-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: mark test-http2-settings-flood as flaky on Windows #25048
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Make it more explicit that symlinks are resolved in `__filename`. Refs: nodejs#22602 (comment) PR-URL: nodejs#24587 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit adds a crypto check to suppress the crypto related environment variables introduced in Commit 399bb3c ("doc: add NODE_DEBUG_NATIVE to API docs"). Without this check, test/parallel/test-cli-node-print-help.js will fail when configured --without-ssl, as it some of the descriptions for these environment variables contain flags that the test is not expecting to find. PR-URL: nodejs#24556 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit removes extraneous wrapping of return values in Uptime() and GetParentProcessId(). PR-URL: nodejs#24562 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Jon Moss <me@jonathanmoss.me>
PR-URL: nodejs#24641 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
PR-URL: nodejs#24443 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
CVE-2018-12121 PR-URL: nodejs-private/node-private#143 Ref: nodejs-private/security#139 Ref: nodejs-private/http-parser-private#2 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Anna Henningsen <anna@addaleax.net>
CVE-2018-12121 As per nodejs-private/node-private#149 for http_parse but for llhttp Ref: nodejs-private/node-private#143 PR-URL: nodejs-private/node-private#149 Reviewed-By: Matteo Collina <hello@matteocollina.com>
Ref: nodejs-private/node-private#143 PR-URL: nodejs-private/node-private#149 Reviewed-By: Rod Vagg <rod@vagg.org>
PR-URL: nodejs-private/node-private#149 Reviewed-By: Fedor Indutny <fedor@indutny.com>
CVE-2018-12122 An attacker can send a char/s within headers and exahust the resources (file descriptors) of a system even with a tight max header length protection. This PR destroys a socket if it has not received the headers in 40s. PR-URL: nodejs-private/node-private#144 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
CVE-2018-12123 Fixes: nodejs-private/security#205 PR-URL: nodejs-private/node-private#145 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * Node.js: Debugger port 5858 listens on any interface by default (CVE-2018-12120) * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) * Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) * Node.js: HTTP request splitting (CVE-2018-12116) * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) * OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) Notable Changes: * debugger: Backport of nodejs#8106 to prevent the debugger from listening on `0.0.0.0`. It now defaults to `127.0.0.1`. Reported by Ben Noordhuis. (CVE-2018-12120 / Ben Noordhuis). * deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407 * http: * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina) * Two-byte characters are now strictly disallowed for the `path` option in HTTP client requests. Paths containing characters outside of the range `\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior can be reverted if necessary by supplying the `--security-revert=CVE-2018-12116` command line argument (this is not recommended). Reported as security concern for Node.js 6 and 8 by Arkadiy Tetelman (lob.com), fixed by backporting a change by Benno Fünfstück applied to Node.js 10 and later. (CVE-2018-12116 / Matteo Collina) * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina) PR-URL: nodejs-private/node-private#153
This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) * Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) * Node.js: HTTP request splitting (CVE-2018-12116) * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) * OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) Notable Changes: * deps: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407 * http: * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). * Two-byte characters are now strictly disallowed for the `path` option in HTTP client requests. Paths containing characters outside of the range `\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior can be reverted if necessary by supplying the `--security-revert=CVE-2018-12116` command line argument (this is not recommended). Reported as security concern for Node.js 6 and 8 by Arkadiy Tetelman (lob.com), fixed by backporting a change by Benno Fünfstück applied to Node.js 10 and later. (CVE-2018-12116 / Matteo Collina) * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina) PR-URL: nodejs-private/node-private#154
This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) * Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) * OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735) Notable Changes: * deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735 * http: * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina) PR-URL: nodejs-private/node-private#155
This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) * Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) * Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) * OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) * OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735) Notable Changes: * deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735 * http: * Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) * A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by Martin Bajanik (kenticocloud.com). (CVE-2018-12123 / Matteo Collina) PR-URL: nodejs-private/node-private#156
The processing of strings like `8.x` into a major version number and a minor version number results in minor versions that are `NaN`. In that situation, since the picker will link to the latest docs in the major version, include the version in the version picker. Fixes: nodejs#23979 PR-URL: nodejs#24638 Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Fixes: nodejs#24550 PR-URL: nodejs#24571 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com>
PR-URL: nodejs#24087 Refs: nodejs#23937 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: nodejs#24594 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Shingo Inoue <leko.noor@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
In lib/internal/streams/async_iterator.js, use arrow function for callback. PR-URL: nodejs#24609 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ron Korving <ron@ronkorving.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
PR-URL: nodejs#24622 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Revise the "Accepting Modifications" section of the Collaborator Guide. PR-URL: nodejs#24650 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
PR-URL: nodejs#24441 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
PR-URL: nodejs#24632 Fixes: nodejs#24209 Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
PR-URL: nodejs#24584 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
PR-URL: nodejs#24621 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Masashi Hirano <shisama07@gmail.com>
convert to Arrow Function and test by `./tools/test.py tick-processor` PR-URL: nodejs#24615 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Masashi Hirano <shisama07@gmail.com>
In `test/parallel/test-child-process-env.js`, callbacks use anonymous closure functions. It is safe to replace them with arrow functions since these callbacks don't contain references to `this`, `super` or `arguments`. This results in shorter functions. PR-URL: nodejs#24482 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Rich Trott <rtrott@gmail.com>
Fixes: nodejs#24340 PR-URL: nodejs#24655 Refs: nodejs#24340 Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Shingo Inoue <leko.noor@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Weijia Wang <starkwang@126.com>
PR-URL: nodejs#24575 Refs: nodejs#24551 Refs: nodejs#12958 Refs: nodejs#12957 Refs: nodejs#8325 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
PR-URL: nodejs#24949 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This makes sure the file descriptor is closed syncronously on exit instead of using the asyncronous version which should not be used on exit. PR-URL: nodejs#24972 Refs: https://github.com/nodejs/node/pull/24965/files#r240770314 Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
If there is an error, but not the error code the test expects, display more information about the error. PR-URL: nodejs#25021 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com> Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Refs: nodejs#24921 PR-URL: nodejs#25031 Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Bradley Farias <bradley.meck@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
This simplifies the `format()` code and significantly improves the performance. PR-URL: nodejs#24981 Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Roman Reiss <me@silverwind.io>
Refs: nodejs#25028 PR-URL: nodejs#25032 Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
If a readable stream was set up with `highWaterMark 0`, the while-loop in `maybeReadMore_` function would never execute. The while loop now has an extra or-condition for the case where the stream is flowing and there are no items. The or-condition is adapted from the emit-condition of the `addChunk` function. The `addChunk` also contains a check for `state.sync`. However that part of the check was omitted here because the `maybeReadMore_` is executed using `process.nextTick`. `state.sync` is set and then unset within the `read()` function so it should never be in effect in `maybeReadMore_`. Fixes: nodejs#24915 PR-URL: nodejs#24918 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Remove the eslint-disable comments by using a strict comparison instead of a Boolean cast. PR-URL: nodejs#24995 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Remove an eslint-disable comment by using a strict comparison instead of a Boolean cast. PR-URL: nodejs#24995 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Trott
added
windows
Issues and PRs related to the Windows platform.
test
Issues and PRs related to the tests.
flaky-test
Issues and PRs related to the tests with unstable failures on the CI.
http2
Issues or PRs related to the http2 subsystem.
fast-track
PRs that do not need to wait for 48 hours to land.
labels
Dec 14, 2018
Whoops, this isn't affecting the master branch. |
landed in 2bedbdb |
Merged
This was referenced Dec 26, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
fast-track
PRs that do not need to wait for 48 hours to land.
flaky-test
Issues and PRs related to the tests with unstable failures on the CI.
http2
Issues or PRs related to the http2 subsystem.
test
Issues and PRs related to the tests.
windows
Issues and PRs related to the Windows platform.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Collaborators, 👍 here to fast-track.
Refs: #25043
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes