Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: upgrade V8 to 4.5.103.35 #3117

Closed
wants to merge 1 commit into from
Closed

deps: upgrade V8 to 4.5.103.35 #3117

wants to merge 1 commit into from

Conversation

ofrobots
Copy link
Contributor

Pick up the latest fixes from V8 4.5 branch & bring us up to 4.5.103.35:

  • Disallow Object.observe calls on access checked objects.
    v8/v8@134e541
  • Avoid excessive data copying for ExternalStreamingStream::SetBookmark.
    v8/v8@96dddb4

R=@targos, @bnoordhuis
/cc @nodejs/v8

Apply the latest fixes from V8 4.5 branch & bring us up to 4.5.103.35:
* Disallow Object.observe calls on access checked objects.
v8/v8@134e541
* Avoid excessive data copying for ExternalStreamingStream::SetBookmark.
v8/v8@96dddb4
@indutny
Copy link
Member

indutny commented Sep 29, 2015

LGTM, if CI is green

@ofrobots
Copy link
Contributor Author

@ofrobots
Copy link
Contributor Author

BTW, FYI, note that https://github.com/v8/v8 is the new home of the V8 github mirror.

@bnoordhuis
Copy link
Member

LGTM

@ofrobots
Copy link
Contributor Author

CI is green, but arm-v8 failed to run. I have launched an arm-only re-run here: https://ci.nodejs.org/job/node-test-commit-arm/766/

@trevnorris
Copy link
Contributor

Looks like they're green. LGTM.

@mscdex mscdex added the v8 engine Issues and PRs related to the V8 dependency. label Sep 29, 2015
@targos
Copy link
Member

targos commented Sep 29, 2015

LGTM

@ofrobots
Copy link
Contributor Author

Added the land-on-4.x tag. I am assuming the release-magicians will land it. /cc @nodejs/release

@Fishrock123
Copy link
Contributor

  • Disallow Object.observe calls on access checked objects.
    v8/v8@134e541

That is technically breaking, isn't it? Weird grey area. No real opinions here.

@Fishrock123
Copy link
Contributor

cc @nodejs/lts ^

@rvagg
Copy link
Member

rvagg commented Sep 30, 2015

I'm guessing v8/v8@134e541 is related to CVE-2015-1304.

Seems like an appropriate bugfix to me that we want in v4, I'm fine with this so lgtm.

@bnoordhuis
Copy link
Member

That is technically breaking, isn't it?

No, it's a security fix.

ofrobots added a commit that referenced this pull request Sep 30, 2015
Apply the latest fixes from V8 4.5 branch & bring us up to 4.5.103.35:
* Disallow Object.observe calls on access checked objects.
v8/v8@134e541
* Avoid excessive data copying for ExternalStreamingStream::SetBookmark.
v8/v8@96dddb4

PR-URL: #3117
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: trevnorris - Trevor Norris <trev.norris@gmail.com>
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
@ofrobots
Copy link
Contributor Author

Landed on master in c273944.

ofrobots added a commit that referenced this pull request Oct 2, 2015
Apply the latest fixes from V8 4.5 branch & bring us up to 4.5.103.35:
* Disallow Object.observe calls on access checked objects.
v8/v8@134e541
* Avoid excessive data copying for ExternalStreamingStream::SetBookmark.
v8/v8@96dddb4

PR-URL: #3117
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: trevnorris - Trevor Norris <trev.norris@gmail.com>
Reviewed-By: targos - Michaël Zasso <mic.besace@gmail.com>
@ofrobots ofrobots closed this Oct 5, 2015
rvagg added a commit that referenced this pull request Oct 5, 2015
Notable changes

* http:
  - Fix out-of-order 'finish' event bug in pipelining that can abort
    execution, fixes DoS vulnerability CVE-2015-7384
    (Fedor Indutny) #3128
  - Account for pending response data instead of just the data on the
    current request to decide whether pause the socket or not
    (Fedor Indutny) #3128
* libuv: Upgraded from v1.7.4 to v1.7.5, see release notes for details
  (Saúl Ibarra Corretgé) #3010
  - A better rwlock implementation for all Windows versions
  - Improved AIX support
* v8:
  - Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) #3117
  - Backported f782159 from v8's upstream to help speed up Promise
    introspection (Ben Noordhuis) #3130
  - Backported c281c15 from v8's upstream to add JSTypedArray length
    in post-mortem metadata (Julien Gilli) #3031

PR-URL: #3128
rvagg added a commit that referenced this pull request Oct 5, 2015
Notable changes

* http:
  - Fix out-of-order 'finish' event bug in pipelining that can abort
    execution, fixes DoS vulnerability CVE-2015-7384
    (Fedor Indutny) #3128
  - Account for pending response data instead of just the data on the
    current request to decide whether pause the socket or not
    (Fedor Indutny) #3128
* libuv: Upgraded from v1.7.4 to v1.7.5, see release notes for details
  (Saúl Ibarra Corretgé) #3010
  - A better rwlock implementation for all Windows versions
  - Improved AIX support
* v8:
  - Upgraded from v4.5.103.33 to v4.5.103.35 (Ali Ijaz Sheikh) #3117
  - Backported f782159 from v8's upstream to help speed up Promise
    introspection (Ben Noordhuis) #3130
  - Backported c281c15 from v8's upstream to add JSTypedArray length
    in post-mortem metadata (Julien Gilli) #3031

PR-URL: #3128
@ofrobots ofrobots deleted the v4.x branch October 14, 2015 18:35
@MylesBorins
Copy link
Contributor

landed in v4.x-staging in 5a9e795

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
v8 engine Issues and PRs related to the V8 dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants