* openssl: upgrade to 1.0.1m (Addressing multiple CVEs)

* uv: update to 0.10.36 (CVE-2015-0278)

* domains: fix stack clearing after error handled (Jonas Dohse)

* buffer: reword Buffer.concat error message (Chris Dickinson)

* console: allow Object.prototype fields as labels (Julien Gilli)

* V8: log version in profiler log file (Ben Noordhuis)

* http: fix performance regression for GET requests (Florin-Cristian Gavrila)

* openssl: update to 1.0.1l

* v8: Fix debugger and strict mode regression (Julien Gilli)

* v8: don't busy loop in cpu profiler thread (Ben Noordhuis)

* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)

* timers: don't close interval timers when unrefd (Julien Gilli)

* timers: don't mutate unref list while iterating it (Julien Gilli)

* uv: update to v0.10.30

* zlib: upgrade to v1.2.8

* child_process: check execFile args is an array (Sam Roberts)

* child_process: check fork args is an array (Sam Roberts)

* crypto: update root certificates (Ben Noordhuis)

* domains: fix issues with abort on uncaught (Julien Gilli)

* timers: Avoid linear scan in _unrefActive. (Julien Gilli)

* timers: fix unref() memory leak (Trevor Norris)

* v8: add api for aborting on uncaught exception (Julien Gilli)

* debugger: fix when using "use strict" (Julien Gilli)

* openssl: Update to 1.0.1j (Addressing multiple CVEs)

* uv: Update to v0.10.29

* child_process: properly support optional args (cjihrig)

* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny,
Timothy J Fontaine, Alexis Campailla)

This is a behavior change, by default we will not allow the negotiation to
SSLv2 or SSLv3. If you want this behavior, run Node.js with either
`--enable-ssl2` or `--enable-ssl3` respectively.

This does not change the behavior for users specifically requesting
`SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
assumed you know what you're doing since you're specifically asking to use
these methods.

* npm: Update to 1.4.28

* v8: fix a crash introduced by previous release (Fedor Indutny)

* configure: add --openssl-no-asm flag (Fedor Indutny)

* crypto: use domains for any callback-taking method (Chris Dickinson)

* http: do not send `0rnrn` in TE HEAD responses (Fedor Indutny)

* querystring: fix unescape override (Tristan Berger)

* url: Add support for RFC 3490 separators (Mathias Bynens)

* v8: backport CVE-2013-6668

* openssl: Update to v1.0.1i

* npm: Update to v1.4.23

* cluster: disconnect should not be synchronous (Sam Roberts)

* fs: fix fs.readFileSync fd leak when get RangeError (Jackson Tian)

* stream: fix Readable.wrap objectMode falsy values (James Halliday)

* timers: fix timers with non-integer delay hanging. (Julien Gilli)

* uv: Upgrade to v0.10.28

* npm: Upgrade to v1.4.21

* v8: Interrupts must not mask stack overflow.

* Revert "stream: start old-mode read in a next tick" (Fedor Indutny)

* buffer: fix sign overflow in `readUIn32BE` (Fedor Indutny)

* buffer: improve {read,write}{U}Int* methods (Nick Apperson)

* child_process: handle writeUtf8String error (Fedor Indutny)

* deps: backport 4ed5fde4f from v8 upstream (Fedor Indutny)

* deps: cherry-pick eca441b2 from OpenSSL (Fedor Indutny)

* lib: remove and restructure calls to isNaN() (cjihrig)

* module: eliminate double `getenv()` (Maciej Małecki)

* stream2: flush extant data on read of ended stream (Chris Dickinson)

* streams: remove unused require('assert') (Rod Vagg)

* timers: backport f8193ab (Julien Gilli)

* util.h: interface compatibility (Oguz Bastemur)

* zlib: do not crash on write after close (Fedor Indutny)

fixes #7793