Upgrade to openssl-1.0.2a (Part2: final) #1389
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Grammar (@bnoordhuis please double check me): |
|
So now you are generating asm files during the GYP build? |
|
LGTM, @bnoordhuis PTAL too. |
"In certain situations" is a little vague. I would write it as e.g.:
|
|
Left some comments but overall nice work, Shigeki! |
|
Oh, looks like I forgot to say it... Thank you! |
|
By the way, I like how you made sure that the assembly files work with older toolchains but I think it's not unreasonable to bump the prerequisites if we have to jump through hoops every time to keep them working. |
74f6663 to
a82def5
Compare
|
Thanks for all reviewing my big patches. All fixes are made and Ci looks fine in https://jenkins-iojs.nodesource.com/job/iojs+any-pr+multi/488/ If the updated commits have no problems, I will merge them after releasing v1.6.5. I will also summarize my benchmark results for updating 1.0.2a. After that, rootCA updates and RC4 removal with 1024-bit RSA deprecation will be submitted. |
@bnoordhuis Actually the current support for older toolchains are made to work in the CI of Ubuntu10/12 which have older binutils. And I found that clang in FreeBSD does not have a version banner of llvm so that assembler check was failed in to use obsoleted asm files. We can check them as long as the current CI cluster are used. I think we have to more clarify the build requirements of iojs with not only compiler versions but also assembler together with OS and CPU in order to deprecate asm_obsolete supports. |
|
LGTM |
a82def5 to
b27a99a
Compare
|
b27a99a to
763b093
Compare
Happy to discuss this if it's seen as necessary, we could spin up VMs to run 32-bit tests. We're only shipping 64-bit binaries for OSX at the moment, not even universal binaries, and nobody has complained. |
|
32-bit Mac is not necessary if it is out of our release distributions. |
|
ah, yes, 64-bit only but we release as 32-bit, I guess we need to figure out how to best shoe-horn 32-bit in there somewhere /cc @iojs/build |
|
Let's land it? |
|
wait until post 1.7.0 before landing, today if all's good |
This just replaces all sources in deps/openssl/openssl to originals in https://www.openssl.org/source/openssl-1.0.2a.tar.gz
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 .
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32.
This a backport of da084a5ec6cebd67ae27f2463ebe4a50bb840fa5 in https://github.com/openssl/openssl by Matt Caswell <matt@openssl.org> as In certain situations the server provided certificate chain may no longer be valid. However the issuer of the leaf, or some intermediate cert is in fact in the trust store. When building a trust chain if the first attempt fails, then try to see if alternate chains could be constructed that are trusted. deps: backport openssl patch of alt cert chains 2 This a backport of 15dba5be6a4482a9ad7e5b846291f31e97e338ca in https://github.com/openssl/openssl by Matt Caswell <matt@openssl.org> as Add flag to inhibit checking for alternate certificate chains. Setting this behaviour will force behaviour as per previous versions of OpenSSL
Change all openssl/include/openssl/*.h to include resolved symbolic links and openssl/crypto/opensslconf.h to refer config/opensslconf.h
rvagg
pushed a commit
that referenced
this pull request
Nov 24, 2018
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: #589 PR-URL: #1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
shigeki
pushed a commit
to shigeki/node
that referenced
this pull request
Feb 26, 2019
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
shigeki
pushed a commit
to shigeki/node
that referenced
this pull request
Feb 26, 2019
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
shigeki
pushed a commit
to shigeki/node
that referenced
this pull request
Feb 26, 2019
Reapply b910613 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
sam-github
pushed a commit
to sam-github/node
that referenced
this pull request
Sep 5, 2019
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
sam-github
pushed a commit
to sam-github/node
that referenced
this pull request
Sep 5, 2019
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
sam-github
pushed a commit
to sam-github/node
that referenced
this pull request
Sep 5, 2019
Reapply b910613 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
BethGriggs
pushed a commit
that referenced
this pull request
Sep 19, 2019
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: #589 Backport-PR-URL: #28230 PR-URL: #1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
BethGriggs
pushed a commit
that referenced
this pull request
Sep 19, 2019
Merged
abhishekumar-tyagi
pushed a commit
to abhishekumar-tyagi/node
that referenced
this pull request
May 5, 2024
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
abhishekumar-tyagi
pushed a commit
to abhishekumar-tyagi/node
that referenced
this pull request
May 5, 2024
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
abhishekumar-tyagi
pushed a commit
to abhishekumar-tyagi/node
that referenced
this pull request
May 5, 2024
Reapply b910613 . Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
abhishekumar-tyagi
pushed a commit
to abhishekumar-tyagi/node
that referenced
this pull request
May 5, 2024
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
abhishekumar-tyagi
pushed a commit
to abhishekumar-tyagi/node
that referenced
this pull request
May 5, 2024
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
abhishekumar-tyagi
pushed a commit
to abhishekumar-tyagi/node
that referenced
this pull request
May 5, 2024
Reapply b910613 . Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Pranay180420
pushed a commit
to Pranay180420/Node.jsforme
that referenced
this pull request
Feb 17, 2025
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Backport-PR-URL: nodejs/node#19638 Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Pranay180420
pushed a commit
to Pranay180420/Node.jsforme
that referenced
this pull request
Feb 17, 2025
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Backport-PR-URL: nodejs/node#19638 Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Pranay180420
pushed a commit
to Pranay180420/Node.jsforme
that referenced
this pull request
Feb 17, 2025
Reapply b910613 . Backport-PR-URL: nodejs/node#19638 Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
pulumi-renovate bot
added a commit
to pulumi/examples
that referenced
this pull request
Feb 17, 2025
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [node](https://redirect.github.com/nodejs/node) | final | minor | `8.9.3-alpine` -> `8.17.0-alpine` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v8.17.0`](https://redirect.github.com/nodejs/node/releases/tag/v8.17.0): 2019-12-17, Version 8.17.0 'Carbon' (LTS), @​MylesBorins [Compare Source](https://redirect.github.com/nodejs/node/compare/v8.16.2...v8.17.0) This is a security release. For more details about the vulnerability please consult the npm blog: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli ##### Notable changes - **deps**: update npm to 6.13.4 [#​30904](https://redirect.github.com/nodejs/node/pull/30904) ##### Commits - \[[`208b813e49`](https://redirect.github.com/nodejs/node/commit/208b813e49)] - **build,win**: add test-ci-native and test-ci-js (João Reis) [#​30724](https://redirect.github.com/nodejs/node/pull/30724) - \[[`369a23a670`](https://redirect.github.com/nodejs/node/commit/369a23a670)] - **deps**: update npm to 6.13.4 (Audrey Eschright) [#​30904](https://redirect.github.com/nodejs/node/pull/30904) ### [`v8.16.2`](https://redirect.github.com/nodejs/node/releases/tag/v8.16.2): 2019-10-09, Version 8.16.2 'Carbon' (LTS), @​BethGriggs [Compare Source](https://redirect.github.com/nodejs/node/compare/v8.16.1...v8.16.2) Node.js 8 is due to go End-of-Life on 31st December 2019. ##### Notable changes - **deps**: upgrade openssl sources to 1.0.2s (Sam Roberts) [#​28230](https://redirect.github.com/nodejs/node/pull/28230) ##### Commits - \[[`cc9d005628`](https://redirect.github.com/nodejs/node/commit/cc9d005628)] - **crypto**: update root certificates (Sam Roberts) [#​28808](https://redirect.github.com/nodejs/node/pull/28808) - \[[`347fcd35e3`](https://redirect.github.com/nodejs/node/commit/347fcd35e3)] - **crypto**: update root certificates (Sam Roberts) [#​27374](https://redirect.github.com/nodejs/node/pull/27374) - \[[`b2a6b3254d`](https://redirect.github.com/nodejs/node/commit/b2a6b3254d)] - **crypto**: update root certificates (Sam Roberts) [#​25113](https://redirect.github.com/nodejs/node/pull/25113) - \[[`5682e50325`](https://redirect.github.com/nodejs/node/commit/5682e50325)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/io.js#1836](https://redirect.github.com/nodejs/io.js/pull/1836) - \[[`9663ae3546`](https://redirect.github.com/nodejs/node/commit/9663ae3546)] - **deps**: fix asm build error of openssl in x86\_win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://redirect.github.com/iojs/io.js/pull/1389) - \[[`87eee99466`](https://redirect.github.com/nodejs/node/commit/87eee99466)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [iojs/io.js#1389](https://redirect.github.com/iojs/io.js/pull/1389) - \[[`da99d3f972`](https://redirect.github.com/nodejs/node/commit/da99d3f972)] - **deps**: copy all openssl header files to include dir (Sam Roberts) [#​28230](https://redirect.github.com/nodejs/node/pull/28230) - \[[`dc9d645ac4`](https://redirect.github.com/nodejs/node/commit/dc9d645ac4)] - **deps**: upgrade openssl sources to 1.0.2s (Sam Roberts) [#​28230](https://redirect.github.com/nodejs/node/pull/28230) - \[[`37e24b19a0`](https://redirect.github.com/nodejs/node/commit/37e24b19a0)] - **deps**: V8: backport [`d520ebb`](https://redirect.github.com/nodejs/node/commit/d520ebb) (Michaël Zasso) [#​27358](https://redirect.github.com/nodejs/node/pull/27358) - \[[`1a5dc6a3e7`](https://redirect.github.com/nodejs/node/commit/1a5dc6a3e7)] - **http**: check for existance in resetHeadersTimeoutOnReqEnd (Matteo Collina) [#​26402](https://redirect.github.com/nodejs/node/pull/26402) - \[[`e45b6a3b98`](https://redirect.github.com/nodejs/node/commit/e45b6a3b98)] - **http2**: do not start reading after write if new write is on wire (Anna Henningsen) [#​29399](https://redirect.github.com/nodejs/node/pull/29399) - \[[`559a8e342b`](https://redirect.github.com/nodejs/node/commit/559a8e342b)] - **http2**: do not crash on stream listener removal w/ destroyed session (Anna Henningsen) [#​29459](https://redirect.github.com/nodejs/node/pull/29459) - \[[`dd285968c4`](https://redirect.github.com/nodejs/node/commit/dd285968c4)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [iojs/io.js#1389](https://redirect.github.com/iojs/io.js/pull/1389) - \[[`3ee076f03d`](https://redirect.github.com/nodejs/node/commit/3ee076f03d)] - **stream**: ensure writable.destroy() emits error once (Luigi Pinca) [#​26057](https://redirect.github.com/nodejs/node/pull/26057) - \[[`a7e5fe1f06`](https://redirect.github.com/nodejs/node/commit/a7e5fe1f06)] - **test**: unskip tests that now pass on AIX (Sam Roberts) [#​29054](https://redirect.github.com/nodejs/node/pull/29054) - \[[`65e9b0f5a2`](https://redirect.github.com/nodejs/node/commit/65e9b0f5a2)] - **test**: specialize OOM check for AIX (Sam Roberts) [#​28857](https://redirect.github.com/nodejs/node/pull/28857) - \[[`7aca9cb09b`](https://redirect.github.com/nodejs/node/commit/7aca9cb09b)] - **test**: fix pty test hangs on aix (Ben Noordhuis) [#​28600](https://redirect.github.com/nodejs/node/pull/28600) - \[[`588b761fca`](https://redirect.github.com/nodejs/node/commit/588b761fca)] - **test**: skip stringbytes-external-exceed-max on AIX (Sam Roberts) [#​28516](https://redirect.github.com/nodejs/node/pull/28516) - \[[`930647d0fe`](https://redirect.github.com/nodejs/node/commit/930647d0fe)] - **test**: skip tests related to CI failures on AIX (Sam Roberts) [#​28469](https://redirect.github.com/nodejs/node/pull/28469) - \[[`92a2f8bbe3`](https://redirect.github.com/nodejs/node/commit/92a2f8bbe3)] - **test,win**: cleanup exec-timeout processes (João Reis) [#​28723](https://redirect.github.com/nodejs/node/pull/28723) - \[[`d57f79726d`](https://redirect.github.com/nodejs/node/commit/d57f79726d)] - **tls**: partially backport pull request [#​26415](https://redirect.github.com/nodejs/node/issues/26415) (Ben Noordhuis) [#​26415](https://redirect.github.com/nodejs/node/pull/26415) - \[[`c582fef5cc`](https://redirect.github.com/nodejs/node/commit/c582fef5cc)] - **tools**: update certdata.txt (Sam Roberts) [#​28808](https://redirect.github.com/nodejs/node/pull/28808) - \[[`4fbadf6a9e`](https://redirect.github.com/nodejs/node/commit/4fbadf6a9e)] - **tools**: update certdata.txt (Sam Roberts) [#​27374](https://redirect.github.com/nodejs/node/pull/27374) - \[[`529b2ad25f`](https://redirect.github.com/nodejs/node/commit/529b2ad25f)] - **tools**: update certdata.txt (Sam Roberts) [#​25113](https://redirect.github.com/nodejs/node/pull/25113) ### [`v8.16.1`](https://redirect.github.com/nodejs/node/releases/tag/v8.16.1): 2019-08-15, Version 8.16.1 'Carbon' (LTS), @​BethGriggs [Compare Source](https://redirect.github.com/nodejs/node/compare/v8.16.0...v8.16.1) ##### Notable changes This is a security release. Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information. Vulnerabilities fixed: - **CVE-2019-9511 “Data Dribble”**: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service. - **CVE-2019-9512 “Ping Flood”**: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service. - **CVE-2019-9513 “Resource Loop”**: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service. - **CVE-2019-9514 “Reset Flood”**: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service. - **CVE-2019-9515 “Settings Flood”**: The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service. - **CVE-2019-9516 “0-Length Headers Leak”**: The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service. - **CVE-2019-9517 “Internal Data Buffering”**: The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service. - **CVE-2019-9518 “Empty Frames Flood”**: The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service. (Discovered by Piotr Sikora of Google) ##### Commits - \[[`6d427378c0`](https://redirect.github.com/nodejs/node/commit/6d427378c0)] - **deps**: update nghttp2 to 1.39.2 (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`33d4d916d5`](https://redirect.github.com/nodejs/node/commit/33d4d916d5)] - **deps**: update nghttp2 to 1.39.1 (gengjiawen) [#​28448](https://redirect.github.com/nodejs/node/pull/28448) - \[[`17fad97113`](https://redirect.github.com/nodejs/node/commit/17fad97113)] - **deps**: update nghttp2 to 1.38.0 (gengjiawen) [#​27295](https://redirect.github.com/nodejs/node/pull/27295) - \[[`0b44733695`](https://redirect.github.com/nodejs/node/commit/0b44733695)] - **deps**: update nghttp2 to 1.37.0 (gengjiawen) [#​26990](https://redirect.github.com/nodejs/node/pull/26990) - \[[`5afc77b044`](https://redirect.github.com/nodejs/node/commit/5afc77b044)] - **deps**: update nghttp2 to 1.34.0 (James M Snell) [#​23284](https://redirect.github.com/nodejs/node/pull/23284) - \[[`073108c855`](https://redirect.github.com/nodejs/node/commit/073108c855)] - **http2**: allow security revert for Ping/Settings Flood (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`6d687f7af8`](https://redirect.github.com/nodejs/node/commit/6d687f7af8)] - **http2**: pause input processing if sending output (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`854dba649e`](https://redirect.github.com/nodejs/node/commit/854dba649e)] - **http2**: stop reading from socket if writes are in progress (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`a3191689dd`](https://redirect.github.com/nodejs/node/commit/a3191689dd)] - **http2**: consider 0-length non-end DATA frames an error (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`156f2f35df`](https://redirect.github.com/nodejs/node/commit/156f2f35df)] - **http2**: shrink default `vector::reserve()` allocations (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`10f05b65c4`](https://redirect.github.com/nodejs/node/commit/10f05b65c4)] - **http2**: handle 0-length headers better (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`ac28a628a5`](https://redirect.github.com/nodejs/node/commit/ac28a628a5)] - **http2**: limit number of invalid incoming frames (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`11b4e2c0db`](https://redirect.github.com/nodejs/node/commit/11b4e2c0db)] - **http2**: limit number of rejected stream openings (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`7de642b6f9`](https://redirect.github.com/nodejs/node/commit/7de642b6f9)] - **http2**: do not create ArrayBuffers when no DATA received (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`dd60d3561a`](https://redirect.github.com/nodejs/node/commit/dd60d3561a)] - **http2**: only call into JS when necessary for session events (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`00f6846b73`](https://redirect.github.com/nodejs/node/commit/00f6846b73)] - **http2**: improve JS-side debug logging (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) - \[[`b095e35f1f`](https://redirect.github.com/nodejs/node/commit/b095e35f1f)] - **http2**: improve http2 code a bit (James M Snell) [#​23984](https://redirect.github.com/nodejs/node/pull/23984) - \[[`cc282239c1`](https://redirect.github.com/nodejs/node/commit/cc282239c1)] - **test**: apply test-http2-max-session-memory-leak from v12.x (Anna Henningsen) [#​29122](https://redirect.github.com/nodejs/node/pull/29122) ### [`v8.16.0`](https://redirect.github.com/nodejs/node/releases/tag/v8.16.0): 2019-04-16, Version 8.16.0 'Carbon' (LTS), @​MylesBorins [Compare Source](https://redirect.github.com/nodejs/node/compare/v8.15.1...v8.16.0) ##### Notable Changes - **n-api**: - add API for asynchronous functions (Gabriel Schulhof) [#​17887](https://redirect.github.com/nodejs/node/pull/17887) - mark thread-safe function as stable (Gabriel Schulhof) [#​25556](https://redirect.github.com/nodejs/node/pull/25556) ##### Commits - \[[`705935d620`](https://redirect.github.com/nodejs/node/commit/705935d620)] - **assert**: fix backport regression (Ruben Bridgewater) [#​27202](https://redirect.github.com/nodejs/node/pull/27202) - \[[`c07ba9681f`](https://redirect.github.com/nodejs/node/commit/c07ba9681f)] - **build**: skip cctest on Windows shared lib build (Yihong Wang) [#​21228](https://redirect.github.com/nodejs/node/pull/21228) - \[[`63522886ea`](https://redirect.github.com/nodejs/node/commit/63522886ea)] - **build**: add loader path to rpath for cctest (Sam Ruby) [#​23168](https://redirect.github.com/nodejs/node/pull/23168) - \[[`e9369073d9`](https://redirect.github.com/nodejs/node/commit/e9369073d9)] - **build**: set `-blibpath:` for AIX (Richard Lau) [#​25447](https://redirect.github.com/nodejs/node/pull/25447) - \[[`97cc0fc51d`](https://redirect.github.com/nodejs/node/commit/97cc0fc51d)] - **deps**: V8: cherry-pick [`3cc6919`](https://redirect.github.com/nodejs/node/commit/3cc6919) (Farazmand) [#​25874](https://redirect.github.com/nodejs/node/pull/25874) - \[[`a1aff28fba`](https://redirect.github.com/nodejs/node/commit/a1aff28fba)] - **deps**: cherry-pick [`525b396`](https://redirect.github.com/nodejs/node/commit/525b396) from V8 upstream (Peter Marshall) [#​25041](https://redirect.github.com/nodejs/node/pull/25041) - \[[`6b7cccc88a`](https://redirect.github.com/nodejs/node/commit/6b7cccc88a)] - **doc**: fix optional parameters in n-api.md (Lars-Magnus Skog) [#​22998](https://redirect.github.com/nodejs/node/pull/22998) - \[[`b17819db3d`](https://redirect.github.com/nodejs/node/commit/b17819db3d)] - **doc**: update the http.request.setTimeout docs to be accurate (James Bunton) [#​25123](https://redirect.github.com/nodejs/node/pull/25123) - \[[`ac9b8f7645`](https://redirect.github.com/nodejs/node/commit/ac9b8f7645)] - **http**: fix error check in `Execute()` (Brian White) [#​24738](https://redirect.github.com/nodejs/node/pull/24738) - \[[`1d862610f8`](https://redirect.github.com/nodejs/node/commit/1d862610f8)] - **http**: attach reused parser to correct domain (Julien Gilli) [#​25459](https://redirect.github.com/nodejs/node/pull/25459) - \[[`d3de1ed653`](https://redirect.github.com/nodejs/node/commit/d3de1ed653)] - **n-api**: improve performance creating strings (Anthony Tuininga) [#​26439](https://redirect.github.com/nodejs/node/pull/26439) - \[[`2b2ad96ef2`](https://redirect.github.com/nodejs/node/commit/2b2ad96ef2)] - **n-api**: finalize during second-pass callback (Gabriel Schulhof) [#​25992](https://redirect.github.com/nodejs/node/pull/25992) - \[[`d6ffabc37f`](https://redirect.github.com/nodejs/node/commit/d6ffabc37f)] - **(SEMVER-MINOR)** **n-api**: mark thread-safe function as stable (Gabriel Schulhof) [#​25556](https://redirect.github.com/nodejs/node/pull/25556) - \[[`44609d1274`](https://redirect.github.com/nodejs/node/commit/44609d1274)] - **n-api**: restrict exports by version (Kyle Farnung) [#​19962](https://redirect.github.com/nodejs/node/pull/19962) - \[[`fe4328252a`](https://redirect.github.com/nodejs/node/commit/fe4328252a)] - **n-api**: add missing handle scopes (Daniel Bevenius) [#​24011](https://redirect.github.com/nodejs/node/pull/24011) - \[[`902b07959f`](https://redirect.github.com/nodejs/node/commit/902b07959f)] - **n-api**: clean up thread-safe function (Gabriel Schulhof) [#​22259](https://redirect.github.com/nodejs/node/pull/22259) - \[[`09b88aabb3`](https://redirect.github.com/nodejs/node/commit/09b88aabb3)] - **n-api**: remove idle_running from TsFn (Lars-Magnus Skog) [#​22520](https://redirect.github.com/nodejs/node/pull/22520) - \[[`367505940a`](https://redirect.github.com/nodejs/node/commit/367505940a)] - **n-api**: guard against cond null dereference (Gabriel Schulhof) [#​21871](https://redirect.github.com/nodejs/node/pull/21871) - \[[`c5a11dc58e`](https://redirect.github.com/nodejs/node/commit/c5a11dc58e)] - **n-api**: fix compiler warning (cjihrig) [#​21597](https://redirect.github.com/nodejs/node/pull/21597) - \[[`759a0180b5`](https://redirect.github.com/nodejs/node/commit/759a0180b5)] - **(SEMVER-MINOR)** **n-api**: add API for asynchronous functions (Gabriel Schulhof) [#​17887](https://redirect.github.com/nodejs/node/pull/17887) - \[[`ea5628e77a`](https://redirect.github.com/nodejs/node/commit/ea5628e77a)] - **process**: allow reading from stdout/stderr sockets (Anna Henningsen) [#​23053](https://redirect.github.com/nodejs/node/pull/23053) - \[[`67b6e0d19c`](https://redirect.github.com/nodejs/node/commit/67b6e0d19c)] - **src**: fix may be uninitialized warning in n-api (Michael Dawson) [#​21898](https://redirect.github.com/nodejs/node/pull/21898) - \[[`eaf474cc5d`](https://redirect.github.com/nodejs/node/commit/eaf474cc5d)] - **test**: shared lib build doesn't handle SIGPIPE (Yihong Wang) [#​19211](https://redirect.github.com/nodejs/node/pull/19211) - \[[`3128cb7da6`](https://redirect.github.com/nodejs/node/commit/3128cb7da6)] - **test**: avoid running fsync on directory on AIX (John Barboza) [#​21298](https://redirect.github.com/nodejs/node/pull/21298) - \[[`b4c5435a46`](https://redirect.github.com/nodejs/node/commit/b4c5435a46)] - **test**: add process.stdin.end() TTY regression test (Matteo Collina) [#​23051](https://redirect.github.com/nodejs/node/pull/23051) - \[[`c56f3edb10`](https://redirect.github.com/nodejs/node/commit/c56f3edb10)] - **test**: add stdin writable regression test (Anna Henningsen) [#​23053](https://redirect.github.com/nodejs/node/pull/23053) - \[[`f6ff8c51bc`](https://redirect.github.com/nodejs/node/commit/f6ff8c51bc)] - **test**: fix module loading error for AIX 7.1 (Richard Lau) [#​25418](https://redirect.github.com/nodejs/node/pull/25418) - \[[`d4b6643ac3`](https://redirect.github.com/nodejs/node/commit/d4b6643ac3)] - **test**: mark test-cli-node-options flaky on arm (Rich Trott) [#​25032](https://redirect.github.com/nodejs/node/pull/25032) - \[[`60db455961`](https://redirect.github.com/nodejs/node/commit/60db455961)] - **test**: mark test_threadsafe_function/test as flaky (Gireesh Punathil) [#​24714](https://redirect.github.com/nodejs/node/pull/24714) - \[[`fbafe8d311`](https://redirect.github.com/nodejs/node/commit/fbafe8d311)] - **test**: fix test-repl-envvars (Anna Henningsen) [#​25226](https://redirect.github.com/nodejs/node/pull/25226) - \[[`7573b55a15`](https://redirect.github.com/nodejs/node/commit/7573b55a15)] - **tls**: fix legacy SecurePair clienthello race window (Ben Noordhuis) [#​26452](https://redirect.github.com/nodejs/node/pull/26452) - \[[`91620b8bd6`](https://redirect.github.com/nodejs/node/commit/91620b8bd6)] - **tls**: fix legacy SecurePair session resumption (Ben Noordhuis) [#​26452](https://redirect.github.com/nodejs/node/pull/26452) - \[[`1a9582b7a6`](https://redirect.github.com/nodejs/node/commit/1a9582b7a6)] - **tools**: allow input for TTY tests (Anna Henningsen) [#​23053](https://redirect.github.com/nodejs/node/pull/23053) ### [`v8.15.1`](https://redirect.github.com/nodejs/node/compare/v8.15.0...v8.15.1) [Compare Source](https://redirect.github.com/nodejs/node/compare/v8.15.0...v8.15.1) ### [`v8.15.0`](https://redirect.github.com/nodejs/node/releases/tag/v8.15.0): 2018-12-26, Version 8.15.0 'Carbon' (LTS), @​MylesBorins [Compare Source](https://redirect.github.com/nodejs/node/compare/v8.14.1...v8.15.0) The 8.14.0 security release introduced some unexpected breakages on the 8.x release line. This is a special release to fix a regression in the HTTP binary upgrade response body and add a missing CLI flag to adjust the max header size of the http parser. ##### Notable Changes - **cli**: - add --max-http-header-size flag (cjihrig) [#​24811](https://redirect.github.com/nodejs/node/pull/24811) - **http**: - add maxHeaderSize property (cjihrig) [#​24860](https://redirect.github.com/nodejs/node/pull/24860) ##### Commits - \[[`693e362175`](https://redirect.github.com/nodejs/node/commit/693e362175)] - **(SEMVER-MINOR)** **cli**: add --max-http-header-size flag (cjihrig) [#​24811](https://redirect.github.com/nodejs/node/pull/24811) - \[[`4fb5a1be2f`](https://redirect.github.com/nodejs/node/commit/4fb5a1be2f)] - **(SEMVER-MINOR)** **deps**: cherry-pick http_parser_set_max_header_size (cjihrig) [#​24811](https://redirect.github.com/nodejs/node/pull/24811) - \[[`446f8b54e5`](https://redirect.github.com/nodejs/node/commit/446f8b54e5)] - **(SEMVER-MINOR)** **http**: add maxHeaderSize property (cjihrig) [#​24860](https://redirect.github.com/nodejs/node/pull/24860) - \[[`215ecfe4de`](https://redirect.github.com/nodejs/node/commit/215ecfe4de)] - **http**: fix regression of binary upgrade response body (Matteo Collina) [#​25037](https://redirect.github.com/nodejs/node/pull/25037) - \[[`e1fbc26c6a`](https://redirect.github.com/nodejs/node/commit/e1fbc26c6a)] - **test**: move test-benchmark-path to sequential (Rich Trott) [#​21393](https://redirect.github.com/nodejs/node/pull/21393) - \[[`aef71c05a2`](https://redirect.github.com/nodejs/node/commit/aef71c05a2)] - **test**: mark test-http2-settings-flood as flaky on Windows (Rich Trott) [#​25048](https://redirect.github.com/nodejs/node/pull/25048) ### [`v8.14.1`](https://redirect.github.com/nodejs/node/releases/tag/v8.14.1): 2018-12-18, Version 8.14.1 'Carbon' (LTS), @​MylesBorins prepared by @​BethGriggs [Compare Source](https://redirect.github.com/nodejs/node/compare/v8.14.0...v8.14.1) ##### Notable changes - **assert**: - revert breaking change (Ruben Bridgewater) [#​24786](https://redirect.github.com/nodejs/node/pull/24786) - **http2**: - fix sequence of error/close events (Gerhard Stoebich) [#​24789](https://redirect.github.com/nodejs/node/pull/24789) ##### Commits - \[[`62fb5dbec5`](https://redirect.github.com/nodejs/node/commit/62fb5dbec5)] - **assert**: revert breaking change (Ruben Bridgewater) [#​24786](https://redirect.github.com/nodejs/node/pull/24786) - \[[`a8402fe1c8`](https://redirect.github.com/nodejs/node/commit/a8402fe1c8)] - **build**: only check REPLACEME & DEP...X for releases (Rod Vagg) [#​24575](https://redirect.github.com/nodejs/node/pull/24575) - \[[`26743369d3`](https://redirect.github.com/nodejs/node/commit/26743369d3)] - **build**: improve Travis CI settings (Timothy Gu) [#​21459](https://redirect.github.com/nodejs/node/pull/21459) - \[[`1da04c208d`](https://redirect.github.com/nodejs/node/commit/1da04c208d)] - **build**: install markdown linter for travis (Richard Lau) [#​21215](https://redirect.github.com/nodejs/node/pull/21215) - \[[`7612024939`](https://redirect.github.com/nodejs/node/commit/7612024939)] - **build**: initial .travis.yml implementation (Anna Henningsen) [#​21059](https://redirect.github.com/nodejs/node/pull/21059) - \[[`f70e79a7b2`](https://redirect.github.com/nodejs/node/commit/f70e79a7b2)] - **build**: allow for overwriting of use_openssl_def (Shelley Vohr) [#​23763](https://redirect.github.com/nodejs/node/pull/23763) - \[[`15d1f67c60`](https://redirect.github.com/nodejs/node/commit/15d1f67c60)] - **build,doc**: remove outdated `lint-md-build` (Michaël Zasso) [#​22991](https://redirect.github.com/nodejs/node/pull/22991) - \[[`85a6daeaef`](https://redirect.github.com/nodejs/node/commit/85a6daeaef)] - **build,meta**: switch to gcc-4.9 on travis (Refael Ackermann) [#​23778](https://redirect.github.com/nodejs/node/pull/23778) - \[[`313ef6fa73`](https://redirect.github.com/nodejs/node/commit/313ef6fa73)] - **build,tools**: tweak the travis config (Refael Ackermann) [#​22417](https://redirect.github.com/nodejs/node/pull/22417) - \[[`22b41495ea`](https://redirect.github.com/nodejs/node/commit/22b41495ea)] - **child_process**: handle undefined/null for fork() args (Shobhit Chittora) [#​22416](https://redirect.github.com/nodejs/node/pull/22416) - \[[`499605618b`](https://redirect.github.com/nodejs/node/commit/499605618b)] - **crypto**: add SET_INTEGER_CONSANT macro (Daniel Bevenius) [#​23687](https://redirect.github.com/nodejs/node/pull/23687) - \[[`34d91296df`](https://redirect.github.com/nodejs/node/commit/34d91296df)] - **deps**: icu: apply workaround patch (Steven R. Loomis) [#​23764](https://redirect.github.com/nodejs/node/pull/23764) - \[[`50347297a1`](https://redirect.github.com/nodejs/node/commit/50347297a1)] - **deps**: cherry-pick [`d2e0166`](https://redirect.github.com/nodejs/node/commit/d2e0166) from V8 upstream (Vasili Skurydzin) [#​23958](https://redirect.github.com/nodejs/node/pull/23958) - \[[`9bedae5266`](https://redirect.github.com/nodejs/node/commit/9bedae5266)] - **deps**: cherry-pick [`6bc4bfe`](https://redirect.github.com/nodejs/node/commit/6bc4bfe) from V8 upstream (Vasili Skurydzin) [#​23958](https://redirect.github.com/nodejs/node/pull/23958) - \[[`4f3c9e6aab`](https://redirect.github.com/nodejs/node/commit/4f3c9e6aab)] - **deps,v8**: fix gyp build on Aix platform (Vasili Skurydzin) [#​23958](https://redirect.github.com/nodejs/node/pull/23958) - \[[`74c1074d53`](https://redirect.github.com/nodejs/node/commit/74c1074d53)] - **doc**: add description for inspector-only console methods. (Benjamin Zaslavsky) [#​17004](https://redirect.github.com/nodejs/node/pull/17004) - \[[`692223182c`](https://redirect.github.com/nodejs/node/commit/692223182c)] - **doc**: fix api documentation of http.createServer (Ari Autio) [#​24869](https://redirect.github.com/nodejs/node/pull/24869) - \[[`6d8c65e574`](https://redirect.github.com/nodejs/node/commit/6d8c65e574)] - **doc**: update to adding listens on SIGUSR1 (willhayslett) [#​19709](https://redirect.github.com/nodejs/node/pull/19709) - \[[`33b7c50036`](https://redirect.github.com/nodejs/node/commit/33b7c50036)] - **doc**: remove "if provided" for optional arguments (Rich Trott) [#​19690](https://redirect.github.com/nodejs/node/pull/19690) - \[[`216e7da8c5`](https://redirect.github.com/nodejs/node/commit/216e7da8c5)] - **doc**: do not identify string as "JavaScript string" (Rich Trott) [#​19689](https://redirect.github.com/nodejs/node/pull/19689) - \[[`17e84217c7`](https://redirect.github.com/nodejs/node/commit/17e84217c7)] - **doc**: fix grammar error in process.md (Kenji Okamoto) [#​19641](https://redirect.github.com/nodejs/node/pull/19641) - \[[`06daf5276f`](https://redirect.github.com/nodejs/node/commit/06daf5276f)] - **doc**: remove use of "random port" re dgram send (Thomas Hunter II) [#​19620](https://redirect.github.com/nodejs/node/pull/19620) - \[[`bf95392e86`](https://redirect.github.com/nodejs/node/commit/bf95392e86)] - **doc**: improve assert legacy text (Rich Trott) [#​19622](https://redirect.github.com/nodejs/node/pull/19622) - \[[`e48cc3c403`](https://redirect.github.com/nodejs/node/commit/e48cc3c403)] - **doc**: remove confusing note about child process stdio (Anna Henningsen) [#​19552](https://redirect.github.com/nodejs/node/pull/19552) - \[[`9d249bf6d5`](https://redirect.github.com/nodejs/node/commit/9d249bf6d5)] - **doc**: add BethGriggs to collaborators (Beth Griggs) [#​19610](https://redirect.github.com/nodejs/node/pull/19610) - \[[`c3ecf05b01`](https://redirect.github.com/nodejs/node/commit/c3ecf05b01)] - **doc**: document `make docopen` (Ayush Gupta) [#​19321](https://redirect.github.com/nodejs/node/pull/19321) - \[[`8338700d05`](https://redirect.github.com/nodejs/node/commit/8338700d05)] - **doc**: add directory structure in writing-tests.md (juggernaut451) [#​18802](https://redirect.github.com/nodejs/node/pull/18802) - \[[`63d8632611`](https://redirect.github.com/nodejs/node/commit/63d8632611)] - **doc**: add types for some `process` properties (Vse Mozhet Byt) [#​19571](https://redirect.github.com/nodejs/node/pull/19571) - \[[`b2fc3b556c`](https://redirect.github.com/nodejs/node/commit/b2fc3b556c)] - **doc**: fix n-api example string (Steven R. Loomis) [#​19205](https://redirect.github.com/nodejs/node/pull/19205) - \[[`d79e7d6e89`](https://redirect.github.com/nodejs/node/commit/d79e7d6e89)] - **doc**: minor improvements to buffer.md (Rich Trott) [#​19547](https://redirect.github.com/nodejs/node/pull/19547) - \[[`06491482f8`](https://redirect.github.com/nodejs/node/commit/06491482f8)] - **doc**: update child_process.md (Ari Leo Frankel) [#​19075](https://redirect.github.com/nodejs/node/pull/19075) - \[[`4db289ca17`](https://redirect.github.com/nodejs/node/commit/4db289ca17)] - **doc**: move StackOverflow to unofficial section (josephleon) [#​19416](https://redirect.github.com/nodejs/node/pull/19416) - \[[`f5683a9a6d`](https://redirect.github.com/nodejs/node/commit/f5683a9a6d)] - **doc**: correct async_hooks resource names (Gerhard Stoebich) [#​24684](https://redirect.github.com/nodejs/node/pull/24684) - \[[`ffe1f8033c`](https://redirect.github.com/nodejs/node/commit/ffe1f8033c)] - **doc**: sort bottom-of-file markdown links (Sam Roberts) [#​24682](https://redirect.github.com/nodejs/node/pull/24682) - \[[`78d9a5e6e4`](https://redirect.github.com/nodejs/node/commit/78d9a5e6e4)] - **doc**: address bits of proof reading work (Jagannath Bhat) [#​23978](https://redirect.github.com/nodejs/node/pull/23978) - \[[`d1eebb2e43`](https://redirect.github.com/nodejs/node/commit/d1eebb2e43)] - **doc**: revise COLLABORATOR_GUIDE.md (Rich Trott) [#​23990](https://redirect.github.com/nodejs/node/pull/23990) - \[[`003eb0c8e1`](https://redirect.github.com/nodejs/node/commit/003eb0c8e1)] - **doc**: simplify CODE_OF_CONDUCT.md (Rich Trott) [#​23989](https://redirect.github.com/nodejs/node/pull/23989) - \[[`c1723c8bca`](https://redirect.github.com/nodejs/node/commit/c1723c8bca)] - **doc**: add branding to style guide (Rich Trott) [#​23967](https://redirect.github.com/nodejs/node/pull/23967) - \[[`8bb67a1fb9`](https://redirect.github.com/nodejs/node/commit/8bb67a1fb9)] - **doc**: use Node.js instead of Node (Rich Trott) [#​23967](https://redirect.github.com/nodejs/node/pull/23967) - \[[`73e0bb1f52`](https://redirect.github.com/nodejs/node/commit/73e0bb1f52)] - **doc**: fix typographical issues (Denis McDonald) [#​23970](https://redirect.github.com/nodejs/node/pull/23970) - \[[`6d76f852a9`](https://redirect.github.com/nodejs/node/commit/6d76f852a9)] - **doc**: add documentation for http.IncomingMessage$complete (James M Snell) [#​23914](https://redirect.github.com/nodejs/node/pull/23914) - \[[`3025f351db`](https://redirect.github.com/nodejs/node/commit/3025f351db)] - **doc**: remove mailing list (Rich Trott) [#​23932](https://redirect.github.com/nodejs/node/pull/23932) - \[[`2459e150bb`](https://redirect.github.com/nodejs/node/commit/2459e150bb)] - **doc**: add note about ABI compatibility (Myles Borins) [#​22237](https://redirect.github.com/nodejs/node/pull/22237) - \[[`27b35833bd`](https://redirect.github.com/nodejs/node/commit/27b35833bd)] - **doc**: make example more clarified in cluster.md (ZYSzys) [#​23931](https://redirect.github.com/nodejs/node/pull/23931) - \[[`0d4de59967`](https://redirect.github.com/nodejs/node/commit/0d4de59967)] - **doc**: simplify valid security issue descriptions (Rich Trott) [#​23881](https://redirect.github.com/nodejs/node/pull/23881) - \[[`9afdc09f98`](https://redirect.github.com/nodejs/node/commit/9afdc09f98)] - **doc**: simplify path.basename() on POSIX and Windows (ZYSzys) [#​23864](https://redirect.github.com/nodejs/node/pull/23864) - \[[`3f2a01688d`](https://redirect.github.com/nodejs/node/commit/3f2a01688d)] - **doc**: add review suggestions to require() (erickwendel) [#​23605](https://redirect.github.com/nodejs/node/pull/23605) - \[[`f037942fe7`](https://redirect.github.com/nodejs/node/commit/f037942fe7)] - **doc**: move [@​phillipj](https://redirect.github.com/phillipj) to emeriti (Phillip Johnsen) [#​23790](https://redirect.github.com/nodejs/node/pull/23790) - \[[`e5f75cf82e`](https://redirect.github.com/nodejs/node/commit/e5f75cf82e)] - **doc**: add note about removeListener order (James M Snell) [#​23762](https://redirect.github.com/nodejs/node/pull/23762) - \[[`0ff88a3510`](https://redirect.github.com/nodejs/node/commit/0ff88a3510)] - **doc**: document ACL limitation for fs.access on Windows (James M Snell) [#​23772](https://redirect.github.com/nodejs/node/pull/23772) - \[[`32ae851710`](https://redirect.github.com/nodejs/node/commit/32ae851710)] - **doc**: document that addMembership must be called once in a cluster (James M Snell) [#​23746](https://redirect.github.com/nodejs/node/pull/23746) - \[[`e2d2ce6706`](https://redirect.github.com/nodejs/node/commit/e2d2ce6706)] - **doc**: remove reference to sslv3 in tls.md (James M Snell) [#​23745](https://redirect.github.com/nodejs/node/pull/23745) - \[[`4c24a82a65`](https://redirect.github.com/nodejs/node/commit/4c24a82a65)] - **http2**: fix sequence of error/close events (Gerhard Stoebich) [#​24789](https://redirect.github.com/nodejs/node/pull/24789) - \[[`8afbd5ce41`](https://redirect.github.com/nodejs/node/commit/8afbd5ce41)] - **lib**: fix a typo in lib/timers "read through" (wangzengdi) [#​19666](https://redirect.github.com/nodejs/node/pull/19666) - \[[`fa12532000`](https://redirect.github.com/nodejs/node/commit/fa12532000)] - **lib**: remove useless cwd in posix.resolve (ZYSzys) [#​23902](https://redirect.github.com/nodejs/node/pull/23902) - \[[`e8dbd09414`](https://redirect.github.com/nodejs/node/commit/e8dbd09414)] - **src**: use "constants" string instead of creating new one (Ouyang Yadong) [#​23894](https://redirect.github.com/nodejs/node/pull/23894) - \[[`394cb42962`](https://redirect.github.com/nodejs/node/commit/394cb42962)] - **test**: verify order of error in h2 server stream (Myles Borins) [#​24685](https://redirect.github.com/nodejs/node/pull/24685) - \[[`5e09a3d4ed`](https://redirect.github.com/nodejs/node/commit/5e09a3d4ed)] - **test**: test process.setuid for bad argument types (Divyanshu Singh) [#​19703](https://redirect.github.com/nodejs/node/pull/19703) - \[[`970164f3a8`](https://redirect.github.com/nodejs/node/commit/970164f3a8)] - **test**: improve assert message (fatahn) [#​19629](https://redirect.github.com/nodejs/node/pull/19629) - \[[`086570e4e1`](https://redirect.github.com/nodejs/node/commit/086570e4e1)] - **test**: remove third argument from call to assert.strictEqual() (Forrest Wolf) [#​19659](https://redirect.github.com/nodejs/node/pull/19659) - \[[`a7b3274af4`](https://redirect.github.com/nodejs/node/commit/a7b3274af4)] - **test**: fix flaky test-cluster-send-handle-twice (Rich Trott) [#​19700](https://redirect.github.com/nodejs/node/pull/19700) - \[[`1bda58289a`](https://redirect.github.com/nodejs/node/commit/1bda58289a)] - **test**: rename regression tests more expressively (Ujjwal Sharma) [#​19668](https://redirect.github.com/nodejs/node/pull/19668) - \[[`bd9cc92e8d`](https://redirect.github.com/nodejs/node/commit/bd9cc92e8d)] - **test**: remove 3rd argument from assert.strictEqual (Arian Santrach) [#​19707](https://redirect.github.com/nodejs/node/pull/19707) - \[[`3ca10faf00`](https://redirect.github.com/nodejs/node/commit/3ca10faf00)] - **test**: use createReadStream instead of ReadStream (Daniel Bevenius) [#​19636](https://redirect.github.com/nodejs/node/pull/19636) - \[[`8a546e822d`](https://redirect.github.com/nodejs/node/commit/8a546e822d)] - **test**: removed default message from assert.strictEqual (jaspal-yupana) [#​19660](https://redirect.github.com/nodejs/node/pull/19660) - \[[`a62df1b379`](https://redirect.github.com/nodejs/node/commit/a62df1b379)] - **test**: refactor test-net-dns-error (Luigi Pinca) [#​19640](https://redirect.github.com/nodejs/node/pull/19640) - \[[`8a0ecf4360`](https://redirect.github.com/nodejs/node/commit/8a0ecf4360)] - **test**: refactor test-http-expect-continue (Rich Trott) [#​19625](https://redirect.github.com/nodejs/node/pull/19625) - \[[`0cbe813e90`](https://redirect.github.com/nodejs/node/commit/0cbe813e90)] - **test**: update link according to NIST bibliography (Tobias Nießen) [#​19593](https://redirect.github.com/nodejs/node/pull/19593) - \[[`ea1fda6228`](https://redirect.github.com/nodejs/node/commit/ea1fda6228)] - **test**: remove third param from assert.strictEqual (davis.okoth@kemsa.co.ke) [#​19536](https://redirect.github.com/nodejs/node/pull/19536) - \[[`18c4e5e886`](https://redirect.github.com/nodejs/node/commit/18c4e5e886)] - **test**: remove message from assert.strictEqual() (willhayslett) [#​19525](https://redirect.github.com/nodejs/node/pull/19525) - \[[`146c488bf5`](https://redirect.github.com/nodejs/node/commit/146c488bf5)] - **test**: refactor parallel/test-tls-ca-concat.js (juggernaut451) [#​19092](https://redirect.github.com/nodejs/node/pull/19092) - \[[`8fa5bd3761`](https://redirect.github.com/nodejs/node/commit/8fa5bd3761)] - **test**: rename regression tests file names (Ujjwal Sharma) [#​19332](https://redirect.github.com/nodejs/node/pull/19332) - \[[`d34ade8755`](https://redirect.github.com/nodejs/node/commit/d34ade8755)] - **test**: fix strictEqual arguments order (Esteban Sotillo) [#​23956](https://redirect.github.com/nodejs/node/pull/23956) - \[[`6ae07a9248`](https://redirect.github.com/nodejs/node/commit/6ae07a9248)] - **test**: add property for RangeError in test-buffer-copy (mritunjaygoutam12) [#​23968](https://redirect.github.com/nodejs/node/pull/23968) - \[[`b1e6de80c1`](https://redirect.github.com/nodejs/node/commit/b1e6de80c1)] - **test**: fix regression when compiled with FIPS (Adam Majer) [#​23871](https://redirect.github.com/nodejs/node/pull/23871) - \[[`d0368b8245`](https://redirect.github.com/nodejs/node/commit/d0368b8245)] - **test**: fix strictEqual() argument order (Loic) [#​23829](https://redirect.github.com/nodejs/node/pull/23829) - \[[`3a864d716e`](https://redirect.github.com/nodejs/node/commit/3a864d716e)] - **test**: fix strictEqual() arguments order (Nolan Rigo) [#​23800](https://redirect.github.com/nodejs/node/pull/23800) - \[[`e7a573a9e2`](https://redirect.github.com/nodejs/node/commit/e7a573a9e2)] - **test**: fix test-require-symlink on Windows (Bartosz Sosnowski) [#​23691](https://redirect.github.com/nodejs/node/pull/23691) - \[[`ac91346776`](https://redirect.github.com/nodejs/node/commit/ac91346776)] - **test**: fix strictEqual() argument order (Romain Lanz) [#​23768](https://redirect.github.com/nodejs/node/pull/23768) - \[[`0f98c4926a`](https://redirect.github.com/nodejs/node/commit/0f98c4926a)] - **test**: fix strictEqual() arguments order (Thomas GENTILHOMME) [#​23771](https://redirect.github.com/nodejs/node/pull/23771) - \[[`73d19b1516`](https://redirect.github.com/nodejs/node/commit/73d19b1516)] - **test**: ensure openssl version prints correctly (Sam Roberts) [#​23678](https://redirect.github.com/nodejs/node/pull/23678) - \[[`544e64d68d`](https://redirect.github.com/nodejs/node/commit/544e64d68d)] - **test**: fix assertion arguments order (Elian Gutierrez) [#​23787](https://redirect.github.com/nodejs/node/pull/23787) - \[[`e84c01d1f3`](https://redirect.github.com/nodejs/node/commit/e84c01d1f3)] - **tools**: update alternative docs versions (Richard Lau) [#​23980](https://redirect.github.com/nodejs/node/pull/23980) - \[[`02209c5fa7`](https://redirect.github.com/nodejs/node/commit/02209c5fa7)] - **tools**: clarify commit message linting (Rich Trott) [#​23742](https://redirect.github.com/nodejs/node/pull/23742) - \[[`22043ccb84`](https://redirect.github.com/nodejs/node/commit/22043ccb84)] - **tools**: do not lint commit message if var undefined (Rich Trott) [#​23725](https://redirect.github.com/nodejs/node/pull/23725) - \[[`2a8a28c436`](https://redirect.github.com/nodejs/node/commit/2a8a28c436)] - **tools**: make Travis commit linting more robust (Rich Trott) [#​23397](https://redirect.github.com/nodejs/node/pull/23397) - \[[`c15d236545`](https://redirect.github.com/nodejs/node/commit/c15d236545)] - **tools**: apply linting to first commit in PRs (Rich Trott) [#​22452](https://redirect.github.com/nodejs/node/pull/22452) ### [`v8.14.0`](https://redirect.github.com/nodejs/node/releases/tag/v8.14.0): 2018-11-27, Version 8.14.0 'Carbon' (LTS), @​rvagg [Compare Source](https://redirect.github.com/nodejs/node/compare/v8.13.0...v8.14.0) This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: - Node.js: Denial of Service with large HTTP headers (CVE-2018-12121) - Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js) - Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123) - Node.js: HTTP request splitting (CVE-2018-12116) - OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) - OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) ##### Notable Changes - **deps**: Upgrade to OpenSSL 1.0.2q, fixing CVE-2018-0734 and CVE-2018-5407 - **http**: - Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina) - A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with `server.headersTimeout`. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with `server.setTimeout()`, this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach ([liebdich.com](https://liebdich.com)). (CVE-2018-12122 / Matteo Collina) - Two-byte characters are now strictly disallowed for the `path` option in HTTP client requests. Paths containing characters outside of the range `\u0021` - `\u00ff` will now be rejected with a `TypeError`. This behavior can be reverted if necessary by supplying the `--security-revert=CVE-2018-12116` command line argument (this is not recommended). Reported as security concern for Node.js 6 and 8 by [Arkadiy Tetelman](https://twitter.com/arkadiyt) ([Lob](https://lob.com)), fixed by backporting a change by Benno Fünfstück applied to Node.js 10 and later. (CVE-2018-12116 / Matteo Collina) - **url**: Fix a bug that would allow a hostname being spoofed when parsing URLs with `url.parse()` with the `'javascript:'` protocol. Reported by [Martin Bajanik](https://twitter.com/\_bayotop) ([Kentico](https://kenticocloud.com/)). (CVE-2018-12123 / Matteo Collina) ##### Commits - \[[`add20f373c`](https://redirect.github.com/nodejs/node/commit/add20f373c)] - **deps**: add -no_rand_screen to openssl s_client (Shigeki Ohtsu) [nodejs/node#1836](https://redirect.github.com/nodejs/node/pull/1836) - \[[`c4e382cce3`](https://redirect.github.com/nodejs/node/commit/c4e382cce3)] - **deps**: fix asm build error of openssl in x86\_win32 (Shigeki Ohtsu) [nodejs/node#1389](https://redirect.github.com/nodejs/node/pull/1389) - \[[`f1d1f12519`](https://redirect.github.com/nodejs/node/commit/f1d1f12519)] - **deps**: fix openssl assembly error on ia32 win32 (Fedor Indutny) [nodejs/node#1389](https://redirect.github.com/nodejs/node/pull/1389) - \[[`69037ad5c4`](https://redirect.github.com/nodejs/node/commit/69037ad5c4)] - **deps**: copy all openssl header files to include dir (Sam Roberts) [#​24530](https://redirect.github.com/nodejs/node/pull/24530) - \[[`f5b34336bb`](https://redirect.github.com/nodejs/node/commit/f5b34336bb)] - **deps**: upgrade openssl sources to 1.0.2q (Sam Roberts) [#​24530](https://redirect.github.com/nodejs/node/pull/24530) - \[[`93dba83fb0`](https://redirect.github.com/nodejs/node/commit/93dba83fb0)] - **deps,http**: http_parser set max header size to 8KB (Matteo Collina) [nodejs-private/node-private#143](https://redirect.github.com/nodejs-private/node-private/pull/143) - \[[`576038fb61`](https://redirect.github.com/nodejs/node/commit/576038fb61)] - **(SEMVER-MINOR)** **http**: add --security-revert for CVE-2018-12116 (Matteo Collina) [nodejs-private/node-private#146](https://redirect.github.com/nodejs-private/node-private/pull/146) - \[[`513e9747a2`](https://redirect.github.com/nodejs/node/commit/513e9747a2)] - **(SEMVER-MINOR)** **http**: disallow two-byte characters in URL path (Benno Fünfstück) [nodejs-private/node-private#146](https://redirect.github.com/nodejs-private/node-private/pull/146) - \[[`696f063c5e`](https://redirect.github.com/nodejs/node/commit/696f063c5e)] - **(SEMVER-MINOR)** **http,https**: protect against slow headers attack (Matteo Collina) [nodejs-private/node-private#151](https://redirect.github.com/nodejs-private/node-private/pull/151) - \[[`7f362a11ee`](https://redirect.github.com/nodejs/node/commit/7f362a11ee)] - **openssl**: fix keypress requirement in apps on win32 (Shigeki Ohtsu) [nodejs/node#1389](https://redirect.github.com/nodejs/node/pull/1389) - \[[`53a6e4eb20`](https://redirect.github.com/nodejs/node/commit/53a6e4eb20)] - **url**: avoid hostname spoofing w/ javascript protocol (Matteo Collina) [nodejs-private/node-private#145](https://redirect.github.com/nodejs-private/node-private/pull/145) ### [`v8.13.0`](https://redirect.github.com/nodejs/node/releases/tag/v8.13.0): 2018-11-20, Version 8.13.0 'Carbon' (LTS), @​MylesBorins prepared by @​BethGriggs [Compare Source](https://redirect.github.com/nodejs/node/compare/v8.12.0...v8.13.0) ##### Notable changes - **assert**: - backport some assert commits (Ruben Bridgewater) [#​23223](https://redirect.github.com/nodejs/node/pull/23223) - **deps**: - upgrade to libuv 1.23.2 (cjihrig) [#​23336](https://redirect.github.com/nodejs/node/pull/23336) - V8: cherry-pick 64-bit hash seed commits (Yang Guo) [#​23274](https://redirect.github.com/nodejs/node/pull/23274) - **http**: - added aborted property to request (Robert Nagy) [#​20094](https://redirect.github.com/nodejs/node/pull/20094) - **http2**: - graduate from experimental (James M Snell) [#​22466](https://redirect.github.com/nodejs/node/pull/22466) ##### Commits - \[[`0d241ba385`](https://redirect.github.com/nodejs/node/commit/0d241ba385)] - **assert**: ensure .rejects() disallows sync throws (Teddy Katz) [#​19650](https://redirect.github.com/nodejs/node/pull/19650) - \[[`3babc5bb53`](https://redirect.github.com/nodejs/node/commit/3babc5bb53)] - **(SEMVER-MINOR)** **assert**: add rejects() and doesNotReject() (feugy) [#​18023](https://redirect.github.com/nodejs/node/pull/18023) - \[[`18071db274`](https://redirect.github.com/nodejs/node/commit/18071db274)] - **assert**: fix throws trace (Ruben Bridgewater) [#​18595](https://redirect.github.com/nodejs/node/pull/18595) - \[[`562787efb2`](https://redirect.github.com/nodejs/node/commit/562787efb2)] - **assert**: fix strict regression (Ruben Bridgewater) [#​17903](https://redirect.github.com/nodejs/node/pull/17903) - \[[`f2af930ebb`](https://redirect.github.com/nodejs/node/commit/f2af930ebb)] - **(SEMVER-MINOR)** **assert**: .throws accept objects (Ruben Bridgewater) [#​17584](https://redirect.github.com/nodejs/node/pull/17584) - \[[`147aeedc8d`](https://redirect.github.com/nodejs/node/commit/147aeedc8d)] - **(SEMVER-MINOR)** **assert**: improve assert.throws (Ruben Bridgewater) [#​17585](https://redirect.github.com/nodejs/node/pull/17585) - \[[`c9d84b6d4f`](https://redirect.github.com/nodejs/node/commit/c9d84b6d4f)] - **assert**: fix throws and doesNotThrow stack frames (Ruben Bridgewater) [#​17703](https://redirect.github.com/nodejs/node/pull/17703) - \[[`a42d0726ac`](https://redirect.github.com/nodejs/node/commit/a42d0726ac)] - **assert**: use object argument in innerFail (Ruben Bridgewater) [#​17582](https://redirect.github.com/nodejs/node/pull/17582) - \[[`84948cf14f`](https://redirect.github.com/nodejs/node/commit/84948cf14f)] - **assert**: fix .throws operator (Ruben Bridgewater) [#​17575](https://redirect.github.com/nodejs/node/pull/17575) - \[[`c6d94f8fa5`](https://redirect.github.com/nodejs/node/commit/c6d94f8fa5)] - **(SEMVER-MINOR)** **assert**: add strict functionality export (Ruben Bridgewater) [#​17002](https://redirect.github.com/nodejs/node/pull/17002) - \[[`26d145a77f`](https://redirect.github.com/nodejs/node/commit/26d145a77f)] - **async_hooks**: add missing async_hooks destroys in AsyncReset (Bastian Krol) [#​23272](https://redirect.github.com/nodejs/node/pull/23272) - \[[`104fbc64ed`](https://redirect.github.com/nodejs/node/commit/104fbc64ed)] - **build**: update arm64 minimum supported platform (Gibson Fahnestock) [#​19164](https://redirect.github.com/nodejs/node/pull/19164) - \[[`afcf059898`](https://redirect.github.com/nodejs/node/commit/afcf059898)] - **build**: do not cd on vcbuild help (Vse Mozhet Byt) [#​19291](https://redirect.github.com/nodejs/node/pull/19291) - \[[`ca8d4e3450`](https://redirect.github.com/nodejs/node/commit/ca8d4e3450)] - **build**: define NOMINMAX on windows (Ben Noordhuis) [#​22731](https://redirect.github.com/nodejs/node/pull/22731) - \[[`5245d6ac97`](https://redirect.github.com/nodejs/node/commit/5245d6ac97)] - **deps**: V8: partially revert [`d868eb7`](https://redirect.github.com/nodejs/node/commit/d868eb7) (Ali Ijaz Sheikh) [#​24499](https://redirect.github.com/nodejs/node/pull/24499) - \[[`62dd1d7bd4`](https://redirect.github.com/nodejs/node/commit/62dd1d7bd4)] - **deps**: upgrade to libuv 1.23.2 (cjihrig) [#​23336](https://redirect.github.com/nodejs/node/pull/23336) - \[[`b38190ebb0`](https://redirect.github.com/nodejs/node/commit/b38190ebb0)] - **deps**: upgrade to libuv 1.23.1 (cjihrig) [#​22997](https://redirect.github.com/nodejs/node/pull/22997) - \[[`d9d541c415`](https://redirect.github.com/nodejs/node/commit/d9d541c415)] - **deps**: upgrade to libuv 1.23.0 (cjihrig) [#​22365](https://redirect.github.com/nodejs/node/pull/22365) - \[[`e3d08af7c1`](https://redirect.github.com/nodejs/node/commit/e3d08af7c1)] - **deps**: upgrade to libuv 1.22.0 (cjihrig) [#​21731](https://redirect.github.com/nodejs/node/pull/21731) - \[[`11cb09b25a`](https://redirect.github.com/nodejs/node/commit/11cb09b25a)] - **deps**: upgrade to libuv 1.21.0 (cjihrig) [#​21466](https://redirect.github.com/nodejs/node/pull/21466) - \[[`c54f4bc8e8`](https://redirect.github.com/nodejs/node/commit/c54f4bc8e8)] - **deps**: upgrade to libuv 1.20.3 (cjihrig) [#​20585](https://redirect.github.com/nodejs/node/pull/20585) - \[[`2307653abf`](https://redirect.github.com/nodejs/node/commit/2307653abf)] - **deps**: upgrade to libuv 1.20.2 (cjihrig) [#​20129](https://redirect.github.com/nodejs/node/pull/20129) - \[[`a1b94d35e7`](https://redirect.github.com/nodejs/node/commit/a1b94d35e7)] - **deps**: upgrade libuv to 1.20.0 (cjihrig) [#​19758](https://redirect.github.com/nodejs/node/pull/19758) - \[[`ce65d84537`](https://redirect.github.com/nodejs/node/commit/ce65d84537)] - **deps**: backport [`a8f6869`](https://redirect.github.com/nodejs/node/commit/a8f6869) from upstream V8 (Ben Newman) [#​22714](https://redirect.github.com/nodejs/node/pull/22714) - \[[`7ab253f62e`](https://redirect.github.com/nodejs/node/commit/7ab253f62e)] - **deps**: V8: cherry-pick 64-bit hash seed commits (Yang Guo) [#​23274](https://redirect.github.com/nodejs/node/pull/23274) - \[[`60f7bfa4d7`](https://redirect.github.com/nodejs/node/commit/60f7bfa4d7)] - **deps**: update to nghttp2 1.33.0 (Anna Henningsen) [#​22649](https://redirect.github.com/nodejs/node/pull/22649) - \[[`48f31bdf20`](https://redirect.github.com/nodejs/node/commit/48f31bdf20)] - **deps**: V8: backport 20 CPU profiler commits from upstream (Peter Marshall) [#​21558](https://redirect.github.com/nodejs/node/pull/21558) - \[[`9e2077afee`](https://redirect.github.com/nodejs/node/commit/9e2077afee)] - **deps**: backport [`9a23bdd`](https://redirect.github.com/nodejs/node/commit/9a23bdd) from upstream V8 (Daniel Beckert) [#​22418](https://redirect.github.com/nodejs/node/pull/22418) - \[[`610297e2ab`](https://redirect.github.com/nodejs/node/commit/610297e2ab)] - **doc**: improve best practices in onboarding-extras (Rich Trott) [#​19315](https://redirect.github.com/nodejs/node/pull/19315) - \[[`9446bb68ea`](https://redirect.github.com/nodejs/node/commit/9446bb68ea)] - **doc**: fix minor issues in async_hooks.md (Rich Trott) [#​19313](https://redirect.github.com/nodejs/node/pull/19313) - \[[`5b9af6ea73`](https://redirect.github.com/nodejs/node/commit/5b9af6ea73)] - **doc**: update username and email (Yuta Hiroto) [#​19338](https://redirect.github.com/nodejs/node/pull/19338) - \[[`bae7c608e2`](https://redirect.github.com/nodejs/node/commit/bae7c608e2)] - **doc**: document http2 timeouts (Sagi Tsofan) [#​22798](https://redirect.github.com/nodejs/node/pull/22798) - \[[`d0be932375`](https://redirect.github.com/nodejs/node/commit/d0be932375)] - **doc**: simplify http2 wording and formatting (Rich Trott) [#​22541](https://redirect.github.com/nodejs/node/pull/22541) - \[[`3fe9293efc`](https://redirect.github.com/nodejs/node/commit/3fe9293efc)] - **doc**: make createPushResponse() more detailled (MaleDong) [#​22366](https://redirect.github.com/nodejs/node/pull/22366) - \[[`3980ca1840`](https://redirect.github.com/nodejs/node/commit/3980ca1840)] - **doc**: clarify http2 docs around class exports (James M Snell) [#​22247](https://redirect.github.com/nodejs/node/pull/22247) - \[[`32bfd7ebfb`](https://redirect.github.com/nodejs/node/commit/32bfd7ebfb)] - **doc**: add missing `require` to example in http2.md (Kevin Simper) [#​21858](https://redirect.github.com/nodejs/node/pull/21858) - \[[`2116ace0ad`](https://redirect.github.com/nodejs/node/commit/2116ace0ad)] - **doc**: fix http2stream.pushStream error doc (Сковорода Никита Андреевич) [#​21487](https://redirect.github.com/nodejs/node/pull/21487) - \[[`4228141012`](https://redirect.github.com/nodejs/node/commit/4228141012)] - **doc**: Improve doc for Http2 headers object (Gerhard Stoebich) [#​21296](https://redirect.github.com/nodejs/node/pull/21296) - \[[`11a63ddf48`](https://redirect.github.com/nodejs/node/commit/11a63ddf48)] - **doc**: fix typo in http2.md (Keita Akutsu) [#​20843](https://redirect.github.com/nodejs/node/pull/20843) - \[[`4f0035485f`](https://redirect.github.com/nodejs/node/commit/4f0035485f)] - **doc**: add parameters for Http2Stream:error event (Ujjwal Sharma) [#​20610](https://redirect.github.com/nodejs/node/pull/20610) - \[[`77acef4af2`](https://redirect.github.com/nodejs/node/commit/77acef4af2)] - **doc**: add params for ClientHttp2Session:altsvc (Ujjwal Sharma) [#​20598](https://redirect.github.com/nodejs/node/pull/20598) - \[[`448922d0de`](https://redirect.github.com/nodejs/node/commit/448922d0de)] - **doc**: add parameters for Http2Session:stream event (Ujjwal Sharma) [#​20547](https://redirect.github.com/nodejs/node/pull/20547) - \[[`41e89316e6`](https://redirect.github.com/nodejs/node/commit/41e89316e6)] - **doc**: add parameters for settings events (Ujjwal Sharma) [#​20371](https://redirect.github.com/nodejs/node/pull/20371) - \[[`1a6a054899`](https://red </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - "every weekday" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzkuMTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJpbXBhY3Qvbm8tY2hhbmdlbG9nLXJlcXVpcmVkIl19--> Co-authored-by: pulumi-renovate[bot] <189166143+pulumi-renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a final PR for upgrading to openssl-1.0.2a. I'm sorry for this is a really big patch for I could not succeed separating. This PR consist of 4 type of commits. I think we can focus to review 2nd and 3rd part.
1. source updates and private patches
e5624ef deps: upgrade openssl to 1.0.2a
2a01155 deps: fix openssl assembly error on ia32 win32
752636f deps: fixed asm build error of openssl in x86_win32
0e6fad7 deps: backport openssl patch of alt cert chains 1
6b3a7c9 openssl: fix keypress requirement in apps on win32
2. openssconf.h and openssl.gyp/gypi updates
c3e3c4d deps: replace all headers in openssl
b581ae2 deps: add x32 and arm64 support for opensslconf.h
c75888e deps: update opensslconf.h for 1.0.2a
0d19c08 deps: update openssl.gyp/gypi for openssl-1.0.2a
3. asm updates
f2327d0 deps: update asm Makefile for openssl-1.0.2a
208e06a deps, build: add support older asm compiler
e311459 deps: update asm files for openssl-1.0.2a
4. others
2a925d5 build: enable ssl support on arm64
5f532c2 test: fix error message check for openssl-1.0.2a
d4a0c27 deps: add docs to upgrade openssl
Ci is https://jenkins-iojs.nodesource.com/job/iojs+any-pr+multi/486/ and it seems fine . The test failures in armv7 and wins are not related this PR.
Here attached is the file of
deps/openssl/doc/UPGRADING.mdbelowI hope this helps to review this PR.
R= @bnoordhuis @indutny
How to upgrade openssl library in io.js
This document is intended to describe the procedure to upgrade openssl
from 1.0.1m to 1.0.2a in io.js.
Build System and Upgrading Overview
The openssl build system is based on the perl script of Configure.
For example, running
Configure linux_x86-64in the opensslrepository generates
Makefileandopensslconf.hfor the targetarchitectures of linux_x86_64.
The
Makefilecontains the list of asm files which are generated byperl scripts during build so that we can get the most of use of the
hardware performance according to the type of cpus.
Configure TABLEshows various build parameters that depend on eachos and arch.
In io.js, build target is defined as
--dest-osand--dest-cpuinconfigure options which are different from the one that is defined in
openssl and it's build system is gyp that is based on python,
therefore we cannot use the openssl build system directly.
In order to build openssl with gyp in iojs, files of opensslconf.h and
asm are generated in advance for several supported platforms.
Here is a map table to show conf(opensslconf.h) and asm between
the openssl target and configuration parameters of os and cpu in iojs.
The tested platform in CI are also listed.
longer supported in opnessl. We need to move to use nasm or yasm.
All parameters such as sources, defines, cflags and others generated
in openssl Makefile are wrote down into
deps/openssl/openssl.gypi.The header file of
deps/openssl/openssl/crypto/opensslconf.haregenerated by
Configureand varies on each os and arch so that wemade a new
deps/openssl/config/opensslconf.h, where it includes eachconf file from
deps/openssl/config/archs/*/opensslconf.hby usingpre-defined compiler macros. This procedure can be processed
automatically with
deps/openssl/config/MakefileAssembler support is one of the key features in openssl, but asm files
are dynamically generated with
deps/openssl/openssl/crypto/*/asm/*.plby perl duringbuild. Furthermore, these perl scripts check the version of asm
compiler and generate asm files according to the supported
instructions in each compiler.
Since perl is not a build requirement in iojs, they all should be
generated in advance and statically stored in the repository. We
provide two sets of asm files, one is asm_latest(avx2 and addx
supported) in
deps/openssl/asmand the other asm_obsolete(withoutavx1/2 and addx) in
deps/openssl/asm_obsolute, which depends onsupported features in asm compilers. Each directory has a
Makefileto generate asm files with perl scripts in openssl sources.
configureand gyp check the version of asm compilers such as gnuas(gas), llvm and Visual Studio.
deps/openssl/openssl.gypidetermines what asm files should be used, in which the asm_latest
needs the version of gas >= 2.23, llvm >= 3.3 or MSVS_VERSION>='2012'
(ml64 >= 12) as defined in
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/sha/asm/sha512-x86_64.pl#L112-L129,
otherwise asm_obsolete are used.
The following is the detail instruction steps how to upgrade openssl
version from 1.0.1m to 1.0.2a in iojs.
1. Replace openssl source in
deps/openssl/opensslRemove old openssl sources in
deps/openssl/openssl.Get original openssl sources from
https://www.openssl.org/source/openssl-1.0.2a.tar.gz and extract all
files into
deps/openssl/openssl.2. Apply private patches
There are three kinds of private patches to be applied in openssl-1.0.2a.
supported in openssl. We should move to use nasm or yasm in future
version of iojs.
openssl-cli in win causes timeout failures of several tests.
of 1024bit RSA key length were deprecated in io.js. When a tls
server has a cross root cert, io.js client leads CERT_UNTRUSTED
error because openssl does not find alternate cert chains. This fix
supports its feature but was made the current master which is
openssl-1.1.x. We backported them privately into openssl-1.0.2 on
iojs.
3. Replace openssl header files in
deps/openssl/openssl/include/opensslall header files in
deps/openssl/openssl/include/openssl/*.haresymbolic links in the distributed release tar.gz. They cause issues in
Windows. They are replaced into the files to include a real header
file such as
4. Change
opensslconf.hso as to fit each platform.The opensslconf.h in each target was created in advance by typing
deps/openssl/openssl/Configure {target}and copiedinto
deps/openssl/conf/archs/{target}/opensslconf.h.deps/openssl/conf/openssconf.hincludes each file according to itstarget by checking pre-defined compiler macros. These can be generated
by using
deps/openssl/conf/MakefileWe should remove OPENSSL_CPUID_OBJ define in opensslconf.h because it
causes build error when --openss-no-asm option is specified. Instead,
the OPENSSL_CPUID_OBJ is defined in
deps/openssl/openssl.gypiaccording to the configure options.
One fix of opensslconf.h is needed in 64-bit MacOS.
The current openssl release does not use RC4 asm since it explicitly
specified as
$asm=~s/rc4\-[^:]+//;inhttps://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/Configure#L584
But iojs has used RC4 asm on MacOS for long time. Fix type of RC4_INT
into
unsigned intin opensslconf.h of darwin64-x86_64-cc to work onthe RC4 asm.
5. Update openssl.gyp and openssl.gypi
Sources, cflags and define parameters that depends on each target can
be obtained via
Configure TABLE. Its list is put in the table ofdefine and cflags changes in openssl-1.0.2a
There is no way to verify all necessary sources automatically. We can
only carefully look at the source list and compiled objects in
Makefile of openssl and compare the compiled objects that stored
stored under `out/Release/obj.target/openssl/deps/openssl/' in iojs.
6. ASM files for openssl
We provide two sets of asm files. One is for the latest asm compiler
and the other is the older one.
6.1. asm files for the latest compiler
This was made in
deps/openssl/asm/Makefileopenssl-1.0.2a.
exist. Followed asm files are to be generated with CC=gcc and
ASM=nasm on Linux. See
deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.plto generate asm for use SSE2.
has 512. Added new rules so as not to use stdout for outputs.
voidas defined in opensslConfigure. Changed its target/rule and all directories are moved
from arm-elf-gas to arm-void-gas.
With export environments of CC=gcc and ASM=nasm, then type make
command and check if new asm files are generated.
6.2.asm files for the older compiler
For older asm compiler, the version check of CC and ASM should be
skipped in generating asm file with perl scripts.
Copy files from
deps/openssl/asmintodeps/openssl/asm/asm_obsoleteand change rules to generate asm filesinto this directories and remove the check of CC and ASM envs.
Without environments of CC and ASM, then type make command and check
if new asm files for older compilers are generated.
This PR fixes #589