-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: upgrade to V8 5.0.71.52 #6928
Conversation
Thanks for putting this together. While you're at it, it would make sense to pick up 5.0.71.52 as well, which just landed (fixes #6158). |
done! |
LGTM |
LGTM |
Pick up the latest set of patch level updates from the V8 5.0 branch. v8/v8@5.0.71.47...5.0.71.52 Fixes: nodejs#6158 PR-URL: nodejs#6928 Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
FYI @nodejs/release, whoever releases the next v6.x, it might be worth mentioning that this fixes (apparently) a problem node-inspector has been having with v6: node-inspector/node-inspector#864 |
I experienced a much worse 'illegal access' - during bootstrap.js startup! Basically taking the 6.2.0 source code and building it. If I replaced the deps/v8 folder with the 6.1.0 one things ran normally. I would like to try it out with the proposed next release v8 - can someone direct me to what that is? |
you can try with a build from the |
I took the v8 from master and dropped into the 6.2.0 tree that I build from... I still get the "illegal access" during bootstrap. |
Don't do that, just build master as a whole. |
tried the whole master... I get "íllegal access" in a different location now but still in bootstrap: |
I am here in git:
|
ok I need to investigate... I am embedding node so the start procedure is slightly different... using the node::Start function runs correctly.... any hints to as why illegal access can occur? |
deleting my build out folder and rebuilding seemed to fix it :-( sorry for the fuzz! |
Approximately how long until 6.2.1 will be released? I'm waiting for it for the node-inspector fix it includes. Thanks |
@superclarkk Next week. |
Pick up the latest set of patch level updates from the V8 5.0 branch. v8/v8@5.0.71.47...5.0.71.52 Fixes: nodejs#6158 PR-URL: nodejs#6928 Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Pick up the latest set of patch level updates from the V8 5.0 branch. v8/v8@5.0.71.47...5.0.71.52 Fixes: #6158 PR-URL: #6928 Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
* buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or allocUnsafe() as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) #7030 * npm: Upgrade npm to 3.9.3 (Kat Marchán) #7030 * tty: Explicitly opt-in to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at #6980. (Jeremiah Senkpiel) #6895 * V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see #6980 for details. (Michaël Zasso) #6928
* buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or allocUnsafe() as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) #7030 * npm: Upgrade npm to 3.9.3 (Kat Marchán) #7030 * tty: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at #6980. (Jeremiah Senkpiel) #6895 * V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see #6980 for details. (Michaël Zasso) #6928
* buffer: Ignore negative lengths in calls to Buffer() and Buffer.allocUnsafe(). This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or allocUnsafe() as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) #7030 * npm: Upgrade npm to 3.9.3 (Kat Marchán) #7030 * tty: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at #6980. (Jeremiah Senkpiel) #6895 * V8: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see #6980 for details. (Michaël Zasso) #6928
# Notable changes ## Notable changes * **buffer**: Ignore negative lengths in calls to `Buffer()` and `Buffer.allocUnsafe()`. This fixes a possible security concern (reported by Feross Aboukhadijeh) where user input is passed unchecked to the Buffer constructor or `allocUnsafe()` as it can expose parts of the memory slab used by other Buffers in the application. Note that negative lengths are not supported by the Buffer API and user input to the constructor should always be sanitised and type-checked. (Anna Henningsen) [#7051](nodejs/node#7051) * **npm**: Upgrade npm to 3.9.3 (Kat Marchán) [#7030](nodejs/node#7030) - [`npm/npm@42d71be`](npm/npm@42d71be) [npm/npm#12685](npm/npm#12685) When using `npm ls <pkg>` without a semver specifier, `npm ls` would skip any packages in your tree that matched by name, but had a prerelease version in their `package.json`. ([@zkat](/~https://github.com/zkat)) - [`npm/npm@f04e05`](npm/npm@df04e05) [npm/npm#10013](npm/npm#10013) `read-package-tree@5.1.4`: Fixes an issue where `npm install` would fail if your `node_modules` was symlinked. ([@iarna](/~https://github.com/iarna)) - [`b894413`](npm/npm@b894413) [#12372](npm/npm#12372) Changing a nested dependency in an `npm-shrinkwrap.json` and then running `npm install` would not get up the updated package. This corrects that. ([@misterbyrne](/~https://github.com/misterbyrne)) - This release includes `npm@3.9.0`, which is the result of our Windows testing push -- the test suite (should) pass on Windows now. We're working on getting AppVeyor to a place where we can just rely on it like Travis. * **tty**: Default to blocking mode for stdio on OS X. A bug fix in libuv 1.9.0, introduced in Node.js v6.0.0, exposed problems with Node's use of non-blocking stdio, particularly on OS X which has a small output buffer. This change should fix CLI applications that have been having problems with output since Node.js v6.0.0 on OS X. The core team is continuing to address stdio concerns that exist across supported platforms and progress can be tracked at <nodejs/node#6980>. (Jeremiah Senkpiel) [#6895](nodejs/node#6895) * **V8**: Upgrade to V8 5.0.71.52. This includes a fix that addresses problems experienced by users of node-inspector since Node.js v6.0.0, see <node-inspector/node-inspector#864> for details. (Michaël Zasso) [#6928](nodejs/node#6928)
Checklist
Affected core subsystem(s)
v8
Description of change
Pick up the latest set of patch level updates from the V8 5.0 branch.
v8/v8@5.0.71.47...5.0.71.52
R= @nodejs/v8
CI: https://ci.nodejs.org/job/node-test-pull-request/2743/