Merge mozilla-central to b2g-inbound
authorCarsten "Tomcat" Book <cbook@mozilla.com>
Mon, 10 Mar 2014 12:49:34 +0100
changeset 190965 2a16340cd6d5f203f2d9ad6cfbf0192cc368a4f8
parent 190964 9268af2224adecd7c1bda9415d432c5d2f5b041e (current diff)
parent 190943 923f1411f42f722cac39cbd5ad381e92ef9bb436 (diff)
child 190966 0c2dd5c132fb4223b61e00caf29d589a30a55d1d
push id474
push userasasaki@mozilla.com
push dateMon, 02 Jun 2014 21:01:02 +0000
treeherdermozilla-release@967f4cf1b31c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
milestone30.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Merge mozilla-central to b2g-inbound
--- a/dom/base/nsDOMWindowUtils.cpp
+++ b/dom/base/nsDOMWindowUtils.cpp
@@ -3609,62 +3609,98 @@ nsDOMWindowUtils::RunBeforeNextEvent(nsI
   if (!appShell) {
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   return appShell->RunBeforeNextEvent(runnable);
 }
 
 NS_IMETHODIMP
-nsDOMWindowUtils::GetOMTAOrComputedStyle(nsIDOMNode* aNode,
-                                         const nsAString& aProperty,
-                                         nsAString& aResult)
+nsDOMWindowUtils::GetOMTAStyle(nsIDOMElement* aElement,
+                               const nsAString& aProperty,
+                               nsAString& aResult)
 {
-  aResult.Truncate();
-  ErrorResult rv;
-  nsCOMPtr<Element> element = do_QueryInterface(aNode);
+  if (!nsContentUtils::IsCallerChrome()) {
+    return NS_ERROR_DOM_SECURITY_ERR;
+  }
+
+  nsCOMPtr<Element> element = do_QueryInterface(aElement);
   if (!element) {
     return NS_ERROR_INVALID_ARG;
   }
 
   nsRefPtr<nsROCSSPrimitiveValue> cssValue = nullptr;
   nsIFrame* frame = element->GetPrimaryFrame();
   if (frame && nsLayoutUtils::AreAsyncAnimationsEnabled()) {
     if (aProperty.EqualsLiteral("opacity")) {
-      Layer* layer = FrameLayerBuilder::GetDedicatedLayer(frame, nsDisplayItem::TYPE_OPACITY);
+      Layer* layer =
+        FrameLayerBuilder::GetDedicatedLayer(frame,
+                                             nsDisplayItem::TYPE_OPACITY);
       if (layer) {
         float value;
         ShadowLayerForwarder* forwarder = layer->Manager()->AsShadowForwarder();
         if (forwarder && forwarder->HasShadowManager()) {
-          forwarder->GetShadowManager()->SendGetOpacity(layer->AsShadowableLayer()->GetShadow(), &value);
+          forwarder->GetShadowManager()->SendGetOpacity(
+            layer->AsShadowableLayer()->GetShadow(), &value);
           cssValue = new nsROCSSPrimitiveValue;
           cssValue->SetNumber(value);
         }
       }
     } else if (aProperty.EqualsLiteral("transform")) {
-      Layer* layer = FrameLayerBuilder::GetDedicatedLayer(frame, nsDisplayItem::TYPE_TRANSFORM);
+      Layer* layer =
+        FrameLayerBuilder::GetDedicatedLayer(frame,
+                                             nsDisplayItem::TYPE_TRANSFORM);
       if (layer) {
-        gfx3DMatrix matrix;
         ShadowLayerForwarder* forwarder = layer->Manager()->AsShadowForwarder();
         if (forwarder && forwarder->HasShadowManager()) {
-          forwarder->GetShadowManager()->SendGetTransform(layer->AsShadowableLayer()->GetShadow(), &matrix);
-          cssValue = nsComputedDOMStyle::MatrixToCSSValue(matrix);
+          MaybeTransform transform;
+          forwarder->GetShadowManager()->SendGetAnimationTransform(
+            layer->AsShadowableLayer()->GetShadow(), &transform);
+          if (transform.type() == MaybeTransform::Tgfx3DMatrix) {
+            cssValue =
+              nsComputedDOMStyle::MatrixToCSSValue(transform.get_gfx3DMatrix());
+          }
         }
       }
     }
   }
 
   if (cssValue) {
     nsString text;
+    ErrorResult rv;
     cssValue->GetCssText(text, rv);
     aResult.Assign(text);
     return rv.ErrorCode();
+  } else {
+    aResult.Truncate();
   }
 
-  nsCOMPtr<nsIDOMElement> elem = do_QueryInterface(element);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDOMWindowUtils::GetOMTAOrComputedStyle(nsIDOMElement* aElement,
+                                         const nsAString& aProperty,
+                                         nsAString& aResult)
+{
+  if (!nsContentUtils::IsCallerChrome()) {
+    return NS_ERROR_DOM_SECURITY_ERR;
+  }
+
+  // Try to get OMTA style
+  nsresult rv = GetOMTAStyle(aElement, aProperty, aResult);
+  if (NS_FAILED(rv) || !aResult.IsEmpty()) {
+    return rv;
+  }
+
+  // Otherwise, fall back to computed style
+  nsCOMPtr<Element> element = do_QueryInterface(aElement);
+  if (!element) {
+    return NS_ERROR_INVALID_ARG;
+  }
   nsCOMPtr<nsIDOMCSSStyleDeclaration> style;
-  nsresult res = element->GetCurrentDoc()->GetWindow()->
-    GetComputedStyle(elem, aProperty, getter_AddRefs(style));
-  NS_ENSURE_SUCCESS(res, res);
+  rv = element->GetCurrentDoc()->GetWindow()->
+    GetComputedStyle(aElement, aProperty, getter_AddRefs(style));
+  NS_ENSURE_SUCCESS(rv, rv);
 
   return style->GetPropertyValue(aProperty, aResult);
 }
 
--- a/dom/base/nsJSUtils.cpp
+++ b/dom/base/nsJSUtils.cpp
@@ -115,22 +115,16 @@ nsJSUtils::ReportPendingException(JSCont
       // information from it to script via onerror handlers.  So it's very
       // important that the duck typing happen in the same compartment as the
       // onerror handler.  In practice, that's the compartment of the window (or
       // otherwise default global) of aContext, so use that here.
       nsIScriptContext* scx = GetScriptContextFromJSContext(aContext);
       JS::Rooted<JSObject*> scope(aContext);
       scope = scx ? scx->GetWindowProxy()
                   : js::DefaultObjectForContextOrNull(aContext);
-      if (!scope) {
-        // The SafeJSContext has no default object associated with it.
-        MOZ_ASSERT(NS_IsMainThread());
-        MOZ_ASSERT(aContext == nsContentUtils::GetSafeJSContext());
-        scope = xpc::GetSafeJSContextGlobal();
-      }
       JSAutoCompartment ac(aContext, scope);
       JS_ReportPendingException(aContext);
     }
     if (saved) {
       JS_RestoreFrameChain(aContext);
     }
   }
 }
--- a/dom/interfaces/base/nsIDOMWindowUtils.idl
+++ b/dom/interfaces/base/nsIDOMWindowUtils.idl
@@ -38,17 +38,17 @@ interface nsIDOMFile;
 interface nsIFile;
 interface nsIDOMTouch;
 interface nsIDOMClientRect;
 interface nsIURI;
 interface nsIDOMEventTarget;
 interface nsIRunnable;
 interface nsICompositionStringSynthesizer;
 
-[scriptable, uuid(ce671a4a-92bb-11e3-b2d0-2c27d728e7f9)]
+[scriptable, uuid(c378a808-7474-403a-8e5c-7d9ff052b0c1)]
 interface nsIDOMWindowUtils : nsISupports {
 
   /**
    * Image animation mode of the window. When this attribute's value
    * is changed, the implementation should set all images in the window
    * to the given value. That is, when set to kDontAnimMode, all images
    * will stop animating. The attribute's value must be one of the
    * animationMode values from imgIContainer.
@@ -1552,14 +1552,22 @@ interface nsIDOMWindowUtils : nsISupport
     * event then the runnable will not be run until that loop has terminated.
     *
     * XXX - This can wreak havoc if you're not using this for very simple
     * purposes, eg testing or setting a flag.
     */
    void runBeforeNextEvent(in nsIRunnable runnable);
 
    /*
-    * Returns the value of a given property.  If the property is animated off the
-    * main thread, this function will fetch the correct value from the compositor.
+    * Returns the value of a given property animated on the compositor thread.
+    * If the property is NOT currently being animated on the compositor thread,
+    * returns an empty string.
     */
-   AString getOMTAOrComputedStyle(in nsIDOMNode aNode,
+   AString getOMTAStyle(in nsIDOMElement aElement, in AString aProperty);
+
+   /*
+    * Returns the value of a given property.  If the property is animated off
+    * the main thread, this function will fetch the correct value from the
+    * compositor.
+    */
+   AString getOMTAOrComputedStyle(in nsIDOMElement aElement,
                                   in AString aProperty);
 };
--- a/dom/network/src/UDPSocketChild.cpp
+++ b/dom/network/src/UDPSocketChild.cpp
@@ -15,16 +15,17 @@ NS_IMPL_ISUPPORTS1(UDPSocketChildBase, n
 UDPSocketChildBase::UDPSocketChildBase()
 : mIPCOpen(false)
 {
 }
 
 UDPSocketChildBase::~UDPSocketChildBase()
 {
 }
+
 void
 UDPSocketChildBase::ReleaseIPDLReference()
 {
   MOZ_ASSERT(mIPCOpen);
   mIPCOpen = false;
   this->Release();
 }
 
@@ -193,17 +194,17 @@ UDPSocketChild::RecvCallback(const nsCSt
     const UDPAddressInfo& addressInfo(aData.get_UDPAddressInfo());
     mLocalAddress = addressInfo.local();
     mLocalPort = addressInfo.port();
     rv = mSocket->CallListenerVoid(aType);
   } else if (aData.type() == UDPCallbackData::TUDPSendResult) {
     const UDPSendResult& returnValue(aData.get_UDPSendResult());
     rv = mSocket->CallListenerSent(aType, returnValue.value());
   } else {
-    MOZ_ASSERT("Invalid callback type!");
+    MOZ_ASSERT(false, "Invalid callback type!");
   }
 
   NS_ENSURE_SUCCESS(rv, true);
 
   return true;
 }
 
 } // namespace dom
--- a/dom/network/src/UDPSocketParent.cpp
+++ b/dom/network/src/UDPSocketParent.cpp
@@ -40,17 +40,17 @@ ConvertNetAddrToString(mozilla::net::Net
     bufSize = mozilla::net::kIPv4CStrBufSize;
     break;
   case AF_INET6:
     *port = PR_ntohs(netAddr.inet6.port);
     bufSize = mozilla::net::kIPv6CStrBufSize;
     break;
   default:
     //impossible
-    MOZ_ASSERT("Unexpected address family");
+    MOZ_ASSERT(false, "Unexpected address family");
     return NS_ERROR_INVALID_ARG;
   }
 
   address->SetCapacity(bufSize);
   NetAddrToString(&netAddr, address->BeginWriting(), bufSize);
   address->SetLength(strlen(address->BeginReading()));
 
   return NS_OK;
--- a/gfx/layers/ipc/CompositorParent.cpp
+++ b/gfx/layers/ipc/CompositorParent.cpp
@@ -325,18 +325,17 @@ CompositorParent::RecvMakeSnapshot(const
 }
 
 bool
 CompositorParent::RecvFlushRendering()
 {
   // If we're waiting to do a composite, then cancel it
   // and do it immediately instead.
   if (mCurrentCompositeTask) {
-    mCurrentCompositeTask->Cancel();
-    mCurrentCompositeTask = nullptr;
+    CancelCurrentCompositeTask();
     ForceComposeToTarget(nullptr);
   }
   return true;
 }
 
 bool
 CompositorParent::RecvNotifyRegionInvalidated(const nsIntRegion& aRegion)
 {
@@ -371,19 +370,25 @@ bool
 CompositorParent::RecvSetTestSampleTime(const TimeStamp& aTime)
 {
   if (aTime.IsNull()) {
     return false;
   }
 
   mIsTesting = true;
   mTestTime = aTime;
-  if (mCompositionManager) {
-    mCompositionManager->TransformShadowTree(aTime);
+
+  // Update but only if we were already scheduled to animate
+  if (mCompositionManager && mCurrentCompositeTask) {
+    bool requestNextFrame = mCompositionManager->TransformShadowTree(aTime);
+    if (!requestNextFrame) {
+      CancelCurrentCompositeTask();
+    }
   }
+
   return true;
 }
 
 bool
 CompositorParent::RecvLeaveTestMode()
 {
   mIsTesting = false;
   return true;
@@ -460,16 +465,25 @@ void
 CompositorParent::ForceComposition()
 {
   // Cancel the orientation changed state to force composition
   mForceCompositionTask = nullptr;
   ScheduleRenderOnCompositorThread();
 }
 
 void
+CompositorParent::CancelCurrentCompositeTask()
+{
+  if (mCurrentCompositeTask) {
+    mCurrentCompositeTask->Cancel();
+    mCurrentCompositeTask = nullptr;
+  }
+}
+
+void
 CompositorParent::SetEGLSurfaceSize(int width, int height)
 {
   NS_ASSERTION(mUseExternalSurfaceSize, "Compositor created without UseExternalSurfaceSize provided");
   mEGLSurfaceSize.SizeTo(width, height);
   if (mCompositor) {
     mCompositor->SetDestinationSurfaceSize(gfx::IntSize(mEGLSurfaceSize.width, mEGLSurfaceSize.height));
   }
 }
@@ -752,22 +766,32 @@ CompositorParent::ShadowLayersUpdated(La
 
   if (mApzcTreeManager) {
     AutoResolveRefLayers resolve(mCompositionManager);
     mApzcTreeManager->UpdatePanZoomControllerTree(this, root, aIsFirstPaint, mRootLayerTreeID);
   }
 
   if (root) {
     SetShadowProperties(root);
-    if (mIsTesting) {
-      mCompositionManager->TransformShadowTree(mTestTime);
-    }
   }
   if (aScheduleComposite) {
     ScheduleComposition();
+    // When testing we synchronously update the shadow tree with the animated
+    // values to avoid race conditions when calling GetAnimationTransform etc.
+    // (since the above SetShadowProperties will remove animation effects).
+    // However, we only do this update when a composite operation is already
+    // scheduled in order to better match the behavior under regular sampling
+    // conditions.
+    if (mIsTesting && root && mCurrentCompositeTask) {
+      bool requestNextFrame =
+        mCompositionManager->TransformShadowTree(mTestTime);
+      if (!requestNextFrame) {
+        CancelCurrentCompositeTask();
+      }
+    }
   }
   mLayerManager->NotifyShadowTreeTransaction();
 }
 
 void
 CompositorParent::ForceComposite(LayerTransactionParent* aLayerTree)
 {
   ScheduleComposition();
--- a/gfx/layers/ipc/CompositorParent.h
+++ b/gfx/layers/ipc/CompositorParent.h
@@ -244,16 +244,17 @@ protected:
   void SetEGLSurfaceSize(int width, int height);
 
 private:
   void InitializeLayerManager(const nsTArray<LayersBackend>& aBackendHints);
   void PauseComposition();
   void ResumeComposition();
   void ResumeCompositionAndResize(int width, int height);
   void ForceComposition();
+  void CancelCurrentCompositeTask();
 
   inline static PlatformThreadId CompositorThreadID();
 
   /**
    * Creates a global map referencing each compositor by ID.
    *
    * This map is used by the ImageBridge protocol to trigger
    * compositions without having to keep references to the
--- a/gfx/layers/ipc/LayerTransactionParent.cpp
+++ b/gfx/layers/ipc/LayerTransactionParent.cpp
@@ -27,16 +27,17 @@
 #include "mozilla/layers/LayersSurfaces.h"  // for PGrallocBufferParent
 #include "mozilla/layers/LayersTypes.h"  // for MOZ_LAYERS_LOG
 #include "mozilla/layers/PCompositableParent.h"
 #include "mozilla/layers/PLayerParent.h"  // for PLayerParent
 #include "mozilla/layers/ThebesLayerComposite.h"
 #include "mozilla/mozalloc.h"           // for operator delete, etc
 #include "nsCoord.h"                    // for NSAppUnitsToFloatPixels
 #include "nsDebug.h"                    // for NS_RUNTIMEABORT
+#include "nsDeviceContext.h"            // for AppUnitsPerCSSPixel
 #include "nsISupportsImpl.h"            // for Layer::Release, etc
 #include "nsLayoutUtils.h"              // for nsLayoutUtils
 #include "nsMathUtils.h"                // for NS_round
 #include "nsPoint.h"                    // for nsPoint
 #include "nsTArray.h"                   // for nsTArray, nsTArray_Impl, etc
 #include "GeckoProfiler.h"
 #include "mozilla/layers/TextureHost.h"
 #include "mozilla/layers/AsyncCompositionManager.h"
@@ -563,54 +564,88 @@ LayerTransactionParent::RecvGetOpacity(P
     return false;
   }
 
   *aOpacity = layer->GetLocalOpacity();
   return true;
 }
 
 bool
-LayerTransactionParent::RecvGetTransform(PLayerParent* aParent,
-                                         gfx3DMatrix* aTransform)
+LayerTransactionParent::RecvGetAnimationTransform(PLayerParent* aParent,
+                                                  MaybeTransform* aTransform)
 {
   if (mDestroyed || !layer_manager() || layer_manager()->IsDestroyed()) {
     return false;
   }
 
+  Layer* layer = cast(aParent)->AsLayer();
+  if (!layer) {
+    return false;
+  }
+
+  // This method is specific to transforms applied by animation.
+  // This is because this method uses the information stored with an animation
+  // such as the origin of the reference frame corresponding to the layer, to
+  // recover the untranslated transform from the shadow transform. For
+  // transforms that are not set by animation we don't have this information
+  // available.
+  if (!layer->AsLayerComposite()->GetShadowTransformSetByAnimation()) {
+    *aTransform = mozilla::void_t();
+    return true;
+  }
+
   // The following code recovers the untranslated transform
   // from the shadow transform by undoing the translations in
   // AsyncCompositionManager::SampleValue.
-  Layer* layer = cast(aParent)->AsLayer();
-  if (!layer) {
-    return false;
-  }
-  gfx::To3DMatrix(layer->AsLayerComposite()->GetShadowTransform(), *aTransform);
+
+  gfx3DMatrix transform;
+  gfx::To3DMatrix(layer->AsLayerComposite()->GetShadowTransform(), transform);
   if (ContainerLayer* c = layer->AsContainerLayer()) {
-    aTransform->ScalePost(1.0f/c->GetInheritedXScale(),
-                          1.0f/c->GetInheritedYScale(),
-                          1.0f);
+    // Undo the scale transform applied by AsyncCompositionManager::SampleValue
+    transform.ScalePost(1.0f/c->GetInheritedXScale(),
+                        1.0f/c->GetInheritedYScale(),
+                        1.0f);
   }
   float scale = 1;
   gfxPoint3D scaledOrigin;
   gfxPoint3D transformOrigin;
   for (uint32_t i=0; i < layer->GetAnimations().Length(); i++) {
     if (layer->GetAnimations()[i].data().type() == AnimationData::TTransformData) {
       const TransformData& data = layer->GetAnimations()[i].data().get_TransformData();
       scale = data.appUnitsPerDevPixel();
       scaledOrigin =
         gfxPoint3D(NS_round(NSAppUnitsToFloatPixels(data.origin().x, scale)),
                    NS_round(NSAppUnitsToFloatPixels(data.origin().y, scale)),
                    0.0f);
-      transformOrigin = data.transformOrigin();
+      double cssPerDev =
+        double(nsDeviceContext::AppUnitsPerCSSPixel()) / double(scale);
+      transformOrigin = data.transformOrigin() * cssPerDev;
       break;
     }
   }
 
-  aTransform->Translate(-scaledOrigin);
-  *aTransform = nsLayoutUtils::ChangeMatrixBasis(-scaledOrigin - transformOrigin, *aTransform);
+  // Undo the translation to the origin of the reference frame applied by
+  // AsyncCompositionManager::SampleValue
+  transform.Translate(-scaledOrigin);
+
+  // Undo the rebasing applied by
+  // nsDisplayTransform::GetResultingTransformMatrixInternal
+  transform = nsLayoutUtils::ChangeMatrixBasis(-scaledOrigin - transformOrigin,
+                                               transform);
+
+  // Convert to CSS pixels (this undoes the operations performed by
+  // nsStyleTransformMatrix::ProcessTranslatePart which is called from
+  // nsDisplayTransform::GetResultingTransformMatrix)
+  double devPerCss =
+    double(scale) / double(nsDeviceContext::AppUnitsPerCSSPixel());
+  transform._41 *= devPerCss;
+  transform._42 *= devPerCss;
+  transform._43 *= devPerCss;
+
+  *aTransform = transform;
   return true;
 }
 
 bool
 LayerTransactionParent::Attach(ShadowLayerParent* aLayerParent,
                                CompositableParent* aCompositable,
                                bool aIsAsyncVideo)
 {
--- a/gfx/layers/ipc/LayerTransactionParent.h
+++ b/gfx/layers/ipc/LayerTransactionParent.h
@@ -90,18 +90,19 @@ protected:
                                 const TargetConfig& targetConfig,
                                 const bool& isFirstPaint,
                                 const bool& scheduleComposite) MOZ_OVERRIDE;
 
   virtual bool RecvClearCachedResources() MOZ_OVERRIDE;
   virtual bool RecvForceComposite() MOZ_OVERRIDE;
   virtual bool RecvGetOpacity(PLayerParent* aParent,
                               float* aOpacity) MOZ_OVERRIDE;
-  virtual bool RecvGetTransform(PLayerParent* aParent,
-                                gfx3DMatrix* aTransform) MOZ_OVERRIDE;
+  virtual bool RecvGetAnimationTransform(PLayerParent* aParent,
+                                         MaybeTransform* aTransform)
+                                         MOZ_OVERRIDE;
 
   virtual PGrallocBufferParent*
   AllocPGrallocBufferParent(const IntSize& aSize,
                             const uint32_t& aFormat, const uint32_t& aUsage,
                             MaybeMagicGrallocBufferHandle* aOutHandle) MOZ_OVERRIDE;
   virtual bool
   DeallocPGrallocBufferParent(PGrallocBufferParent* actor) MOZ_OVERRIDE;
 
--- a/gfx/layers/ipc/PLayerTransaction.ipdl
+++ b/gfx/layers/ipc/PLayerTransaction.ipdl
@@ -12,28 +12,34 @@ include protocol PCompositor;
 include protocol PGrallocBuffer;
 include protocol PLayer;
 include protocol PRenderFrame;
 include protocol PTexture;
 
 include "mozilla/GfxMessageUtils.h";
 
 using struct mozilla::layers::TextureInfo from "mozilla/layers/CompositorTypes.h";
+using struct mozilla::void_t from "ipc/IPCMessageUtils.h";
 
 /**
  * The layers protocol is spoken between thread contexts that manage
  * layer (sub)trees.  The protocol comprises atomically publishing
  * layer subtrees to a "shadow" thread context (which grafts the
  * subtree into its own tree), and atomically updating a published
  * subtree.  ("Atomic" in this sense is wrt painting.)
  */
 
 namespace mozilla {
 namespace layers {
 
+union MaybeTransform {
+  gfx3DMatrix;
+  void_t;
+};
+
 sync protocol PLayerTransaction {
   manager PRenderFrame or PCompositor;
   manages PLayer;
   manages PCompositable;
   manages PGrallocBuffer;
   manages PTexture;
 
 parent:
@@ -71,17 +77,23 @@ parent:
   async PTexture(SurfaceDescriptor aSharedData, uint32_t aTextureFlags);
 
   // The isFirstPaint flag can be used to indicate that this is the first update
   // for a particular document.
   sync Update(Edit[] cset, TargetConfig targetConfig, bool isFirstPaint, bool scheduleComposite)
     returns (EditReply[] reply);
 
   sync GetOpacity(PLayer layer) returns (float opacity);
-  sync GetTransform(PLayer layer) returns (gfx3DMatrix transform);
+
+  // Returns the value of the transform applied to the layer by animation after
+  // factoring out translation components introduced to account for the offset
+  // of the corresponding frame and transform origin and after converting to CSS
+  // pixels. If the layer is not transformed by animation, the return value will
+  // be void_t.
+  sync GetAnimationTransform(PLayer layer) returns (MaybeTransform transform);
 
   // We don't need to send a sync transaction if
   // no transaction operate require a swap.
   async UpdateNoSwap(Edit[] cset, TargetConfig targetConfig, bool isFirstPaint, bool scheduleComposite);
 
   // Drop any front buffers that might be retained on the compositor
   // side.
   async ClearCachedResources();
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -266,17 +266,17 @@ static const struct ParamPair {
     {"gcBytes",             JSGC_BYTES},
     {"gcNumber",            JSGC_NUMBER},
     {"sliceTimeBudget",     JSGC_SLICE_TIME_BUDGET},
     {"markStackLimit",      JSGC_MARK_STACK_LIMIT}
 };
 
 // Keep this in sync with above params.
 #define GC_PARAMETER_ARGS_LIST "maxBytes, maxMallocBytes, gcBytes, gcNumber, sliceTimeBudget, or markStackLimit"
- 
+
 static bool
 GCParameter(JSContext *cx, unsigned argc, Value *vp)
 {
     CallArgs args = CallArgsFromVp(argc, vp);
 
     JSString *str = ToString(cx, args.get(0));
     if (!str)
         return false;
@@ -315,16 +315,21 @@ GCParameter(JSContext *cx, unsigned argc
         return false;
 
     if (!value) {
         JS_ReportError(cx, "the second argument must be convertable to uint32_t "
                            "with non-zero value");
         return false;
     }
 
+    if (param == JSGC_MARK_STACK_LIMIT && IsIncrementalGCInProgress(cx->runtime())) {
+        JS_ReportError(cx, "attempt to set markStackLimit while a GC is in progress");
+        return false;
+    }
+
     if (param == JSGC_MAX_BYTES) {
         uint32_t gcBytes = JS_GetGCParameter(cx->runtime(), JSGC_BYTES);
         if (value < gcBytes) {
             JS_ReportError(cx,
                            "attempt to set maxBytes to the value less than the current "
                            "gcBytes (%u)",
                            gcBytes);
             return false;
--- a/js/src/jscompartment.h
+++ b/js/src/jscompartment.h
@@ -528,17 +528,16 @@ inline js::Handle<js::GlobalObject*>
 ExclusiveContext::global() const
 {
     /*
      * It's safe to use |unsafeGet()| here because any compartment that is
      * on-stack will be marked automatically, so there's no need for a read
      * barrier on it. Once the compartment is popped, the handle is no longer
      * safe to use.
      */
-    MOZ_ASSERT(compartment_, "Caller needs to enter a compartment first");
     return Handle<GlobalObject*>::fromMarkedLocation(compartment_->global_.unsafeGet());
 }
 
 class AssertCompartmentUnchanged
 {
   public:
     AssertCompartmentUnchanged(JSContext *cx
                                 MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
--- a/js/src/jsfriendapi.cpp
+++ b/js/src/jsfriendapi.cpp
@@ -411,18 +411,16 @@ js::AssertSameCompartment(JSObject *objA
 {
     JS_ASSERT(objA->compartment() == objB->compartment());
 }
 #endif
 
 JS_FRIEND_API(JSObject *)
 js::DefaultObjectForContextOrNull(JSContext *cx)
 {
-    if (cx->options().noDefaultCompartmentObject())
-        return nullptr;
     return cx->maybeDefaultCompartmentObject();
 }
 
 JS_FRIEND_API(void)
 js::SetDefaultObjectForContext(JSContext *cx, JSObject *obj)
 {
     cx->setDefaultCompartmentObject(obj);
 }
--- a/js/xpconnect/src/XPCJSContextStack.cpp
+++ b/js/xpconnect/src/XPCJSContextStack.cpp
@@ -18,21 +18,16 @@ using namespace JS;
 using namespace xpc;
 using mozilla::dom::DestroyProtoAndIfaceCache;
 
 /***************************************************************************/
 
 XPCJSContextStack::~XPCJSContextStack()
 {
     if (mSafeJSContext) {
-        {
-            JSAutoRequest ar(mSafeJSContext);
-            JS_RemoveObjectRoot(mSafeJSContext, &mSafeJSContextGlobal);
-        }
-        mSafeJSContextGlobal = nullptr;
         JS_DestroyContextNoGC(mSafeJSContext);
         mSafeJSContext = nullptr;
     }
 }
 
 JSContext*
 XPCJSContextStack::Pop()
 {
@@ -74,27 +69,27 @@ XPCJSContextStack::Push(JSContext *cx)
     if (e.cx) {
         // The cx we're pushing is also stack-top. In general we still need to
         // call JS_SaveFrameChain here. But if that would put us in a
         // compartment that's same-origin with the current one, we can skip it.
         nsIScriptSecurityManager* ssm = XPCWrapper::GetSecurityManager();
         if ((e.cx == cx) && ssm) {
             // DOM JSContexts don't store their default compartment object on
             // the cx, so in those cases we need to fetch it via the scx
-            // instead. And in some cases (i.e. the SafeJSContext), we have no
-            // default compartment object at all.
+            // instead.
             RootedObject defaultScope(cx, GetDefaultScopeFromJSContext(cx));
-            if (defaultScope) {
-                nsIPrincipal *currentPrincipal =
-                  GetCompartmentPrincipal(js::GetContextCompartment(cx));
-                nsIPrincipal *defaultPrincipal = GetObjectPrincipal(defaultScope);
-                if (currentPrincipal->Equals(defaultPrincipal)) {
-                    mStack.AppendElement(cx);
-                    return true;
-                }
+
+            nsIPrincipal *currentPrincipal =
+              GetCompartmentPrincipal(js::GetContextCompartment(cx));
+            nsIPrincipal *defaultPrincipal = GetObjectPrincipal(defaultScope);
+            bool equal = false;
+            currentPrincipal->Equals(defaultPrincipal, &equal);
+            if (equal) {
+                mStack.AppendElement(cx);
+                return true;
             }
         }
 
         {
             // Push() can be called outside any request for e.cx.
             JSAutoRequest ar(e.cx);
             if (!JS_SaveFrameChain(e.cx))
                 return false;
@@ -142,23 +137,16 @@ const JSClass xpc::SafeJSContextGlobalCl
 
 JSContext*
 XPCJSContextStack::GetSafeJSContext()
 {
     MOZ_ASSERT(mSafeJSContext);
     return mSafeJSContext;
 }
 
-JSObject*
-XPCJSContextStack::GetSafeJSContextGlobal()
-{
-    MOZ_ASSERT(mSafeJSContextGlobal);
-    return mSafeJSContextGlobal;
-}
-
 JSContext*
 XPCJSContextStack::InitSafeJSContext()
 {
     MOZ_ASSERT(!mSafeJSContext);
 
     // Start by getting the principal holder and principal for this
     // context.  If we can't manage that, don't bother with the rest.
     nsRefPtr<nsNullPrincipal> principal = new nsNullPrincipal();
@@ -170,34 +158,38 @@ XPCJSContextStack::InitSafeJSContext()
     JSRuntime *rt = xpc->GetRuntime()->Runtime();
     if (!rt)
         MOZ_CRASH();
 
     mSafeJSContext = JS_NewContext(rt, 8192);
     if (!mSafeJSContext)
         MOZ_CRASH();
     JSAutoRequest req(mSafeJSContext);
-    ContextOptionsRef(mSafeJSContext).setNoDefaultCompartmentObject(true);
 
+    JS::RootedObject glob(mSafeJSContext);
     JS_SetErrorReporter(mSafeJSContext, xpc::SystemErrorReporter);
 
     JS::CompartmentOptions options;
     options.setZone(JS::SystemZone);
-    mSafeJSContextGlobal = CreateGlobalObject(mSafeJSContext,
-                                              &SafeJSContextGlobalClass,
-                                              principal, options);
-    if (!mSafeJSContextGlobal)
+    glob = xpc::CreateGlobalObject(mSafeJSContext, &SafeJSContextGlobalClass, principal, options);
+    if (!glob)
         MOZ_CRASH();
-    JS_AddNamedObjectRoot(mSafeJSContext, &mSafeJSContextGlobal, "SafeJSContext global");
+
+    // Make sure the context is associated with a proper compartment
+    // and not the default compartment.
+    js::SetDefaultObjectForContext(mSafeJSContext, glob);
 
     // Note: make sure to set the private before calling
     // InitClasses
-    nsRefPtr<SandboxPrivate> sp = new SandboxPrivate(principal, mSafeJSContextGlobal);
-    JS_SetPrivate(mSafeJSContextGlobal, sp.forget().get());
+    nsRefPtr<SandboxPrivate> sp = new SandboxPrivate(principal, glob);
+    JS_SetPrivate(glob, sp.forget().get());
 
-    if (NS_FAILED(xpc->InitClasses(mSafeJSContext, mSafeJSContextGlobal)))
+    // After this point either glob is null and the
+    // nsIScriptObjectPrincipal ownership is either handled by the
+    // nsCOMPtr or dealt with, or we'll release in the finalize
+    // hook.
+    if (NS_FAILED(xpc->InitClasses(mSafeJSContext, glob)))
         MOZ_CRASH();
 
-    JS::RootedObject glob(mSafeJSContext, mSafeJSContextGlobal);
     JS_FireOnNewGlobalObject(mSafeJSContext, glob);
 
     return mSafeJSContext;
 }
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@@ -582,22 +582,16 @@ GetJunkScopeGlobal()
     JSObject *junkScope = GetJunkScope();
     // GetJunkScope would ideally never fail, currently it is not yet the case
     // unfortunately...(see Bug 874158)
     if (!junkScope)
         return nullptr;
     return GetNativeForGlobal(junkScope);
 }
 
-JSObject *
-GetSafeJSContextGlobal()
-{
-    return XPCJSRuntime::Get()->GetJSContextStack()->GetSafeJSContextGlobal();
-}
-
 nsGlobalWindow*
 WindowGlobalOrNull(JSObject *aObj)
 {
     MOZ_ASSERT(aObj);
     JSObject *glob = js::GetGlobalForObjectCrossCompartment(aObj);
     MOZ_ASSERT(glob);
 
     // This will always return null until we have Window on WebIDL bindings,
--- a/js/xpconnect/src/nsCxPusher.cpp
+++ b/js/xpconnect/src/nsCxPusher.cpp
@@ -223,17 +223,16 @@ ThreadsafeAutoJSContext::operator JSCont
     return mCx;
   } else {
     return mAutoJSContext.ref();
   }
 }
 
 AutoSafeJSContext::AutoSafeJSContext(MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_IN_IMPL)
   : AutoJSContext(true MOZ_GUARD_OBJECT_NOTIFIER_PARAM_TO_PARENT)
-  , mAc(mCx, XPCJSRuntime::Get()->GetJSContextStack()->GetSafeJSContextGlobal())
 {
 }
 
 ThreadsafeAutoSafeJSContext::ThreadsafeAutoSafeJSContext(MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_IN_IMPL)
 {
   MOZ_GUARD_OBJECT_NOTIFIER_INIT;
 
   if (NS_IsMainThread()) {
--- a/js/xpconnect/src/nsCxPusher.h
+++ b/js/xpconnect/src/nsCxPusher.h
@@ -95,16 +95,17 @@ namespace mozilla {
 class MOZ_STACK_CLASS AutoJSContext {
 public:
   AutoJSContext(MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM);
   operator JSContext*() const;
 
 protected:
   AutoJSContext(bool aSafe MOZ_GUARD_OBJECT_NOTIFIER_PARAM);
 
+private:
   // We need this Init() method because we can't use delegating constructor for
   // the moment. It is a C++11 feature and we do not require C++11 to be
   // supported to be able to compile Gecko.
   void Init(bool aSafe MOZ_GUARD_OBJECT_NOTIFIER_PARAM);
 
   JSContext* mCx;
   Maybe<AutoCxPusher> mPusher;
   MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
@@ -128,18 +129,16 @@ private:
 
 /**
  * AutoSafeJSContext is similar to AutoJSContext but will only return the safe
  * JS context. That means it will never call ::GetCurrentJSContext().
  */
 class MOZ_STACK_CLASS AutoSafeJSContext : public AutoJSContext {
 public:
   AutoSafeJSContext(MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM);
-private:
-  JSAutoCompartment mAc;
 };
 
 /**
  * Like AutoSafeJSContext but can be used safely on worker threads.
  */
 class MOZ_STACK_CLASS ThreadsafeAutoSafeJSContext {
 public:
   ThreadsafeAutoSafeJSContext(MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM);
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@@ -2772,34 +2772,32 @@ void PopJSContextNoScriptContext();
 } /* namespace xpc */
 
 class XPCJSContextStack
 {
 public:
     XPCJSContextStack(XPCJSRuntime *aRuntime)
       : mRuntime(aRuntime)
       , mSafeJSContext(nullptr)
-      , mSafeJSContextGlobal(nullptr)
     { }
 
     virtual ~XPCJSContextStack();
 
     uint32_t Count()
     {
         return mStack.Length();
     }
 
     JSContext *Peek()
     {
         return mStack.IsEmpty() ? nullptr : mStack[mStack.Length() - 1].cx;
     }
 
     JSContext *InitSafeJSContext();
     JSContext *GetSafeJSContext();
-    JSObject *GetSafeJSContextGlobal();
     bool HasJSContext(JSContext *cx);
 
     const InfallibleTArray<XPCJSContextInfo>* GetStack()
     { return &mStack; }
 
 private:
     friend class mozilla::AutoCxPusher;
     friend bool xpc::PushJSContextNoScriptContext(JSContext *aCx);;
@@ -2808,17 +2806,16 @@ private:
     // We make these private so that stack manipulation can only happen
     // through one of the above friends.
     JSContext *Pop();
     bool Push(JSContext *cx);
 
     AutoInfallibleTArray<XPCJSContextInfo, 16> mStack;
     XPCJSRuntime* mRuntime;
     JSContext*  mSafeJSContext;
-    JSObject* mSafeJSContextGlobal;
 };
 
 /***************************************************************************/
 // 'Components' object implementations. nsXPCComponentsBase has the
 // less-privileged stuff that we're willing to expose to XBL.
 
 class nsXPCComponentsBase : public nsIXPCComponentsBase
 {
--- a/js/xpconnect/src/xpcpublic.h
+++ b/js/xpconnect/src/xpcpublic.h
@@ -420,23 +420,16 @@ GetJunkScope();
 /**
  * Returns the native global of the junk scope. See comment of GetJunkScope
  * about the conditions of using it.
  */
 nsIGlobalObject *
 GetJunkScopeGlobal();
 
 /**
- * Returns the dummy global associated with the SafeJSContext. Callers MUST
- * consult with the XPConnect module owner before using this function.
- */
-JSObject *
-GetSafeJSContextGlobal();
-
-/**
  * If |aObj| has a window for a global, returns the associated nsGlobalWindow.
  * Otherwise, returns null.
  */
 nsGlobalWindow*
 WindowGlobalOrNull(JSObject *aObj);
 
 // Error reporter used when there is no associated DOM window on to which to
 // report errors and warnings.
--- a/layout/reftests/svg/smil/event/reftest.list
+++ b/layout/reftests/svg/smil/event/reftest.list
@@ -1,32 +1,32 @@
 # Tests related to SVG Animation (using SMIL) that use event timing.
 
-skip-if(B2G) == event-begin-1.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == event-begin-offset-1.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == event-begin-offset-2.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == event-begin-timeevent-1.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == event-begin-timeevent-2.svg green-box-ref.svg # bug 773482
-skip-if(B2G) random-if(Android) == event-begin-timeevent-3.svg green-box-ref.svg # bug 773482
+== event-begin-1.svg green-box-ref.svg
+== event-begin-offset-1.svg green-box-ref.svg
+== event-begin-offset-2.svg green-box-ref.svg
+== event-begin-timeevent-1.svg green-box-ref.svg
+== event-begin-timeevent-2.svg green-box-ref.svg
+random-if(Android) == event-begin-timeevent-3.svg green-box-ref.svg
 == event-begin-load-1.svg green-box-ref.svg
 == event-bubble-1.svg green-box-ref.svg
 == event-custom-1.svg green-box-ref.svg
 == event-end-1.svg green-box-ref.svg
-skip-if(B2G) == event-end-2.svg green-box-ref.svg # bug 773482
+== event-end-2.svg green-box-ref.svg
 == event-end-open-1.svg green-box-ref.svg
-skip-if(B2G) == event-end-trimmed-1.svg green-box-ref.svg
+== event-end-trimmed-1.svg green-box-ref.svg
 == event-preventDefault-1.svg green-box-ref.svg
-skip-if(B2G) == event-seek-1.svg green-box-ref.svg
+== event-seek-1.svg green-box-ref.svg
 == event-target-default-1.svg green-box-ref.svg
-skip-if(B2G) == event-target-default-2.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == event-target-id-change-1.svg green-box-ref.svg # bug 773482
+== event-target-default-2.svg green-box-ref.svg
+== event-target-id-change-1.svg green-box-ref.svg
 == event-target-id-change-2.svg green-box-ref.svg
 == event-target-id-change-3.svg green-box-ref.svg
 == event-target-xlink-change-1.svg green-box-ref.svg
 == event-target-xlink-change-2.svg green-box-ref.svg
 == event-target-xlink-change-3.svg green-box-ref.svg
 == event-target-xlink-change-4.svg green-box-ref.svg
 == event-target-surgery-1.svg green-box-ref.svg
 == event-target-surgery-2.svg green-box-ref.svg
 == event-target-surgery-3.svg green-box-ref.svg
 == event-target-non-svg-1.xhtml green-box-ref.xhtml
-skip-if(B2G) == accesskey-entity-1.svg green-box-ref.svg
-skip-if(B2G) == accesskey-entity-2.svg green-box-ref.svg # bug 773482
+== accesskey-entity-1.svg green-box-ref.svg
+== accesskey-entity-2.svg green-box-ref.svg
--- a/layout/reftests/svg/smil/motion/reftest.list
+++ b/layout/reftests/svg/smil/motion/reftest.list
@@ -1,21 +1,21 @@
 # Tests related to SVG Animation (using SMIL), focusing on the animateMotion
 # element.
 
-skip-if(B2G) random-if(Android&&AndroidVersion>=15) == animateMotion-by-1.svg      lime.svg # bug 773482
-skip-if(B2G) random-if(Android&&AndroidVersion>=15) == animateMotion-by-2.svg      lime.svg # bug 773482
+== animateMotion-by-1.svg      lime.svg
+== animateMotion-by-2.svg      lime.svg
 fuzzy-if(/^Windows\x20NT\x206\.2/.test(http.oscpu),1,800) == animateMotion-flattening-1.svg lime.svg # bug 951541
-skip-if(B2G) == animateMotion-from-to-1.svg lime.svg # bug 773482
+== animateMotion-from-to-1.svg lime.svg
 == animateMotion-indefinite-to-1.svg lime.svg
 == animateMotion-indefinite-to-2.svg lime.svg
-skip-if(B2G) random-if(Android&&AndroidVersion>=15) == animateMotion-rotate-1a.svg lime.svg # bug 773482
-skip-if(B2G) random-if(Android&&AndroidVersion>=15) == animateMotion-rotate-1b.svg lime.svg # bug 773482
+== animateMotion-rotate-1a.svg lime.svg
+== animateMotion-rotate-1b.svg lime.svg
 == animateMotion-rotate-2.svg  lime.svg
 == animateMotion-to-overridden-1.svg lime.svg
 == animateMotion-values-linear-1.svg animateMotion-values-linear-1-ref.svg
 == animateMotion-values-paced-1a.svg animateMotion-values-paced-1-ref.svg
 == animateMotion-values-paced-1b.svg animateMotion-values-paced-1-ref.svg
 
 # Tests involving <mpath> sub-element
-skip-if(B2G) == animateMotion-mpath-pathLength-1.svg lime.svg # bug 773482
-skip-if(B2G) == animateMotion-mpath-targetChange-1.svg lime.svg # bug 773482
+== animateMotion-mpath-pathLength-1.svg lime.svg
+== animateMotion-mpath-targetChange-1.svg lime.svg
 == animateMotion-mpath-target-transform-1.svg lime.svg
--- a/layout/reftests/svg/smil/reftest.list
+++ b/layout/reftests/svg/smil/reftest.list
@@ -13,26 +13,26 @@
 #    * Animation-related bits of http://www.w3.org/TR/SVG/struct.html#DOMInterfaces
 #   - Some more "anim-retarget" tests, with attributeType being changed/cleared.
 #     (after we've got support for SVG/SMIL animation of CSS properties)
 
 # animateMotion tests
 include motion/reftest.list
 
 # animation sort-order tests
-skip-if(B2G) include sort/reftest.list
+include sort/reftest.list
 
 # set tests
 include set/reftest.list
 
 # style tests
 include style/reftest.list
 
 # animateTransform tests
-skip-if(B2G) include transform/reftest.list
+include transform/reftest.list
 
 # time-dependent tests
 # XXXdholbert Disabling this class of tests for now, because most of them
 # can & should be converted so they don't depend on specific timeout values.
 # (to prevent sporadic failures due to nondeterminism)
 # include timed/reftest.list
 
 # time container tests
@@ -43,124 +43,124 @@ include repeat/reftest.list
 
 # restart tests
 include restart/reftest.list
 
 # pause tests
 include pause/reftest.list
 
 # syncbase tests
-skip-if(B2G) include syncbase/reftest.list
+include syncbase/reftest.list
 
 # seek tests
 include seek/reftest.list
 
 # event tests
 include event/reftest.list
 
 # General tests
-skip-if(B2G) == anim-discrete-values-1.svg      anim-standard-ref.svg
-skip-if(B2G) == anim-discrete-values-2.svg      anim-standard-ref.svg
-skip-if(B2G) == anim-discrete-values-3.svg      anim-standard-ref.svg
-skip-if(B2G) == anim-discrete-replace-sum-1.svg anim-standard-ref.svg
-skip-if(B2G) == anim-discrete-sum-none-1.svg    anim-standard-ref.svg
-skip-if(B2G) == anim-discrete-sum-sum-1.svg     anim-standard-ref.svg
+== anim-discrete-values-1.svg      anim-standard-ref.svg
+== anim-discrete-values-2.svg      anim-standard-ref.svg
+== anim-discrete-values-3.svg      anim-standard-ref.svg
+== anim-discrete-replace-sum-1.svg anim-standard-ref.svg
+== anim-discrete-sum-none-1.svg    anim-standard-ref.svg
+== anim-discrete-sum-sum-1.svg     anim-standard-ref.svg
 
-skip-if(B2G) == anim-discrete-to-1.svg          anim-standard-ref.svg
-skip-if(B2G) == anim-discrete-to-2.svg          anim-standard-ref.svg
-skip-if(B2G) == anim-discrete-to-3.svg          anim-standard-ref.svg # bug 773482
-skip-if(B2G) == anim-discrete-to-4.svg          anim-standard-ref.svg # bug 773482
+== anim-discrete-to-1.svg          anim-standard-ref.svg
+== anim-discrete-to-2.svg          anim-standard-ref.svg
+== anim-discrete-to-3.svg          anim-standard-ref.svg
+== anim-discrete-to-4.svg          anim-standard-ref.svg
 
 == anim-indefinite-to-1.svg        anim-standard-ref.svg
 == anim-indefinite-to-2.svg        anim-standard-ref.svg
 == anim-indefinite-to-3.svg        anim-standard-ref.svg
 == anim-indefinite-to-4.svg        anim-standard-ref.svg
 
 fails == anim-fillcolor-1.svg      anim-standard-ref.svg # bug 436296
 == anim-fillopacity-1none.svg anim-standard-ref.svg
-skip-if(B2G) == anim-fillopacity-1css.svg  anim-standard-ref.svg
+== anim-fillopacity-1css.svg  anim-standard-ref.svg
 == anim-fillopacity-1xml.svg  anim-standard-ref.svg
 
-skip-if(B2G) == anim-height-done-1a.svg anim-standard-ref.svg # bug 773482
-skip-if(B2G) == anim-height-done-1b.svg anim-standard-ref.svg # bug 773482
+== anim-height-done-1a.svg anim-standard-ref.svg
+== anim-height-done-1b.svg anim-standard-ref.svg
 == anim-height-done-2.svg lime.svg
-skip-if(B2G) == anim-height-interp-1.svg anim-height-interp-1-ref.svg # bug 773482
-skip-if(B2G) == anim-height-interp-2.svg anim-height-interp-2-ref.svg # bug 773482
-skip-if(B2G) == anim-height-interp-3.svg anim-height-interp-3-ref.svg # bug 773482
-skip-if(B2G) == anim-height-interp-4.svg anim-height-interp-4-ref.svg
-skip-if(B2G) == anim-height-interp-5.svg anim-height-interp-5-ref.svg # bug 773482
-skip-if(B2G) == anim-height-interp-6.svg anim-height-interp-6-ref.svg # bug 773482
+== anim-height-interp-1.svg anim-height-interp-1-ref.svg
+== anim-height-interp-2.svg anim-height-interp-2-ref.svg
+== anim-height-interp-3.svg anim-height-interp-3-ref.svg
+== anim-height-interp-4.svg anim-height-interp-4-ref.svg
+== anim-height-interp-5.svg anim-height-interp-5-ref.svg
+== anim-height-interp-6.svg anim-height-interp-6-ref.svg
 
 # check conditional processing
 == anim-conditions-01.svg lime.svg
-skip-if(B2G) == anim-conditions-02.svg lime.svg # bug 773482
+== anim-conditions-02.svg lime.svg
 
 # animate some <length> attributes:
-skip-if(B2G) == anim-filter-primitive-size-01.svg lime.svg # bug 773482
-skip-if(B2G) == anim-filter-size-01.svg lime.svg # bug 773482
+== anim-filter-primitive-size-01.svg lime.svg
+== anim-filter-size-01.svg lime.svg
 == anim-length-reset-01.svg lime.svg
 == anim-nonpixel-length-reset-01.svg lime.svg
-skip-if(B2G) == anim-use-length-01.svg lime.svg # bug 773482
+== anim-use-length-01.svg lime.svg
 == anim-use-length-02.svg lime.svg
 
 # animate some <number> attributes:
-skip-if(B2G) == anim-feComponentTransfer-01.svg lime.svg # bug 773482
-skip-if(B2G) == anim-feDistantLight-01.svg anim-feDistantLight-01-ref.svg # bug 773482
-skip-if(B2G) == anim-feOffset-01.svg lime.svg # bug 773482
-skip-if(B2G) == anim-feSpotLight-01.svg anim-feSpotLight-01-ref.svg # bug 773482
-skip-if(B2G) == anim-offset-01.svg lime.svg # bug 773482
+== anim-feComponentTransfer-01.svg lime.svg
+== anim-feDistantLight-01.svg anim-feDistantLight-01-ref.svg
+== anim-feOffset-01.svg lime.svg
+== anim-feSpotLight-01.svg anim-feSpotLight-01-ref.svg
+== anim-offset-01.svg lime.svg
 == anim-pathLength-01.svg anim-pathLength-01-ref.svg
 
 # animate some <number-optional-number> attributes:
 == anim-feGaussianBlur-01.svg lime.svg
 
 # animate some <integer> attributes:
-skip-if(B2G) == anim-feTurbulence-numOctaves-01.svg anim-feTurbulence-numOctaves-01-ref.svg # bug 773482
+== anim-feTurbulence-numOctaves-01.svg anim-feTurbulence-numOctaves-01-ref.svg
 
 # animate some <integer-optional-integer> attributes:
-skip-if(B2G) random-if(/^Windows\x20NT\x205\.1/.test(http.oscpu)) == anim-filter-filterRes-01.svg lime.svg # bug 818177
+random-if(/^Windows\x20NT\x205\.1/.test(http.oscpu)) == anim-filter-filterRes-01.svg lime.svg # bug 818177
 
 # animate some <angle> attributes:
-skip-if(B2G) == anim-marker-orient-01.svg lime.svg # bug 773482
-skip-if(B2G) == anim-marker-orient-02.svg lime.svg # bug 773482
+== anim-marker-orient-01.svg lime.svg
+== anim-marker-orient-02.svg lime.svg
 
 #animate points list:
-skip-if(B2G) == anim-polygon-points-01.svg anim-polygon-points-01-ref.svg
+== anim-polygon-points-01.svg anim-polygon-points-01-ref.svg
 == anim-polyline-points-01.svg anim-polyline-points-01-ref.svg
 
 # animate path data:
 == anim-path-d-01.svg anim-path-d-01-ref.svg
 
 # animate some enumeration attributes:
-skip-if(B2G) == anim-feComposite-operator-01.svg lime.svg
+== anim-feComposite-operator-01.svg lime.svg
 == anim-filter-filterUnits-01.svg lime.svg
 
 # animate some boolean attributes:
-skip-if(B2G) == anim-feConvolveMatrix-preserveAlpha-01.svg lime.svg # bug 773482
+== anim-feConvolveMatrix-preserveAlpha-01.svg lime.svg
 
 # animate some viewBox attributes
 fuzzy-if(Android,4,1) == anim-svg-viewBox-01.svg lime.svg
 == anim-svg-viewBox-02.svg lime.svg
 == anim-svg-viewBox-03.svg lime.svg
 == anim-view-01.svg#view lime.svg
 
 # animate some preserveAspectRatio attributes
-skip-if(B2G) == anim-feImage-preserveAspectRatio-01.svg lime.svg
+== anim-feImage-preserveAspectRatio-01.svg lime.svg
 == anim-svg-preserveAspectRatio-01.svg lime.svg
 
 # animate some string attributes:
 == anim-filter-href-01.svg lime.svg
 == anim-gradient-href-01.svg lime.svg
-skip-if(B2G) == anim-image-href-01.svg lime.svg
-skip-if(B2G) == anim-pattern-href-01.svg lime.svg
-skip-if(B2G) == anim-use-href-01.svg lime.svg # bug 773482
+== anim-image-href-01.svg lime.svg
+== anim-pattern-href-01.svg lime.svg
+== anim-use-href-01.svg lime.svg
 
 # animate the class attribute
 == anim-class-01.svg lime.svg
-skip-if(B2G) == anim-class-02.svg lime.svg
+== anim-class-02.svg lime.svg
 == anim-class-03.svg lime.svg
 == anim-class-04.svg anim-class-04-ref.svg
 
 # animate with some paint server values
 == anim-paintserver-1.svg anim-paintserver-1-ref.svg
 
 # animate where the base value is non-interpolatable but will be replaced anyway
 == anim-fill-overpaintserver-1.svg lime.svg
@@ -175,65 +175,65 @@ skip-if(B2G) == anim-class-02.svg lime.s
 == anim-remove-4.svg anim-standard-ref.svg
 == anim-remove-5.svg anim-standard-ref.svg
 == anim-remove-6.svg anim-standard-ref.svg
 == anim-remove-7.svg anim-standard-ref.svg
 == anim-remove-8css.svg anim-standard-ref.svg
 == anim-remove-8xml.svg anim-standard-ref.svg
 == anim-remove-9.svg anim-standard-ref.svg
 == anim-retarget-1.svg anim-standard-ref.svg
-skip-if(B2G) == anim-retarget-2.svg anim-standard-ref.svg # bug 773482
+== anim-retarget-2.svg anim-standard-ref.svg
 == anim-retarget-3.svg anim-standard-ref.svg
 == anim-retarget-4.svg anim-standard-ref.svg
 == anim-retarget-5.svg anim-standard-ref.svg
 == anim-retarget-6.svg anim-standard-ref.svg
 == anim-retarget-7.svg anim-standard-ref.svg
 == anim-retarget-8.svg anim-standard-ref.svg
 
 fails == anim-strokecolor-1.svg anim-standard-ref.svg # bug 436296
-skip-if(B2G) == anim-strokewidth-1xml.svg anim-standard-ref.svg # bug 773482
+== anim-strokewidth-1xml.svg anim-standard-ref.svg
 
 == anim-targethref-1.svg anim-standard-ref.svg
-skip-if(B2G) == anim-targethref-2.svg anim-standard-ref.svg # bug 773482
+== anim-targethref-2.svg anim-standard-ref.svg
 == anim-targethref-3.svg anim-standard-ref.svg
 == anim-targethref-4.svg anim-standard-ref.svg
-skip-if(B2G) == anim-targethref-5.svg anim-standard-ref.svg # bug 773482
+== anim-targethref-5.svg anim-standard-ref.svg
 == anim-targethref-6.svg anim-standard-ref.svg
 == anim-targethref-7.svg anim-standard-ref.svg
 == anim-targethref-8.svg anim-standard-ref.svg
-skip-if(B2G) == anim-targethref-9.svg anim-standard-ref.svg # bug 773482
+== anim-targethref-9.svg anim-standard-ref.svg
 
 skip-if(/^Windows\x20NT\x205\.1/.test(http.oscpu)) == anim-text-rotate-01.svg anim-text-rotate-01-ref.svg # Bug 645104 for skip failure on WinXP
-skip-if(B2G) == anim-feFuncR-tableValues-01.svg anim-feFuncR-tableValues-01-ref.svg # bug 773482
+== anim-feFuncR-tableValues-01.svg anim-feFuncR-tableValues-01-ref.svg
 
 skip == anim-text-x-y-dx-dy-01.svg anim-text-x-y-dx-dy-01-ref.svg # bug 579588
 
-skip-if(B2G) == anim-width-done-1a.svg anim-standard-ref.svg # bug 773482
+== anim-width-done-1a.svg anim-standard-ref.svg
 == anim-width-done-1b.svg anim-standard-ref.svg
 
-skip-if(B2G) == anim-x-done-1a.svg anim-standard-ref.svg # bug 773482
-skip-if(B2G) == anim-x-done-1b.svg anim-standard-ref.svg # bug 773482
-skip-if(B2G) == anim-x-interp-1.svg anim-x-interp-1-ref.svg # bug 773482
-skip-if(B2G) == anim-x-interp-2.svg anim-x-interp-2-ref.svg
-skip-if(B2G) == anim-x-interp-3.svg anim-x-interp-3-ref.svg
-skip-if(B2G) == anim-x-interp-4.svg anim-x-interp-4-ref.svg # bug 773482
-skip-if(B2G) == anim-x-interp-5.svg anim-x-interp-5-ref.svg # bug 773482
-skip-if(B2G) == anim-x-interp-6.svg anim-x-interp-6-ref.svg
+== anim-x-done-1a.svg anim-standard-ref.svg
+== anim-x-done-1b.svg anim-standard-ref.svg
+== anim-x-interp-1.svg anim-x-interp-1-ref.svg
+== anim-x-interp-2.svg anim-x-interp-2-ref.svg
+== anim-x-interp-3.svg anim-x-interp-3-ref.svg
+== anim-x-interp-4.svg anim-x-interp-4-ref.svg
+== anim-x-interp-5.svg anim-x-interp-5-ref.svg
+== anim-x-interp-6.svg anim-x-interp-6-ref.svg
 
 == anim-y-done-1a.svg anim-standard-ref.svg
 == anim-y-done-1b.svg anim-standard-ref.svg
-skip-if(B2G) == anim-y-interp-1.svg anim-y-interp-1-ref.svg
-skip-if(B2G) == anim-y-interp-2.svg anim-y-interp-2-ref.svg # bug 773482
-skip-if(B2G) == anim-y-interp-3.svg anim-y-interp-3-ref.svg
-skip-if(B2G) == anim-y-interp-4.svg anim-y-interp-4-ref.svg
-skip-if(B2G) == anim-y-interp-5.svg anim-y-interp-5-ref.svg # bug 773482
-skip-if(B2G) == anim-y-interp-6.svg anim-y-interp-6-ref.svg
+== anim-y-interp-1.svg anim-y-interp-1-ref.svg
+== anim-y-interp-2.svg anim-y-interp-2-ref.svg
+== anim-y-interp-3.svg anim-y-interp-3-ref.svg
+== anim-y-interp-4.svg anim-y-interp-4-ref.svg
+== anim-y-interp-5.svg anim-y-interp-5-ref.svg
+== anim-y-interp-6.svg anim-y-interp-6-ref.svg
 
 # Test we don't rely on HasAttr to see if an attribute has been set
-skip-if(B2G) == anim-rect-rxry-1.svg anim-rect-rxry-1-ref.svg # bug 773482
+== anim-rect-rxry-1.svg anim-rect-rxry-1-ref.svg
 == anim-pattern-attr-presence-01.svg anim-pattern-attr-presence-01-ref.svg
 fails == anim-pattern-attr-presence-02.svg anim-pattern-attr-presence-02-ref.svg
 # ^ bug 621651
 fuzzy-if(cocoaWidget&&layersGPUAccelerated,1,2) == anim-gradient-attr-presence-01.svg anim-gradient-attr-presence-01-ref.svg
 
 == api-sanity-1.svg lime.svg
 
 == freeze-applied-late-1.svg anim-standard-ref.svg
@@ -251,16 +251,16 @@ fuzzy-if(cocoaWidget&&layersGPUAccelerat
 # interaction between xml mapped attributes and their css equivalents
 == mapped-attr-vs-css-prop-1.svg lime.svg
 
 == min-1.svg lime.svg
 
 == smil-transitions-interaction-1a.svg lime.svg
 == smil-transitions-interaction-1b.svg lime.svg
 == smil-transitions-interaction-2a.svg lime.svg
-skip-if(B2G) == smil-transitions-interaction-2b.svg lime.svg
+== smil-transitions-interaction-2b.svg lime.svg
 == smil-transitions-interaction-3a.svg lime.svg
 == smil-transitions-interaction-3b.svg lime.svg
-skip-if(B2G) == smil-transitions-interaction-4a.svg lime.svg # bug 773482
+== smil-transitions-interaction-4a.svg lime.svg
 == smil-transitions-interaction-4b.svg lime.svg
 
 # Test filtering of excessive times
 == filtered-instance-time-1.svg anim-standard-ref.svg
--- a/layout/reftests/svg/smil/repeat/reftest.list
+++ b/layout/reftests/svg/smil/repeat/reftest.list
@@ -1,3 +1,3 @@
 # Tests for repeat behaviour
-skip-if(B2G) == indefinite-repeat-1.svg green-box-ref.svg # bug 773482
+== indefinite-repeat-1.svg green-box-ref.svg
 == init-repeat-1.svg init-repeat-1-ref.svg
--- a/layout/reftests/svg/smil/restart/reftest.list
+++ b/layout/reftests/svg/smil/restart/reftest.list
@@ -1,8 +1,8 @@
 # Tests for restart behaviour
 == reset-1.svg reset-1-ref.svg
 == reset-2.svg green-box-ref.svg
 == reset-3.svg green-box-ref.svg
 == reset-4.svg green-box-ref.svg
 # reset-5.svg is no longer valid and has been removed
-skip-if(B2G) == reset-6.svg green-box-ref.svg # bug 773482
+== reset-6.svg green-box-ref.svg
 == reset-7.svg green-box-ref.svg
--- a/layout/reftests/svg/smil/syncbase/reftest.list
+++ b/layout/reftests/svg/smil/syncbase/reftest.list
@@ -1,99 +1,99 @@
 # Tests related to SVG Animation (using SMIL) that use syncbase timing.
 
 # New intervals
 == new-interval-simple-1.svg green-box-ref.svg
 == new-interval-simple-2.svg green-box-ref.svg
 == new-interval-negative-offset-1.svg green-box-ref.svg
-skip-if(B2G) == new-interval-negative-offset-2.svg green-box-ref.svg
-skip-if(B2G) == new-interval-negative-offset-3.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == new-interval-negative-offset-4.svg green-box-ref.svg # bug 773482
+== new-interval-negative-offset-2.svg green-box-ref.svg
+== new-interval-negative-offset-3.svg green-box-ref.svg
+== new-interval-negative-offset-4.svg green-box-ref.svg
 == new-interval-negative-syncbase-1.svg green-box-ref.svg
-skip-if(B2G) == new-interval-restart-1.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == new-interval-restart-2.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == new-interval-restart-3.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == new-interval-early-end-1.svg green-box-ref.svg # bug 773482
+== new-interval-restart-1.svg green-box-ref.svg
+== new-interval-restart-2.svg green-box-ref.svg
+== new-interval-restart-3.svg green-box-ref.svg
+== new-interval-early-end-1.svg green-box-ref.svg
 == new-interval-early-end-2.svg green-box-ref.svg
-skip-if(B2G) == new-interval-early-end-3.svg green-box-ref.svg
+== new-interval-early-end-3.svg green-box-ref.svg
 == new-interval-early-end-4.svg green-box-ref.svg
-skip-if(B2G) == new-interval-early-end-5.svg green-box-ref.svg # bug 773482
+== new-interval-early-end-5.svg green-box-ref.svg
 == new-interval-early-end-6.svg green-box-ref.svg
 == new-interval-early-end-7.svg green-box-ref.svg
 == new-interval-doubly-dependent-1.svg green-box-ref.svg
-skip-if(B2G) == new-interval-doubly-dependent-2.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == new-interval-doubly-dependent-3.svg green-box-ref.svg # bug 773482
+== new-interval-doubly-dependent-2.svg green-box-ref.svg
+== new-interval-doubly-dependent-3.svg green-box-ref.svg
 == new-interval-triply-dependent-1.svg green-box-ref.svg
 == new-interval-triply-dependent-2.svg green-box-ref.svg
 == new-interval-end-negative-1.svg green-box-ref.svg
-skip-if(B2G) == new-interval-end-negative-2.svg green-box-ref.svg # bug 773482
+== new-interval-end-negative-2.svg green-box-ref.svg
 == new-interval-end-dep-1.svg green-box-ref.svg
-skip-if(B2G) == new-interval-chain-1.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == new-interval-chain-2.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == new-interval-sample-order-1.svg green-box-ref.svg
+== new-interval-chain-1.svg green-box-ref.svg
+== new-interval-chain-2.svg green-box-ref.svg
+== new-interval-sample-order-1.svg green-box-ref.svg
 == new-interval-freeze-begin-1.svg green-box-ref.svg
 
 # Changing intervals
 == changed-interval-simple-1.svg green-box-ref.svg
 == changed-interval-simple-2.svg green-box-ref.svg
 == changed-interval-simple-3.svg green-box-ref.svg
 == changed-interval-simple-4.svg green-box-ref.svg
 == changed-interval-simple-5.svg green-box-ref.svg
-skip-if(B2G) == changed-interval-resolved-1.svg green-box-ref.svg
-skip-if(B2G) == changed-interval-resolved-2.svg green-box-ref.svg # bug 773482
+== changed-interval-resolved-1.svg green-box-ref.svg
+== changed-interval-resolved-2.svg green-box-ref.svg
 == changed-interval-sort-1.svg green-box-ref.svg
-skip-if(B2G) == changed-interval-change-spec-1.svg green-box-ref.svg # bug 773482
+== changed-interval-change-spec-1.svg green-box-ref.svg
 == changed-interval-change-spec-2.svg green-box-ref.svg
-skip-if(B2G) == changed-interval-change-spec-3.svg green-box-ref.svg # bug 773482
+== changed-interval-change-spec-3.svg green-box-ref.svg
 == changed-interval-change-spec-4.svg green-box-ref.svg
 
 # Deleted intervals
 == deleted-interval-simple-1.svg green-box-ref.svg
 == deleted-interval-simple-2.svg green-box-ref.svg
 == deleted-interval-simple-3.svg green-box-ref.svg
 == deleted-interval-simple-4.svg green-box-ref.svg
 == deleted-interval-simple-5.svg green-box-ref.svg
 
 # Trimmed intervals
 == trimmed-interval-1.svg green-box-ref.svg
 
 # Cyclic dependencies
-skip-if(B2G) == cycle-ok-1.svg green-box-ref.svg
-skip-if(B2G) == cycle-ok-2.svg green-box-ref.svg
-skip-if(B2G) == cycle-ok-3.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == cycle-ok-4.svg green-box-ref.svg
-skip-if(B2G) == cycle-ok-5.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == cycle-self-ref-1.svg green-box-ref.svg
-skip-if(B2G) == cycle-self-ref-2.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == cycle-self-ref-3.svg green-box-ref.svg
-skip-if(B2G) == cycle-self-ref-4.svg green-box-ref.svg
-skip-if(B2G) == cycle-self-ref-5.svg green-box-ref.svg
-skip-if(B2G) == cycle-invalid-1.svg green-box-ref.svg
-skip-if(B2G) == cycle-invalid-2.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == cycle-invalid-3.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == cycle-invalid-4.svg green-box-ref.svg
-skip-if(B2G) == cycle-change-1.svg green-box-ref.svg
-skip-if(B2G) == cycle-change-2.svg green-box-ref.svg
-skip-if(B2G) == cycle-delete-1.svg green-box-ref.svg
-skip-if(B2G) == cycle-recursion-1.svg green-box-ref.svg
-skip-if(B2G) == cycle-recursion-2.svg green-box-ref.svg
+== cycle-ok-1.svg green-box-ref.svg
+== cycle-ok-2.svg green-box-ref.svg
+== cycle-ok-3.svg green-box-ref.svg
+== cycle-ok-4.svg green-box-ref.svg
+== cycle-ok-5.svg green-box-ref.svg
+== cycle-self-ref-1.svg green-box-ref.svg
+== cycle-self-ref-2.svg green-box-ref.svg
+== cycle-self-ref-3.svg green-box-ref.svg
+== cycle-self-ref-4.svg green-box-ref.svg
+== cycle-self-ref-5.svg green-box-ref.svg
+== cycle-invalid-1.svg green-box-ref.svg
+== cycle-invalid-2.svg green-box-ref.svg
+== cycle-invalid-3.svg green-box-ref.svg
+== cycle-invalid-4.svg green-box-ref.svg
+== cycle-change-1.svg green-box-ref.svg
+== cycle-change-2.svg green-box-ref.svg
+== cycle-delete-1.svg green-box-ref.svg
+== cycle-recursion-1.svg green-box-ref.svg
+== cycle-recursion-2.svg green-box-ref.svg
 
 # Animation sandwich priority
-skip-if(B2G) == sandwich-priority-1.svg green-box-ref.svg # bug 773482
+== sandwich-priority-1.svg green-box-ref.svg
 == sandwich-priority-2.svg green-box-ref.svg
-skip-if(B2G) == sandwich-priority-3.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == sandwich-priority-4.svg green-box-ref.svg # bug 773482
+== sandwich-priority-3.svg green-box-ref.svg
+== sandwich-priority-4.svg green-box-ref.svg
 == sandwich-priority-5.svg green-box-ref.svg
-skip-if(B2G) == sandwich-priority-6.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == sandwich-priority-7.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == sandwich-priority-8.svg green-box-ref.svg # bug 773482
-skip-if(B2G) == sandwich-priority-9.svg green-box-ref.svg
+== sandwich-priority-6.svg green-box-ref.svg
+== sandwich-priority-7.svg green-box-ref.svg
+== sandwich-priority-8.svg green-box-ref.svg
+== sandwich-priority-9.svg green-box-ref.svg
 == sandwich-priority-10.svg green-box-ref.svg
 == sandwich-priority-11.svg green-box-ref.svg
-skip-if(B2G) == sandwich-priority-12.svg green-box-ref.svg # bug 773482
+== sandwich-priority-12.svg green-box-ref.svg
 
 # Cross-time container dependencies
 == cross-container-1.xhtml green-box-ref.xhtml
 == cross-container-2.xhtml green-box-ref.xhtml
 == cross-container-3.xhtml green-box-ref.xhtml
 
 # Filtering
 == filtered-interval-1.svg green-box-ref.svg
--- a/layout/reftests/svg/smil/transform/reftest.list
+++ b/layout/reftests/svg/smil/transform/reftest.list
@@ -1,17 +1,17 @@
 # Tests related to SVG Animation (using SMIL), focusing on the animateTransform
 # element.
 
-fuzzy(110,1058) random-if(Android&&AndroidVersion>=15) == additive-1.svg additive-1-ref.svg     # bug 839865
+fuzzy(110,1802) == additive-1.svg additive-1-ref.svg # bug 981344
 == animate-width-1.svg lime.svg
-fuzzy(155,4352) random-if(Android&&AndroidVersion>=15)  == paced-1.svg paced-1-ref.svg           # bug 839865
-fuzzy(32,225) random-if(Android&&AndroidVersion>=15) == rotate-angle-1.svg rotate-angle-ref.svg # bug 839865
-fuzzy(32,225) random-if(Android&&AndroidVersion>=15) == rotate-angle-2.svg rotate-angle-ref.svg # bug 839865
-fuzzy(32,225) random-if(Android&&AndroidVersion>=15) == rotate-angle-3.svg rotate-angle-ref.svg # bug 839865
-fuzzy(32,200) random-if(Android&&AndroidVersion>=15) == rotate-angle-4.svg rotate-angle-ref.svg # bug 839865
-fuzzy(32,125) random-if(Android&&AndroidVersion>=15) == rotate-angle-5.svg rotate-angle-ref.svg # bug 839865
+== paced-1.svg paced-1-ref.svg
+== rotate-angle-1.svg rotate-angle-ref.svg
+== rotate-angle-2.svg rotate-angle-ref.svg
+== rotate-angle-3.svg rotate-angle-ref.svg
+== rotate-angle-4.svg rotate-angle-ref.svg
+== rotate-angle-5.svg rotate-angle-ref.svg
 fuzzy(12,27) == scale-1.svg scale-1-ref.svg  # bug 981004
 == set-transform-1.svg lime.svg
-fuzzy(132,15500) == skew-1.svg skew-1-ref.svg            # bug 839865
-random-if(Android&&!browserIsRemote) == translate-clipPath-1.svg lime.svg # bug 760266
+== skew-1.svg skew-1-ref.svg
+== translate-clipPath-1.svg lime.svg
 fails-if(OSX==10.6) == translate-gradient-1.svg lime.svg
-fuzzy-if(Android,8,200) == translate-pattern-1.svg lime.svg
+== translate-pattern-1.svg lime.svg
--- a/layout/style/Declaration.cpp
+++ b/layout/style/Declaration.cpp
@@ -1337,17 +1337,17 @@ Declaration::AddVariableDeclaration(cons
       break;
 
     case CSSVariableDeclarations::eUnset:
       MOZ_ASSERT(aValue.IsEmpty());
       variables->PutUnset(aName);
       break;
 
     default:
-      MOZ_ASSERT("unexpected aType value");
+      MOZ_ASSERT(false, "unexpected aType value");
   }
 
   uint32_t propertyIndex = index + eCSSProperty_COUNT;
   mOrder.RemoveElement(propertyIndex);
   mOrder.AppendElement(propertyIndex);
 }
 
 void
--- a/media/libspeex_resampler/src/moz.build
+++ b/media/libspeex_resampler/src/moz.build
@@ -34,14 +34,10 @@ if CONFIG['OS_TARGET'] == 'Android':
     DEFINES['FIXED_POINT'] = True
 else:
     DEFINES['FLOATING_POINT'] = True
 
 # Only use SSE code when using floating point samples, and on x86
 if CONFIG['INTEL_ARCHITECTURE'] and CONFIG['OS_TARGET'] != 'Android':
     DEFINES['_USE_SSE'] = True
     DEFINES['_USE_SSE2'] = True
-
-# Suppress warnings in third-party code.
-if CONFIG['OS_TARGET'] == 'Darwin':
-    CFLAGS += ['-Wno-sign-compare']
     if CONFIG['GNU_CC']:
         SOURCES['resample.c'].flags += ['-msse2']
--- a/media/mtransport/nr_socket_prsock.cpp
+++ b/media/mtransport/nr_socket_prsock.cpp
@@ -511,17 +511,18 @@ int NrSocket::sendto(const void *msg, si
     // Tolerate rate of 3.6k/sec over twenty seconds.
     static SimpleTokenBucket sustained(3686*20, 3686);
 
     // Check number of tokens in each bucket.
     if (burst.getTokens(UINT32_MAX) < len ||
         sustained.getTokens(UINT32_MAX) < len) {
       r_log(LOG_GENERIC, LOG_ERR,
                  "Global rate limit for STUN requests exceeded.");
-      MOZ_ASSERT("Global rate limit for STUN requests exceeded. Go bug "
+      MOZ_ASSERT(false,
+                 "Global rate limit for STUN requests exceeded. Go bug "
                  "bcampen@mozilla.com if you weren't intentionally spamming "
                  "ICE candidates, or don't know what that means.");
       ABORT(R_WOULDBLOCK);
     }
 
     // Take len tokens from both buckets.
     // (not threadsafe, but no problem since this is only called from STS)
     burst.getTokens(len);
--- a/security/manager/ssl/src/moz.build
+++ b/security/manager/ssl/src/moz.build
@@ -96,11 +96,12 @@ FINAL_LIBRARY = 'xul'
 LOCAL_INCLUDES += [
     '../../../certverifier',
     '../../../insanity/include',
 ]
 
 if CONFIG['NSS_DISABLE_DBM']:
     DEFINES['NSS_DISABLE_DBM'] = '1'
 
+DEFINES['SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES'] = 'True'
 DEFINES['NSS_ENABLE_ECC'] = 'True'
 for var in ('DLL_PREFIX', 'DLL_SUFFIX'):
     DEFINES[var] = '"%s"' % CONFIG[var]
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -1091,41 +1091,41 @@ AccumulateCipherSuite(Telemetry::ID prob
     case TLS_ECDHE_RSA_WITH_RC4_128_SHA: value = 8; break;
     case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: value = 9; break;
     case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 10; break;
     // DHE key exchange
     case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: value = 21; break;
     case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 22; break;
     case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: value = 23; break;
     case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: value = 24; break;
-    case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA: value = 25; break;
+    case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: value = 25; break;
     case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: value = 26; break;
     case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: value = 27; break;
     case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: value = 28; break;
     case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: value = 29; break;
-    case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA: value = 30; break;
+    case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: value = 30; break;
     // ECDH key exchange
     case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: value = 41; break;
     case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: value = 42; break;
     case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: value = 43; break;
     case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: value = 44; break;
     case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 45; break;
     case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: value = 46; break;
     case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: value = 47; break;
     case TLS_ECDH_RSA_WITH_RC4_128_SHA: value = 48; break;
     // RSA key exchange
     case TLS_RSA_WITH_AES_128_CBC_SHA: value = 61; break;
     case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 62; break;
     case TLS_RSA_WITH_AES_256_CBC_SHA: value = 63; break;
     case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: value = 64; break;
     case SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: value = 65; break;
-    case SSL_RSA_WITH_3DES_EDE_CBC_SHA: value = 66; break;
+    case TLS_RSA_WITH_3DES_EDE_CBC_SHA: value = 66; break;
     case TLS_RSA_WITH_SEED_CBC_SHA: value = 67; break;
-    case SSL_RSA_WITH_RC4_128_SHA: value = 68; break;
-    case SSL_RSA_WITH_RC4_128_MD5: value = 69; break;
+    case TLS_RSA_WITH_RC4_128_SHA: value = 68; break;
+    case TLS_RSA_WITH_RC4_128_MD5: value = 69; break;
     // unknown
     default:
       value = 0;
       break;
   }
   MOZ_ASSERT(value != 0);
   Telemetry::Accumulate(probe, value);
 }
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -804,17 +804,17 @@ static const CipherPref sCipherPrefs[] =
    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, true },
 
  { "security.ssl3.dhe_rsa_aes_256_sha",
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA, true },
  { "security.ssl3.dhe_rsa_camellia_256_sha",
    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, true },
 
  { "security.ssl3.dhe_rsa_des_ede3_sha",
-   SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (3DES)
+   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (3DES)
 
  { "security.ssl3.dhe_dss_aes_128_sha",
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA, true }, // deprecated (DSS)
  { "security.ssl3.dhe_dss_aes_256_sha",
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA, true }, // deprecated (DSS)
 
  { "security.ssl3.ecdhe_rsa_rc4_128_sha",
    TLS_ECDHE_RSA_WITH_RC4_128_SHA, true }, // deprecated (RC4)
@@ -825,22 +825,22 @@ static const CipherPref sCipherPrefs[] =
    TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange)
  { "security.ssl3.rsa_camellia_128_sha",
    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, true }, // deprecated (RSA key exchange)
  { "security.ssl3.rsa_aes_256_sha",
    TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange)
  { "security.ssl3.rsa_camellia_256_sha",
    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, true }, // deprecated (RSA key exchange)
  { "security.ssl3.rsa_des_ede3_sha",
-   SSL_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES)
+   TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES)
 
  { "security.ssl3.rsa_rc4_128_sha",
-   SSL_RSA_WITH_RC4_128_SHA, true }, // deprecated (RSA key exchange, RC4)
+   TLS_RSA_WITH_RC4_128_SHA, true }, // deprecated (RSA key exchange, RC4)
  { "security.ssl3.rsa_rc4_128_md5",
-   SSL_RSA_WITH_RC4_128_MD5, true }, // deprecated (RSA key exchange, RC4, HMAC-MD5)
+   TLS_RSA_WITH_RC4_128_MD5, true }, // deprecated (RSA key exchange, RC4, HMAC-MD5)
 
  // All the rest are disabled by default
 
  { "security.ssl3.rsa_fips_des_ede3_sha",
    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, false },
  { "security.ssl3.dhe_dss_camellia_256_sha",
    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, false },
  { "security.ssl3.dhe_dss_camellia_128_sha",
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -56,16 +56,19 @@ NSPR_CONFIGURE = $(CORE_DEPTH)/../nspr/c
 #
 
 ifeq ($(OS_TARGET),Android)
 NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) --target=arm-linux-androideabi --with-android-version=$(OS_TARGET_RELEASE)
 endif
 ifdef BUILD_OPT
 NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize
 endif
+ifdef USE_X32
+NSPR_CONFIGURE_OPTS += --enable-x32
+endif
 ifdef USE_64
 NSPR_CONFIGURE_OPTS += --enable-64bit
 endif
 ifeq ($(OS_TARGET),WIN95)
 NSPR_CONFIGURE_OPTS += --enable-win32-target=WIN95
 endif
 ifdef USE_DEBUG_RTL
 NSPR_CONFIGURE_OPTS += --enable-debug-rtl
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_16_BETA4
+NSS_3_16_BETA5
--- a/security/nss/cmd/modutil/install.c
+++ b/security/nss/cmd/modutil/install.c
@@ -772,17 +772,17 @@ loser:
 		PR_Free(dest);
 	}
 	if(modDest) {
 		PR_Free(modDest);
 	}
 	if(tempname) {
 		PRFileInfo info;
 		if(PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
-			if((info.type == PR_FILE_DIRECTORY)) {
+			if(info.type == PR_FILE_DIRECTORY) {
 				/* Recursively remove temporary directory */
 				if(rm_dash_r(tempname)) {
 					error(PK11_INSTALL_REMOVE_DIR,
 						tempname);
 					ret=PK11_INSTALL_REMOVE_DIR;
 				}
 					
 			}
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -102,40 +102,40 @@ const int ssl2CipherSuites[] = {
     SSL_EN_DES_64_CBC_WITH_MD5,			/* E */
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,		/* F */
     0
 };
 
 const int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	 * b */
-    SSL_RSA_WITH_RC4_128_MD5,			/* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
-    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    TLS_RSA_WITH_RC4_128_MD5,			/* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    TLS_RSA_WITH_DES_CBC_SHA,			/* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    SSL_RSA_WITH_NULL_MD5,			/* i */
+    TLS_RSA_WITH_NULL_MD5,			/* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_RSA_WITH_RC4_128_SHA,			/* n */
     -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, 	 * o */
-    -1, /* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,	 * p */
-    -1, /* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,	 * q */
-    -1, /* SSL_DHE_RSA_WITH_DES_CBC_SHA,	 * r */
-    -1, /* SSL_DHE_DSS_WITH_DES_CBC_SHA,	 * s */
+    -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,	 * p */
+    -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,	 * q */
+    -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA,	 * r */
+    -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA,	 * s */
     -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA,	 * t */
     -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA,	 * u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA,	 * w */
     -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA,	 * x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
 /* data and structures for shutdown */
 static int	stopping;
 
 static PRBool  noDelay;
 static int     requestCert;
@@ -1927,19 +1927,19 @@ server_main(
             errExit("SSL_OptionSet SSL_NO_CACHE");
         }
     }
 
     /* This cipher is not on by default. The Acceptance test
      * would like it to be. Turn this cipher on.
      */
 
-    secStatus = SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE);
+    secStatus = SSL_CipherPrefSetDefault( TLS_RSA_WITH_NULL_MD5, PR_TRUE);
     if ( secStatus != SECSuccess ) {
-	errExit("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
+	errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
     }
 
     if (expectedHostNameVal) {
         SSL_HandshakeCallback(model_sock, handshakeCallback,
                               (void*)expectedHostNameVal);
     }
 
     if (requestCert) {
--- a/security/nss/cmd/ssltap/ssltap.c
+++ b/security/nss/cmd/ssltap/ssltap.c
@@ -488,23 +488,23 @@ const char * helloExtensionNameString(in
   default: sprintf(buf, "%d", ex_num);  ex_name = (const char *)buf; break;
   }
 
   return ex_name;
 }
 
 static int isNULLmac(int cs_int)
 {
-    return (cs_int == SSL_NULL_WITH_NULL_NULL); 
+    return (cs_int == TLS_NULL_WITH_NULL_NULL);
 }
 
 static int isNULLcipher(int cs_int)
 {
- return ((cs_int == SSL_RSA_WITH_NULL_MD5) ||
-         (cs_int == SSL_RSA_WITH_NULL_SHA) ||
+ return ((cs_int == TLS_RSA_WITH_NULL_MD5) ||
+         (cs_int == TLS_RSA_WITH_NULL_SHA) ||
          (cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDH_RSA_WITH_NULL_SHA) ||
          (cs_int == TLS_ECDHE_RSA_WITH_NULL_SHA));
 } 
 
 void partial_packet(int thispacket, int size, int needed)
--- a/security/nss/cmd/strsclnt/strsclnt.c
+++ b/security/nss/cmd/strsclnt/strsclnt.c
@@ -54,40 +54,40 @@ int ssl2CipherSuites[] = {
     SSL_EN_DES_64_CBC_WITH_MD5,                 /* E */
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,           /* F */
     0
 };
 
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
-    SSL_RSA_WITH_RC4_128_MD5,                   /* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,              /* d */
-    SSL_RSA_WITH_DES_CBC_SHA,                   /* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,             /* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,         /* g */
+    TLS_RSA_WITH_RC4_128_MD5,                   /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,              /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,                   /* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,             /* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,         /* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
-    SSL_RSA_WITH_NULL_MD5,                      /* i */
+    TLS_RSA_WITH_NULL_MD5,                      /* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,         /* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,              /* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,		/* m */
-    SSL_RSA_WITH_RC4_128_SHA,                   /* n */
+    TLS_RSA_WITH_RC4_128_SHA,                   /* n */
     TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
 #define NO_FULLHS_PERCENTAGE -1
 
 /* This global string is so that client main can see 
  * which ciphers to use. 
  */
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -63,40 +63,40 @@ int ssl2CipherSuites[] = {
     SSL_EN_DES_64_CBC_WITH_MD5,			/* E */
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,		/* F */
     0
 };
 
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,	 * b */
-    SSL_RSA_WITH_RC4_128_MD5,			/* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
-    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    TLS_RSA_WITH_RC4_128_MD5,			/* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    TLS_RSA_WITH_DES_CBC_SHA,			/* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    SSL_RSA_WITH_NULL_MD5,			/* i */
+    TLS_RSA_WITH_NULL_MD5,			/* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_RSA_WITH_RC4_128_SHA,			/* n */
     TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
 unsigned long __cmp_umuls;
 PRBool verbose;
 int renegotiationsToDo = 0;
 int renegotiationsDone = 0;
 
--- a/security/nss/cmd/vfyserv/vfyserv.c
+++ b/security/nss/cmd/vfyserv/vfyserv.c
@@ -492,17 +492,17 @@ main(int argc, char **argv)
                     goto cleanup;
                 }
             }
 	}
 
 	/* All cipher suites except RSA_NULL_MD5 are enabled by 
 	 * Domestic Policy. */
 	NSS_SetDomesticPolicy();
-	SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
+	SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
 
 	/* all the SSL2 and SSL3 cipher suites are enabled by default. */
 	if (cipherString) {
 	    int ndx;
 
 	    /* disable all the ciphers, then enable the ones we want. */
 	    disableAllSSLCiphers();
 
--- a/security/nss/cmd/vfyserv/vfyutil.c
+++ b/security/nss/cmd/vfyserv/vfyutil.c
@@ -22,40 +22,40 @@ int ssl2CipherSuites[] = {
     SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
     0
 };
 
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,	 * b */
-    SSL_RSA_WITH_RC4_128_MD5,			/* c */
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
-    SSL_RSA_WITH_DES_CBC_SHA,			/* e */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
+    TLS_RSA_WITH_RC4_128_MD5,			/* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,		/* d */
+    TLS_RSA_WITH_DES_CBC_SHA,			/* e */
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,		/* f */
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,		/* g */
     -1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA,	 * h */
-    SSL_RSA_WITH_NULL_MD5,			/* i */
+    TLS_RSA_WITH_NULL_MD5,			/* i */
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,		/* j */
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,		/* k */
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,	/* l */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,	        /* m */
-    SSL_RSA_WITH_RC4_128_SHA,			/* n */
+    TLS_RSA_WITH_RC4_128_SHA,			/* n */
     TLS_DHE_DSS_WITH_RC4_128_SHA,		/* o */
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,		/* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,		/* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,		/* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,		/* s */
     TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	    	/* t */
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA,       	/* u */
     TLS_RSA_WITH_AES_128_CBC_SHA,     	    	/* v */
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	    	/* w */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,       	/* x */
     TLS_RSA_WITH_AES_256_CBC_SHA,     	    	/* y */
-    SSL_RSA_WITH_NULL_SHA,			/* z */
+    TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
 
 /**************************************************************************
 ** 
 ** SSL callback routines.
 **
 **************************************************************************/
--- a/security/nss/coreconf/Linux.mk
+++ b/security/nss/coreconf/Linux.mk
@@ -50,21 +50,28 @@ endif
 else
 ifeq ($(OS_TEST),alpha)
         OS_REL_CFLAGS   = -D_ALPHA_
 	CPU_ARCH	= alpha
 else
 ifeq ($(OS_TEST),x86_64)
 ifeq ($(USE_64),1)
 	CPU_ARCH	= x86_64
+	ARCHFLAG	= -m64
+else
+ifeq ($(USE_X32),1)
+	CPU_ARCH	= x86_64
+	ARCHFLAG	= -mx32
+	64BIT_TAG	= _x32
 else
 	OS_REL_CFLAGS	= -Di386
 	CPU_ARCH	= x86
 	ARCHFLAG	= -m32
 endif
+endif
 else
 ifeq ($(OS_TEST),sparc64)
 	CPU_ARCH        = sparc
 else
 ifeq (,$(filter-out arm% sa110,$(OS_TEST)))
 	CPU_ARCH        = arm
 else
 ifeq (,$(filter-out parisc%,$(OS_TEST)))
@@ -118,22 +125,17 @@ ifdef MOZ_DEBUG_SYMBOLS
 endif
 endif
 
 
 ifeq ($(USE_PTHREADS),1)
 OS_PTHREAD = -lpthread 
 endif
 
-# See bug 537829, in particular comment 23.
-# Place -ansi and *_SOURCE before $(DSO_CFLAGS) so DSO_CFLAGS can override
-# -ansi on platforms like Android where the system headers are C99 and do
-# not build with -ansi.
-STANDARDS_CFLAGS	= -D_POSIX_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE
-OS_CFLAGS		= $(STANDARDS_CFLAGS) $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR
+OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -DLINUX -Dlinux -DHAVE_STRERROR
 OS_LIBS			= $(OS_PTHREAD) -ldl -lc
 
 ifdef USE_PTHREADS
 	DEFINES		+= -D_REENTRANT
 endif
 
 ARCH			= linux
 
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@@ -180,8 +180,11 @@ endif
 # This allows all library and tools code to use the util function
 # implementations directly from libnssutil3, rather than the wrappers
 # in libnss3 which are present for binary compatibility only
 DEFINES += -DUSE_UTIL_DIRECTLY
 USE_UTIL_DIRECTLY = 1
 
 # Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
 DEFINES += -DNO_NSPR_10_SUPPORT
+
+# Hide old, deprecated, TLS cipher suite names when building NSS
+DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/lib/certdb/certdb.c
+++ b/security/nss/lib/certdb/certdb.c
@@ -1389,18 +1389,18 @@ cert_TestHostName(char * cn, const char 
 
 	/* For a cn pattern to be considered valid, the wildcard character...
 	 * - may occur only in a DNS name with at least 3 components, and
 	 * - may occur only as last character in the first component, and
 	 * - may be preceded by additional characters, and
 	 * - must not be preceded by an IDNA ACE prefix (xn--)
 	 */
 	if (wildcard && secondcndot && secondcndot[1] && firsthndot 
-	    && firstcndot  - wildcard  == 1 /* no chars between * and . */
-	    && secondcndot - firstcndot > 1 /* not .. */
+	    && firstcndot  - wildcard  == 1 /* wildcard is last char in first component */
+	    && secondcndot - firstcndot > 1 /* second component is non-empty */
 	    && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
 	    && !PORT_Strncasecmp(cn, hn, wildcard - cn)
 	    && !PORT_Strcasecmp(firstcndot, firsthndot)
 	       /* If hn starts with xn--, then cn must start with wildcard */
 	    && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) {
 	    /* valid wildcard pattern match */
 	    return SECSuccess;
 	}
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -602,29 +602,29 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\004\065\336\364\317
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements.""
+# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
 # Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
 # Serial Number: 1407252 (0x157914)
 # Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US
 # Not Valid Before: Mon Feb 01 14:54:04 2010
 # Not Valid After : Tue Sep 30 00:00:00 2014
 # Fingerprint (MD5): 8F:46:BE:99:47:6F:93:DC:5C:01:54:50:D0:4A:BD:AC
 # Fingerprint (SHA1): 30:F1:82:CA:1A:5E:4E:4F:F3:6E:D0:E6:38:18:B8:B9:41:CB:5F:8C
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements.""
+CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements."
 CKA_ISSUER MULTILINE_OCTAL
 \060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
 \020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141
 \170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151
 \146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151
 \146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
 END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
--- a/security/nss/lib/dbm/include/mcom_db.h
+++ b/security/nss/lib/dbm/include/mcom_db.h
@@ -40,17 +40,21 @@
 #endif
 #include "prtypes.h"
 
 #if !defined(XP_BEOS) && !defined(XP_OS2) && !defined(XP_UNIX) || defined(NTO)
 typedef PRUintn uint;
 #endif
 typedef PRUint8 uint8;
 typedef PRUint16 uint16;
+/* On AIX 5.2, sys/inttypes.h (which is included by sys/types.h)
+ * defines the types int8, int16, int32, and int64. */
+#if !defined(AIX)
 typedef PRInt32 int32;
+#endif
 typedef PRUint32 uint32;
 
 #include <limits.h>
 
 #ifdef __DBINTERFACE_PRIVATE
 
 #ifdef HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -90,17 +90,17 @@ endif
 ifdef FREEBL_PRELINK_COMMAND
 	DEFINES +=-DFREEBL_PRELINK_COMMAND=\"$(FREEBL_PRELINK_COMMAND)\"
 endif
 # NSS_X86 means the target is a 32-bits x86 CPU architecture
 # NSS_X64 means the target is a 64-bits 64 CPU architecture
 # NSS_X86_OR_X64 means the target is either x86 or x64
 ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
         DEFINES += -DNSS_X86_OR_X64
-ifdef USE_64
+ifneq (,$(USE_64)$(USE_X32))
         DEFINES += -DNSS_X64
 else
         DEFINES += -DNSS_X86
 endif
 endif
 
 ifeq ($(OS_TARGET),OSF1)
     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD
@@ -175,17 +175,17 @@ ifeq ($(CPU_ARCH),x86)
     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
     DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
 endif
 endif # Darwin
 
 ifeq ($(OS_TARGET),Linux)
 ifeq ($(CPU_ARCH),x86_64)
     ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
-    ASFLAGS += -m64 -fPIC -Wa,--noexecstack
+    ASFLAGS += -fPIC -Wa,--noexecstack
     DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
     DEFINES += -DNSS_USE_COMBA
     DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
 #   DEFINES += -DMPI_AMD64_ADD
     # comment the next two lines to turn off intel HW accelleration
     DEFINES += -DUSE_HW_AES
     ASFILES += intel-aes.s intel-gcm.s
     EXTRA_SRCS += intel-gcm-wrap.c
--- a/security/nss/lib/freebl/arcfour.c
+++ b/security/nss/lib/freebl/arcfour.c
@@ -25,17 +25,17 @@
 #if defined(AIX) || defined(OSF1) || defined(NSS_BEVAND_ARCFOUR)
 /* Treat array variables as words, not bytes, on CPUs that take 
  * much longer to write bytes than to write words, or when using 
  * assembler code that required it.
  */
 #define USE_WORD
 #endif
 
-#if (defined(IS_64))
+#if defined(IS_64) || defined(NSS_BEVAND_ARCFOUR)
 typedef PRUint64 WORD;
 #else
 typedef PRUint32 WORD;
 #endif
 #define WORDSIZE sizeof(WORD)
 
 #if defined(USE_WORD)
 typedef WORD Stype;
--- a/security/nss/lib/freebl/mpi/mpi.h
+++ b/security/nss/lib/freebl/mpi/mpi.h
@@ -51,21 +51,21 @@ typedef int               mp_err;
 #if !defined(ULONG_MAX) 
 #error "ULONG_MAX not defined"
 #elif !defined(UINT_MAX)
 #error "UINT_MAX not defined"
 #elif !defined(USHRT_MAX)
 #error "USHRT_MAX not defined"
 #endif
 
-#if defined(ULONG_LONG_MAX)			/* GCC, HPUX */
-#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
-#elif defined(ULLONG_MAX)			/* Solaris */
+#if defined(ULLONG_MAX)				/* C99, Solaris */
 #define MP_ULONG_LONG_MAX ULLONG_MAX
 /* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */
+#elif defined(ULONG_LONG_MAX)			/* HPUX */
+#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
 #elif defined(ULONGLONG_MAX)			/* IRIX, AIX */
 #define MP_ULONG_LONG_MAX ULONGLONG_MAX
 #endif
 
 /* We only use unsigned long for mp_digit iff long is more than 32 bits. */
 #if !defined(MP_USE_UINT_DIGIT) && ULONG_MAX > MP_32BIT_MAX
 typedef unsigned long     mp_digit;
 #define MP_DIGIT_MAX      ULONG_MAX
--- a/security/nss/lib/libpkix/include/pkix_pl_pki.h
+++ b/security/nss/lib/libpkix/include/pkix_pl_pki.h
@@ -1510,17 +1510,17 @@ typedef enum PKIX_PL_TrustAnchorModeEnum
         PKIX_PL_TrustAnchorMode_Additive,
 
         /* Indicates that ONLY trust anchors should be considered as
          * trustworthy.
          * Note: If the underlying platform supports marking a certificate as
          *       explicitly untrustworthy, explicitly configured trust anchors
          *       MAY be ignored/rejected.
          */
-        PKIX_PL_TrustAnchorMode_Exclusive,
+        PKIX_PL_TrustAnchorMode_Exclusive
 } PKIX_PL_TrustAnchorMode;
 
 /*
  * FUNCTION: PKIX_PL_Cert_IsCertTrusted
  * DESCRIPTION:
  *
  *  Checks the Cert specified by "cert" to determine, in a manner that depends
  *  on the underlying platform, whether it is trusted, and stores the result in
--- a/security/nss/lib/pk11wrap/pk11pub.h
+++ b/security/nss/lib/pk11wrap/pk11pub.h
@@ -767,17 +767,18 @@ CK_MECHANISM_TYPE
 PK11_GetPBECryptoMechanism(SECAlgorithmID *algid, 
 			   SECItem **param, SECItem *pwd);
 
 /**********************************************************************
  * Functions to manage secmod flags
  **********************************************************************/
 PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size);
 SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
-				   PK11DefaultArrayEntry *entry, PRBool add);
+				   const PK11DefaultArrayEntry *entry,
+				   PRBool add);
 
 /**********************************************************************
  * Functions to look at PKCS #11 dependent data
  **********************************************************************/
 PK11GenericObject *PK11_FindGenericObjects(PK11SlotInfo *slot, 
 						CK_OBJECT_CLASS objClass);
 PK11GenericObject *PK11_GetNextGenericObject(PK11GenericObject *object);
 PK11GenericObject *PK11_GetPrevGenericObject(PK11GenericObject *object);
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -943,19 +943,20 @@ PK11_LoadSlotList(PK11SlotInfo *slot, PK
 }
 
 
 /*
  * update a slot to its new attribute according to the slot list
  * returns: SECSuccess if nothing to do or add/delete is successful
  */
 SECStatus
-PK11_UpdateSlotAttribute(PK11SlotInfo *slot, PK11DefaultArrayEntry *entry,
-                        PRBool add)  
-                        /* add: PR_TRUE if want to turn on */
+PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
+                         const PK11DefaultArrayEntry *entry,
+                         PRBool add)
+                         /* add: PR_TRUE if want to turn on */
 {
     SECStatus result = SECSuccess;
     PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism);
 
     if (add) { /* trying to turn on a mechanism */
                  
         /* turn on the default flag in the slot */
         slot->defaultFlags |= entry->flag;
--- a/security/nss/lib/ssl/derive.c
+++ b/security/nss/lib/ssl/derive.c
@@ -629,31 +629,31 @@ SSL_CanBypass(CERTCertificate *cert, SEC
     srvPubkey = CERT_ExtractPublicKey(cert);
     if (!srvPubkey)
         return SECFailure;
 	
     *pcanbypass = PR_TRUE;
     rv = SECFailure;
     
     /* determine which KEAs to test */
-    /* 0 (SSL_NULL_WITH_NULL_NULL) is used as a list terminator because
+    /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
      * SSL3 and TLS specs forbid negotiating that cipher suite number.
      */
     for (i=0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
 	/* skip SSL2 cipher suites and ones NSS doesn't support */
 	if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess
 	    || SSL_IS_SSL2_CIPHER(suite) )
 	    continue;
 	switch (csdef.keaType) {
 	case ssl_kea_rsa:
 	    switch (csdef.cipherSuite) {
 	    case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
 	    case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
-	    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
-	    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+	    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+	    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
 		testrsa_export = PR_TRUE;
 	    }
 	    if (!testrsa_export)
 		testrsa = PR_TRUE;
 	    break;
 	case ssl_kea_ecdh:
 	    if (strcmp(csdef.keaTypeName, "ECDHE") == 0) /* ephemeral? */
 		testecdhe = PR_TRUE;
--- a/security/nss/lib/ssl/dtlscon.c
+++ b/security/nss/lib/ssl/dtlscon.c
@@ -34,20 +34,20 @@ static const ssl3CipherSuite nonDTLSSuit
     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
     TLS_ECDHE_RSA_WITH_RC4_128_SHA,
 #endif /* NSS_DISABLE_ECC */
     TLS_DHE_DSS_WITH_RC4_128_SHA,
 #ifndef NSS_DISABLE_ECC
     TLS_ECDH_RSA_WITH_RC4_128_SHA,
     TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
 #endif /* NSS_DISABLE_ECC */
-    SSL_RSA_WITH_RC4_128_MD5,
-    SSL_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
+    TLS_RSA_WITH_RC4_128_SHA,
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
     0 /* End of list marker */
 };
 
 /* Map back and forth between TLS and DTLS versions in wire format.
  * Mapping table is:
  *
  * TLS             DTLS
  * 1.1 (0302)      1.0 (feff)
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -113,18 +113,18 @@ static ssl3CipherSuiteCfg cipherSuites[s
  { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_DHE_DSS_WITH_RC4_128_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
 #ifndef NSS_DISABLE_ECC
  { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
@@ -138,44 +138,44 @@ static ssl3CipherSuiteCfg cipherSuites[s
  { TLS_RSA_WITH_AES_128_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_RSA_WITH_AES_128_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_AES_256_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_RSA_WITH_AES_256_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_SEED_CBC_SHA,               SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
- { SSL_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
 
  /* 56-bit DES "domestic" cipher suites */
- { SSL_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { SSL_RSA_FIPS_WITH_DES_CBC_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* export ciphersuites with 1024-bit public key exchange keys */
  { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* export ciphersuites with 512-bit public key exchange keys */
- { SSL_RSA_EXPORT_WITH_RC4_40_MD5,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC4_40_MD5,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
 
  /* ciphersuites with no encryption */
 #ifndef NSS_DISABLE_ECC
  { TLS_ECDHE_ECDSA_WITH_NULL_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDHE_RSA_WITH_NULL_SHA,             SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_RSA_WITH_NULL_SHA,              SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_ECDH_ECDSA_WITH_NULL_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
 #endif /* NSS_DISABLE_ECC */
- { SSL_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
  { TLS_RSA_WITH_NULL_SHA256,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
- { SSL_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
 };
 
 /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
  */
 #ifdef DEBUG
 void ssl3_CheckCipherSuiteOrderConsistency()
 {
     unsigned int i;
@@ -308,59 +308,59 @@ static const ssl3KEADef kea_defs[] =
 #endif /* NSS_DISABLE_ECC */
 };
 
 /* must use ssl_LookupCipherSuiteDef to access */
 static const ssl3CipherSuiteDef cipher_suite_defs[] = 
 {
 /*  cipher_suite                    bulk_cipher_alg mac_alg key_exchange_alg */
 
-    {SSL_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null},
-    {SSL_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa},
-    {SSL_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa},
+    {TLS_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null},
+    {TLS_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa},
+    {TLS_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa},
     {TLS_RSA_WITH_NULL_SHA256,      cipher_null,   hmac_sha256, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
-    {SSL_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa},
-    {SSL_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+    {TLS_RSA_EXPORT_WITH_RC4_40_MD5,cipher_rc4_40, mac_md5, kea_rsa_export},
+    {TLS_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa},
+    {TLS_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa},
+    {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
                                     cipher_rc2_40, mac_md5, kea_rsa_export},
 #if 0 /* not implemented */
-    {SSL_RSA_WITH_IDEA_CBC_SHA,     cipher_idea,   mac_sha, kea_rsa},
-    {SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_RSA_WITH_IDEA_CBC_SHA,     cipher_idea,   mac_sha, kea_rsa},
+    {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_rsa_export},
 #endif
-    {SSL_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa},
-    {SSL_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa},
-    {SSL_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss},
-    {SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    {TLS_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa},
+    {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa},
+    {TLS_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss},
+    {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
                                     cipher_3des,   mac_sha, kea_dhe_dss},
     {TLS_DHE_DSS_WITH_RC4_128_SHA,  cipher_rc4,    mac_sha, kea_dhe_dss},
 #if 0 /* not implemented */
-    {SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_dss_export},
-    {SSL_DH_DSS_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_dss},
-    {SSL_DH_DSS_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_dss},
-    {SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_DSS_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_dss},
+    {TLS_DH_DSS_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_dss},
+    {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_rsa_export},
-    {SSL_DH_RSA_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_rsa},
-    {SSL_DH_RSA_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_rsa},
-    {SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_RSA_DES_CBC_SHA,        cipher_des,    mac_sha, kea_dh_rsa},
+    {TLS_DH_RSA_3DES_CBC_SHA,       cipher_3des,   mac_sha, kea_dh_rsa},
+    {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_dss_export},
-    {SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_rsa_export},
 #endif
-    {SSL_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa},
-    {SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    {TLS_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa},
+    {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
                                     cipher_3des,   mac_sha, kea_dhe_rsa},
 #if 0
     {SSL_DH_ANON_EXPORT_RC4_40_MD5, cipher_rc4_40, mac_md5, kea_dh_anon_export},
-    {SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+    {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
                                     cipher_des40,  mac_sha, kea_dh_anon_export},
-    {SSL_DH_ANON_DES_CBC_SHA,       cipher_des,    mac_sha, kea_dh_anon},
-    {SSL_DH_ANON_3DES_CBC_SHA,      cipher_3des,   mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_3DES_CBC_SHA, cipher_3des,   mac_sha, kea_dh_anon},
 #endif
 
 
 /* New TLS cipher suites */
     {TLS_RSA_WITH_AES_128_CBC_SHA,     	cipher_aes_128, mac_sha, kea_rsa},
     {TLS_RSA_WITH_AES_128_CBC_SHA256,	cipher_aes_128, hmac_sha256, kea_rsa},
     {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dhe_dss},
     {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dhe_rsa},
@@ -368,20 +368,20 @@ static const ssl3CipherSuiteDef cipher_s
     {TLS_RSA_WITH_AES_256_CBC_SHA,     	cipher_aes_256, mac_sha, kea_rsa},
     {TLS_RSA_WITH_AES_256_CBC_SHA256,	cipher_aes_256, hmac_sha256, kea_rsa},
     {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dhe_dss},
     {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dhe_rsa},
     {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa},
 #if 0
     {TLS_DH_DSS_WITH_AES_128_CBC_SHA,  	cipher_aes_128, mac_sha, kea_dh_dss},
     {TLS_DH_RSA_WITH_AES_128_CBC_SHA,  	cipher_aes_128, mac_sha, kea_dh_rsa},
-    {TLS_DH_ANON_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_AES_128_CBC_SHA, 	cipher_aes_128, mac_sha, kea_dh_anon},
     {TLS_DH_DSS_WITH_AES_256_CBC_SHA,  	cipher_aes_256, mac_sha, kea_dh_dss},
     {TLS_DH_RSA_WITH_AES_256_CBC_SHA,  	cipher_aes_256, mac_sha, kea_dh_rsa},
-    {TLS_DH_ANON_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dh_anon},
+    {TLS_DH_anon_WITH_AES_256_CBC_SHA, 	cipher_aes_256, mac_sha, kea_dh_anon},
 #endif
 
     {TLS_RSA_WITH_SEED_CBC_SHA,	    cipher_seed,   mac_sha, kea_rsa},
 
     {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa},
     {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
      cipher_camellia_128, mac_sha, kea_dhe_dss},
     {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
@@ -617,25 +617,25 @@ ssl3_CipherSuiteAllowedForVersionRange(
     ssl3CipherSuite cipherSuite,
     const SSLVersionRange *vrange)
 {
     switch (cipherSuite) {
     /* See RFC 4346 A.5. Export cipher suites must not be used in TLS 1.1 or
      * later. This set of cipher suites is similar to, but different from, the
      * set of cipher suites considered exportable by SSL_IsExportCipherSuite.
      */
-    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
-    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
-    /*   SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:      never implemented
-     *   SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-     *   SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:   never implemented
-     *   SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-     *   SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:  never implemented
-     *   SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5:     never implemented
-     *   SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+    /*   TLS_RSA_EXPORT_WITH_DES40_CBC_SHA:      never implemented
+     *   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:   never implemented
+     *   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:   never implemented
+     *   TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+     *   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:  never implemented
+     *   TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:     never implemented
+     *   TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:  never implemented
      */
 	return vrange->min <= SSL_LIBRARY_VERSION_TLS_1_0;
     case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
     case TLS_RSA_WITH_AES_256_CBC_SHA256:
     case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
     case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
     case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
     case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
@@ -9404,27 +9404,31 @@ ssl3_HandleNewSessionTicket(sslSocket *s
 	(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
 	PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
 	return SECFailure;
     }
     ss->ssl3.hs.newSessionTicket.ticket_lifetime_hint =
 	(PRUint32)ssl3_ConsumeHandshakeNumber(ss, 4, &b, &length);
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length);
-    if (length != 0 || rv != SECSuccess) {
+    if (rv != SECSuccess || length != 0) {
 	(void)SSL3_SendAlert(ss, alert_fatal, decode_error);
 	PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
 	return SECFailure;  /* malformed */
     }
-    rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
-			  &ticketData);
-    if (rv != SECSuccess) {
-	return rv;
-    }
-    ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
+    /* If the server sent a zero-length ticket, ignore it and keep the
+     * existing ticket. */
+    if (ticketData.len != 0) {
+	rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
+			      &ticketData);
+	if (rv != SECSuccess) {
+	    return rv;
+	}
+	ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
+    }
 
     ss->ssl3.hs.ws = wait_change_cipher;
     return SECSuccess;
 }
 
 #ifdef NISCC_TEST
 static PRInt32 connNum = 0;
 
--- a/security/nss/lib/ssl/sslenum.c
+++ b/security/nss/lib/ssl/sslenum.c
@@ -71,18 +71,18 @@ const PRUint16 SSL_ImplementedCiphers[] 
     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
     TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
     TLS_DHE_DSS_WITH_RC4_128_SHA,
 
 #ifndef NSS_DISABLE_ECC
     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
     TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
@@ -95,44 +95,44 @@ const PRUint16 SSL_ImplementedCiphers[] 
     TLS_RSA_WITH_AES_128_CBC_SHA,
     TLS_RSA_WITH_AES_128_CBC_SHA256,
     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
     TLS_RSA_WITH_AES_256_CBC_SHA,
     TLS_RSA_WITH_AES_256_CBC_SHA256,
     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
     TLS_RSA_WITH_SEED_CBC_SHA,
     SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
-    SSL_RSA_WITH_3DES_EDE_CBC_SHA,
-    SSL_RSA_WITH_RC4_128_SHA,
-    SSL_RSA_WITH_RC4_128_MD5,
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
 
     /* 56-bit DES "domestic" cipher suites */
-    SSL_DHE_RSA_WITH_DES_CBC_SHA,
-    SSL_DHE_DSS_WITH_DES_CBC_SHA,
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,
     SSL_RSA_FIPS_WITH_DES_CBC_SHA,
-    SSL_RSA_WITH_DES_CBC_SHA,
+    TLS_RSA_WITH_DES_CBC_SHA,
 
     /* export ciphersuites with 1024-bit public key exchange keys */
     TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
     TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
 
     /* export ciphersuites with 512-bit public key exchange keys */
-    SSL_RSA_EXPORT_WITH_RC4_40_MD5,
-    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
+    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
 
     /* ciphersuites with no encryption */
 #ifndef NSS_DISABLE_ECC
     TLS_ECDHE_ECDSA_WITH_NULL_SHA,
     TLS_ECDHE_RSA_WITH_NULL_SHA,
     TLS_ECDH_RSA_WITH_NULL_SHA,
     TLS_ECDH_ECDSA_WITH_NULL_SHA,
 #endif /* NSS_DISABLE_ECC */
-    SSL_RSA_WITH_NULL_SHA,
+    TLS_RSA_WITH_NULL_SHA,
     TLS_RSA_WITH_NULL_SHA256,
-    SSL_RSA_WITH_NULL_MD5,
+    TLS_RSA_WITH_NULL_MD5,
 
     /* SSL2 cipher suites. */
     SSL_EN_RC4_128_WITH_MD5,
     SSL_EN_RC2_128_CBC_WITH_MD5,
     SSL_EN_DES_192_EDE3_CBC_WITH_MD5,  /* actually 112, not 192 */
     SSL_EN_DES_64_CBC_WITH_MD5,
     SSL_EN_RC4_128_EXPORT40_WITH_MD5,
     SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,
--- a/security/nss/lib/ssl/sslinfo.c
+++ b/security/nss/lib/ssl/sslinfo.c
@@ -143,38 +143,38 @@ static const SSLCipherSuiteInfo suiteInf
 {0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
 {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA),          S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256),   S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, },
 {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256),   S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
 {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA),      S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA),      S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_SEED_CBC_SHA),             S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA),     S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
-{0,CS(SSL_RSA_WITH_RC4_128_MD5),              S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_SHA),              S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_RC4_128_MD5),              S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256),       S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
 {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA),          S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
 
-{0,CS(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA),     S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA),     S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA),     S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA),     S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
 {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA),    S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 1, },
-{0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA),         S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
+{0,CS(TLS_RSA_WITH_3DES_EDE_CBC_SHA),         S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
 
-{0,CS(SSL_DHE_RSA_WITH_DES_CBC_SHA),          S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
-{0,CS(SSL_DHE_DSS_WITH_DES_CBC_SHA),          S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_RSA_WITH_DES_CBC_SHA),          S_RSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_DHE_DSS_WITH_DES_CBC_SHA),          S_DSA, K_DHE, C_DES, B_DES, M_SHA, 0, 0, 0, },
 {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA),         S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 1, },
-{0,CS(SSL_RSA_WITH_DES_CBC_SHA),              S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
+{0,CS(TLS_RSA_WITH_DES_CBC_SHA),              S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 0, 0, },
 
 {0,CS(TLS_RSA_EXPORT1024_WITH_RC4_56_SHA),    S_RSA, K_RSA, C_RC4, B_56,  M_SHA, 0, 1, 0, },
 {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA),   S_RSA, K_RSA, C_DES, B_DES, M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC4_40_MD5),        S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0, },
-{0,CS(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5),    S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC4_40_MD5),        S_RSA, K_RSA, C_RC4, B_40,  M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5),    S_RSA, K_RSA, C_RC2, B_40,  M_MD5, 0, 1, 0, },
 {0,CS(TLS_RSA_WITH_NULL_SHA256),              S_RSA, K_RSA, C_NULL,B_0,   M_SHA256, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_SHA),                 S_RSA, K_RSA, C_NULL,B_0,   M_SHA, 0, 1, 0, },
-{0,CS(SSL_RSA_WITH_NULL_MD5),                 S_RSA, K_RSA, C_NULL,B_0,   M_MD5, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_SHA),                 S_RSA, K_RSA, C_NULL,B_0,   M_SHA, 0, 1, 0, },
+{0,CS(TLS_RSA_WITH_NULL_MD5),                 S_RSA, K_RSA, C_NULL,B_0,   M_MD5, 0, 1, 0, },
 
 #ifndef NSS_DISABLE_ECC
 /* ECC cipher suites */
 {0,CS(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
 {0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
 
 {0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA),          S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
 {0,CS(TLS_ECDH_ECDSA_WITH_RC4_128_SHA),       S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, 0, 0, 0, },
--- a/security/nss/lib/ssl/sslnonce.c
+++ b/security/nss/lib/ssl/sslnonce.c
@@ -478,28 +478,26 @@ ssl_Time(void)
 }
 
 void
 ssl3_SetSIDSessionTicket(sslSessionID *sid,
                          /*in/out*/ NewSessionTicket *newSessionTicket)
 {
     PORT_Assert(sid);
     PORT_Assert(newSessionTicket);
+    PORT_Assert(newSessionTicket->ticket.data);
+    PORT_Assert(newSessionTicket->ticket.len != 0);
 
     /* if sid->u.ssl3.lock, we are updating an existing entry that is already
      * cached or was once cached, so we need to acquire and release the write
      * lock. Otherwise, this is a new session that isn't shared with anything
      * yet, so no locking is needed.
      */
     if (sid->u.ssl3.lock) {
 	PR_RWLock_Wlock(sid->u.ssl3.lock);
-
-	/* A server might have sent us an empty ticket, which has the
-	 * effect of clearing the previously known ticket.
-	 */
 	if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
 	    SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
 			     PR_FALSE);
 	}
     }
 
     PORT_Assert(!sid->u.ssl3.locked.sessionTicket.ticket.data);
 
--- a/security/nss/lib/ssl/sslproto.h
+++ b/security/nss/lib/ssl/sslproto.h
@@ -76,94 +76,128 @@
 #define SSL_EN_RC4_128_WITH_MD5			0xFF01
 #define SSL_EN_RC4_128_EXPORT40_WITH_MD5	0xFF02
 #define SSL_EN_RC2_128_CBC_WITH_MD5		0xFF03
 #define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5	0xFF04
 #define SSL_EN_IDEA_128_CBC_WITH_MD5		0xFF05
 #define SSL_EN_DES_64_CBC_WITH_MD5		0xFF06
 #define SSL_EN_DES_192_EDE3_CBC_WITH_MD5	0xFF07
 
-/* SSL v3 Cipher Suites */
-#define SSL_NULL_WITH_NULL_NULL			0x0000
+/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
+#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
+#define SSL_NULL_WITH_NULL_NULL                TLS_NULL_WITH_NULL_NULL
+#define SSL_RSA_WITH_NULL_MD5                  TLS_RSA_WITH_NULL_MD5
+#define SSL_RSA_WITH_NULL_SHA                  TLS_RSA_WITH_NULL_SHA
+#define SSL_RSA_EXPORT_WITH_RC4_40_MD5         TLS_RSA_EXPORT_WITH_RC4_40_MD5
+#define SSL_RSA_WITH_RC4_128_MD5               TLS_RSA_WITH_RC4_128_MD5
+#define SSL_RSA_WITH_RC4_128_SHA               TLS_RSA_WITH_RC4_128_SHA
+#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5     TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
+#define SSL_RSA_WITH_IDEA_CBC_SHA              TLS_RSA_WITH_IDEA_CBC_SHA
+#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA      TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_RSA_WITH_DES_CBC_SHA               TLS_RSA_WITH_DES_CBC_SHA
+#define SSL_RSA_WITH_3DES_EDE_CBC_SHA          TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_DSS_WITH_DES_CBC_SHA            TLS_DH_DSS_WITH_DES_CBC_SHA
+#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA       TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_RSA_WITH_DES_CBC_SHA            TLS_DH_RSA_WITH_DES_CBC_SHA
+#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA       TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_DSS_WITH_DES_CBC_SHA           TLS_DHE_DSS_WITH_DES_CBC_SHA
+#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_RSA_WITH_DES_CBC_SHA           TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_WITH_RC4_128_MD5           TLS_DH_anon_WITH_RC4_128_MD5
+#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_ANON_WITH_DES_CBC_SHA           TLS_DH_anon_WITH_DES_CBC_SHA
+#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA      TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5     TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
+#define TLS_DH_ANON_WITH_AES_128_CBC_SHA       TLS_DH_anon_WITH_AES_128_CBC_SHA
+#define TLS_DH_ANON_WITH_AES_256_CBC_SHA       TLS_DH_anon_WITH_AES_256_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
+#endif
 
-#define SSL_RSA_WITH_NULL_MD5			0x0001
-#define SSL_RSA_WITH_NULL_SHA			0x0002
-#define SSL_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
-#define SSL_RSA_WITH_RC4_128_MD5		0x0004
-#define SSL_RSA_WITH_RC4_128_SHA		0x0005
-#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
-#define SSL_RSA_WITH_IDEA_CBC_SHA		0x0007
-#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
-#define SSL_RSA_WITH_DES_CBC_SHA		0x0009
-#define SSL_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
-						       
-#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
-#define SSL_DH_DSS_WITH_DES_CBC_SHA		0x000c
-#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
-#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
-#define SSL_DH_RSA_WITH_DES_CBC_SHA		0x000f
-#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
-						       
-#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
-#define SSL_DHE_DSS_WITH_DES_CBC_SHA		0x0012
-#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
-#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
-#define SSL_DHE_RSA_WITH_DES_CBC_SHA		0x0015
-#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
-						       
-#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5	0x0017
-#define SSL_DH_ANON_WITH_RC4_128_MD5		0x0018
-#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA	0x0019
-#define SSL_DH_ANON_WITH_DES_CBC_SHA		0x001a
-#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA	0x001b
+#define TLS_NULL_WITH_NULL_NULL			0x0000
+
+#define TLS_RSA_WITH_NULL_MD5			0x0001
+#define TLS_RSA_WITH_NULL_SHA			0x0002
+#define TLS_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
+#define TLS_RSA_WITH_RC4_128_MD5		0x0004
+#define TLS_RSA_WITH_RC4_128_SHA		0x0005
+#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
+#define TLS_RSA_WITH_IDEA_CBC_SHA		0x0007
+#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
+#define TLS_RSA_WITH_DES_CBC_SHA		0x0009
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
+
+#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
+#define TLS_DH_DSS_WITH_DES_CBC_SHA		0x000c
+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
+#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
+#define TLS_DH_RSA_WITH_DES_CBC_SHA		0x000f
+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
+
+#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
+#define TLS_DHE_DSS_WITH_DES_CBC_SHA		0x0012
+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
+#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA		0x0015
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
+
+#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	0x0017
+#define TLS_DH_anon_WITH_RC4_128_MD5		0x0018
+#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	0x0019
+#define TLS_DH_anon_WITH_DES_CBC_SHA		0x001a
+#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001b
 
 #define SSL_FORTEZZA_DMS_WITH_NULL_SHA		0x001c /* deprecated */
 #define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA	0x001d /* deprecated */
 #define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	0x001e /* deprecated */
 
-/* New TLS cipher suites */
 #define TLS_RSA_WITH_AES_128_CBC_SHA      	0x002F
 #define TLS_DH_DSS_WITH_AES_128_CBC_SHA   	0x0030
 #define TLS_DH_RSA_WITH_AES_128_CBC_SHA   	0x0031
 #define TLS_DHE_DSS_WITH_AES_128_CBC_SHA  	0x0032
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA  	0x0033
-#define TLS_DH_ANON_WITH_AES_128_CBC_SHA  	0x0034
+#define TLS_DH_anon_WITH_AES_128_CBC_SHA  	0x0034
 
 #define TLS_RSA_WITH_AES_256_CBC_SHA      	0x0035
 #define TLS_DH_DSS_WITH_AES_256_CBC_SHA   	0x0036
 #define TLS_DH_RSA_WITH_AES_256_CBC_SHA   	0x0037
 #define TLS_DHE_DSS_WITH_AES_256_CBC_SHA  	0x0038
 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA  	0x0039
-#define TLS_DH_ANON_WITH_AES_256_CBC_SHA  	0x003A
+#define TLS_DH_anon_WITH_AES_256_CBC_SHA  	0x003A
 #define TLS_RSA_WITH_NULL_SHA256		0x003B
 #define TLS_RSA_WITH_AES_128_CBC_SHA256  	0x003C
 #define TLS_RSA_WITH_AES_256_CBC_SHA256  	0x003D
 
 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      	0x0041
 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   	0x0042
 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   	0x0043
 #define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  	0x0044
 #define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  	0x0045
-#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  	0x0046
+#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  	0x0046
 
 #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
 
 #define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
 #define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
 #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
 
 #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      	0x0084
 #define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   	0x0085
 #define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   	0x0086
 #define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  	0x0087
 #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  	0x0088
-#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  	0x0089
+#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  	0x0089
 
 #define TLS_RSA_WITH_SEED_CBC_SHA		0x0096
 
 #define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E
 #define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256     0x00A2
 
 /* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
--- a/security/nss/lib/zlib/config.mk
+++ b/security/nss/lib/zlib/config.mk
@@ -9,8 +9,12 @@
 #
 
 TARGETS        = $(LIBRARY) $(PROGRAMS)
 SHARED_LIBRARY =
 IMPORT_LIBRARY =
 PROGRAM        =
 
 EXTRA_LIBS     = $(LIBRARY)
+
+ifeq ($(OS_TARGET),Linux)
+DEFINES += -DHAVE_UNISTD_H
+endif
--- a/security/nss/tests/cert/cert.sh
+++ b/security/nss/tests/cert/cert.sh
@@ -935,18 +935,18 @@ cert_ssl()
 
   if [ "$CERTFAILED" != 0 ] ; then
       cert_log "ERROR: SSL failed $RET"
   else
       cert_log "SUCCESS: SSL passed"
   fi
 
   echo "$SCRIPTNAME: Creating database for OCSP stapling tests  ==============="
-  echo "cp -rv ${SERVERDIR} ${STAPLINGDIR}"
-  cp -rv ${R_SERVERDIR} ${R_STAPLINGDIR}
+  echo "cp -r ${SERVERDIR} ${STAPLINGDIR}"
+  cp -r ${R_SERVERDIR} ${R_STAPLINGDIR}
   pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR}
   pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
 }
 ############################## cert_stresscerts ################################
 # local shell function to create client certs for SSL stresstest
 ########################################################################
 cert_stresscerts()
 {
--- a/security/nss/tests/common/cleanup.sh
+++ b/security/nss/tests/common/cleanup.sh
@@ -9,16 +9,19 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "
     echo
     echo "SUMMARY:"
     echo "========"
     echo "NSS variables:"
     echo "--------------"
     echo "HOST=${HOST}"
     echo "DOMSUF=${DOMSUF}"
     echo "BUILD_OPT=${BUILD_OPT}"
+    if [ "${OS_ARCH}" = "Linux" ]; then
+        echo "USE_X32=${USE_X32}"
+    fi
     echo "USE_64=${USE_64}"
     echo "NSS_CYCLES=\"${NSS_CYCLES}\""
     echo "NSS_TESTS=\"${NSS_TESTS}\""
     echo "NSS_SSL_TESTS=\"${NSS_SSL_TESTS}\""
     echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\""
     echo "NSS_AIA_PATH=${NSS_AIA_PATH}"
     echo "NSS_AIA_HTTP=${NSS_AIA_HTTP}"
     echo "NSS_AIA_OCSP=${NSS_AIA_OCSP}"
--- a/testing/mochitest/tests/SimpleTest/paint_listener.js
+++ b/testing/mochitest/tests/SimpleTest/paint_listener.js
@@ -1,50 +1,65 @@
-var accumulatedRect = null;
-var onpaint = function() {};
-var debug = false;
+(function() {
+  var accumulatedRect = null;
+  var onpaint = function() {};
+  var debug = false;
+  const FlushModes = {
+    FLUSH: 0,
+    NOFLUSH: 1
+  };
 
-function paintListener(event) {
-  if (event.target != window)
-    return;
-  if (debug) {
-    dump("got MozAfterPaint: " + event.boundingClientRect.left + "," + event.boundingClientRect.top + "," +
-         event.boundingClientRect.right + "," + event.boundingClientRect.bottom + "\n");
+  function paintListener(event) {
+    if (event.target != window)
+      return;
+    var eventRect =
+      [ event.boundingClientRect.left,
+        event.boundingClientRect.top,
+        event.boundingClientRect.right,
+        event.boundingClientRect.bottom ];
+    if (debug) {
+      dump("got MozAfterPaint: " + eventRect.join(",") + "\n");
+    }
+    accumulatedRect = accumulatedRect
+                    ? [ Math.min(accumulatedRect[0], eventRect[0]),
+                        Math.min(accumulatedRect[1], eventRect[1]),
+                        Math.max(accumulatedRect[2], eventRect[2]),
+                        Math.max(accumulatedRect[3], eventRect[3]) ]
+                    : eventRect;
+    onpaint();
   }
-  if (accumulatedRect) {
-    accumulatedRect[0] = Math.min(accumulatedRect[0], event.boundingClientRect.left);
-    accumulatedRect[1] = Math.min(accumulatedRect[1], event.boundingClientRect.top);
-    accumulatedRect[2] = Math.max(accumulatedRect[2], event.boundingClientRect.right);
-    accumulatedRect[3] = Math.max(accumulatedRect[3], event.boundingClientRect.bottom);
-  } else {
-    accumulatedRect = [event.boundingClientRect.left, event.boundingClientRect.top,
-                       event.boundingClientRect.right, event.boundingClientRect.bottom];
-  }
-  onpaint();
-}
-window.addEventListener("MozAfterPaint", paintListener, false);
+  window.addEventListener("MozAfterPaint", paintListener, false);
 
-function waitForAllPaintsFlushed(callback, subdoc) {
-  document.documentElement.getBoundingClientRect();
-  if (subdoc) {
-    subdoc.documentElement.getBoundingClientRect();
-  }
-  var CI = Components.interfaces;
-  var utils = window.QueryInterface(CI.nsIInterfaceRequestor)
-              .getInterface(CI.nsIDOMWindowUtils);
-  if (!utils.isMozAfterPaintPending) {
-    if (debug) {
-      dump("done...\n");
+  function waitForPaints(callback, subdoc, flushMode) {
+    // The call to getBoundingClientRect will flush pending layout
+    // notifications. Sometimes, however, this is undesirable since it can mask
+    // bugs where the code under test should be performing the flush.
+    if (flushMode === FlushModes.FLUSH) {
+      document.documentElement.getBoundingClientRect();
+      if (subdoc) {
+        subdoc.documentElement.getBoundingClientRect();
+      }
     }
-    var result = accumulatedRect;
-    accumulatedRect = null;
-    onpaint = function() {};
-    if (!result) {
-      result = [0,0,0,0];
+    var utils = SpecialPowers.getDOMWindowUtils(window);
+    if (!utils.isMozAfterPaintPending) {
+      if (debug) {
+        dump("done...\n");
+      }
+      var result = accumulatedRect || [ 0, 0, 0, 0 ];
+      accumulatedRect = null;
+      onpaint = function() {};
+      callback.apply(null, result);
+      return;
     }
-    callback(result[0], result[1], result[2], result[3]);
-    return;
+    if (debug) {
+      dump("waiting for paint...\n");
+    }
+    onpaint = function() { waitForPaints(callback, subdoc, flushMode); };
   }
-  if (debug) {
-    dump("waiting for paint...\n");
-  }
-  onpaint = function() { waitForAllPaintsFlushed(callback, subdoc); };
-}
+
+  window.waitForAllPaintsFlushed = function(callback, subdoc) {
+    waitForPaints(callback, subdoc, FlushModes.FLUSH);
+  };
+
+  window.waitForAllPaints = function(callback) {
+    waitForPaints(callback, null, FlushModes.NOFLUSH);
+  };
+})();
--- a/widget/windows/WinUtils.cpp
+++ b/widget/windows/WinUtils.cpp
@@ -1,20 +1,25 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim:set ts=2 sts=2 sw=2 et cin: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "WinUtils.h"
+
+#include "gfxPlatform.h"
 #include "nsWindow.h"
 #include "nsWindowDefs.h"
 #include "KeyboardLayout.h"
 #include "nsIDOMMouseEvent.h"
+#include "mozilla/gfx/2D.h"
+#include "mozilla/gfx/DataSurfaceHelpers.h"
 #include "mozilla/Preferences.h"
+#include "mozilla/RefPtr.h"
 #include "mozilla/WindowsVersion.h"
 
 #ifdef MOZ_LOGGING
 #define FORCE_PR_LOG /* Allow logging in the release build */
 #endif // MOZ_LOGGING
 #include "prlog.h"
 
 #include "nsString.h"
@@ -44,16 +49,18 @@
 #include <textstor.h>
 #include "nsTextStore.h"
 #endif // #ifdef NS_ENABLE_TSF
 
 #ifdef PR_LOGGING
 PRLogModuleInfo* gWindowsLog = nullptr;
 #endif
 
+using namespace mozilla::gfx;
+
 namespace mozilla {
 namespace widget {
 
 NS_IMPL_ISUPPORTS1(myDownloadObserver, nsIDownloadObserver)
 #ifdef MOZ_PLACES
 NS_IMPL_ISUPPORTS1(AsyncFaviconDataReady, nsIFaviconDataCallback)
 #endif
 NS_IMPL_ISUPPORTS1(AsyncEncodeAndWriteIcon, nsIRunnable)
@@ -723,55 +730,73 @@ AsyncFaviconDataReady::OnComplete(nsIURI
   rv = imgtool->DecodeImageData(stream, aMimeType,
                                 getter_AddRefs(container));
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsRefPtr<gfxASurface> imgFrame =
     container->GetFrame(imgIContainer::FRAME_FIRST, 0);
   NS_ENSURE_TRUE(imgFrame, NS_ERROR_FAILURE);
 
-  nsRefPtr<gfxImageSurface> imageSurface;
-  gfxIntSize size;
+  RefPtr<SourceSurface> surface =
+    gfxPlatform::GetPlatform()->GetSourceSurfaceForSurface(nullptr, imgFrame);
+  NS_ENSURE_TRUE(surface, NS_ERROR_FAILURE);
+
+  RefPtr<DataSourceSurface> dataSurface;
+  IntSize size;
+
   if (mURLShortcut) {
-    imageSurface =
-      new gfxImageSurface(gfxIntSize(48, 48),
-                          gfxImageFormat::ARGB32);
-    gfxContext context(imageSurface);
-    context.SetOperator(gfxContext::OPERATOR_SOURCE);
-    context.SetColor(gfxRGBA(1, 1, 1, 1));
-    context.Rectangle(gfxRect(0, 0, 48, 48));
-    context.Fill();
+    // Create a 48x48 surface and paint the icon into the central 16x16 rect.
+    size.width = 48;
+    size.height = 48;
+    dataSurface =
+      Factory::CreateDataSourceSurface(size, SurfaceFormat::B8G8R8A8);
+    NS_ENSURE_TRUE(dataSurface, NS_ERROR_FAILURE);
+
+    DataSourceSurface::MappedSurface map;
+    if (!dataSurface->Map(DataSourceSurface::MapType::WRITE, &map)) {
+      return NS_ERROR_FAILURE;
+    }
 
-    context.Translate(gfxPoint(16, 16));
-    context.SetOperator(gfxContext::OPERATOR_OVER);
-    context.DrawSurface(imgFrame,  gfxSize(16, 16));
-    size = imageSurface->GetSize();
+    RefPtr<DrawTarget> dt =
+      Factory::CreateDrawTargetForData(BackendType::CAIRO,
+                                       map.mData,
+                                       dataSurface->GetSize(),
+                                       map.mStride,
+                                       dataSurface->GetFormat());
+    dt->FillRect(Rect(0, 0, size.width, size.height),
+                 ColorPattern(Color(1.0f, 1.0f, 1.0f, 1.0f)));
+    dt->DrawSurface(surface,
+                    Rect(16, 16, 16, 16),
+                    Rect(Point(0, 0),
+                         Size(surface->GetSize().width, surface->GetSize().height)));
+
+    dataSurface->Unmap();
   } else {
-    imageSurface = imgFrame->GetAsReadableARGB32ImageSurface();
     size.width = GetSystemMetrics(SM_CXSMICON);
     size.height = GetSystemMetrics(SM_CYSMICON);
     if (!size.width || !size.height) {
       size.width = 16;
       size.height = 16;
     }
+    dataSurface = surface->GetDataSurface();
   }
 
-  // Allocate a new buffer that we own and can use out of line in 
-  // another thread.  Copy the favicon raw data into it.
-  const fallible_t fallible = fallible_t();
-  uint8_t *data = new (fallible) uint8_t[imageSurface->GetDataSize()];
+  // Allocate a new buffer that we own and can use out of line in
+  // another thread.
+  uint8_t *data = SurfaceToPackedBGRA(dataSurface);
   if (!data) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
-  memcpy(data, imageSurface->Data(), imageSurface->GetDataSize());
+  int32_t stride = 4 * size.width;
+  int32_t dataLength = stride * size.height;
 
   // AsyncEncodeAndWriteIcon takes ownership of the heap allocated buffer
   nsCOMPtr<nsIRunnable> event = new AsyncEncodeAndWriteIcon(path, data,
-                                                            imageSurface->GetDataSize(),
-                                                            imageSurface->Stride(),
+                                                            dataLength,
+                                                            stride,
                                                             size.width,
                                                             size.height,
                                                             mURLShortcut);
   mIOThread->Dispatch(event, NS_DISPATCH_NORMAL);
 
   return NS_OK;
 }
 #endif