V9.x #54228
Closed
V9.x #54228
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PR-URL: nodejs#19287 Refs: nodejs#17820 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
The last promise created by the test for the purposes of making sure that its type is indeed a promise needs to be resolved so as to avoid having it left in the pending state at the end of the test. PR-URL: nodejs#19245 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Fix the assertion argument order so that it will report "actual" and "expected" correctly when the test fails. Ref: nodejs#19263 PR-URL: nodejs#19264 Refs: nodejs#19263 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
This commit moves the printErr() function, used by the tick profiler processer, into the code string passed to vm.runInThisContext(). PR-URL: nodejs#19285 Fixes: nodejs#19260 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Added a N-API test to verify new.target behavior. PR-URL: nodejs#19236 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Migrate the script to the new common tmpDir API. PR-URL: nodejs#19293 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
For shared lib build, we leave the signal handling for embedding users. In these two test cases: - `parallel/test-process-external-stdio-close-spawn` - `parallel/test-process-external-stdio-close` The pipe is used for stdout and is destroied before child process uses it for logging. So the node executble that uses shared lib build receives SIGPIPE and the child process ends. This change ignores the SIGPIPE in node_main.cc for shared lib case. Refs: nodejs#18535 Signed-off-by: Yihong Wang <yh.wang@ibm.com> PR-URL: nodejs#19211 Refs: nodejs#18535 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
* Specify that personal pronouns are OK in colloquial documentation rather than just pronouns. Pronouns are OK in all documentation. (For example, "it" is a pronoun and is acceptable in all types of documentation.) Specify "personal pronouns" for clarity. * more colloquial -> colloquial * like -> such as * Remove "mass nouns" as no mass nouns are given as examples. Plural nouns seems to be what was meant, so use that instead. * Repeat "gender-neutral" to make it clear that it refers to both terms and not merely the first term it appears before. * Remove "non-comprehensive examples". Examples are, by definition, non-comprehensive. No need to announce that the examples are examples. It is obvious. PR-URL: nodejs#19269 Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: nodejs#19279 Refs: nodejs#19275 (comment) Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: James M Snell <jasnell@gmail.com>
Currently EmitBefore, EmitAfter, EmitPromiseResolve are very similar. This commit suggests extracting the code they have in common to a new function to reduce code duplication. PR-URL: nodejs#19295 Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: nodejs#19338 Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Yosuke Furukawa <yosuke.furukawa@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: James M Snell <jasnell@gmail.com>
`vcbuild help` just outputs help info and exits. If a user calls this command not from a project root, the directory change can be unexpected and unwanted. PR-URL: nodejs#19291 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: nodejs#19237 Reviewed-By: Weijia Wang <starkwang@126.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Because the `handshakeTimeout` is in milliseconds, use that unit of measurement to express the default value. PR-URL: nodejs#19290 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
test-cluster-send-handle-large-payload is susceptible to failure if it is competing for resources. Move to `sequential` directory so it is not competing with other tests. Fixes: nodejs#14844 PR-URL: nodejs#19311 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
* easily -> easy * was -> is * add a missing comma PR-URL: nodejs#19313 Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: nodejs#19315 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Added some simple tests to verify that the int64 API is correctly handling numbers greater than 32-bits. This is a basic test, but verifies that an implementer hasn't truncated back to 32-bits. Refs: nodejs/node-chakracore#496 PR-URL: nodejs#19309 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gabriel Schulhof <gabriel.schulhof@intel.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Currently PromiseHook extracts the PromiseWrap from a Local<Promise> in two places. This commit extracts that code into a function instead. PR-URL: nodejs#19340 Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: nodejs#19340 Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: nodejs#19342 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Khaidi Chu <i@2333.moe>
PR-URL: nodejs#19385 Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
The test is unreliable on some Windows platforms in its current form. Make it more robust by using `setInterval()` to repeat the flooding until an error is triggered. Fixes: nodejs#18251 PR-URL: nodejs#19349 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Add checks for a pending exception in napi_make_callback after the callback has been invoked. If there is a pending exception then we need to avoid checking the result as that will not be able to complete properly. Add additional checks to the unit test for napi_make_callback to catch this case. PR-URL: nodejs#19362 Fixes: nodejs/node-addon-api#235 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: nodejs#19035 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Khaidi Chu <i@2333.moe> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Remove "Examples:" labels that announce things that are clearly examples. PR-URL: nodejs#19270 Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Rename the tests appropriately alongside mentioning the subsystem. Also, make a few basic changes to make sure the tests conform to the standard test structure. - Rename test-regress-nodejsGH-9819 to test-crypto-tostring-segfault - Rename test-regress-nodejsGH-5051 to test-http-addrequest-localaddress - Rename test-regress-nodejsGH-5727 to test-net-listen-invalid-port - Rename test-regress-nodejsGH-5927 to test-tty-stdin-pipe - Rename test-regress-nodejsGH-6235 to test-v8-global-setter PR-URL: nodejs#19275 Refs: nodejs#19105 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Currently, there is an AsyncWrap constructor that is only used by PromiseWrap. This constructor has a body which is very similar to the other AsyncWrap constructor. This commit suggests updating the private constructor that is used by PromiseWrap and also have the second constructor delegate to this one to avoid the code duplication. PR-URL: nodejs#19366 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Minwoo Jung <minwoo@nodesource.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
PR-URL: nodejs#19390 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Most of the inlines were leftovers from a much older design iteration and are largely pointless or counter productive. PR-URL: nodejs#19400 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Do not close the request if callback is not a function, and throw ERR_INVALID_CALLBACK TypeError Backport-PR-URL: nodejs#19229 PR-URL: nodejs#19061 Fixes: nodejs#18855 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Shingo Inoue <leko.noor@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Notable changes:
* deps:
- Updated ICU to 61.1 (Steven R. Loomis)
[nodejs#19621](nodejs#19621)
Includes CLDR 33 (many new languages and data improvements).
* fs:
- Emit 'ready' event for `ReadStream` and `WriteStream` (Sameer
Srivastava) [nodejs#19408](nodejs#19408)
* n-api:
- Bump version of n-api supported (Michael Dawson)
[nodejs#19497](nodejs#19497)
* net:
- Emit 'ready' event for `Socket` (Sameer Srivastava)
[nodejs#19408](nodejs#19408)
* Added new collaborators
- [mafintosh](https://github.com/mafintosh) Mathias Buus
PR-URL: nodejs#19799
Notable changes: An infrastructure issue caused a non-functioning msi installer for x64 to be promoted. The patch release is to ensure that all binaries and installers work as expected.
PR-URL: nodejs#19818
Previously, zero-length Buffers and TypedArrays passed as fillers hanged Buffer#fill and Buffer.from. This changes those cases when it hanged to a zero-fill instead, which should be backwards compatible. This fixes CVE-2018-7167. PR-URL: https://github.com/nodejs-private/node-private/pull/120 Fixes: https://github.com/nodejs-private/security/issues/193 Refs: https://github.com/nodejs-private/node-private/pull/118 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Note that buffer.fill() can zero-fill on some input types if no valid fill data remains, but does nothing on other input types. PR-URL: https://github.com/nodejs-private/node-private/pull/120 Fixes: https://github.com/nodejs-private/security/issues/193 Refs: https://github.com/nodejs-private/node-private/pull/118 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This fixes CVE-2018-7161. PR-URL: https://github.com/nodejs-private/node-private/pull/122 Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This fixes CVE-2018-1000168. PR-URL: https://github.com/nodejs-private/node-private/pull/124 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com>
PR-URL: https://github.com/nodejs-private/node-private/pull/124 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com>
This would otherwise keep a lot of unused memory lying around, and in particular add up to a page per chunk of memory overhead for network reads, potentially opening a DoS vector if the resulting `Buffer` objects are kept around indefinitely (e.g. stored in a list and not concatenated until the socket finishes). This fixes CVE-2018-7164. Refs: https://github.com/nodejs-private/security/issues/186 Refs: nodejs@7c4b09b PR-URL: https://github.com/nodejs-private/node-private/pull/129 Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Evan Lucas <evanlucas@me.com>
Fix an use-after-free bug in the TLS implementation. If we return from `DoWrite()` with an early error, we should not be storing the `WriteWrap` object and complete it again at a later point, when it has already been freed (because of the write error). This issue was reported by Jordan Zebor at F5 Networks, who also helped with investigating this bug and coming up with a reproduction. This fixes CVE-2018-7162. Fixes: https://github.com/nodejs-private/security/issues/189 PR-URL: https://github.com/nodejs-private/node-private/pull/130 Reviewed-By: Evan Lucas <evanlucas@me.com>
Add a mock TLS socket implementation and a regression test for the previous commit. Refs: https://github.com/nodejs-private/security/issues/189 PR-URL: https://github.com/nodejs-private/node-private/pull/130 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Evan Lucas <evanlucas@me.com>
Notable changes: * **Fixes memory exhaustion DoS** (CVE-2018-7164): Fixes a bug introduced in 9.7.0 that increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. * **buffer** (CVE-2018-7167): Fixes Denial of Service vulnerability where calling Buffer.fill() could hang * **http2** * (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup * (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading nghttp2 to 1.32.0 * **tls** (CVE-2018-7162): Fixes Denial of Service vulnerability by updating the TLS implementation to not crash upon receiving PR-URL: https://github.com/nodejs-private/node-private/pull/135
|
Review requested:
|
nodejs-github-bot
added
build
avivkeller
added
invalid
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
70 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
.