-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: enable ASLR (PIE) on OS X #35704
Conversation
After conducting several benchmarks, I noticed performance losses of 5-10%. As OS X is not a performance critical platform, as already mentioned by @bnoordhuis, I have removed the -no_pie flag at least for this platform. I'd love to enable PIE for other platforms if the 5-10% speed loss is not too high. I would be happy to hear your opinion on this. Refs: nodejs#33425
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since common.gypi also affects addons: Should we be extra careful and label this semver-major?
Probably. Does it have to be in |
As PIE is explicitly opted-out in common.gypi, and there is no "-no_pie" flag in node.gypi, I wouldn't know how to turn it on specifically in node.gypi. But maybe I am missing some knowledge here. My changes actually just revert this commit: a5012a0 |
ugh then I guess defensively |
@nodejs/tsc This is semver-major and so would need at least one more TSC approval. |
CI is passing, so I assume #5903 is not an issue anymore? If someone wants to build a custom Node.js binary without PIE, how would they do it? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blocking this as I would like to know more. what is the advantage of -pie?
A lot of frontend build tools compete on build times, e.g. performance. I disagree that Mac is not a perf-critical target.
@mcollina To save you a Google search, it enables the OS to do ASLR which is a security feature: https://en.wikipedia.org/wiki/Position-independent_code#Position-independent_executables & https://en.wikipedia.org/wiki/Address_space_layout_randomization
|
ah that's why my inbox is full of alerts? |
I looked at those articles, however I do not understand exactly what is the benefit and what we are trying to protect our users from. None of the threat exposed there seems to apply to our security model. |
@mcollina It’s a defense-in-depth mechanism that mitigates the impact of remote code execution vulnerabilities. It is an additional layer to make exploits significantly harder to write, rather than a full protection against a vulnerability. It is also fairly standard to have this enabled in modern applications, if that is technically feasible. |
My take is that 5-10% is a significant decrease and we need to carefully weigh if the benefits are worth that decrease, particularly in the eyes of end users. |
Does python, ruby, etc ships with this enabled? Does go, rust produce binaries with this enabled by default? |
FWIW, I think we already have it enabled for Linux builds, and I think it's not a performance problem on Linux (although I might be wrong), so when evaluating Python, Ruby, Go, etc. those should be evaluated on OSX as well. |
Yes, and, at least on my Ubuntu machine, they also do so on Linux.
Rust does and go doesn’t, on both of these platforms. Also, keep in mind that this does not affect compiled JS code, only native code in the binary. |
I'm very surprised by the 5-10% numbers tbh |
Particularly if we already have it enabled for Linux. |
It doesn't look like we do, though. |
PIE / ASLR is an exploit mitigation which makes it harder to exploit a target if you find a memory bug (e.g. stack buffer overflow) which would allow arbitrary code execution. With PIE enabled, you can't hardcode addresses, and you need to calculate offsets for them. To achieve this, another vulnerability would be needed (e.g. format string information leak) in order to circumvent this. From my personal experience writing (basic) exploits, PIE is a very useful mitigation. Especially in combination with W^X mempages, PIE is a very effective way to prevent return-oriented programming (which is a common technique when writing exploits). In my opinion, the security benefits outweigh the perfomance costs.
Rust and Go don't need this feature as they are memory safe by design (Rust at compile-time via RAII, Golang at runtime via garbage collector). The developers say, that their languages are safe and therefore no need for PIE, which is not the case for C / C++. |
This is a really good protection layer but I also think it is very theoretical in the Node.js case. I may be wrong but I don't think there has been an RCE in the last few years (if not one at all). We consider JS code as "trusted" - there are significant bigger threats if we did not consider it so. |
It is not very theoretical, and it does not have to be an RCE, as I've said this is relevant for any memory based attack. It is not about JS code, it's about the native code, which you can never consider safe if it's C or C++. This is a standard security feature in modern applications and should not be turned off (there is a reason why it's opt-out these days, and there has been a reason why it was opted-out, but this is now obsolete). One recent example from June 202 (and if you go through all security patches, you will find a lot more of them), this is a common threat. Any big application has such security holes and this is totally normal: Especially with Node.js, this kind of issues are a big threat as most users install a Node version and don't update it frequently, so many binaries out there are vulnerable to publicly well known memory corruptions. |
Considering the releases in https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/, how would I'm guessing @Trott @devnexen @richardlau @addaleax you'd be in favor of enabling |
Ok in the particular case for CVE-2020-8252, an exploit is very unlikely by the nature of the bug, but still is for other ones. Didn't to enough research on this one, my bad. I personally would not necessarily enable it on Linux, as this is a production system for many users, and I can understand that 5-10% performance decrease are too much for this platform. That's my opinion on that (but I'd still be happy if it's done). |
@mcollina This is not what this is about.
Well … as @woodfairy said, this is probably not easy to exploit on its own, but I can try to turn it into an example of where ASLR would help mitigate impact: If an attacker can cause a write buffer overflow here, they can write to memory that they should not be able to write to. If they can write to memory that contains a function pointer (and possibly some arguments that are later passed to that function – that’s not an uncommon combination), they can overwrite that pointer with another value, leading to a jump to an attacker-controlled address later. If ASLR is disabled, the addresses for code in the Node.js binary itself are fixed, and very easy to jump to, making it possible to jump to an attacker-controlled function inside Node.js (which may perform privileged operations, including using functions that write data to disk). If ASLR is enabled, that makes addresses inside the Node.js binary hard to guess, and can make such attacks impractical.
I would be okay with that, but I feel like @woodfairy here. |
I see, thanks for the detailed explanation. This can be useful indeed. I disagree with the premise that Mac OS X could "run slower" than other platforms. I'll do some measurements on a real world codebase and report back. |
How have you measured the 5-10% slowdown? I've run a few tests and webpack build times or http server throughput are not effected in a meaningful way. I have a Macbook Pro 13'' 2020. |
I measured using the benchmarks in benchmark/ I have a MacBook Pro 13" 2016 |
Which one did you run? Maybe is there some sort of HW/OS support that could make this less expensive? |
Would be in favor indeed. |
There are the results of the benchmark. It is possible that my hardware causes those. But I don't know it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
CI is failing somehow :/ |
This is very odd as PIE should not affect the code. I will look into it, hopefully soon. |
I think there’s a good chance that all of those are flaky, pre-existing failures. |
CI is green. Is this ready to land? |
Landed in fff25a0...8d6b74d |
After conducting several benchmarks, I noticed performance losses of 5-10%. As OS X is not a performance critical platform, as already mentioned by @bnoordhuis, I have removed the -no_pie flag at least for this platform. I'd love to enable PIE for other platforms if the 5-10% speed loss is not too high. I would be happy to hear your opinion on this. Refs: #33425 PR-URL: #35704 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Notable Changes: Deprecations and Removals - **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive (Antoine du Hamel) [#37216] - **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option (Antoine du Hamel) [#37302] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('http_parser') (James M Snell) [#37813] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('url') (James M Snell) [#37799] - **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only type checkers (Anna Henningsen) [#37819] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('crypto') (James M Snell) [#37790] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('signal_wrap') (James M Snell) [#37800] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('v8') (James M Snell) [#37789] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('async_wrap') (James M Snell) [#37576] - **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath (Antoine du Hamel) [#37201] - **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder mappings (Antoine du Hamel) [#37215] - **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and extension lookups (Antoine du Hamel) [#37206] - **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json main entries (Antoine du Hamel) [#37204] - **(SEMVER-MAJOR)** **process**: runtime deprecate changing process.config (James M Snell) [#36902] Stable Timers Promises API: The Timers Promises API provides an alternative set of timer functions that return Promise objects. Added in Node.js v15.0.0, in this release they graduate from experimental status to stable. Contributed by James Snell - [#38112] Toolchain and Compiler Upgrades: Node.js v16.0.0 will be the first release where we ship prebuilt binaries for Apple Silicon. While we’ll be providing separate tarballs for the Intel (`darwin-x64`) and ARM (`darwin-arm64`) architectures the macOS installer (`.pkg`) will be shipped as a ‘fat’ (multi-architecture) binary. - **(SEMVER-MAJOR)** **build**: remove support for Python 2 (Christian Clauss) [#36691] - **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile (Michaël Zasso) [#37764] - **build**: update Makefile to support fat binary (Ash Cripps) [#37861] - **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy) [#35704] - **build**: warn for gcc versions earlier than 8.3.0 (Richard Lau) [#37935] - **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11 (Michaël Zasso) [#37872] - **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3 (Michaël Zasso) [#37871] - **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps) [#37677] - **tools**: set arch in Distribution.xml (Ash Cripps) [#38261] V8 9.0: The V8 JavaScript engine is updated to V8 9.0, including performance tweaks and improvements. This update also brings the ECMAScript RegExp Match Indices, which provide the start and end indices of the captured string. The indices array is available via the `.indices` property on match objects when the regular expression has the `/d` flag. Contributed by Michaël Zasso - [#37587] Other Notable Changes: - **(SEMVER-MINOR)** **assert**: graduate assert.match and assert.doesNotMatch (James M Snell) [#38111] - **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals (James M Snell) [#37786] - **deps**: update llhttp to 6.0.0 (Fedor Indutny) [#38277] - **deps**: upgrade npm to 7.10.0 (Ruy Adorno) [#38254] - **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68 (Michaël Zasso) [#37330] - **(SEMVER-MINOR)** **http**: add http.ClientRequest.getRawHeaderNames() (simov) [#37660] - **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent (Michael Dawson) [#36478] - **(SEMVER-MINOR)** **module**: add support for `node:`‑prefixed `require(…)` calls (ExE Boss) [#37246] - **(SEMVER-MINOR)** **perf_hooks**: add histogram option to timerify (James M Snell) [#37475] - **(SEMVER-MINOR)** **repl**: add auto‑completion for `node:`‑prefixed `require(…)` calls (ExE Boss) [#37246] - **(SEMVER-MINOR)** **util**: add getSystemErrorMap() impl (eladkeyshawn) [#38101] Semver-Major Commits: - **async_hooks**: add thisArg to AsyncResource.bind (James M Snell) [#36782] - **buffer**: expose btoa and atob as globals (James M Snell) [#37786] - **build**: remove support for Python 2 (Christian Clauss) [#36691] - **build**: default PYTHON to python3 in Makefile (Michaël Zasso) [#37764] - **build**: update Makefile to support fat binary (Ash Cripps) [#37861] - **build**: reset embedder string to "-node.0" (Michaël Zasso) [#37587] - **build**: include minimal V8 headers in distribution (Michaël Zasso) [#37570] - **build**: reset embedder string to "-node.0" (Michaël Zasso) [#37330] - **build**: reset embedder string to "-node.0" (Michaël Zasso) [#36139] - **build**: use C++11 ABI with libstdc++ (Anna Henningsen) [#36634] - **build**: enable ASLR (PIE) on OS X (woodfairy) [#35704] - **build**: reset embedder string to "-node.0" (Michaël Zasso) [#35700] - **deps**: V8: cherry-pick 1648e050cade (Michaël Zasso) [#37587] - **deps**: silence irrelevant V8 warnings (Michaël Zasso) [#37587] - **deps**: fix V8 build issue with inline methods (Jiawen Geng) [#35415] - **deps**: make v8.h compatible with VS2015 (Joao Reis) [#32116] - **deps**: V8: forward declaration of `Rtl\*FunctionTable` (Refael Ackermann) [#32116] - **deps**: V8: patch register-arm64.h (Refael Ackermann) [#32116] - **deps**: V8: un-cherry-pick bd019bd (Refael Ackermann) [#32116] - **deps**: update V8 to 9.0.257.11 (Michaël Zasso) [#37587] - **deps**: bump minimum ICU version to 68 (Michaël Zasso) [#37330] - **deps**: V8: cherry-pick 8957d4677aa7 (Michaël Zasso) [#37330] - **deps**: V8: backport a11395433dbd (Michaël Zasso) [#37330] - **deps**: V8: cherry-pick deb0813166f3 (Michaël Zasso) [#36139] - **deps**: V8: cherry-pick 9a6a22874c81 (Michaël Zasso) [#36139] - **deps**: silence irrelevant V8 warning (Michaël Zasso) [#37330] - **deps**: workaround stod() limitations on SmartOS (Colin Ihrig) [#37330] - **deps**: fix V8 build issue with inline methods (Jiawen Geng) [#35415] - **deps**: patch V8 to run on Xcode 8 (Mary Marchini) [#32116] - **deps**: make v8.h compatible with VS2015 (Joao Reis) [#32116] - **deps**: V8: forward declaration of `Rtl\*FunctionTable` (Refael Ackermann) [#32116] - **deps**: V8: patch register-arm64.h (Refael Ackermann) [#32116] - **deps**: patch V8 to run on older XCode versions (Ujjwal Sharma) [#32116] - **deps**: V8: un-cherry-pick bd019bd (Refael Ackermann) [#32116] - **deps**: update V8 to 8.9.255.19 (Michaël Zasso) [#37330] - **deps**: V8: cherry-pick deb0813166f3 (Michaël Zasso) [#36139] - **deps**: V8: cherry-pick 9a6a22874c81 (Michaël Zasso) [#36139] - **deps**: V8: cherry-pick 2059ee813359 (Michaël Zasso) [#36139] - **deps**: V8: cherry-pick bde7ee5473d6 (Michaël Zasso) [#36139] - **deps**: V8: cherry-pick 9a712984025e (Michaël Zasso) [#36139] - **deps**: V8: cherry-pick 0b96e5b0bfb2 (Michaël Zasso) [#36139] - **deps**: V8: cherry-pick fbb28902e049 (Michaël Zasso) [#36139] - **deps**: V8: cherry-pick 821fb3883a8e (Michaël Zasso) [#35700] - **deps**: workaround stod() limitations on SmartOS (Colin Ihrig) [#36139] - **deps**: fix V8 build issue with inline methods (Jiawen Geng) [#35415] - **deps**: patch V8 to run on Xcode 8 (Mary Marchini) [#32116] - **deps**: V8: silence irrelevant warnings (Michaël Zasso) [#32116] - **deps**: make v8.h compatible with VS2015 (Joao Reis) [#32116] - **deps**: V8: forward declaration of `Rtl\*FunctionTable` (Refael Ackermann) [#32116] - **deps**: V8: patch register-arm64.h (Refael Ackermann) [#32116] - **deps**: patch V8 to run on older XCode versions (Ujjwal Sharma) [#32116] - **deps**: V8: un-cherry-pick bd019bd (Refael Ackermann) [#32116] - **deps**: update V8 to 8.8.278.17 (Michaël Zasso) [#36139] - **deps**: V8: cherry-pick 821fb3883a8e (Michaël Zasso) [#35700] - **deps**: V8: cherry-pick 45e49775f5a3 (Michaël Zasso) [#35700] - **deps**: V8: cherry-pick 7b3a27b7ae65 (Michaël Zasso) [#35700] - **deps**: V8: cherry-pick d76abfed3512 (Michaël Zasso) [#35415] - **deps**: fix V8 build issue with inline methods (Jiawen Geng) [#35415] - **deps**: update V8 postmortem metadata script (Colin Ihrig) [#35415] - **deps**: update V8 postmortem metadata script (Colin Ihrig) [#33579] - **deps**: patch V8 to run on Xcode 8 (Mary Marchini) [#32116] - **deps**: V8: silence irrelevant warnings (Michaël Zasso) [#32116] - **deps**: make v8.h compatible with VS2015 (Joao Reis) [#32116] - **deps**: V8: forward declaration of `Rtl\*FunctionTable` (Refael Ackermann) [#32116] - **deps**: V8: patch register-arm64.h (Refael Ackermann) [#32116] - **deps**: patch V8 to run on older XCode versions (Ujjwal Sharma) [#32116] - **deps**: V8: un-cherry-pick bd019bd (Refael Ackermann) [#32116] - **deps**: update V8 to 8.7.220 (Michaël Zasso) [#35700] - **dns**: use url module instead of punycode for IDNA (Antoine du Hamel) [#35091] - **doc**: update minimum supported Xcode to 11 (Michaël Zasso) [#37872] - **doc**: update minimum supported GCC to 8.3 (Michaël Zasso) [#37871] - **doc**: update AIX to GCC8 for v16.x (Ash Cripps) [#37677] - **doc**: fixup http.IncomingMessage deprecation code (Guy Bedford) [#36917] - **doc**: add http.IncomingMessage#connection (Pranshu Srivastava) [#33768] - **events**: change EventTarget handler exception behavior (Nitzan Uziely) [#37237] - **fs**: remove permissive rmdir recursive (Antoine du Hamel) [#37216] - **fs**: add validation for fd and path (Dylan Elliott) [#35187] - **fs**: runtime deprecate rmdir recursive option (Antoine du Hamel) [#37302] - **fs**: fix flag and mode validation (James M Snell) [#37480] - **http**: use objects with null prototype in Agent (Michaël Zasso) [#36409] - **lib**: runtime deprecate access to process.binding('http_parser') (James M Snell) [#37813] - **lib**: runtime deprecate access to process.binding('url') (James M Snell) [#37799] - **lib**: make process.binding('util') return only type checkers (Anna Henningsen) [#37819] - **lib**: runtime deprecate access to process.binding('crypto') (James M Snell) [#37790] - **lib**: runtime deprecate access to process.binding('signal_wrap') (James M Snell) [#37800] - **lib**: runtime deprecate access to process.binding('v8') (James M Snell) [#37789] - **lib**: aggregate errors to avoid error swallowing (Antoine du Hamel) [#37460] - **lib**: load v8_prof_processor dependencies as ESM (Michaël Zasso) [#37587] - **lib**: runtime deprecate access to process.binding('async_wrap') (James M Snell) [#37576] - **lib**: remove usage of url.parse (raisinten) [#36853] - **lib**: add error handling for input stream (rexagod) [#31603] - **lib,src**: update cluster to use Parent (Michael Dawson) [#36478] - **module**: runtime deprecate subpath folder mappings (Antoine du Hamel) [#37215] - **module**: runtime deprecate "main" index and extension lookups (Antoine du Hamel) [#37206] - **module**: runtime deprecate invalid package.json main entries (Antoine du Hamel) [#37204] - **module**: remove module.createRequireFromPath (Antoine du Hamel) [#37201] - **module**: only set cache when finding module succeeds (Yongsheng Zhang) [#36642] - **perf_hooks**: make performance a global (James M Snell) [#37970] - **perf_hooks**: complete overhaul of the implementation (James M Snell) [#37136] - **process**: disallow adding options to process.allowedNodeEnvironmentFlags (Antoine du Hamel) [#36660] - **process**: runtime deprecate changing process.config (James M Snell) [#36902] - **readline**: cursorTo throw error on NaN (Zijian Liu) [#36379] - **src**: use non-deprecated GetCreationContext from V8 (Michaël Zasso) [#37587] - **src**: remove V8_FT_ADAPTOR for V8 update (Colin Ihrig) [#37587] - **src**: use non-deprecated V8 module APIs (Michaël Zasso) [#37587] - **src**: update NODE_MODULE_VERSION to 93 (Michaël Zasso) [#37587] - **src**: use non-deprecated V8 module and script APIs (Michaël Zasso) [#37330] - **src**: update NODE_MODULE_VERSION to 92 (Michaël Zasso) [#37330] - **src**: update NODE_MODULE_VERSION to 91 (Michaël Zasso) [#36139] - **src**: mark internally exported functions as explicitly internal (Tyler Ang-Wanek) [#37000] - **src**: inline AsyncCleanupHookHandle in headers (Tyler Ang-Wanek) [#37000] - **src**: fix v8 api deprecation (Jiawen Geng) [#35700] - **src**: update NODE_MODULE_VERSION to 90 (Michaël Zasso) [#35700] - **src**: clean up embedder API (Anna Henningsen) [#35897] - **test**: mark test-return-on-exit as flaky (Michaël Zasso) [#36139] - **test**: mark WASI's test-return-on-exit as flaky (Colin Ihrig) [#36139] - **tools**: update V8 gypfiles for 9.0 (Michaël Zasso) [#37587] - **tools**: update V8 gypfiles for 8.9 (Michaël Zasso) [#37330] - **tools**: update V8 gypfiles for 8.8 (Michaël Zasso) [#36139] - **tools**: update V8 gypfiles for 8.7 (Michaël Zasso) [#35700] - **worker**: send correct error status for worker init (Yash Ladha) [#36242] PR-URL: #37678
Notable changes: Deprecations and Removals: - **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive (Antoine du Hamel) [#37216] - **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option (Antoine du Hamel) [#37302] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('http_parser') (James M Snell) [#37813] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('url') (James M Snell) [#37799] - **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only type checkers (Anna Henningsen) [#37819] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('crypto') (James M Snell) [#37790] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('signal_wrap') (James M Snell) [#37800] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('v8') (James M Snell) [#37789] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('async_wrap') (James M Snell) [#37576] - **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath (Antoine du Hamel) [#37201] - **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder mappings (Antoine du Hamel) [#37215] - **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and extension lookups (Antoine du Hamel) [#37206] - **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json main entries (Antoine du Hamel) [#37204] - **(SEMVER-MAJOR)** **process**: runtime deprecate changing process.config (James M Snell) [#36902] Stable Timers Promises API: The Timers Promises API provides an alternative set of timer functions that return Promise objects. Added in Node.js v15.0.0, in this release they graduate from experimental status to stable. Contributed by James Snell - [#38112] Toolchain and Compiler Upgrades: Node.js v16.0.0 will be the first release where we ship prebuilt binaries for Apple Silicon. While we’ll be providing separate tarballs for the Intel (`darwin-x64`) and ARM (`darwin-arm64`) architectures the macOS installer (`.pkg`) will be shipped as a ‘fat’ (multi-architecture) binary. - **(SEMVER-MAJOR)** **build**: remove support for Python 2 (Christian Clauss) [#36691] - **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile (Michaël Zasso) [#37764] - **build**: update Makefile to support fat binary (Ash Cripps) [#37861] - **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy) [#35704] - **build**: warn for gcc versions earlier than 8.3.0 (Richard Lau) [#37935] - **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11 (Michaël Zasso) [#37872] - **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3 (Michaël Zasso) [#37871] - **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps) [#37677] - **tools**: set arch in Distribution.xml (Ash Cripps) [#38261] V8 9.0: The V8 JavaScript engine is updated to V8 9.0, including performance tweaks and improvements. This update also brings the ECMAScript RegExp Match Indices, which provide the start and end indices of the captured string. The indices array is available via the `.indices` property on match objects when the regular expression has the `/d` flag. Contributed by Michaël Zasso - [#37587] Other Notable Changes: - **(SEMVER-MINOR)** **assert**: graduate assert.match and assert.doesNotMatch (James M Snell) [#38111] - **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals (James M Snell) [#37786] - **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68 (Michaël Zasso) [#37330] - **deps**: update ICU to 69.1 (Michaël Zasso) [#38178] - **deps**: update llhttp to 6.0.0 (Fedor Indutny) [#38277] - **deps**: upgrade npm to 7.10.0 (Ruy Adorno) [#38254] - **(SEMVER-MINOR)** **http**: add http.ClientRequest.getRawHeaderNames() (simov) [#37660] - **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent (Michael Dawson) [#36478] - **(SEMVER-MINOR)** **module**: add support for `node:`‑prefixed `require(…)` calls (ExE Boss) [#37246] - **(SEMVER-MINOR)** **perf_hooks**: add histogram option to timerify (James M Snell) [#37475] - **(SEMVER-MINOR)** **repl**: add auto‑completion for `node:`‑prefixed `require(…)` calls (ExE Boss) [#37246] - **(SEMVER-MINOR)** **util**: add getSystemErrorMap() impl (eladkeyshawn) [#38101] Semver-Major Commits: - **(SEMVER-MAJOR)** **async_hooks**: add thisArg to AsyncResource.bind (James M Snell) [#36782] - **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals (James M Snell) [#37786] - **(SEMVER-MAJOR)** **build**: remove support for Python 2 (Christian Clauss) [#36691] - **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile (Michaël Zasso) [#37764] - **(SEMVER-MAJOR)** **build**: update Makefile to support fat binary (Ash Cripps) [#37861] - **(SEMVER-MAJOR)** **build**: include minimal V8 headers in distribution (Michaël Zasso) [#37570] - **(SEMVER-MAJOR)** **build**: use C++11 ABI with libstdc++ (Anna Henningsen) [#36634] - **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy) [#35704] - **(SEMVER-MAJOR)** **deps**: update V8 to 9.0.257.11 (Michaël Zasso) [#37587] - **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68 (Michaël Zasso) [#37330] - **(SEMVER-MAJOR)** **deps**: update V8 to 8.9.255.19 (Michaël Zasso) [#37330] - **(SEMVER-MAJOR)** **deps**: update V8 to 8.8.278.17 (Michaël Zasso) [#36139] - **(SEMVER-MAJOR)** **deps**: update V8 to 8.7.220 (Michaël Zasso) [#35700] - **(SEMVER-MAJOR)** **dns**: use url module instead of punycode for IDNA (Antoine du Hamel) [#35091] - **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11 (Michaël Zasso) [#37872] - **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3 (Michaël Zasso) [#37871] - **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps) [#37677] - **(SEMVER-MAJOR)** **doc**: add http.IncomingMessage#connection (Pranshu Srivastava) [#33768] - **(SEMVER-MAJOR)** **events**: change EventTarget handler exception behavior (Nitzan Uziely) [#37237] - **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive (Antoine du Hamel) [#37216] - **(SEMVER-MAJOR)** **fs**: add validation for fd and path (Dylan Elliott) [#35187] - **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option (Antoine du Hamel) [#37302] - **(SEMVER-MAJOR)** **fs**: fix flag and mode validation (James M Snell) [#37480] - **(SEMVER-MAJOR)** **http**: use objects with null prototype in Agent (Michaël Zasso) [#36409] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('http_parser') (James M Snell) [#37813] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('url') (James M Snell) [#37799] - **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only type checkers (Anna Henningsen) [#37819] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('crypto') (James M Snell) [#37790] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('signal_wrap') (James M Snell) [#37800] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('v8') (James M Snell) [#37789] - **(SEMVER-MAJOR)** **lib**: aggregate errors to avoid error swallowing (Antoine du Hamel) [#37460] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('async_wrap') (James M Snell) [#37576] - **(SEMVER-MAJOR)** **lib**: remove usage of url.parse (raisinten) [#36853] - **(SEMVER-MAJOR)** **lib**: add error handling for input stream (rexagod) [#31603] - **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent (Michael Dawson) [#36478] - **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder mappings (Antoine du Hamel) [#37215] - **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and extension lookups (Antoine du Hamel) [#37206] - **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json main entries (Antoine du Hamel) [#37204] - **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath (Antoine du Hamel) [#37201] - **(SEMVER-MAJOR)** **module**: only set cache when finding module succeeds (Yongsheng Zhang) [#36642] - **(SEMVER-MAJOR)** **perf_hooks**: make performance a global (James M Snell) [#37970] - **(SEMVER-MAJOR)** **perf_hooks**: complete overhaul of the implementation (James M Snell) [#37136] - **(SEMVER-MAJOR)** **process**: disallow adding options to process.allowedNodeEnvironmentFlags (Antoine du Hamel) [#36660] - **(SEMVER-MAJOR)** **process**: runtime deprecate changing process.config (James M Snell) [#36902] - **(SEMVER-MAJOR)** **readline**: cursorTo throw error on NaN (Zijian Liu) [#36379] - **(SEMVER-MAJOR)** **src**: mark internally exported functions as explicitly internal (Tyler Ang-Wanek) [#37000] - **(SEMVER-MAJOR)** **src**: inline AsyncCleanupHookHandle in headers (Tyler Ang-Wanek) [#37000] - **(SEMVER-MAJOR)** **src**: clean up embedder API (Anna Henningsen) [#35897] - **(SEMVER-MAJOR)** **worker**: send correct error status for worker init (Yash Ladha) [#36242] PR-URL: #37678
Notable changes: Deprecations and Removals: - **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive (Antoine du Hamel) [#37216] - **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option (Antoine du Hamel) [#37302] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('http_parser') (James M Snell) [#37813] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('url') (James M Snell) [#37799] - **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only type checkers (Anna Henningsen) [#37819] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('crypto') (James M Snell) [#37790] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('signal_wrap') (James M Snell) [#37800] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('v8') (James M Snell) [#37789] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('async_wrap') (James M Snell) [#37576] - **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath (Antoine du Hamel) [#37201] - **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder mappings (Antoine du Hamel) [#37215] - **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and extension lookups (Antoine du Hamel) [#37206] - **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json main entries (Antoine du Hamel) [#37204] - **(SEMVER-MAJOR)** **process**: runtime deprecate changing process.config (James M Snell) [#36902] Stable Timers Promises API: The Timers Promises API provides an alternative set of timer functions that return Promise objects. Added in Node.js v15.0.0, in this release they graduate from experimental status to stable. Contributed by James Snell - [#38112] Toolchain and Compiler Upgrades: Node.js v16.0.0 will be the first release where we ship prebuilt binaries for Apple Silicon. While we’ll be providing separate tarballs for the Intel (`darwin-x64`) and ARM (`darwin-arm64`) architectures the macOS installer (`.pkg`) will be shipped as a ‘fat’ (multi-architecture) binary. - **(SEMVER-MAJOR)** **build**: remove support for Python 2 (Christian Clauss) [#36691] - **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile (Michaël Zasso) [#37764] - **build**: update Makefile to support fat binary (Ash Cripps) [#37861] - **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy) [#35704] - **build**: warn for gcc versions earlier than 8.3.0 (Richard Lau) [#37935] - **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11 (Michaël Zasso) [#37872] - **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3 (Michaël Zasso) [#37871] - **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps) [#37677] - **tools**: set arch in Distribution.xml (Ash Cripps) [#38261] V8 9.0: The V8 JavaScript engine is updated to V8 9.0, including performance tweaks and improvements. This update also brings the ECMAScript RegExp Match Indices, which provide the start and end indices of the captured string. The indices array is available via the `.indices` property on match objects when the regular expression has the `/d` flag. Contributed by Michaël Zasso - [#37587] Other Notable Changes: - **(SEMVER-MINOR)** **assert**: graduate assert.match and assert.doesNotMatch (James M Snell) [#38111] - **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals (James M Snell) [#37786] - **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68 (Michaël Zasso) [#37330] - **deps**: update ICU to 69.1 (Michaël Zasso) [#38178] - **deps**: update llhttp to 6.0.0 (Fedor Indutny) [#38277] - **deps**: upgrade npm to 7.10.0 (Ruy Adorno) [#38254] - **(SEMVER-MINOR)** **http**: add http.ClientRequest.getRawHeaderNames() (simov) [#37660] - **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent (Michael Dawson) [#36478] - **(SEMVER-MINOR)** **module**: add support for `node:`‑prefixed `require(…)` calls (ExE Boss) [#37246] - **(SEMVER-MINOR)** **perf_hooks**: add histogram option to timerify (James M Snell) [#37475] - **(SEMVER-MINOR)** **repl**: add auto‑completion for `node:`‑prefixed `require(…)` calls (ExE Boss) [#37246] - **(SEMVER-MINOR)** **util**: add getSystemErrorMap() impl (eladkeyshawn) [#38101] Semver-Major Commits: - **(SEMVER-MAJOR)** **async_hooks**: add thisArg to AsyncResource.bind (James M Snell) [#36782] - **(SEMVER-MAJOR)** **buffer**: expose btoa and atob as globals (James M Snell) [#37786] - **(SEMVER-MAJOR)** **build**: remove support for Python 2 (Christian Clauss) [#36691] - **(SEMVER-MAJOR)** **build**: default PYTHON to python3 in Makefile (Michaël Zasso) [#37764] - **(SEMVER-MAJOR)** **build**: update Makefile to support fat binary (Ash Cripps) [#37861] - **(SEMVER-MAJOR)** **build**: include minimal V8 headers in distribution (Michaël Zasso) [#37570] - **(SEMVER-MAJOR)** **build**: use C++11 ABI with libstdc++ (Anna Henningsen) [#36634] - **(SEMVER-MAJOR)** **build**: enable ASLR (PIE) on OS X (woodfairy) [#35704] - **(SEMVER-MAJOR)** **deps**: update V8 to 9.0.257.11 (Michaël Zasso) [#37587] - **(SEMVER-MAJOR)** **deps**: bump minimum ICU version to 68 (Michaël Zasso) [#37330] - **(SEMVER-MAJOR)** **deps**: update V8 to 8.9.255.19 (Michaël Zasso) [#37330] - **(SEMVER-MAJOR)** **deps**: update V8 to 8.8.278.17 (Michaël Zasso) [#36139] - **(SEMVER-MAJOR)** **deps**: update V8 to 8.7.220 (Michaël Zasso) [#35700] - **(SEMVER-MAJOR)** **dns**: use url module instead of punycode for IDNA (Antoine du Hamel) [#35091] - **(SEMVER-MAJOR)** **doc**: update minimum supported Xcode to 11 (Michaël Zasso) [#37872] - **(SEMVER-MAJOR)** **doc**: update minimum supported GCC to 8.3 (Michaël Zasso) [#37871] - **(SEMVER-MAJOR)** **doc**: update AIX to GCC8 for v16.x (Ash Cripps) [#37677] - **(SEMVER-MAJOR)** **doc**: add http.IncomingMessage#connection (Pranshu Srivastava) [#33768] - **(SEMVER-MAJOR)** **events**: change EventTarget handler exception behavior (Nitzan Uziely) [#37237] - **(SEMVER-MAJOR)** **fs**: remove permissive rmdir recursive (Antoine du Hamel) [#37216] - **(SEMVER-MAJOR)** **fs**: add validation for fd and path (Dylan Elliott) [#35187] - **(SEMVER-MAJOR)** **fs**: runtime deprecate rmdir recursive option (Antoine du Hamel) [#37302] - **(SEMVER-MAJOR)** **fs**: fix flag and mode validation (James M Snell) [#37480] - **(SEMVER-MAJOR)** **http**: use objects with null prototype in Agent (Michaël Zasso) [#36409] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('http_parser') (James M Snell) [#37813] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('url') (James M Snell) [#37799] - **(SEMVER-MAJOR)** **lib**: make process.binding('util') return only type checkers (Anna Henningsen) [#37819] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('crypto') (James M Snell) [#37790] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('signal_wrap') (James M Snell) [#37800] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('v8') (James M Snell) [#37789] - **(SEMVER-MAJOR)** **lib**: aggregate errors to avoid error swallowing (Antoine du Hamel) [#37460] - **(SEMVER-MAJOR)** **lib**: runtime deprecate access to process.binding('async_wrap') (James M Snell) [#37576] - **(SEMVER-MAJOR)** **lib**: remove usage of url.parse (raisinten) [#36853] - **(SEMVER-MAJOR)** **lib**: add error handling for input stream (rexagod) [#31603] - **(SEMVER-MAJOR)** **lib,src**: update cluster to use Parent (Michael Dawson) [#36478] - **(SEMVER-MAJOR)** **module**: runtime deprecate subpath folder mappings (Antoine du Hamel) [#37215] - **(SEMVER-MAJOR)** **module**: runtime deprecate "main" index and extension lookups (Antoine du Hamel) [#37206] - **(SEMVER-MAJOR)** **module**: runtime deprecate invalid package.json main entries (Antoine du Hamel) [#37204] - **(SEMVER-MAJOR)** **module**: remove module.createRequireFromPath (Antoine du Hamel) [#37201] - **(SEMVER-MAJOR)** **module**: only set cache when finding module succeeds (Yongsheng Zhang) [#36642] - **(SEMVER-MAJOR)** **perf_hooks**: make performance a global (James M Snell) [#37970] - **(SEMVER-MAJOR)** **perf_hooks**: complete overhaul of the implementation (James M Snell) [#37136] - **(SEMVER-MAJOR)** **process**: disallow adding options to process.allowedNodeEnvironmentFlags (Antoine du Hamel) [#36660] - **(SEMVER-MAJOR)** **process**: runtime deprecate changing process.config (James M Snell) [#36902] - **(SEMVER-MAJOR)** **readline**: cursorTo throw error on NaN (Zijian Liu) [#36379] - **(SEMVER-MAJOR)** **src**: mark internally exported functions as explicitly internal (Tyler Ang-Wanek) [#37000] - **(SEMVER-MAJOR)** **src**: inline AsyncCleanupHookHandle in headers (Tyler Ang-Wanek) [#37000] - **(SEMVER-MAJOR)** **src**: clean up embedder API (Anna Henningsen) [#35897] - **(SEMVER-MAJOR)** **worker**: send correct error status for worker init (Yash Ladha) [#36242] PR-URL: #37678
After conducting several benchmarks, I noticed performance losses of
5-10%. As OS X is not a performance critical platform, as already
mentioned by @bnoordhuis, I have removed the -no_pie flag at least for
this platform. I'd love to enable PIE for other platforms if the 5-10%
speed loss is not too high. I would be happy to hear your opinion on
this.
Refs: #33425
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes