Node.js v6.2.1 Release Brief
This week’s Current release fixes some critical issues in v6, as well as coming with the usual assortment of minor fixes. Of note, an OS X stdio issue from v6.0.0 has been resolved, and a possible Buffer security concern has been addressed.
As with all releases within major version lines, minor and patch upgrades should be drop-in replacements for previous versions.
Overview
Of a total of 134 commits:
- 55 were documentation-only commits.
- 29 only modify tests and 4 only affect internal tooling.
- 2 dependencies were updated:
- npm @ 3.9.3 (Kat Marchán) #7030
- V8 @ 5.0.71.52 (Michaël Zasso) #6928
The remaining significant commits are as follows:
- [
99c05a1af0] - async_wrap: passuidto JS as double (Trevor Norris) #7096 - [
371be9cd80] - buffer: ignore negative allocation lengths (Anna Henningsen) #7051 - [
1bcc226edf] - buffer: fix dataview-set benchmark (Ingvar Stepanyan) #6922 - [
98270c6d15] - buffer: fix single digit hex string handling (Justin Sprigg) #6775 - [
1fece2f8c0] - build: re-add--ninjaoption toconfigure(Ehsan Akhgari) #6780 - [
e7b03be191] - build: update build-addons when node-gyp changes (Lance Ball) #6787 - [
55c0b3e0e5] - build: unbreak configure with python 2.6 (Ben Noordhuis) #6874 - [
0503681348] - child_process: measure buffer length in bytes (Rich Trott) #6764 - [
27d0eb054c] - child_process: emit IPC messages on next tick (cjihrig) #6909 - [
b28468e0a7] - child_process: allow buffer encoding inspawnSync()(cjihrig) #6939 - [
6a62bb0070] - cluster: expose result ofsend()(cjihrig) #6998 - [
2132d349b5] - cluster: rewrite debug ports consistently (cjihrig) #7050 - [
0bd8f4c4d8] - cluster: reset handle index on close (Santiago Gimeno) #6981 - [
93e150f1d6] - cluster: guard against undefined message handlers (cjihrig) #6902 - [
28b73428e1] - cluster: close ownerless handles ondisconnect()(cjihrig) #6909 - [
2184e772d2] - debugger: propagate--debug-port=to debuggee (Ben Noordhuis) #3470 - [
8e6f8b2fb5] - dgram: copy the list in send (Matteo Collina) #6804 - [
588c76cd5c] - dgram,test: addaddMembership/dropMembershiptests (Rich Trott) #6753 - [
c4329aa226] - fs: movemkdtemp*()functions near static functions (Sakthipriyan Vairamani) #6828 - [
c068880757] - fs:mkdtempshouldn't crash if no callback passed (Sakthipriyan Vairamani) #6828 - [
2ab36093e6] - http: uselocalAddressinstead ofpath(Dirceu Pereira Tiegs) #5190 - [
6f0d8b3a1b] - installer: don't installnode_internals.h(Ben Noordhuis) #6913 - [
178f3080f8] - module: don't cache uninitialized builtins (Anna Henningsen) #6907 - [
1908b7f00a] - path: fixbasename()regressions (Brian White) #6590 - [
10671406ac] - process:internal/process/stdio.jscleanup / modernization (James M Snell) #6766 - [
64445674f0] - src: add include guards to internal headers (Ben Noordhuis) #6948 - [
4333fda46d] - src: no abort from getter if object isn't wrapped (Trevor Norris) #6184 - [
4da3e1e461] - src: always clear wrap before persistentReset()(Trevor Norris) #6184 - [
7e5775704e] - src: inherit first fromAsyncWrap(Trevor Norris) #6184 - [
0841496992] - src: fix--without-intlbuild (Anna Henningsen) #6820 - [
0d08fc415f] - stream_base: always use Base template class (Trevor Norris) #6184 - [
756ec80d50] - string_bytes: Makebase64encode/decodereusable (Eugene Ostroukhov) #6910 - [
79ad172589] - string_decoder: rewrite implementation (Brian White) #6777 - [
21e31352d7] - tls: catchcertCbDoneexceptions (Fedor Indutny) #6887 - [
257e54b9c0] - tls,https: respect address family when connecting (Ben Noordhuis) #6654 - [
5779ed2a4a] - tls_wrap: do not abort on newTLSWrap()(Trevor Norris) #6184 - [
4d3a7594a5] - tty: use blocking mode on OS X (Jeremiah Senkpiel) #6895 - [
36ed4a2d7a] - udp: use libuv API to get file descriptor (Saúl Ibarra Corretgé) #6908 - [
f3e3eebec8] - unix,stream: fix getting the correct fd for a handle (Saúl Ibarra Corretgé) #6753 - [
d270706881] - util: pretty-print SIMD types (Ben Noordhuis) #6917 - [
55b736a63b] - vm: don't abort process when stack space runs out (Anna Henningsen) #6907 - [
cb2ef35b76] - win,build: add creation of zip and 7z package (Bartosz Sosnowski) #5995 - [
1e26b82ce4] - zlib: release callback and buffer after processing (Matt Lavin) #6955 - [
64415564de] - zlib: remove_closedin source (Anna Henningsen) #6574
Notable Changes
- buffer: Ignore negative lengths in calls to
Buffer()andBuffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor orallocUnsafe()as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) #7051 - npm: Upgrade npm to 3.9.3 (Kat Marchán) #7030
npm/npm@42d71benpm/npm#12685 When usingnpm ls <pkg>without a semver specifier,npm lswould skip any packages in your tree that matched by name, but had a prerelease version in theirpackage.json. (@zkat)npm/npm@f04e05npm/npm#10013read-package-tree@5.1.4: Fixes an issue wherenpm installwould fail if yournode_moduleswas symlinked. (@iarna)b894413#12372 Changing a nested dependency in annpm-shrinkwrap.jsonand then runningnpm installwould not get up the updated package. This corrects that. (@misterbyrne)- This release includes
npm@3.9.0, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis.
- tty: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at #6980. (Jeremiah Senkpiel) #6895
- V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see https://github.com/node-inspector/node-inspector/issues/864 for details. (Michaël Zasso) #6928
Git Diffstats
(Showing the delta between v6.2.0 and v6.2.1, ignoring deps/npm.)
Without deps, docs, benchmarks, or tests:
.eslintrc | 1 +
Makefile | 20 +-
configure | 29 ++-
lib/_debugger.js | 4 +-
lib/_http_agent.js | 9 +-
lib/_tls_wrap.js | 7 +-
lib/buffer.js | 10 +-
lib/child_process.js | 73 ++++---
lib/cluster.js | 50 +++--
lib/dgram.js | 40 ++--
lib/fs.js | 79 ++++----
lib/internal/bootstrap_node.js | 23 ++-
lib/internal/child_process.js | 4 +-
lib/internal/process/stdio.js | 56 ++++--
lib/path.js | 12 +-
lib/string_decoder.js | 376 ++++++++++++++++++------------------
lib/tty.js | 7 +
lib/util.js | 54 ++++++
lib/zlib.js | 40 ++--
node.gyp | 1 +
src/async-wrap-inl.h | 10 +-
src/async-wrap.cc | 3 +-
src/async-wrap.h | 3 +
src/base-object-inl.h | 8 +
src/base-object.h | 4 +
src/base64.h | 194 +++++++++++++++++++
src/cares_wrap.cc | 2 +
src/debug-agent.h | 4 +
src/env-inl.h | 4 +
src/env.h | 4 +
src/fs_event_wrap.cc | 6 +-
src/handle_wrap.cc | 14 +-
src/handle_wrap.h | 3 +
src/js_stream.cc | 27 ++-
src/js_stream.h | 6 +-
src/node.cc | 4 +-
src/node_config.cc | 2 +-
src/node_constants.h | 4 +
src/node_contextify.cc | 37 ++--
src/node_counters.h | 4 +
src/node_crypto.cc | 278 +++++++++++++++++---------
src/node_crypto.h | 10 +-
src/node_crypto_bio.h | 4 +
src/node_crypto_clienthello-inl.h | 4 +
src/node_crypto_clienthello.h | 4 +
src/node_crypto_groups.h | 4 +
src/node_dtrace.h | 4 +
src/node_file.h | 4 +
src/node_http_parser.cc | 24 ++-
src/node_http_parser.h | 4 +
src/node_i18n.h | 4 +
src/node_internals.h | 6 +
src/node_javascript.h | 4 +
src/node_lttng.h | 4 +
src/node_lttng_provider.h | 4 +
src/node_lttng_tp.h | 4 +
src/node_revert.h | 4 +
src/node_root_certs.h | 3 +
src/node_stat_watcher.cc | 6 +-
src/node_stat_watcher.h | 5 +
src/node_version.h | 2 +-
src/node_watchdog.h | 4 +
src/node_win32_etw_provider-inl.h | 4 +
src/node_win32_etw_provider.h | 4 +
src/node_win32_perfctr_provider.h | 4 +
src/node_wrap.h | 6 +
src/node_zlib.cc | 15 +-
src/pipe_wrap.cc | 18 +-
src/pipe_wrap.h | 3 +
src/process_wrap.cc | 7 +-
src/req-wrap-inl.h | 5 +
src/req-wrap.h | 4 +
src/signal_wrap.cc | 6 +-
src/spawn_sync.h | 4 +
src/stream_base-inl.h | 30 ++-
src/stream_base.cc | 3 +-
src/stream_base.h | 4 +
src/stream_wrap.cc | 8 +-
src/stream_wrap.h | 3 +
src/string_bytes.cc | 180 +----------------
src/string_bytes.h | 4 +
src/string_search.h | 4 +
src/tcp_wrap.cc | 46 ++++-
src/tcp_wrap.h | 3 +
src/tls_wrap.cc | 33 +++-
src/tls_wrap.h | 4 +
src/tty_wrap.cc | 10 +-
src/tty_wrap.h | 4 +
src/udp_wrap.cc | 35 +++-
src/udp_wrap.h | 4 +
src/util-inl.h | 4 +
src/util.h | 24 +++
tools/install.py | 1 -
tools/test.py | 84 ++++++--
vcbuild.bat | 59 +++++-
95 files changed, 1498 insertions(+), 757 deletions(-)
Deps only:
deps/v8/include/v8-version.h | 2 +-
deps/v8/src/compiler/js-create-lowering.cc | 30 ++++++++------------
deps/v8/src/compiler/js-create-lowering.h | 1 -
deps/v8/src/crankshaft/arm/lithium-codegen-arm.cc | 7 +++--
.../src/crankshaft/arm64/lithium-codegen-arm64.cc | 7 +++--
.../src/crankshaft/ia32/lithium-codegen-ia32.cc | 7 +++--
.../src/crankshaft/mips/lithium-codegen-mips.cc | 5 ++--
.../crankshaft/mips64/lithium-codegen-mips64.cc | 5 ++--
deps/v8/src/crankshaft/ppc/lithium-codegen-ppc.cc | 7 +++--
deps/v8/src/crankshaft/x64/lithium-codegen-x64.cc | 7 +++--
deps/v8/src/crankshaft/x87/lithium-codegen-x87.cc | 7 +++--
deps/v8/src/full-codegen/arm/full-codegen-arm.cc | 7 +++--
.../src/full-codegen/arm64/full-codegen-arm64.cc | 5 ++--
.../v8/src/full-codegen/ia32/full-codegen-ia32.cc | 7 +++--
.../v8/src/full-codegen/mips/full-codegen-mips.cc | 5 ++--
.../full-codegen/mips64/full-codegen-mips64.cc | 5 ++--
deps/v8/src/full-codegen/ppc/full-codegen-ppc.cc | 7 +++--
deps/v8/src/full-codegen/x64/full-codegen-x64.cc | 7 +++--
deps/v8/src/full-codegen/x87/full-codegen-x87.cc | 7 +++--
deps/v8/src/objects.cc | 31 +++++++++++++++++----
deps/v8/src/objects.h | 5 +++-
deps/v8/src/parsing/parser.cc | 6 +++-
deps/v8/src/runtime/runtime-function.cc | 15 ++++++++--
deps/v8/test/cctest/test-api.cc | 13 +++++++++
.../v8/test/mjsunit/es6/regress/regress-594084.js | 10 +++++++
deps/v8/test/mjsunit/mirror-function.js | 1 +
deps/v8/test/mjsunit/regress/regress-5010.js | 9 ++++++
.../test/mjsunit/regress/regress-crbug-610228.js | 11 ++++++++
28 files changed, 162 insertions(+), 74 deletions(-)
Docs only:
.github/ISSUE_TEMPLATE.md | 7 +-
.github/PULL_REQUEST_TEMPLATE.md | 8 +-
CHANGELOG.md | 95 +-
CODE_OF_CONDUCT.md | 2 +-
CONTRIBUTING.md | 5 +-
README.md | 8 +-
WORKING_GROUPS.md | 33 +-
doc/api/buffer.md | 2 +-
doc/api/child_process.md | 80 +-
doc/api/cli.md | 83 +-
doc/api/console.md | 33 +-
doc/api/crypto.md | 6 +-
doc/api/debugger.md | 17 +-
doc/api/dgram.md | 6 +
doc/api/dns.md | 28 +
doc/api/errors.md | 2 +-
doc/api/fs.md | 314 ++++-
doc/api/globals.md | 5 +
doc/api/https.md | 4 +-
doc/api/net.md | 16 +-
doc/api/process.md | 39 +-
doc/api/punycode.md | 26 +-
doc/api/string_decoder.md | 56 +-
doc/api/tls.md | 1197 +++++++++++---------
doc/api/tty.md | 106 +-
doc/api/url.md | 273 +++--
doc/api/util.md | 472 ++++----
doc/api/v8.md | 44 +-
doc/api/vm.md | 439 ++++---
doc/api/zlib.md | 102 ++
doc/api_assets/style.css | 13 +
doc/changelogs/CHANGELOG_ARCHIVE.md | 4 +-
doc/changelogs/CHANGELOG_IOJS.md | 2 +-
doc/changelogs/CHANGELOG_V6.md | 152 +++
doc/guides/building-node-with-ninja.md | 13 +-
doc/guides/writing_tests.md | 186 +++
doc/onboarding.md | 33 +-
doc/topics/domain-postmortem.md | 4 +-
doc/topics/the-event-loop-timers-and-nexttick.md | 18 +-
39 files changed, 2729 insertions(+), 1204 deletions(-)
Tests & Benchmarks only:
0.0% benchmark/buffers/
0.4% benchmark/child_process/
0.8% benchmark/string_decoder/
0.0% test/addons/buffer-free-callback/
0.0% test/addons/load-long-path/
0.0% test/addons/make-callback-recurse/
0.0% test/addons/make-callback/
0.0% test/addons/null-buffer-neuter/
0.5% test/debugger/
0.4% test/doctool/
0.0% test/fixtures/clustered-server/
1.9% test/gc/node_modules/bindings/
4.4% test/gc/node_modules/nan/tools/
59.3% test/gc/node_modules/nan/
12.7% test/gc/node_modules/weak/build/
0.7% test/gc/node_modules/weak/lib/
4.1% test/gc/node_modules/weak/src/
1.1% test/gc/node_modules/weak/
0.3% test/gc/
0.2% test/internet/
0.1% test/known_issues/
0.1% test/message/
9.1% test/parallel/
2.7% test/pseudo-tty/
0.1% test/
111 files changed, 10196 insertions(+), 489 deletions(-)
Most active commit
Of the 134 commits, 4333fda was the most active:
(Excluding docs, npm, eslint, and tests.)
commit 4333fda46d1feaab4afb75f31349f21c0c62fc40
Author: Trevor Norris <trev.norris@gmail.com>
Date: Wed Apr 13 13:16:42 2016 -0600
src: no abort from getter if object isn't wrapped
v8::Object::GetAlignedPointerFromInternalField() returns a random value
if Wrap() hasn't been run on the object handle. Causing v8 to abort if
certain getters are accessed. It's possible to access these getters and
functions during class construction through the AsyncWrap init()
callback, and also possible in a subset of those scenarios while running
the persistent handle visitor.
Mitigate this issue by manually setting the internal aligned pointer
field to nullptr in the BaseObject constructor and add necessary logic
to return appropriate values when nullptr is encountered.
PR-URL: https://github.com/nodejs/node/pull/6184
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
src/base-object-inl.h | 4 +
src/fs_event_wrap.cc | 6 +-
src/handle_wrap.cc | 12 +-
src/js_stream.cc | 23 ++-
src/node_contextify.cc | 23 +--
src/node_crypto.cc | 276 ++++++++++++++++++---------
src/node_http_parser.cc | 24 ++-
src/node_internals.h | 2 +
src/node_stat_watcher.cc | 6 +-
src/node_wrap.h | 2 +
src/node_zlib.cc | 15 +-
src/pipe_wrap.cc | 18 +-
src/process_wrap.cc | 7 +-
src/signal_wrap.cc | 6 +-
src/stream_base-inl.h | 16 +-
src/stream_base.cc | 3 +-
src/stream_wrap.cc | 6 +-
src/tcp_wrap.cc | 46 ++++-
src/tls_wrap.cc | 28 ++-
src/tty_wrap.cc | 10 +-
src/udp_wrap.cc | 29 ++-
src/util.h | 20 ++
test/parallel/test-stream-base-no-abort.js | 58 ++++++
23 files changed, 462 insertions(+), 178 deletions(-)
This is a regular and routine release for a Node.js Current release line. We will be sure to let you know when a release contains a critical update and a recommendation to upgrade. Of course, we'd love you to upgrade, but this release is not critical unless you are experiencing one of the issues identified and fixed above.