Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 1.8.4 (wrong branch target) #2145

Closed
wants to merge 47 commits into from

Conversation

Fishrock123
Copy link
Contributor

indutny and others added 30 commits April 30, 2015 11:07
Do not keep SSL structure in memory once socket is closed. This should
lower the memory usage in many cases.

Fix: nodejs#1522
PR-URL: nodejs#1529
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Ensure that GC kicks in at the right times and the RSS does not blow up.

Fix: nodejs#1522
PR-URL: nodejs#1529
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
When connecting to server with `keepAlive` turned off - make sure that
the read/write buffers won't be kept in a single use SSL_CTX instance
after the socket will be destroyed.

Fix: nodejs#1522
PR-URL: nodejs#1529
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Destroy singleUse context right after it is going out of use.

Fix: nodejs#1522
PR-URL: nodejs#1529
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
PR-URL: nodejs#1583
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Every npm version bump requires a few patches to be floated on
node-gyp for io.js compatibility. These patches are found in
03d1992,
5de334c, and
da730c7. This commit squashes
them into a single commit.

PR-URL: nodejs#990
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
On Windows, when node or io.js attempts to dynamically load a compiled
addon, the compiled addon tries to load node.exe or iojs.exe again -
depending on which import library the module used when it was linked.
This causes many compiled addons to break when node.exe or iojs.exe are
renamed, because when the binary has been renamed the addon DLL can't
find the (right) .exe file to load its imports from.

This patch gives compiled addon developers an option to overcome this
restriction by compiling a delay-load hook into their binary. The
delay-load hook ensures that whenever a module tries to load imports
from node.exe/iojs.exe, it'll just look at the process image, thereby
making the addon work regardless of what name the node/iojs binary has.

To enable this feature, the addon developer must set the
'win_delay_load_hook' option to 'true' in their binding.gyp file, like
this:

```
{
  'targets': [
    {
      'target_name': 'ernie',
      'win_delay_load_hook': 'true',
      ...
```

Bug: nodejs#751
Bug: nodejs#965
Upstream PR: nodejs/node-gyp#599

PR-URL: nodejs#1251
Reviewed-By: Rod Vagg <rod@vagg.org>

PR-URL: nodejs#1266
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
tls.connect(options) with no options.host should accept a certificate
with CN: 'localhost'. Fix Error: Hostname/IP doesn't match
certificate's altnames: "Host: undefined. is not cert's CN: localhost"

'localhost' is not added directly to defaults because that is not
always desired (for example, when using options.socket)

PR-URL: nodejs#1493
PORT-PR-URL: nodejs#1560
PORT-FROM: v2.x / a7d7463
Fixes: nodejs#1489
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
PR-URL: nodejs#1530
PORT-PR-URL: nodejs#1560
PORT-FROM: v2.x / 5472139
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
parallel tests still not working on most build slaves

PR-URL: nodejs#1544
PORT-PR-URL: nodejs#1560
PORT-FROM: v2.x / 2a3c8c1
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Some modules are monkey-patching Buffer.isEncoding, so without this
they cannot do that.

Fixes: nodejs#1547
PR-URL: nodejs#1548
PORT-PR-URL: nodejs#1560
PORT-FROM: v2.x / 0fa6c4a
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: nodejs#1553
PORT-PR-URL: nodejs#1560
PORT-FROM: v2.x / f9c681c
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Based on tests running on original Raspberry Pi

PR-URL: nodejs#1554
PORT-PR-URL: nodejs#1560
PORT-FROM: v2.x / f9b226c
Reviewed-By: Roman Reiss <me@silverwind.io>
Maintenance release

Notable Changes:

* crypto: significantly reduced memory usage for TLS (Fedor Indutny &
  Сковорода Никита Андреевич) nodejs#1529
* npm: Upgrade npm to 2.9.0. See the v2.8.4 and v2.9.0 release notes for
  details.
This fixes building compiled addons with Visual Studio 2010.

PR-URL: nodejs/node-gyp#616
Reviewed-By: Bert Belder <bertbelder@gmail.com>
This just replaces all sources of openssl-1.0.2b.tar.gz
into deps/openssl/openssl

Fixes: nodejs#1921
PR-URL: nodejs#1950
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h

Fixes: nodejs#1921
PR-URL: nodejs#1950
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
asm files are generated as
  - In `deps/openssl/asm/`, make with CC=gcc and ASM=nasm
  - In `deps/openssl/asm_obsolute/`, make with no envs for compilers

Fixes: nodejs#1921
PR-URL: nodejs#1950
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
DHE key lengths less than 1024bits is already weaken as pointed out in
https://weakdh.org/ . 1024bits will not be safe in near future. We
will extend this up to 2048bits somedays later.

PR-URL: nodejs#1739
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
This just replaces all sources of openssl-1.0.2c.tar.gz
into deps/openssl/openssl

PR-URL: nodejs#1958
Reviewed-By: Fedor Indutny <fedor@indutny.com>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h

PR-URL: nodejs#1958
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Shigeki Ohtsu and others added 17 commits June 13, 2015 02:36
PR-URL: nodejs#1958
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Since we aleady have a variable with path to the newly built
binary, use that instead of prefixing path. This also allows us
to pass a different path through the environment (NODE=)

PR-URL: nodejs#1955
PORT-PR-URL: nodejs#2101
PORT-FROM: 1ec53c0
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
Since we will run linting before compiling or testing there's no
need to run it as part of the ci testing.

PR-URL: nodejs#1965
PORT-PR-URL: nodejs#2101
PORT-FROM: 8d8a26e
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Revewied-By: Evan Lucas <evanlucas@me.com>
PR-URL: nodejs#2004
PORT-PR-URL: nodejs#2101
PORT-FROM: c5353d7
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
vcbuild.bat calls python configure before setting GYP_MSVS_VERSION,
so SelectVisualStudioVersion (tools\gyp\pylib\gyp\MSVSVersion.py)
defaults to 'auto' and selects VS 2005.

vcbuild sets the environment in the current shell, so this issue
would manifest itself only on the first invocation of the script
in any given shell windows.

Reviewed-By: Julien Gilli <jgilli@fastmail.fm>
PORT-PR-URL: nodejs#2101
PORT-FROM: c0c0d73
PR-URL: nodejs/node-v0.x-archive#20109
PR-URL: nodejs#2036
PORT-PR-URL: nodejs#2101
PORT-FROM: 4208dc4
Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
PR-URL: nodejs#2036
PORT-PR-URL: nodejs#2101
PORT-FROM: c87c34c
Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
PR-URL: nodejs#1938
PORT-PR-URL: nodejs#2101
PORT-FROM: dcbb9e1
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Alexis Campailla <alexis@janeasystems.com>
On upgrading openssl, all symlinks in pulic header files are replaced
with nested include files. The issue was raised that installing them
leads to lost its references to real header files.
To avoid this, all public header files are copied into the
`deps/openssl/openssl/include/openssl/` directory.
As a result, we have duplicated header files under
`deps/openssl/openssl/` but copied files are refereed in build as
specified to include path in openssl.gyp.

Fixes: nodejs#1975
PR-URL: nodejs#2016
PORT-PR-URL: nodejs#2101
PORT-FROM: 1f371e3
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
to replace the full src download by node-gyp, using the proper format
instead of the full source format

PR-URL: nodejs#1975
PORT-PR-URL: nodejs#2101
PORT-FROM: 628a3ab
Reviewed-By: William Blankenship <william.jblankenship@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Originally reported by: Kris Reeves <kris.re@bbhmedia.com>

This is a back-port of commit 030f804 from the master branch.

Reviewed-By: Rod Vagg <rod@vagg.org>
Maintenance release

Notable Changes:

* v8: Fixed an out-of-band write in utf8 decoder. This is an important
  security update as it can be used to cause a denial of service
  attack.
* openssl: - Upgrade to 1.0.2b and 1.0.2c, introduces DHE
  man-in-the-middle protection (Logjam) and fixes malformed
  ECParameters causing infinite loop (CVE-2015-1788). See the
  security advisory for full details. (Shigeki Ohtsu) nodejs#1950 nodejs#1958
* build:
  - Added support for compiling with Microsoft Visual C++ 2015
  - Started building and distributing headers-only tarballs along with
    binaries
This just replaces all sources of openssl-1.0.2d.tar.gz
into deps/openssl/openssl

deps: copy all openssl header files to include dir

All symlink files in `deps/openssl/openssl/include/openssl/`
 are removed and replaced with real header files to avoid
issues on Windows.

deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

openssl: fix keypress requirement in apps on win32

Reapply b910613 .

Fixes: nodejs#589
PR-URL: nodejs#1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

deps: add -no_rand_screen to openssl s_client

In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: nodejs#1461
PR-URL: nodejs#1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

PR-URL: nodejs#2141
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
They should be updated according to the fix at
openssl/openssl@b4f0d1a

PR-URL: nodejs#2141
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Notable changes

* openssl: Upgrade to 1.0.2d, fixes CVE-2015-1793 (Alternate Chains
Certificate Forgery).
@Fishrock123 Fishrock123 added the meta Issues and PRs related to the general management of the project. label Jul 9, 2015
@Fishrock123
Copy link
Contributor Author

Oops, this is targeting the wrong branch. Brb

Correct PR: #2146

@Fishrock123 Fishrock123 closed this Jul 9, 2015
@Fishrock123 Fishrock123 changed the title Release 1.8.4 Release 1.8.4 (wrong branch target) Jul 9, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.