From 4c9de9d7169a4f0365ec1c754cdbb3f7d22fef45 Mon Sep 17 00:00:00 2001 From: isaacs Date: Fri, 11 Jan 2013 11:24:37 -0800 Subject: [PATCH 01/16] blog: release v0.9.6 --- doc/blog/release/v0.9.6.md | 87 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 doc/blog/release/v0.9.6.md diff --git a/doc/blog/release/v0.9.6.md b/doc/blog/release/v0.9.6.md new file mode 100644 index 00000000000..21f94563fdc --- /dev/null +++ b/doc/blog/release/v0.9.6.md @@ -0,0 +1,87 @@ +title: Node v0.9.6 (Unstable) +slug: node-v0-9-6-unstable +version: 0.9.6 +category: release +date: Fri Jan 11 11:23:56 PST 2013 + +2013.01.11, Version 0.9.6 (Unstable) + +* V8: update to 3.15.11.5 + +* node: remove ev-emul.h (Ben Noordhuis) + +* path: make basename and extname ignore trailing slashes (Bert Belder) + +* typed arrays: fix sunos signed/unsigned char issue (Ben Noordhuis) + +* child_process: Fix {stdio:'inherit'} regression (Ben Noordhuis) + +* child_process: Fix pipe() from child stdio streams (Maciej Małecki) + +* child_process: make fork() execPath configurable (Bradley Meck) + +* stream: Add readable.push(chunk) method (isaacs) + +* dtrace: x64 ustack helper (Fedor Indutny) + +* repl: fix floating point number parsing (Nirk Niggler) + +* repl: allow overriding builtins (Ben Noordhuis) + +* net: add localAddress and localPort to Socket (James Hight) + +* fs: make pool size coincide with ReadStream bufferSize (Shigeki Ohtsu) + +* typed arrays: implement load and store swizzling (Dean McNamee) + +* windows: fix perfctr crash on XP and 2003 (Scott Blomquist) + +* dgram: fix double implicit bind error (Ben Noordhuis) + + +Source Code: http://nodejs.org/dist/v0.9.6/node-v0.9.6.tar.gz + +Macintosh Installer (Universal): http://nodejs.org/dist/v0.9.6/node-v0.9.6.pkg + +Windows Installer: http://nodejs.org/dist/v0.9.6/node-v0.9.6-x86.msi + +Windows x64 Installer: http://nodejs.org/dist/v0.9.6/x64/node-v0.9.6-x64.msi + +Windows x64 Files: http://nodejs.org/dist/v0.9.6/x64/ + +Linux 32-bit Binary: http://nodejs.org/dist/v0.9.6/node-v0.9.6-linux-x86.tar.gz + +Linux 64-bit Binary: http://nodejs.org/dist/v0.9.6/node-v0.9.6-linux-x64.tar.gz + +Solaris 32-bit Binary: http://nodejs.org/dist/v0.9.6/node-v0.9.6-sunos-x86.tar.gz + +Solaris 64-bit Binary: http://nodejs.org/dist/v0.9.6/node-v0.9.6-sunos-x64.tar.gz + +Other release files: http://nodejs.org/dist/v0.9.6/ + +Website: http://nodejs.org/docs/v0.9.6/ + +Documentation: http://nodejs.org/docs/v0.9.6/api/ + +Shasums: + +``` +31ef1e0d875232c85ecde0bc84ddf19cf6cd63f7 node-v0.9.6-darwin-x64.tar.gz +62d5f6f2b39e87eb1f86da0423b6ec45180cd986 node-v0.9.6-darwin-x86.tar.gz +e3cb0989c8262349659424ea2f534c8afe12f93c node-v0.9.6-linux-x64.tar.gz +ff4b68f274a52038fbd04a4ef143e1076ae71db9 node-v0.9.6-linux-x86.tar.gz +59ebb5e5c02c9e40a7a3cc2d8f554f2d722048eb node-v0.9.6-sunos-x64.tar.gz +714b88c5f34bb0adad2d73b6d76fa423d14c29b8 node-v0.9.6-sunos-x86.tar.gz +3ecc617efcae5274c3a1e3452e8fb0646a3e6afc node-v0.9.6-x86.msi +d865d044cc1e9379998aa6c3d34dbe2824e41b5e node-v0.9.6.pkg +650d7c50e29ce7ab428de0617ad315063a53ea1a node-v0.9.6.tar.gz +94b10c6945ec78af6d9b90fc083f97adfa44473f node.exe +0b0eceee083ca9cfdc8c24fbdfe92f7ee25938c2 node.exp +9af3ceee0be869e866b2f516dc2b17690e442739 node.lib +7dfbdf0ac378e67cfa5aff550f057c31f8f92d38 node.pdb +02f27f503a16850a66f7e6fe8732bfa5fcbe311f x64/node-v0.9.6-x64.msi +3f5990602e7268413602dd54a4d019b3330630ae x64/node.exe +836a7be49bd7ed5f1794775d0c20e75f327b067d x64/node.exp +e5e3abed1da31d94525f8731e2d67f0e19b20304 x64/node.lib +b61c1a7a5786a38864943bb3d4c78859d0430d7a x64/node.pdb +``` From f3e78bd3c21028dfd96efed7ae2654ceff1e7878 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Mon, 14 Jan 2013 16:35:03 +0100 Subject: [PATCH 02/16] http: fix "Cannot call method 'emit' of null" Fix the following exception: http.js:974 this._httpMessage.emit('close'); ^ TypeError: Cannot call method 'emit' of null at Socket.onServerResponseClose (http.js:974:21) at Socket.EventEmitter.emit (events.js:124:20) at net.js:421:10 at process._tickCallback (node.js:386:13) at process._makeCallback (node.js:304:15) Fixes #4586. --- lib/http.js | 19 +++++++- test/simple/test-http-server-stale-close.js | 51 +++++++++++++++++++++ 2 files changed, 69 insertions(+), 1 deletion(-) create mode 100644 test/simple/test-http-server-stale-close.js diff --git a/lib/http.js b/lib/http.js index f5418b00f7c..aee579aadf4 100644 --- a/lib/http.js +++ b/lib/http.js @@ -967,7 +967,24 @@ exports.ServerResponse = ServerResponse; ServerResponse.prototype.statusCode = 200; function onServerResponseClose() { - this._httpMessage.emit('close'); + // EventEmitter.emit makes a copy of the 'close' listeners array before + // calling the listeners. detachSocket() unregisters onServerResponseClose + // but if detachSocket() is called, directly or indirectly, by a 'close' + // listener, onServerResponseClose is still in that copy of the listeners + // array. That is, in the example below, b still gets called even though + // it's been removed by a: + // + // var obj = new events.EventEmitter; + // obj.on('event', a); + // obj.on('event', b); + // function a() { obj.removeListener('event', b) } + // function b() { throw "BAM!" } + // obj.emit('event'); // throws + // + // Ergo, we need to deal with stale 'close' events and handle the case + // where the ServerResponse object has already been deconstructed. + // Fortunately, that requires only a single if check. :-) + if (this._httpMessage) this._httpMessage.emit('close'); } ServerResponse.prototype.assignSocket = function(socket) { diff --git a/test/simple/test-http-server-stale-close.js b/test/simple/test-http-server-stale-close.js new file mode 100644 index 00000000000..e8ecf318e4c --- /dev/null +++ b/test/simple/test-http-server-stale-close.js @@ -0,0 +1,51 @@ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +var common = require('../common'); +var assert = require('assert'); +var http = require('http'); +var fork = require('child_process').fork; + +if (process.env.NODE_TEST_FORK) { + var req = http.request({ + headers: {'Content-Length': '42'}, + method: 'POST', + host: '127.0.0.1', + port: common.PORT, + }, process.exit); + req.write('BAM'); + req.end(); +} +else { + var server = http.createServer(function(req, res) { + res.writeHead(200, {'Content-Length': '42'}); + req.pipe(res); + req.on('close', function() { + server.close(); + res.end(); + }); + }); + server.listen(common.PORT, function() { + fork(__filename, { + env: {NODE_TEST_FORK: '1'} + }); + }); +} From 45024e7b7551eca7796e16fe453b2cbaee94b916 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Mon, 14 Jan 2013 21:09:35 +0400 Subject: [PATCH 03/16] tls: allow wildcards in common name see #4592 --- lib/tls.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/tls.js b/lib/tls.js index c62d40f8f37..d6518f502a3 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -156,14 +156,13 @@ function checkServerIdentity(host, cert) { dnsNames = dnsNames.concat(uriNames); // And only after check if hostname matches CN - // (because CN is deprecated, but should be used for compatiblity anyway) var commonNames = cert.subject.CN; if (Array.isArray(commonNames)) { for (var i = 0, k = commonNames.length; i < k; ++i) { - dnsNames.push(regexpify(commonNames[i], false)); + dnsNames.push(regexpify(commonNames[i], true)); } } else { - dnsNames.push(regexpify(commonNames, false)); + dnsNames.push(regexpify(commonNames, true)); } valid = dnsNames.some(function(re) { From a6b8f63660c3f5ee50b2625f7a86f03fbe45ec12 Mon Sep 17 00:00:00 2001 From: Bert Belder Date: Sat, 5 Jan 2013 22:14:50 +0100 Subject: [PATCH 04/16] buffer: zero-length buffers shouldn't be slab-backed --- lib/buffer.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/buffer.js b/lib/buffer.js index 91a6326b9ab..ca53ab95182 100644 --- a/lib/buffer.js +++ b/lib/buffer.js @@ -199,8 +199,9 @@ function coerce(length) { } -// Buffer +var zeroBuffer = new SlowBuffer(0); +// Buffer function Buffer(subject, encoding, offset) { if (!(this instanceof Buffer)) { return new Buffer(subject, encoding, offset); @@ -242,13 +243,18 @@ function Buffer(subject, encoding, offset) { this.parent = new SlowBuffer(this.length); this.offset = 0; - } else { + } else if (this.length > 0) { // Small buffer. if (!pool || pool.length - pool.used < this.length) allocPool(); this.parent = pool; this.offset = pool.used; pool.used += this.length; if (pool.used & 7) pool.used = (pool.used + 8) & ~7; + + } else { + // Zero-length buffer + this.parent = zeroBuffer; + this.offset = 0; } // Treat array-ish objects as a byte array. From 6b4a93577b5677f9738f6dd7d7acd71f86f46888 Mon Sep 17 00:00:00 2001 From: Chris Dent Date: Mon, 14 Jan 2013 22:24:30 +0000 Subject: [PATCH 05/16] install: add simplejson fallback Make tools/install.py work with python 2.5 2.5 is still fairly widespread and does not include a json lib as standard. Most python folk will have simplejson if they are in that boat. In general it seems a bit tricky to solve this perfectly... --- tools/install.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/install.py b/tools/install.py index 51b7911cc9e..8ff7c395fbb 100755 --- a/tools/install.py +++ b/tools/install.py @@ -1,7 +1,12 @@ #!/usr/bin/env python import errno -import json + +try: + import json +except ImportError: + import simplejson as json + import os import re import shutil From 498200b87c186658c867772bd6cf0c8afcb2b56b Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Thu, 17 Jan 2013 01:10:15 +0100 Subject: [PATCH 06/16] buffer: reject negative SlowBuffer offsets Reject negative offsets in SlowBuffer::MakeFastBuffer(), it allows the creation of buffers that point to arbitrary addresses. Reported by Trevor Norris. --- lib/buffer.js | 2 +- src/node_buffer.cc | 13 +++++++++++ test/simple/test-buffer.js | 45 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) diff --git a/lib/buffer.js b/lib/buffer.js index ca53ab95182..978a566bc13 100644 --- a/lib/buffer.js +++ b/lib/buffer.js @@ -557,7 +557,7 @@ Buffer.prototype.slice = function(start, end) { if (end === undefined) end = this.length; if (end > this.length) throw new Error('oob'); if (start > end) throw new Error('oob'); - + if (start < 0) throw new Error('start out of bounds'); return new Buffer(this.parent, end - start, +start + this.offset); }; diff --git a/src/node_buffer.cc b/src/node_buffer.cc index 98dfa5e0007..4a6e836653d 100644 --- a/src/node_buffer.cc +++ b/src/node_buffer.cc @@ -708,6 +708,19 @@ Handle Buffer::MakeFastBuffer(const Arguments &args) { uint32_t offset = args[2]->Uint32Value(); uint32_t length = args[3]->Uint32Value(); + if (offset > buffer->length_) { + return ThrowRangeError("offset out of range"); + } + + if (offset + length > buffer->length_) { + return ThrowRangeError("length out of range"); + } + + // Check for wraparound. Safe because offset and length are unsigned. + if (offset + length < offset) { + return ThrowRangeError("offset or length out of range"); + } + fast_buffer->SetIndexedPropertiesToExternalArrayData(buffer->data_ + offset, kExternalUnsignedByteArray, length); diff --git a/test/simple/test-buffer.js b/test/simple/test-buffer.js index 25688182b1e..c1f5dea8c45 100644 --- a/test/simple/test-buffer.js +++ b/test/simple/test-buffer.js @@ -22,6 +22,7 @@ var common = require('../common'); var assert = require('assert'); +var SlowBuffer = require('buffer').SlowBuffer; var Buffer = require('buffer').Buffer; var b = Buffer(1024); // safe constructor @@ -745,3 +746,47 @@ assert.throws(function() { assert.throws(function() { new Buffer(0xFFFFFFFFF); }, TypeError); + +// SlowBuffer sanity checks. +assert.throws(function() { + var len = 0xfffff; + var sbuf = new SlowBuffer(len); + var buf = new Buffer(sbuf, len, 0); + SlowBuffer.makeFastBuffer(sbuf, buf, -len, len); // Should throw. + for (var i = 0; i < len; ++i) buf[i] = 0x42; // Try to force segfault. +}, RangeError); + +assert.throws(function() { + var len = 0xfffff; + var sbuf = new SlowBuffer(len); + var buf = new Buffer(sbuf, len, -len); // Should throw. + for (var i = 0; i < len; ++i) buf[i] = 0x42; // Try to force segfault. +}, RangeError); + +assert.throws(function() { + var len = 0xfffff; + var sbuf = new SlowBuffer(len); + sbuf = sbuf.slice(-len); // Should throw. + for (var i = 0; i < len; ++i) sbuf[i] = 0x42; // Try to force segfault. +}, RangeError); + +assert.throws(function() { + var sbuf = new SlowBuffer(1); + var buf = new Buffer(sbuf, 1, 0); + buf.length = 0xffffffff; + buf.slice(0xffffff0, 0xffffffe); // Should throw. +}, Error); + +assert.throws(function() { + var sbuf = new SlowBuffer(8); + var buf = new Buffer(sbuf, 8, 0); + buf.slice(-8); // Should throw. Throws Error instead of RangeError + // for the sake of v0.8 compatibility. +}, Error); + +assert.throws(function() { + var sbuf = new SlowBuffer(16); + var buf = new Buffer(sbuf, 8, 8); + buf.slice(-8); // Should throw. Throws Error instead of RangeError + // for the sake of v0.8 compatibility. +}, Error); From 08ac9fe016e333a344469aa7e8a1fb483ae27c58 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Thu, 9 Feb 2012 06:22:50 +0100 Subject: [PATCH 07/16] test: add cluster 'bind twice' test This test starts two clustered HTTP servers on the same port. It expects the first cluster to succeed and the second cluster to fail with EADDRINUSE. Reapplies commit cacd3ae, accidentally reverted in a2851b6. --- test/simple/test-cluster-bind-twice.js | 77 ++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 test/simple/test-cluster-bind-twice.js diff --git a/test/simple/test-cluster-bind-twice.js b/test/simple/test-cluster-bind-twice.js new file mode 100644 index 00000000000..068842fa535 --- /dev/null +++ b/test/simple/test-cluster-bind-twice.js @@ -0,0 +1,77 @@ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +// This test starts two clustered HTTP servers on the same port. It expects the +// first cluster to succeed and the second cluster to fail with EADDRINUSE. + +var common = require('../common'); +var assert = require('assert'); +var cluster = require('cluster'); +var fork = require('child_process').fork; +var http = require('http'); + +var id = process.argv[2]; + +if (!id) { + var a = fork(__filename, ['one']); + var b = fork(__filename, ['two']); + + a.on('message', function(m) { + assert.equal(m, 'READY'); + b.send('START'); + }); + + var ok = false; + + b.on('message', function(m) { + assert.equal(m, 'EADDRINUSE'); + a.kill(); + b.kill(); + ok = true; + }); + + process.on('exit', function() { + a.kill(); + b.kill(); + assert(ok); + }); +} +else if (id === 'one') { + if (cluster.isMaster) cluster.fork(); + http.createServer(assert.fail).listen(common.PORT, function() { + process.send('READY'); + }); +} +else if (id === 'two') { + if (cluster.isMaster) cluster.fork(); + process.on('message', function(m) { + assert.equal(m, 'START'); + var server = http.createServer(assert.fail); + server.listen(common.PORT, assert.fail); + server.on('error', function(e) { + assert.equal(e.code, 'EADDRINUSE'); + process.send(e.code); + }); + }); +} +else { + assert(0); // bad command line argument +} From 30e237041d5cd7c39e33a9382c96f109be23337d Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Thu, 17 Jan 2013 16:32:00 +0100 Subject: [PATCH 08/16] Revert "tls: allow wildcards in common name" This reverts commit 45024e7b7551eca7796e16fe453b2cbaee94b916. It's making test/simple/test-tls-check-server-identity.js fail: AssertionError: Test#4 failed: { host: 'b.a.com', cert: { subject: { CN: '*.a.com' } }, result: false } at /test/simple/test-tls-check-server-identity.js:201:10 --- lib/tls.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/tls.js b/lib/tls.js index d6518f502a3..c62d40f8f37 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -156,13 +156,14 @@ function checkServerIdentity(host, cert) { dnsNames = dnsNames.concat(uriNames); // And only after check if hostname matches CN + // (because CN is deprecated, but should be used for compatiblity anyway) var commonNames = cert.subject.CN; if (Array.isArray(commonNames)) { for (var i = 0, k = commonNames.length; i < k; ++i) { - dnsNames.push(regexpify(commonNames[i], true)); + dnsNames.push(regexpify(commonNames[i], false)); } } else { - dnsNames.push(regexpify(commonNames, true)); + dnsNames.push(regexpify(commonNames, false)); } valid = dnsNames.some(function(re) { From e70d1bfe647b2426afe769a26c8febbbfe0aff96 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Fri, 18 Jan 2013 03:47:47 +0400 Subject: [PATCH 09/16] Revert "Revert "tls: allow wildcards in common name"" This reverts commit 30e237041d5cd7c39e33a9382c96f109be23337d. Works properly with b4b750b --- lib/tls.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/tls.js b/lib/tls.js index c62d40f8f37..d6518f502a3 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -156,14 +156,13 @@ function checkServerIdentity(host, cert) { dnsNames = dnsNames.concat(uriNames); // And only after check if hostname matches CN - // (because CN is deprecated, but should be used for compatiblity anyway) var commonNames = cert.subject.CN; if (Array.isArray(commonNames)) { for (var i = 0, k = commonNames.length; i < k; ++i) { - dnsNames.push(regexpify(commonNames[i], false)); + dnsNames.push(regexpify(commonNames[i], true)); } } else { - dnsNames.push(regexpify(commonNames, false)); + dnsNames.push(regexpify(commonNames, true)); } valid = dnsNames.some(function(re) { From 31583be04218c49d91440a58969dbfc4f5f7b472 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Tue, 15 Jan 2013 03:29:46 +0400 Subject: [PATCH 10/16] tls: follow RFC6125 more stricly * Allow wildcards only in left-most part of hostname identifier. * Do not match CN if altnames are present --- lib/tls.js | 35 ++++++++++++++----- test/simple/test-tls-check-server-identity.js | 13 ++++--- 2 files changed, 36 insertions(+), 12 deletions(-) diff --git a/lib/tls.js b/lib/tls.js index d6518f502a3..79e66751317 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -91,7 +91,14 @@ function checkServerIdentity(host, cert) { // The same applies to hostname with more than one wildcard, // if hostname has wildcard when wildcards are not allowed, // or if there are less than two dots after wildcard (i.e. *.com or *d.com) - if (/\*.*\*/.test(host) || !wildcards && /\*/.test(host) || + // + // also + // + // "The client SHOULD NOT attempt to match a presented identifier in + // which the wildcard character comprises a label other than the + // left-most label (e.g., do not match bar.*.example.net)." + // RFC6125 + if (!wildcards && /\*/.test(host) || /[\.\*].*\*/.test(host) || /\*/.test(host) && !/\*.*\..+\..+/.test(host)) { return /$./; } @@ -112,6 +119,7 @@ function checkServerIdentity(host, cert) { var dnsNames = [], uriNames = [], ips = [], + matchCN = true, valid = false; // There're several names to perform check against: @@ -120,6 +128,7 @@ function checkServerIdentity(host, cert) { // // Walk through altnames and generate lists of those names if (cert.subjectaltname) { + matchCN = false; cert.subjectaltname.split(/, /g).forEach(function(altname) { if (/^DNS:/.test(altname)) { dnsNames.push(altname.slice(4)); @@ -155,14 +164,24 @@ function checkServerIdentity(host, cert) { dnsNames = dnsNames.concat(uriNames); - // And only after check if hostname matches CN - var commonNames = cert.subject.CN; - if (Array.isArray(commonNames)) { - for (var i = 0, k = commonNames.length; i < k; ++i) { - dnsNames.push(regexpify(commonNames[i], true)); + if (dnsNames.length > 0) matchCN = false; + + // Match against Common Name (CN) only if altnames are not present. + // + // "As noted, a client MUST NOT seek a match for a reference identifier + // of CN-ID if the presented identifiers include a DNS-ID, SRV-ID, + // URI-ID, or any application-specific identifier types supported by the + // client." + // RFC6125 + if (matchCN) { + var commonNames = cert.subject.CN; + if (Array.isArray(commonNames)) { + for (var i = 0, k = commonNames.length; i < k; ++i) { + dnsNames.push(regexpify(commonNames[i], true)); + } + } else { + dnsNames.push(regexpify(commonNames, true)); } - } else { - dnsNames.push(regexpify(commonNames, true)); } valid = dnsNames.some(function(re) { diff --git a/test/simple/test-tls-check-server-identity.js b/test/simple/test-tls-check-server-identity.js index 39093a71614..487f16292a6 100644 --- a/test/simple/test-tls-check-server-identity.js +++ b/test/simple/test-tls-check-server-identity.js @@ -31,8 +31,13 @@ var tests = [ { host: 'a.com', cert: { subject: { CN: 'b.com' } }, result: false }, { host: 'a.com', cert: { subject: { CN: 'a.com.' } }, result: true }, - // No wildcards in CN - { host: 'b.a.com', cert: { subject: { CN: '*.a.com' } }, result: false }, + // Wildcards in CN + { host: 'b.a.com', cert: { subject: { CN: '*.a.com' } }, result: true }, + { host: 'b.a.com', cert: { + subjectaltname: 'DNS:omg.com', + subject: { CN: '*.a.com' } }, + result: false + }, // Multiple CN fields { @@ -69,7 +74,7 @@ var tests = [ subjectaltname: 'DNS:*.a.com', subject: { CN: 'a.com' } }, - result: true + result: false }, { host: 'a.com', cert: { @@ -193,7 +198,7 @@ var tests = [ subjectaltname: 'DNS:a.com', subject: { CN: 'localhost' } }, - result: true + result: false }, ]; From 7295bb9435c10fe569d36e64d50769fed4b5d7e3 Mon Sep 17 00:00:00 2001 From: Dan Milon Date: Fri, 18 Jan 2013 02:40:48 +0200 Subject: [PATCH 11/16] dns: make error message match errno --- lib/dns.js | 3 ++- test/internet/test-dns.js | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/dns.js b/lib/dns.js index bd7789c6fa9..fb7a8138c17 100644 --- a/lib/dns.js +++ b/lib/dns.js @@ -28,13 +28,14 @@ function errnoException(errorno, syscall) { // TODO make this more compatible with ErrnoException from src/node.cc // Once all of Node is using this function the ErrnoException from // src/node.cc should be removed. - var e = new Error(syscall + ' ' + errorno); // For backwards compatibility. libuv returns ENOENT on NXDOMAIN. if (errorno == 'ENOENT') { errorno = 'ENOTFOUND'; } + var e = new Error(syscall + ' ' + errorno); + e.errno = e.code = errorno; e.syscall = syscall; return e; diff --git a/test/internet/test-dns.js b/test/internet/test-dns.js index a079ec8d44c..b781565c308 100644 --- a/test/internet/test-dns.js +++ b/test/internet/test-dns.js @@ -308,6 +308,7 @@ TEST(function test_lookup_failure(done) { assert.ok(err instanceof Error); assert.strictEqual(err.errno, dns.NOTFOUND); assert.strictEqual(err.errno, 'ENOTFOUND'); + assert.ok(!/ENOENT/.test(err.message)); done(); }); From 1c35ee8695aee8537ac929d9eed386b23ac65354 Mon Sep 17 00:00:00 2001 From: isaacs Date: Fri, 18 Jan 2013 11:48:21 -0800 Subject: [PATCH 12/16] blog: Post for v0.9.7 release --- doc/blog/release/v0.9.7.md | 81 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 doc/blog/release/v0.9.7.md diff --git a/doc/blog/release/v0.9.7.md b/doc/blog/release/v0.9.7.md new file mode 100644 index 00000000000..7174f59c5be --- /dev/null +++ b/doc/blog/release/v0.9.7.md @@ -0,0 +1,81 @@ +category: release +version: 0.9.7 +date: Fri Jan 18 11:38:32 PST 2013 +title: Node v0.9.7 (Unstable) +slug: node-v0-9-7-unstable + +2013.01.18, Version 0.9.7 (Unstable) + +* V8: Upgrade to 3.15.11.7 + +* npm: Upgrade to 1.2.2 + +* punycode: Upgrade to 1.2.0 (Mathias Bynens) + +* repl: make built-in modules available by default (Felix Böhm) + +* windows: add support for '_Total' perf counters (Scott Blomquist) + +* cluster: make --prof work for workers (Ben Noordhuis) + +* child_process: do not keep list of sent sockets (Fedor Indutny) + +* tls: Follow RFC6125 more strictly (Fedor Indutny) + +* buffer: floating point read/write improvements (Trevor Norris) + +* TypedArrays: Improve dataview perf without endian param (Dean McNamee) + +* module: assert require() called with a non-empty string (Felix Böhm, James Campos) + +* stdio: Set readable/writable flags properly (isaacs) + +* stream: Properly handle large reads from push-streams (isaacs) + + +Source Code: http://nodejs.org/dist/v0.9.7/node-v0.9.7.tar.gz + +Macintosh Installer (Universal): http://nodejs.org/dist/v0.9.7/node-v0.9.7.pkg + +Windows Installer: http://nodejs.org/dist/v0.9.7/node-v0.9.7-x86.msi + +Windows x64 Installer: http://nodejs.org/dist/v0.9.7/x64/node-v0.9.7-x64.msi + +Windows x64 Files: http://nodejs.org/dist/v0.9.7/x64/ + +Linux 32-bit Binary: http://nodejs.org/dist/v0.9.7/node-v0.9.7-linux-x86.tar.gz + +Linux 64-bit Binary: http://nodejs.org/dist/v0.9.7/node-v0.9.7-linux-x64.tar.gz + +Solaris 32-bit Binary: http://nodejs.org/dist/v0.9.7/node-v0.9.7-sunos-x86.tar.gz + +Solaris 64-bit Binary: http://nodejs.org/dist/v0.9.7/node-v0.9.7-sunos-x64.tar.gz + +Other release files: http://nodejs.org/dist/v0.9.7/ + +Website: http://nodejs.org/docs/v0.9.7/ + +Documentation: http://nodejs.org/docs/v0.9.7/api/ + +Shasums: + +``` +fa5771999205beae787e56bbffa3be3c496dbb3e node-v0.9.7-darwin-x64.tar.gz +3790a0323e82598d9286470a3ca8b079b25d815c node-v0.9.7-darwin-x86.tar.gz +70da0da05a2d76dfba389b413112aa1c31289114 node-v0.9.7-linux-x64.tar.gz +b7448f020820302a6c648744a9ba4b6e1979fbf8 node-v0.9.7-linux-x86.tar.gz +a0148c804c37ecbcfd4039213e469ba2757b6125 node-v0.9.7-sunos-x64.tar.gz +121cd6fe2fbab0ca20644256914433bfa02ca6c4 node-v0.9.7-sunos-x86.tar.gz +8938d57fc9cff896bb13901a43b5cff989785a23 node-v0.9.7-x86.msi +23b86861de7c6111311f869c722431cf84d93761 node-v0.9.7.pkg +527a86ee094f7ed77967eda3dff4b2aff3f29384 node-v0.9.7.tar.gz +5231f327979f900d4ba927f2e63e67635001268c node.exe +6a78465d3f6e34aab82a529839c522abbab715ac node.exp +d814bd0733ba22a3cd9c086d34c68706d6c77663 node.lib +5c9df4dcf16c9baafce9b6982907ada586e878a2 node.pdb +f49f1e0706ef38facba45af75cfdf44678b21f5a x64/node-v0.9.7-x64.msi +13f9ee5c81b89bf77c5bfe46993905de4e3384d7 x64/node.exe +3f9c67381a7f2b3fc2f6c14b66036dde02de2820 x64/node.exp +cac98eebe21aeb05741a2fec6e2c7eaf5bb111a6 x64/node.lib +563932b95c08ebdb923358cd8b68ee17ac7ad781 x64/node.pdb +``` From 4d32fc59642bc22b9bb8bf5d4df8ebb07698ddc3 Mon Sep 17 00:00:00 2001 From: isaacs Date: Fri, 18 Jan 2013 12:12:07 -0800 Subject: [PATCH 13/16] npm: Upgrade to v1.2.2 --- deps/npm/AUTHORS | 10 + deps/npm/html/api/bin.html | 2 +- deps/npm/html/api/bugs.html | 2 +- deps/npm/html/api/commands.html | 2 +- deps/npm/html/api/config.html | 2 +- deps/npm/html/api/deprecate.html | 2 +- deps/npm/html/api/docs.html | 2 +- deps/npm/html/api/edit.html | 2 +- deps/npm/html/api/explore.html | 2 +- deps/npm/html/api/help-search.html | 2 +- deps/npm/html/api/init.html | 2 +- deps/npm/html/api/install.html | 2 +- deps/npm/html/api/link.html | 2 +- deps/npm/html/api/load.html | 2 +- deps/npm/html/api/ls.html | 2 +- deps/npm/html/api/npm.html | 4 +- deps/npm/html/api/outdated.html | 2 +- deps/npm/html/api/owner.html | 2 +- deps/npm/html/api/pack.html | 2 +- deps/npm/html/api/prefix.html | 2 +- deps/npm/html/api/prune.html | 2 +- deps/npm/html/api/publish.html | 2 +- deps/npm/html/api/rebuild.html | 2 +- deps/npm/html/api/restart.html | 2 +- deps/npm/html/api/root.html | 2 +- deps/npm/html/api/run-script.html | 2 +- deps/npm/html/api/search.html | 2 +- deps/npm/html/api/shrinkwrap.html | 2 +- deps/npm/html/api/start.html | 2 +- deps/npm/html/api/stop.html | 2 +- deps/npm/html/api/submodule.html | 2 +- deps/npm/html/api/tag.html | 2 +- deps/npm/html/api/test.html | 2 +- deps/npm/html/api/uninstall.html | 2 +- deps/npm/html/api/unpublish.html | 2 +- deps/npm/html/api/update.html | 2 +- deps/npm/html/api/version.html | 2 +- deps/npm/html/api/view.html | 2 +- deps/npm/html/api/whoami.html | 2 +- deps/npm/html/doc/README.html | 2 +- deps/npm/html/doc/adduser.html | 2 +- deps/npm/html/doc/bin.html | 2 +- deps/npm/html/doc/bugs.html | 2 +- deps/npm/html/doc/build.html | 2 +- deps/npm/html/doc/bundle.html | 2 +- deps/npm/html/doc/cache.html | 2 +- deps/npm/html/doc/changelog.html | 2 +- deps/npm/html/doc/coding-style.html | 2 +- deps/npm/html/doc/completion.html | 2 +- deps/npm/html/doc/config.html | 2 +- deps/npm/html/doc/dedupe.html | 2 +- deps/npm/html/doc/deprecate.html | 2 +- deps/npm/html/doc/developers.html | 2 +- deps/npm/html/doc/disputes.html | 2 +- deps/npm/html/doc/docs.html | 2 +- deps/npm/html/doc/edit.html | 2 +- deps/npm/html/doc/explore.html | 2 +- deps/npm/html/doc/faq.html | 2 +- deps/npm/html/doc/folders.html | 2 +- deps/npm/html/doc/help-search.html | 2 +- deps/npm/html/doc/help.html | 2 +- deps/npm/html/doc/index.html | 2 +- deps/npm/html/doc/init.html | 2 +- deps/npm/html/doc/install.html | 2 +- deps/npm/html/doc/json.html | 2 +- deps/npm/html/doc/link.html | 2 +- deps/npm/html/doc/ls.html | 4 +- deps/npm/html/doc/npm.html | 4 +- deps/npm/html/doc/outdated.html | 2 +- deps/npm/html/doc/owner.html | 2 +- deps/npm/html/doc/pack.html | 2 +- deps/npm/html/doc/prefix.html | 2 +- deps/npm/html/doc/prune.html | 2 +- deps/npm/html/doc/publish.html | 2 +- deps/npm/html/doc/rebuild.html | 2 +- deps/npm/html/doc/registry.html | 2 +- deps/npm/html/doc/removing-npm.html | 2 +- deps/npm/html/doc/restart.html | 2 +- deps/npm/html/doc/root.html | 2 +- deps/npm/html/doc/run-script.html | 2 +- deps/npm/html/doc/scripts.html | 2 +- deps/npm/html/doc/search.html | 2 +- deps/npm/html/doc/semver.html | 2 +- deps/npm/html/doc/shrinkwrap.html | 2 +- deps/npm/html/doc/star.html | 2 +- deps/npm/html/doc/start.html | 2 +- deps/npm/html/doc/stop.html | 2 +- deps/npm/html/doc/submodule.html | 2 +- deps/npm/html/doc/tag.html | 2 +- deps/npm/html/doc/test.html | 2 +- deps/npm/html/doc/uninstall.html | 2 +- deps/npm/html/doc/unpublish.html | 2 +- deps/npm/html/doc/update.html | 2 +- deps/npm/html/doc/version.html | 2 +- deps/npm/html/doc/view.html | 2 +- deps/npm/html/doc/whoami.html | 2 +- deps/npm/lib/cache.js | 255 +++++++++++++----- deps/npm/lib/install.js | 18 +- deps/npm/lib/ls.js | 13 +- deps/npm/lib/npm.js | 1 + deps/npm/lib/publish.js | 15 +- deps/npm/lib/utils/exec.js | 2 +- deps/npm/lib/utils/lifecycle.js | 10 +- deps/npm/lib/utils/tar.js | 4 +- deps/npm/man/man1/ls.1 | 2 +- deps/npm/man/man1/npm.1 | 2 +- deps/npm/man/man3/npm.3 | 2 +- deps/npm/node_modules/abbrev/lib/abbrev.js | 25 +- deps/npm/node_modules/abbrev/package.json | 34 ++- .../node_modules/fstream-ignore/LICENSE | 27 ++ .../node_modules/fstream-ignore/package.json | 5 +- .../npm/node_modules/fstream-npm/package.json | 2 +- deps/npm/node_modules/nopt/.npmignore | 1 + deps/npm/node_modules/nopt/bin/nopt.js | 11 +- deps/npm/node_modules/nopt/lib/nopt.js | 95 +++++-- deps/npm/node_modules/nopt/package.json | 5 +- deps/npm/node_modules/npmconf/package.json | 8 +- deps/npm/package.json | 6 +- .../npm-test-peer-deps-invalid/npm-ls.json | 33 ++- .../npm-test-peer-deps-invalid/test.js | 5 +- .../packages/npm-test-peer-deps/npm-ls.json | 25 +- .../test/packages/npm-test-peer-deps/test.js | 4 +- .../npm-test-shrinkwrap/npm-shrinkwrap.json | 20 +- .../test/packages/npm-test-shrinkwrap/test.js | 24 +- .../packages/npm-test-url-dep/package.json | 2 +- 125 files changed, 561 insertions(+), 301 deletions(-) create mode 100644 deps/npm/node_modules/fstream-npm/node_modules/fstream-ignore/LICENSE diff --git a/deps/npm/AUTHORS b/deps/npm/AUTHORS index bba64f02229..4a5f1ef0426 100644 --- a/deps/npm/AUTHORS +++ b/deps/npm/AUTHORS @@ -71,10 +71,20 @@ Domenic Denicola James Halliday Jeremy Cantrell Ribettes +Einar Otto Stangvik Don Park Kei Son Nicolas Morel Mark Dube +Nathan Rajlich Maxim Bogushevich Justin Beckwith Meaglin +Ben Evans +Nathan Zadoks +Brian White +Jed Schmidt +Ian Livingstone +Patrick Pfeiffer +Paul Miller +seebees diff --git a/deps/npm/html/api/bin.html b/deps/npm/html/api/bin.html index 73eb5c169bc..15168f20229 100644 --- a/deps/npm/html/api/bin.html +++ b/deps/npm/html/api/bin.html @@ -19,7 +19,7 @@

This function should not be used programmatically. Instead, just refer to the npm.bin member.

- +