Working on v4.3.3

PR-URL: https://github.com/nodejs/node/pull/5526

2016-03-02, Version 4.3.2 'Argon' (LTS)

This is a security release with only a single commit, an update to openssl due to a recent security advisory. You can read more about the security advisory on the Node.js website (https://nodejs.org/en/blog/vulnerability/openssl-march-2016/)

Notable changes

* openssl
  - this upgrade to openssl 1.0.2g. This fixes the security vulnerabilities that are references in this openssl announce (https://mta.openssl.org/pipermail/openssl-announce/2016-February/000063.html)

PR-URL: https://github.com/nodejs/node/pull/5526

deps: upgrade openssl to 1.0.2g

PR-URL: https://github.com/nodejs/node/pull/5507
Reviewed-By: Fedor Indutny <fedor@indutny.com>

Working on v4.3.2

PR-URL: https://github.com/nodejs/node/pull/5200#issuecomment-184897483

2016-02-16, Version 4.3.1 'Argon' (LTS)

Notable changes:

* buffer: make byteLength work with Buffer correctly (Jackson Tian)
  - https://github.com/nodejs/node/pull/4738
* debugger: guard against call from non-node context (Ben Noordhuis)
  - https://github.com/nodejs/node/pull/4328
* node_contextify: do not incept debug context (Myles Borins)
  - https://github.com/nodejs/node/pull/4819
* deps: update to http-parser 2.5.2 (James Snell)
  - https://github.com/nodejs/node/pull/5238

node_contextify: do not incept debug context

Currently a debug context is created for various calls to util.

If the node debugger is being run the main context is the debug
context. In this case node_contextify was freeing the debug context
and causing everything to explode.

This change moves around the logic and no longer frees the context.

There is a concern about the dangling pointer

The regression test was adapted from code submitted by @3y3 in #4815

Fixes: https://github.com/nodejs/node/issues/4440
Fixes: https://github.com/nodejs/node/issues/4815
Fixes: https://github.com/nodejs/node/issues/4597
Fixes: https://github.com/nodejs/node/issues/4952
PR-URL: https://github.com/nodejs/node/issues/4815

Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>

test: fix tls-no-rsa-key flakiness

In some conditions it can happen that the client-side socket is destroyed
before the server-side socket has gracefully closed, thus causing a
'ECONNRESET' error in this socket. To solve this, wait in the client-side
socket for the 'end' event before closing it.

PR-URL: https://github.com/nodejs/node/pull/4043
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

tools: add support for subkeys in release tools

Replace grep with awk to add support for subkeys

PR-URL: https://github.com/nodejs/node/pull/4807
Reviewed-By: Rod Vagg <rod@vagg.org>

doc: update list of personal traits in CoC

https://github.com/rust-lang/rust-www/pull/288 landed in the Rust repo
so it seems like a good idea to just bring the updated list in.

We also received a request to do this in https://github.com/nodejs/inclusivity/issues/82
so this should resolve that.

Thanks to [@Charlotteis](https://github.com/Charlotteis) for bringing
up the original issue.

Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: Myles Borins <mborins@us.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/4801
Fixes: https://github.com/nodejs/inclusivity/issues/82

tools: enable space-in-parens ESLint rule

Ref: http://eslint.org/docs/rules/space-in-parens.html
PR-URL: https://github.com/nodejs/node/pull/4753
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>

test: fix issues for space-in-parens ESLint rule

PR-URL: https://github.com/nodejs/node/pull/4753
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>

doc: style fixes for the TOC

- Hide the scrollbar on the TOC on all browsers. It was never the
  intention for it to be visible with the scroll indication in place.
  A wrapper element with 20px padding was added to accommodate for
  hopefully all scrollbar widths as well as to avoid overflowing
  content.
- Fixed the scroll indication gradient on Safari, which was caused by
  the wrong from-color, which now matches the to-color.
- Fixed a issue in old IE where the TOC didn't render on the correct
  position through setting `left: 0` and `top: 0` on it.

PR-URL: https://github.com/nodejs/node/pull/4748
Reviewed-By: James M Snell <jasnell@gmail.com>

test: improve test-cluster-disconnect-suicide-race

Previously, test-cluster-disconnect-suicide-race had two issues:

* Magic numbers: How many times to spawn a worker was determined through
empirical experimentation. This means that as new platforms and new
CPU/RAM configurations are tested, the magic numbers require more
and more refinement. This brings us to...

* Non-determinism: The test seems to fail all the time when the bug
it tests for is present, but it's really a judgment based on sampling.
"Oh, with 8 workers per CPU, it fails about 80% of the time. Let's try
16..."

This revised version of the test takes a different approach. The fix
for the bug that the test was written for means that the disconnect
event will fire on a subsequent tick. So we check for that and the test
still fails when the fix is not in the code base and succeeds when it
is.

Advantages of this approach include:

* The test runs much faster.
* The test should be reliable on any new platform regardless of CPU and
RAM.

PR-URL: https://github.com/nodejs/node/pull/4739
Ref: https://github.com/nodejs/node/pull/4674
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>

buffer: make byteLength work with Buffer correctly

Make the byteLength work correctly when input is Buffer.

e.g:

```js
// The incomplete unicode string
Buffer.byteLength(new Buffer([0xe4, 0xb8, 0xad, 0xe6, 0x96]))
```
The old output: 9
The new output: 5

PR-URL: https://github.com/nodejs/node/pull/4738
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

test: make test-cluster-disconnect-leak reliable

Previously, test-cluster-disconnect-leak had two issues:

* Magic numbers: How many times to spawn a worker was determined through
empirical experimentation. This means that as new platforms and new
CPU/RAM configurations are tested, the magic numbers require more
and more refinement. This brings us to...

* Non-determinism: The test *seems* to fail all the time when the bug
it tests for is present, but it's really a judgment based on sampling.
"Oh, with 8 workers per CPU, it fails about 80% of the time. Let's try
16..."

This revised version of the test takes a different approach. The fix
for the bug that the test was written for means that the `disconnect`
event will fire reliably for a single worker. So we check for that and
the test still fails when the fix is not in the code base and succeeds
when it is.

Advantages of this approach include:

* The test runs much faster.
* The test now works on Windows. The previous version skipped Windows.
* The test should be reliable on any new platform regardless of CPU and
RAM.

Ref: https://github.com/nodejs/node/pull/4674

PR-URL: https://github.com/nodejs/node/pull/4736
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>

doc: add `servername` parameter docs

Add `servername` parameter docs for `https.request()` method.

Follows #4389

PR-URL: https://github.com/nodejs/node/pull/4729
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>

buffer: remove unnecessary TODO comments

Refs: https://github.com/nodejs/node/issues/4642
PR-URL: https://github.com/nodejs/node/pull/4719
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>

doc: update branch-diff arguments in release doc

PR-URL: https://github.com/nodejs/node/pull/4691
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>

readline: Remove XXX and output debuglog

Remove a comment that has a word 'XXX'.
And add a line to output debuglog of error.

PR-URL: https://github.com/nodejs/node/pull/4690
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

crypto: clear error stack in ECDH::Initialize

Clean up OpenSSL error stack in `ECDH::Initialize`, some curves have
faulty implementations that are leaving dangling errors after
initializing the curve.

Fix: #4686
PR-URL: https://github.com/nodejs/node/pull/4689
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>

test: fix flaky test-net-socket-local-address

Prior to this commit, the test was flaky because it was
executing the majority of its logic in a function called from
the client and multiple events on the server. This commit
simplifies the test by separating the server's connection and
listening events, and isolating the client logic.

Refs: https://github.com/nodejs/node/pull/4476
Refs: https://github.com/nodejs/node/pull/4644
PR-URL: https://github.com/nodejs/node/pull/4650
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>

net: remove hot path comment from connect

This comment was added with an assumption that we could determine the
IP address that localhost should resolve to without performing a
lookup. This was a false assumption and should be removed.

PR-URL: https://github.com/nodejs/node/pull/4648
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

doc: add docs for more stream options

PR-URL: https://github.com/nodejs/node/pull/4639
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Chris Dickinson <chris@neversaw.us>

test: fix race in test-net-server-pause-on-connect

A 50ms timeout results in a race condition. Instead, enforce expected
order through callbacks. This has the side effect of speeding up the
test in most situations.

Ref: https://github.com/nodejs/node/pull/4476
PR-URL: https://github.com/nodejs/node/pull/4637
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>

debugger: remove variable redeclarations

Some variables are declared with var more than once in the same scope.
This change reduces the declarations to one per scope.

PR-URL: https://github.com/nodejs/node/pull/4633
Reviewed-By: jasnell - James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

tls_legacy: do not read on OpenSSL's stack

Do not attempt to read data from the socket whilst on OpenSSL's stack,
weird things may happen, and this is most likely going to result in some
kind of error.

PR-URL: https://github.com/nodejs/node/pull/4624
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

stream: remove useless if test in transform

PR-URL: https://github.com/nodejs/node/pull/4617
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>

test: remove 1 second delay from test

In test-cluster-worker-wait-server-close, remove unneeded 1-second delay
and refactor to eliminate flakiness on FreeBSD.

PR-URL: https://github.com/nodejs/node/pull/4616
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>

test: move resource intensive tests to sequential

To enable greater parallelization of tests on CI, move resource
intensive tests out of parallel and into sequential.

Ref: https://github.com/nodejs/node/pull/4476
PR-URL: https://github.com/nodejs/node/pull/4615
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>

dgram: prevent disabled optimization of bind()

Reassigning a named parameter while also using the arguments
object causes the entire function to never be optimized.

PR-URL: https://github.com/nodejs/node/pull/4613
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

http: remove variable redeclaration

In lib/_http_client.js, the variable `conn` was declared with the `var`
keyword three times in the same scope. This change eliminates the
variable entirely.

PR-URL: https://github.com/nodejs/node/pull/4612
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

test: require common module only once

Two tests were requiring the common module twice. This removes the
duplicate require statement in the tests.

PR-URL: https://github.com/nodejs/node/pull/4611
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>

test: only include http module once

A few tests in test/gc include the http module twice. Remove duplicate
require().

PR-URL: https://github.com/nodejs/node/pull/4606
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

src: remove redeclarations of variables

Remove redeclarations of variables in node.js. This includes removing
one apparently unnecessary `NativeModule.require('module')`.

PR-URL: https://github.com/nodejs/node/pull/4605
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell <jasnell@gmail.com>

test: fix `http-upgrade-client` flakiness

It's not guaranteed that the socket data is received in the same chunk
as the upgrade response. Listen for the `data` event to make sure all
the data is received.

PR-URL: https://github.com/nodejs/node/pull/4602
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>

test: fix flaky unrefed timers test

Remove unnecessary `setImmediate()` that causes a minor race condition.
Stop the test after 3 occurrences rather than 5 to allow for slower
hosts running the test in parallel with other tests.

Fixes: https://github.com/nodejs/node/issues/4559
PR-URL: https://github.com/nodejs/node/pull/4599
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>

net, doc: fix line wrapping lint in net.js

Missed on the previous review, minor line wrapping nit

PR-URL: https://github.com/nodejs/node/pull/4588
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

net: fix dns lookup for android

`V4MAPPED` isn't supported by Android either (as of 6.0)

PR-URL: https://github.com/nodejs/node/pull/4580
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

repl: make sure historyPath is trimmed

If one were to set NODE_REPL_HISTORY to a string that contains only a
space (" "), then the history file would be created with that name
which can cause problems are certain systems.

PR-URL: https://github.com/nodejs/node/pull/4539
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>

test: fix `http-upgrade-agent` flakiness

It's not guaranteed that the socket data is received in the same chunk
as the upgrade response. Listen for the `data` event to make sure all
the data is received.

PR-URL: https://github.com/nodejs/node/pull/4520
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

test: fix flaky test-cluster-shared-leak

Wait for worker2 to come online before doing anything that might result
in an EPIPE. Fixes flakiness of test on Windows.

Fixes: https://github.com/nodejs/node/issues/3956
PR-URL: https://github.com/nodejs/node/pull/4510
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: James M Snell<jasnell@gmail.com>

cluster: ignore queryServer msgs on disconnection

It avoids the creation of unnecessary handles. This issue is causing
intermitent failures in `test-cluster-disconnect-race` on `FreeBSD`
and `OS X`.

The problem is that the `worker2.disconnect` is being called on the
master before the `queryServer` is handled, causing the worker to
be deleted, then the Server handle is created afterwards. Later on,
when `removeWorker` is called from the `exit` handler, there are no
workers left, but one handle, thus the `AssertionError`.

Add a new `test/sequential/test-cluster-disconnect-leak` based on
`test-cluster-disconnect-race` that creates lots of workers and fails
consistently without this patch.

PR-URL: https://github.com/nodejs/node/pull/4465
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Rich Trott <rtrott@gmail.com>

http: fix non-string header value concatenation

Since headers are stored in an empty literal object ({}) instead
of an object created with Object.create(null), care must be taken
with property names inherited from Object. Currently there are
only functions inherited, so we can safely check for existing
strings instead.

Fixes: https://github.com/nodejs/node/issues/4456
PR-URL: https://github.com/nodejs/node/pull/4460
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>

doc: mention that http.Server inherits from net.Server

PR-URL: https://github.com/nodejs/node/pull/4455
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

test: fix flaky cluster-net-send

Before this commit, it was possible on Windows for the server's
'connection' handler to be called *after* the client socket's
'connect' handler. This caused the 'message' event to be missed
and the test would never end (timing out in CI). This problem
was more easily reproducible on a low resource (slow CPU)
Windows (2012r2) installation.

This commit waits until both handlers have been called before
sending the handle to the master process.

Fixes: https://github.com/nodejs/node/issues/3957
PR-URL: https://github.com/nodejs/node/pull/4444
Reviewed-By: Rich Trott <rtrott@gmail.com>

test: fix flaky child-process-fork-regr-gh-2847

Windows would die with ECONNRESET most times when running
this particular test. This commit makes handling these errors
more tolerable.

PR-URL: https://github.com/nodejs/node/pull/4442
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>

doc: copyedit setTimeout() documentation

Copyedit the documentation for setTimeout() and enforce wrapping at 80
characters in the markdown file for nearby text.

PR-URL: https://github.com/nodejs/node/pull/4434
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: jasnell - James M Snell <jasnell@gmail.com>
Reviewed-By: Stephan Belanger <admin@stephenbelanger.com>

doc: fix formatting in process.markdown

All the other properties get an h2/## but process.connected gets an
h3/### for no discernible reason. Change it to h2/## like the others.

PR-URL: https://github.com/nodejs/node/pull/4433
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Stephan Belanger <admin@stephenbelanger.com>
Reviewed-By: Roman Klauke <romaaan.git@gmail.com>

test: use addon.md block headings as test dir names

instead of doc-*

PR-URL: https://github.com/nodejs/node/pull/4412
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>

test: test each block in addon.md contains js & cc

Allows more freedom in adding additional headings to addon.markdown,
otherwise it'll try and convert each block under a heading to a test
case. We need to have at least a .js and a .cc in order to have
something to test.

Fixes regression caused by adding a new 3rd-level heading in
d5863bc0f43a3778aa773d5f5f4ad08e1d7d7497

PR-URL: https://github.com/nodejs/node/pull/4411
Reviewed-By: Myles Borins <myles.borins@gmail.com>

doc: add path property to Write/ReadStream in fs.markdown

Documents the "path" property on fs.WriteStream
and fs.ReadStream. See #4327

PR-URL: https://github.com/nodejs/node/pull/4368
Reviewed-By: James M Snell <jasnell@gmail.com>

cluster: fix race condition setting suicide prop

There is no guarantee that the `suicide` property of a worker in the
master process is going to be set when the `disconnect` and `exit`
events are emitted.

To fix it, wait for the ACK of the suicide message from the master
before disconnecting the worker. Also, there's no need to send the
suicide message from the worker if the disconnection has been
initiated in the master.

Add `test-cluster-disconnect-suicide-race` that forks a lot of workers
to consistently reproduce the issue this patch tries to solve.

Modify `test-regress-GH-3238` so it checks both the `kill` and
`disconnect` cases. Also take into account that the `disconnect` event
may be received after the `exit` event.

PR-URL: https://github.com/nodejs/node/pull/4349
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>

doc: add docs working group

PR-URL: https://github.com/nodejs/node/pull/4244
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>

test: fix tls-multi-key race condition

In some conditions it can happen that the client-side socket is
destroyed before the server-side socket has gracefully closed, thus
causing a 'ECONNRESET' error in this socket. To solve this, also close
gracefully in the client side.

PR-URL: https://github.com/nodejs/node/pull/3966
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

module: move unnecessary work for early return

The exts and trailingSlash variables are only used if the
path isn't cached. This commit moves them further down in the
code, and changes from var to const.

PR-URL: https://github.com/nodejs/node/pull/3579
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>

tls: copy client CAs and cert store on CertCb

Copy client CA certs and cert store when asynchronously selecting
`SecureContext` during `SNICallback`. We already copy private key,
certificate, and certificate chain, but the client CA certs were
missing.

Fix: #2772
PR-URL: https://github.com/nodejs/node/pull/3537
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

test: fix style issues after eslint update

Replace var keyword with const or let.

PR-URL: https://github.com/nodejs/io.js/pull/2286
Reviewed-By: Roman Reiss <me@silverwind.io>

tools: fix style issue after eslint update

PR-URL: https://github.com/nodejs/io.js/pull/2286
Reviewed-By: Roman Reiss <me@silverwind.io>

lib: fix style issues after eslint update

With an indentation style of two spaces, it is not possible to indent
multiline variable declarations by four spaces. Instead, the var keyword
is used on every new line.
Use const instead of var where applicable for changed lines.

PR-URL: https://github.com/nodejs/io.js/pull/2286
Reviewed-By: Roman Reiss <me@silverwind.io>

tools: update eslint config

The no-reserved-keys rule doesn't exist anymore and we don't need ES3
compatibility.
escape and unescape are now known by eslint.
--reset flag was removed and it is now the default behavior.

PR-URL: https://github.com/nodejs/io.js/pull/2286
Reviewed-By: Roman Reiss <me@silverwind.io>

tools: update eslint to v1.10.3

PR-URL: https://github.com/nodejs/io.js/pull/2286
Reviewed-By: Roman Reiss <me@silverwind.io>

gitignore: never ignore debug module

On case-insensitive platorms, the Debug/ rule catches the debug module
under npm and eslint.

PR-URL: https://github.com/nodejs/node/pull/2286
Reviewed-By: Roman Reiss <me@silverwind.io>

doc: restore ICU third-party software licenses

PR-URL: https://github.com/nodejs/node/pull/4762
Reviewed-By: Rod Vagg <rod@vagg.org>

tools: fix license-builder.sh for ICU

Modify tools/license-builder.sh to restore the Third-Party Software
licenses for ICU.

Also fix arguments to tail to work on Linux.

rvagg: modified sed command for ICU to replace tabs with spaces and
       remove whitespace at the end of lines

PR-URL: https://github.com/nodejs/node/pull/4762
Reviewed-By: Rod Vagg <rod@vagg.org>

doc: rebuild LICENSE using tools/license-builder.sh

PR-URL: https://github.com/nodejs/node/pull/4194
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>

tools: add license-builder.sh to construct LICENSE

PR-URL: https://github.com/nodejs/node/pull/4194
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>

debugger: guard against call from non-node context

Fix a segmentation fault when the debug message handler was called from
a context without an associated `node::Environment`.

Fixes: https://github.com/nodejs/node/issues/4261
Fixes: https://github.com/nodejs/node/issues/4322
PR-URL: https://github.com/nodejs/node/pull/4328
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

src: don't check failure with ERR_peek_error()

It's possible there is already an existing error on OpenSSL's error
stack that is unrelated to the EVP_DigestInit_ex() operation we just
executed.

Fixes: https://github.com/nodejs/node/issues/4221
PR-URL: https://github.com/nodejs/node/pull/4731
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>

deps: update to http-parser 2.5.2

Fixes http-parser regression with IS_HEADER_CHAR check
Add test case for obstext characters (> 0x80) is header

PR-URL: https://github.com/nodejs/node/pull/5238
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Myles Borins <mborins@us.ibm.com>

src: repair lts flag

PR-URL: https://github.com/nodejs/node/pull/5186
Reviewed-By: Myles Borins <myles.borins@gmail.com>

doc: fix v4.3.0 changelog commit entries

The wrong commit SHAs were used

PR-URL: https://github.com/nodejs/node/pull/5165
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Rod Vagg <r@va.gg>

Working on v4.3.1

2016-02-09, Version 4.3.0 'Argon' (LTS)

This is an important security release. All Node.js users should
consult the security release summary at nodejs.org for details on
patched vulnerabilities.

Note that this release includes a non-backward compatible change to
address a security issue. This change increases the version of the LTS
v4.x line to v4.3.0. There will be *no further updates* to v4.2.x.

* http: fix defects in HTTP header parsing for requests and responses
  that can allow request smuggling (CVE-2016-2086) or response
  splitting (CVE-2016-2216). HTTP header parsing now aligns more
  closely with the HTTP spec including restricting the acceptable
  characters.
* http-parser: upgrade from 2.5.0 to 2.5.1
* openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the
  Logjam attack, TLS clients now reject Diffie-Hellman handshakes with
  parameters shorter than 1024-bits, up from the previous limit of
  768-bits.
* src:
  - introduce new `--security-revert={cvenum}` command line flag for
    selective reversion of specific CVE fixes
  - allow the fix for CVE-2016-2216 to be selectively reverted using
    `--security-revert=CVE-2016-2216`

PR-URL: https://github.com/nodejs/node-private/pull/20

deps: add -no_rand_screen to openssl s_client

In openssl s_client on Windows, RAND_screen() is invoked to initialize
random state but it takes several seconds in each connection.
This added -no_rand_screen to openssl s_client on Windows to skip
RAND_screen() and gets a better performance in the unit test of
test-tls-server-verify.
Do not enable this except to use in the unit test.

Fixes: https://github.com/nodejs/node/issues/1461
PR-URL: https://github.com/nodejs/node/pull/1836
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

deps: upgrade openssl sources to 1.0.2f

This replaces all sources of openssl-1.0.2f.tar.gz
into deps/openssl/openssl

Fix: https://github.com/nodejs/node/issues/4857
PR-URL: https://github.com/nodejs/node/pull/4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
deps: copy openssl header files to include dir

All symlink files in deps/openssl/openssl/include/openssl/ are removed
and replaced with real header files to avoid issues on Windows.
Two files of opensslconf.h in crypto and include dir are replaced to
refer config/opensslconf.h.

Fix: https://github.com/nodejs/node/issues/4857
PR-URL: https://github.com/nodejs/node/pull/4961
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
deps: fix openssl assembly error on ia32 win32

`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and
perhaps others) are requiring .686 .

Fixes: https://github.com/nodejs/node/issues/589
PR-URL: https://github.com/nodejs/node/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
deps: fix asm build error of openssl in x86_win32

See
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html

iojs needs to stop using masm and move to nasm or yasm on Win32.

Fixes: https://github.com/nodejs/node/issues/589
PR-URL: https://github.com/nodejs/node/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
openssl: fix keypress requirement in apps on win32

Reapply b910613792dac946b295855963869933a9089044 .

Fixes: https://github.com/nodejs/node/issues/589
PR-URL: https://github.com/nodejs/node/pull/1389
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
docs: update openssl UPDATING guide

the guide is now current with the steps taken to update
openssl to v1.0.2f

PR-URL: https://github.com/nodejs/node/pull/4961
Reviewed-By: Myles Borins <mborins@us.ibm.com>

src: avoid compiler warning in node_revert.cc

PR-URL: https://github.com/nodejs/node-private/pull/20

http: strictly forbid invalid characters from headers

PR-URL: https://github.com/nodejs/node-private/pull/20

deps: update http-parser to version 2.5.1

includes parsing improvements to ensure closer HTTP spec conformance

PR-URL: https://github.com/nodejs/node-private/pull/20

src: add --security-revert command line flag

The `--security-revert={cvenum}` command line flag is a special purpose
flag to be used only in stable or LTS branches when a breaking change
is required to address a security vulnerability. Whenever a vulnerability
requires a breaking change, and a CVE has been assigned, the flag can
be used to force Node to revert to the insecure behavior that was
implemented before the fix was applied.

Note that this flag is intended to be used only as a last resort in the
case a security update breaks existing code. When used, a security
warning will be printed to stderr when Node launches.

The `--security-revert={cvenum}` flag takes a single CVE number as an
argument. Multiple instances of the `--security-revert={cvenum}` flag
can be used on the command line to revert multiple changes.

Whenever a new `--security-revert={cvenum}` is enabled, it should be
documented in the release notes and in the API docs.

Master and the first release of a new major (e.g. v6.0) should not have
any reverts available.

Every time a new `--security-revert={cvenum}` is added, there should be
a semver-minor bump in the stable and LTS branch.

PR-URL: https://github.com/nodejs/node-private/pull/20

Working on v4.2.7

PR-URL: https://github.com/nodejs/node/pull/4788

2016-01-21, Version 4.2.6 "Argon" (LTS) Release

Notable changes:

* Fix regression in debugger and profiler functionality

PR-URL: https://github.com/nodejs/node/pull/4788
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>

test: add test for debugging one line files

This commit adds a regression test for debugging of
single line files.

Refs: https://github.com/nodejs/node/issues/4297
PR-URL: https://github.com/nodejs/node/pull/4298
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>

module,src: do not wrap modules with -1 lineOffset

In b799a74709af69daf13901390df9428c4c38adfc and
dfee4e3712ac4673b5fc472a8f77ac65bdc65f87 the module wrapping
mechanism was changed for better error reporting. However,
the changes causes issues with debuggers and profilers. This
commit reverts the wrapping changes.

Fixes: https://github.com/nodejs/node/issues/4297
PR-URL: https://github.com/nodejs/node/pull/4298
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>

Working on v4.2.6

PR-URL: https://github.com/nodejs/node/pull/4768

2016-01-20, Version 4.2.5 "Argon" (LTS) Release

Notable changes:

* assert
  -  accommodate ES6 classes that extend Error (Rich Trott) https://github.com/nodejs/node/pull/4166
* build
  - add "--partly-static" build options (Super Zheng) https://github.com/nodejs/node/pull/4152
* deps
  - backport 066747e from upstream V8 (Ali Ijaz Sheikh) https://github.com/nodejs/node/pull/4655
  - backport 200315c from V8 upstream (Vladimir Kurchatkin) https://github.com/nodejs/node/pull/4128
  - upgrade libuv to 1.8.0 (Saúl Ibarra Corretgé)
* docs
  - various updates landed in 70 different commits!
* repl
  - attach location info to syntax errors (cjihrig) https://github.com/nodejs/node/pull/4013
  - display error message when loading directory (Prince J Wesley) https://github.com/nodejs/node/pull/4170
* tests
  - various updates landed in over 50 commits
* util
  - allow lookup of hidden values (cjihrig) https://github.com/nodejs/node/pull/3988

PR-URL: https://github.com/nodejs/node/pull/4768

tools: add .editorconfig

This helps editors (see http://editorconfig.org/#download) to
apply the right indentation and encoding rules to files by
default.

PR-URL: https://github.com/nodejs/node/pull/2993
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>

assert: accommodate ES6 classes that extend Error

`assert.throws()` and `assert.doesNotThrow()` blow up with a `TypeError`
if used with an ES6 class that extends Error.

Fixes: https://github.com/nodejs/node/issues/3188
PR-URL: https://github.com/nodejs/node/pull/4166
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

test: mark test-debug-no-context is flaky

test-debug-no-context is flaky on Windows. Mark as such.

Ref: https://github.com/nodejs/node/issues/4343
PR-URL: https://github.com/nodejs/node/pull/4421
Reviewed-By: Brian White <mscdex@mscdex.net>

doc: clarify protocol default in http.request()

The previously listed default of 'http' is incorrect, and
causes an error to be thrown. This commit changes it to the
correct value of 'http:'

Fixes: https://github.com/nodejs/node/issues/4712
PR-URL: https://github.com/nodejs/node/pull/4714
Reviewed-By: James M Snell <jasnell@gmail.com>

test: don't use cwd for relative path

With the introduction of temporary paths in the test runner
realpath tests would bail in scenarios where the temporary folder
wasn't in the same directory as the source code.

PR-URL: https://github.com/nodejs/node/pull/4477
Reviewed-By: Rich Trott <rtrott@gmail.com>

doc: update links to use https where possible

PR-URL: https://github.com/nodejs/node/pull/4054
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>

test: write to tmp dir rather than fixture dir

test-fs-realpath.js was writing files to the fixture dir. This changes
it to use the temp directory instead. This also replaces some of the
string concatenation for paths with uses of path.join() and
path.relative().

PR-URL: https://github.com/nodejs/node/pull/4489
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>

test: don't assume a certain folder structure

A few tests assumed that temp dirs always lived in the same
parent folder as fixtures. Make these use `common.tmpDir` instead.

PR-URL: https://github.com/nodejs/node/pull/3325
Reviewed-By: Joao Reis <reis@janeasystems.com>

test: make temp path customizable

In CI we previously passed `NODE_COMMON_PIPE` to the test runner to
avoid long filenames. Add an option to the test runner that allows the
user to change the temporary directory instead. This also allows us to
run test suites in parallel since `NODE_COMMON_PIPE` otherwise would
have been used from multiple tests at the same time.

PR-URL: https://github.com/nodejs/node/pull/3325
Reviewed-By: Joao Reis <reis@janeasystems.com>

tls_wrap: clear errors on return

Adopt `MarkPopErrorOnReturn` from `node_crypto.cc`, and use it to
clear errors after `SSL_read`/`SSL_write`/`SSL_shutdown` functions.

See: https://github.com/nodejs/node/issues/4485
PR-URL: https://github.com/nodejs/node/pull/4515
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v4.x-staging Commit Metadata:
PR-URL: https://github.com/nodejs/node/pull/4709
Reviewed-By: James M Snell <jasnell@gmail.com>

doc: clarify explanation of first stream section

The last sentence of the explanation for the first stream section
seemed a bit confusing. I tried to change the sentence to clarify it.

Additionally, the sections were turned into a numbered list to be more
clear about which section is being described, and improve readability.

PR-URL: https://github.com/nodejs/node/pull/4234
Reviewed-By: James M Snell <jasnell@gmail.com>

tools: implement no-unused-vars for eslint

PR-URL: https://github.com/nodejs/node/pull/4536
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

test: remove unused vars from parallel tests

Remove all remaining unused variables from tests in test/parallel.

PR-URL: https://github.com/nodejs/node/pull/4511
Reviewed-By: James M Snell<jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>

test: remove unused variables form http tests

The http tests seem especially prone to including unused variables.
This change removes them.

PR-URL: https://github.com/nodejs/node/pull/4422
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>

test: extend timeout in Debug mode

Debug mode slows execution speed. There is work afoot to enable Debug
mode runs on the continuous integration infrastructure for the project.
Some tests are timing out, such as test-net-GH-5504.js.

This change doubles the timeout returned from `common.platformTimeout()`
when running in Debug mode. It also removes an unused variable from the
aforementioned test-net-GH-5504.js.

PR-URL: https://github.com/nodejs/node/pull/4431
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>