Merge remote-tracking branch 'upstream/v0.10' into merge-0-10-into-0-12

Conflicts:
	AUTHORS
	ChangeLog
	configure
	deps/uv/AUTHORS
	deps/uv/ChangeLog
	deps/uv/README.md
	deps/uv/config-unix.mk
	deps/uv/include/uv-private/uv-win.h
	deps/uv/include/uv.h
	deps/uv/src/unix/internal.h
	deps/uv/src/unix/kqueue.c
	deps/uv/src/unix/stream.c
	deps/uv/src/uv-common.c
	deps/uv/src/uv-common.h
	deps/uv/src/version.c
	deps/uv/src/win/poll.c
	deps/uv/test/test-osx-select.c
	deps/v8/src/debug-debugger.js
	deps/v8/src/isolate.cc
	deps/v8/src/isolate.h
	deps/v8/src/mirror-debugger.js
	doc/api/buffer.markdown
	doc/api/child_process.markdown
	doc/api/dns.markdown
	doc/api/tls.markdown
	doc/api/url.markdown
	lib/_stream_writable.js
	lib/assert.js
	lib/child_process.js
	lib/crypto.js
	lib/dgram.js
	lib/http.js
	lib/net.js
	lib/timers.js
	lib/tls.js
	src/node.cc
	src/node.h
	src/node.js
	src/node_crypto.cc
	src/node_version.h
	test/common.js
	test/simple/test-child-process-spawn-typeerror.js
	tools/certdata.txt

Author: Julien Gilli

.gitignore

@@ -15,6 +15,7 @@ node_g
 .benchmark_reports
 /.project
 /.cproject
+icu_config.gypi
 
 /out
 

AUTHORS

@@ -569,3 +569,14 @@ Jackson Tian <[email protected]>
 Tristan Berger <[email protected]>
 Mathias Schreck <[email protected]>
 Steven R. Loomis <[email protected]>
+Matthew Fitzsimmons <[email protected]>
+Swaagie <[email protected]>
+Emmanuel Odeke <[email protected]>
+Eric Mill <[email protected]>
+Brendan Ashworth <[email protected]>
+Alejandro Oviedo <[email protected]>
+pkcs <[email protected]>
+Saúl Ibarra Corretgé <[email protected]>
+silverwind <[email protected]>
+Steven R. Loomis <[email protected]>
+James M Snell <[email protected]>

ChangeLog

@@ -787,7 +787,60 @@
 * console: `console.dir()` bypasses inspect() methods (Nathan Rajlich)
 
 
-2014.09.16, Version 0.10.32 (Stable)
+2014.12.22, Version 0.10.35 (Stable)
+
+* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
+
+* timers: don't close interval timers when unrefd (Julien Gilli)
+
+* timers: don't mutate unref list while iterating it (Julien Gilli)
+
+
+2014.12.17, Version 0.10.34 (Stable), 52795f8fcc2de77cf997e671ea58614e5e425dfe
+
+* uv: update to v0.10.30
+
+* zlib: upgrade to v1.2.8
+
+* child_process: check execFile args is an array (Sam Roberts)
+
+* child_process: check fork args is an array (Sam Roberts)
+
+* crypto: update root certificates (Ben Noordhuis)
+
+* domains: fix issues with abort on uncaught (Julien Gilli)
+
+* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
+
+* timers: fix unref() memory leak (Trevor Norris)
+
+* v8: add api for aborting on uncaught exception (Julien Gilli)
+
+* debugger: fix when using "use strict" (Julien Gilli)
+
+
+2014.10.20, Version 0.10.33 (Stable), 8d045a30e95602b443eb259a5021d33feb4df079
+
+* openssl: Update to 1.0.1j (Addressing multiple CVEs)
+
+* uv: Update to v0.10.29
+
+* child_process: properly support optional args (cjihrig)
+
+* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny,
+	Timothy J Fontaine, Alexis Campailla)
+
+	This is a behavior change, by default we will not allow the negotiation to
+	SSLv2 or SSLv3. If you want this behavior, run Node.js with either
+	`--enable-ssl2` or `--enable-ssl3` respectively.
+
+	This does not change the behavior for users specifically requesting
+	`SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
+	assumed you know what you're doing since you're specifically asking to use
+	these methods.
+
+
+2014.09.16, Version 0.10.32 (Stable), 0fe0d121551593c23a565db8397f85f17bb0f00e
 
 * npm: Update to 1.4.28
 
@@ -839,7 +892,7 @@
 
 * deps: backport 4ed5fde4f from v8 upstream (Fedor Indutny)
 
-* deps: cherry-pick eca441b2 from OpenSSL (Fedor Indutny)
+* 
 
 * lib: remove and restructure calls to isNaN() (cjihrig)
 

LICENSE

@@ -294,9 +294,9 @@ maintained libraries. The externally maintained libraries used by Node are:
 - Zlib at deps/zlib. zlib's license follows:
   """
     /* zlib.h -- interface of the 'zlib' general purpose compression library
-      version 1.2.4, March 14th, 2010
+      version 1.2.8, April 28th, 2013
 
-      Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler
+      Copyright (C) 1995-2013 Jean-loup Gailly and Mark Adler
 
       This software is provided 'as-is', without any express or implied
       warranty.  In no event will the authors be held liable for any damages
@@ -314,9 +314,8 @@ maintained libraries. The externally maintained libraries used by Node are:
          misrepresented as being the original software.
       3. This notice may not be removed or altered from any source distribution.
 
-      Jean-loup Gailly
-      Mark Adler
-
+      Jean-loup Gailly        Mark Adler
+      [email protected]          [email protected]
     */
   """
 

Makefile

@@ -190,6 +190,9 @@ website_files = \
 
 doc: $(apidoc_dirs) $(website_files) $(apiassets) $(apidocs) tools/doc/ out/doc/changelog.html node
 
+doc-branch: NODE_DOC_VERSION = v$(shell $(PYTHON) tools/getnodeversion.py | cut -f1,2 -d.)
+doc-branch: doc
+
 $(apidoc_dirs):
 	mkdir -p $@
 
@@ -203,10 +206,10 @@ out/doc/%: doc/%
 	cp -r $< $@
 
 out/doc/api/%.json: doc/api/%.markdown node
-	out/Release/node tools/doc/generate.js --format=json $< > $@
+	NODE_DOC_VERSION=$(NODE_DOC_VERSION) out/Release/node tools/doc/generate.js --format=json $< > $@
 
 out/doc/api/%.html: doc/api/%.markdown node
-	out/Release/node tools/doc/generate.js --format=html --template=doc/template.html $< > $@
+	NODE_DOC_VERSION=$(NODE_DOC_VERSION) out/Release/node tools/doc/generate.js --format=html --template=doc/template.html $< > $@
 
 email.md: ChangeLog tools/email-footer.md
 	bash tools/changelog-head.sh | sed 's|^\* #|* \\#|g' > $@
@@ -225,6 +228,11 @@ website-upload: doc
     rm -f ~/web/nodejs.org/dist/node-latest.tar.gz &&\
     ln -s $(VERSION)/node-$(VERSION).tar.gz ~/web/nodejs.org/dist/node-latest.tar.gz'
 
+doc-branch-upload: NODE_DOC_VERSION = v$(shell $(PYTHON) tools/getnodeversion.py | cut -f1,2 -d.)
+doc-branch-upload: doc-branch
+	echo $(NODE_DOC_VERSION)
+	rsync -r out/doc/api/ [email protected]:~/web/nodejs.org/$(NODE_DOC_VERSION)
+
 docopen: out/doc/api/all.html
 	-google-chrome out/doc/api/all.html
 
@@ -233,6 +241,7 @@ docclean:
 
 RAWVER=$(shell $(PYTHON) tools/getnodeversion.py)
 VERSION=v$(RAWVER)
+NODE_DOC_VERSION=$(VERSION)
 RELEASE=$(shell $(PYTHON) tools/getnodeisrelease.py)
 PLATFORM=$(shell uname | tr '[:upper:]' '[:lower:]')
 ifeq ($(findstring x86_64,$(shell uname -m)),x86_64)

configure

@@ -272,11 +272,6 @@ parser.add_option('--with-perfctr',
     dest='with_perfctr',
     help='build with performance counters (default is true on Windows)')
 
-parser.add_option('--with-sslv2',
-    action='store_true',
-    dest='with_sslv2',
-    help='enable SSL v2')
-
 parser.add_option('--without-dtrace',
     action='store_true',
     dest='without_dtrace',
@@ -308,6 +303,16 @@ parser.add_option('--without-ssl',
     dest='without_ssl',
     help='build without SSL')
 
+parser.add_option('--without-ssl2',
+    action='store_true',
+    dest='ssl2',
+    help='Disable SSL v2')
+
+parser.add_option('--without-ssl3',
+    action='store_true',
+    dest='ssl3',
+    help='Disable SSL v3')
+
 parser.add_option('--xcode',
     action='store_true',
     dest='use_xcode',
@@ -668,11 +673,12 @@ def configure_openssl(o):
   if options.without_ssl:
     return
 
-  # OpenSSL uses `#ifndef OPENSSL_NO_SSL2` checks so only define the
-  # macro when we want to _disable_ SSL2.
-  if not options.with_sslv2:
+  if options.ssl2:
     o['defines'] += ['OPENSSL_NO_SSL2=1']
 
+  if options.ssl3:
+    o['defines'] += ['OPENSSL_NO_SSL3=1']
+
   if options.shared_openssl:
     (libs, cflags) = pkg_config('openssl') or ('-lssl -lcrypto', '')
 
@@ -1035,4 +1041,4 @@ else:
 
 gyp_args += args
 
-subprocess.call(gyp_args)
+sys.exit(subprocess.call(gyp_args))

deps/openssl/asm/x64-win32-masm/aes/aesni-x86_64.asm

@@ -454,6 +454,12 @@ $L$SEH_begin_aesni_ecb_encrypt::
 	mov	r8,QWORD PTR[40+rsp]
 
 
+	lea	rsp,QWORD PTR[((-88))+rsp]
+	movaps	XMMWORD PTR[rsp],xmm6
+	movaps	XMMWORD PTR[16+rsp],xmm7
+	movaps	XMMWORD PTR[32+rsp],xmm8
+	movaps	XMMWORD PTR[48+rsp],xmm9
+$L$ecb_enc_body::
 	and	rdx,-16
 	jz	$L$ecb_ret
 
@@ -752,6 +758,12 @@ $L$ecb_dec_six::
 	movups	XMMWORD PTR[80+rsi],xmm7
 
 $L$ecb_ret::
+	movaps	xmm6,XMMWORD PTR[rsp]
+	movaps	xmm7,XMMWORD PTR[16+rsp]
+	movaps	xmm8,XMMWORD PTR[32+rsp]
+	movaps	xmm9,XMMWORD PTR[48+rsp]
+	lea	rsp,QWORD PTR[88+rsp]
+$L$ecb_enc_ret::
 	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue
 	mov	rsi,QWORD PTR[16+rsp]
 	DB	0F3h,0C3h		;repret
@@ -2766,26 +2778,7 @@ ALIGN	64
 EXTERN	__imp_RtlVirtualUnwind:NEAR
 
 ALIGN	16
-ecb_se_handler	PROC PRIVATE
-	push	rsi
-	push	rdi
-	push	rbx
-	push	rbp
-	push	r12
-	push	r13
-	push	r14
-	push	r15
-	pushfq
-	sub	rsp,64
-
-	mov	rax,QWORD PTR[152+r8]
-
-	jmp	$L$common_seh_tail
-ecb_se_handler	ENDP
-
-
-ALIGN	16
-ccm64_se_handler	PROC PRIVATE
+ecb_ccm64_se_handler	PROC PRIVATE
 	push	rsi
 	push	rdi
 	push	rbx
@@ -2823,7 +2816,7 @@ ccm64_se_handler	PROC PRIVATE
 	lea	rax,QWORD PTR[88+rax]
 
 	jmp	$L$common_seh_tail
-ccm64_se_handler	ENDP
+ecb_ccm64_se_handler	ENDP
 
 
 ALIGN	16
@@ -3026,15 +3019,17 @@ ALIGN	4
 ALIGN	8
 $L$SEH_info_ecb::
 DB	9,0,0,0
-	DD	imagerel ecb_se_handler
+	DD	imagerel ecb_ccm64_se_handler
+	DD	imagerel $L$ecb_enc_body,imagerel $L$ecb_enc_ret
+
 $L$SEH_info_ccm64_enc::
 DB	9,0,0,0
-	DD	imagerel ccm64_se_handler
+	DD	imagerel ecb_ccm64_se_handler
 	DD	imagerel $L$ccm64_enc_body,imagerel $L$ccm64_enc_ret
 
 $L$SEH_info_ccm64_dec::
 DB	9,0,0,0
-	DD	imagerel ccm64_se_handler
+	DD	imagerel ecb_ccm64_se_handler
 	DD	imagerel $L$ccm64_dec_body,imagerel $L$ccm64_dec_ret
 
 $L$SEH_info_ctr32::

deps/openssl/openssl/CHANGES

@@ -2,6 +2,57 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
+
+  *) SRTP Memory Leak.
+
+     A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+     sends a carefully crafted handshake message, to cause OpenSSL to fail
+     to free up to 64k of memory causing a memory leak. This could be
+     exploited in a Denial Of Service attack. This issue affects OpenSSL
+     1.0.1 server implementations for both SSL/TLS and DTLS regardless of
+     whether SRTP is used or configured. Implementations of OpenSSL that
+     have been compiled with OPENSSL_NO_SRTP defined are not affected.
+
+     The fix was developed by the OpenSSL team.
+     (CVE-2014-3513)
+     [OpenSSL team]
+
+  *) Session Ticket Memory Leak.
+
+     When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+     integrity of that ticket is first verified. In the event of a session
+     ticket integrity check failing, OpenSSL will fail to free memory
+     causing a memory leak. By sending a large number of invalid session
+     tickets an attacker could exploit this issue in a Denial Of Service
+     attack.
+     (CVE-2014-3567)
+     [Steve Henson]
+
+  *) Build option no-ssl3 is incomplete.
+
+     When OpenSSL is configured with "no-ssl3" as a build option, servers
+     could accept and complete a SSL 3.0 handshake, and clients could be
+     configured to send them.
+     (CVE-2014-3568)
+     [Akamai and the OpenSSL team]
+
+  *) Add support for TLS_FALLBACK_SCSV.
+     Client applications doing fallback retries should call
+     SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+     (CVE-2014-3566)
+     [Adam Langley, Bodo Moeller]
+
+  *) Add additional DigestInfo checks.
+ 
+     Reencode DigestInto in DER and check against the original when
+     verifying RSA signature: this will reject any improperly encoded
+     DigestInfo structures.
+
+     Note: this is a precautionary measure and no attacks are currently known.
+
+     [Steve Henson]
+
  Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
 
   *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the

deps/openssl/openssl/Configure

@@ -1767,6 +1767,9 @@ open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslcon
 print OUT "/* opensslconf.h */\n";
 print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
 
+print OUT "#ifdef  __cplusplus\n";
+print OUT "extern \"C\" {\n";
+print OUT "#endif\n";
 print OUT "/* OpenSSL was configured with the following options: */\n";
 my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
 $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n#  define OPENSSL_NO_$1\n# endif\n#endif/mg;
@@ -1871,6 +1874,9 @@ while (<IN>)
 		{ print OUT $_; }
 	}
 close(IN);
+print OUT "#ifdef  __cplusplus\n";
+print OUT "}\n";
+print OUT "#endif\n";
 close(OUT);
 rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
 rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";

deps/openssl/openssl/Makefile

@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.1i
+VERSION=1.0.1j
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0

deps/openssl/openssl/Makefile.bak

@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.1i-dev
+VERSION=1.0.1j-dev
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0