedor Indutny [Fri, 7 Feb 2014 22:15:29 +0000 (02:15 +0400)]
Revert "dns: verify argument is valid function in resolve"

This reverts commit 2ee86c624ecd6b9dbaad10989143325fc64778cd.

10 years agodns: verify argument is valid function in resolve
Kenan Sulayman [Fri, 7 Feb 2014 17:18:27 +0000 (18:18 +0100)]
dns: verify argument is valid function in resolve

Don't use argument as callback if it's not a valid callback function.
Throw a valid exception instead explaining the issue. Adds to #7070
("DNS — Throw meaningful error(s)").