* http: allow multiple WebSocket RFC6455 headers (Einar Otto Stangvik)
* http: allow multiple WWW-Authenticate headers (Ben Noordhuis)
* windows: support unicode argv and environment variables (Bert Belder)
* tls: mitigate session renegotiation attacks (Ben Noordhuis)
* tcp, pipe: don't assert on uv_accept() errors (Ben Noordhuis)
* tls: Allow establishing secure connection on the existing socket (koichik)
* dgram: handle close of dgram socket before DNS lookup completes (Seth Fitzsimmons)
* windows: Support half-duplex pipes (Igor Zinkovsky)
* build: disable omit-frame-pointer on solaris systems (Dave Pacheco)
* debugger: fix --debug-brk (Ben Noordhuis)
* net: fix large file downloads failing (koichik)
* fs: fix ReadStream failure to read from existing fd (Christopher Jeffrey)
* net: destroy socket on DNS error (Stefan Rusu)
* dtrace: add missing translator (Dave Pacheco)
* unix: don't flush tty on switch to raw mode (Ben Noordhuis)
* windows: reset brightness when reverting to default text color (Bert Belder)
* npm: update to 1.1.1
- Update which, fstream, mkdirp, request, and rimraf
- Fix#2123 Set path properly for lifecycle scripts on windows
- Mark the root as seen, so we don't recurse into it. Fixes#1838. (Martin Cooper)
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.
To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
It's possible for a new connection to be closed in the window between the
accept() syscall and the call to uv_accept(). Deal with it and move on, don't
assert.
This reverts commit 11d1eca9f3.
It sporadically (but reproducibly) triggers an assert inside V8:
Fatal error in /path/to/node/deps/v8/src/isolate.cc, line 1857
CHECK(CurrentPerIsolateThreadData()->isolate_ == this) failed
Needs further investigation.
v8 requires a lock of each thread using the vm, but if none is
explicitly is created it will implicitly create one for you. This
creates issues when trying to build modules which use v8's
multi-threading features because there's no lock to unlock.
The base64 decoder would intermittently throw an out-of-bounds exception when
the buffer in `buf.write('', 'base64')` was a zero-sized buffer located at the
end of the slab.
Fixes#2657.
Honor the length argument in `buf.write(s, 0, buf.length, 'base64')`. Before
this commit, the length argument was ignored. The decoder would keep writing
until it hit the end of the buffer. Since most buffers in Node are slices of
a parent buffer (the slab), this bug would overwrite the content of adjacent
buffers.
The bug is trivially demonstrated with the following test case:
var assert = require('assert');
var a = Buffer(3);
var b = Buffer('xxx');
a.write('aaaaaaaa', 'base64');
assert.equal(b.toString(), 'xxx');
This commit coincidentally also fixes a bug where Buffer._charsWritten was not
updated for zero length buffers.
Also, if an error is already provided, then raise the provided
error, rather than throwing it with a less helpful 'stdout cannot
be closed' message.
This is important for properly handling EPIPEs.
* Add assert to prevent parallel writes
* Embed request object instead of using new/delete
* Remove unnecessary WorkReqWrap in favor of uv_work_t
* Use container_of instead of req->data
Along with 2d8af39acc and
0ad2717fd8, this should Fix#2504.
The process handle is uninitialized when uv_spawn() fails so don't export the
handle to JS land when that happens. Attempts to close the uninitialized handle
resulted in segmentation faults and memory corruption.
Fixes#2481.
Speeds up the benchmark below by about 680% (0.5s versus 3.4s on my Core 2 Duo).
var crypto = require('crypto');
var hash = crypto.createHash('sha1');
var data = new Buffer(1024);
for (var i = 0; i < 128 * 1024; ++i) hash.update(data);
Fixes#2494.
- Save StringPtr if the header hasn't been completely received yet after one
packet.
- Add one to num_fields and num_values. They were actually one less than the
number of fields and values.
- Remove always_inline makes debugging difficult, and has negligible
performance benefits.
SecureContext.setOptions() is backed by SSL_CTX_set_options() which, contrary to
what the name suggests, is additive: it doesn't set options, it adds them to the
already active options.
Hence the need for SecureContext.clearOptions(), which lets you unset active
options.
