Commit Graph

1155 Commits (1285008fcaa4edc2f810577b42a37cf96696cdf4)

Author SHA1 Message Date
isaacs f76c3938d0 npm: upgrade to v1.4.8
* Check SHA before using files from cache
* adduser: allow change of the saved password
* Make `npm install` respect `config.unicode`
* Fix lifecycle to pass `Infinity` for config env value
* Don't return 0 exit code on invalid command
* cache: Handle 404s and other HTTP errors as errors
* bump tap dep, make tests stderr a bit quieter
* Resolve ~ in path configs to env.HOME
* Include npm version in default user-agent conf
* npm init: Use ISC as default license, use save-prefix for deps
* Many test and doc fixes
2014-05-01 11:09:00 -07:00
Timothy J Fontaine 1038959dbf uv: update to v0.10.27 2014-05-01 09:27:39 -07:00
Ben Noordhuis 3f3a71e61e deps: fix v8 link error with glibc < 2.17
Commit f9ced08 switches V8 on Linux over from gettimeofday() to
clock_getres() and clock_gettime().  As of glibc 2.17, those functions
live in libc.  For older versions, we need to pull them in from librt.

Fixes the following link-time error;

    Release/obj.target/deps/v8/tools/gyp/libv8_base.a(platform-posix.o):
    In function `v8::internal::OS::Ticks()':
    platform-posix.cc:(.text+0x93c):
    undefined reference to `clock_gettime'
    platform-posix.cc:(.text+0x989):
    undefined reference to `clock_getres'

Fixes #7514.

Signed-off-by: Fedor Indutny <fedor@indutny.com>
2014-04-28 19:34:07 +04:00
Ben Noordhuis f9ced08de3 deps: make v8 use CLOCK_REALTIME_COARSE
Date.now() indirectly calls gettimeofday() on Linux and that's a system
call that is extremely expensive on virtualized systems when the host
operating system has to emulate access to the hardware clock.

Case in point: output from `perf record -c 10000 -e cycles:u -g -i`
for a benchmark/http_simple bytes/8 benchmark with a light load of
50 concurrent clients:

    53.69%     node  node                 [.] v8::internal::OS::TimeCurrentMillis()
               |
               --- v8::internal::OS::TimeCurrentMillis()
                  |
                  |--99.77%-- v8::internal::Runtime_DateCurrentTime(v8::internal::Arguments, v8::internal::Isolate*)
                  |          0x23587880618e

That's right - over half of user time spent inside the V8 function that
calls gettimeofday().

Notably, nearly all system time gets attributed to acpi_pm_read(), the
kernel function that reads the ACPI power management timer:

    32.49%     node  [kernel.kallsyms]    [k] acpi_pm_read
               |
               --- acpi_pm_read
                  |
                  |--98.40%-- __getnstimeofday
                  |          getnstimeofday
                  |          |
                  |          |--71.61%-- do_gettimeofday
                  |          |          sys_gettimeofday
                  |          |          system_call_fastpath
                  |          |          0x7fffbbaf6dbc
                  |          |          |
                  |          |          |--98.72%-- v8::internal::OS::TimeCurrentMillis()

The cost of the gettimeofday() system call is normally measured in
nanoseconds but we were seeing 100 us averages and spikes >= 1000 us.
The numbers were so bad, my initial hunch was that the node process was
continuously getting rescheduled inside the system call...

v8::internal::OS::TimeCurrentMillis()'s most frequent caller is
v8::internal::Runtime_DateCurrentTime(), the V8 run-time function
that's behind Date.now().  The timeout handling logic in lib/http.js
and lib/net.js calls into lib/timers.js and that module will happily
call Date.now() hundreds or even thousands of times per second.
If you saw exports._unrefActive() show up in --prof output a lot,
now you know why.

That's why this commit makes V8 switch over to clock_gettime() on Linux.
In particular, it checks if CLOCK_REALTIME_COARSE is available and has
a resolution <= 1 ms because in that case the clock_gettime() call can
be fully serviced from the vDSO.

It speeds up the aforementioned benchmark by about 100% on the affected
systems and should go a long way toward addressing the latency issues
that StrongLoop customers have been reporting.

This patch will be upstreamed as a CR against V8 3.26.  I'm sending it
as a pull request for v0.10 first because that's what our users are
running and because the delta between 3.26 and 3.14 is too big to
reasonably back-port the patch.  I'll open a pull request for the
master branch once the CR lands upstream.

Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Signed-off-by: Fedor Indutny <fedor@indutny.com>
2014-04-24 14:02:05 -07:00
Fedor Indutny 4601e7c892 Revert "deps: backport b5135bbc from c-ares repo"
This reverts commit 896e19330a.

Proper handling of TXT records requires API change, we can't afford it
in v0.10.

See #7371 for details.
2014-04-24 10:19:30 +04:00
isaacs 75bc11cf12 npm: upgrade to 1.4.7
* isaacs, Robert Kowalski, Benjamin Coe: Test Improvements
* isaacs doc: Add canonical url
* isaacs view: handle unpublished packages properly
* Raynos (Jake Verbaten) do not log if silent
* Julian Gruber fix no such property error
* isaacs npmconf@0.1.14
* Thorsten Lorenz adding save-prefix configuration option
* isaacs npm-registry-client@0.4.7
* isaacs cache: treat missing versions as a 404
* isaacs cache: Save shasum, write resolved/etc data to cache
* isaacs cache: Always fetch root doc
* isaacs cache: don't repack unnecessarily from tmp
* Andrey Kislyuk Don't crash if shrinkwrap-dependencies were not passed in pkginfo
* Robert Kowalski fix link in faq
* Jean Lauliac Add a peerDependencies section in package.json doc
* isaacs read-installed@2.0.2
2014-04-15 15:31:36 -07:00
Fedor Indutny d6fd118727 deps: update openssl to 1.0.1g 2014-04-08 00:58:37 +04:00
isaacs bd547d6598 npm: upgrade to 1.4.6
* Documentation upgrades
* Fix glob bug which prevents proper README publishing
* node-gyp upgrade to 0.13
* Documentation updates
* Add --save-exact to save an exact dep (instead of a range)
* alias 't' to 'test'
2014-03-25 17:42:22 -07:00
Ben Noordhuis 6bd78fd770 deps: fix v8 valgrind warning
Fix the following valgrind warning:

    Conditional jump or move depends on uninitialised value(s)
        at 0x7D64E7: v8::internal::GlobalHandles::IterateAllRootsWithClassIds(v8::internal::ObjectVisitor*) (global-handles.cc:613)
        by 0x94DCDC: v8::internal::NativeObjectsExplorer::FillRetainedObjects() (profile-generator.cc:2849)
        # etc.

This was fixed upstream in r12903 and released in 3.15.2 but that commit
was never back-ported to the 3.14 branch that node.js v0.10 uses.

The code itself works okay; this commit simply shuffles the clauses in
an `if` statement to check that the node is in use before checking its
class id (which is uninitialized if the node is not in use.)
2014-03-07 03:29:00 +04:00
Timothy J Fontaine c2aea3747d uv: Upgrade to v0.10.25 2014-02-18 13:04:29 -08:00
isaacs 217bb0c964 npm: upgrade to 1.4.3 2014-02-17 19:37:33 -08:00
isaacs 55543d3c45 npm: Upgrade to v1.4.0
- Removes 'npm publish -f'
- Documentation
- Bug-fixes
- Update license etc to refer to npm, Inc. rather than @isaacs personally
2014-02-13 16:35:41 -08:00
isaacs 2e8bb57fe3 npm: upgrade to 1.3.26 2014-02-08 15:10:43 -08:00
Fedor Indutny fac8f396cc deps: backport 883637bd from latest v8
Original commit message:

  VS2013 contains a number of improvements, most notably the addition
  of all C99 math functions.

  I'm a little bit concerned about the change I had to make in
  cpu-profiler.cc, but I spent quite a bit of time looking at it and was
  unable to figure out any rational explanation for the warning. It's
  possible it's spurious. Since it seems like a useful warning in
  general   though, I chose not to disable globally at the gyp level.

  I do think someone with expertise here should probably try to
  determine if this is a legitimate warning.

  BUG=288948
  R=dslomov@chromium.org

  Review URL: https://codereview.chromium.org/23449035

NOTE: Path applied without `cpu-profiler.cc` changes because in our
version it was looking totally different.
2014-02-01 00:45:55 +04:00
Fedor Indutny 896e19330a deps: backport b5135bbc from c-ares repo
Original commit message:

    ares_parse_txt_reply: return a ares_txt_reply node for each sub-string

    Previously, the function would wrongly return all substrings merged into
    one.

fix #6931
2014-01-25 12:20:41 -08:00
isaacs 485fcf9c63 npm: Upgrade to v1.3.25 2014-01-23 13:04:49 -08:00
Timothy J Fontaine 8b7ec73331 uv: Upgrade to v0.10.23 2014-01-22 20:47:12 -08:00
isaacs f645c40fcd npm: Upgrade to v1.3.24 2014-01-19 21:13:20 -08:00
svenpanne@chromium.org 196184d332 v8: backport codereview.chromium.org/11362182
Keep the number of descriptors below
DescriptorArray::kMaxNumberOfDescriptors even for accessors

Review URL: https://codereview.chromium.org/11362182
2014-01-10 23:32:08 +00:00
Timothy J Fontaine 30b3bc2f7c uv: Upgrade to v0.10.22 2014-01-07 14:05:58 -08:00
isaacs 1be9365930 npm: Upgrade to 1.3.23 2014-01-06 17:02:07 -08:00
isaacs 7f82faee30 npm: Upgrade to v1.3.22 2013-12-25 19:15:23 -08:00
Timothy J Fontaine 9371be0aa1 uv: Upgrade to v0.10.21 2013-12-18 15:42:46 -08:00
Ben Noordhuis 2eaef9f6da cluster, v8: fix --logfile=%p.log
The %p is replaced with the current PID.  This used to work in node.js
v0.9.7 but it seems to have been lost somewhere along the way.

This commit makes the fix from 6b713b52 ("cluster: make --prof work for
workers") work again.  Without it, all log data ends up in a single
file and is unusable because the addresses are all wrong.
2013-12-18 15:36:12 -08:00
isaacs 2a741f2d12 npm: upgrade to 1.3.21 2013-12-17 14:33:52 -08:00
isaacs e10c223eb6 npm: upgrade to 1.3.20
The 1.3.19 release had a critical bug: any packages published with it
could not be installed, because the shasum would be incorrect.

Thankfully, 1.3.19 was published using 1.3.19, so could not be installed
by any users!  However, if it goes out as part of a Node.js release,
then obviously that would be a problem.
2013-12-17 09:04:30 -08:00
isaacs 97738994e0 npm: Upgrade to 1.3.19 2013-12-16 23:09:16 -08:00
jkummerow@chromium.org 39e2426b20 v8: backport fix for CVE-2013-{6639|6640}
Quoting CVE-2013-6639:

    The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
    before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
    allows remote attackers to cause a denial of service (out-of-bounds
    write) or possibly have unspecified other impact via JavaScript code
    that sets the value of an array element with a crafted index.

Quoting CVE-2013-6640:

    The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8
    before 3.22.24.7, as used in Google Chrome before 31.0.1650.63,
    allows remote attackers to cause a denial of service (out-of-bounds
    read) via JavaScript code that sets a variable to the value of an
    array element with a crafted index.

Like 6b92a7, this is unlikely to affect node.js because it only runs
local, trusted code.  However, if there exists some module somewhere
that populates an array index with remotely provided data this could
very well be used to crash a remote server running node.  Defense in
depth and all.

This is a backport of upstream commit r17801. Original commit log:

    Limit size of dehoistable array indices

    LOG=Y
    BUG=chromium:319835,chromium:319860
    R=dslomov@chromium.org

    Review URL: https://codereview.chromium.org/74113002
2013-12-14 02:55:29 +04:00
Timothy J Fontaine 910bc3c02d uv: Upgrade v0.10.20 2013-12-11 20:24:36 -08:00
isaacs a22de4f7ee npm: Upgrade to 1.3.17 2013-12-11 10:20:26 -08:00
isaacs c1452f4c6f npm: Upgrade to v1.3.15 2013-11-20 11:08:52 -08:00
Timothy J Fontaine ac799ba0af uv: Upgrade to v0.10.19 2013-11-12 10:57:57 -08:00
yangguo@chromium.org 007393a09d v8: use correct timezone information on Solaris
`timezone` variable contains the difference, in seconds, between UTC and
local standard time (see `man 3 localtime` on Solaris).

Call to `tzset` is required to apply contents of `TZ` variable to
`timezone` variable.

BUG=v8:2064

Review URL: https://chromiumcodereview.appspot.com/10967066
Patch from Maciej Małecki <me@mmalecki.com>.

This is a back-port of upstream commit r12802 and a forward port of
commit 9fa953d from the v0.8 branch.  V8 3.22 in the master branch
contains the patch so no further forward-porting is necessary.
2013-11-12 15:15:32 +01:00
Ben Noordhuis 3dcc9b93e1 v8: unbreak `make native` build
The security fix from commit 6b92a713 also back-ported the test case.
Said test case relies on API that is only available in newer versions
of V8 and, as a result, broke the `make native` and `make <arch.mode>`
builds.  This commit reverts that part of the back-port.  Fixes the
following build error:

  ../test/cctest/test-api.cc: In function ‘void TestRegress260106()’:
  ../test/cctest/test-api.cc:17712:34: error: ‘class v8::Context’ has
  no member named ‘GetIsolate’
2013-11-09 22:27:22 +01:00
isaacs 8f221bc43d npm: Upgrade to 1.3.14 2013-11-08 13:41:24 -08:00
isaacs 4b5e6a38df npm@1.3.13 2013-10-28 14:10:47 -07:00
isaacs f6f176e108 npm@1.3.12 2013-10-24 09:22:13 -07:00
Timothy J Fontaine 8fc48bcf4c uv: Upgrade to v0.10.18 2013-10-18 13:52:15 -07:00
Timothy J Fontaine 55546f55d4 uv: Upgrade to v0.10.17 2013-09-24 13:46:19 -07:00
isaacs ebeae2df51 npm: upgrade to 1.3.11 2013-09-07 14:31:04 -05:00
isaacs 1be09dfc25 npm: upgrade to v1.3.10 2013-09-05 17:13:50 -07:00
Bert Belder 6301613ff5 uv: upgrade to v0.10.16 2013-09-05 16:50:47 +02:00
Bert Belder 5508236c49 uv: update to v0.10.15 2013-08-23 19:02:14 +02:00
Timothy J Fontaine e445fbda1f uv: Upgrade v0.10.14 2013-08-21 14:44:20 -07:00
Ben Noordhuis 8d42c6344b deps: upgrade http_parser to 303c4e4
Upgrade to joyent/http-parser@303c4e4. Changes:

  * Do not accept PUN/GEM methods as PUT/GET.
  * Further request method check strengthening.
2013-08-21 03:40:43 +02:00
isaacs 5abdef790c npm: Upgrade to 1.3.8 2013-08-16 08:19:31 -07:00
mstarzinger@chromium.org 6b92a71321 v8: back-port fix for CVE-2013-2882
Quoting the CVE:

    Google V8, as used in Google Chrome before 28.0.1500.95, allows
    remote attackers to cause a denial of service or possibly have
    unspecified other impact via vectors that leverage "type confusion."

Likely has zero impact on node.js because it only runs local, trusted
code but let's apply it anyway.

This is a back-port of upstream commit r15665. Original commit log:

    Use internal array as API function cache.

    R=yangguo@chromium.org
    BUG=chromium:260106
    TEST=cctest/test-api/Regress260106

    Review URL: https://codereview.chromium.org/19159003

Fixes #5973.
2013-08-05 18:17:24 +02:00
isaacs bea9dfa14c npm: Upgrade to 1.3.7 2013-08-02 14:55:22 -07:00
Timothy J Fontaine 5c81f41e70 uv: Upgrade to v0.10.13 2013-07-25 10:48:29 -07:00
isaacs ff0de45929 npm: Upgrade to v1.3.5 2013-07-24 13:23:44 -07:00