Release proposal: 2.3.0

[Fishrock123]

I think it would be prudent to have a 2.3.0 release before 3.0.0, as we've accumulated quite a few commits.

79bb5e1...91d0a8b
(changelog-maker broke with the rename of things..?)
(there's some semver-minor stuff in there.)

cc @rvagg

[thefourtheye]

Can #1870 and #1892 make it in 2.3.0, if they land in near future?

[jbergstroem]

I'd like to get #1934 fixed since it's colouring our jenkins bots red which may distract attention from other bugs.

[rvagg]

• [9c0a1b8cfc] - cluster: wait on servers closing before disconnect (Oleg Elifantiev) #1400
• [0f68377f69] - crypto: support FIPS mode of OpenSSL (Fedor Indutny) #1890
• [38d1afc24d] - (SEMVER-MINOR) crypto: add getCurves() to get supported ECs (Brian White) #1914
• [a4dbf45b59] - crypto: update root certificates (Ben Noordhuis) #1833
• [81029c639a] - debugger: improve ESRCH error message (Jackson Tian) #1863
• [2dc819b09a] - deps: make node-gyp work with io.js (cjihrig) iojs/io.js#990
• [f41b7f12b5] - deps: upgrade to npm 2.11.1 (Kat Marchán) #1899
• [a5bd466440] - deps: update libuv to version 1.6.1 (Saúl Ibarra Corretgé) #1905
• [aa33db3238] - deps: update libuv to version 1.6.0 (Saúl Ibarra Corretgé) #1889
• [0ee497f0b4] - deps: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) #1836
• [b5cd2f0986] - dgram: partially revert 18d457b (Saúl Ibarra Corretgé) #1889
• [cf5020fc02] - doc: add domenic as collaborator (Domenic Denicola) #1942
• [11ed5f31ab] - doc: add Olegas as collaborator (Oleg Elifantiev) #1930
• [f500e1833b] - doc: add ofrobots as collaborator (Ali Ijaz Sheikh)
• [717724611a] - doc: add monsanto as collaborator (Christopher Monsanto) #1932
• [7192b6688c] - doc: add rlidwka as collaborator (Alex Kocharin) #1929
• [9f3a03f0d4] - doc: add references to crypto.getCurves() (Roman Reiss) #1918
• [ff39ecb914] - doc: remove comma splice (Rich Trott) #1900
• [deb8b87dc9] - doc: add note about available ECC curves (Ryan Petschek) #1913
• [89a5b9040e] - doc: fix http.IncomingMessage.socket documentation (Сковорода Никита Андреевич) #1867
• [d29034b34b] - doc: adjust changelog to clarify client revert (Rod Vagg) #1859
• [a79dece8ad] - docs: add return value for sync fs functions (Tyler Anton) #1770
• [1cb72c14c4] - docs: delete unused/duplicate css files (Robert Kowalski) #1770
• [53a4eb3198] - fs: make SyncWriteStream non-enumerable (Sakthipriyan Vairamani) #1870
• [a011c3243f] - fs: minor refactoring (Sakthipriyan Vairamani) #1870
• [8841132f30] - fs: remove inStatWatchers and use Map for lookup (Sakthipriyan Vairamani) #1870
• [67a11b9bcc] - fs: removing unnecessary nullCheckCallNT (Sakthipriyan Vairamani) #1870
• [09f2a67bd8] - fs: improve error message descriptions (Sakthipriyan Vairamani) #1870
• [2dcef83b5f] - fs: use kMaxLength from binding (Vladimir Kurchatkin) #1903
• [353e26e3c7] - (SEMVER-MINOR) fs: Add string encoding option for Stream method (Yosuke Furukawa) #1845
• [8357c5084b] - fs: set encoding on fs.createWriteStream (Yosuke Furukawa) #1844
• [02c345020a] - gitignore: don't ignore the debug npm module (Kat Marchán) #1908
• [6e78e5feaa] - (SEMVER-MINOR) os: add homedir() (cjihrig) #1791
• [4b3d493c4b] - (SEMVER-MINOR) readline: allow tabs in input (Rich Trott) #1761
• [6d95f4ff92] - (SEMVER-MINOR) smalloc: deprecate whole module (Vladimir Kurchatkin) #1822
• [8c71a9241d] - src: hide InitializeICUDirectory symbol (Ben Noordhuis) #1815
• [5b6f575c1f] - _Revert_ "src: add getopt option parser" (Evan Lucas) #1862
• [c0e7bf2d8c] - src: add getopt option parser (Evan Lucas) #1804
• [d9ddd7d345] - test: remove TODO comment (Rich Trott) #1820
• [6537fd4b55] - test: remove TODO (Rich Trott) #1875
• [a804026c9b] - test: fix broken FreeBSD test (Santiago Gimeno) #1881
• [43a82f8a71] - test: fix test-sync-io-option (Evan Lucas) #1840
• [4ed25f664d] - test: add -no_rand_screen for tls-server-verify (Shigeki Ohtsu) #1836
• [4cf323d23d] - test: kill child in tls-server-verify for speed up (Shigeki Ohtsu) #1836
• [e6ccdcc1fe] - test: improve console output of tls-server-verify (João Reis) #1836
• [975e5956f0] - test: run tls-server-verify servers in parallel (João Reis) #1836
• [b18604ba2c] - test: running tls-server-verify clients in parallel (João Reis) #1836
• [f78c722df5] - test: remove hardwired references to 'iojs' (Rod Vagg) #1882
• [bd99e8de8e] - test: more test coverage for maxConnections (Rich Trott) #1855
• [b9267189a5] - test: fix test-child-process-stdout-flush-exit (Santiago Gimeno) #1868
• [d20f018dcf] - test: loosen condition to detect infinite loop (Yosuke Furukawa) #1857
• [e0e96acc6f] - test: remove smalloc add-on test (Ben Noordhuis) #1835
• [8704c58fc4] - test: remove unneeded comment task (Rich Trott) #1858
• [75930bb38c] - tls: prevent use-after-free (Fedor Indutny) #1702
• [5795e835a1] - tls: emit errors on close whilst async action (Fedor Indutny) #1702
• [59d9734e21] - tls_wrap: invoke queued callbacks in DestroySSL (Fedor Indutny) #1702
• [098354a9f8] - tools: update certdata.txt (Ben Noordhuis) #1833
• [a2d921d6a0] - tools: customize mk-ca-bundle.pl (Ben Noordhuis) #1833
• [5be9efca40] - tools: update mk-ca-bundle.pl to HEAD of upstream (Ben Noordhuis) #1833
• [1baba0580d] - tools: Fix copying contents of deps/npm (thefourtheye) #1853
• [628845b816] - (SEMVER-MINOR) util: introduce printDeprecationMessage function (Vladimir Kurchatkin) #1822
• [91d0a8b19c] - (SEMVER-MAJOR) win,node-gyp: enable delay-load hook by default (Bert Belder) iojs/io.js#1433

Sorry @Fishrock123 I think I neglected to npm publish an update for it. Give it another go. Thanks for pushing through this release, we're overdue.

[ChALkeR]

@rvagg

[91d0a8b] - (SEMVER-MAJOR) win,node-gyp: enable delay-load hook by default (Bert Belder) #1433

Is this correct?

Release proposal: 2.3.0

Edit: Ah, that's in 2.x and already was in 2.0.

[rvagg]

yeah, for the last release (at least, perhaps more?) I removed the SEMVER-MAJOR from that so as not to confuse, it's a floating patch now.

[Fishrock123]

Oops, accidentally deleted that from my phone.

The semver-major is a false positive.

@rvagg were you also traveling? I'd like to get this out on like Friday if possible, but I'll be at nodeconf so maybe we should wait until Monday?

[Trott]

At the risk of being alarmist over something trivial, might #1761 be semver-major?

(Meta-question: Should I actually be talking about this in #1761 or here? Or is that dealer's choice?)

It changes swallowing tabs in readline if there's no tab-completion functionality enabled behavior to tabs are now permitted in the user input if there's no tab-completion functionality enabled.

The old behavior wasn't documented (as far as I know), but it does seem like it was a choice and by design.

And it seems at least conceivable that it is relied upon by some people in a way that will break things for them. (And they may see the existing behavior as a feature and not a bug.) Something like "My code took the user input and stripped out all the space characters but now it comes in with tabs and so there's whitespace and when I pass the string to my database call it blows up." Granted, that's a scenario where someone is Doing It Wrong, but a breaking change is a breaking change.

[Fishrock123]

If it is deemed semver-major I suggest reverting and relanding on next.

On Jun 11, 2015, at 7:41 AM, Rich Trott notifications@github.com wrote:

At the risk of being alarmist over something trivial, might #1761 be semver-major?

(Meta-question: Should I actually be talking about this in #1761 or here? Or is that dealer's choice?)

It changes swallowing tabs in readline if there's no tab-completion functionality enabled behavior to tabs are now permitted in the user input if there's no tab-completion functionality enabled.

The old behavior wasn't documented (as far as I know), but it does seem like it was a choice and by design.

And it seems conceivable that it is relied upon by some people in a way that will break things for them. Something like "My code took the user input and stripped out all the space characters but now it comes in with tabs and so there's whitespace and when I pass the string to my database call it blows up." Granted, that's a scenario where someone is Doing It Wrong, but a breaking change is a breaking change.

—
Reply to this email directly or view it on GitHub.

[Trott]

Heh. Hope I'm wrong then.

On Thu, Jun 11, 2015 at 8:17 AM Jeremiah Senkpiel notifications@github.com
wrote:

If it is deemed semver-major I suggest reverting and relapsing on next.

On Jun 11, 2015, at 7:41 AM, Rich Trott notifications@github.com
wrote:

At the risk of being alarmist over something trivial, might #1761 be
semver-major?

(Meta-question: Should I actually be talking about this in #1761 or
here? Or is that dealer's choice?)

It changes swallowing tabs in readline if there's no tab-completion
functionality enabled behavior to tabs are now permitted in the user input
if there's no tab-completion functionality enabled.

The old behavior wasn't documented (as far as I know), but it does seem
like it was a choice and by design.

And it seems conceivable that it is relied upon by some people in a way
that will break things for them. Something like "My code took the user
input and stripped out all the space characters but now it comes in with
tabs and so there's whitespace and when I pass the string to my database
call it blows up." Granted, that's a scenario where someone is Doing It
Wrong, but a breaking change is a breaking change.

—
Reply to this email directly or view it on GitHub.

—
Reply to this email directly or view it on GitHub
#1939 (comment).

[brendanashworth]

AFAIK tabs were the only character not accepted by readline, which was caused by an incorrectly implemented feature that made all tabs disappear, regardless of whether or not the feature was on. It was marked as BUG in the code - but swallowing tabs isn't really something someone should rely on, or would imho. It definitely wasn't intentional.

[rvagg]

@Fishrock123 thanks for the heads-up, I think it's important enough to get this out ASAP so I'll ship it this time tomorrow.

Question about semver-major moved to #1761, if a leaning towards semver-major arises then we'll move it to next and revert off master for this release.

[shigeki]

The bug fix version but not security fix of openssl-1.0.2c will be released soon.
https://mta.openssl.org/pipermail/openssl-announce/2015-June/000033.html
We'd better wait it for a moment.

[shigeki]

#1958 is opened for upgrading to openssl-1.0.2c

[shigeki]

Upgrading to 1.0.2c was finished. Please go ahead to release.

[Fishrock123]

CI: https://jenkins-iojs.nodesource.com/view/iojs/job/iojs+any-pr+multi/823/

[Fishrock123]

test-cluster-worker-wait-server-close.js appears to fail on master as of recently.. No error log in TAP.

[Fishrock123]

#1961 should land beforehand. The readline: allow tabs in input is better done in a major.

EDIT: landed!

[rvagg]

test-cluster-worker-wait-server-close.js is failing because of a timeout - note how it's at 60s for each failure, we can't release without this one resolved because it's across so many build slaves, so I'm investigating but other help would be appreciated too if anyone else has time.

[rvagg]

ah, looks like it landed @ #1953, thanks @sam-github

https://jenkins-iojs.nodesource.com/job/iojs+any-pr+multi/825/ running again to see whazzup

[trevnorris]

My alternative test shows that it was timing out because the master client couldn't connect to the worker server. Id it's run directly on the same box it should pass. Something to do with setting the LOCALHOST environment variable. @jbergstroem was helping me test this out and has a gist with more information.

[jbergstroem]

@trevnorris LOCALHOST is not really relevant -- It's used to verify ipv4 testing in FreeBSD jails where routing 127.0.0.1 will give you the jail ip, making tests like localhost == 127.0.0.1 fail.

@rvagg looks green to me! (I also verified this being fixed by #1953 but took at bit longer to land since the merge to iojs/master was slightly delayed)

[rvagg]

working on release notes, this is a big deal cause of so many commits ..

[rvagg]

How does this look, anyone?

2015-06-13, Version 2.3.0, @rvagg

Notable changes

• libuv: Upgraded to 1.6.0 and 1.6.1, see full ChangeLog for details. (Saúl Ibarra Corretgé) #1905 #1889. Highlights include:
  • Fix TTY becoming blocked on OS X
  • Fix UDP send callbacks to not to be synchronous
  • Add uv_os_homedir() (exposed as os.homedir(), see below)
• npm: See full release notes for details. (Kat Marchán) #1899. Highlight:
  • Use GIT_SSH_COMMAND (available as of Git 2.3)
• openssl:
  • Upgrade to 1.0.2b and 1.0.2c, introduces DHE man-in-the-middle protection (Logjam) and fixes malformed ECParameters causing infinite loop (CVE-2015-1788). See the security advisory for full details. (Shigeki Ohtsu) #1950 #1958
  • Support FIPS mode of OpenSSL, see README for instructions. (Fedor Indutny) #1890
• os: Add os.homedir() method. (Colin Ihrig) #1791
• smalloc: Deprecate whole module. (Vladimir Kurchatkin) #1822
• Add new collaborators:
  • Alex Kocharin (@rlidwka)
  • Christopher Monsanto (@monsanto)
  • Ali Ijaz Sheikh (@ofrobots)
  • Oleg Elifantiev (@Olegas)
  • Domenic Denicola (@domenic)
  • Rich Trott (@Trott)

[rvagg]

ping @saghul, @zkat, @shigeki, @indutny, @cjihrig, @vkurchatkin for review before I push the release button ^

[jbergstroem]

@rvagg perhaps also mention that uv_os_homedir is exposed in iojs as os.homedir().

Edit: Scheduling a new appointment at the eye doctor.

[cjihrig]

I'm not commenting on the OpenSSL bit, but the rest of it LGTM.

[rvagg]

tagged & building @ https://jenkins-iojs.nodesource.com/job/iojs+release/73/

amendments to the changelog can be done via PR if anyone has any, sorry for the short time on call for review!

[shigeki]

LGTM

[rvagg]

running smoke test and seeing some failures on coffeescript, grunt and request but I don't think they are related to this release .. quickly investigating

[alexlamsl]

Just downloaded the MSI (x64, Windows Server 2012 R2) and perform an install over 2.2.1.

npm package manager now changed to Feature will be installed when required - is that intentional?

[rvagg]

nope, not intentional, nothing has changed with msi building for a long time, can you screenshot that for us?

[alexlamsl]

[alexlamsl]

Completely uninstalling and deleting io.js files from the system works around this issue, i.e. on fresh attempt all components are marked to be installed.

[saghul]

The libuv part LGTM.
On Jun 13, 2015 5:44 AM, "Rod Vagg" notifications@github.com wrote:

ping @saghul https://github.com/saghul, @zkat https://github.com/zkat,
@shigeki https://github.com/shigeki, @indutny
https://github.com/indutny, @cjihrig https://github.com/cjihrig,
@vkurchatkin https://github.com/vkurchatkin for review before I push
the release button ^

—
Reply to this email directly or view it on GitHub
#1939 (comment).

[silverwind]

All binaries including armv6 are up, so this release is done.