Disable RC4 in the default cipher list

Add the `--cipher-list` command line switch and `NODE_CIPHER_LIST`
environment variable to completely override the default cipher list.

Add the `--enable-legacy-cipher-list` and `NODE_LEGACY_CIPHER_LIST`
environment variable to selectively enable the default cipher list from
previous node.js releases.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #14413

Per feedback on the commit, make the PrintHelp for
--enable-legacy-cipher-list less verbose.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #14413

Added link to workflow guidelines page in API docs' navigation menu.

Fixes nodejs/nodejs.org-archive#102.

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #14570

Add separate sample code for the write-after-end case to avoid
confusion.

PR: #15517
PR-URL: #15517
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

PR: #14089
PR-URL: #14089
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

PR: #14089
PR-URL: #14089
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

This is needed so that we can backport
668bde8 from io.js with
a clean merge.

PR-URL: #25100
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
Fixes: #4356

Backport 668bde8 from io.js.
Original commit message follows:

In theory the msi should broadcast a 'WM_SETTINGCHANGE' message to all
windows after modifying the PATH environment variable. This ensures that
the new PATH is visible to other processes without restarting windows
(although it's still necessary to close and reopen active console
windows).

Unfortunately, the broadcast doesn't always happen, for unknown reasons.
That's why this patch adds a custom action that unconditionally
broadcasts a WM_SETTINGCHANGE message.

Bug: nodejs/node#603
PR: nodejs/node#613
Reviewed-by: Bert Belder <bertbelder@gmail.com>
(cherry picked from commit 668bde8)

--Node.js commmit metadata--
PR-URL: #25100
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
Fixes: #4356

PR: #25141
PR-URL: #25141
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

The -fno-strict-aliasing flag was added to fix compilation warnings when
building Node.js with GCC <= 4.4

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #9179

PR: #25141
PR-URL: #25141
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

Backport 6964a9e0685fa186d9d9b7907be17505e839db1a from upstream v8.

Original commit message:

  Make CPU profiler do not hog 100% of CPU.

  Tick event processor should not stay in a tight loop
  when there's nothing to do. It can go sleep until next sample event.

  LOG=N
  BUG=v8:3967
  Committed: https://crrev.com/6964a9e0685fa186d9d9b7907be17505e839db1a
  Cr-Commit-Position: refs/heads/master@{#28211}

Fixes #25137
Related: #9439, #8789

PR: #25268
PR-URL: #25268
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

test-tls-server-verify takes a lont time to execute and times
out on the Jenkins machines.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25284

Fix the regexp used to detect 'Unexpected token' errors so that they can
be considered as recoverable. This fixes the following use case:

> var foo = 'bar \
... baz';
undefined
> foo
'bar baz'
>

Fixes #8874

Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #8875

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25289

Revert "disable RC4, add --cipher-list command line switch" and
"tls: make --enable-legacy-cipher-list=val less verbose"

This reverts commit f9291a9 and
b5737bb.

There is still some work to be done to guarantee secure defaults and a
smooth upgrade path for v0.12.x users. Before this work is finished, we
want to be able to release new versions of v0.12.x. So instead of
waiting for these changes to be ready to ship, revert them and integrate
them when they're ready to be shipped.

Conflicts:
	src/node.cc

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25296

* V8: update to 3.28.71.19

* uv: upgrade to 1.5.0

* npm: upgrade to 2.9.1

* V8: don't busy loop in v8 cpu profiler thread (Mike Tunnicliffe)

* V8: fix issue with let bindings in for loops (adamk)

* debugger: don't spawn child process in remote mode (Jackson Tian)

* net: do not set V4MAPPED on FreeBSD (Julien Gilli)

* repl: make 'Unexpected token' errors recoverable (Julien Gilli)

* src: backport ignore ENOTCONN on shutdown race (Ben Noordhuis)

* src: fix backport of SIGINT crash fix on FreeBSD (Julien Gilli)

This test currently fails when run on machines without
IPv6 enabled. Futher it was delete in io.js under
3143d73 as the test
was known to have problems across platforms and
releases.

The existing test was hard to understand so I wrote
a new version but then found exactly what was
reported in the io.js pull request.  Behaviour varies
across platforms such that writing a solid test would
either be infeasible or test so little that
it does not seem to make sense to keep it.

Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: #25326

With additional load in the system, the child process which runs sleep
command takes more time to run - typically slightly above 1 second,
but above 2 seconds under stress.

While the intent of the test is to test the functionality of spawnSync
and the child process in general, in effect it is testing the system
command sleep, and further, it's responsiveness.

Since from the name the purpose of the test seems to be unrelated to
the sleep behaviour, I believe a more meaningful assertion would be to
see the time taken is more than 1 second.

Reviewed-By: Michael Dawson <mhdawsonibm@gmail.com>
PR-URL: #25291

Refs #25270,#25271

Reviewed-By: Michael Dawson <mhdawsonibm@gmail.com>
PR-URL: #25325

The Node 0.12 line was initially released with a version
of v8 that included Array.prototype.values(). In
#18206, v8 was
updated to a version that dropped support for values().
https://codereview.chromium.org/647703003 removed this
method because it causes problems with some versions of
Outlook Web Access. This commit reverts the removal of
Array.prototype.values().

Original commit message:

Revert "Version 3.28.71.17 (merged r24706, r24708)"

This reverts commit 529541ecb58fd0d6df4dfbe41d01bff9ae21ff06.

Conflicts:
	src/version.cc

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25328

This commit adds a regression test for
#25324

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25328

Issue: #25348
The gyp/project files don't explicitly specify a subsystem version,
which results in the default being used. The default changed from
VS 2010 to VS 2012 and later.

Backport e8d0850 from io.js.
Original commit message follows:

Chrome still runs on Windows XP, so there is no reason that iojs
couldn't.

PR: nodejs/node#512
(cherry picked from commit e8d0850)

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25367

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25364

* npm: upgrade to 2.10.1

* V8: revert v8 Array.prototype.values() removal (cjihrig)

* win: bring back xp/2k3 support (Bert Belder)

OpenSSL s_client introduces some delay on Windows. With all clients
running sequentially, this delay is big enough to break CI. This fix runs
the clients in parallel (unless the test includes renegotiation),
reducing the total run time.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25368

Different servers must use different ports. Since we can count only on
common.PORT and common.PORT+1, run only 2 servers in parallel.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25368

When running in parallel, it is not easy to identify what server and
client failed when the test fails. This adds identifiers to all lines
of console output.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25368

Now that the test is fixed, node-accept-pull-request should
fail when the test fails.

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25368

For better performance of the test, the parent kills child processes
so as not to wait them to be ended.

(cherry picked from commit 833b236)

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25368

In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

(cherry picked from commit 9f0f7c3)

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25368

This improves the performance of openssl s_client on Windows and
gains several seconds to finish test-tls-server-verify.

(cherry picked from commit 2ff517e)

Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: #25368

A deadlock happens when sampler initiated by SIGPROF tries to lock
the thread and the thread is already locked by the same thread. As
a result, other thread involved in sampling process hangs. The
patch adds a check for thread lock before continuing sampler
operation.

The fix has been tested on a sample app under load with and without
profiling turned on.

Fixes issue #14576 and specifically the duplicate issue #25295

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25309

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25482

Fixes: #9310

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25475

The -fno-strict-aliasing flag was added to fix compilation warnings when
building Node.js with GCC <= 4.4

PR: #25141

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25475

When a timer is added in another timer's callback, its underlying timer
handle will be started with a timeout that is actually incorrect.

The reason is that  the value that represents the current time is not
updated between the time the original callback is called and the time
the added timer is processed by timers.listOnTimeout. That leads the
logic in timers.listOnTimeout to do an incorrect computation that makes
the added timer fire with a timeout of scheduledTimeout +
timeSpentInCallback.

This change fixes that and make timers scheduled within other timers'
callbacks fire as expected.

Fixes #9333 and #15447.

PR: #17203
PR-URL: #17203
Reviewed-By: Fedor Indutny <fedor@indutny.com>

This just replaces all sources of openssl-1.0.1o.tar.gz into
deps/openssl/openssl.

PR: #25523
PR-URL: #25523
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

Change all openssl/include/openssl/*.h to include resolved symbolic
links and openssl/crypto/opensslconf.h to refer config/opensslconf.h.

PR: #25523
PR-URL: #25523
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

sha256-x86_64.pl does not exist in the origin openssl distribution. It
was copied from sha512-x86_64.pl and both sha256/sha512 scripts were
modified so as to generates only one asm file specified as its key
hash length.

PR: #9451
PR-URL: #9451
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>

PR: #25523
PR-URL: #25523
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

PR: #9451
PR-URL: #9451
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>

PR: #25523
PR-URL: #25523
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

reapply b910613

PR: #9451
PR-URL: #9451
Reviewed-By: Julien Gilli <julien.gilli@joyent.com>

PR: #25523
PR-URL: #25523
Reviewed-By: Julien Gilli <jgilli@fastmail.fm>

Test of 512 bits key is failed after upgrading openssl-1.0.1o due to
its limit of 768 bits key size. Remove it and start from 1024 bits
test.

Reviewed-By: Michael Dawson <mdawson@devrus.com>
PR-URL: #25533

Reviewed-By: Julien Gilli <julien.gilli@joyent.com>
PR-URL: #25517

This reverts commit 67d9a56.

This commit actually reverts both
67d9a56 and
02a549e (both related to ciphers list
changes). It does it in one commit because reverting
02a549e results in an empty commit.

These changes are not yet ready to be released, and before they are we
want to be able to publish new releases. We're reverting them so that we
can submit a new PR that will contain all these changes plus what's
necessary to be able to land them properly.

Conflicts:
	src/node.cc

PR: #25511
PR-URL: #25511
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

* openssl: upgrade to 1.0.1o (Addressing multiple CVEs)

* install: fix source path for openssl headers (Oguz Bastemur)

* install: make sure opensslconf.h is overwritten (Oguz Bastemur)

* timers: fix timeout when added in timer's callback (Julien Gilli)

* windows: broadcast WM_SETTINGCHANGE after install (Mathias Küsel)