Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v8.16.2 proposal #29617

Merged
merged 25 commits into from
Oct 9, 2019
Merged

v8.16.2 proposal #29617

merged 25 commits into from
Oct 9, 2019

Conversation

BethGriggs
Copy link
Member

@BethGriggs BethGriggs commented Sep 19, 2019

2019-10-09, Version 8.16.2 'Carbon' (LTS), @BethGriggs

Node.js 8 is due to go End-of-Life on 31st December 2019.

Notable changes

  • deps: upgrade openssl sources to 1.0.2s (Sam Roberts) #28230

Commits

sam-github and others added 22 commits September 19, 2019 10:54
These tests seem to trigger failures in the entire CI job (not just the
test) on AIX. Skip them to see if that helps alleviate spurious failures
in node-test-commit-aix (and the upstream PR and commit test jobs).

See:
- nodejs/build#1820 (comment)
- nodejs/build#1847 (comment)

PR-URL: #28469
Backport-PR-URL: #29599
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Daniel Bevenius <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Add SKIP status for more tests in stringbytes-external-exceed-max that
are failing on AIX.

PR-URL: #28516
Backport-PR-URL: #29599
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Some pty tests persistently hung on the AIX CI buildbots. Fix that by
adding a helper script that properly sets up the pty before spawning
the script under test.

On investigation I discovered that the test runner hung when it tried
to close the slave pty's file descriptor, probably due to a bug in
AIX's pty implementation. I could reproduce it with a short C program.
The test runner also leaked file descriptors to the child process.

I couldn't convince python's `subprocess.Popen()` to do what I wanted
it to do so I opted to move the logic to a helper script that can do
fork/setsid/etc. without having to worry about stomping on state in
tools/test.py.

In the process I also uncovered some bugs in the pty module of the
python distro that ships with macOS 10.14, leading me to reimplement
a sizable chunk of the functionality of that module.

And last but not least, of course there are differences between ptys
on different platforms and the helper script has to paper over that.
Of course.

Really, this commit took me longer to put together than I care to admit.

Caveat emptor: this commit takes the hacky ^D feeding to the slave out
of tools/test.py and puts it in the *.in input files. You can also feed
other control characters to tests, like ^C or ^Z, simply by inserting
them into the corresponding input file. I think that's nice.

Fixes: nodejs/build#1820
Fixes: #28489

PR-URL: #28600
Backport-PR-URL: #29599
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Assumption that if memory can be malloc()ed it can be used is not true
on AIX. Later access of the allocated pages can trigger SIGKILL if there
are insufficient VM pages.

Use psdanger() to better estimate available memory.

Fixes: nodejs/build#1849

More info:
- https://www.ibm.com/support/knowledgecenter/en/ssw_aix_71/generalprogramming/sys_mem_alloc.html
- https://www.ibm.com/support/knowledgecenter/en/ssw_aix_71/p_bostechref/psdanger.html

Related to:
- nodejs/build#1820 (comment)
- #28469
- #28516

PR-URL: #28857
Backport-PR-URL: #29599
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Beth Griggs <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
One skipped test remains, it creates very large Buffer objects,
triggering the AIX OOM to kill node and its parent processes.

See: nodejs/build#1849 (comment)

PR-URL: #29054
Backport-PR-URL: #29599
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Original commit message:

    [turbofan] Fix NumberFloor typing.

    Bug: chromium:841117
    Change-Id: I1e83dfc82f87d0b49d3cca96290ae1d738e37d20
    Reviewed-on: https://chromium-review.googlesource.com/1051228
    Reviewed-by: Benedikt Meurer <[email protected]>
    Commit-Queue: Jaroslav Sevcik <[email protected]>
    Cr-Commit-Position: refs/heads/master@{#53083}

Refs: v8/v8@d520ebb
Fixes: #22810

PR-URL: #27358
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Refael Ackermann (רפאל פלחי) <[email protected]>
Reviewed-By: Anatoli Papirovski <[email protected]>
Reviewed-By: Beth Griggs <[email protected]>
This is the certdata.txt[0] from NSS 3.41, released on 2018-12-03.

This is the version of NSS that will ship in Firefox 65 on 2018-12-11.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_41_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #25113
Backport-PR-URL: #29137
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
This is the certdata.txt[0] from NSS 3.43, released on 2019-03-15.

This is the version of NSS that will ship in Firefox 67 on
2019-03-19.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_43_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #27374
Backport-PR-URL: #29137
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
This is the certdata.txt[0] from NSS 3.45, released on 2019-07-05.

This is the version of NSS that will ship in Firefox 69 on
2019-09-03.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_45_RTM/lib/ckfw/builtins/certdata.txt

PR-URL: #28808
Backport-PR-URL: #29137
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- GlobalSign Root CA - R6
- OISTE WISeKey Global Root GC CA
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- UCA Global G2 Root
- UCA Extended Validation Root
- Certigna Root CA

Certificates removed:
- Visa eCommerce Root
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3

PR-URL: #25113
Backport-PR-URL: #29137
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added:
- emSign Root CA - G1
- emSign ECC Root CA - G3
- emSign Root CA - C1
- emSign ECC Root CA - C3
- Hongkong Post Root CA 3

PR-URL: #27374
Backport-PR-URL: #29137
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
This is a partial backport of commit f1a3968 ("tls: expose built-in
root certificates") from the master branch. The original commit adds a
new API, this commit just backports the non-visible changes to ease
backporting follow-up commits.

PR-URL: #26415
Backport-PR-URL: #29137
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Ron Korving <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Vse Mozhet Byt <[email protected]>
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.

Certificates added: (none)

Certificates removed:
- Certinomis - Root CA

PR-URL: #28808
Backport-PR-URL: #29137
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Prevent the `'error'` event from being emitted multiple times if
`writable.destroy()` is called with an error before the `_destroy()`
callback is called.

Emit the first error, discard all others.

PR-URL: #26057
Backport-PR-URL: #28000
Fixes: #26015
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: James M Snell <[email protected]>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: #589
Backport-PR-URL: #28230
PR-URL: #1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Shigeki Ohtsu <[email protected]>
See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: #589
Backport-PR-URL: #28230
PR-URL: #1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reapply b910613 .

Fixes: #589
Backport-PR-URL: #28230
PR-URL: #1389
Reviewed-By: Fedor Indutny <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: #1461
Backport-PR-URL: #28230
PR-URL: #1836
Reviewed-By: Ben Noordhuis <[email protected]>
socket.parser can be undefined under unknown circumstances.
This is a fix for a bug I cannot reproduce but it is affecting
people.

Fixes: #26366

PR-URL: #26402
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
When CMD is used to launch a process and CMD is killed too quickly,
the process can stay behind running in suspended state, never
completing. This only happens in Windows Server 2008R2.

Refs: nodejs/build#1829

PR-URL: #28723
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Beth Griggs <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
@nodejs-github-bot nodejs-github-bot added meta Issues and PRs related to the general management of the project. openssl Issues and PRs related to the OpenSSL dependency. v8.x labels Sep 19, 2019
@nodejs-github-bot
Copy link
Collaborator

@addaleax
Copy link
Member

addaleax commented Sep 19, 2019

As mentioned in #29445 (comment), it would be good to have #29399 and #29459 in the next v8.x (and 10.x) release, as they solve regressions from the previous security release. I’ll open backport PRs.

@addaleax
Copy link
Member

Done: #29618 and #29619

Copy link
Member

@trivikr trivikr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RSLGTM

Copy link
Member

@BridgeAR BridgeAR left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR-URL has to be added in the commit message. Besides that LGTM.

Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just making sure #29618 is included, feel free to dismiss the review once it is

Do not crash when the session is no longer available.

Fixes: #29457

PR-URL: #29459
Backport-PR-URL: #29618
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>
Reviewed-By: Minwoo Jung <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Don’t start reading more input data if we’re still busy writing output.
This was overlooked in 8a4a193.

Fixes: #29353
Fixes: #29393

PR-URL: #29399
Backport-PR-URL: #29618
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
BethGriggs added a commit that referenced this pull request Sep 25, 2019
Node.js 8 is due to go End-of-Life on 31st December 2019.

Notable changes:

- **deps**: upgrade openssl sources to 1.0.2s (Sam Roberts)
  [#28230](#28230)

PR-URL: #29617
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Sep 25, 2019

@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot

This comment has been minimized.

@BethGriggs
Copy link
Member Author

Going to delay this release until tomorrow - I'll update the dates in the PR in the morning. A couple of new CITGM failures have shown up and earlier there were issues with the ARM release machines nodejs/build#1946

CITGM rerun: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/2037/

Node.js 8 is due to go End-of-Life on 31st December 2019.

Notable changes:

- **deps**: upgrade openssl sources to 1.0.2s (Sam Roberts)
  [#28230](#28230)

PR-URL: #29617
@nodejs-github-bot

This comment has been minimized.

@BethGriggs BethGriggs merged commit 4efffd5 into v8.x Oct 9, 2019
BethGriggs added a commit that referenced this pull request Oct 9, 2019
BethGriggs added a commit that referenced this pull request Oct 9, 2019
Node.js 8 is due to go End-of-Life on 31st December 2019.

Notable changes:

- **deps**: upgrade openssl sources to 1.0.2s (Sam Roberts)
  [#28230](#28230)

PR-URL: #29617
BethGriggs added a commit to BethGriggs/nodejs.org that referenced this pull request Oct 9, 2019
BethGriggs added a commit to nodejs/nodejs.org that referenced this pull request Oct 9, 2019
@BridgeAR BridgeAR deleted the v8.16.2-proposal branch December 3, 2019 22:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.