V6.10.2 proposal #12128

MylesBorins · 2017-03-29T21:05:10Z

2017-04-04, Version 6.10.2 'Boron' (LTS), @MylesBorins

This is a special LTS to fix a number of regressions that were found on the 6.10.x release line.

This includes:

a fix for memory leak in the crypto module that was introduced in 6.10.1
a fix for a regression introduced to the windows repl in 6.10.0
a backported fix for V8 to stop a segfault that could occur when using spread syntax

It also includes an upgrade to zlib 1.2.11 to fix a number of low severity CVEs
that were present in zlib 1.2.8.

Notable changes

crypto:
- fix memory leak if certificate is revoked (Tom Atkinson) #12089
deps:
- upgrade zlib to 1.2.11 (Sam Roberts) #10980
- backport V8 fixes for spread syntax regression causing segfaults (Michaël Zasso) #12037
repl:
- Revert commit that broke REPL display on Windows (Myles Borins) #12123

Commits

[5f644d2f6f] - crypto: fix memory leak if certificate is revoked (Tom Atkinson) #12089
[912f78a566] - deps: fix CLEAR_HASH macro to be usable as a single statement (Sam Roberts) #11616
[abe9132011] - deps: upgrade zlib to 1.2.11 (Sam Roberts) #10980
[1ff512c185] - deps: backport e427300 from upstream V8 (Michaël Zasso) #12037
[8dfc710a06] - deps: cherry-pick b9f682b from upstream V8 (Michaël Zasso) #12037
[52bdb8f246] - deps: backport 2cabc86 from upstream V8 (Michaël Zasso) #12037
[64fc5a4541] - repl Revert: "Revert "repl: disable Ctrl+C support..." (Myles Borins) #12123

Original commit message: Fix classifier related bug [email protected] BUG=chromium:621111 LOG=N Review-Url: https://codereview.chromium.org/2086513002 Cr-Commit-Position: refs/heads/master@{#37150} Fixes: #11977 PR-URL: #12037 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Myles Borins <[email protected]>

Original commit message: Fix bug with illegal spread as single arrow parameter [email protected] BUG=chromium:621496 LOG=N Review-Url: https://codereview.chromium.org/2084703005 Cr-Commit-Position: refs/heads/master@{#37196} Fixes: #12017 PR-URL: #12037 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Myles Borins <[email protected]>

Original commit message: Properly handle holes following spreads in array literals Before this change, the spread desugaring would naively call `%AppendElement($R, the_hole)` and in some cases $R would have a non-holey elements kind, putting the array into the bad state of exposing holes to author code. This patch avoids calling %AppendElement with a hole, instead simply incrementing $R.length when it sees a hole in the literal (this is safe because $R is known to be an Array). The existing logic for elements transitions takes care of giving the array a holey ElementsKind. BUG=chromium:644215 Review-Url: https://codereview.chromium.org/2321533003 Cr-Commit-Position: refs/heads/master@{#39294} Fixes: #12018 PR-URL: #12037 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Myles Borins <[email protected]>

The additional validity checks applied to StartCom and WoSign certificates failed to free memory before returning. Refs: #9469 Fixes: #12033 PR-URL: #12089 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>

PR-URL: #10980 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>

Apply unreleased (as of zlib v1.2.11) patch from upstream: - madler/zlib@38e8ce3 Original commit message: Fix CLEAR_HASH macro to be usable as a single statement. As it is used in deflateParams(). PR-URL: #11616 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>

Full original message: Revert "repl: disable Ctrl+C support on win32 for now" The original fix was a stop gap until a libuv update landed. As the libuv update has not yet landed on v6.x the revert should not have landed. This commit reverts 1d400ea reapplying the stopgap fix until we update libuv. Fixes: #12085 Refs: #8645 PR-URL: #12123 Reviewed-By: Anna Henningsen <[email protected]>

MylesBorins · 2017-03-29T21:12:04Z

CI: https://ci.nodejs.org/job/node-test-pull-request/7094/
CITGM: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/678/

rc: https://nodejs.org/download/rc/v6.10.2-rc.1/

edit:

CI failure is with clang341 and expected
CITGM failures are expected (lodash timeout on OSX && readable-stream failure on ubuntu1604

This is a special LTS to fix a number of regressions that were found on the 6.10.x release line. This includes: * a fix for memory leak in the crypto module that was introduced in 6.10.1 * a fix for a regression introduced to the windows repl in 6.10.0 * a backported fix for V8 to stop a segfault that could occur when using spread syntax It also includes an upgrade to zlib 1.2.11 to fix a numberof low severity CVEs that were present in zlib 1.2.8. http://seclists.org/oss-sec/2016/q4/602 Notable changes * crypto: - fix memory leak if certificate is revoked (Tom Atkinson) #12089 * deps: - upgrade zlib to 1.2.11 (Sam Roberts) #10980 - backport V8 fixes for spread syntax regression causing segfaults (Michaël Zasso) #12037 * repl: - Revert commit that broke REPL display on Windows (Myles Borins) #12123

PR-URL: #12128

PR-URL: nodejs/node#12128

targos and others added 7 commits March 29, 2017 16:30

deps: upgrade zlib to 1.2.11

abe9132

PR-URL: #10980 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]>

nodejs-github-bot added meta Issues and PRs related to the general management of the project. v6.x v8 engine Issues and PRs related to the V8 dependency. zlib Issues and PRs related to the zlib subsystem. labels Mar 29, 2017

MylesBorins force-pushed the v6.10.2-proposal branch 2 times, most recently from 0ff565d to be03658 Compare March 29, 2017 21:08

addaleax approved these changes Mar 29, 2017

View reviewed changes

mscdex removed v8 engine Issues and PRs related to the V8 dependency. zlib Issues and PRs related to the zlib subsystem. labels Mar 29, 2017

jasnell approved these changes Mar 30, 2017

View reviewed changes

fhinkel approved these changes Mar 30, 2017

View reviewed changes

MylesBorins force-pushed the v6.10.2-proposal branch from be03658 to fbc9fde Compare April 4, 2017 08:49

MylesBorins merged commit fbc9fde into v6.x Apr 4, 2017

MylesBorins added a commit that referenced this pull request Apr 4, 2017

Working on v6.10.3

79546c0

PR-URL: #12128

gibfahn deleted the v6.10.2-proposal branch April 4, 2017 13:14

andrew749 pushed a commit to michielbaird/node that referenced this pull request Jul 19, 2017

Working on v6.10.3

146c735

PR-URL: nodejs/node#12128

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

V6.10.2 proposal #12128

V6.10.2 proposal #12128

Uh oh!

MylesBorins commented Mar 29, 2017

Uh oh!

MylesBorins commented Mar 29, 2017 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

9 participants

Uh oh!

V6.10.2 proposal #12128

V6.10.2 proposal #12128

Uh oh!

Conversation

MylesBorins commented Mar 29, 2017

2017-04-04, Version 6.10.2 'Boron' (LTS), @MylesBorins

Notable changes

Commits

Uh oh!

MylesBorins commented Mar 29, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

9 participants

MylesBorins commented Mar 29, 2017 •

edited

Loading