Release 1.8.4 (wrong branch target) #2145
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Do not keep SSL structure in memory once socket is closed. This should lower the memory usage in many cases. Fix: nodejs#1522 PR-URL: nodejs#1529 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Ensure that GC kicks in at the right times and the RSS does not blow up. Fix: nodejs#1522 PR-URL: nodejs#1529 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
When connecting to server with `keepAlive` turned off - make sure that the read/write buffers won't be kept in a single use SSL_CTX instance after the socket will be destroyed. Fix: nodejs#1522 PR-URL: nodejs#1529 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Destroy singleUse context right after it is going out of use. Fix: nodejs#1522 PR-URL: nodejs#1529 Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
PR-URL: nodejs#1583 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Every npm version bump requires a few patches to be floated on node-gyp for io.js compatibility. These patches are found in 03d1992, 5de334c, and da730c7. This commit squashes them into a single commit. PR-URL: nodejs#990 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
On Windows, when node or io.js attempts to dynamically load a compiled
addon, the compiled addon tries to load node.exe or iojs.exe again -
depending on which import library the module used when it was linked.
This causes many compiled addons to break when node.exe or iojs.exe are
renamed, because when the binary has been renamed the addon DLL can't
find the (right) .exe file to load its imports from.
This patch gives compiled addon developers an option to overcome this
restriction by compiling a delay-load hook into their binary. The
delay-load hook ensures that whenever a module tries to load imports
from node.exe/iojs.exe, it'll just look at the process image, thereby
making the addon work regardless of what name the node/iojs binary has.
To enable this feature, the addon developer must set the
'win_delay_load_hook' option to 'true' in their binding.gyp file, like
this:
```
{
'targets': [
{
'target_name': 'ernie',
'win_delay_load_hook': 'true',
...
```
Bug: nodejs#751
Bug: nodejs#965
Upstream PR: nodejs/node-gyp#599
PR-URL: nodejs#1251
Reviewed-By: Rod Vagg <rod@vagg.org>
PR-URL: nodejs#1266
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
tls.connect(options) with no options.host should accept a certificate with CN: 'localhost'. Fix Error: Hostname/IP doesn't match certificate's altnames: "Host: undefined. is not cert's CN: localhost" 'localhost' is not added directly to defaults because that is not always desired (for example, when using options.socket) PR-URL: nodejs#1493 PORT-PR-URL: nodejs#1560 PORT-FROM: v2.x / a7d7463 Fixes: nodejs#1489 Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com> Reviewed-By: Roman Reiss <me@silverwind.io>
PR-URL: nodejs#1530 PORT-PR-URL: nodejs#1560 PORT-FROM: v2.x / 5472139 Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
parallel tests still not working on most build slaves PR-URL: nodejs#1544 PORT-PR-URL: nodejs#1560 PORT-FROM: v2.x / 2a3c8c1 Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Some modules are monkey-patching Buffer.isEncoding, so without this they cannot do that. Fixes: nodejs#1547 PR-URL: nodejs#1548 PORT-PR-URL: nodejs#1560 PORT-FROM: v2.x / 0fa6c4a Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: nodejs#1553 PORT-PR-URL: nodejs#1560 PORT-FROM: v2.x / f9c681c Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Based on tests running on original Raspberry Pi PR-URL: nodejs#1554 PORT-PR-URL: nodejs#1560 PORT-FROM: v2.x / f9b226c Reviewed-By: Roman Reiss <me@silverwind.io>
Maintenance release Notable Changes: * crypto: significantly reduced memory usage for TLS (Fedor Indutny & Сковорода Никита Андреевич) nodejs#1529 * npm: Upgrade npm to 2.9.0. See the v2.8.4 and v2.9.0 release notes for details.
This fixes building compiled addons with Visual Studio 2010. PR-URL: nodejs/node-gyp#616 Reviewed-By: Bert Belder <bertbelder@gmail.com>
This just replaces all sources of openssl-1.0.2b.tar.gz into deps/openssl/openssl Fixes: nodejs#1921 PR-URL: nodejs#1950 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
In openssl s_client on Windows, RAND_screen() is invoked to initialize random state but it takes several seconds in each connection. This added -no_rand_screen to openssl s_client on Windows to skip RAND_screen() and gets a better performance in the unit test of test-tls-server-verify. Do not enable this except to use in the unit test. Fixes: nodejs#1461 PR-URL: nodejs#1836 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Change all openssl/include/openssl/*.h to include resolved symbolic links and openssl/crypto/opensslconf.h to refer config/opensslconf.h Fixes: nodejs#1921 PR-URL: nodejs#1950 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
asm files are generated as - In `deps/openssl/asm/`, make with CC=gcc and ASM=nasm - In `deps/openssl/asm_obsolute/`, make with no envs for compilers Fixes: nodejs#1921 PR-URL: nodejs#1950 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
DHE key lengths less than 1024bits is already weaken as pointed out in https://weakdh.org/ . 1024bits will not be safe in near future. We will extend this up to 2048bits somedays later. PR-URL: nodejs#1739 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor@indutny.com>
This just replaces all sources of openssl-1.0.2c.tar.gz into deps/openssl/openssl PR-URL: nodejs#1958 Reviewed-By: Fedor Indutny <fedor@indutny.com>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
In openssl s_client on Windows, RAND_screen() is invoked to initialize random state but it takes several seconds in each connection. This added -no_rand_screen to openssl s_client on Windows to skip RAND_screen() and gets a better performance in the unit test of test-tls-server-verify. Do not enable this except to use in the unit test. Fixes: nodejs#1461 PR-URL: nodejs#1836 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Change all openssl/include/openssl/*.h to include resolved symbolic links and openssl/crypto/opensslconf.h to refer config/opensslconf.h PR-URL: nodejs#1958 Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: nodejs#1958 Reviewed-By: Fedor Indutny <fedor@indutny.com>
Since we aleady have a variable with path to the newly built binary, use that instead of prefixing path. This also allows us to pass a different path through the environment (NODE=) PR-URL: nodejs#1955 PORT-PR-URL: nodejs#2101 PORT-FROM: 1ec53c0 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rod Vagg <rod@vagg.org>
Since we will run linting before compiling or testing there's no need to run it as part of the ci testing. PR-URL: nodejs#1965 PORT-PR-URL: nodejs#2101 PORT-FROM: 8d8a26e Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Revewied-By: Evan Lucas <evanlucas@me.com>
PR-URL: nodejs#2004 PORT-PR-URL: nodejs#2101 PORT-FROM: c5353d7 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
vcbuild.bat calls python configure before setting GYP_MSVS_VERSION, so SelectVisualStudioVersion (tools\gyp\pylib\gyp\MSVSVersion.py) defaults to 'auto' and selects VS 2005. vcbuild sets the environment in the current shell, so this issue would manifest itself only on the first invocation of the script in any given shell windows. Reviewed-By: Julien Gilli <jgilli@fastmail.fm> PORT-PR-URL: nodejs#2101 PORT-FROM: c0c0d73 PR-URL: nodejs/node-v0.x-archive#20109
PR-URL: nodejs#2036 PORT-PR-URL: nodejs#2101 PORT-FROM: 4208dc4 Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
PR-URL: nodejs#2036 PORT-PR-URL: nodejs#2101 PORT-FROM: c87c34c Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
PR-URL: nodejs#1938 PORT-PR-URL: nodejs#2101 PORT-FROM: dcbb9e1 Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
On upgrading openssl, all symlinks in pulic header files are replaced with nested include files. The issue was raised that installing them leads to lost its references to real header files. To avoid this, all public header files are copied into the `deps/openssl/openssl/include/openssl/` directory. As a result, we have duplicated header files under `deps/openssl/openssl/` but copied files are refereed in build as specified to include path in openssl.gyp. Fixes: nodejs#1975 PR-URL: nodejs#2016 PORT-PR-URL: nodejs#2101 PORT-FROM: 1f371e3 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
to replace the full src download by node-gyp, using the proper format instead of the full source format PR-URL: nodejs#1975 PORT-PR-URL: nodejs#2101 PORT-FROM: 628a3ab Reviewed-By: William Blankenship <william.jblankenship@gmail.com> Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Originally reported by: Kris Reeves <kris.re@bbhmedia.com> This is a back-port of commit 030f804 from the master branch. Reviewed-By: Rod Vagg <rod@vagg.org>
Maintenance release Notable Changes: * v8: Fixed an out-of-band write in utf8 decoder. This is an important security update as it can be used to cause a denial of service attack. * openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the security advisory for full details. (Shigeki Ohtsu) nodejs#1950 nodejs#1958 * build: - Added support for compiling with Microsoft Visual C++ 2015 - Started building and distributing headers-only tarballs along with binaries
This just replaces all sources of openssl-1.0.2d.tar.gz into deps/openssl/openssl deps: copy all openssl header files to include dir All symlink files in `deps/openssl/openssl/include/openssl/` are removed and replaced with real header files to avoid issues on Windows. deps: fix openssl assembly error on ia32 win32 `x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> deps: fix asm build error of openssl in x86_win32 See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> openssl: fix keypress requirement in apps on win32 Reapply b910613 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> deps: add -no_rand_screen to openssl s_client In openssl s_client on Windows, RAND_screen() is invoked to initialize random state but it takes several seconds in each connection. This added -no_rand_screen to openssl s_client on Windows to skip RAND_screen() and gets a better performance in the unit test of test-tls-server-verify. Do not enable this except to use in the unit test. Fixes: nodejs#1461 PR-URL: nodejs#1836 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> PR-URL: nodejs#2141 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
They should be updated according to the fix at openssl/openssl@b4f0d1a PR-URL: nodejs#2141 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Notable changes * openssl: Upgrade to 1.0.2d, fixes CVE-2015-1793 (Alternate Chains Certificate Forgery).
Fishrock123
added
the
meta
|
Oops, this is targeting the wrong branch. Brb Correct PR: #2146 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CI: https://jenkins-iojs.nodesource.com/job/iojs+any-pr+multi/135/
Related 2.x release: #2141