Merge m-c to s-c.
authorRichard Newman <rnewman@mozilla.com>
Thu, 18 Oct 2012 23:55:56 -0700
changeset 111119 5f938395b062c76f6eae3e512d57e5df48f8bfdc
parent 111118 9b5bd852aec9a5ae32f0de09ca822690ef851d81 (current diff)
parent 110841 3f2acb6146321f4c90b4fe3c5b0e36eb42141ca0 (diff)
child 111120 acf7f73e8b18d1400d690cda2c2ce470aa081a14
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
milestone19.0a1
Merge m-c to s-c.
security/patches/bug-797572
--- a/b2g/chrome/content/runapp.js
+++ b/b2g/chrome/content/runapp.js
@@ -1,44 +1,72 @@
+"use strict";
+
 // runapp.js:
 // Provide a --runapp APPNAME command-line option.
 
+let runAppObj;
 window.addEventListener('load', function() {
   // Get the command line arguments that were passed to the b2g client
   let args = window.arguments[0].QueryInterface(Ci.nsICommandLine);
   let appname;
 
   // - Check if the argument is present before doing any work.
   try {
     // Returns null if the argument was not specified.  Throws
     // NS_ERROR_INVALID_ARG if there is no parameter specified (because
     // it was the last argument or the next argument starts with '-').
     // However, someone could still explicitly pass an empty argument!
     appname = args.handleFlagWithParam('runapp', false);
-  }
-  catch(e) {
+  } catch(e) {
     // treat a missing parameter like an empty parameter (=> show usage)
     appname = '';
   }
 
   // not specified, bail.
-  if (appname === null)
+  if (appname === null) {
     return;
+  }
+
+  runAppObj = new AppRunner(appname);
+  Services.obs.addObserver(runAppObj, 'webapps-registry-ready', false);
+});
+
+window.addEventListener('unload', function() {
+  Services.obs.removeObserver(runAppObj, 'webapps-registry-ready');
+});
 
-  // - Get the list of apps since the parameter was specified
-  let appsReq = navigator.mozApps.mgmt.getAll();
-  appsReq.onsuccess = function() {
-    let apps = appsReq.result;
+function AppRunner(aName) {
+  this._req = null;
+  this._appName = aName;
+}
+AppRunner.prototype = {
+  observe: function(aSubject, aTopic, aData) {
+    if (aTopic == 'webapps-registry-ready') {
+      this.doRunApp();
+    }
+  },
+
+  doRunApp: function() {
+    // - Get the list of apps since the parameter was specified
+    this._req = navigator.mozApps.mgmt.getAll();
+    this._req.onsuccess = this.getAllSuccess.bind(this);
+    this._req.onerror = this.getAllError.bind(this);
+  },
+
+  getAllSuccess: function() {
+    let apps = this._req.result;
+
     function findAppWithName(name) {
       let normalizedSearchName = name.replace(/[- ]+/g, '').toLowerCase();
 
       for (let i = 0; i < apps.length; i++) {
         let app = apps[i];
         let normalizedAppName =
-              app.manifest.name.replace(/[- ]+/g, '').toLowerCase();
+          app.manifest.name.replace(/[- ]+/g, '').toLowerCase();
         if (normalizedSearchName === normalizedAppName) {
           return app;
         }
       }
       return null;
     }
 
     function usageAndDie(justApps) {
@@ -54,40 +82,41 @@ window.addEventListener('load', function
       for (let i = 0; i < apps.length; i++) {
         dump('  ' + apps[i].manifest.name + '\n');
       }
 
       // Exit the b2g client
       Services.startup.quit(Ci.nsIAppStartup.eAttemptQuit);
     }
 
-    if (appname === '') {
+    if (this._appName === '') {
       usageAndDie();
       return;
     }
 
-    let app = findAppWithName(appname);
+    let app = findAppWithName(this._appName);
     if (!app) {
-      dump('Could not find app: "' + appname + '". Maybe you meant one of:\n');
+      dump('Could not find app: "' + this._appName + '". Maybe you meant one of:\n');
       usageAndDie(true);
       return;
     }
 
     let setReq =
       navigator.mozSettings.createLock().set({'lockscreen.enabled': false});
     setReq.onsuccess = function() {
-      // give the event loop another turn to disable the lock screen
+      // give the event loop 100ms to disable the lock screen
       window.setTimeout(function() {
         dump('--runapp launching app: ' + app.manifest.name + '\n');
         app.launch();
-      }, 0);
+      }, 100);
     };
     setReq.onerror = function() {
       dump('--runapp failed to disable lock-screen.  Giving up.\n');
     };
 
     dump('--runapp found app: ' + app.manifest.name +
          ', disabling lock screen...\n');
- };
- appsReq.onerror = function() {
-   dump('Problem getting the list of all apps!');
- };
-});
+  },
+
+  getAllError: function() {
+    dump('Problem getting the list of all apps!');
+  }
+};
\ No newline at end of file
--- a/b2g/chrome/content/shell.xul
+++ b/b2g/chrome/content/shell.xul
@@ -12,16 +12,16 @@
 #endif
         style="background: black; overflow: hidden; width:320px; height:480px"
         onload="shell.start();"
         onunload="shell.stop();">
 
   <script type="application/javascript" src="chrome://browser/content/settings.js"/>
   <script type="application/javascript" src="chrome://browser/content/shell.js"/>
 
-#ifndef ANDROID
+#ifndef MOZ_WIDGET_GONK
   <!-- this script handles the screen argument for desktop builds -->
   <script type="application/javascript" src="chrome://browser/content/screen.js"/>
   <!-- this script handles the "runapp" argument for desktop builds -->
   <script type="application/javascript" src="chrome://browser/content/runapp.js"/>
 #endif
   <!-- The html:iframe containing the UI is created here. -->
 </window>
--- a/browser/app/macbuild/Contents/Info.plist.in
+++ b/browser/app/macbuild/Contents/Info.plist.in
@@ -198,16 +198,18 @@
 				<string>file</string>
 			</array>
 		</dict>
 	</array>
 	<key>CFBundleVersion</key>
 	<string>%MAC_BUNDLE_VERSION%</string>
 	<key>NSAppleScriptEnabled</key>
 	<true/>
+	<key>LSApplicationCategoryType</key>
+	<string>public.app-category.productivity</string>
 	<key>LSMinimumSystemVersion</key>
 	<string>10.6</string>
 	<key>LSMinimumSystemVersionByArchitecture</key>
 	<dict>
 		<key>i386</key>
 		<string>10.6.0</string>
 		<key>x86_64</key>
 		<string>10.6.0</string>
--- a/browser/base/content/abouthome/aboutHome.js
+++ b/browser/base/content/abouthome/aboutHome.js
@@ -95,19 +95,18 @@ let gObserver = new MutationObserver(fun
   }
 });
 
 window.addEventListener("load", function () {
   // Delay search engine setup, cause browser.js::BrowserOnAboutPageLoad runs
   // later and may use asynchronous getters.
   window.gObserver.observe(document.documentElement, { attributes: true });
   fitToWidth();
+  window.addEventListener("resize", fitToWidth);
 });
-window.addEventListener("resize", fitToWidth);
-
 
 function onSearchSubmit(aEvent)
 {
   let searchTerms = document.getElementById("searchText").value;
   let searchURL = document.documentElement.getAttribute("searchEngineURL");
   if (searchURL && searchTerms.length > 0) {
     const SEARCH_TOKENS = {
       "_searchTerms_": encodeURIComponent(searchTerms)
--- a/browser/base/content/test/browser_minimize.js
+++ b/browser/base/content/test/browser_minimize.js
@@ -15,16 +15,20 @@ function waitForInactive() {
         return;
     }
     is(gBrowser.docShell.isActive, false, "Docshell should be inactive");
     window.restore();
     waitForActive();
 }
 
 function test() {
+    registerCleanupFunction(function() {
+      window.restore();
+    });
+
     waitForExplicitFinish();
     is(gBrowser.docShell.isActive, true, "Docshell should be active");
     window.minimize();
     // XXX On Linux minimize/restore seem to be very very async, but
     // our window.windowState changes sync.... so we can't rely on the
     // latter correctly reflecting the state of the former.  In
     // particular, a restore() call before minimizing is done will not
     // actually restore the window, but change the window state.  As a
--- a/browser/themes/gnomestripe/downloads/downloads.css
+++ b/browser/themes/gnomestripe/downloads/downloads.css
@@ -28,16 +28,20 @@
   border-top: 1px solid ThreeDShadow;
   background-image: -moz-linear-gradient(hsla(0,0%,0%,.15), hsla(0,0%,0%,.08) 6px);
 }
 
 #downloadsHistory > .button-box {
   margin: 1em;
 }
 
+#downloadsHistory:-moz-focusring > .button-box {
+  outline: 1px -moz-dialogtext dotted;
+}
+
 /*** List items ***/
 
 richlistitem[type="download"] {
   height: 6em;
   margin: 0;
   border-top: 1px solid hsla(0,0%,100%,.2);
   border-bottom: 1px solid hsla(0,0%,0%,.15);
   background: transparent;
@@ -50,17 +54,17 @@ richlistitem[type="download"]:first-chil
   border-top: 1px solid transparent;
 }
 
 richlistitem[type="download"]:last-child {
   border-bottom: 1px solid transparent;
 }
 
 #downloadsListBox:-moz-focusring > richlistitem[type="download"][selected] {
-  outline: 1px #999 dotted;
+  outline: 1px -moz-dialogtext dotted;
   outline-offset: -1px;
   -moz-outline-radius: 3px;
 }
 
 .downloadTypeIcon {
   -moz-margin-end: 8px;
   /* Prevent flickering when changing states. */
   min-height: 32px;
@@ -93,16 +97,19 @@ richlistitem[type="download"]:last-child
   padding: 5px;
   list-style-image: url("chrome://browser/skin/downloads/buttons.png");
 }
 
 .downloadButton > .button-box {
   padding: 0;
 }
 
+.downloadButton:-moz-focusring > .button-box {
+  outline: 1px -moz-dialogtext dotted;
+}
 /*** Highlighted list items ***/
 
 richlistitem[type="download"][state="1"]:hover {
   border-radius: 3px;
   border-top: 1px solid hsla(0,0%,100%,.3);
   border-bottom: 1px solid hsla(0,0%,0%,.2);
   background-color: Highlight;
   background-image: -moz-linear-gradient(hsla(0,0%,100%,.1), hsla(0,0%,100%,0));
@@ -169,21 +176,16 @@ richlistitem[type="download"][state="1"]
 
 /*** Main indicator icon ***/
 
 #downloads-indicator-icon {
   background: -moz-image-rect(url("chrome://browser/skin/Toolbar-small.png"),
                               0, 16, 16, 0) center no-repeat;
 }
 
-#downloads-indicator-icon:-moz-lwtheme-brighttext {
-  background: -moz-image-rect(url("chrome://browser/skin/Toolbar-inverted.png"),
-                              0, 16, 16, 0) center no-repeat;
-}
-
 #downloads-indicator[attention] > #downloads-indicator-anchor > #downloads-indicator-icon {
   background: -moz-image-rect(url("chrome://browser/skin/downloads/download-glow.png"),
                               16, 32, 32, 16) center no-repeat;
 }
 
 #downloads-indicator:not([counter]) > #downloads-indicator-anchor > #downloads-indicator-progress-area > #downloads-indicator-counter {
   background: -moz-image-rect(url("chrome://browser/skin/Toolbar-small.png"),
                               0, 16, 16, 0) center no-repeat;
--- a/browser/themes/pinstripe/downloads/downloads.css
+++ b/browser/themes/pinstripe/downloads/downloads.css
@@ -38,16 +38,17 @@
 }
 
 #downloadsHistory > .button-box {
   color: #808080;
   margin: 1em;
 }
 
 #downloadsHistory:-moz-focusring > .button-box {
+  outline: 1px -moz-dialogtext dotted;
   border-top-left-radius: 6px;
   border-top-right-radius: 6px;
 }
 
 #downloadsPanel:not([hasdownloads]) > #downloadsHistory:-moz-focusring > .button-box {
   border-bottom-left-radius: 6px;
   border-bottom-right-radius: 6px;
 }
@@ -69,17 +70,17 @@ richlistitem[type="download"]:first-chil
   border-top: 1px solid transparent;
 }
 
 richlistitem[type="download"]:last-child {
   border-bottom: 1px solid transparent;
 }
 
 #downloadsListBox:-moz-focusring > richlistitem[type="download"][selected] {
-  outline: 1px #999 dotted;
+  outline: 1px -moz-dialogtext dotted;
   outline-offset: -1px;
   -moz-outline-radius: 3px;
 }
 
 .downloadTypeIcon {
   -moz-margin-end: 8px;
   /* Prevent flickering when changing states. */
   min-height: 32px;
@@ -111,16 +112,20 @@ richlistitem[type="download"]:last-child
   padding: 5px;
   list-style-image: url("chrome://browser/skin/downloads/buttons.png");
 }
 
 .downloadButton > .button-box {
   padding: 0;
 }
 
+.downloadButton:-moz-focusring > .button-box {
+  outline: 1px -moz-dialogtext dotted;
+}
+
 /*** Highlighted list items ***/
 
 richlistitem[type="download"][state="1"]:hover {
   border-radius: 3px;
   border-top: 1px solid hsla(0,0%,100%,.2);
   border-bottom: 1px solid hsla(0,0%,0%,.4);
   background-color: Highlight;
   background-image: -moz-linear-gradient(hsl(210,100%,50%), hsl(210,96%,41%));
@@ -168,21 +173,16 @@ richlistitem[type="download"][state="1"]
 
 /*** Main indicator icon ***/
 
 #downloads-indicator-icon {
   background: -moz-image-rect(url("chrome://browser/skin/Toolbar.png"),
                               0, 140, 20, 120) center no-repeat;
 }
 
-#downloads-indicator-icon:-moz-lwtheme-brighttext {
-  background: -moz-image-rect(url("chrome://browser/skin/Toolbar-inverted.png"),
-                              0, 140, 20, 120) center no-repeat;
-}
-
 #downloads-indicator[attention]
 #downloads-indicator-icon {
   background: -moz-image-rect(url("chrome://browser/skin/downloads/download-glow.png"),
                               14, 34, 34, 14) center no-repeat;
 }
 
 #downloads-indicator:not([counter])
 #downloads-indicator-counter {
--- a/browser/themes/winstripe/downloads/downloads.css
+++ b/browser/themes/winstripe/downloads/downloads.css
@@ -2,16 +2,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*** Panel and outer controls ***/
 
 %ifndef WINSTRIPE_AERO
 #downloadsHistory,
 #downloadsHistory:-moz-focusring > .button-box {
+  outline: 1px -moz-dialogtext dotted;
   border-bottom-left-radius: 6px;
   border-bottom-right-radius: 6px;
 }
 
 #downloadsPanel:not([hasdownloads]) > #downloadsHistory,
 #downloadsPanel:not([hasdownloads]) > #downloadsHistory:-moz-focusring > .button-box  {
   border-top-left-radius: 6px;
   border-top-right-radius: 6px;
@@ -64,17 +65,17 @@ richlistitem[type="download"]:first-chil
 
 @media (-moz-windows-default-theme) {
   richlistitem[type="download"]:last-child {
     border-bottom: 1px solid transparent;
   }
 }
 
 #downloadsListBox:-moz-focusring > richlistitem[type="download"][selected] {
-  outline: 1px #999 dotted;
+  outline: 1px -moz-dialogtext dotted;
   outline-offset: -1px;
   -moz-outline-radius: 3px;
 }
 
 .downloadTypeIcon {
   -moz-margin-end: 8px;
   /* Prevent flickering when changing states. */
   min-height: 32px;
@@ -106,16 +107,20 @@ richlistitem[type="download"]:first-chil
   padding: 5px;
   list-style-image: url("chrome://browser/skin/downloads/buttons.png");
 }
 
 .downloadButton > .button-box {
   padding: 0;
 }
 
+.downloadButton:-moz-focusring > .button-box {
+  outline: 1px -moz-dialogtext dotted;
+}
+
 /*** Highlighted list items ***/
 
 richlistitem[type="download"][state="1"]:hover {
   border-radius: 3px;
   border-top: 1px solid hsla(0,0%,100%,.2);
   border-bottom: 1px solid hsla(0,0%,0%,.2);
   background-color: Highlight;
   color: HighlightText;
--- a/build/autoconf/arch.m4
+++ b/build/autoconf/arch.m4
@@ -45,16 +45,20 @@ if test -z "$MOZ_ARCH"; then
         fi
         if test "$MOZ_PLATFORM_MAEMO" = 6; then
             MOZ_THUMB=yes
         fi
         ;;
     esac
 fi
 
+if test "$MOZ_ARCH" = "armv6" -a "$OS_TARGET" = "Android"; then
+   MOZ_FPU=vfp
+fi
+
 MOZ_ARG_WITH_STRING(thumb,
 [  --with-thumb[[=yes|no|toolchain-default]]]
 [                          Use Thumb instruction set (-mthumb)],
     if test -z "$GNU_CC"; then
         AC_MSG_ERROR([--with-thumb is not supported on non-GNU toolchains])
     fi
     MOZ_THUMB=$withval)
 
--- a/build/pymake/pymake/data.py
+++ b/build/pymake/pymake/data.py
@@ -1399,34 +1399,34 @@ class _CommandWrapper(object):
         self.usercb = cb
         process.call(self.cline, loc=self.loc, cb=self._cb, context=self.context, **self.kwargs)
 
 class _NativeWrapper(_CommandWrapper):
     def __init__(self, cline, ignoreErrors, loc, context,
                  pycommandpath, **kwargs):
         _CommandWrapper.__init__(self, cline, ignoreErrors, loc, context,
                                  **kwargs)
-        # get the module and method to call
-        parts, badchar = process.clinetoargv(cline, blacklist_gray=False)
-        if parts is None:
-            raise DataError("native command '%s': shell metacharacter '%s' in command line" % (cline, badchar), self.loc)
-        if len(parts) < 2:
-            raise DataError("native command '%s': no method name specified" % cline, self.loc)
         if pycommandpath:
             self.pycommandpath = re.split('[%s\s]+' % os.pathsep,
                                           pycommandpath)
         else:
             self.pycommandpath = None
-        self.module = parts[0]
-        self.method = parts[1]
-        self.cline_list = parts[2:]
 
     def __call__(self, cb):
+        # get the module and method to call
+        parts, badchar = process.clinetoargv(self.cline, self.kwargs['cwd'])
+        if parts is None:
+            raise DataError("native command '%s': shell metacharacter '%s' in command line" % (cline, badchar), self.loc)
+        if len(parts) < 2:
+            raise DataError("native command '%s': no method name specified" % cline, self.loc)
+        module = parts[0]
+        method = parts[1]
+        cline_list = parts[2:]
         self.usercb = cb
-        process.call_native(self.module, self.method, self.cline_list,
+        process.call_native(module, method, cline_list,
                             loc=self.loc, cb=self._cb, context=self.context,
                             pycommandpath=self.pycommandpath, **self.kwargs)
 
 def getcommandsforrule(rule, target, makefile, prerequisites, stem):
     v = Variables(parent=target.variables)
     setautomaticvariables(v, makefile, target, prerequisites)
     if stem is not None:
         setautomatic(v, '*', [stem])
--- a/build/pymake/pymake/functions.py
+++ b/build/pymake/pymake/functions.py
@@ -1,14 +1,14 @@
 """
 Makefile functions.
 """
 
 import parser, util
-import subprocess, os, logging
+import subprocess, os, logging, sys
 from globrelative import glob
 from cStringIO import StringIO
 
 log = logging.getLogger('pymake.data')
 
 def emit_expansions(descend, *expansions):
     """Helper function to emit all expansions within an input set."""
     for expansion in expansions:
@@ -761,26 +761,38 @@ class FlavorFunction(Function):
 class ShellFunction(Function):
     name = 'shell'
     minargs = 1
     maxargs = 1
 
     __slots__ = Function.__slots__
 
     def resolve(self, makefile, variables, fd, setting):
-        #TODO: call this once up-front somewhere and save the result?
-        shell, msys = util.checkmsyscompat()
+        from process import prepare_command
         cline = self._arguments[0].resolvestr(makefile, variables, setting)
+        executable, cline = prepare_command(cline, makefile.workdir, self.loc)
+
+        # subprocess.Popen doesn't use the PATH set in the env argument for
+        # finding the executable on some platforms (but strangely it does on
+        # others!), so set os.environ['PATH'] explicitly.
+        oldpath = os.environ['PATH']
+        if makefile.env is not None and 'PATH' in makefile.env:
+            os.environ['PATH'] = makefile.env['PATH']
 
-        log.debug("%s: running shell command '%s'" % (self.loc, cline))
-        cline = [shell, "-c", cline]
-        p = subprocess.Popen(cline, env=makefile.env, shell=False,
-                             stdout=subprocess.PIPE, cwd=makefile.workdir)
+        log.debug("%s: running command '%s'" % (self.loc, ' '.join(cline)))
+        try:
+            p = subprocess.Popen(cline, executable=executable, env=makefile.env, shell=False,
+                                 stdout=subprocess.PIPE, cwd=makefile.workdir)
+        except OSError, e:
+            print >>sys.stderr, "Error executing command %s" % cline[0], e
+            return
+        finally:
+            os.environ['PATH'] = oldpath
+
         stdout, stderr = p.communicate()
-
         stdout = stdout.replace('\r\n', '\n')
         if stdout.endswith('\n'):
             stdout = stdout[:-1]
         stdout = stdout.replace('\n', ' ')
 
         fd.write(stdout)
 
 class ErrorFunction(Function):
--- a/build/pymake/pymake/process.py
+++ b/build/pymake/pymake/process.py
@@ -10,118 +10,267 @@ import subprocess, shlex, re, logging, s
 subprocess._cleanup = lambda: None
 import command, util
 if sys.platform=='win32':
     import win32process
 
 _log = logging.getLogger('pymake.process')
 
 _escapednewlines = re.compile(r'\\\n')
-# Characters that most likely indicate a shell script and that native commands
-# should reject
-_blacklist = re.compile(r'[$><;\[~`|&]' +
-    r'|\${|(?:^|\s){(?:$|\s)')  # Blacklist ${foo} and { commands }
-# Characters that probably indicate a shell script, but that native commands
-# shouldn't just reject
-_graylist = re.compile(r'[()]')
-# Characters that indicate we need to glob
-_needsglob = re.compile(r'[\*\?]')
+
+def tokens2re(tokens):
+    # Create a pattern for non-escaped tokens, in the form:
+    #   (?<!\\)(?:a|b|c...)
+    # This is meant to match patterns a, b, or c, or ... if they are not
+    # preceded by a backslash.
+    # where a, b, c... are in the form
+    #   (?P<name>pattern)
+    # which matches the pattern and captures it in a named match group.
+    # The group names and patterns come are given as a dict in the function
+    # argument.
+    nonescaped = r'(?<!\\)(?:%s)' % '|'.join('(?P<%s>%s)' % (name, value) for name, value in tokens.iteritems())
+    # The final pattern matches either the above pattern, or an escaped
+    # backslash, captured in the "escape" match group.
+    return re.compile('(?:%s|%s)' % (nonescaped, r'(?P<escape>\\\\)'))
+
+_unquoted_tokens = tokens2re({
+  'whitespace': r'[\t\r\n ]',
+  'quote': r'[\'"]',
+  'comment': '#',
+  'special': r'[<>&|`~(){}$;]',
+  'backslashed': r'\\[^\\]',
+  'glob': r'[\*\?]',
+})
+
+_doubly_quoted_tokens = tokens2re({
+  'quote': '"',
+  'backslashedquote': r'\\"',
+  'special': '\$',
+  'backslashed': r'\\[^\\"]',
+})
+
+class MetaCharacterException(Exception):
+    def __init__(self, char):
+        self.char = char
+
+class ClineSplitter(list):
+    """
+    Parses a given command line string and creates a list of command
+    and arguments, with wildcard expansion.
+    """
+    def __init__(self, cline, cwd):
+        self.cwd = cwd
+        self.arg = ''
+        self.cline = cline
+        self.glob = False
+        self._parse_unquoted()
+
+    def _push(self, str):
+        """
+        Push the given string as part of the current argument
+        """
+        self.arg += str
+
+    def _next(self):
+        """
+        Finalize current argument, effectively adding it to the list.
+        Perform globbing if needed.
+        """
+        if not self.arg:
+            return
+        if self.glob:
+            if os.path.isabs(self.arg):
+                path = self.arg
+            else:
+                path = os.path.join(self.cwd, self.arg)
+            globbed = glob.glob(path)
+            if not globbed:
+                # If globbing doesn't find anything, the literal string is
+                # used.
+                self.append(self.arg)
+            else:
+                self.extend(f[len(path)-len(self.arg):] for f in globbed)
+            self.glob = False
+        else:
+            self.append(self.arg)
+        self.arg = ''
 
-def clinetoargv(cline, blacklist_gray):
+    def _parse_unquoted(self):
+        """
+        Parse command line remainder in the context of an unquoted string.
+        """
+        while self.cline:
+            # Find the next token
+            m = _unquoted_tokens.search(self.cline)
+            # If we find none, the remainder of the string can be pushed to
+            # the current argument and the argument finalized
+            if not m:
+                self._push(self.cline)
+                break
+            # The beginning of the string, up to the found token, is part of
+            # the current argument
+            self._push(self.cline[:m.start()])
+            self.cline = self.cline[m.end():]
+
+            match = dict([(name, value) for name, value in m.groupdict().items() if value])
+            if 'quote' in match:
+                # " or ' start a quoted string
+                if match['quote'] == '"':
+                    self._parse_doubly_quoted()
+                else:
+                    self._parse_quoted()
+            elif 'comment' in match:
+                # Comments are ignored. The current argument can be finalized,
+                # and parsing stopped.
+                break
+            elif 'special' in match:
+                # Unquoted, non-escaped special characters need to be sent to a
+                # shell.
+                raise MetaCharacterException, match['special']
+            elif 'whitespace' in match:
+                # Whitespaces terminate current argument.
+                self._next()
+            elif 'escape' in match:
+                # Escaped backslashes turn into a single backslash
+                self._push('\\')
+            elif 'backslashed' in match:
+                # Backslashed characters are unbackslashed
+                # e.g. echo \a -> a
+                self._push(match['backslashed'][1])
+            elif 'glob' in match:
+                # ? or * will need globbing
+                self.glob = True
+                self._push(m.group(0))
+            else:
+                raise Exception, "Shouldn't reach here"
+        self._next()
+
+    def _parse_quoted(self):
+        # Single quoted strings are preserved, except for the final quote
+        index = self.cline.find("'")
+        if index == -1:
+            raise Exception, 'Unterminated quoted string in command'
+        self._push(self.cline[:index])
+        self.cline = self.cline[index+1:]
+
+    def _parse_doubly_quoted(self):
+        if not self.cline:
+            raise Exception, 'Unterminated quoted string in command'
+        while self.cline:
+            m = _doubly_quoted_tokens.search(self.cline)
+            if not m:
+                raise Exception, 'Unterminated quoted string in command'
+            self._push(self.cline[:m.start()])
+            self.cline = self.cline[m.end():]
+            match = dict([(name, value) for name, value in m.groupdict().items() if value])
+            if 'quote' in match:
+                # a double quote ends the quoted string, so go back to
+                # unquoted parsing
+                return
+            elif 'special' in match:
+                # Unquoted, non-escaped special characters in a doubly quoted
+                # string still have a special meaning and need to be sent to a
+                # shell.
+                raise MetaCharacterException, match['special']
+            elif 'escape' in match:
+                # Escaped backslashes turn into a single backslash
+                self._push('\\')
+            elif 'backslashedquote' in match:
+                # Backslashed double quotes are un-backslashed
+                self._push('"')
+            elif 'backslashed' in match:
+                # Backslashed characters are kept backslashed
+                self._push(match['backslashed'])
+
+def clinetoargv(cline, cwd):
     """
     If this command line can safely skip the shell, return an argv array.
     @returns argv, badchar
     """
     str = _escapednewlines.sub('', cline)
-    m = _blacklist.search(str)
-    if m is not None:
-        return None, m.group(0)
-    if blacklist_gray:
-        m = _graylist.search(str)
-        if m is not None:
-            return None, m.group(0)
-
-    args = shlex.split(str, comments=True)
+    try:
+        args = ClineSplitter(str, cwd)
+    except MetaCharacterException, e:
+        return None, e.char
 
     if len(args) and args[0].find('=') != -1:
         return None, '='
 
     return args, None
 
-def doglobbing(args, cwd):
-    """
-    Perform any needed globbing on the argument list passed in
-    """
-    globbedargs = []
-    for arg in args:
-        if _needsglob.search(arg):
-            globbedargs.extend(glob.glob(os.path.join(cwd, arg)))
-        else:
-            globbedargs.append(arg)
-
-    return globbedargs
-
+# shellwords contains a set of shell builtin commands that need to be
+# executed within a shell. It also contains a set of commands that are known
+# to be giving problems when run directly instead of through the msys shell.
 shellwords = (':', '.', 'break', 'cd', 'continue', 'exec', 'exit', 'export',
               'getopts', 'hash', 'pwd', 'readonly', 'return', 'shift', 
               'test', 'times', 'trap', 'umask', 'unset', 'alias',
               'set', 'bind', 'builtin', 'caller', 'command', 'declare',
               'echo', 'enable', 'help', 'let', 'local', 'logout', 
               'printf', 'read', 'shopt', 'source', 'type', 'typeset',
-              'ulimit', 'unalias', 'set')
+              'ulimit', 'unalias', 'set', 'find')
 
-def call(cline, env, cwd, loc, cb, context, echo, justprint=False):
+def prepare_command(cline, cwd, loc):
+    """
+    Returns a list of command and arguments for the given command line string.
+    If the command needs to be run through a shell for some reason, the
+    returned list contains the shell invocation.
+    """
+
     #TODO: call this once up-front somewhere and save the result?
     shell, msys = util.checkmsyscompat()
 
     shellreason = None
+    executable = None
     if msys and cline.startswith('/'):
         shellreason = "command starts with /"
     else:
-        argv, badchar = clinetoargv(cline, blacklist_gray=True)
+        argv, badchar = clinetoargv(cline, cwd)
         if argv is None:
             shellreason = "command contains shell-special character '%s'" % (badchar,)
         elif len(argv) and argv[0] in shellwords:
             shellreason = "command starts with shell primitive '%s'" % (argv[0],)
-        else:
-            argv = doglobbing(argv, cwd)
+        elif argv and (os.sep in argv[0] or os.altsep and os.altsep in argv[0]):
+            executable = util.normaljoin(cwd, argv[0])
+            # Avoid "%1 is not a valid Win32 application" errors, assuming
+            # that if the executable path is to be resolved with PATH, it will
+            # be a Win32 executable.
+            if sys.platform == 'win32' and os.path.isfile(executable) and open(executable, 'rb').read(2) == "#!":
+                shellreason = "command executable starts with a hashbang"
 
     if shellreason is not None:
         _log.debug("%s: using shell: %s: '%s'", loc, shellreason, cline)
         if msys:
             if len(cline) > 3 and cline[1] == ':' and cline[2] == '/':
                 cline = '/' + cline[0] + cline[2:]
-        cline = [shell, "-c", cline]
-        context.call(cline, shell=False, env=env, cwd=cwd, cb=cb, echo=echo,
-                     justprint=justprint)
-        return
+        argv = [shell, "-c", cline]
+        executable = None
+
+    return executable, argv
+
+def call(cline, env, cwd, loc, cb, context, echo, justprint=False):
+    executable, argv = prepare_command(cline, cwd, loc)
 
     if not len(argv):
         cb(res=0)
         return
 
     if argv[0] == command.makepypath:
         command.main(argv[1:], env, cwd, cb)
         return
 
     if argv[0:2] == [sys.executable.replace('\\', '/'),
                      command.makepypath.replace('\\', '/')]:
         command.main(argv[2:], env, cwd, cb)
         return
 
-    if argv[0].find('/') != -1:
-        executable = util.normaljoin(cwd, argv[0])
-    else:
-        executable = None
-
     context.call(argv, executable=executable, shell=False, env=env, cwd=cwd, cb=cb,
                  echo=echo, justprint=justprint)
 
 def call_native(module, method, argv, env, cwd, loc, cb, context, echo, justprint=False,
                 pycommandpath=None):
-    argv = doglobbing(argv, cwd)
     context.call_native(module, method, argv, env=env, cwd=cwd, cb=cb,
                         echo=echo, justprint=justprint, pycommandpath=pycommandpath)
 
 def statustoresult(status):
     """
     Convert the status returned from waitpid into a prettier numeric result.
     """
     sig = status & 0xFF
--- a/build/valgrind/cross-architecture.sup
+++ b/build/valgrind/cross-architecture.sup
@@ -198,13 +198,18 @@
    Bug 794374
    Memcheck:Leak
    fun:malloc
    fun:moz_xmalloc
    fun:_ZN22nsComponentManagerImpl17ManifestComponentERNS_25ManifestProcessingContextEiPKPc
    ...
 }
 {
-   Bug 799157
-   Memcheck:Cond
-   fun:_ZN2js3ion5Range6updateEPKS1_
+   Bug 803386
+   Memcheck:Free
+   fun:_ZdlPv
+   fun:_ZN16SkMallocPixelRefD0Ev
+   fun:_ZNK8SkRefCnt16internal_disposeEv
+   fun:_ZN8SkBitmap10freePixelsEv
+   fun:_ZN8SkBitmapD1Ev
+   fun:_ZN7mozilla3gfx5ScaleEPhiiiS1_iiiNS0_13SurfaceFormatE
    ...
 }
--- a/config/rules.mk
+++ b/config/rules.mk
@@ -1111,18 +1111,18 @@ Makefile: Makefile.in
 	@$(PYTHON) $(DEPTH)/config.status -n --file=Makefile
 	@$(TOUCH) $@
 endif
 
 ifndef NO_SUBMAKEFILES_RULE
 ifdef SUBMAKEFILES
 # VPATH does not work on some machines in this case, so add $(srcdir)
 $(SUBMAKEFILES): % : $(srcdir)/%.in
-	$(PYTHON) $(DEPTH)$(addprefix /,$(subsrcdir))/config.status -n --file=$@
-	@$(TOUCH) $@
+	$(PYTHON) $(DEPTH)$(addprefix /,$(subsrcdir))/config.status -n --file="$@"
+	@$(TOUCH) "$@"
 endif
 endif
 
 ifdef AUTOUPDATE_CONFIGURE
 $(topsrcdir)/configure: $(topsrcdir)/configure.in
 	(cd $(topsrcdir) && $(AUTOCONF)) && $(PYTHON) $(DEPTH)/config.status -n --recheck
 endif
 
--- a/configure.in
+++ b/configure.in
@@ -180,16 +180,17 @@ if test -n "$gonkdir" ; then
     AS="$gonk_toolchain_prefix"as
     CC="$gonk_toolchain_prefix"gcc
     CXX="$gonk_toolchain_prefix"g++
     CPP="$gonk_toolchain_prefix"cpp
     LD="$gonk_toolchain_prefix"ld
     AR="$gonk_toolchain_prefix"ar
     RANLIB="$gonk_toolchain_prefix"ranlib
     STRIP="$gonk_toolchain_prefix"strip
+    OBJCOPY="$gonk_toolchain_prefix"objcopy
 
     STLPORT_CPPFLAGS="-I$gonkdir/ndk/sources/cxx-stl/stlport/stlport/ -I$gonkdir/external/stlport/stlport/"
     STLPORT_LIBS="-lstlport"
 
     case "$target_cpu" in
     arm)
         ARCH_DIR=arch-arm
         ;;
@@ -5839,17 +5840,17 @@ if test -n "$MOZ_ANGLE_RENDERER" -a -z "
   if test -z "$MOZ_DIRECTX_SDK_REG_KEY" ; then
     # Otherwise just take whatever comes first
     MOZ_DIRECTX_SDK_REG_KEY=`reg query 'HKLM\Software\Microsoft\DirectX' //s | grep 'Microsoft DirectX SDK' | head -n 1`
   fi
 
   if test -n "`echo $MOZ_DIRECTX_SDK_REG_KEY | grep 'February 2010'`" ; then
     AC_MSG_ERROR([Found the February 2010 DirectX SDK. Need the June 2010 DirectX SDK, or newer.  Upgrade your SDK or reconfigure with --disable-webgl.])
   else
-    MOZ_DIRECTX_SDK_PATH=`reg query "$MOZ_DIRECTX_SDK_REG_KEY" //v InstallPath | grep REG_SZ | sed 's/.*\([[a-zA-Z]]\)\\:\\\\/\\1\\:\\\\/'`
+    MOZ_DIRECTX_SDK_PATH=`reg query "$MOZ_DIRECTX_SDK_REG_KEY" //v InstallPath | grep REG_SZ | sed 's/.*\([[a-zA-Z]]\)\\:\\\\/\\1\\:\\\\/' | sed 's,\\\\,/,g'`
   fi
 
   if test -n "$MOZ_DIRECTX_SDK_PATH" &&
      test -f "$MOZ_DIRECTX_SDK_PATH"/include/d3dx9.h &&
 	 test -f "$MOZ_DIRECTX_SDK_PATH"/lib/$MOZ_DIRECTX_SDK_CPU_SUFFIX/dxguid.lib ; then
     AC_MSG_RESULT([Found DirectX SDK via registry, using $MOZ_DIRECTX_SDK_PATH])
   else
     AC_MSG_ERROR([Couldn't find the DirectX SDK, needed for WebGL. Either install it (June 2010 version or newer), or reconfigure with --disable-webgl.])
@@ -6081,16 +6082,22 @@ if test -z "$MOZ_ENABLE_GIO" -a `echo "$
     MOZ_EXTENSIONS=`echo $MOZ_EXTENSIONS | sed -e 's|gio||'`
 fi
 
 dnl Do not build gio with libxul based apps
 if test -n "$LIBXUL_SDK_DIR" -a `echo "$MOZ_EXTENSIONS" | grep -c gio` -ne 0; then
     MOZ_EXTENSIONS=`echo $MOZ_EXTENSIONS | sed -e 's|gio||'`
 fi
 
+if test `echo "$MOZ_EXTENSIONS" | grep -c gio` -ne 0; then
+    MOZ_GIO_COMPONENT=1
+    MOZ_EXTENSIONS=`echo $MOZ_EXTENSIONS | sed -e 's|gio||'`
+fi
+AC_SUBST(MOZ_GIO_COMPONENT)
+
 if test -z "$MOZ_JSDEBUGGER" -a `echo "$MOZ_EXTENSIONS" | grep -c venkman` -ne 0; then
     AC_MSG_WARN([Cannot build venkman without JavaScript debug library. Removing venkman from MOZ_EXTENSIONS.])
     MOZ_EXTENSIONS=`echo $MOZ_EXTENSIONS | sed -e 's|venkman||'`
 fi
 
 dnl xforms requires xtf
 if test -z "$MOZ_XTF" -a `echo "$MOZ_EXTENSIONS" | grep -c xforms` -ne 0; then
     AC_MSG_WARN([Cannot build XForms without XTF support.  Removing XForms from MOZ_EXTENSIONS.])
--- a/content/base/public/nsDOMFile.h
+++ b/content/base/public/nsDOMFile.h
@@ -49,54 +49,68 @@ public:
 
   NS_DECL_NSIDOMBLOB
   NS_DECL_NSIDOMFILE
   NS_DECL_NSIXHRSENDABLE
   NS_DECL_NSIMUTABLE
 
   void
   SetLazyData(const nsAString& aName, const nsAString& aContentType,
-              uint64_t aLength)
+              uint64_t aLength, uint64_t aLastModifiedDate)
   {
     NS_ASSERTION(aLength, "must have length");
 
     mName = aName;
     mContentType = aContentType;
     mLength = aLength;
-
+    mLastModificationDate = aLastModifiedDate;
     mIsFile = !aName.IsVoid();
   }
 
   bool IsSizeUnknown() const
   {
     return mLength == UINT64_MAX;
   }
 
+  bool IsDateUnknown() const
+  {
+    return mIsFile && mLastModificationDate == UINT64_MAX;
+  }
+
 protected:
   nsDOMFileBase(const nsAString& aName, const nsAString& aContentType,
+                uint64_t aLength, uint64_t aLastModifiedDate)
+    : mIsFile(true), mImmutable(false), mContentType(aContentType),
+      mName(aName), mStart(0), mLength(aLength), mLastModificationDate(aLastModifiedDate)
+  {
+    // Ensure non-null mContentType by default
+    mContentType.SetIsVoid(false);
+  }
+
+  nsDOMFileBase(const nsAString& aName, const nsAString& aContentType,
                 uint64_t aLength)
     : mIsFile(true), mImmutable(false), mContentType(aContentType),
-      mName(aName), mStart(0), mLength(aLength)
+      mName(aName), mStart(0), mLength(aLength), mLastModificationDate(UINT64_MAX)
   {
     // Ensure non-null mContentType by default
     mContentType.SetIsVoid(false);
   }
 
   nsDOMFileBase(const nsAString& aContentType, uint64_t aLength)
     : mIsFile(false), mImmutable(false), mContentType(aContentType),
-      mStart(0), mLength(aLength)
+      mStart(0), mLength(aLength), mLastModificationDate(UINT64_MAX)
   {
     // Ensure non-null mContentType by default
     mContentType.SetIsVoid(false);
   }
 
   nsDOMFileBase(const nsAString& aContentType, uint64_t aStart,
                 uint64_t aLength)
     : mIsFile(false), mImmutable(false), mContentType(aContentType),
-      mStart(aStart), mLength(aLength)
+      mStart(aStart), mLength(aLength), mLastModificationDate(UINT64_MAX)
   {
     NS_ASSERTION(aLength != UINT64_MAX,
                  "Must know length when creating slice");
     // Ensure non-null mContentType by default
     mContentType.SetIsVoid(false);
   }
 
   virtual ~nsDOMFileBase() {}
@@ -122,30 +136,38 @@ protected:
     NS_ASSERTION(IsStoredFile(), "Should only be called on stored files!");
     NS_ASSERTION(!mFileInfos.IsEmpty(), "Must have at least one file info!");
 
     return mFileInfos.ElementAt(0);
   }
 
   bool mIsFile;
   bool mImmutable;
+
   nsString mContentType;
   nsString mName;
 
   uint64_t mStart;
   uint64_t mLength;
 
+  uint64_t mLastModificationDate;
+
   // Protected by IndexedDatabaseManager::FileMutex()
   nsTArray<nsRefPtr<FileInfo> > mFileInfos;
 };
 
 class nsDOMFile : public nsDOMFileBase
 {
 public:
   nsDOMFile(const nsAString& aName, const nsAString& aContentType,
+            uint64_t aLength, uint64_t aLastModifiedDate)
+  : nsDOMFileBase(aName, aContentType, aLength, aLastModifiedDate)
+  { }
+
+  nsDOMFile(const nsAString& aName, const nsAString& aContentType,
             uint64_t aLength)
   : nsDOMFileBase(aName, aContentType, aLength)
   { }
 
   nsDOMFile(const nsAString& aContentType, uint64_t aLength)
   : nsDOMFileBase(aContentType, aLength)
   { }
 
@@ -178,29 +200,37 @@ public:
 };
 
 class nsDOMFileFile : public nsDOMFile,
                       public nsIJSNativeInitializer
 {
 public:
   // Create as a file
   nsDOMFileFile(nsIFile *aFile)
-    : nsDOMFile(EmptyString(), EmptyString(), UINT64_MAX),
+    : nsDOMFile(EmptyString(), EmptyString(), UINT64_MAX, UINT64_MAX),
       mFile(aFile), mWholeFile(true), mStoredFile(false)
   {
     NS_ASSERTION(mFile, "must have file");
     // Lazily get the content type and size
     mContentType.SetIsVoid(true);
     mFile->GetLeafName(mName);
   }
 
   // Create as a file
   nsDOMFileFile(const nsAString& aName, const nsAString& aContentType,
                 uint64_t aLength, nsIFile *aFile)
-    : nsDOMFile(aName, aContentType, aLength),
+    : nsDOMFile(aName, aContentType, aLength, UINT64_MAX),
+      mFile(aFile), mWholeFile(true), mStoredFile(false)
+  {
+    NS_ASSERTION(mFile, "must have file");
+  }
+
+  nsDOMFileFile(const nsAString& aName, const nsAString& aContentType,
+                uint64_t aLength, nsIFile *aFile, uint64_t aLastModificationDate)
+    : nsDOMFile(aName, aContentType, aLength, aLastModificationDate),
       mFile(aFile), mWholeFile(true), mStoredFile(false)
   {
     NS_ASSERTION(mFile, "must have file");
   }
 
   // Create as a blob
   nsDOMFileFile(nsIFile *aFile, const nsAString& aContentType,
                 nsISupports *aCacheToken)
@@ -208,29 +238,29 @@ public:
       mFile(aFile), mWholeFile(true), mStoredFile(false),
       mCacheToken(aCacheToken)
   {
     NS_ASSERTION(mFile, "must have file");
   }
 
   // Create as a file with custom name
   nsDOMFileFile(nsIFile *aFile, const nsAString& aName)
-    : nsDOMFile(aName, EmptyString(), UINT64_MAX),
+    : nsDOMFile(aName, EmptyString(), UINT64_MAX, UINT64_MAX),
       mFile(aFile), mWholeFile(true), mStoredFile(false)
   {
     NS_ASSERTION(mFile, "must have file");
     // Lazily get the content type and size
     mContentType.SetIsVoid(true);
   }
 
   // Create as a stored file
   nsDOMFileFile(const nsAString& aName, const nsAString& aContentType,
                 uint64_t aLength, nsIFile* aFile,
                 FileInfo* aFileInfo)
-    : nsDOMFile(aName, aContentType, aLength),
+    : nsDOMFile(aName, aContentType, aLength, UINT64_MAX),
       mFile(aFile), mWholeFile(true), mStoredFile(true)
   {
     NS_ASSERTION(mFile, "must have file");
     mFileInfos.AppendElement(aFileInfo);
   }
 
   // Create as a stored blob
   nsDOMFileFile(const nsAString& aContentType, uint64_t aLength,
@@ -239,17 +269,17 @@ public:
       mFile(aFile), mWholeFile(true), mStoredFile(true)
   {
     NS_ASSERTION(mFile, "must have file");
     mFileInfos.AppendElement(aFileInfo);
   }
 
   // Create as a file to be later initialized
   nsDOMFileFile()
-    : nsDOMFile(EmptyString(), EmptyString(), UINT64_MAX),
+    : nsDOMFile(EmptyString(), EmptyString(), UINT64_MAX, UINT64_MAX),
       mWholeFile(true), mStoredFile(false)
   {
     // Lazily get the content type and size
     mContentType.SetIsVoid(true);
     mName.SetIsVoid(true);
   }
 
   NS_DECL_ISUPPORTS_INHERITED
@@ -259,17 +289,18 @@ public:
                         JSContext* aCx,
                         JSObject* aObj,
                         uint32_t aArgc,
                         jsval* aArgv);
 
   // Overrides
   NS_IMETHOD GetSize(uint64_t* aSize);
   NS_IMETHOD GetType(nsAString& aType);
-  NS_IMETHOD GetLastModifiedDate(JSContext* cx, JS::Value *aLastModifiedDate);
+  NS_IMETHOD GetLastModifiedDate(JSContext* cx, JS::Value* aLastModifiedDate);
+  NS_IMETHOD GetMozLastModifiedDate(uint64_t* aLastModifiedDate);
   NS_IMETHOD GetMozFullPathInternal(nsAString& aFullPath);
   NS_IMETHOD GetInternalStream(nsIInputStream**);
 
   // DOMClassInfo constructor (for File("foo"))
   static nsresult
   NewFile(nsISupports* *aNewObject);
 
 protected:
@@ -323,17 +354,17 @@ protected:
 class nsDOMMemoryFile : public nsDOMFile
 {
 public:
   // Create as file
   nsDOMMemoryFile(void *aMemoryBuffer,
                   uint64_t aLength,
                   const nsAString& aName,
                   const nsAString& aContentType)
-    : nsDOMFile(aName, aContentType, aLength),
+    : nsDOMFile(aName, aContentType, aLength, UINT64_MAX),
       mDataOwner(new DataOwner(aMemoryBuffer))
   {
     NS_ASSERTION(mDataOwner && mDataOwner->mData, "must have data");
   }
 
   // Create as blob
   nsDOMMemoryFile(void *aMemoryBuffer,
                   uint64_t aLength,
--- a/content/base/public/nsIDOMFile.idl
+++ b/content/base/public/nsIDOMFile.idl
@@ -23,17 +23,17 @@ class FileManager;
 [ptr] native FileManager(mozilla::dom::indexedDB::FileManager);
 
 interface nsIDOMFileError;
 interface nsIInputStream;
 interface nsIURI;
 interface nsIPrincipal;
 interface nsIDOMBlob;
 
-[scriptable, builtinclass, uuid(16e3f8d1-7f31-48cc-93f5-9c931a977cf6)]
+[scriptable, builtinclass, uuid(52d22585-7737-460e-9731-c658df03304a)]
 interface nsIDOMBlob : nsISupports
 {
   readonly attribute unsigned long long size;
   readonly attribute DOMString type;
 
   [noscript] readonly attribute nsIInputStream internalStream;
   // The caller is responsible for releasing the internalUrl from the
   // blob: protocol handler
@@ -68,9 +68,11 @@ interface nsIDOMFile : nsIDOMBlob
 
   [implicit_jscontext]
   readonly attribute jsval lastModifiedDate;
 
   readonly attribute DOMString mozFullPath;
 
   // This performs no security checks!
   [noscript] readonly attribute DOMString mozFullPathInternal;
+
+  [noscript] readonly attribute uint64_t mozLastModifiedDate;
 };
--- a/content/base/src/FragmentOrElement.cpp
+++ b/content/base/src/FragmentOrElement.cpp
@@ -883,21 +883,25 @@ nsIContent::PreHandleEvent(nsEventChainP
       }
     }
   }
 
   nsIContent* parent = GetParent();
   // Event may need to be retargeted if this is the root of a native
   // anonymous content subtree or event is dispatched somewhere inside XBL.
   if (isAnonForEvents) {
+#ifdef DEBUG
     // If a DOM event is explicitly dispatched using node.dispatchEvent(), then
     // all the events are allowed even in the native anonymous content..
-    NS_ASSERTION(aVisitor.mEvent->eventStructType != NS_MUTATION_EVENT ||
+    nsCOMPtr<nsIContent> t = do_QueryInterface(aVisitor.mEvent->originalTarget);
+    NS_ASSERTION(!t || !t->ChromeOnlyAccess() ||
+                 aVisitor.mEvent->eventStructType != NS_MUTATION_EVENT ||
                  aVisitor.mDOMEvent,
                  "Mutation event dispatched in native anonymous content!?!");
+#endif
     aVisitor.mEventTargetAtParent = parent;
   } else if (parent && aVisitor.mOriginalTargetIsInAnon) {
     nsCOMPtr<nsIContent> content(do_QueryInterface(aVisitor.mEvent->target));
     if (content && content->GetBindingParent() == parent) {
       aVisitor.mEventTargetAtParent = parent;
     }
   }
 
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@@ -6353,17 +6353,17 @@ public:
                                     nsCycleCollectionParticipant* helper)
   {
   }
 
   NS_IMETHOD_(void) NoteNextEdgeName(const char* name)
   {
   }
 
-  NS_IMETHOD_(void) NoteWeakMapping(void* map, void* key, void* val)
+  NS_IMETHOD_(void) NoteWeakMapping(void* map, void* key, void* kdelegate, void* val)
   {
   }
 
   bool mFound;
 
 private:
   void* mWrapper;
 };
--- a/content/base/src/nsDOMFile.cpp
+++ b/content/base/src/nsDOMFile.cpp
@@ -169,16 +169,24 @@ nsDOMFileBase::GetSize(uint64_t *aSize)
 
 NS_IMETHODIMP
 nsDOMFileBase::GetType(nsAString &aType)
 {
   aType = mContentType;
   return NS_OK;
 }
 
+NS_IMETHODIMP
+nsDOMFileBase::GetMozLastModifiedDate(uint64_t* aLastModifiedDate)
+{
+  NS_ASSERTION(mIsFile, "Should only be called on files");
+  *aLastModifiedDate = mLastModificationDate;
+  return NS_OK;
+}
+
 // Makes sure that aStart and aEnd is less then or equal to aSize and greater
 // than 0
 static void
 ParseSize(int64_t aSize, int64_t& aStart, int64_t& aEnd)
 {
   CheckedInt64 newStartOffset = aStart;
   if (aStart < -aSize) {
     newStartOffset = 0;
@@ -493,20 +501,30 @@ nsDOMFileFile::NewFile(nsISupports* *aNe
 NS_IMETHODIMP
 nsDOMFileFile::GetMozFullPathInternal(nsAString &aFilename)
 {
   NS_ASSERTION(mIsFile, "Should only be called on files");
   return mFile->GetPath(aFilename);
 }
 
 NS_IMETHODIMP
-nsDOMFileFile::GetLastModifiedDate(JSContext* cx, JS::Value *aLastModifiedDate)
+nsDOMFileFile::GetLastModifiedDate(JSContext* cx, JS::Value* aLastModifiedDate)
 {
+  NS_ASSERTION(mIsFile, "Should only be called on files");
+
   PRTime msecs;
   mFile->GetLastModifiedTime(&msecs);
+  if (IsDateUnknown()) {
+    nsresult rv = mFile->GetLastModifiedTime(&msecs);
+    NS_ENSURE_SUCCESS(rv, rv);
+    mLastModificationDate = msecs;
+  } else {
+    msecs = mLastModificationDate;
+  }
+
   JSObject* date = JS_NewDateObjectMsec(cx, msecs);
   if (date) {
     aLastModifiedDate->setObject(*date);
   }
   else {
     date = JS_NewDateObjectMsec(cx, JS_Now() / PR_USEC_PER_MSEC);
     aLastModifiedDate->setObject(*date);
   }
@@ -557,16 +575,24 @@ nsDOMFileFile::GetType(nsAString &aType)
     mContentType.SetIsVoid(false);
   }
 
   aType = mContentType;
 
   return NS_OK;
 }
 
+NS_IMETHODIMP
+nsDOMFileFile::GetMozLastModifiedDate(uint64_t* aLastModifiedDate)
+{
+  NS_ASSERTION(mIsFile, "Should only be called on files");
+  *aLastModifiedDate = mLastModificationDate;
+  return NS_OK;
+}
+
 const uint32_t sFileStreamFlags =
   nsIFileInputStream::CLOSE_ON_EOF |
   nsIFileInputStream::REOPEN_ON_REWIND |
   nsIFileInputStream::DEFER_OPEN;
 
 NS_IMETHODIMP
 nsDOMFileFile::GetInternalStream(nsIInputStream **aStream)
 {
--- a/content/html/document/src/nsHTMLDocument.cpp
+++ b/content/html/document/src/nsHTMLDocument.cpp
@@ -308,45 +308,41 @@ nsHTMLDocument::CreateShell(nsPresContex
                             nsIViewManager* aViewManager,
                             nsStyleSet* aStyleSet,
                             nsIPresShell** aInstancePtrResult)
 {
   return doCreateShell(aContext, aViewManager, aStyleSet, mCompatMode,
                        aInstancePtrResult);
 }
 
-// The following Try*Charset will return false only if the charset source
-// should be considered (ie. aCharsetSource < thisCharsetSource) but we failed
-// to get the charset from this source.
-
-bool
+void
 nsHTMLDocument::TryHintCharset(nsIMarkupDocumentViewer* aMarkupDV,
                                int32_t& aCharsetSource, nsACString& aCharset)
 {
   if (aMarkupDV) {
     int32_t requestCharsetSource;
     nsresult rv = aMarkupDV->GetHintCharacterSetSource(&requestCharsetSource);
 
     if(NS_SUCCEEDED(rv) && kCharsetUninitialized != requestCharsetSource) {
       nsAutoCString requestCharset;
       rv = aMarkupDV->GetHintCharacterSet(requestCharset);
       aMarkupDV->SetHintCharacterSetSource((int32_t)(kCharsetUninitialized));
 
       if(requestCharsetSource <= aCharsetSource)
-        return true;
-
-      if(NS_SUCCEEDED(rv)) {
+        return;
+
+      if(NS_SUCCEEDED(rv) && IsAsciiCompatible(requestCharset)) {
         aCharsetSource = requestCharsetSource;
         aCharset = requestCharset;
 
-        return true;
+        return;
       }
     }
   }
-  return false;
+  return;
 }
 
 
 bool
 nsHTMLDocument::TryUserForcedCharset(nsIMarkupDocumentViewer* aMarkupDV,
                                      nsIDocShell*  aDocShell,
                                      int32_t& aCharsetSource,
                                      nsACString& aCharset)
@@ -356,16 +352,18 @@ nsHTMLDocument::TryUserForcedCharset(nsI
   if(kCharsetFromUserForced <= aCharsetSource)
     return true;
 
   nsAutoCString forceCharsetFromDocShell;
   if (aMarkupDV) {
     rv = aMarkupDV->GetForceCharacterSet(forceCharsetFromDocShell);
   }
 
+  // Not making the IsAsciiCompatible() check here to allow the user to
+  // force UTF-16 from the menu.
   if(NS_SUCCEEDED(rv) && !forceCharsetFromDocShell.IsEmpty()) {
     aCharset = forceCharsetFromDocShell;
     //TODO: we should define appropriate constant for force charset
     aCharsetSource = kCharsetFromUserForced;
   } else if (aDocShell) {
     nsCOMPtr<nsIAtom> csAtom;
     aDocShell->GetForcedCharset(getter_AddRefs(csAtom));
     if (csAtom) {
@@ -387,17 +385,22 @@ nsHTMLDocument::TryCacheCharset(nsICachi
   nsresult rv;
 
   if (kCharsetFromCache <= aCharsetSource) {
     return true;
   }
 
   nsCString cachedCharset;
   rv = aCachingChannel->GetCacheTokenCachedCharset(cachedCharset);
-  if (NS_SUCCEEDED(rv) && !cachedCharset.IsEmpty())
+  // Check IsAsciiCompatible() even in the cache case, because the value
+  // might be stale and in the case of a stale charset that is not a rough
+  // ASCII superset, the parser has no way to recover.
+  if (NS_SUCCEEDED(rv) &&
+      !cachedCharset.IsEmpty() &&
+      IsAsciiCompatible(cachedCharset))
   {
     aCharset = cachedCharset;
     aCharsetSource = kCharsetFromCache;
 
     return true;
   }
 
   return false;
@@ -412,93 +415,113 @@ CheckSameOrigin(nsINode* aNode1, nsINode
   bool equal;
   return
     NS_SUCCEEDED(aNode1->NodePrincipal()->
                    Equals(aNode2->NodePrincipal(), &equal)) &&
     equal;
 }
 
 bool
+nsHTMLDocument::IsAsciiCompatible(const nsACString& aPreferredName)
+{
+  return !(aPreferredName.LowerCaseEqualsLiteral("utf-16") ||
+           aPreferredName.LowerCaseEqualsLiteral("utf-16be") ||
+           aPreferredName.LowerCaseEqualsLiteral("utf-16le") ||
+           aPreferredName.LowerCaseEqualsLiteral("utf-7") ||
+           aPreferredName.LowerCaseEqualsLiteral("x-imap4-modified-utf7"));
+}
+
+void
 nsHTMLDocument::TryParentCharset(nsIDocShell*  aDocShell,
                                  nsIDocument* aParentDocument,
                                  int32_t& aCharsetSource,
                                  nsACString& aCharset)
 {
-  if (aDocShell) {
-    int32_t source;
-    nsCOMPtr<nsIAtom> csAtom;
-    int32_t parentSource;
-    aDocShell->GetParentCharsetSource(&parentSource);
-    if (kCharsetFromParentForced <= parentSource)
-      source = kCharsetFromParentForced;
-    else if (kCharsetFromHintPrevDoc == parentSource) {
-      // Make sure that's OK
-      if (!aParentDocument || !CheckSameOrigin(this, aParentDocument)) {
-        return false;
-      }
-      
-      // if parent is posted doc, set this prevent autodections
-      // I'm not sure this makes much sense... but whatever.
-      source = kCharsetFromHintPrevDoc;
+  if (!aDocShell) {
+    return;
+  }
+  int32_t source;
+  nsCOMPtr<nsIAtom> csAtom;
+  int32_t parentSource;
+  nsAutoCString parentCharset;
+  aDocShell->GetParentCharset(getter_AddRefs(csAtom));
+  if (!csAtom) {
+    return;
+  }
+  aDocShell->GetParentCharsetSource(&parentSource);
+  csAtom->ToUTF8String(parentCharset);
+  if (kCharsetFromParentForced <= parentSource) {
+    source = kCharsetFromParentForced;
+  } else if (kCharsetFromHintPrevDoc == parentSource) {
+    // Make sure that's OK
+    if (!aParentDocument ||
+        !CheckSameOrigin(this, aParentDocument) ||
+        !IsAsciiCompatible(parentCharset)) {
+      return;
     }
-    else if (kCharsetFromCache <= parentSource) {
-      // Make sure that's OK
-      if (!aParentDocument || !CheckSameOrigin(this, aParentDocument)) {
-        return false;
-      }
-
-      source = kCharsetFromParentFrame;
+
+    // if parent is posted doc, set this prevent autodetections
+    // I'm not sure this makes much sense... but whatever.
+    source = kCharsetFromHintPrevDoc;
+  } else if (kCharsetFromCache <= parentSource) {
+    // Make sure that's OK
+    if (!aParentDocument ||
+        !CheckSameOrigin(this, aParentDocument) ||
+        !IsAsciiCompatible(parentCharset)) {
+      return;
     }
-    else
-      return false;
-
-    if (source < aCharsetSource)
-      return true;
-
-    aDocShell->GetParentCharset(getter_AddRefs(csAtom));
-    if (csAtom) {
-      csAtom->ToUTF8String(aCharset);
-      aCharsetSource = source;
-      return true;
-    }
+
+    source = kCharsetFromParentFrame;
+  } else {
+    return;
   }
-  return false;
+
+  if (source < aCharsetSource) {
+    return;
+  }
+
+  aCharset.Assign(parentCharset);
+  aCharsetSource = source;
 }
 
-bool
+void
 nsHTMLDocument::UseWeakDocTypeDefault(int32_t& aCharsetSource,
                                       nsACString& aCharset)
 {
   if (kCharsetFromWeakDocTypeDefault <= aCharsetSource)
-    return true;
-  // fallback value in case docshell return error
-  aCharset.AssignLiteral("ISO-8859-1");
+    return;
 
   const nsAdoptingCString& defCharset =
     Preferences::GetLocalizedCString("intl.charset.default");
 
-  if (!defCharset.IsEmpty()) {
+  // Don't let the user break things by setting intl.charset.default to
+  // not a rough ASCII superset
+  if (!defCharset.IsEmpty() && IsAsciiCompatible(defCharset)) {
     aCharset = defCharset;
-    aCharsetSource = kCharsetFromWeakDocTypeDefault;
+  } else {
+    aCharset.AssignLiteral("ISO-8859-1");
   }
-  return true;
+  aCharsetSource = kCharsetFromWeakDocTypeDefault;
+  return;
 }
 
 bool
 nsHTMLDocument::TryDefaultCharset( nsIMarkupDocumentViewer* aMarkupDV,
                                    int32_t& aCharsetSource,
                                    nsACString& aCharset)
 {
   if(kCharsetFromUserDefault <= aCharsetSource)
     return true;
 
   nsAutoCString defaultCharsetFromDocShell;
   if (aMarkupDV) {
     nsresult rv =
       aMarkupDV->GetDefaultCharacterSet(defaultCharsetFromDocShell);
+    // Not making the IsAsciiCompatible() check here to allow the user to
+    // force UTF-16 from the menu.
     if(NS_SUCCEEDED(rv)) {
       aCharset = defaultCharsetFromDocShell;
 
       aCharsetSource = kCharsetFromUserDefault;
       return true;
     }
   }
   return false;
--- a/content/html/document/src/nsHTMLDocument.h
+++ b/content/html/document/src/nsHTMLDocument.h
@@ -213,31 +213,33 @@ protected:
   nsRefPtr<nsContentList> mForms;
   nsRefPtr<nsContentList> mFormControls;
 
   /** # of forms in the document, synchronously set */
   int32_t mNumForms;
 
   static uint32_t gWyciwygSessionCnt;
 
-  static bool TryHintCharset(nsIMarkupDocumentViewer* aMarkupDV,
+  static bool IsAsciiCompatible(const nsACString& aPreferredName);
+
+  static void TryHintCharset(nsIMarkupDocumentViewer* aMarkupDV,
                                int32_t& aCharsetSource,
                                nsACString& aCharset);
   static bool TryUserForcedCharset(nsIMarkupDocumentViewer* aMarkupDV,
                                      nsIDocShell*  aDocShell,
                                      int32_t& aCharsetSource,
                                      nsACString& aCharset);
   static bool TryCacheCharset(nsICachingChannel* aCachingChannel,
                                 int32_t& aCharsetSource,
                                 nsACString& aCharset);
   // aParentDocument could be null.
-  bool TryParentCharset(nsIDocShell*  aDocShell,
+  void TryParentCharset(nsIDocShell*  aDocShell,
                           nsIDocument* aParentDocument,
                           int32_t& charsetSource, nsACString& aCharset);
-  static bool UseWeakDocTypeDefault(int32_t& aCharsetSource,
+  static void UseWeakDocTypeDefault(int32_t& aCharsetSource,
                                       nsACString& aCharset);
   static bool TryDefaultCharset(nsIMarkupDocumentViewer* aMarkupDV,
                                   int32_t& aCharsetSource,
                                   nsACString& aCharset);
 
   // Override so we can munge the charset on our wyciwyg channel as needed.
   virtual void SetDocumentCharacterSet(const nsACString& aCharSetID);
 
--- a/content/media/webrtc/MediaEngineWebRTC.cpp
+++ b/content/media/webrtc/MediaEngineWebRTC.cpp
@@ -24,16 +24,18 @@ PRLogModuleInfo* GetUserMediaLog = PR_Ne
 
 namespace mozilla {
 
 void
 MediaEngineWebRTC::EnumerateVideoDevices(nsTArray<nsRefPtr<MediaEngineVideoSource> >* aVSources)
 {
   webrtc::ViEBase* ptrViEBase;
   webrtc::ViECapture* ptrViECapture;
+  // We spawn threads to handle gUM runnables, so we must protect the member vars
+  MutexAutoLock lock(mMutex);
 
   if (!mVideoEngine) {
     if (!(mVideoEngine = webrtc::VideoEngine::Create())) {
       return;
     }
   }
 
   ptrViEBase = webrtc::ViEBase::GetInterface(mVideoEngine);
@@ -118,16 +120,18 @@ MediaEngineWebRTC::EnumerateVideoDevices
   return;
 }
 
 void
 MediaEngineWebRTC::EnumerateAudioDevices(nsTArray<nsRefPtr<MediaEngineAudioSource> >* aASources)
 {
   webrtc::VoEBase* ptrVoEBase = NULL;
   webrtc::VoEHardware* ptrVoEHw = NULL;
+  // We spawn threads to handle gUM runnables, so we must protect the member vars
+  MutexAutoLock lock(mMutex);
 
   if (!mVoiceEngine) {
     mVoiceEngine = webrtc::VoiceEngine::Create();
     if (!mVoiceEngine) {
       return;
     }
   }
 
@@ -176,16 +180,19 @@ MediaEngineWebRTC::EnumerateAudioDevices
 
   ptrVoEHw->Release();
   ptrVoEBase->Release();
 }
 
 void
 MediaEngineWebRTC::Shutdown()
 {
+  // This is likely paranoia
+  MutexAutoLock lock(mMutex);
+
   if (mVideoEngine) {
     mVideoSources.Clear();
     webrtc::VideoEngine::Delete(mVideoEngine);
   }
 
   if (mVoiceEngine) {
     mAudioSources.Clear();
     webrtc::VoiceEngine::Delete(mVoiceEngine);
--- a/content/media/webrtc/MediaEngineWebRTC.h
+++ b/content/media/webrtc/MediaEngineWebRTC.h
@@ -6,16 +6,17 @@
 #define MEDIAENGINEWEBRTC_H_
 
 #include "prmem.h"
 #include "prcvar.h"
 #include "prthread.h"
 #include "nsIThread.h"
 #include "nsIRunnable.h"
 
+#include "mozilla/Mutex.h"
 #include "nsCOMPtr.h"
 #include "nsDOMFile.h"
 #include "nsThreadUtils.h"
 #include "nsDOMMediaStream.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsComponentManagerUtils.h"
 
 #include "VideoUtils.h"
@@ -213,33 +214,38 @@ private:
 
   SourceMediaStream* mSource;
 };
 
 class MediaEngineWebRTC : public MediaEngine
 {
 public:
   MediaEngineWebRTC()
-  : mVideoEngine(NULL)
+  : mMutex("mozilla::MediaEngineWebRTC")
+  , mVideoEngine(NULL)
   , mVoiceEngine(NULL)
   , mVideoEngineInit(false)
-  , mAudioEngineInit(false) {
+  , mAudioEngineInit(false)
+  {
     mVideoSources.Init();
     mAudioSources.Init();
   }
   ~MediaEngineWebRTC() { Shutdown(); }
 
   // Clients should ensure to clean-up sources video/audio sources
   // before invoking Shutdown on this class.
   void Shutdown();
 
   virtual void EnumerateVideoDevices(nsTArray<nsRefPtr<MediaEngineVideoSource> >*);
   virtual void EnumerateAudioDevices(nsTArray<nsRefPtr<MediaEngineAudioSource> >*);
 
 private:
+  Mutex mMutex;
+  // protected with mMutex:
+
   webrtc::VideoEngine* mVideoEngine;
   webrtc::VoiceEngine* mVoiceEngine;
 
   // Need this to avoid unneccesary WebRTC calls while enumerating.
   bool mVideoEngineInit;
   bool mAudioEngineInit;
 
   // Store devices we've already seen in a hashtable for quick return.
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -6420,21 +6420,24 @@ nsDocShell::OnRedirectStateChange(nsICha
         // here.  OnNewURI will do that, so we will cache it.
         SaveLastVisit(aNewChannel, oldURI, aRedirectFlags);
     }
 
     // check if the new load should go through the application cache.
     nsCOMPtr<nsIApplicationCacheChannel> appCacheChannel =
         do_QueryInterface(aNewChannel);
     if (appCacheChannel) {
-        // Permission will be checked in the parent process.
-        if (GeckoProcessType_Default != XRE_GetProcessType())
+        if (GeckoProcessType_Default != XRE_GetProcessType()) {
+            // Permission will be checked in the parent process.
             appCacheChannel->SetChooseApplicationCache(true);
-        else
-            appCacheChannel->SetChooseApplicationCache(ShouldCheckAppCache(newURI));
+        } else {
+            appCacheChannel->SetChooseApplicationCache(
+                                NS_ShouldCheckAppCache(newURI,
+                                                       mInPrivateBrowsing));
+        }
     }
 
     if (!(aRedirectFlags & nsIChannelEventSink::REDIRECT_INTERNAL) && 
         mLoadType & (LOAD_CMD_RELOAD | LOAD_CMD_HISTORY)) {
         mLoadType = LOAD_NORMAL_REPLACE;
         SetHistoryEntry(&mLSHE, nullptr);
     }
 }
@@ -9164,36 +9167,16 @@ nsDocShell::GetInheritedPrincipal(bool a
         }
 
         return docPrincipal;
     }
 
     return nullptr;
 }
 
-bool
-nsDocShell::ShouldCheckAppCache(nsIURI *aURI)
-{
-    if (mInPrivateBrowsing) {
-        return false;
-    }
-
-    nsCOMPtr<nsIOfflineCacheUpdateService> offlineService =
-        do_GetService(NS_OFFLINECACHEUPDATESERVICE_CONTRACTID);
-    if (!offlineService) {
-        return false;
-    }
-
-    bool allowed;
-    nsresult rv = offlineService->OfflineAppAllowedForURI(aURI,
-                                                          nullptr,
-                                                          &allowed);
-    return NS_SUCCEEDED(rv) && allowed;
-}
-
 nsresult
 nsDocShell::DoURILoad(nsIURI * aURI,
                       nsIURI * aReferrerURI,
                       bool aSendReferrer,
                       nsISupports * aOwner,
                       const char * aTypeHint,
                       nsIInputStream * aPostData,
                       nsIInputStream * aHeadersData,
@@ -9271,22 +9254,23 @@ nsDocShell::DoURILoad(nsIURI * aURI,
     nsCOMPtr<nsIApplicationCacheChannel> appCacheChannel =
         do_QueryInterface(channel);
     if (appCacheChannel) {
         // Any document load should not inherit application cache.
         appCacheChannel->SetInheritApplicationCache(false);
 
         // Loads with the correct permissions should check for a matching
         // application cache.
-        // Permission will be checked in the parent process
-        if (GeckoProcessType_Default != XRE_GetProcessType())
+        if (GeckoProcessType_Default != XRE_GetProcessType()) {
+            // Permission will be checked in the parent process
             appCacheChannel->SetChooseApplicationCache(true);
-        else
+        } else {
             appCacheChannel->SetChooseApplicationCache(
-                ShouldCheckAppCache(aURI));
+                NS_ShouldCheckAppCache(aURI, mInPrivateBrowsing));
+        }
     }
 
     // Make sure to give the caller a channel if we managed to create one
     // This is important for correct error page/session history interaction
     if (aRequest)
         NS_ADDREF(*aRequest = channel);
 
     channel->SetOriginalURI(aURI);
@@ -11373,36 +11357,24 @@ NS_IMETHODIMP nsDocShell::EnsureFind()
     // we promise that the nsIWebBrowserFind that we return has been set
     // up to point to the focused, or content window, so we have to
     // set that up each time.
 
     nsIScriptGlobalObject* scriptGO = GetScriptGlobalObject();
     NS_ENSURE_TRUE(scriptGO, NS_ERROR_UNEXPECTED);
 
     // default to our window
-    nsCOMPtr<nsIDOMWindow> windowToSearch(do_QueryInterface(mScriptGlobal));
-
-    nsCOMPtr<nsIDocShellTreeItem> root;
-    GetRootTreeItem(getter_AddRefs(root));
-
-    // if the active window is the same window that this docshell is in,
-    // use the currently focused frame
-    nsCOMPtr<nsIDOMWindow> rootWindow = do_GetInterface(root);
-    nsCOMPtr<nsIFocusManager> fm = do_GetService(FOCUSMANAGER_CONTRACTID);
-    if (fm) {
-      nsCOMPtr<nsIDOMWindow> activeWindow;
-      fm->GetActiveWindow(getter_AddRefs(activeWindow));
-      if (activeWindow == rootWindow)
-        fm->GetFocusedWindow(getter_AddRefs(windowToSearch));
-    }
+    nsCOMPtr<nsPIDOMWindow> ourWindow = do_QueryInterface(scriptGO);
+    nsCOMPtr<nsPIDOMWindow> windowToSearch;
+    nsFocusManager::GetFocusedDescendant(ourWindow, true, getter_AddRefs(windowToSearch));
 
     nsCOMPtr<nsIWebBrowserFindInFrames> findInFrames = do_QueryInterface(mFind);
     if (!findInFrames) return NS_ERROR_NO_INTERFACE;
     
-    rv = findInFrames->SetRootSearchFrame(rootWindow);
+    rv = findInFrames->SetRootSearchFrame(ourWindow);
     if (NS_FAILED(rv)) return rv;
     rv = findInFrames->SetCurrentSearchFrame(windowToSearch);
     if (NS_FAILED(rv)) return rv;
     
     return NS_OK;
 }
 
 bool
--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@@ -277,20 +277,16 @@ protected:
     // Get the principal that we'll set on the channel if we're inheriting.  If
     // aConsiderCurrentDocument is true, we try to use the current document if
     // at all possible.  If that fails, we fall back on the parent document.
     // If that fails too, we force creation of a content viewer and use the
     // resulting principal.  If aConsiderCurrentDocument is false, we just look
     // at the parent.
     nsIPrincipal* GetInheritedPrincipal(bool aConsiderCurrentDocument);
 
-    // True if when loading aURI into this docshell, the channel should look
-    // for an appropriate application cache.
-    bool ShouldCheckAppCache(nsIURI * aURI);
-
     // Actually open a channel and perform a URI load.  Note: whatever owner is
     // passed to this function will be set on the channel.  Callers who wish to
     // not have an owner on the channel should just pass null.
     virtual nsresult DoURILoad(nsIURI * aURI,
                                nsIURI * aReferrer,
                                bool aSendReferrer,
                                nsISupports * aOwner,
                                const char * aTypeHint,
--- a/dom/apps/src/Webapps.jsm
+++ b/dom/apps/src/Webapps.jsm
@@ -746,16 +746,18 @@ let DOMApplicationRegistry = {
       if (aOfflineCacheObserver) {
         cacheUpdate.addObserver(aOfflineCacheObserver, false);
       }
     }
   },
 
   checkForUpdate: function(aData, aMm) {
     let app = this.getAppByManifestURL(aData.manifestURL);
+    let installOrigin = app.installOrigin;
+
     if (!app) {
       aData.error = "NO_SUCH_APP";
       aMm.sendAsyncMessage("Webapps:CheckForUpdate:Return:KO", aData);
       return;
     }
 
     function sendError(aError) {
       aData.error = aError;
@@ -845,17 +847,17 @@ let DOMApplicationRegistry = {
     if (aData.etag) {
       xhr.setRequestHeader("If-None-Match", aData.etag);
     }
 
     xhr.addEventListener("load", (function() {
       if (xhr.status == 200) {
         let manifest;
         try {
-          JSON.parse(xhr.responseText, installOrigin);
+          manifest = JSON.parse(xhr.responseText);
         } catch(e) {
           sendError("MANIFEST_PARSE_ERROR");
           return;
         }
         if (!AppsUtils.checkManifest(manifest, installOrigin)) {
           sendError("INVALID_MANIFEST");
         } else {
           app.etag = xhr.getResponseHeader("Etag");
--- a/dom/base/StructuredCloneTags.h
+++ b/dom/base/StructuredCloneTags.h
@@ -5,24 +5,31 @@
 #ifndef StructuredCloneTags_h__
 #define StructuredCloneTags_h__
 
 #include "jsapi.h"
 
 namespace mozilla {
 namespace dom {
 
+// CHANGING THE ORDER/PLACEMENT OF EXISTING ENUM VALUES MAY BREAK INDEXEDDB.
+// PROCEED WITH EXTREME CAUTION.
 enum StructuredCloneTags {
   SCTAG_BASE = JS_SCTAG_USER_MIN,
 
   // These tags are used only for main thread structured clone.
   SCTAG_DOM_BLOB,
-  SCTAG_DOM_FILE,
+
+  // This tag is obsolete and exists only for backwards compatibility with
+  // existing IndexedDB databases.
+  SCTAG_DOM_FILE_WITHOUT_LASTMODIFIEDDATE,
+
   SCTAG_DOM_FILELIST,
   SCTAG_DOM_FILEHANDLE,
+  SCTAG_DOM_FILE,
 
   // These tags are used for both main thread and workers.
   SCTAG_DOM_IMAGEDATA,
 
   SCTAG_DOM_MAX
 };
 
 } // namespace dom
--- a/dom/bindings/Bindings.conf
+++ b/dom/bindings/Bindings.conf
@@ -494,16 +494,17 @@ DOMInterfaces = {
     'implicitJSContext': [ 'constructor' ]
 }],
 
 ####################################
 # Test Interfaces of various sorts #
 ####################################
 
 'TestInterface' : {
+        # Keep this in sync with TestExampleInterface
         'headerFile': 'TestBindingHeader.h',
         'register': False,
         'resultNotAddRefed': [ 'receiveWeakSelf', 'receiveWeakNullableSelf',
                                'receiveWeakOther', 'receiveWeakNullableOther',
                                'receiveWeakExternal', 'receiveWeakNullableExternal',
                                'ReceiveWeakCallbackInterface',
                                'ReceiveWeakNullableCallbackInterface',
                                'receiveWeakCastableObjectSequence',
@@ -582,16 +583,34 @@ DOMInterfaces = {
         'register': False
         },
 
 'TestIndexedAndNamedGetterAndSetterInterface' : {
         'headerFile': 'TestBindingHeader.h',
         'register': False,
         'binaryNames': { '__stringifier': 'Stringify' }
         },
+
+'TestExampleInterface' : {
+        # Keep this in sync with TestInterface
+        'headerFile': 'TestExampleInterface-example.h',
+        'register': False,
+        'resultNotAddRefed': [ 'receiveWeakSelf', 'receiveWeakNullableSelf',
+                               'receiveWeakOther', 'receiveWeakNullableOther',
+                               'receiveWeakExternal', 'receiveWeakNullableExternal',
+                               'ReceiveWeakCallbackInterface',
+                               'ReceiveWeakNullableCallbackInterface',
+                               'receiveWeakCastableObjectSequence',
+                               'receiveWeakNullableCastableObjectSequence',
+                               'receiveWeakCastableObjectNullableSequence',
+                               'receiveWeakNullableCastableObjectNullableSequence' ],
+        'binaryNames': { 'methodRenamedFrom': 'methodRenamedTo',
+                         'attributeGetterRenamedFrom': 'attributeGetterRenamedTo',
+                         'attributeRenamedFrom': 'attributeRenamedTo' }
+        }
 }
 
 # These are temporary, until they've been converted to use new DOM bindings
 def addExternalIface(iface, nativeType=None, headerFile=None):
     if iface in DOMInterfaces:
         raise Exception('Interface declared both as WebIDL and External interface')
     domInterface = {
         'concrete': False
--- a/dom/bindings/Codegen.py
+++ b/dom/bindings/Codegen.py
@@ -5959,31 +5959,40 @@ class CGExampleMember(CGThing):
                     typeDecl = "%s&"
             return (typeDecl % iface.identifier.name), False, False
 
         if type.isSpiderMonkeyInterface():
             assert not isMember
             if type.nullable():
                 typeDecl = "%s*"
             else:
-                typeDecl = "%s&"
+                typeDecl = "%s"
+                if not optional:
+                    typeDecl += "&"
             return (typeDecl % type.name), False, False
 
         if type.isString():
             if isMember:
                 declType = "nsString"
             else:
                 declType = "nsAString"
             return declType, True, False
 
         if type.isEnum():
             return type.inner.identifier.name, False, True
 
         if type.isCallback():
-            return "JSObject*", False, False
+            if type.nullable():
+                declType = "JSObject*"
+            else:
+                if optional:
+                    declType = "NonNull<JSObject>"
+                else:
+                    declType = "JSObject&"
+            return declType, False, False
 
         if type.isAny():
             return "JS::Value", False, False
 
         if type.isObject():
             if type.nullable():
                 declType = "%s*"
             else:
@@ -6092,21 +6101,18 @@ class CGExampleClass(CGThing):
                     "{\n"
                     "public:\n"
                     "  ${ifaceName}();\n"
                     "  ~${ifaceName}();\n"
                     "\n"
                     "  NS_DECL_CYCLE_COLLECTING_ISUPPORTS\n"
                     "  NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS(${ifaceName})\n"
                     "\n"
-                    "  void* GetParentObject() const\n"
-                    "  {\n"
-                    "    // TODO: return something sensible here, and change the return type\n"
-                    "    return somethingSensible;\n"
-                    "  }\n"
+                    "  // TODO: return something sensible here, and change the return type\n"
+                    "  ${ifaceName}* GetParentObject() const;\n"
                     "\n" +
                     wrapFunc +
                     "\n").substitute({ "ifaceName": descriptor.name })),
             reindent=True)
 
         self.decl = CGWrapper(self.decl,
                               pre=("\n" + classDecl.define()),
                               post="\n};\n\n")
--- a/dom/bindings/test/Makefile.in
+++ b/dom/bindings/test/Makefile.in
@@ -70,19 +70,23 @@ MOCHITEST_CHROME_FILES = \
   $(NULL)
 
 # Include rules.mk before any of our targets so our first target is coming from
 # rules.mk and running make with no target in this dir does the right thing.
 include $(topsrcdir)/config/rules.mk
 
 $(CPPSRCS): ../%Binding.cpp: $(bindinggen_dependencies) \
                              ../%.webidl \
+                             TestExampleInterface-example \
                              $(NULL)
 	$(MAKE) -C .. $*Binding.h
 	$(MAKE) -C .. $*Binding.cpp
 
+TestExampleInterface-example:
+	$(MAKE) -C .. TestExampleInterface-example
+
 check::
 	PYTHONDONTWRITEBYTECODE=1 $(PYTHON) $(topsrcdir)/config/pythonpath.py \
 	  $(PLY_INCLUDE) $(srcdir)/../parser/runtests.py
 
 check-interactive:
 	PYTHONDONTWRITEBYTECODE=1 $(PYTHON) $(topsrcdir)/config/pythonpath.py \
 	  $(PLY_INCLUDE) $(srcdir)/../parser/runtests.py -q
--- a/dom/bindings/test/TestCodeGen.webidl
+++ b/dom/bindings/test/TestCodeGen.webidl
@@ -29,17 +29,17 @@ callback TestCallback = void();
 TestInterface implements ImplementedInterface;
 
 // This interface is only for use in the constructor below
 interface OnlyForUseInConstructor {
 };
 
 [Constructor,
  Constructor(DOMString str),
- Constructor(unsigned long num, boolean? bool),
+ Constructor(unsigned long num, boolean? boolArg),
  Constructor(TestInterface? iface),
  Constructor(TestNonCastableInterface iface)
  // , Constructor(long arg1, long arg2, (TestInterface or OnlyForUseInConstructor) arg3)
  ]
 interface TestInterface {
   // Integer types
   // XXXbz add tests for throwing versions of all the integer stuff
   readonly attribute byte readonlyByte;
@@ -327,16 +327,18 @@ interface TestInterface {
   // Typedefs
   const myLong myLongConstant = 5;
   void exerciseTypedefInterfaces1(AnotherNameForTestInterface arg);
   AnotherNameForTestInterface exerciseTypedefInterfaces2(NullableTestInterface arg);
   void exerciseTypedefInterfaces3(YetAnotherNameForTestInterface arg);
 
   // Miscellania
   [LenientThis] attribute long attrWithLenientThis;
+
+  // If you add things here, add them to TestExampleGen as well
 };
 
 interface TestNonWrapperCacheInterface {
 };
 
 interface ImplementedInterfaceParent {
   void implementedParentMethod();
   attribute boolean implementedParentProperty;
new file mode 100644
--- /dev/null
+++ b/dom/bindings/test/TestExampleGen.webidl
@@ -0,0 +1,308 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+[Constructor,
+ Constructor(DOMString str),
+ Constructor(unsigned long num, boolean? boolArg),
+ Constructor(TestInterface? iface),
+ Constructor(TestNonCastableInterface iface)
+ // , Constructor(long arg1, long arg2, (TestInterface or OnlyForUseInConstructor) arg3)
+ ]
+interface TestExampleInterface {
+  // Integer types
+  // XXXbz add tests for throwing versions of all the integer stuff
+  readonly attribute byte readonlyByte;
+  attribute byte writableByte;
+  void passByte(byte arg);
+  byte receiveByte();
+  void passOptionalByte(optional byte arg);
+  void passOptionalByteWithDefault(optional byte arg = 0);
+  void passNullableByte(byte? arg);
+  void passOptionalNullableByte(optional byte? arg);
+
+  readonly attribute short readonlyShort;
+  attribute short writableShort;
+  void passShort(short arg);
+  short receiveShort();
+  void passOptionalShort(optional short arg);
+  void passOptionalShortWithDefault(optional short arg = 5);
+
+  readonly attribute long readonlyLong;
+  attribute long writableLong;
+  void passLong(long arg);
+  long receiveLong();
+  void passOptionalLong(optional long arg);
+  void passOptionalLongWithDefault(optional long arg = 7);
+
+  readonly attribute long long readonlyLongLong;
+  attribute long long writableLongLong;
+  void passLongLong(long long arg);
+  long long receiveLongLong();
+  void passOptionalLongLong(optional long long arg);
+  void passOptionalLongLongWithDefault(optional long long arg = -12);
+
+  readonly attribute octet readonlyOctet;
+  attribute octet writableOctet;
+  void passOctet(octet arg);
+  octet receiveOctet();
+  void passOptionalOctet(optional octet arg);
+  void passOptionalOctetWithDefault(optional octet arg = 19);
+
+  readonly attribute unsigned short readonlyUnsignedShort;
+  attribute unsigned short writableUnsignedShort;
+  void passUnsignedShort(unsigned short arg);
+  unsigned short receiveUnsignedShort();
+  void passOptionalUnsignedShort(optional unsigned short arg);
+  void passOptionalUnsignedShortWithDefault(optional unsigned short arg = 2);
+
+  readonly attribute unsigned long readonlyUnsignedLong;
+  attribute unsigned long writableUnsignedLong;
+  void passUnsignedLong(unsigned long arg);
+  unsigned long receiveUnsignedLong();
+  void passOptionalUnsignedLong(optional unsigned long arg);
+  void passOptionalUnsignedLongWithDefault(optional unsigned long arg = 6);
+
+  readonly attribute unsigned long long readonlyUnsignedLongLong;
+  attribute unsigned long long  writableUnsignedLongLong;
+  void passUnsignedLongLong(unsigned long long arg);
+  unsigned long long receiveUnsignedLongLong();
+  void passOptionalUnsignedLongLong(optional unsigned long long arg);
+  void passOptionalUnsignedLongLongWithDefault(optional unsigned long long arg = 17);
+
+  // Castable interface types
+  // XXXbz add tests for throwing versions of all the castable interface stuff
+  TestInterface receiveSelf();
+  TestInterface? receiveNullableSelf();
+  TestInterface receiveWeakSelf();
+  TestInterface? receiveWeakNullableSelf();
+  // A verstion to test for casting to TestInterface&
+  void passSelf(TestInterface arg);
+  // A version we can use to test for the exact type passed in
+  void passSelf2(TestInterface arg);
+  void passNullableSelf(TestInterface? arg);
+  attribute TestInterface nonNullSelf;
+  attribute TestInterface? nullableSelf;
+  // Optional arguments
+  void passOptionalSelf(optional TestInterface? arg);
+  void passOptionalNonNullSelf(optional TestInterface arg);
+  void passOptionalSelfWithDefault(optional TestInterface? arg = null);
+
+  // Non-wrapper-cache interface types
+  [Creator]
+  TestNonWrapperCacheInterface receiveNonWrapperCacheInterface();
+  [Creator]
+  TestNonWrapperCacheInterface? receiveNullableNonWrapperCacheInterface();
+  [Creator]
+  sequence<TestNonWrapperCacheInterface> receiveNonWrapperCacheInterfaceSequence();
+  [Creator]
+  sequence<TestNonWrapperCacheInterface?> receiveNullableNonWrapperCacheInterfaceSequence();
+  [Creator]
+  sequence<TestNonWrapperCacheInterface>? receiveNonWrapperCacheInterfaceNullableSequence();
+  [Creator]
+  sequence<TestNonWrapperCacheInterface?>? receiveNullableNonWrapperCacheInterfaceNullableSequence();
+
+  // Non-castable interface types
+  TestNonCastableInterface receiveOther();
+  TestNonCastableInterface? receiveNullableOther();
+  TestNonCastableInterface receiveWeakOther();
+  TestNonCastableInterface? receiveWeakNullableOther();
+  // A verstion to test for casting to TestNonCastableInterface&
+  void passOther(TestNonCastableInterface arg);
+  // A version we can use to test for the exact type passed in
+  void passOther2(TestNonCastableInterface arg);
+  void passNullableOther(TestNonCastableInterface? arg);
+  attribute TestNonCastableInterface nonNullOther;
+  attribute TestNonCastableInterface? nullableOther;
+  // Optional arguments
+  void passOptionalOther(optional TestNonCastableInterface? arg);
+  void passOptionalNonNullOther(optional TestNonCastableInterface arg);
+  void passOptionalOtherWithDefault(optional TestNonCastableInterface? arg = null);
+
+  // External interface types
+  TestExternalInterface receiveExternal();
+  TestExternalInterface? receiveNullableExternal();
+  TestExternalInterface receiveWeakExternal();
+  TestExternalInterface? receiveWeakNullableExternal();
+  // A verstion to test for casting to TestExternalInterface&
+  void passExternal(TestExternalInterface arg);
+  // A version we can use to test for the exact type passed in
+  void passExternal2(TestExternalInterface arg);
+  void passNullableExternal(TestExternalInterface? arg);
+  attribute TestExternalInterface nonNullExternal;
+  attribute TestExternalInterface? nullableExternal;
+  // Optional arguments
+  void passOptionalExternal(optional TestExternalInterface? arg);
+  void passOptionalNonNullExternal(optional TestExternalInterface arg);
+  void passOptionalExternalWithDefault(optional TestExternalInterface? arg = null);
+
+  // Callback interface types
+  TestCallbackInterface receiveCallbackInterface();
+  TestCallbackInterface? receiveNullableCallbackInterface();
+  TestCallbackInterface receiveWeakCallbackInterface();
+  TestCallbackInterface? receiveWeakNullableCallbackInterface();
+  // A verstion to test for casting to TestCallbackInterface&
+  void passCallbackInterface(TestCallbackInterface arg);
+  // A version we can use to test for the exact type passed in
+  void passCallbackInterface2(TestCallbackInterface arg);
+  void passNullableCallbackInterface(TestCallbackInterface? arg);
+  attribute TestCallbackInterface nonNullCallbackInterface;
+  attribute TestCallbackInterface? nullableCallbackInterface;
+  // Optional arguments
+  void passOptionalCallbackInterface(optional TestCallbackInterface? arg);
+  void passOptionalNonNullCallbackInterface(optional TestCallbackInterface arg);
+  void passOptionalCallbackInterfaceWithDefault(optional TestCallbackInterface? arg = null);
+
+  // Miscellaneous interface tests
+  IndirectlyImplementedInterface receiveConsequentialInterface();
+  void passConsequentialInterface(IndirectlyImplementedInterface arg);
+
+  // Sequence types
+  sequence<long> receiveSequence();
+  sequence<long>? receiveNullableSequence();
+  sequence<long?> receiveSequenceOfNullableInts();
+  sequence<long?>? receiveNullableSequenceOfNullableInts();
+  void passSequence(sequence<long> arg);
+  void passNullableSequence(sequence<long>? arg);
+  void passSequenceOfNullableInts(sequence<long?> arg);
+  void passOptionalSequenceOfNullableInts(optional sequence<long?> arg);
+  void passOptionalNullableSequenceOfNullableInts(optional sequence<long?>? arg);
+  sequence<TestInterface> receiveCastableObjectSequence();
+  sequence<TestCallbackInterface> receiveCallbackObjectSequence();
+  sequence<TestInterface?> receiveNullableCastableObjectSequence();
+  sequence<TestCallbackInterface?> receiveNullableCallbackObjectSequence();
+  sequence<TestInterface>? receiveCastableObjectNullableSequence();
+  sequence<TestInterface?>? receiveNullableCastableObjectNullableSequence();
+  sequence<TestInterface> receiveWeakCastableObjectSequence();
+  sequence<TestInterface?> receiveWeakNullableCastableObjectSequence();
+  sequence<TestInterface>? receiveWeakCastableObjectNullableSequence();
+  sequence<TestInterface?>? receiveWeakNullableCastableObjectNullableSequence();
+  void passCastableObjectSequence(sequence<TestInterface> arg);
+  void passNullableCastableObjectSequence(sequence<TestInterface?> arg);
+  void passCastableObjectNullableSequence(sequence<TestInterface>? arg);
+  void passNullableCastableObjectNullableSequence(sequence<TestInterface?>? arg);
+  void passOptionalSequence(optional sequence<long> arg);
+  void passOptionalNullableSequence(optional sequence<long>? arg);
+  void passOptionalNullableSequenceWithDefaultValue(optional sequence<long>? arg = null);
+  void passOptionalObjectSequence(optional sequence<TestInterface> arg);
+
+  sequence<DOMString> receiveStringSequence();
+  void passStringSequence(sequence<DOMString> arg);
+
+  sequence<any> receiveAnySequence();
+  sequence<any>? receiveNullableAnySequence();
+
+  // Typed array types
+  void passArrayBuffer(ArrayBuffer arg);
+  void passNullableArrayBuffer(ArrayBuffer? arg);
+  void passOptionalArrayBuffer(optional ArrayBuffer arg);
+  void passOptionalNullableArrayBuffer(optional ArrayBuffer? arg);
+  void passOptionalNullableArrayBufferWithDefaultValue(optional ArrayBuffer? arg= null);
+  void passArrayBufferView(ArrayBufferView arg);
+  void passInt8Array(Int8Array arg);
+  void passInt16Array(Int16Array arg);
+  void passInt32Array(Int32Array arg);
+  void passUint8Array(Uint8Array arg);
+  void passUint16Array(Uint16Array arg);
+  void passUint32Array(Uint32Array arg);
+  void passUint8ClampedArray(Uint8ClampedArray arg);
+  void passFloat32Array(Float32Array arg);
+  void passFloat64Array(Float64Array arg);
+  Uint8Array receiveUint8Array();
+
+  // String types
+  void passString(DOMString arg);
+  void passNullableString(DOMString? arg);
+  void passOptionalString(optional DOMString arg);
+  void passOptionalStringWithDefaultValue(optional DOMString arg = "abc");
+  void passOptionalNullableString(optional DOMString? arg);
+  void passOptionalNullableStringWithDefaultValue(optional DOMString? arg = null);
+
+  // Enumerated types
+  void passEnum(TestEnum arg);
+  // No support for nullable enums yet
+  // void passNullableEnum(TestEnum? arg);
+  void passOptionalEnum(optional TestEnum arg);
+  void passEnumWithDefault(optional TestEnum arg = "a");
+  // void passOptionalNullableEnum(optional TestEnum? arg);
+  // void passOptionalNullableEnumWithDefaultValue(optional TestEnum? arg = null);
+  TestEnum receiveEnum();
+  attribute TestEnum enumAttribute;
+  readonly attribute TestEnum readonlyEnumAttribute;
+
+  // Callback types
+  void passCallback(TestCallback arg);
+  void passNullableCallback(TestCallback? arg);
+  void passOptionalCallback(optional TestCallback arg);
+  void passOptionalNullableCallback(optional TestCallback? arg);
+  void passOptionalNullableCallbackWithDefaultValue(optional TestCallback? arg = null);
+  TestCallback receiveCallback();
+  TestCallback? receiveNullableCallback();
+  void passNullableTreatAsNullCallback(TestTreatAsNullCallback? arg);
+  void passOptionalNullableTreatAsNullCallback(optional TestTreatAsNullCallback? arg);
+  void passOptionalNullableTreatAsNullCallbackWithDefaultValue(optional TestTreatAsNullCallback? arg = null);
+
+  // Any types
+  void passAny(any arg);
+  void passOptionalAny(optional any arg);
+  void passAnyDefaultNull(optional any arg = null);
+  any receiveAny();
+
+  // object types
+  void passObject(object arg);
+  void passNullableObject(object? arg);
+  void passOptionalObject(optional object arg);
+  void passOptionalNullableObject(optional object? arg);
+  void passOptionalNullableObjectWithDefaultValue(optional object? arg = null);
+  object receiveObject();
+  object? receiveNullableObject();
+
+  // Union types
+  void passUnion((object or long) arg);
+  void passUnionWithNullable((object? or long) arg);
+  void passNullableUnion((object or long)? arg);
+  void passOptionalUnion(optional (object or long) arg);
+  void passOptionalNullableUnion(optional (object or long)? arg);
+  void passOptionalNullableUnionWithDefaultValue(optional (object or long)? arg = null);
+  //void passUnionWithInterfaces((TestInterface or TestExternalInterface) arg);
+  //void passUnionWithInterfacesAndNullable((TestInterface? or TestExternalInterface) arg);
+  //void passUnionWithSequence((sequence<object> or long) arg);
+  void passUnionWithArrayBuffer((ArrayBuffer or long) arg);
+  void passUnionWithString((DOMString or object) arg);
+  //void passUnionWithEnum((TestEnum or object) arg);
+  void passUnionWithCallback((TestCallback or long) arg);
+  void passUnionWithObject((object or long) arg);
+  //void passUnionWithDict((Dict or long) arg);
+
+  // binaryNames tests
+  void methodRenamedFrom();
+  void methodRenamedFrom(byte argument);
+  readonly attribute byte attributeGetterRenamedFrom;
+  attribute byte attributeRenamedFrom;
+
+  void passDictionary(optional Dict x);
+  void passOtherDictionary(optional GrandparentDict x);
+  void passSequenceOfDictionaries(sequence<Dict> x);
+  void passDictionaryOrLong(optional Dict x);
+  void passDictionaryOrLong(long x);
+
+  void passDictContainingDict(optional DictContainingDict arg);
+  void passDictContainingSequence(optional DictContainingSequence arg);
+
+  // EnforceRange/Clamp tests
+  void dontEnforceRangeOrClamp(byte arg);
+  void doEnforceRange([EnforceRange] byte arg);
+  void doClamp([Clamp] byte arg);
+
+  // Typedefs
+  const myLong myLongConstant = 5;
+  void exerciseTypedefInterfaces1(AnotherNameForTestInterface arg);
+  AnotherNameForTestInterface exerciseTypedefInterfaces2(NullableTestInterface arg);
+  void exerciseTypedefInterfaces3(YetAnotherNameForTestInterface arg);
+
+  // Miscellania
+  [LenientThis] attribute long attrWithLenientThis;
+
+  // If you add things here, add them to TestCodeGen as well
+};
--- a/dom/bluetooth/BluetoothUnixSocketConnector.cpp
+++ b/dom/bluetooth/BluetoothUnixSocketConnector.cpp
@@ -55,16 +55,23 @@ int get_bdaddr(const char *str, bdaddr_t
   for (int i = 0; i < 6; i++) {
     *d-- = strtol(str, &endp, 16);
     MOZ_ASSERT(!(*endp != ':' && i != 5));
     str = endp + 1;
   }
   return 0;
 }
 
+static
+void get_bdaddr_as_string(const bdaddr_t *ba, char *str) {
+    const uint8_t *b = (const uint8_t *)ba;
+    sprintf(str, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
+            b[5], b[4], b[3], b[2], b[1], b[0]);
+}
+
 BluetoothUnixSocketConnector::BluetoothUnixSocketConnector(
   BluetoothSocketType aType,
   int aChannel,
   bool aAuth,
   bool aEncrypt) : mType(aType)
                  , mChannel(aChannel)
                  , mAuth(aAuth)
                  , mEncrypt(aEncrypt)
@@ -174,8 +181,16 @@ BluetoothUnixSocketConnector::CreateAddr
     memcpy(&addr_sco.sco_bdaddr, &bd_address_obj, sizeof(bdaddr_t));
     memcpy(aAddr, &addr_sco, sizeof(addr_sco));
     break;
   default:
     NS_WARNING("Socket type unknown!");
   }
 }
 
+void
+BluetoothUnixSocketConnector::GetSocketAddr(const sockaddr& aAddr,
+                                            nsAString& aAddrStr)
+{
+  char addr[18];
+  get_bdaddr_as_string((bdaddr_t*)&aAddr, addr);
+  aAddrStr.AssignASCII(addr);
+}
--- a/dom/bluetooth/BluetoothUnixSocketConnector.h
+++ b/dom/bluetooth/BluetoothUnixSocketConnector.h
@@ -21,16 +21,19 @@ public:
   virtual ~BluetoothUnixSocketConnector()
   {}
   virtual int Create() MOZ_OVERRIDE;
   virtual void CreateAddr(bool aIsServer,
                           socklen_t& aAddrSize,
                           struct sockaddr* aAddr,
                           const char* aAddress) MOZ_OVERRIDE;
   virtual bool SetUp(int aFd) MOZ_OVERRIDE;
+  virtual void GetSocketAddr(const sockaddr& aAddr,
+                             nsAString& aAddrStr) MOZ_OVERRIDE;
+
 private:
   BluetoothSocketType mType;
   int mChannel;
   bool mAuth;
   bool mEncrypt;
 };
 
 END_BLUETOOTH_NAMESPACE
--- a/dom/devicestorage/DeviceStorageRequestParent.cpp
+++ b/dom/devicestorage/DeviceStorageRequestParent.cpp
@@ -170,34 +170,36 @@ DeviceStorageRequestParent::PostSuccessE
   SuccessResponse response;
   unused <<  mParent->Send__delete__(mParent, response);
   return NS_OK;
 }
 
 DeviceStorageRequestParent::PostBlobSuccessEvent::PostBlobSuccessEvent(DeviceStorageRequestParent* aParent,
                                                                        DeviceStorageFile* aFile,
                                                                        uint32_t aLength,
-                                                                       nsACString& aMimeType)
+                                                                       nsACString& aMimeType,
+                                                                       uint64_t aLastModifiedDate)
   : CancelableRunnable(aParent)
   , mLength(aLength)
+  , mLastModificationDate(aLastModifiedDate)
   , mFile(aFile)
   , mMimeType(aMimeType)
 {
 }
 
 DeviceStorageRequestParent::PostBlobSuccessEvent::~PostBlobSuccessEvent() {}
 
 nsresult
 DeviceStorageRequestParent::PostBlobSuccessEvent::CancelableRun() {
   NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
 
   nsString mime;
   CopyASCIItoUTF16(mMimeType, mime);
 
-  nsCOMPtr<nsIDOMBlob> blob = new nsDOMFileFile(mFile->mPath, mime, mLength, mFile->mFile);
+  nsCOMPtr<nsIDOMBlob> blob = new nsDOMFileFile(mFile->mPath, mime, mLength, mFile->mFile, mLastModificationDate);
 
   ContentParent* cp = static_cast<ContentParent*>(mParent->Manager());
   BlobParent* actor = cp->GetOrCreateActorForBlob(blob);
 
   BlobResponse response;
   response.blobParent() = actor;
 
   unused <<  mParent->Send__delete__(mParent, response);
@@ -369,17 +371,25 @@ DeviceStorageRequestParent::ReadFileEven
   int64_t fileSize;
   nsresult rv = mFile->mFile->GetFileSize(&fileSize);
   if (NS_FAILED(rv)) {
     r = new PostErrorEvent(mParent, POST_ERROR_EVENT_UNKNOWN);
     NS_DispatchToMainThread(r);
     return NS_OK;
   }
 
-  r = new PostBlobSuccessEvent(mParent, mFile, fileSize, mMimeType);
+  PRTime modDate;
+  rv = mFile->mFile->GetLastModifiedTime(&modDate);
+  if (NS_FAILED(rv)) {
+    r = new PostErrorEvent(mParent, POST_ERROR_EVENT_UNKNOWN);
+    NS_DispatchToMainThread(r);
+    return NS_OK;
+  }
+
+  r = new PostBlobSuccessEvent(mParent, mFile, fileSize, mMimeType, modDate);
   NS_DispatchToMainThread(r);
   return NS_OK;
 }
 
 DeviceStorageRequestParent::EnumerateFileEvent::EnumerateFileEvent(DeviceStorageRequestParent* aParent,
                                                                    DeviceStorageFile* aFile,
                                                                    uint64_t aSince)
   : CancelableRunnable(aParent)
--- a/dom/devicestorage/DeviceStorageRequestParent.h
+++ b/dom/devicestorage/DeviceStorageRequestParent.h
@@ -81,21 +81,22 @@ private:
       PostSuccessEvent(DeviceStorageRequestParent* aParent);
       virtual ~PostSuccessEvent();
       virtual nsresult CancelableRun();
   };
 
   class PostBlobSuccessEvent : public CancelableRunnable
   {
     public:
-      PostBlobSuccessEvent(DeviceStorageRequestParent* aParent, DeviceStorageFile* aFile, uint32_t aLength, nsACString& aMimeType);
+      PostBlobSuccessEvent(DeviceStorageRequestParent* aParent, DeviceStorageFile* aFile, uint32_t aLength, nsACString& aMimeType, uint64_t aLastModifiedDate);
       virtual ~PostBlobSuccessEvent();
       virtual nsresult CancelableRun();
     private:
       uint32_t mLength;
+      uint64_t mLastModificationDate;
       nsRefPtr<DeviceStorageFile> mFile;
       nsCString mMimeType;
   };
 
   class PostEnumerationSuccessEvent : public CancelableRunnable
   {
     public:
       PostEnumerationSuccessEvent(DeviceStorageRequestParent* aParent, InfallibleTArray<DeviceStorageFileValue>& aPaths);
--- a/dom/devicestorage/test/test_basic.html
+++ b/dom/devicestorage/test/test_basic.html
@@ -56,16 +56,19 @@ function deleteError(e) {
   devicestorage_cleanup();
 }
 
 function getSuccess(e) {
   var storage = navigator.getDeviceStorage("pictures");
   ok(navigator.getDeviceStorage, "Should have getDeviceStorage");
 
   ok(e.target.result.name == gFileName, "File name should match");
+  ok(e.target.result.size > 0, "File size be greater than zero");
+  ok(e.target.result.type, "File should have a mime type");
+  ok(e.target.result.lastModifiedDate, "File should have a last modified date");
 
   var name = e.target.result.name;
 
   gFileReader.readAsArrayBuffer(gDataBlob);
   gFileReader.onload = function(e) {
     readerCallback(e);
 
     request = storage.delete(name)
--- a/dom/indexedDB/IDBObjectStore.cpp
+++ b/dom/indexedDB/IDBObjectStore.cpp
@@ -599,22 +599,24 @@ ActorFromRemoteBlob(nsIDOMBlob* aBlob)
     NS_ASSERTION(actor, "Null actor?!");
     return actor;
   }
   return nullptr;
 }
 
 inline
 bool
-ResolveMysteryBlob(nsIDOMBlob* aBlob, const nsString& aName,
-                   const nsString& aContentType, uint64_t aSize)
+ResolveMysteryFile(nsIDOMBlob* aBlob, const nsString& aName,
+                   const nsString& aContentType, uint64_t aSize,
+                   uint64_t aLastModifiedDate)
 {
   BlobChild* actor = ActorFromRemoteBlob(aBlob);
   if (actor) {
-    return actor->SetMysteryBlobInfo(aName, aContentType, aSize);
+    return actor->SetMysteryBlobInfo(aName, aContentType,
+                                     aSize, aLastModifiedDate);
   }
   return true;
 }
 
 inline
 bool
 ResolveMysteryBlob(nsIDOMBlob* aBlob, const nsString& aContentType,
                    uint64_t aSize)
@@ -1090,17 +1092,28 @@ StructuredCloneReadString(JSStructuredCl
 // static
 JSObject*
 IDBObjectStore::StructuredCloneReadCallback(JSContext* aCx,
                                             JSStructuredCloneReader* aReader,
                                             uint32_t aTag,
                                             uint32_t aData,
                                             void* aClosure)
 {
-  if (aTag == SCTAG_DOM_FILEHANDLE || aTag == SCTAG_DOM_BLOB ||
+  // We need to statically assert that our tag values are what we expect
+  // so that if people accidentally change them they notice.
+  MOZ_STATIC_ASSERT(SCTAG_DOM_BLOB == 0xFFFF8001 &&
+                    SCTAG_DOM_FILE_WITHOUT_LASTMODIFIEDDATE == 0xFFFF8002 &&
+                    SCTAG_DOM_FILEHANDLE == 0xFFFF8004 &&
+                    SCTAG_DOM_FILE == 0xFFFF8005,
+                    "You changed our structured clone tag values and just ate "
+                    "everyone's IndexedDB data.  I hope you are happy.");
+
+  if (aTag == SCTAG_DOM_FILE_WITHOUT_LASTMODIFIEDDATE ||
+      aTag == SCTAG_DOM_FILEHANDLE ||
+      aTag == SCTAG_DOM_BLOB ||
       aTag == SCTAG_DOM_FILE) {
     StructuredCloneReadInfo* cloneReadInfo =
       reinterpret_cast<StructuredCloneReadInfo*>(aClosure);
 
     if (aData >= cloneReadInfo->mFiles.Length()) {
       NS_ERROR("Bad blob index!");
       return nullptr;
     }
@@ -1136,16 +1149,17 @@ IDBObjectStore::StructuredCloneReadCallb
       if (NS_FAILED(rv)) {
         NS_WARNING("Failed to wrap native!");
         return nullptr;
       }
 
       return JSVAL_TO_OBJECT(wrappedFileHandle);
     }
 
+    // If it's not a FileHandle, it's a Blob or a File.
     uint64_t size;
     if (!JS_ReadBytes(aReader, &size, sizeof(uint64_t))) {
       NS_WARNING("Failed to read size!");
       return nullptr;
     }
     size = SwapBytes(size);
 
     nsCString type;
@@ -1191,27 +1205,35 @@ IDBObjectStore::StructuredCloneReadCallb
       if (NS_FAILED(rv)) {
         NS_WARNING("Failed to wrap native!");
         return nullptr;
       }
 
       return JSVAL_TO_OBJECT(wrappedBlob);
     }
 
-    NS_ASSERTION(aTag == SCTAG_DOM_FILE, "Huh?!");
+    NS_ASSERTION(aTag == SCTAG_DOM_FILE ||
+                 aTag == SCTAG_DOM_FILE_WITHOUT_LASTMODIFIEDDATE, "Huh?!");
+
+    uint64_t lastModifiedDate = UINT64_MAX;
+    if (aTag != SCTAG_DOM_FILE_WITHOUT_LASTMODIFIEDDATE &&
+        !JS_ReadBytes(aReader, &lastModifiedDate, sizeof(lastModifiedDate))) {
+      NS_WARNING("Failed to read lastModifiedDate");
+      return nullptr;
+    }
 
     nsCString name;
     if (!StructuredCloneReadString(aReader, name)) {
       return nullptr;
     }
     NS_ConvertUTF8toUTF16 convName(name);
 
     nsCOMPtr<nsIDOMFile> domFile;
     if (file.mFile) {
-      if (!ResolveMysteryBlob(file.mFile, convName, convType, size)) {
+      if (!ResolveMysteryFile(file.mFile, convName, convType, size, lastModifiedDate)) {
         return nullptr;
       }
       domFile = do_QueryInterface(file.mFile);
       NS_ASSERTION(domFile, "This should never fail!");
     }
     else {
       domFile = new nsDOMFileFile(convName, convType, size, nativeFile,
                                   fileInfo);
@@ -1315,25 +1337,34 @@ IDBObjectStore::StructuredCloneWriteCall
                               cloneWriteInfo->mFiles.Length()) ||
           !JS_WriteBytes(aWriter, &size, sizeof(size)) ||
           !JS_WriteBytes(aWriter, &convTypeLength, sizeof(convTypeLength)) ||
           !JS_WriteBytes(aWriter, convType.get(), convType.Length())) {
         return false;
       }
 
       if (file) {
+        uint64_t lastModifiedDate = 0;
+        if (NS_FAILED(file->GetMozLastModifiedDate(&lastModifiedDate))) {
+          NS_WARNING("Failed to get last modified date!");
+          return false;
+        }
+
+        lastModifiedDate = SwapBytes(lastModifiedDate);
+
         nsString name;
         if (NS_FAILED(file->GetName(name))) {
           NS_WARNING("Failed to get name!");
           return false;
         }
         NS_ConvertUTF16toUTF8 convName(name);
         uint32_t convNameLength = SwapBytes(convName.Length());
 
-        if (!JS_WriteBytes(aWriter, &convNameLength, sizeof(convNameLength)) ||
+        if (!JS_WriteBytes(aWriter, &lastModifiedDate, sizeof(lastModifiedDate)) || 
+            !JS_WriteBytes(aWriter, &convNameLength, sizeof(convNameLength)) ||
             !JS_WriteBytes(aWriter, convName.get(), convName.Length())) {
           return false;
         }
       }
 
       StructuredCloneFile* cloneFile = cloneWriteInfo->mFiles.AppendElement();
       cloneFile->mFile = blob.forget();
       cloneFile->mFileInfo = fileInfo.forget();
--- a/dom/ipc/Blob.cpp
+++ b/dom/ipc/Blob.cpp
@@ -580,30 +580,38 @@ private:
       }
     }
   };
 
 public:
   NS_DECL_ISUPPORTS_INHERITED
 
   RemoteBlob(const nsAString& aName, const nsAString& aContentType,
+             uint64_t aLength, uint64_t aModDate)
+  : nsDOMFile(aName, aContentType, aLength, aModDate), mActor(nullptr)
+  {
+    mImmutable = true;
+  }
+
+  RemoteBlob(const nsAString& aName, const nsAString& aContentType,
              uint64_t aLength)
   : nsDOMFile(aName, aContentType, aLength), mActor(nullptr)
   {
     mImmutable = true;
   }
 
   RemoteBlob(const nsAString& aContentType, uint64_t aLength)
   : nsDOMFile(aContentType, aLength), mActor(nullptr)
   {
     mImmutable = true;
   }
 
   RemoteBlob()
-  : nsDOMFile(EmptyString(), EmptyString(), UINT64_MAX), mActor(nullptr)
+  : nsDOMFile(EmptyString(), EmptyString(), UINT64_MAX, UINT64_MAX)
+  , mActor(nullptr)
   {
     mImmutable = true;
   }
 
   virtual ~RemoteBlob()
   {
     if (mActor) {
       mActor->NoteDyingRemoteBlob();
@@ -646,16 +654,31 @@ public:
     return helper->GetStream(aStream);
   }
 
   virtual void*
   GetPBlob() MOZ_OVERRIDE
   {
     return static_cast<typename ActorType::ProtocolType*>(mActor);
   }
+
+  NS_IMETHOD
+  GetLastModifiedDate(JSContext* cx, JS::Value* aLastModifiedDate)
+  {
+    if (IsDateUnknown()) {
+      aLastModifiedDate->setNull();
+    } else {
+      JSObject* date = JS_NewDateObjectMsec(cx, mLastModificationDate);
+      if (!date) {
+        return NS_ERROR_OUT_OF_MEMORY;
+      }
+      aLastModifiedDate->setObject(*date);
+    }
+    return NS_OK;
+  }
 };
 
 template <ActorFlavorEnum ActorFlavor>
 Blob<ActorFlavor>::Blob(nsIDOMBlob* aBlob)
 : mBlob(aBlob), mRemoteBlob(nullptr), mOwnsBlob(true), mBlobIsFile(false)
 {
   MOZ_ASSERT(NS_IsMainThread());
   MOZ_ASSERT(aBlob);
@@ -681,17 +704,17 @@ Blob<ActorFlavor>::Blob(const BlobConstr
       break;
     }
 
     case BlobConstructorParams::TFileBlobConstructorParams: {
       const FileBlobConstructorParams& params =
         aParams.get_FileBlobConstructorParams();
       remoteBlob =
         new RemoteBlobType(params.name(), params.contentType(),
-                           params.length());
+                           params.length(), params.modDate());
       mBlobIsFile = true;
       break;
     }
 
     case BlobConstructorParams::TMysteryBlobConstructorParams: {
       remoteBlob = new RemoteBlobType();
       mBlobIsFile = true;
       break;
@@ -765,43 +788,48 @@ Blob<ActorFlavor>::GetBlob()
 
   return blob.forget();
 }
 
 template <ActorFlavorEnum ActorFlavor>
 bool
 Blob<ActorFlavor>::SetMysteryBlobInfo(const nsString& aName,
                                       const nsString& aContentType,
-                                      uint64_t aLength)
+                                      uint64_t aLength,
+                                      uint64_t aLastModifiedDate)
 {
   MOZ_ASSERT(NS_IsMainThread());
   MOZ_ASSERT(mBlob);
   MOZ_ASSERT(mRemoteBlob);
   MOZ_ASSERT(aLength);
+  MOZ_ASSERT(aLastModifiedDate != UINT64_MAX);
 
-  ToConcreteBlob(mBlob)->SetLazyData(aName, aContentType, aLength);
+  ToConcreteBlob(mBlob)->SetLazyData(aName, aContentType,
+                                     aLength, aLastModifiedDate);
 
-  FileBlobConstructorParams params(aName, aContentType, aLength);
+  FileBlobConstructorParams params(aName, aContentType,
+                                   aLength, aLastModifiedDate);
   return ProtocolType::SendResolveMystery(params);
 }
 
 template <ActorFlavorEnum ActorFlavor>
 bool
 Blob<ActorFlavor>::SetMysteryBlobInfo(const nsString& aContentType,
                                       uint64_t aLength)
 {
   MOZ_ASSERT(NS_IsMainThread());
   MOZ_ASSERT(mBlob);
   MOZ_ASSERT(mRemoteBlob);
   MOZ_ASSERT(aLength);
 
   nsString voidString;
   voidString.SetIsVoid(true);
 
-  ToConcreteBlob(mBlob)->SetLazyData(voidString, aContentType, aLength);
+  ToConcreteBlob(mBlob)->SetLazyData(voidString, aContentType,
+                                     aLength, UINT64_MAX);
 
   NormalBlobConstructorParams params(aContentType, aLength);
   return ProtocolType::SendResolveMystery(params);
 }
 
 template <ActorFlavorEnum ActorFlavor>
 void
 Blob<ActorFlavor>::SetRemoteBlob(nsRefPtr<RemoteBlobType>& aRemoteBlob)
@@ -885,24 +913,26 @@ Blob<ActorFlavor>::RecvResolveMystery(co
   nsDOMFileBase* blob = ToConcreteBlob(mBlob);
 
   switch (aParams.type()) {
     case ResolveMysteryParams::TNormalBlobConstructorParams: {
       const NormalBlobConstructorParams& params =
         aParams.get_NormalBlobConstructorParams();
       nsString voidString;
       voidString.SetIsVoid(true);
-      blob->SetLazyData(voidString, params.contentType(), params.length());
+      blob->SetLazyData(voidString, params.contentType(),
+                        params.length(), UINT64_MAX);
       break;
     }
 
     case ResolveMysteryParams::TFileBlobConstructorParams: {
       const FileBlobConstructorParams& params =
         aParams.get_FileBlobConstructorParams();
-      blob->SetLazyData(params.name(), params.contentType(), params.length());
+      blob->SetLazyData(params.name(), params.contentType(),
+                        params.length(), params.modDate());
       break;
     }
 
     default:
       MOZ_NOT_REACHED("Unknown params!");
   }
 
   return true;
--- a/dom/ipc/Blob.h
+++ b/dom/ipc/Blob.h
@@ -168,17 +168,17 @@ public:
   // sending side. It may also be called on the receiving side unless this is a
   // "mystery" blob that has not yet received a SetMysteryBlobInfo() call.
   already_AddRefed<nsIDOMBlob>
   GetBlob();
 
   // Use this for files.
   bool
   SetMysteryBlobInfo(const nsString& aName, const nsString& aContentType,
-                     uint64_t aLength);
+                     uint64_t aLength, uint64_t aLastModifiedDate);
 
   // Use this for non-file blobs.
   bool
   SetMysteryBlobInfo(const nsString& aContentType, uint64_t aLength);
 
 private:
   // This constructor is called on the sending side.
   Blob(nsIDOMBlob* aBlob);
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -535,19 +535,21 @@ ContentChild::GetOrCreateActorForBlob(ns
 
   // XXX This is only safe so long as all blob implementations in our tree
   //     inherit nsDOMFileBase. If that ever changes then this will need to grow
   //     a real interface or something.
   const nsDOMFileBase* blob = static_cast<nsDOMFileBase*>(aBlob);
 
   BlobConstructorParams params;
 
-  if (blob->IsSizeUnknown()) {
-    // We don't want to call GetSize yet since that may stat a file on the main
-    // thread here. Instead we'll learn the size lazily from the other process.
+  if (blob->IsSizeUnknown() || blob->IsDateUnknown()) {
+    // We don't want to call GetSize or GetLastModifiedDate
+    // yet since that may stat a file on the main thread
+    // here. Instead we'll learn the size lazily from the
+    // other process.
     params = MysteryBlobConstructorParams();
   }
   else {
     nsString contentType;
     nsresult rv = aBlob->GetType(contentType);
     NS_ENSURE_SUCCESS(rv, nullptr);
 
     uint64_t length;
@@ -556,16 +558,19 @@ ContentChild::GetOrCreateActorForBlob(ns
 
     nsCOMPtr<nsIDOMFile> file = do_QueryInterface(aBlob);
     if (file) {
       FileBlobConstructorParams fileParams;
 
       rv = file->GetName(fileParams.name());
       NS_ENSURE_SUCCESS(rv, nullptr);
 
+      rv = file->GetMozLastModifiedDate(&fileParams.modDate());
+      NS_ENSURE_SUCCESS(rv, nullptr);
+
       fileParams.contentType() = contentType;
       fileParams.length() = length;
 
       params = fileParams;
     } else {
       NormalBlobConstructorParams blobParams;
       blobParams.contentType() = contentType;
       blobParams.length() = length;
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -1233,34 +1233,39 @@ ContentParent::GetOrCreateActorForBlob(n
 
   // XXX This is only safe so long as all blob implementations in our tree
   //     inherit nsDOMFileBase. If that ever changes then this will need to grow
   //     a real interface or something.
   const nsDOMFileBase* blob = static_cast<nsDOMFileBase*>(aBlob);
 
   BlobConstructorParams params;
 
-  if (blob->IsSizeUnknown()) {
-    // We don't want to call GetSize yet since that may stat a file on the main
-    // thread here. Instead we'll learn the size lazily from the other process.
+  if (blob->IsSizeUnknown() || /*blob->IsDateUnknown()*/ 0) {
+    // We don't want to call GetSize or GetLastModifiedDate
+    // yet since that may stat a file on the main thread
+    // here. Instead we'll learn the size lazily from the
+    // other process.
     params = MysteryBlobConstructorParams();
   }
   else {
     nsString contentType;
     nsresult rv = aBlob->GetType(contentType);
     NS_ENSURE_SUCCESS(rv, nullptr);
 
     uint64_t length;
     rv = aBlob->GetSize(&length);
     NS_ENSURE_SUCCESS(rv, nullptr);
 
     nsCOMPtr<nsIDOMFile> file = do_QueryInterface(aBlob);
     if (file) {
       FileBlobConstructorParams fileParams;
 
+      rv = file->GetMozLastModifiedDate(&fileParams.modDate());
+      NS_ENSURE_SUCCESS(rv, nullptr);
+
       rv = file->GetName(fileParams.name());
       NS_ENSURE_SUCCESS(rv, nullptr);
 
       fileParams.contentType() = contentType;
       fileParams.length() = length;
 
       params = fileParams;
     } else {
--- a/dom/ipc/DOMTypes.ipdlh
+++ b/dom/ipc/DOMTypes.ipdlh
@@ -23,12 +23,13 @@ struct NormalBlobConstructorParams
   uint64_t length;
 };
 
 struct FileBlobConstructorParams
 {
   nsString name;
   nsString contentType;
   uint64_t length;
+  uint64_t modDate;
 };
 
 } // namespace dom
 } // namespace mozilla
--- a/dom/media/MediaManager.cpp
+++ b/dom/media/MediaManager.cpp
@@ -807,16 +807,17 @@ MediaManager::GetUserMedia(bool aPrivile
   }
   // XXX No support for Audio or Video in Android yet
 #else
   // XXX No full support for picture in Desktop yet (needs proper UI)
   if (aPrivileged || fake) {
     if (!mMediaThread) {
       nsresult rv = NS_NewThread(getter_AddRefs(mMediaThread));
       NS_ENSURE_SUCCESS(rv, rv);
+      LOG(("New Media thread for gum"));
     }
     mMediaThread->Dispatch(gUMRunnable, NS_DISPATCH_NORMAL);
   } else {
     // Ask for user permission, and dispatch runnable (or not) when a response
     // is received via an observer notification. Each call is paired with its
     // runnable by a GUID.
     nsresult rv;
     nsCOMPtr<nsIUUIDGenerator> uuidgen =
@@ -947,18 +948,21 @@ MediaManager::Observe(nsISupports* aSubj
     nsString key(aData);
     nsRefPtr<nsRunnable> runnable;
     if (!mActiveCallbacks.Get(key, getter_AddRefs(runnable))) {
       return NS_OK;
     }
 
     // Reuse the same thread to save memory.
     if (!mMediaThread) {
+      LOG(("New Media thread for gum on allow"));
       nsresult rv = NS_NewThread(getter_AddRefs(mMediaThread));
       NS_ENSURE_SUCCESS(rv, rv);
+    } else {
+      LOG(("Reused Media thread for gum on allow"));
     }
 
     if (aSubject) {
       // A particular device was chosen by the user.
       // NOTE: does not allow setting a device to null; assumes nullptr
       nsCOMPtr<nsIMediaDevice> device = do_QueryInterface(aSubject);
       if (device) {
         GetUserMediaRunnable* gUMRunnable =
--- a/dom/network/interfaces/nsIDOMTCPSocket.idl
+++ b/dom/network/interfaces/nsIDOMTCPSocket.idl
@@ -205,26 +205,26 @@ interface nsITCPSocketInternal : nsISupp
  * and the data associated with the event (if any).
  */
 
 [scriptable, uuid(0f2abcca-b483-4539-a3e8-345707f75c44)]
 interface nsITCPSocketEvent : nsISupports {
   /**
    * The socket object which produced this event.
    */
-  readonly attribute nsIDOMTCPSocket socket;
+  readonly attribute nsIDOMTCPSocket target;
 
   /**
    * The type of this event. One of:
    *
-   * onopen
-   * onerror
-   * ondata
-   * ondrain
-   * onclose
+   * open
+   * error
+   * data
+   * drain
+   * close
    */
   readonly attribute DOMString type;
 
   /**
    * The data related to this event, if any. In the ondata callback,
    * data will be the bytes read from the network; if the binaryType
    * of the socket was "arraybuffer", this value will be of type Uint8Array;
    * otherwise, it will be a normal JavaScript string.
--- a/dom/network/src/TCPSocket.js
+++ b/dom/network/src/TCPSocket.js
@@ -44,31 +44,31 @@ function LOG(msg) {
 }
 
 /*
  * nsITCPSocketEvent object
  */
 
 function TCPSocketEvent(type, sock, data) {
   this._type = type;
-  this._socket = sock;
+  this._target = sock;
   this._data = data;
 }
 
 TCPSocketEvent.prototype = {
   __exposedProps__: {
     type: 'r',
-    socket: 'r',
+    target: 'r',
     data: 'r'
   },
   get type() {
     return this._type;
   },
-  get socket() {
-    return this._socket;
+  get target() {
+    return this._target;
   },
   get data() {
     return this._data;
   }
 }
 
 /*
  * nsIDOMTCPSocket object
@@ -228,43 +228,43 @@ TCPSocket.prototype = {
       onStopRequest: function ts_output_onStopRequest(request, context, status) {
         self._asyncCopierActive = false;
         self._multiplexStream.removeStream(0);
 
         if (status) {
           self._readyState = kCLOSED;
           let err = new Error("Connection closed while writing: " + status);
           err.status = status;
-          self.callListener("onerror", err);
-          self.callListener("onclose");
+          self.callListener("error", err);
+          self.callListener("close");
           return;
         }
 
         if (self._multiplexStream.count) {
           self._ensureCopying();
         } else {
           if (self._waitingForDrain) {
             self._waitingForDrain = false;
-            self.callListener("ondrain");
+            self.callListener("drain");
           }
           if (self._readyState === kCLOSING) {
             self._socketOutputStream.close();
             self._readyState = kCLOSED;
-            self.callListener("onclose");
+            self.callListener("close");
           }
         }
       }
     }, null);
   },
 
   callListener: function ts_callListener(type, data) {
-    if (!this[type])
+    if (!this["on" + type])
       return;
 
-    this[type].call(null, new TCPSocketEvent(type, this, data || ""));
+    this["on" + type].call(null, new TCPSocketEvent(type, this, data || ""));
   },
 
   /* nsITCPSocketInternal methods */
   callListenerError: function ts_callListenerError(type, message, filename,
                                                    lineNumber, columnNumber) {
     this.callListener(type, new Error(message, filename, lineNumber, columnNumber));
   },
 
@@ -514,17 +514,17 @@ TCPSocket.prototype = {
     }
   },
 
   // nsITransportEventSink (Triggered by transport.setEventSink)
   onTransportStatus: function ts_onTransportStatus(
     transport, status, progress, max) {
     if (status === Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
       this._readyState = kOPEN;
-      this.callListener("onopen");
+      this.callListener("open");
 
       this._inputStreamPump = new InputStreamPump(
         this._socketInputStream, -1, -1, 0, 0, false
       );
 
       while (this._suspendCount--) {
         this._inputStreamPump.suspend();
       }
@@ -534,17 +534,17 @@ TCPSocket.prototype = {
   },
 
   // nsIAsyncInputStream (Triggered by _socketInputStream.asyncWait)
   // Only used for detecting connection refused
   onInputStreamReady: function ts_onInputStreamReady(input) {
     try {
       input.available();
     } catch (e) {
-      this.callListener("onerror", new Error("Connection refused"));
+      this.callListener("error", new Error("Connection refused"));
     }
   },
 
   // nsIRequestObserver (Triggered by _inputStreamPump.asyncRead)
   onStartRequest: function ts_onStartRequest(request, context) {
   },
 
   // nsIRequestObserver (Triggered by _inputStreamPump.asyncRead)
@@ -562,31 +562,31 @@ TCPSocket.prototype = {
       return;
     }
 
     this._readyState = kCLOSED;
 
     if (status) {
       let err = new Error("Connection closed: " + status);
       err.status = status;
-      this.callListener("onerror", err);
+      this.callListener("error", err);
     }
 
-    this.callListener("onclose");
+    this.callListener("close");
   },
 
   // nsIStreamListener (Triggered by _inputStreamPump.asyncRead)
   onDataAvailable: function ts_onDataAvailable(request, context, inputStream, offset, count) {
     if (this._binaryType === "arraybuffer") {
       let ua = this.useWin ? new this.useWin.Uint8Array(count)
                            : new Uint8Array(count);
       ua.set(this._inputStreamBinary.readByteArray(count));
-      this.callListener("ondata", ua);
+      this.callListener("data", ua);
     } else {
-      this.callListener("ondata", this._inputStreamScriptable.read(count));
+      this.callListener("data", this._inputStreamScriptable.read(count));
     }
   },
 
   classID: Components.ID("{cda91b22-6472-11e1-aa11-834fec09cd0a}"),
 
   classInfo: XPCOMUtils.generateCI({
     classID: Components.ID("{cda91b22-6472-11e1-aa11-834fec09cd0a}"),
     contractID: "@mozilla.org/tcp-socket;1",
@@ -612,17 +612,17 @@ TCPSocket.prototype = {
 
 function SecurityCallbacks(socket) {
   this._socket = socket;
 }
 
 SecurityCallbacks.prototype = {
   notifyCertProblem: function sc_notifyCertProblem(socketInfo, status,
                                                    targetSite) {
-    this._socket.callListener("onerror", status);
+    this._socket.callListener("error", status);
     this._socket.close();
     return true;
   },
 
   getInterface: function sc_getInterface(iid) {
     return this.QueryInterface(iid);
   },
 
--- a/dom/network/src/TCPSocketParentIntermediary.js
+++ b/dom/network/src/TCPSocketParentIntermediary.js
@@ -21,19 +21,19 @@ TCPSocketParentIntermediary.prototype = 
     let socket = this._socket = baseSocket.open(aHost, aPort,
                                                 {useSSL: aUseSSL,
                                                 binaryType: aBinaryType});
     if (!socket)
       return null;
 
     // Create handlers for every possible callback that attempt to trigger
     // corresponding callbacks on the child object.
-    ["onopen", "ondrain", "ondata", "onerror", "onclose"].forEach(
+    ["open", "drain", "data", "error", "close"].forEach(
       function(p) {
-        socket[p] = function(data) {
+        socket["on" + p] = function(data) {
           aParentSide.sendCallback(p, data.data, socket.readyState,
                                    socket.bufferedAmount);
         };
       }
     );
 
     return socket;
   },
--- a/dom/network/tests/marionette/test_mobile_operator_names.js
+++ b/dom/network/tests/marionette/test_mobile_operator_names.js
@@ -1,77 +1,171 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 MARIONETTE_TIMEOUT = 60000;
 
 SpecialPowers.addPermission("mobileconnection", true, document);
 
+const OPERATOR_HOME = 0;
+const OPERATOR_ROAMING = 1;
+
 let connection = navigator.mozMobileConnection;
 ok(connection instanceof MozMobileConnection,
    "connection is instanceof " + connection.constructor);
 
 let voice = connection.voice;
 ok(voice, "voice connection valid");
 
 let network = voice.network;
 ok(network, "voice network info valid");
 
 let emulatorCmdPendingCount = 0;
-function setEmulatorOperatorNames(longName, shortName) {
+function sendEmulatorCommand(cmd, callback) {
   emulatorCmdPendingCount++;
-
-  let cmd = "operator set 0 " + longName + "," + shortName;
   runEmulatorCmd(cmd, function (result) {
     emulatorCmdPendingCount--;
 
+    is(result[result.length - 1], "OK");
+
+    callback(result);
+  });
+}
+
+function setEmulatorOperatorNames(which, longName, shortName, callback) {
+  let cmd = "operator set " + which + " " + longName + "," + shortName;
+  sendEmulatorCommand(cmd, function (result) {
     let re = new RegExp("^" + longName + "," + shortName + ",");
-    ok(result[0].match(re), "Long/short name should be changed.");
+    ok(result[which].match(re), "Long/short name should be changed.");
+
+    if (callback) {
+      window.setTimeout(callback, 0);
+    }
+  });
+}
+
+function setEmulatorRoaming(roaming, callback) {
+  let cmd = "gsm voice " + (roaming ? "roaming" : "home");
+  sendEmulatorCommand(cmd, function (result) {
+    is(result[0], "OK");
+
+    if (callback) {
+      window.setTimeout(callback, 0);
+    }
   });
 }
 
 function checkValidMccMnc() {
   is(network.mcc, 310, "network.mcc");
   is(network.mnc, 260, "network.mnc");
 }
 
+function waitForVoiceChange(callback) {
+  connection.addEventListener("voicechange", function onvoicechange() {
+    connection.removeEventListener("voicechange", onvoicechange);
+    callback();
+  });
+}
+
 function doTestMobileOperatorNames(longName, shortName, callback) {
   log("Testing '" + longName + "', '" + shortName + "':");
 
   checkValidMccMnc();
 
-  connection.addEventListener("voicechange", function onvoicechange() {
-    connection.removeEventListener("voicechange", onvoicechange);
-
+  waitForVoiceChange(function () {
     is(network.longName, longName, "network.longName");
     is(network.shortName, shortName, "network.shortName");
 
     checkValidMccMnc();
 
-    setTimeout(callback, 0);
+    window.setTimeout(callback, 0);
   });
 
-  setEmulatorOperatorNames(longName, shortName);
+  setEmulatorOperatorNames(OPERATOR_HOME, longName, shortName);
 }
 
 function testMobileOperatorNames() {
   doTestMobileOperatorNames("Mozilla", "B2G", function () {
     doTestMobileOperatorNames("Mozilla", "", function () {
       doTestMobileOperatorNames("", "B2G", function () {
         doTestMobileOperatorNames("", "", function () {
-          doTestMobileOperatorNames("Android", "Android", cleanUp);
+          doTestMobileOperatorNames("Android", "Android", testRoamingCheck);
+        });
+      });
+    });
+  });
+}
+
+// See bug 797972 - B2G RIL: False roaming situation
+//
+// Steps to test:
+// 1. set roaming operator names
+// 2. set emulator roaming
+// 3. wait for onvoicechange event and test passing conditions
+// 4. set emulator roaming back to false
+// 5. wait for onvoicechange event again and callback
+function doTestRoamingCheck(longName, shortName, callback) {
+  log("Testing roaming check '" + longName + "', '" + shortName + "':");
+
+  setEmulatorOperatorNames(OPERATOR_ROAMING, longName, shortName,
+                           window.setTimeout.bind(window, function () {
+      let done = false;
+      function resetRoaming() {
+        if (!done) {
+          window.setTimeout(resetRoaming, 100);
+          return;
+        }
+
+        waitForVoiceChange(callback);
+        setEmulatorRoaming(false);
+      }
+
+      waitForVoiceChange(function () {
+        is(network.longName, longName, "network.longName");
+        is(network.shortName, shortName, "network.shortName");
+        is(voice.roaming, false, "voice.roaming");
+
+        resetRoaming();
+      });
+
+      setEmulatorRoaming(true, function () {
+        done = true;
+      });
+    }, 3000) // window.setTimeout.bind
+  ); // setEmulatorOperatorNames
+}
+
+function testRoamingCheck() {
+  // If Either long name or short name of current registered operator matches
+  // SPN("Android"), then the `roaming` attribute should be set to false.
+  doTestRoamingCheck("Android", "Android", function () {
+    doTestRoamingCheck("Android", "android", function () {
+      doTestRoamingCheck("Android", "Xxx", function () {
+        doTestRoamingCheck("android", "Android", function () {
+          doTestRoamingCheck("android", "android", function () {
+            doTestRoamingCheck("android", "Xxx", function () {
+              doTestRoamingCheck("Xxx", "Android", function () {
+                doTestRoamingCheck("Xxx", "android", function () {
+                  setEmulatorOperatorNames(OPERATOR_ROAMING, "TelKila", "TelKila",
+                                           window.setTimeout.bind(window, cleanUp, 3000));
+                });
+              });
+            });
+          });
         });
       });
     });
   });
 }
 
 function cleanUp() {
   if (emulatorCmdPendingCount > 0) {
     setTimeout(cleanUp, 100);
     return;
   }
 
   SpecialPowers.removePermission("mobileconnection", document);
   finish();
 }
 
-testMobileOperatorNames();
+waitFor(testMobileOperatorNames, function () {
+  return voice.connected;
+});
--- a/dom/system/gonk/RadioInterfaceLayer.js
+++ b/dom/system/gonk/RadioInterfaceLayer.js
@@ -616,20 +616,20 @@ RadioInterfaceLayer.prototype = {
     *                      roaming state will be changed (maybe, if needed).
     */
   checkRoamingBetweenOperators: function checkRoamingBetweenOperators(registration) {
     let icc = this.rilContext.icc;
     if (!icc || !registration.connected) {
       return;
     }
 
-    let spn = icc.spn;
+    let spn = icc.spn && icc.spn.toLowerCase();
     let operator = registration.network;
-    let longName = operator.longName;
-    let shortName = operator.shortName;
+    let longName = operator.longName && operator.longName.toLowerCase();
+    let shortName = operator.shortName && operator.shortName.toLowerCase();
 
     let equalsLongName = longName && (spn == longName);
     let equalsShortName = shortName && (spn == shortName);
     let equalsMcc = icc.mcc == operator.mcc;
 
     registration.roaming = registration.roaming &&
                            !(equalsMcc && (equalsLongName || equalsShortName));
   },
--- a/dom/tests/mochitest/chrome/file_bug799299.xul
+++ b/dom/tests/mochitest/chrome/file_bug799299.xul
@@ -26,32 +26,36 @@ https://bugzilla.mozilla.org/show_bug.cg
     wu.sendMouseEventToWindow("mousedown", 10, 10, 0, 0, 0);
     wu.sendMouseEventToWindow("mouseup", 10, 10, 0, 0, 0);
   }
 
   function runTests() {
     var b1 = document.getElementById("b1");
     var b2 = document.getElementById("b2");
     b1.contentWindow.focus();
-    opener.wrappedJSObject.is(document.activeElement, b1);
+    opener.wrappedJSObject.is(document.activeElement, b1,
+                              "Focused first iframe");
 
     var didCallDummy = false;
     b2.contentWindow.addEventListener("mousedown", function(e) { didCallDummy = true; });
     sendClick(b2.contentWindow);
-    opener.wrappedJSObject.ok(didCallDummy);
-    opener.wrappedJSObject.is(document.activeElement, b2);
+    opener.wrappedJSObject.ok(didCallDummy, "dummy mousedown handler should fire");
+    opener.wrappedJSObject.is(document.activeElement, b2,
+                              "Focus shifted to second iframe");
 
     b1.contentWindow.focus();
-    opener.wrappedJSObject.is(document.activeElement, b1);
+    opener.wrappedJSObject.is(document.activeElement, b1,
+                              "Re-focused first iframe for the first time");
 
     var didCallListener = false;
     b2.contentWindow.addEventListener("mousedown", function(e) { didCallListener = true; e.preventDefault(); });
     sendClick(b2.contentWindow);
-    opener.wrappedJSObject.ok(didCallListener);
-    opener.wrappedJSObject.is(document.activeElement, b2);
+    opener.wrappedJSObject.ok(didCallListener, "mousedown handler should fire");
+    opener.wrappedJSObject.is(document.activeElement, b2,
+                              "focus should move to the second iframe");
 
     window.close();
     opener.wrappedJSObject.SimpleTest.finish();
   }
 
   SimpleTest.waitForFocus(runTests);
   ]]>
   </script>
--- a/dom/tests/mochitest/chrome/file_bug800817.xul
+++ b/dom/tests/mochitest/chrome/file_bug800817.xul
@@ -26,41 +26,46 @@ https://bugzilla.mozilla.org/show_bug.cg
     wu.sendMouseEventToWindow("mousedown", 10, 10, 0, 0, 0);
     wu.sendMouseEventToWindow("mouseup", 10, 10, 0, 0, 0);
   }
 
   function runTests() {
     var b1 = document.getElementById("b1");
     var b2 = document.getElementById("b2");
 
-    var mozbrowserAttr = opener.wrappedJSObject.testMozBrowser ? "true" : "false";
-    b1.setAttribute("mozbrowser", mozbrowserAttr);
-    b2.setAttribute("mozbrowser", mozbrowserAttr);
+    var testMozBrowser = opener.wrappedJSObject.testMozBrowser;
+    if (testMozBrowser) {
+      b1.setAttribute("mozbrowser", "true");
+      b2.setAttribute("mozbrowser", "true");
+    }
 
-    opener.wrappedJSObject.ok(true, "Testing with mozbrowser="+ mozbrowserAttr);
+    if (testMozBrowser)
+      opener.wrappedJSObject.info("Testing with mozbrowser=true");
+    else
+      opener.wrappedJSObject.info("Testing without mozbrowser");
 
     b1.contentWindow.focus();
     opener.wrappedJSObject.is(document.activeElement, b1,
                               "Focused first iframe");
 
     var didCallDummy = false;
     b2.contentWindow.addEventListener("mousedown", function(e) { didCallDummy = true; });
     sendClick(b2.contentWindow);
-    opener.wrappedJSObject.ok(didCallDummy);
+    opener.wrappedJSObject.ok(didCallDummy, "dummy mousedown handler should fire");
     opener.wrappedJSObject.is(document.activeElement, b2,
                               "Focus shifted to second iframe");
 
     b1.contentWindow.focus();
     opener.wrappedJSObject.is(document.activeElement, b1,
                               "Re-focused first iframe for the first time");
 
     var didCallListener = false;
     b2.contentWindow.addEventListener("mousedown", function(e) { didCallListener = true; e.preventDefault(); });
     sendClick(b2.contentWindow);
-    opener.wrappedJSObject.ok(didCallListener);
+    opener.wrappedJSObject.ok(didCallListener, "mousedown handler should fire");
     opener.wrappedJSObject.is(document.activeElement, b1,
                               "Did not move focus to the second iframe");
 
     window.close();
     opener.wrappedJSObject.finishedTests();
   }
 
   SimpleTest.waitForFocus(runTests);
--- a/dom/webidl/WebIDL.mk
+++ b/dom/webidl/WebIDL.mk
@@ -66,14 +66,15 @@ webidl_files += \
   USSDReceivedEvent.webidl \
   $(NULL)
 endif
 
 ifdef ENABLE_TESTS
 test_webidl_files := \
   TestCodeGen.webidl \
   TestDictionary.webidl \
+  TestExampleGen.webidl \
   TestTypedef.webidl \
   $(NULL)
 else
 test_webidl_files := $(NULL)
 endif
 
--- a/editor/libeditor/html/nsHTMLEditor.cpp
+++ b/editor/libeditor/html/nsHTMLEditor.cpp
@@ -758,17 +758,21 @@ nsHTMLEditor::NodeIsBlockStatic(const do
       tagAtom==nsEditProperty::dt         ||
       tagAtom==nsEditProperty::dd         ||
       tagAtom==nsEditProperty::pre)
   {
     return true;
   }
 
   bool isBlock;
-  DebugOnly<nsresult> rv = nsContentUtils::GetParserService()->
+#ifdef DEBUG
+  // XXX we can't use DebugOnly here because VC++ is stupid (bug 802884)
+  nsresult rv =
+#endif
+    nsContentUtils::GetParserService()->
     IsBlock(nsContentUtils::GetParserService()->HTMLAtomTagToId(tagAtom),
             isBlock);
   MOZ_ASSERT(rv == NS_OK);
 
   AssertParserServiceIsCorrect(tagAtom, isBlock);
 
   return isBlock;
 }
--- a/embedding/components/find/src/nsWebBrowserFind.cpp
+++ b/embedding/components/find/src/nsWebBrowserFind.cpp
@@ -201,30 +201,30 @@ NS_IMETHODIMP nsWebBrowserFind::FindNext
     while (NS_SUCCEEDED(docShellEnumerator->HasMoreElements(&hasMore)) && hasMore)
     {
         nsCOMPtr<nsISupports> curSupports;
         rv = docShellEnumerator->GetNext(getter_AddRefs(curSupports));
         if (NS_FAILED(rv)) break;
         curItem = do_QueryInterface(curSupports, &rv);
         if (NS_FAILED(rv)) break;
 
+        searchFrame = do_GetInterface(curItem, &rv);
+        if (NS_FAILED(rv)) break;
+
         if (curItem.get() == startingItem.get())
         {
             // Beware! This may flush notifications via synchronous
             // ScrollSelectionIntoView.
             rv = SearchInFrame(searchFrame, true, outDidFind);
             if (NS_FAILED(rv)) return rv;
             if (*outDidFind)
                 return OnFind(searchFrame);        // we are done
             break;
         }
 
-        searchFrame = do_GetInterface(curItem, &rv);
-        if (NS_FAILED(rv)) break;
-
         OnStartSearchFrame(searchFrame);
 
         // Beware! This may flush notifications via synchronous
         // ScrollSelectionIntoView.
         rv = SearchInFrame(searchFrame, false, outDidFind);
         if (NS_FAILED(rv)) return rv;
         if (*outDidFind)
             return OnFind(searchFrame);        // we are done
@@ -796,28 +796,23 @@ nsWebBrowserFind::GetFrameSelection(nsID
     nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
     nsIPresShell* presShell = doc->GetShell();
     if (!presShell) return;
 
     // text input controls have their independent selection controllers
     // that we must use when they have focus.
     nsPresContext *presContext = presShell->GetPresContext();
 
-    nsIFrame *frame = nullptr;
-    nsCOMPtr<nsIFocusManager> fm = do_GetService(FOCUSMANAGER_CONTRACTID);
-    if (fm) {
-      nsCOMPtr<nsIDOMElement> focusedElement;
-      fm->GetFocusedElement(getter_AddRefs(focusedElement));
-      nsCOMPtr<nsIContent> focusedContent(do_QueryInterface(focusedElement));
-      if (focusedContent) {
-        frame = focusedContent->GetPrimaryFrame();
-        if (frame && frame->PresContext() != presContext)
-          frame = nullptr;
-      }
-    }
+    nsCOMPtr<nsPIDOMWindow> window(do_QueryInterface(aWindow));
+
+    nsCOMPtr<nsPIDOMWindow> focusedWindow;
+    nsCOMPtr<nsIContent> focusedContent =
+      nsFocusManager::GetFocusedDescendant(window, false, getter_AddRefs(focusedWindow));
+
+    nsIFrame *frame = focusedContent ? focusedContent->GetPrimaryFrame() : nullptr;
 
     nsCOMPtr<nsISelectionController> selCon;
     if (frame) {
         frame->GetSelectionController(presContext, getter_AddRefs(selCon));
         selCon->GetSelection(nsISelectionController::SELECTION_NORMAL, aSel);
         if (*aSel) {
             int32_t count = -1;
             (*aSel)->GetRangeCount(&count);
--- a/extensions/gio/Makefile.in
+++ b/extensions/gio/Makefile.in
@@ -9,27 +9,19 @@ srcdir		= @srcdir@
 VPATH		= @srcdir@
 
 include $(DEPTH)/config/autoconf.mk
 
 MODULE		= nkgio
 LIBRARY_NAME	= nkgio
 SHORT_LIBNAME	= nkgio
 IS_COMPONENT	= 1
+EXPORT_LIBRARY	= 1
+MODULE_NAME	= nsGIOModule
+LIBXUL_LIBRARY	= 1
 
 CPPSRCS		= \
 		nsGIOProtocolHandler.cpp \
 		$(NULL)
 
 LOCAL_INCLUDES	= $(MOZ_GIO_CFLAGS)
 
-EXTRA_DSO_LDOPTS = \
-		   $(XPCOM_GLUE_LDOPTS) \
-		   $(MOZ_COMPONENT_LIBS) \
-		   $(MOZ_GIO_LIBS) \
-		   $(NULL)
-
-# make sure this component is never statically linked into the main
-# application.  this is necessary since we don't want to force users
-# to install gio in order to use the rest of mozilla ;-)
-FORCE_SHARED_LIB= 1
-
 include $(topsrcdir)/config/rules.mk
--- a/gfx/harfbuzz/src/Makefile.in
+++ b/gfx/harfbuzz/src/Makefile.in
@@ -82,13 +82,13 @@ EXPORTS_harfbuzz = \
 LOCAL_INCLUDES  += -I$(srcdir) 
 
 FORCE_STATIC_LIB = 1
 
 include $(topsrcdir)/config/rules.mk
 
 DEFINES += -DPACKAGE_VERSION="\"moz\""
 DEFINES += -DPACKAGE_BUGREPORT="\"http://bugzilla.mozilla.org/\""
-DEFINES += -DHAVE_OT=1 -DHB_NO_MT
+DEFINES += -DHAVE_OT=1 -DHB_NO_MT -DHB_NO_UNICODE_FUNCS
 
 # Cancel the effect of the -DDEBUG macro if present,
 # because harfbuzz uses that name for its own purposes
 COMPILE_CXXFLAGS += -UDEBUG
--- a/gfx/layers/ThebesLayerBuffer.cpp
+++ b/gfx/layers/ThebesLayerBuffer.cpp
@@ -307,17 +307,17 @@ ThebesLayerBuffer::BeginPaint(ThebesLaye
     if (!destBuffer)
       return result;
   }
   NS_ASSERTION(!(aFlags & PAINT_WILL_RESAMPLE) || destBufferRect == neededRegion.GetBounds(),
                "If we're resampling, we need to validate the entire buffer");
 
   // If we have no buffered data already, then destBuffer will be a fresh buffer
   // and we do not need to clear it below.
-  bool isClear = mBuffer == nullptr;
+  bool isClear = !HaveBuffer();
 
   if (destBuffer) {
     if (HaveBuffer()) {
       // Copy the bits
       nsRefPtr<gfxContext> tmpCtx = new gfxContext(destBuffer);
       nsIntPoint offset = -destBufferRect.TopLeft();
       tmpCtx->SetOperator(gfxContext::OPERATOR_SOURCE);
       tmpCtx->Translate(gfxPoint(offset.x, offset.y));
--- a/gfx/layers/basic/BasicCanvasLayer.cpp
+++ b/gfx/layers/basic/BasicCanvasLayer.cpp
@@ -411,16 +411,18 @@ BasicShadowableCanvasLayer::Paint(gfxCon
       handle = mGLContext->CreateSharedHandle(flags);
       if (handle) {
         mBackBuffer = SharedTextureDescriptor(flags, handle, mBounds.Size(), false);
       }
     }
     if (handle) {
       mGLContext->MakeCurrent();
       mGLContext->UpdateSharedHandle(flags, handle);
+      // call Painted() to reset our dirty 'bit'
+      Painted();
       FireDidTransactionCallback();
       BasicManager()->PaintedCanvas(BasicManager()->Hold(this),
                                     mNeedsYFlip,
                                     mBackBuffer);
       // Move SharedTextureHandle ownership to ShadowLayer
       mBackBuffer = SurfaceDescriptor();
       return;
     }
--- a/gfx/layers/opengl/ReusableTileStoreOGL.cpp
+++ b/gfx/layers/opengl/ReusableTileStoreOGL.cpp
@@ -213,25 +213,35 @@ ReusableTileStoreOGL::DrawTiles(TiledThe
   // rendered.
   gfxRect contentBounds, displayPort;
   ContainerLayer* scrollableLayer = nullptr;
   for (ContainerLayer* parent = aLayer->GetParent(); parent; parent = parent->GetParent()) {
       const FrameMetrics& parentMetrics = parent->GetFrameMetrics();
       if (parentMetrics.IsScrollable())
         scrollableLayer = parent;
       if (!parentMetrics.mDisplayPort.IsEmpty() && scrollableLayer) {
-          displayPort = parent->GetEffectiveTransform().
-            TransformBounds(gfxRect(
-              parentMetrics.mDisplayPort.x, parentMetrics.mDisplayPort.y,
-              parentMetrics.mDisplayPort.width, parentMetrics.mDisplayPort.height));
+          // Get the display-port bounds in screen-space.
+          displayPort = gfxRect(parentMetrics.mDisplayPort.x,
+                                parentMetrics.mDisplayPort.y,
+                                parentMetrics.mDisplayPort.width,
+                                parentMetrics.mDisplayPort.height);
+
+          // Calculate the scale transform applied to the root layer to determine
+          // the content resolution.
+          Layer* rootLayer = aLayer->Manager()->GetRoot();
+          const gfx3DMatrix& rootTransform = rootLayer->GetTransform();
+          float scaleX = rootTransform.GetXScale();
+          float scaleY = rootTransform.GetYScale();
+
+          // Get the content document bounds, in screen-space.
           const FrameMetrics& metrics = scrollableLayer->GetFrameMetrics();
           const nsIntSize& contentSize = metrics.mContentRect.Size();
           gfx::Point scrollOffset =
-            gfx::Point(metrics.mScrollOffset.x * metrics.LayersPixelsPerCSSPixel().width,
-                       metrics.mScrollOffset.y * metrics.LayersPixelsPerCSSPixel().height);
+            gfx::Point((metrics.mScrollOffset.x * metrics.LayersPixelsPerCSSPixel().width) / scaleX,
+                       (metrics.mScrollOffset.y * metrics.LayersPixelsPerCSSPixel().height) / scaleY);
           const nsIntPoint& contentOrigin = metrics.mContentRect.TopLeft() -
             nsIntPoint(NS_lround(scrollOffset.x), NS_lround(scrollOffset.y));
           gfxRect contentRect = gfxRect(contentOrigin.x, contentOrigin.y,
                                         contentSize.width, contentSize.height);
           contentBounds = scrollableLayer->GetEffectiveTransform().TransformBounds(contentRect);
           break;
       }
   }
@@ -254,25 +264,27 @@ ReusableTileStoreOGL::DrawTiles(TiledThe
     if (aResolution != tile->mResolution)
       transformedValidRegion.ScaleRoundOut(1.0f/scaleFactor.width,
                                            1.0f/scaleFactor.height);
     nsIntRegion tileRegion;
     tileRegion.Sub(tile->mTileRegion, transformedValidRegion);
 
     // Subtract the display-port from the tile region.
     if (!displayPort.IsEmpty()) {
+      // Transform the display-port from screen space to layer space.
       gfxRect transformedRenderBounds = transform.Inverse().TransformBounds(displayPort);
       tileRegion.Sub(tileRegion, nsIntRect(transformedRenderBounds.x,
                                            transformedRenderBounds.y,
                                            transformedRenderBounds.width,
                                            transformedRenderBounds.height));
     }
 
     // Intersect the tile region with the content area.
     if (!contentBounds.IsEmpty()) {
+      // Transform the content bounds from screen space to layer space.
       gfxRect transformedRenderBounds = transform.Inverse().TransformBounds(contentBounds);
       tileRegion.And(tileRegion, nsIntRect(transformedRenderBounds.x,
                                            transformedRenderBounds.y,
                                            transformedRenderBounds.width,
                                            transformedRenderBounds.height));
     }
 
     // If the tile region is empty, skip drawing.
--- a/gfx/src/nsDeviceContext.cpp
+++ b/gfx/src/nsDeviceContext.cpp
@@ -221,16 +221,17 @@ nsFontCache::Flush()
 
 nsDeviceContext::nsDeviceContext()
     : mWidth(0), mHeight(0), mDepth(0),
       mAppUnitsPerDevPixel(-1), mAppUnitsPerDevNotScaledPixel(-1),
       mAppUnitsPerPhysicalInch(-1),
       mPixelScale(1.0f), mPrintingScale(1.0f),
       mFontCache(nullptr)
 {
+    MOZ_ASSERT(NS_IsMainThread(), "nsDeviceContext created off main thread");
 }
 
 // Note: we use a bare pointer for mFontCache so that nsFontCache
 // can be an incomplete type in nsDeviceContext.h.
 // Therefore we have to do all the refcounting by hand.
 nsDeviceContext::~nsDeviceContext()
 {
     if (mFontCache) {
--- a/image/decoders/nsPNGDecoder.cpp
+++ b/image/decoders/nsPNGDecoder.cpp
@@ -578,16 +578,18 @@ nsPNGDecoder::info_callback(png_structp 
    * members and whatnot, after which we can get channels, rowbytes, etc. */
   png_read_update_info(png_ptr, info_ptr);
   decoder->mChannels = channels = png_get_channels(png_ptr, info_ptr);
 
   /*---------------------------------------------------------------*/
   /* copy PNG info into imagelib structs (formerly png_set_dims()) */
   /*---------------------------------------------------------------*/
 
+  // This code is currently unused, but it will be needed for bug 517713.
+#if 0
   int32_t alpha_bits = 1;
 
   if (channels == 2 || channels == 4) {
     /* check if alpha is coming from a tRNS chunk and is binary */
     if (num_trans) {
       /* if it's not an indexed color image, tRNS means binary */
       if (color_type == PNG_COLOR_TYPE_PALETTE) {
         for (int i=0; i<num_trans; i++) {
@@ -596,16 +598,17 @@ nsPNGDecoder::info_callback(png_structp 
             break;
           }
         }
       }
     } else {
       alpha_bits = 8;
     }
   }
+#endif
 
   if (channels == 1 || channels == 3)
     decoder->format = gfxASurface::ImageFormatRGB24;
   else if (channels == 2 || channels == 4)
     decoder->format = gfxASurface::ImageFormatARGB32;
 
 #ifdef PNG_APNG_SUPPORTED
   if (png_get_valid(png_ptr, info_ptr, PNG_INFO_acTL))
--- a/intl/uconv/ucvcn/nsHZToUnicode.cpp
+++ b/intl/uconv/ucvcn/nsHZToUnicode.cpp
@@ -137,20 +137,21 @@ NS_IMETHODIMP nsHZToUnicode::ConvertNoBu
             // on the second character.
             // 
             // N.B. For compatibility with other implementations, we treat '~\n'
             // as an illegal sequence even though RFC1843 permits it, and for
             // the same reason we pass through control characters including '\n'
             // and ' ' even in GB mode.
             if (srcByte > 0x20 || HZ_ENCODING_STATE == HZ_STATE_ASCII) {
               *aDest++ = UCS2_NO_MAPPING;
+              iDestlen++;
             }
             aSrc--;
             (*aSrcLength)--;
-            iDestlen++;
+            i--;
             break;
         }
       } else if (HZ_ENCODING_STATE == HZ_STATE_GB) {
         *aDest++ = (UINT8_IN_RANGE(0x21, oddByte, 0x7E) &&
                     UINT8_IN_RANGE(0x21, srcByte, 0x7E)) ?
                      mUtil.GBKCharToUnicode(oddByte|0x80, srcByte|0x80) :
                      UCS2_NO_MAPPING;
         mRunLength++;
--- a/ipc/unixsocket/UnixSocket.cpp
+++ b/ipc/unixsocket/UnixSocket.cpp
@@ -146,16 +146,27 @@ public:
 
   /** 
    * Set up nonblocking flags on whatever our current file descriptor is.
    *
    * @return true if successful, false otherwise
    */
   bool SetNonblockFlags();
 
+  void GetSocketAddr(nsAString& aAddrStr)
+  {
+    if (!mConnector)
+    {
+      NS_WARNING("No connector to get socket address from!");
+      aAddrStr = nsString();
+      return;
+    }
+    mConnector->GetSocketAddr(mAddr, aAddrStr);
+  }
+
   /**
    * Consumer pointer. Non-thread safe RefPtr, so should only be manipulated
    * directly from main thread. All non-main-thread accesses should happen with
    * mImpl as container.
    */
   RefPtr<UnixSocketConsumer> mConsumer;
 
 private:
@@ -222,16 +233,27 @@ private:
    * will be taken care of by the IO loop. Just set to nullptr.
    */
   CancelableTask* mTask;
 
   /**
    * Address we are connecting to, assuming we are creating a client connection.
    */
   nsCString mAddress;
+
+  /**
+   * Size of the socket address struct
+   */
+  socklen_t mAddrSize;
+
+  /**
+   * Address struct of the socket currently in use
+   */
+  sockaddr mAddr;
+
 };
 
 static void
 DestroyImpl(UnixSocketImpl* impl)
 {
   MOZ_ASSERT(impl);
   delete impl;
 }
@@ -399,57 +421,55 @@ void SocketConnectTask::Run() {
     return;
   }
   mImpl->Connect();
 }
 
 void
 UnixSocketImpl::Accept()
 {
-  socklen_t addr_sz;
-  struct sockaddr addr;
 
   if (!mConnector) {
     NS_WARNING("No connector object available!");
     return;
   }
 
   // This will set things we don't particularly care about, but it will hand
   // back the correct structure size which is what we do care about.
-  mConnector->CreateAddr(true, addr_sz, &addr, nullptr);
+  mConnector->CreateAddr(true, mAddrSize, &mAddr, nullptr);
 
   if(mFd.get() < 0)
   {
     mFd = mConnector->Create();
     if (mFd.get() < 0) {
       return;
     }
 
     if (!SetNonblockFlags()) {
       return;
     }
 
-    if (bind(mFd.get(), &addr, addr_sz)) {
+    if (bind(mFd.get(), &mAddr, mAddrSize)) {
 #ifdef DEBUG
       LOG("...bind(%d) gave errno %d", mFd.get(), errno);
 #endif
       return;
     }
 
     if (listen(mFd.get(), 1)) {
 #ifdef DEBUG
       LOG("...listen(%d) gave errno %d", mFd.get(), errno);
 #endif
       return;
     }
 
   }
 
   int client_fd;
-  client_fd = accept(mFd.get(), &addr, &addr_sz);
+  client_fd = accept(mFd.get(), &mAddr, &mAddrSize);
   if (client_fd < 0) {
     EnqueueTask(SOCKET_RETRY_TIME_MS, new SocketAcceptTask(this));
     return;
   }
 
   if (!mConnector->SetUp(client_fd)) {
     NS_WARNING("Could not set up socket!");
     return;
@@ -474,22 +494,20 @@ UnixSocketImpl::Connect()
   {
     mFd = mConnector->Create();
     if (mFd.get() < 0) {
       return;
     }
   }
 
   int ret;
-  socklen_t addr_sz;
-  struct sockaddr addr;
 
-  mConnector->CreateAddr(false, addr_sz, &addr, mAddress.get());
+  mConnector->CreateAddr(false, mAddrSize, &mAddr, mAddress.get());
 
-  ret = connect(mFd.get(), &addr, addr_sz);
+  ret = connect(mFd.get(), &mAddr, mAddrSize);
 
   if (ret) {
 #if DEBUG
     LOG("Socket connect errno=%d\n", errno);
 #endif
     mFd.reset(-1);
     nsRefPtr<OnSocketEventTask> t =
       new OnSocketEventTask(this, OnSocketEventTask::CONNECT_ERROR);
@@ -689,16 +707,27 @@ UnixSocketImpl::OnFileCanWriteWithoutBlo
       return;
     }
     mOutgoingQ.RemoveElementAt(0);
     delete data;
   }
 }
 
 void
+UnixSocketConsumer::GetSocketAddr(nsAString& aAddrStr)
+{
+  if (!mImpl || mConnectionStatus != SOCKET_CONNECTED) {
+    NS_WARNING("No socket currently open!");
+    aAddrStr = nsString();
+    return;
+  }
+  mImpl->GetSocketAddr(aAddrStr);
+}
+
+void
 UnixSocketConsumer::NotifySuccess()
 {
   MOZ_ASSERT(NS_IsMainThread());
   mConnectionStatus = SOCKET_CONNECTED;
   OnConnectSuccess();
 }
 
 void
--- a/ipc/unixsocket/UnixSocket.h
+++ b/ipc/unixsocket/UnixSocket.h
@@ -96,16 +96,27 @@ public:
   /** 
    * Does any socket type specific setup that may be needed
    *
    * @param aFd File descriptor for opened socket
    *
    * @return true is successful, false otherwise
    */
   virtual bool SetUp(int aFd) = 0;
+
+  /** 
+   * Get address of socket we're currently connected to. Return null string if
+   * not connected.
+   *
+   * @param aAddr Address struct
+   * @param aAddrStr String to store address to
+   */
+  virtual void GetSocketAddr(const sockaddr& aAddr,
+                             nsAString& aAddrStr) = 0;
+
 };
 
 enum SocketConnectionStatus {
   SOCKET_DISCONNECTED = 0,
   SOCKET_CONNECTING = 1,
   SOCKET_CONNECTED = 2
 };
 
@@ -207,16 +218,22 @@ public:
    * Called by implementation to notify consumer of error.
    */
   void NotifyError();
 
   /** 
    * Called by implementation to notify consumer of disconnect.
    */
   void NotifyDisconnect();
+
+  /**
+   * Get the current sockaddr for the socket
+   */
+  void GetSocketAddr(nsAString& aAddrStr);
+
 private:
   UnixSocketImpl* mImpl;
   SocketConnectionStatus mConnectionStatus;
 };
 
 } // namespace ipc
 } // namepsace mozilla
 
--- a/js/src/build/autoconf/arch.m4
+++ b/js/src/build/autoconf/arch.m4
@@ -45,16 +45,20 @@ if test -z "$MOZ_ARCH"; then
         fi
         if test "$MOZ_PLATFORM_MAEMO" = 6; then
             MOZ_THUMB=yes
         fi
         ;;
     esac
 fi
 
+if test "$MOZ_ARCH" = "armv6" -a "$OS_TARGET" = "Android"; then
+   MOZ_FPU=vfp
+fi
+
 MOZ_ARG_WITH_STRING(thumb,
 [  --with-thumb[[=yes|no|toolchain-default]]]
 [                          Use Thumb instruction set (-mthumb)],
     if test -z "$GNU_CC"; then
         AC_MSG_ERROR([--with-thumb is not supported on non-GNU toolchains])
     fi
     MOZ_THUMB=$withval)
 
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -162,18 +162,18 @@ GetBuildConfiguration(JSContext *cx, uns
 }
 
 static JSBool
 GC(JSContext *cx, unsigned argc, jsval *vp)
 {
     /*
      * If the first argument is 'compartment', we collect any compartments
      * previously scheduled for GC via schedulegc. If the first argument is an
-     * object, we collect the object's compartment (any any other compartments
-     * scheduled for GC). Otherwise, we collect call compartments.
+     * object, we collect the object's compartment (and any other compartments
+     * scheduled for GC). Otherwise, we collect all compartments.
      */
     JSBool compartment = false;
     if (argc == 1) {
         Value arg = vp[2];
         if (arg.isString()) {
             if (!JS_StringEqualsAscii(cx, arg.toString(), "compartment", &compartment))
                 return false;
         } else if (arg.isObject()) {
--- a/js/src/config/rules.mk
+++ b/js/src/config/rules.mk
@@ -1111,18 +1111,18 @@ Makefile: Makefile.in
 	@$(PYTHON) $(DEPTH)/config.status -n --file=Makefile
 	@$(TOUCH) $@
 endif
 
 ifndef NO_SUBMAKEFILES_RULE
 ifdef SUBMAKEFILES
 # VPATH does not work on some machines in this case, so add $(srcdir)
 $(SUBMAKEFILES): % : $(srcdir)/%.in
-	$(PYTHON) $(DEPTH)$(addprefix /,$(subsrcdir))/config.status -n --file=$@
-	@$(TOUCH) $@
+	$(PYTHON) $(DEPTH)$(addprefix /,$(subsrcdir))/config.status -n --file="$@"
+	@$(TOUCH) "$@"
 endif
 endif
 
 ifdef AUTOUPDATE_CONFIGURE
 $(topsrcdir)/configure: $(topsrcdir)/configure.in
 	(cd $(topsrcdir) && $(AUTOCONF)) && $(PYTHON) $(DEPTH)/config.status -n --recheck
 endif
 
--- a/js/src/configure.in
+++ b/js/src/configure.in
@@ -162,16 +162,17 @@ if test -n "$gonkdir" ; then
     AS="$gonk_toolchain_prefix"as
     CC="$gonk_toolchain_prefix"gcc
     CXX="$gonk_toolchain_prefix"g++
     CPP="$gonk_toolchain_prefix"cpp
     LD="$gonk_toolchain_prefix"ld
     AR="$gonk_toolchain_prefix"ar
     RANLIB="$gonk_toolchain_prefix"ranlib
     STRIP="$gonk_toolchain_prefix"strip
+    OBJCOPY="$gonk_toolchain_prefix"objcopy
 
     STLPORT_CPPFLAGS="-I$gonkdir/external/stlport/stlport"
     STLPORT_LIBS="-lstlport"
 
     case "$target_cpu" in
     arm)
         ARCH_DIR=arch-arm
         ;;
--- a/js/src/frontend/BytecodeEmitter.cpp
+++ b/js/src/frontend/BytecodeEmitter.cpp
@@ -199,19 +199,19 @@ UpdateDepth(JSContext *cx, BytecodeEmitt
          */
         unsigned depth = (unsigned) bce->stackDepth +
                       ((cs->format & JOF_TMPSLOT_MASK) >> JOF_TMPSLOT_SHIFT);
         if (depth > bce->maxStackDepth)
             bce->maxStackDepth = depth;
     }
 
     /*
-     * Specially handle any case that would call js_GetIndexFromBytecode since
-     * it requires a well-formed script. This allows us to safely pass NULL as
-     * the 'script' parameter.
+     * Specially handle any case in which StackUses or StackDefs would call
+     * NumBlockSlots, since that requires a well-formed script. This allows us
+     * to safely pass NULL as the 'script' parameter to StackUses and StackDefs.
      */
     int nuses, ndefs;
     if (op == JSOP_ENTERBLOCK) {
         nuses = 0;
         ndefs = CurrentBlock(bce->topStmt).slotCount();
     } else if (op == JSOP_ENTERLET0) {
         nuses = ndefs = CurrentBlock(bce->topStmt).slotCount();
     } else if (op == JSOP_ENTERLET1) {
--- a/js/src/ion/Ion.cpp
+++ b/js/src/ion/Ion.cpp
@@ -751,147 +751,146 @@ ion::ToggleBarriers(JSCompartment *comp,
         if (script->hasIonScript())
             script->ion->toggleBarriers(needs);
     }
 }
 
 namespace js {
 namespace ion {
 
-bool
-CompileBackEnd(IonBuilder *builder)
+LIRGraph *
+CompileBackEnd(MIRGenerator *mir)
 {
     IonSpewPass("BuildSSA");
     // Note: don't call AssertGraphCoherency before SplitCriticalEdges,
     // the graph is not in RPO at this point.
 
-    MIRGraph &graph = builder->graph();
+    MIRGraph &graph = mir->graph();
 
-    if (!SplitCriticalEdges(builder, graph))
-        return false;
+    if (!SplitCriticalEdges(graph))
+        return NULL;
     IonSpewPass("Split Critical Edges");
     AssertGraphCoherency(graph);
 
     if (!RenumberBlocks(graph))
-        return false;
+        return NULL;
     IonSpewPass("Renumber Blocks");
     AssertGraphCoherency(graph);
 
     if (!BuildDominatorTree(graph))
-        return false;
+        return NULL;
     // No spew: graph not changed.
 
     // This must occur before any code elimination.
     if (!EliminatePhis(graph))
-        return false;
+        return NULL;
     IonSpewPass("Eliminate phis");
     AssertGraphCoherency(graph);
 
     if (!BuildPhiReverseMapping(graph))
-        return false;
+        return NULL;
     // No spew: graph not changed.
 
     // This pass also removes copies.
     if (!ApplyTypeInformation(graph))
-        return false;
+        return NULL;
     IonSpewPass("Apply types");
     AssertGraphCoherency(graph);
 
     // Alias analysis is required for LICM and GVN so that we don't move
     // loads across stores.
     if (js_IonOptions.licm || js_IonOptions.gvn) {
         AliasAnalysis analysis(graph);
         if (!analysis.analyze())
-            return false;
+            return NULL;
         IonSpewPass("Alias analysis");
         AssertGraphCoherency(graph);
     }
 
     if (js_IonOptions.edgeCaseAnalysis) {
         EdgeCaseAnalysis edgeCaseAnalysis(graph);
         if (!edgeCaseAnalysis.analyzeEarly())
-            return false;
+            return NULL;
         IonSpewPass("Edge Case Analysis (Early)");
         AssertGraphCoherency(graph);
     }
 
     if (js_IonOptions.gvn) {
         ValueNumberer gvn(graph, js_IonOptions.gvnIsOptimistic);
         if (!gvn.analyze())
-            return false;
+            return NULL;
         IonSpewPass("GVN");
         AssertGraphCoherency(graph);
     }
 
     if (js_IonOptions.rangeAnalysis) {
         RangeAnalysis r(graph);
         if (!r.addBetaNobes())
-            return false;
+            return NULL;
         IonSpewPass("Beta");
         AssertGraphCoherency(graph);
 
         if (!r.analyze())
-            return false;
+            return NULL;
         IonSpewPass("Range Analysis");
         AssertGraphCoherency(graph);
 
         if (!r.removeBetaNobes())
-            return false;
+            return NULL;
         IonSpewPass("De-Beta");
         AssertGraphCoherency(graph);
     }
 
     if (!EliminateDeadCode(graph))
-        return false;
+        return NULL;
     IonSpewPass("DCE");
     AssertGraphCoherency(graph);
 
     if (js_IonOptions.licm) {
         LICM licm(graph);
         if (!licm.analyze())
-            return false;
+            return NULL;
         IonSpewPass("LICM");
         AssertGraphCoherency(graph);
     }
 
     if (js_IonOptions.edgeCaseAnalysis) {
         EdgeCaseAnalysis edgeCaseAnalysis(graph);
         if (!edgeCaseAnalysis.analyzeLate())
-            return false;
+            return NULL;
         IonSpewPass("Edge Case Analysis (Late)");
         AssertGraphCoherency(graph);
     }
 
     // Note: bounds check elimination has to run after all other passes that
     // move instructions. Since bounds check uses are replaced with the actual
     // index, code motion after this pass could incorrectly move a load or
     // store before its bounds check.
     if (!EliminateRedundantBoundsChecks(graph))
-        return false;
+        return NULL;
     IonSpewPass("Bounds Check Elimination");
     AssertGraphCoherency(graph);
 
-    LIRGraph *lir = builder->temp().lifoAlloc()->new_<LIRGraph>(&graph);
+    LIRGraph *lir = mir->temp().lifoAlloc()->new_<LIRGraph>(&graph);
     if (!lir)
-        return false;
+        return NULL;
 
-    LIRGenerator lirgen(builder, graph, *lir);
+    LIRGenerator lirgen(mir, graph, *lir);
     if (!lirgen.generate())
-        return false;
+        return NULL;
     IonSpewPass("Generate LIR");
 
     if (js_IonOptions.lsra) {
         LinearScanAllocator regalloc(&lirgen, *lir);
         if (!regalloc.go())
-            return false;
+            return NULL;
         IonSpewPass("Allocate Registers", &regalloc);
     }
 
-    builder->lir = lir;
-    return true;
+    return lir;
 }
 
 class AutoDestroyAllocator
 {
     LifoAlloc *alloc;
 
   public:
     AutoDestroyAllocator(LifoAlloc *alloc) : alloc(alloc) {}
@@ -922,21 +921,21 @@ AttachFinishedCompilations(JSContext *cx
     OffThreadCompilationVector &compilations = ion->finishedOffThreadCompilations();
 
     // Incorporate any off thread compilations which have finished, failed or
     // have been cancelled, and destroy JM jitcode for any compilations which
     // succeeded, to allow entering the Ion code from the interpreter.
     while (!compilations.empty()) {
         IonBuilder *builder = compilations.popCopy();
 
-        if (builder->lir) {
+        if (builder->backgroundCompiledLir) {
             RootedScript script(cx, builder->script());
             IonContext ictx(cx, cx->compartment, &builder->temp());
 
-            CodeGenerator codegen(builder, *builder->lir);
+            CodeGenerator codegen(builder, *builder->backgroundCompiledLir);
 
             types::AutoEnterCompilation enterCompiler(cx, types::AutoEnterCompilation::Ion);
             enterCompiler.initExisting(builder->recompileInfo);
 
             bool success;
             {
                 // Release the worker thread lock and root the compiler for GC.
                 AutoTempAllocatorRooter root(cx, &builder->temp());
@@ -1028,22 +1027,23 @@ IonCompile(JSContext *cx, JSScript *scri
 
         // The allocator and associated data will be destroyed after being
         // processed in the finishedOffThreadCompilations list.
         autoDestroy.cancel();
 
         return true;
     }
 
-    if (!CompileBackEnd(builder)) {
+    LIRGraph *lir = CompileBackEnd(builder);
+    if (!lir) {
         IonSpew(IonSpew_Abort, "Failed during back-end compilation.");
         return false;
     }
 
-    CodeGenerator codegen(builder, *builder->lir);
+    CodeGenerator codegen(builder, *lir);
     if (!codegen.generate()) {
         IonSpew(IonSpew_Abort, "Failed during code generation.");
         return false;
     }
 
     IonSpewEndFunction();
 
     return true;
--- a/js/src/ion/Ion.h
+++ b/js/src/ion/Ion.h
@@ -247,18 +247,20 @@ void Invalidate(types::TypeCompartment &
 void Invalidate(JSContext *cx, const Vector<types::RecompileInfo> &invalid, bool resetUses = true);
 bool Invalidate(JSContext *cx, JSScript *script, bool resetUses = true);
 
 void MarkFromIon(JSCompartment *comp, Value *vp);
 
 void ToggleBarriers(JSCompartment *comp, bool needs);
 
 class IonBuilder;
+class MIRGenerator;
+class LIRGraph;
 
-bool CompileBackEnd(IonBuilder *builder);
+LIRGraph *CompileBackEnd(MIRGenerator *mir);
 void AttachFinishedCompilations(JSContext *cx);
 void FinishOffThreadBuilder(IonBuilder *builder);
 bool TestIonCompile(JSContext *cx, JSScript *script, JSFunction *fun, jsbytecode *osrPc, bool constructing);
 
 static inline bool IsEnabled(JSContext *cx)
 {
     return cx->hasRunOption(JSOPTION_ION) && cx->typeInferenceEnabled();
 }
--- a/js/src/ion/IonAnalysis.cpp
+++ b/js/src/ion/IonAnalysis.cpp
@@ -12,17 +12,17 @@
 
 using namespace js;
 using namespace js::ion;
 
 // A critical edge is an edge which is neither its successor's only predecessor
 // nor its predecessor's only successor. Critical edges must be split to
 // prevent copy-insertion and code motion from affecting other edges.
 bool
-ion::SplitCriticalEdges(MIRGenerator *gen, MIRGraph &graph)
+ion::SplitCriticalEdges(MIRGraph &graph)
 {
     for (MBasicBlockIterator block(graph.begin()); block != graph.end(); block++) {
         if (block->numSuccessors() < 2)
             continue;
         for (size_t i = 0; i < block->numSuccessors(); i++) {
             MBasicBlock *target = block->getSuccessor(i);
             if (target->numPredecessors() < 2)
                 continue;
--- a/js/src/ion/IonAnalysis.h
+++ b/js/src/ion/IonAnalysis.h
@@ -14,17 +14,17 @@
 
 namespace js {
 namespace ion {
 
 class MIRGenerator;
 class MIRGraph;
 
 bool
-SplitCriticalEdges(MIRGenerator *gen, MIRGraph &graph);
+SplitCriticalEdges(MIRGraph &graph);
 
 bool
 EliminatePhis(MIRGraph &graph);
 
 bool
 EliminateDeadCode(MIRGraph &graph);
 
 bool
--- a/js/src/ion/IonBuilder.cpp
+++ b/js/src/ion/IonBuilder.cpp
@@ -22,17 +22,17 @@
 
 using namespace js;
 using namespace js::ion;
 
 IonBuilder::IonBuilder(JSContext *cx, TempAllocator *temp, MIRGraph *graph,
                        TypeOracle *oracle, CompileInfo *info, size_t inliningDepth, uint32 loopDepth)
   : MIRGenerator(cx->compartment, temp, graph, info),
     recompileInfo(cx->compartment->types.compiledInfo),
-    lir(NULL),
+    backgroundCompiledLir(NULL),
     cx(cx),
     loopDepth_(loopDepth),
     callerResumePoint_(NULL),
     callerBuilder_(NULL),
     oracle(oracle),
     inliningDepth(inliningDepth),
     failedBoundsCheck_(info->script()->failedBoundsCheck),
     lazyArguments_(NULL)
--- a/js/src/ion/IonBuilder.h
+++ b/js/src/ion/IonBuilder.h
@@ -440,17 +440,17 @@ class IonBuilder : public MIRGenerator
     // A builder is inextricably tied to a particular script.
     HeapPtrScript script_;
 
   public:
     // Compilation index for this attempt.
     types::RecompileInfo const recompileInfo;
 
     // If off thread compilation is successful, final LIR is attached here.
-    LIRGraph *lir;
+    LIRGraph *backgroundCompiledLir;
 
     void clearForBackEnd();
 
     Return<JSScript*> script() const { return script_; }
 
   private:
     JSContext *cx;
 
--- a/js/src/ion/IonMacroAssembler.h
+++ b/js/src/ion/IonMacroAssembler.h
@@ -620,17 +620,17 @@ class MacroAssembler : public MacroAssem
 
         storePtr(ImmWord(str),    Address(temp, ProfileEntry::offsetOfString()));
         storePtr(ImmGCPtr(s),     Address(temp, ProfileEntry::offsetOfScript()));
         storePtr(ImmWord((void*) NULL),
                  Address(temp, ProfileEntry::offsetOfStackAddress()));
         store32(Imm32(ProfileEntry::NullPCIndex),
                 Address(temp, ProfileEntry::offsetOfPCIdx()));
 
-        /* Always increment the stack size, tempardless if we actually pushed */
+        /* Always increment the stack size, whether or not we actually pushed. */
         bind(&stackFull);
         movePtr(ImmWord(p->sizePointer()), temp);
         add32(Imm32(1), Address(temp, 0));
     }
 
     void spsPopFrame(SPSProfiler *p, Register temp) {
         movePtr(ImmWord(p->sizePointer()), temp);
         add32(Imm32(-1), Address(temp, 0));
--- a/js/src/ion/LIR.h
+++ b/js/src/ion/LIR.h
@@ -424,19 +424,20 @@ class LDefinition
     enum Type {
         GENERAL,    // Generic, integer or pointer-width data (GPR).
         OBJECT,     // Pointer that may be collected as garbage (GPR).
         DOUBLE,     // 64-bit point value (FPU).
 #ifdef JS_NUNBOX32
         // A type virtual register must be followed by a payload virtual
         // register, as both will be tracked as a single gcthing.
         TYPE,
-        PAYLOAD,
+        PAYLOAD
+#else
+        BOX         // Joined box, for punbox systems. (GPR, gcthing)
 #endif
-        BOX         // Joined box, for punbox systems. (GPR, gcthing)
     };
 
     void set(uint32 index, Type type, Policy policy) {
         JS_STATIC_ASSERT(MAX_VIRTUAL_REGISTERS <= VREG_MASK);
         bits_ = (index << VREG_SHIFT) | (policy << POLICY_SHIFT) | (type << TYPE_SHIFT);
     }
 
   public:
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug673468.js
@@ -0,0 +1,8 @@
+var g = newGlobal();
+var k = g.eval('var u = new Object(); u');
+var m = new WeakMap();
+m.set(k, {});
+k = null;
+gc();
+k = g.eval('u');
+assertEq(m.has(k), true);
--- a/js/src/jsapi.cpp
+++ b/js/src/jsapi.cpp
@@ -1598,16 +1598,17 @@ JS_TransplantObject(JSContext *cx, JSObj
         MOZ_CRASH();
 
     // Lastly, update the original object to point to the new one.
     if (origobj->compartment() != destination) {
         RootedObject newIdentityWrapper(cx, newIdentity);
         AutoCompartment ac(cx, origobj);
         if (!JS_WrapObject(cx, newIdentityWrapper.address()))
             MOZ_CRASH();
+        JS_ASSERT(Wrapper::wrappedObject(newIdentityWrapper) == newIdentity);
         if (!origobj->swap(cx, newIdentityWrapper))
             MOZ_CRASH();
         origobj->compartment()->crossCompartmentWrappers.put(ObjectValue(*newIdentity), origv);
     }
 
     // The new identity object might be one of several things. Return it to avoid
     // ambiguity.
     return newIdentity;
@@ -1687,16 +1688,17 @@ js_TransplantObjectWithWrapper(JSContext
         RootedObject reflectorGuts(cx, NewDeadProxyObject(cx, JS_GetGlobalForObject(cx, origobj)));
         if (!reflectorGuts || !origobj->swap(cx, reflectorGuts))
             MOZ_CRASH();
 
         // Turn origwrapper into a CCW to the new object.
         RootedObject wrapperGuts(cx, targetobj);
         if (!JS_WrapObject(cx, wrapperGuts.address()))
             MOZ_CRASH();
+        JS_ASSERT(Wrapper::wrappedObject(wrapperGuts) == targetobj);
         if (!origwrapper->swap(cx, wrapperGuts))
             MOZ_CRASH();
         origwrapper->compartment()->crossCompartmentWrappers.put(ObjectValue(*targetobj),
                                                                  ObjectValue(*origwrapper));
     }
 
     return newWrapper;
 }
--- a/js/src/jsapi.h
+++ b/js/src/jsapi.h
@@ -1878,16 +1878,19 @@ typedef void
  * a string describing the reference traced with JS_CallTracer.
  */
 typedef void
 (* JSTraceNamePrinter)(JSTracer *trc, char *buf, size_t bufsize);
 
 typedef JSBool
 (* JSEqualityOp)(JSContext *cx, JSHandleObject obj, JSHandleValue v, JSBool *bp);
 
+typedef JSRawObject
+(* JSWeakmapKeyDelegateOp)(JSRawObject obj);
+
 /*
  * Typedef for native functions called by the JS VM.
  *
  * See jsapi.h, the JS_CALLEE, JS_THIS, etc. macros.
  */
 
 typedef JSBool
 (* JSNative)(JSContext *cx, unsigned argc, jsval *vp);
--- a/js/src/jsclass.h
+++ b/js/src/jsclass.h
@@ -250,19 +250,32 @@ struct ClassExtension
     JSIteratorOp        iteratorObject;
     void               *unused;
 
     /*
      * isWrappedNative is true only if the class is an XPCWrappedNative.
      * WeakMaps use this to override the wrapper disposal optimization.
      */
     bool                isWrappedNative;
+
+    /*
+     * If an object is used as a key in a weakmap, it may be desirable for the
+     * garbage collector to keep that object around longer than it otherwise
+     * would. A common case is when the key is a wrapper around an object in
+     * another compartment, and we want to avoid collecting the wrapper (and
+     * removing the weakmap entry) as long as the wrapped object is alive. In
+     * that case, the wrapped object is returned by the wrapper's
+     * weakmapKeyDelegateOp hook. As long as the wrapper is used as a weakmap
+     * key, it will not be collected (and remain in the weakmap) until the
+     * wrapped object is collected.
+     */
+    JSWeakmapKeyDelegateOp weakmapKeyDelegateOp;
 };
 
-#define JS_NULL_CLASS_EXT   {NULL,NULL,NULL,NULL,NULL,false}
+#define JS_NULL_CLASS_EXT   {NULL,NULL,NULL,NULL,NULL,false,NULL}
 
 struct ObjectOps
 {
     LookupGenericOp     lookupGeneric;
     LookupPropOp        lookupProperty;
     LookupElementOp     lookupElement;
     LookupSpecialOp     lookupSpecial;
     DefineGenericOp     defineGeneric;
--- a/js/src/jsfriendapi.cpp
+++ b/js/src/jsfriendapi.cpp
@@ -527,16 +527,24 @@ js::VisitGrayWrapperTargets(JSCompartmen
 {
     for (WrapperMap::Enum e(comp->crossCompartmentWrappers); !e.empty(); e.popFront()) {
         gc::Cell *thing = e.front().key.wrapped;
         if (thing->isMarked(gc::GRAY))
             callback(closure, thing);
     }
 }
 
+JS_FRIEND_API(JSObject *)
+js::GetWeakmapKeyDelegate(JSObject *key)
+{
+    if (JSWeakmapKeyDelegateOp op = key->getClass()->ext.weakmapKeyDelegateOp)
+        return op(key);
+    return NULL;
+}
+
 JS_FRIEND_API(void)
 JS_SetAccumulateTelemetryCallback(JSRuntime *rt, JSAccumulateTelemetryDataCallback callback)
 {
     rt->telemetryCallback = callback;
 }
 
 JS_FRIEND_API(JSObject *)
 JS_CloneObject(JSContext *cx, JSObject *obj_, JSObject *proto_, JSObject *parent_)
--- a/js/src/jsfriendapi.h
+++ b/js/src/jsfriendapi.h
@@ -260,16 +260,19 @@ extern JS_FRIEND_API(bool)
 GCThingIsMarkedGray(void *thing);
 
 typedef void
 (GCThingCallback)(void *closure, void *gcthing);
 
 extern JS_FRIEND_API(void)
 VisitGrayWrapperTargets(JSCompartment *comp, GCThingCallback *callback, void *closure);
 
+extern JS_FRIEND_API(JSObject *)
+GetWeakmapKeyDelegate(JSObject *key);
+
 /*
  * Shadow declarations of JS internal structures, for access by inline access
  * functions below. Do not use these structures in any other way. When adding
  * new fields for access by inline methods, make sure to add static asserts to
  * the original header file to ensure that offsets are consistent.
  */
 namespace shadow {
 
--- a/js/src/jsproxy.cpp
+++ b/js/src/jsproxy.cpp
@@ -348,16 +348,22 @@ BaseProxyHandler::objectClassIs(JSObject
     return false;
 }
 
 void
 BaseProxyHandler::finalize(JSFreeOp *fop, JSObject *proxy)
 {
 }
 
+JSObject *
+BaseProxyHandler::weakmapKeyDelegate(JSObject *proxy)
+{
+    return NULL;
+}
+
 bool
 BaseProxyHandler::getPrototypeOf(JSContext *cx, JSObject *proxy, JSObject **proto)
 {
     // The default implementation here just uses proto of the proxy object.
     *proto = proxy->getTaggedProto().toObjectOrNull();
     return true;
 }
 
@@ -544,16 +550,22 @@ IndirectProxyHandler::iteratorNext(JSCon
         *vp = cx->iterValue;
         cx->iterValue = UndefinedValue();
     } else {
         *vp = MagicValue(JS_NO_ITER_VALUE);
     }
     return true;
 }
 
+JSObject *
+IndirectProxyHandler::weakmapKeyDelegate(JSObject *proxy)
+{
+    return UnwrapObject(proxy);
+}
+
 DirectProxyHandler::DirectProxyHandler(void *family)
   : IndirectProxyHandler(family)
 {
 }
 
 bool
 DirectProxyHandler::has(JSContext *cx, JSObject *proxy, jsid id, bool *bp)
 {
@@ -2852,29 +2864,35 @@ proxy_TraceFunction(JSTracer *trc, RawOb
 {
     // NB: If you add new slots here, make sure to change
     // js::NukeChromeCrossCompartmentWrappers to cope.
     MarkCrossCompartmentSlot(trc, &GetCall(obj), "call");
     MarkSlot(trc, &GetFunctionProxyConstruct(obj), "construct");
     proxy_TraceObject(trc, obj);
 }
 
+static JSObject *
+proxy_WeakmapKeyDelegate(RawObject obj)
+{
+    JS_ASSERT(obj->isProxy());
+    return GetProxyHandler(obj)->weakmapKeyDelegate(obj);
+}
+
 static JSBool
 proxy_Convert(JSContext *cx, HandleObject proxy, JSType hint, MutableHandleValue vp)
 {
     JS_ASSERT(proxy->isProxy());
     return Proxy::defaultValue(cx, proxy, hint, vp.address());
 }
 
 static void
 proxy_Finalize(FreeOp *fop, RawObject obj)
 {
     JS_ASSERT(obj->isProxy());
-    if (!obj->getSlot(JSSLOT_PROXY_HANDLER).isUndefined())
-        GetProxyHandler(obj)->finalize(fop, obj);
+    GetProxyHandler(obj)->finalize(fop, obj);
 }
 
 static JSBool
 proxy_HasInstance(JSContext *cx, HandleObject proxy, MutableHandleValue v, JSBool *bp)
 {
     bool b;
     if (!Proxy::hasInstance(cx, proxy, v, &b))
         return false;
@@ -2884,33 +2902,44 @@ proxy_HasInstance(JSContext *cx, HandleO
 
 static JSType
 proxy_TypeOf(JSContext *cx, HandleObject proxy)
 {
     JS_ASSERT(proxy->isProxy());
     return Proxy::typeOf(cx, proxy);
 }
 
+#define PROXY_CLASS_EXT                             \
+    {                                               \
+        NULL,                /* equality */         \
+        NULL,                /* outerObject */      \
+        NULL,                /* innerObject */      \
+        NULL,                /* iteratorObject */   \
+        NULL,                /* unused */           \
+        false,               /* isWrappedNative */  \
+        proxy_WeakmapKeyDelegate                    \
+    }
+
 JS_FRIEND_DATA(Class) js::ObjectProxyClass = {
     "Proxy",
     Class::NON_NATIVE | JSCLASS_IMPLEMENTS_BARRIERS | JSCLASS_HAS_RESERVED_SLOTS(4),
     JS_PropertyStub,         /* addProperty */
     JS_PropertyStub,         /* delProperty */
     JS_PropertyStub,         /* getProperty */
     JS_StrictPropertyStub,   /* setProperty */
     JS_EnumerateStub,
     JS_ResolveStub,
     proxy_Convert,
     proxy_Finalize,          /* finalize    */
     NULL,                    /* checkAccess */
     NULL,                    /* call        */
     proxy_HasInstance,       /* hasInstance */
     NULL,                    /* construct   */
     proxy_TraceObject,       /* trace       */
-    JS_NULL_CLASS_EXT,
+    PROXY_CLASS_EXT,
     {
         proxy_LookupGeneric,
         proxy_LookupProperty,
         proxy_LookupElement,
         proxy_LookupSpecial,
         proxy_DefineGeneric,
         proxy_DefineProperty,
         proxy_DefineElement,
@@ -2956,17 +2985,20 @@ JS_FRIEND_DATA(Class) js::OuterWindowPro
     NULL,                    /* call        */
     NULL,                    /* hasInstance */
     NULL,                    /* construct   */
     proxy_TraceObject,       /* trace       */
     {
         NULL,                /* equality    */
         NULL,                /* outerObject */
         proxy_innerObject,
-        NULL                 /* unused */
+        NULL,                /* iteratorObject */
+        NULL,                /* unused */
+        false,               /* isWrappedNative */
+        proxy_WeakmapKeyDelegate
     },
     {
         proxy_LookupGeneric,
         proxy_LookupProperty,
         proxy_LookupElement,
         proxy_LookupSpecial,
         proxy_DefineGeneric,
         proxy_DefineProperty,
@@ -3026,17 +3058,17 @@ JS_FRIEND_DATA(Class) js::FunctionProxyC
     JS_ResolveStub,
     JS_ConvertStub,
     proxy_Finalize,          /* finalize */
     NULL,                    /* checkAccess */
     proxy_Call,
     FunctionClass.hasInstance,
     proxy_Construct,
     proxy_TraceFunction,     /* trace       */
-    JS_NULL_CLASS_EXT,
+    PROXY_CLASS_EXT,
     {
         proxy_LookupGeneric,
         proxy_LookupProperty,
         proxy_LookupElement,
         proxy_LookupSpecial,
         proxy_DefineGeneric,
         proxy_DefineProperty,
         proxy_DefineElement,
--- a/js/src/jsproxy.h
+++ b/js/src/jsproxy.h
@@ -119,16 +119,19 @@ class JS_FRIEND_API(BaseProxyHandler) {
     virtual JSString *fun_toString(JSContext *cx, JSObject *proxy, unsigned indent);
     virtual bool regexp_toShared(JSContext *cx, JSObject *proxy, RegExpGuard *g);
     virtual bool defaultValue(JSContext *cx, JSObject *obj, JSType hint, Value *vp);
     virtual bool iteratorNext(JSContext *cx, JSObject *proxy, Value *vp);
     virtual void finalize(JSFreeOp *fop, JSObject *proxy);
     virtual bool getElementIfPresent(JSContext *cx, JSObject *obj, JSObject *receiver,
                                      uint32_t index, Value *vp, bool *present);
     virtual bool getPrototypeOf(JSContext *cx, JSObject *proxy, JSObject **protop);
+
+    /* See comment for weakmapKeyDelegateOp in jsclass.h. */
+    virtual JSObject *weakmapKeyDelegate(JSObject *proxy);
 };
 
 /*
  * IndirectProxyHandler assumes that a target exists. Moreover, it assumes the
  * target is a JSObject. Consequently, it provides default implementations for
  * the fundamental traps that forward their behavior to the target. The derived
  * traps, however, are inherited from BaseProxyHandler, and therefore still
  * implemented in terms of the fundamental ones. This allows consumers of this
@@ -171,16 +174,17 @@ class JS_PUBLIC_API(IndirectProxyHandler
     virtual JSString *fun_toString(JSContext *cx, JSObject *proxy,
                                    unsigned indent) MOZ_OVERRIDE;
     virtual bool regexp_toShared(JSContext *cx, JSObject *proxy,
                                  RegExpGuard *g) MOZ_OVERRIDE;
     virtual bool defaultValue(JSContext *cx, JSObject *obj, JSType hint,
                               Value *vp) MOZ_OVERRIDE;
     virtual bool iteratorNext(JSContext *cx, JSObject *proxy,
                               Value *vp) MOZ_OVERRIDE;
+    virtual JSObject *weakmapKeyDelegate(JSObject *proxy);
 };
 
 /*
  * DirectProxyHandler has the same assumptions about the target as its base,
  * IndirectProxyHandler. Its fundamental traps are inherited from this class,
  * and therefore forward their behavior to the target. The derived traps,
  * however, are overrided so that, they too, forward their behavior to the
  * target. This allows consumers of this class to forward to another object as
--- a/js/src/jsweakmap.cpp
+++ b/js/src/jsweakmap.cpp
@@ -103,24 +103,17 @@ GetObjectMap(JSObject *obj)
 static JSObject *
 GetKeyArg(JSContext *cx, CallArgs &args)
 {
     Value *vp = &args[0];
     if (vp->isPrimitive()) {
         JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NOT_NONNULL_OBJECT);
         return NULL;
     }
-    JSObject &key = vp->toObject();
-
-    // If the key is from another compartment, and we store the wrapper as the key
-    // the wrapper might be GC-ed since it is not strong referenced (Bug 673468).
-    // To avoid this we always use the unwrapped object as the key instead of its
-    // security wrapper. This also means that if the keys are ever exposed they must
-    // be re-wrapped (see: JS_NondeterministicGetWeakMapKeys).
-    return JS_UnwrapObject(&key);
+    return &vp->toObject();
 }
 
 JS_ALWAYS_INLINE bool
 IsWeakMap(const Value &v)
 {
     return v.isObject() && v.toObject().hasClass(&WeakMapClass);
 }
 
@@ -246,17 +239,17 @@ WeakMap_set_impl(JSContext *cx, CallArgs
             JS_ReportOutOfMemory(cx);
             return false;
         }
         thisObj->setPrivate(map);
     }
 
     // Preserve wrapped native keys to prevent wrapper optimization.
     if (key->getClass()->ext.isWrappedNative) {
-        MOZ_ASSERT(cx->runtime->preserveWrapperCallback, "wrapped native weak map key needs preserveWrapperCallback");
+        JS_ASSERT(cx->runtime->preserveWrapperCallback);
         if (!cx->runtime->preserveWrapperCallback(cx, key)) {
             JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_BAD_WEAKMAP_KEY);
             return false;
         }
     }
 
     if (!map->put(key, value)) {
         JS_ReportOutOfMemory(cx);
@@ -273,31 +266,30 @@ WeakMap_set(JSContext *cx, unsigned argc
 {
     CallArgs args = CallArgsFromVp(argc, vp);
     return CallNonGenericMethod<IsWeakMap, WeakMap_set_impl>(cx, args);
 }
 
 JS_FRIEND_API(JSBool)
 JS_NondeterministicGetWeakMapKeys(JSContext *cx, JSObject *obj, JSObject **ret)
 {
+    obj = UnwrapObject(obj);
     if (!obj || !obj->isWeakMap()) {
         *ret = NULL;
         return true;
     }
     RootedObject arr(cx, NewDenseEmptyArray(cx));
     if (!arr)
         return false;
     ObjectValueMap *map = GetObjectMap(obj);
     if (map) {
         for (ObjectValueMap::Base::Range r = map->all(); !r.empty(); r.popFront()) {
             RootedObject key(cx, r.front().key);
-            // Re-wrapping the key (see comment of GetKeyArg)
             if (!JS_WrapObject(cx, key.address()))
                 return false;
-
             if (!js_NewbornArrayPush(cx, arr, ObjectValue(*key)))
                 return false;
         }
     }
     *ret = arr;
     return true;
 }
 
--- a/js/src/jsweakmap.h
+++ b/js/src/jsweakmap.h
@@ -22,52 +22,20 @@ namespace js {
 // a key is collected, the table entry disappears, dropping its reference to the value.
 //
 // More precisely:
 //
 //     A WeakMap entry is collected if and only if either the WeakMap or the entry's key
 //     is collected. If an entry is not collected, it remains in the WeakMap and it has a
 //     strong reference to the value.
 //
-// You must call this table's 'mark' method when the object of which it is a part is
+// You must call this table's 'trace' method when the object of which it is a part is
 // reached by the garbage collection tracer. Once a table is known to be live, the
 // implementation takes care of the iterative marking needed for weak tables and removing
 // table entries when collection is complete.
-//
-// You may provide your own MarkPolicy class to specify how keys and values are marked; a
-// policy template provides default definitions for some common key/value type
-// combinations.
-//
-// Details:
-//
-// The interface is as for a js::HashMap, with the following additions:
-//
-// - You must call the WeakMap's 'trace' member function when you discover that the map is
-//   part of a live object. (You'll typically call this from the containing type's 'trace'
-//   function.)
-//
-// - There is no AllocPolicy parameter; these are used with our garbage collector, so
-//   RuntimeAllocPolicy is hard-wired.
-//
-// - Optional fourth and fifth parameters are the MarkPolicies for the key and value type.
-//   A MarkPolicy has the constructor:
-//
-//     MarkPolicy(JSTracer *)
-//
-//   and the following member functions:
-//
-//     bool isMarked(const Type &x)
-//        Return true if x has been marked as live by the garbage collector.
-//
-//     bool mark(Type &x)
-//        Return false if x is already marked. Otherwise, mark x and return true.
-//
-//   If omitted, the MarkPolicy parameter defaults to js::DefaultMarkPolicy<Type>,
-//   a policy template with the obvious definitions for some typical
-//   SpiderMonkey type combinations.
 
 // The value for the next pointer for maps not in the map list.
 static WeakMapBase * const WeakMapNotInList = reinterpret_cast<WeakMapBase *>(1);
 
 typedef Vector<WeakMapBase *, 0, SystemAllocPolicy> WeakMapVector;
 
 // Common base class for all WeakMap specializations. The collector uses this to call
 // their markIteratively and sweep methods.
@@ -165,26 +133,49 @@ class WeakMap : public HashMap<Key, Valu
         return true;
     }
 
     void nonMarkingTrace(JSTracer *trc) {
         for (Range r = Base::all(); !r.empty(); r.popFront())
             markValue(trc, &r.front().value);
     }
 
+    bool keyNeedsMark(JSObject *key) {
+        if (JSWeakmapKeyDelegateOp op = key->getClass()->ext.weakmapKeyDelegateOp) {
+            JSObject *delegate = op(key);
+            /*
+             * Check if the delegate is marked with any color to properly handle
+             * gray marking when the key's delegate is black and the map is
+             * gray.
+             */
+            return delegate && gc::IsObjectMarked(&delegate);
+        }
+        return false;
+    }
+
+    bool keyNeedsMark(gc::Cell *cell) {
+        return false;
+    }
+
     bool markIteratively(JSTracer *trc) {
         bool markedAny = false;
         for (Enum e(*this); !e.empty(); e.popFront()) {
             /* If the entry is live, ensure its key and value are marked. */
             Key prior(e.front().key);
             if (gc::IsMarked(const_cast<Key *>(&e.front().key))) {
                 if (markValue(trc, &e.front().value))
                     markedAny = true;
                 if (prior != e.front().key)
                     e.rekeyFront(e.front().key);
+            } else if (keyNeedsMark(e.front().key)) {
+                gc::Mark(trc, const_cast<Key *>(&e.front().key), "proxy-preserved WeakMap key");
+                if (prior != e.front().key)
+                    e.rekeyFront(e.front().key);
+                gc::Mark(trc, &e.front().value, "WeakMap entry");
+                markedAny = true;
             }
         }
         return markedAny;
     }
 
     void sweep(JSTracer *trc) {
         /* Remove all entries whose keys remain unmarked. */
         for (Enum e(*this); !e.empty(); e.popFront()) {
--- a/js/src/jsworkers.cpp
+++ b/js/src/jsworkers.cpp
@@ -290,17 +290,17 @@ WorkerThread::threadLoop()
         ionScript = builder->script();
 
         JS_ASSERT(ionScript->ion == ION_COMPILING_SCRIPT);
 
         state.unlock();
 
         {
             ion::IonContext ictx(NULL, ionScript->compartment(), &builder->temp());
-            ion::CompileBackEnd(builder);
+            builder->backgroundCompiledLir = ion::CompileBackEnd(builder);
         }
 
         state.lock();
 
         ionScript = NULL;
         FinishOffThreadIonCompile(builder);
 
         /*
--- a/js/src/shell/js.cpp
+++ b/js/src/shell/js.cpp
@@ -2518,16 +2518,23 @@ EvalInFrame(JSContext *cx, unsigned argc
     JSString *str = JSVAL_TO_STRING(argv[1]);
 
     bool saveCurrent = (argc >= 3 && JSVAL_IS_BOOLEAN(argv[2]))
                         ? !!(JSVAL_TO_BOOLEAN(argv[2]))
                         : false;
 
     JS_ASSERT(cx->hasfp());
 
+    /* This is a copy of CheckDebugMode. */
+    if (!JS_GetDebugMode(cx)) {
+        JS_ReportErrorFlagsAndNumber(cx, JSREPORT_ERROR, js_GetErrorMessage,
+                                     NULL, JSMSG_NEED_DEBUG_MODE);
+        return false;
+    }
+
     /* Debug-mode currently disables Ion compilation. */
     ScriptFrameIter fi(cx);
     for (uint32_t i = 0; i < upCount; ++i, ++fi) {
         if (!fi.interpFrame()->prev())
             break;
     }
 
     bool saved = false;
--- a/js/xpconnect/src/nsXPConnect.cpp
+++ b/js/xpconnect/src/nsXPConnect.cpp
@@ -393,31 +393,32 @@ struct NoteWeakMapChildrenTracer : publi
 {
     NoteWeakMapChildrenTracer(nsCycleCollectionTraversalCallback &cb)
         : mCb(cb)
     {
     }
     nsCycleCollectionTraversalCallback &mCb;
     JSObject *mMap;
     void *mKey;
+    void *mKeyDelegate;
 };
 
 static void
 TraceWeakMappingChild(JSTracer *trc, void **thingp, JSGCTraceKind kind)
 {
     MOZ_ASSERT(trc->callback == TraceWeakMappingChild);
     void *thing = *thingp;
     NoteWeakMapChildrenTracer *tracer =
         static_cast<NoteWeakMapChildrenTracer *>(trc);
     if (kind == JSTRACE_STRING)
         return;
     if (!xpc_IsGrayGCThing(thing) && !tracer->mCb.WantAllTraces())
         return;
     if (AddToCCKind(kind)) {
-        tracer->mCb.NoteWeakMapping(tracer->mMap, tracer->mKey, thing);
+        tracer->mCb.NoteWeakMapping(tracer->mMap, tracer->mKey, tracer->mKeyDelegate, thing);
     } else {
         JS_TraceChildren(trc, thing, kind);
     }
 }
 
 struct NoteWeakMapsTracer : public js::WeakMapTracer
 {
     NoteWeakMapsTracer(JSRuntime *rt, js::WeakMapTraceCallback cb,
@@ -450,21 +451,26 @@ TraceWeakMapping(js::WeakMapTracer *trc,
 
     // As an emergency fallback for non-debug builds, if the key is not
     // representable in the cycle collector graph, we treat it as marked.  This
     // can cause leaks, but is preferable to ignoring the binding, which could
     // cause the cycle collector to free live objects.
     if (!AddToCCKind(kkind))
         k = nullptr;
 
+    JSObject *kdelegate = NULL;
+    if (kkind == JSTRACE_OBJECT)
+        kdelegate = js::GetWeakmapKeyDelegate((JSObject *)k);
+
     if (AddToCCKind(vkind)) {
-        tracer->mCb.NoteWeakMapping(m, k, v);
+        tracer->mCb.NoteWeakMapping(m, k, kdelegate, v);
     } else {
         tracer->mChildTracer.mMap = m;
         tracer->mChildTracer.mKey = k;
+        tracer->mChildTracer.mKeyDelegate = kdelegate;
         JS_TraceChildren(&tracer->mChildTracer, v, vkind);
     }
 }
 
 nsresult
 nsXPConnect::BeginCycleCollection(nsCycleCollectionTraversalCallback &cb)
 {
     // It is important not to call GetSafeJSContext while on the
--- a/js/xpconnect/tests/chrome/Makefile.in
+++ b/js/xpconnect/tests/chrome/Makefile.in
@@ -57,16 +57,18 @@ MOCHITEST_CHROME_FILES = \
 		test_expandosharing.xul \
 		file_expandosharing.jsm \
 		test_getweakmapkeys.xul \
 		test_mozMatchesSelector.xul \
 		test_nodelists.xul \
 		test_precisegc.xul \
 		test_sandboxImport.xul \
 		test_weakmaps.xul \
+		test_weakmap_keys_preserved.xul \
+		test_weakmap_keys_preserved2.xul \
 		test_weakref.xul \
 		test_wrappers.xul \
 		$(NULL)
 
 # Disabled until this test gets updated to test the new proxy based
 # wrappers.
 #		test_wrappers-2.xul \
 
--- a/js/xpconnect/tests/chrome/test_bug801241.xul
+++ b/js/xpconnect/tests/chrome/test_bug801241.xul
@@ -27,16 +27,17 @@ https://bugzilla.mozilla.org/show_bug.cg
       win.location = win.location;
       ok(true, "Didn't throw setting from location");
     } catch (e) {
       ok(false, "Threw setting location from sandbox");
     }
   }
 
   function go() {
+    document.getElementById('ifr').onload = null;
     var sb = new Cu.Sandbox(this);
     sb.win = document.getElementById('ifr').contentWindow;
     sb.ok = ok;
     Cu.evalInSandbox('(' + sbCode.toSource() + ')()', sb);
     SimpleTest.finish();
   }
 
   ]]>
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/tests/chrome/test_weakmap_keys_preserved.xul
@@ -0,0 +1,37 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
+<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=673468
+-->
+<window title="Mozilla Bug "
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+
+  <!-- test results are displayed in the html:body -->
+  <body xmlns="http://www.w3.org/1999/xhtml">
+  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id="
+     target="_blank">Mozilla Bug 673468</a>
+  </body>
+
+  <!-- test code goes here -->
+  <script type="application/javascript">
+  <![CDATA[
+  /** Test for Bug 673468 **/
+
+  let Cc = Components.classes;
+  let Cu = Components.utils;
+  let Ci = Components.interfaces;
+
+  let system = Cc["@mozilla.org/systemprincipal;1"].createInstance();
+  let sandbox = Cu.Sandbox(system);
+  let map = sandbox.WeakMap();
+  let obj = {};
+  map.set(obj, {});
+
+  Cu.forceGC();
+
+  ok(map.has(obj), "Weakmap still contains our wrapper!");
+  ]]>
+  </script>
+</window>
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/tests/chrome/test_weakmap_keys_preserved2.xul
@@ -0,0 +1,84 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
+<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=673468
+-->
+<window title="Mozilla Bug "
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+
+  <!-- test results are displayed in the html:body -->
+  <body xmlns="http://www.w3.org/1999/xhtml">
+  <a id="testelem" href="https://bugzilla.mozilla.org/show_bug.cgi?id="
+     target="_blank">Mozilla Bug 673468</a>
+  </body>
+
+  <!-- test code goes here -->
+  <script type="application/javascript">
+  <![CDATA[
+  /** Test for Bug 673468 **/
+
+  let Cc = Components.classes;
+  let Cu = Components.utils;
+  let Ci = Components.interfaces;
+
+  SpecialPowers.DOMWindowUtils.garbageCollect();
+
+  let get_live_dom = function () {
+    return document.getElementById("testelem");
+  };
+
+  let wrappers_as_keys_test = function () {
+    let e = document.createEvent("MessageEvent");
+    e.initMessageEvent("foo", false, false, { dummy: document.createElement("foo") }, null, null, null);
+    window.eeeevent = e;
+
+    let live_dom = e.data.dummy;
+    let dead_dom = document.createElement("div");
+    let dead_child = document.createElement("div");
+    dead_dom.appendChild(dead_child);
+    is(dead_dom.children.length, 1, "children have wrong length");
+    let wrappee = new Object();
+
+    dead_dom.abcxyz = wrappee;
+
+    let system = Cc["@mozilla.org/systemprincipal;1"].createInstance();
+    let sandbox = Cu.Sandbox(system);
+
+    sandbox.wrapper = wrappee;
+    sandbox.value = dead_dom;
+    let map = Cu.evalInSandbox("wm = new WeakMap(); wm.set(wrapper, value); wm", sandbox);
+    sandbox.wrapper = null;
+    sandbox.value = null;
+
+    live_dom.xyzabc = {wrappee: wrappee, m: map, sb: sandbox};
+
+    let key = Cu.nondeterministicGetWeakMapKeys(map)[0];
+    let value = map.get(key);
+    is(value.children.length, 1, "children have wrong length");
+  }
+
+  wrappers_as_keys_test();
+
+  let check_wrappers_as_keys = function () {
+    let live_dom = window.eeeevent.data.dummy;
+    let live_map = live_dom.xyzabc.m;
+    let sandbox = live_dom.xyzabc.sb;
+    is(Cu.nondeterministicGetWeakMapKeys(live_map).length, 1,
+      "Map should not be empty.");
+    let key = Cu.nondeterministicGetWeakMapKeys(live_map)[0];
+    let value = live_map.get(key);
+    is(value.children.length, 1, "children have wrong length");
+  }
+
+  Cu.schedulePreciseGC(function () {
+    SpecialPowers.DOMWindowUtils.cycleCollect();
+    SpecialPowers.DOMWindowUtils.garbageCollect();
+
+    check_wrappers_as_keys();
+  });
+
+  ]]>
+  </script>
+</window>
--- a/layout/base/nsDisplayList.cpp
+++ b/layout/base/nsDisplayList.cpp
@@ -443,17 +443,18 @@ nsDisplayListBuilder::nsDisplayListBuild
       mAllowMergingAndFlattening(true),
       mWillComputePluginGeometry(false),
       mInTransform(false),
       mSyncDecodeImages(false),
       mIsPaintingToWindow(false),
       mHasDisplayPort(false),
       mHasFixedItems(false),
       mIsInFixedPosition(false),
-      mIsCompositingCheap(false)
+      mIsCompositingCheap(false),
+      mContainsPluginItem(false)
 {
   MOZ_COUNT_CTOR(nsDisplayListBuilder);
   PL_InitArenaPool(&mPool, "displayListArena", 1024,
                    NS_MAX(NS_ALIGNMENT_OF(void*),NS_ALIGNMENT_OF(double))-1);
 
   nsPresContext* pc = aReferenceFrame->PresContext();
   nsIPresShell *shell = pc->PresShell();
   if (pc->IsRenderingOnlySelection()) {
--- a/layout/base/nsDisplayList.h
+++ b/layout/base/nsDisplayList.h
@@ -577,16 +577,19 @@ public:
     } else {
       mGlassDisplayItem = aItem;
     }
   }
   bool NeedToForceTransparentSurfaceForItem(nsDisplayItem* aItem) {
     return aItem == mGlassDisplayItem;
   }
 
+  void SetContainsPluginItem() { mContainsPluginItem = true; }
+  bool ContainsPluginItem() { return mContainsPluginItem; }
+
 private:
   void MarkOutOfFlowFrameForDisplay(nsIFrame* aDirtyFrame, nsIFrame* aFrame,
                                     const nsRect& aDirtyRect);
 
   struct PresShellState {
     nsIPresShell* mPresShell;
     nsIFrame*     mCaretFrame;
     uint32_t      mFirstFrameMarkedForDisplay;
@@ -630,16 +633,17 @@ private:
   // under an nsDisplayTransform
   bool                           mInTransform;
   bool                           mSyncDecodeImages;
   bool                           mIsPaintingToWindow;
   bool                           mHasDisplayPort;
   bool                           mHasFixedItems;
   bool                           mIsInFixedPosition;
   bool                           mIsCompositingCheap;
+  bool                           mContainsPluginItem;
 };
 
 class nsDisplayItem;
 class nsDisplayList;
 /**
  * nsDisplayItems are put in singly-linked lists rooted in an nsDisplayList.
  * nsDisplayItemLink holds the link. The lists are linked from lowest to
  * highest in z-order.
--- a/layout/base/nsLayoutUtils.cpp
+++ b/layout/base/nsLayoutUtils.cpp
@@ -1297,17 +1297,21 @@ nsLayoutUtils::MatrixTransformPoint(cons
   return nsPoint(NSFloatPixelsToAppUnits(float(image.x), aFactor),
                  NSFloatPixelsToAppUnits(float(image.y), aFactor));
 }
 
 gfx3DMatrix
 nsLayoutUtils::GetTransformToAncestor(nsIFrame *aFrame, const nsIFrame *aAncestor)
 {
   nsIFrame* parent;
-  gfx3DMatrix ctm = aFrame->GetTransformMatrix(aAncestor, &parent);
+  gfx3DMatrix ctm;
+  if (aFrame == aAncestor) {
+    return ctm;
+  }
+  ctm = aFrame->GetTransformMatrix(aAncestor, &parent);
   while (parent && parent != aAncestor) {
     if (!parent->Preserves3DChildren()) {
       ctm.ProjectTo2D();
     }
     ctm = ctm * parent->GetTransformMatrix(aAncestor, &parent);
   }
   return ctm;
 }
--- a/layout/base/nsPresArena.cpp
+++ b/layout/base/nsPresArena.cpp
@@ -127,29 +127,29 @@ GetDesiredRegionSize()
 
 #define RESERVE_FAILED 0
 
 #else // Unix
 
 static void *
 ReserveRegion(uintptr_t region, uintptr_t size)
 {
-  return mmap((caddr_t)region, size, PROT_NONE, MAP_PRIVATE|MAP_ANON, -1, 0);
+  return mmap(reinterpret_cast<void*>(region), size, PROT_NONE, MAP_PRIVATE|MAP_ANON, -1, 0);
 }
 
 static void
 ReleaseRegion(void *region, uintptr_t size)
 {
-  munmap((caddr_t)region, size);
+  munmap(region, size);
 }
 
 static bool
 ProbeRegion(uintptr_t region, uintptr_t size)
 {
-  if (madvise((caddr_t)region, size, MADV_NORMAL)) {
+  if (madvise(reinterpret_cast<void*>(region), size, MADV_NORMAL)) {
     return true;
   } else {
     return false;
   }
 }
 
 static uintptr_t
 GetDesiredRegionSize()
--- a/layout/base/nsPresContext.cpp
+++ b/layout/base/nsPresContext.cpp
@@ -2539,31 +2539,30 @@ nsRootPresContext::ComputePluginGeometry
   }
 
   // Initially make the next state for each plugin descendant of aFrame be
   // "hidden". Plugins that are visible will have their next state set to
   // unhidden by nsDisplayPlugin::ComputeVisibility.
   mRegisteredPlugins.EnumerateEntries(SetPluginHidden, aFrame);
 
   nsIFrame* rootFrame = FrameManager()->GetRootFrame();
-  if (!rootFrame) {
-    return;
+
+  if (rootFrame && aBuilder->ContainsPluginItem()) {
+    aBuilder->SetForPluginGeometry();
+    aBuilder->SetAccurateVisibleRegions();
+    // Merging and flattening has already been done and we should not do it
+    // again. nsDisplayScroll(Info)Layer doesn't support trying to flatten
+    // again.
+    aBuilder->SetAllowMergingAndFlattening(false);
+    nsRegion region = rootFrame->GetVisualOverflowRectRelativeToSelf();
+    // nsDisplayPlugin::ComputeVisibility will automatically set a non-hidden
+    // widget configuration for the plugin, if it's visible.
+    aList->ComputeVisibilityForRoot(aBuilder, &region);
   }
 
-  aBuilder->SetForPluginGeometry();
-  aBuilder->SetAccurateVisibleRegions();
-  // Merging and flattening has already been done and we should not do it
-  // again. nsDisplayScroll(Info)Layer doesn't support trying to flatten
-  // again.
-  aBuilder->SetAllowMergingAndFlattening(false);
-  nsRegion region = rootFrame->GetVisualOverflowRectRelativeToSelf();
-  // nsDisplayPlugin::ComputeVisibility will automatically set a non-hidden
-  // widget configuration for the plugin, if it's visible.
-  aList->ComputeVisibilityForRoot(aBuilder, &region);
-
   InitApplyPluginGeometryTimer();
 }
 
 static void
 ApplyPluginGeometryUpdatesCallback(nsITimer *aTimer, void *aClosure)
 {
   static_cast<nsRootPresContext*>(aClosure)->ApplyPluginGeometryUpdates();
 }
--- a/layout/base/nsPresShell.cpp
+++ b/layout/base/nsPresShell.cpp
@@ -2993,36 +2993,35 @@ AccumulateFrameBounds(nsIFrame* aContain
                       nsIFrame* aFrame,
                       bool aUseWholeLineHeightForInlines,
                       nsRect& aRect,
                       bool& aHaveRect,
                       nsIFrame*& aPrevBlock,
                       nsAutoLineIterator& aLines,
                       int32_t& aCurLine)
 {
-  nsRect frameBounds = aFrame->GetRect() +
-    aFrame->GetParent()->GetOffsetTo(aContainerFrame);
+  nsIFrame* frame = aFrame;
+  nsRect frameBounds = nsRect(nsPoint(0, 0), aFrame->GetSize());
 
   // If this is an inline frame and either the bounds height is 0 (quirks
   // layout model) or aUseWholeLineHeightForInlines is set, we need to
   // change the top of the bounds to include the whole line.
   if (frameBounds.height == 0 || aUseWholeLineHeightForInlines) {
-    nsIAtom* frameType = NULL;
     nsIFrame *prevFrame = aFrame;
     nsIFrame *f = aFrame;
 
-    while (f &&
-           (frameType = f->GetType()) == nsGkAtoms::inlineFrame) {
+    while (f && f->IsFrameOfType(nsIFrame::eLineParticipant) &&
+           !f->IsTransformed() && !f->IsPositioned()) {
       prevFrame = f;
       f = prevFrame->GetParent();
     }
 
     if (f != aFrame &&
         f &&
-        frameType == nsGkAtoms::blockFrame) {
+        f->GetType() == nsGkAtoms::blockFrame) {
       // find the line containing aFrame and increase the top of |offset|.
       if (f != aPrevBlock) {
         aLines = f->GetLineIterator();
         aPrevBlock = f;
         aCurLine = 0;
       }
       if (aLines) {
         int32_t index = aLines->FindLineContaining(prevFrame, aCurLine);
@@ -3030,35 +3029,39 @@ AccumulateFrameBounds(nsIFrame* aContain
           aCurLine = index;
           nsIFrame *trash1;
           int32_t trash2;
           nsRect lineBounds;
           uint32_t trash3;
 
           if (NS_SUCCEEDED(aLines->GetLine(index, &trash1, &trash2,
                                            lineBounds, &trash3))) {
-            lineBounds += f->GetOffsetTo(aContainerFrame);
+            frameBounds += frame->GetOffsetTo(f);
+            frame = f;
             if (lineBounds.y < frameBounds.y) {
               frameBounds.height = frameBounds.YMost() - lineBounds.y;
               frameBounds.y = lineBounds.y;
             }
           }
         }
       }
     }
   }
 
+  nsRect transformedBounds = nsLayoutUtils::TransformFrameRectToAncestor(frame,
+    frameBounds, aContainerFrame);
+
   if (aHaveRect) {
     // We can't use nsRect::UnionRect since it drops empty rects on
     // the floor, and we need to include them.  (Thus we need
     // aHaveRect to know when to drop the initial value on the floor.)
-    aRect.UnionRectEdges(aRect, frameBounds);
+    aRect.UnionRectEdges(aRect, transformedBounds);
   } else {
     aHaveRect = true;
-    aRect = frameBounds;
+    aRect = transformedBounds;
   }
 }
 
 static bool
 ComputeNeedToScroll(nsIPresShell::WhenToScroll aWhenToScroll,
                     nscoord                    aLineSize,
                     nscoord                    aRectMin,
                     nscoord                    aRectMax,
@@ -3271,18 +3274,20 @@ PresShell::DoScrollContentIntoView()
 
   if (frame->GetStateBits() & NS_FRAME_FIRST_REFLOW) {
     // The reflow flush before this scroll got interrupted, and this frame's
     // coords and size are all zero, and it has no content showing anyway.
     // Don't bother scrolling to it.  We'll try again when we finish up layout.
     return;
   }
 
+  // Make sure we skip 'frame' ... if it's scrollable, we should use its
+  // scrollable ancestor as the container.
   nsIFrame* container =
-    nsLayoutUtils::GetClosestFrameOfType(frame, nsGkAtoms::scrollFrame);
+    nsLayoutUtils::GetClosestFrameOfType(frame->GetParent(), nsGkAtoms::scrollFrame);
   if (!container) {
     // nothing can be scrolled
     return;
   }
 
   ScrollIntoViewData* data = static_cast<ScrollIntoViewData*>(
     mContentToScrollTo->GetProperty(nsGkAtoms::scrolling));
   if (NS_UNLIKELY(!data)) {
@@ -3349,18 +3354,24 @@ PresShell::ScrollFrameRectIntoView(nsIFr
         didScroll = true;
       }
 
       // only scroll one container when this flag is set
       if (aFlags & nsIPresShell::SCROLL_FIRST_ANCESTOR_ONLY) {
         break;
       }
     }
-    rect += container->GetPosition();
-    nsIFrame* parent = container->GetParent();
+    nsIFrame* parent;
+    if (container->IsTransformed()) {
+      container->GetTransformMatrix(nullptr, &parent);
+      rect = nsLayoutUtils::TransformFrameRectToAncestor(container, rect, parent);
+    } else {
+      rect += container->GetPosition();
+      parent = container->GetParent();
+    }
     if (!parent && !(aFlags & nsIPresShell::SCROLL_NO_PARENT_FRAMES)) {
       nsPoint extraOffset(0,0);
       parent = nsLayoutUtils::GetCrossDocParentFrame(container, &extraOffset);
       if (parent) {
         int32_t APD = container->PresContext()->AppUnitsPerDevPixel();        
         int32_t parentAPD = parent->PresContext()->AppUnitsPerDevPixel();
         rect = rect.ConvertAppUnitsRoundOut(APD, parentAPD);
         rect += extraOffset;
--- a/layout/base/tests/cpp-tests/TestPoisonArea.cpp
+++ b/layout/base/tests/cpp-tests/TestPoisonArea.cpp
@@ -321,31 +321,31 @@ ExceptionHandler(PEXCEPTIONREPORTRECORD 
 #define LastErrMsg() (strerror(errno))
 
 static unsigned long _pagesize;
 #define PAGESIZE _pagesize
 
 static void *
 ReserveRegion(uintptr_t request, bool accessible)
 {
-  return mmap((caddr_t)request, PAGESIZE,
+  return mmap(reinterpret_cast<void*>(request), PAGESIZE,
               accessible ? PROT_READ|PROT_WRITE : PROT_NONE,
               MAP_PRIVATE|MAP_ANON, -1, 0);
 }
 
 static void
 ReleaseRegion(void *page)
 {
-  munmap((caddr_t)page, PAGESIZE);
+  munmap(page, PAGESIZE);
 }
 
 static bool
 ProbeRegion(uintptr_t page)
 {
-  if (madvise((caddr_t)page, PAGESIZE, MADV_NORMAL)) {
+  if (madvise(reinterpret_cast<void*>(page), PAGESIZE, MADV_NORMAL)) {
     return true;
   } else {
     return false;
   }
 }
 
 static int
 MakeRegionExecutable(void *page)
--- a/layout/base/tests/test_scroll_selection_into_view.html
+++ b/layout/base/tests/test_scroll_selection_into_view.html
@@ -35,16 +35,39 @@
                <body style='margin:0; overflow:hidden;'>
                  <div style='height:400px;'></div>
                  <div><span id='target4'
                             style='display:inline-block; vertical-align:top; height:300px;'>target4</span>
                  </div>
                  <div style='height:400px;'></div>">
   </iframe>
 </div>
+<div id="c5" style="overflow-y:scroll; width:200px; height:200px; position:absolute; top:400px; left:0;">
+  <div style="-moz-transform:translateY(400px); transform:translateY(400px)">
+    <span id="target5" style="display:inline-block; vertical-align:top; height:20px;">target</span>
+  </div>
+  <div style="height:800px;"></div>
+</div>
+<div id="c6" style="overflow-y:scroll; width:200px; height:200px; position:absolute; top:400px; left:200px;">
+  <div style="height:200px"></div>
+  <div style="height:100px; -moz-transform:scale(2); transform:scale(2)">
+    <span id="target6" style="display:inline-block; vertical-align:top; height:20px;">target</span>
+  </div>
+  <div style="height:800px;"></div>
+</div>
+<div id="c7" style="overflow-y:scroll; width:200px; height:200px; position:absolute; top:400px; left:400px;">
+  <div style="overflow:auto; height:200px; -moz-transform:translateY(400px); transform:translateY(400px)">
+    <div style="height:200px;"></div>
+    <div>
+      <span id="target7" style="display:inline-block; vertical-align:top; height:20px;">target</span>
+    </div>
+    <div style="height:800px;"></div>
+  </div>
+  <div style="height:800px;"></div>
+</div>
 
 <pre id="test">
 <script class="testbody" type="text/javascript">
 
 var ANCHOR = 0;
 var FOCUS = 1;
 
 function testCollapsed(id, vPercent, startAt, expected) {
@@ -96,16 +119,28 @@ function doTest() {
   testCollapsed("4", 100, 0, 500);
   testCollapsed("4", -1, 0, 400);
   testCollapsed("4", 0, 1000, 400);
   testCollapsed("4", 100, 1000, 500);
   // If the element can't be completely visible, we make the top edge
   // visible.
   testCollapsed("4", -1, 1000, 400);
 
+  // Test that scrolling a translated element into view takes
+  // account of the transform.
+  testCollapsed("5", 0, 0, 400);
+
+  // Test that scrolling a scaled element into view takes
+  // account of the transform.
+  testCollapsed("6", 0, 0, 150);
+
+  // Test that scrolling an element with a translated, scrolling container
+  // into view takes account of the transform.
+  testCollapsed("7", 0, 0, 400);
+
   SimpleTest.finish();
 }
 
 SimpleTest.waitForExplicitFinish();
 addLoadEvent(doTest);
 </script>
 </pre>
 </body>
--- a/layout/generic/nsIFrame.h
+++ b/layout/generic/nsIFrame.h
@@ -2047,17 +2047,21 @@ public:
    * Returns a transformation matrix that converts points in this frame's
    * coordinate space to points in some ancestor frame's coordinate space.
    * The frame decides which ancestor it will use as a reference point.
    * If this frame has no ancestor, aOutAncestor will be set to null.
    *
    * @param aStopAtAncestor don't look further than aStopAtAncestor. If null,
    *   all ancestors (including across documents) will be traversed.
    * @param aOutAncestor [out] The ancestor frame the frame has chosen.  If
-   *   this frame has no ancestor, *aOutAncestor will be set to null.
+   *   this frame has no ancestor, *aOutAncestor will be set to null. If
+   * this frame is not a root frame, then *aOutAncestor will be in the same
+   * document as this frame. If this frame IsTransformed(), then *aOutAncestor
+   * will be the parent frame (if not preserve-3d) or the nearest non-transformed
+   * ancestor (if preserve-3d).
    * @return A gfxMatrix that converts points in this frame's coordinate space
    *   into points in aOutAncestor's coordinate space.
    */
   gfx3DMatrix GetTransformMatrix(const nsIFrame* aStopAtAncestor,
                                  nsIFrame **aOutAncestor);
 
   /**
    * Bit-flags to pass to IsFrameOfType()
--- a/layout/generic/nsObjectFrame.h
+++ b/layout/generic/nsObjectFrame.h
@@ -115,16 +115,24 @@ public:
     mNextConfigurationClipRegion.Clear();
   }
   /**
    * Append the desired widget configuration to aConfigurations.
    */
   void GetWidgetConfiguration(nsTArray<nsIWidget::Configuration>* aConfigurations)
   {
     if (mWidget) {
+      if (!mWidget->GetParent()) {
+        // Plugin widgets should not be toplevel except when they're out of the
+        // document, in which case the plugin should not be registered for
+        // geometry updates and this should not be called. But apparently we
+        // have bugs where mWidget sometimes is toplevel here. Bail out.
+        NS_ERROR("Plugin widgets registered for geometry updates should not be toplevel");
+        return;
+      }
       nsIWidget::Configuration* configuration = aConfigurations->AppendElement();
       configuration->mChild = mWidget;
       configuration->mBounds = mNextConfigurationBounds;
       configuration->mClipRegion = mNextConfigurationClipRegion;
     }
   }
   /**
    * Called after all widget position/size/clip regions have been changed
@@ -294,16 +302,17 @@ private:
 };
 
 class nsDisplayPlugin : public nsDisplayItem {
 public:
   nsDisplayPlugin(nsDisplayListBuilder* aBuilder, nsIFrame* aFrame)
     : nsDisplayItem(aBuilder, aFrame)
   {
     MOZ_COUNT_CTOR(nsDisplayPlugin);
+    aBuilder->SetContainsPluginItem();
   }
 #ifdef NS_BUILD_REFCNT_LOGGING
   virtual ~nsDisplayPlugin() {
     MOZ_COUNT_DTOR(nsDisplayPlugin);
   }
 #endif
 
   virtual nsRect GetBounds(nsDisplayListBuilder* aBuilder, bool* aSnap) MOZ_OVERRIDE;
--- a/layout/generic/test/test_bug791616.html
+++ b/layout/generic/test/test_bug791616.html
@@ -30,17 +30,19 @@ var sel = window.getSelection();
 var smoothScrollPref = "general.smoothScroll";
 
 SimpleTest.waitForExplicitFinish();
 SpecialPowers.setBoolPref(smoothScrollPref, false);
 t.scrollTop = 0;
 var targetY = target.getBoundingClientRect().top;
 
 SimpleTest.waitForFocus(function() {
+  is(target.getBoundingClientRect().top, targetY, "Target should not have scrolled due to waitForFocus");
   t.focus();
+  is(target.getBoundingClientRect().top, targetY, "Target should not have scrolled due to focus change");
 
   // Move the caret to scroll it into view
   sel.collapse(target.firstChild, 2);
   synthesizeKey("VK_LEFT", {});
 
   // Delay until next repaint in case stuff is asynchronous. Also
   // take a trip through the event loop.
   setTimeout(function() {
--- a/layout/reftests/reftest-sanity/corners-2-ref.html
+++ b/layout/reftests/reftest-sanity/corners-2-ref.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML>
 <html>
 <body style="overflow:hidden">
-  <div style="width:1px; height:1px; background:lime; position:absolute; left:799px; top:0;"></div>
+  <div style="width:1px; height:1px; background:lime; position:absolute; left:599px; top:0;"></div>
 </body>
 </html>
--- a/layout/reftests/reftest-sanity/corners-2.html
+++ b/layout/reftests/reftest-sanity/corners-2.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML>
 <html>
 <body style="overflow:hidden">
-  <div style="width:1px; height:1px; background:red; position:absolute; left:799px; top:0;"></div>
+  <div style="width:1px; height:1px; background:red; position:absolute; left:599px; top:0;"></div>
 </body>
 </html>
--- a/layout/reftests/reftest-sanity/corners-3-ref.html
+++ b/layout/reftests/reftest-sanity/corners-3-ref.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML>
 <html>
 <body style="overflow:hidden">
-  <div style="width:1px; height:1px; background:lime; position:absolute; left:799px; top:999px;"></div>
+  <div style="width:1px; height:1px; background:lime; position:absolute; left:599px; top:599px;"></div>
 </body>
 </html>
--- a/layout/reftests/reftest-sanity/corners-3.html
+++ b/layout/reftests/reftest-sanity/corners-3.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML>
 <html>
 <body style="overflow:hidden">
-  <div style="width:1px; height:1px; background:red; position:absolute; left:799px; top:999px;"></div>
+  <div style="width:1px; height:1px; background:red; position:absolute; left:599px; top:599px;"></div>
 </body>
 </html>
--- a/layout/reftests/reftest-sanity/corners-4-ref.html
+++ b/layout/reftests/reftest-sanity/corners-4-ref.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML>
 <html>
 <body style="overflow:hidden">
-  <div style="width:1px; height:1px; background:lime; position:absolute; left:0; top:999px;"></div>
+  <div style="width:1px; height:1px; background:lime; position:absolute; left:0; top:599px;"></div>
 </body>
 </html>
--- a/layout/reftests/reftest-sanity/corners-4.html
+++ b/layout/reftests/reftest-sanity/corners-4.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML>
 <html>
 <body style="overflow:hidden">
-  <div style="width:1px; height:1px; background:red; position:absolute; left:0; top:999px;"></div>
+  <div style="width:1px; height:1px; background:red; position:absolute; left:0; top:599px;"></div>
 </body>
 </html>
--- a/media/webrtc/signaling/src/sipcc/core/gsm/gsm_sdp.c
+++ b/media/webrtc/signaling/src/sipcc/core/gsm/gsm_sdp.c
@@ -2648,17 +2648,16 @@ gsmsdp_negotiate_codec (fsmdef_dcb_t *dc
     boolean         usedtx;
     boolean         stereo;
     boolean         useinbandfec;
     boolean         cbr;
     boolean         found_codec = FALSE;
     int32_t         num_match_payloads = 0;
     int             payload = RTP_NONE;
     int             remote_dynamic_payload_type_value = RTP_NONE;
-    int             local_dynamic_payload_type_value = RTP_NONE;
     int32_t         payload_types_count = 0; // count for allocating right amout
                                              // of memory for media->paylaods
 
     if (!dcb_p || !sdp_p || !media) {
         return (RTP_NONE);
     }
 
     level = media->level;
@@ -2818,27 +2817,24 @@ gsmsdp_negotiate_codec (fsmdef_dcb_t *dc
     for (i = 0; i < num_master_types; i++) {
         for (j = 0; j < num_slave_types; j++) {
             if (GET_CODEC_TYPE(master_list_p[i]) == GET_CODEC_TYPE(slave_list_p[j])) {
                 payload = GET_CODEC_TYPE(slave_list_p[j]);
                 if (offer == TRUE) { // if remote SDP is an offer
                     /* we answer with same dynamic payload type value for a given dynamic payload type */
                     if (master_list_p == remote_media_types) {
                         remote_dynamic_payload_type_value = GET_DYN_PAYLOAD_TYPE_VALUE(master_list_p[i]);
-                        local_dynamic_payload_type_value = GET_DYN_PAYLOAD_TYPE_VALUE(master_list_p[i]);
                     } else {
                         remote_dynamic_payload_type_value = GET_DYN_PAYLOAD_TYPE_VALUE(slave_list_p[j]);
-                        local_dynamic_payload_type_value = GET_DYN_PAYLOAD_TYPE_VALUE(slave_list_p[j]);
                     }
                 } else { //if remote SDP is an answer
                       if (media->local_dynamic_payload_type_value == RTP_NONE ||
                           media->payload !=  media->previous_sdp.payload_type) {
                         /* If the the negotiated payload type is different from previous,
                            set it the local dynamic to payload type  as this is what we offered*/
-                        local_dynamic_payload_type_value =  media->payload;
                     }
                     /* remote answer may not use the value that we offered for a given dynamic payload type */
                     if (master_list_p == remote_media_types) {
                         remote_dynamic_payload_type_value = GET_DYN_PAYLOAD_TYPE_VALUE(master_list_p[i]);
                     } else {
                         remote_dynamic_payload_type_value = GET_DYN_PAYLOAD_TYPE_VALUE(slave_list_p[j]);
                     }
                 }
--- a/memory/build/mozjemalloc_compat.c
+++ b/memory/build/mozjemalloc_compat.c
@@ -6,20 +6,55 @@
 #include "jemalloc_types.h"
 
 #if defined(MOZ_NATIVE_JEMALLOC)
 #define wrap(a) a
 #else
 #define wrap(a) je_ ## a
 #endif
 
-extern MOZ_IMPORT_API(int)
+/*
+ *  CTL_* macros are from memory/jemalloc/src/src/stats.c with changes:
+ *  - drop `t' argument to avoid redundancy in calculating type size
+ *  - require `i' argument for arena number explicitly
+ */
+
+#define	CTL_GET(n, v) do {						\
+	size_t sz = sizeof(v);						\
+	wrap(mallctl)(n, &v, &sz, NULL, 0);				\
+} while (0)
+
+#define	CTL_I_GET(n, v, i) do {						\
+	size_t mib[6];							\
+	size_t miblen = sizeof(mib) / sizeof(mib[0]);			\
+	size_t sz = sizeof(v);						\
+	wrap(mallctlnametomib)(n, mib, &miblen);			\
+	mib[2] = i;							\
+	wrap(mallctlbymib)(mib, miblen, &v, &sz, NULL, 0);		\
+} while (0)
+
+MOZ_IMPORT_API(int)
 wrap(mallctl)(const char*, void*, size_t*, void*, size_t);
+MOZ_IMPORT_API(int)
+wrap(mallctlnametomib)(const char *name, size_t *mibp, size_t *miblenp);
+MOZ_IMPORT_API(int)
+wrap(mallctlbymib)(const size_t *mib, size_t miblen, void *oldp, size_t *oldlenp, void *newp, size_t newlen);
 
 MOZ_EXPORT_API(void)
 jemalloc_stats(jemalloc_stats_t *stats)
 {
-  size_t size = sizeof(stats->mapped);
-  wrap(mallctl)("stats.mapped", &stats->mapped, &size, NULL, 0);
-  wrap(mallctl)("stats.allocated", &stats->allocated, &size, NULL, 0);
-  stats->committed = -1;
-  stats->dirty = -1;
+  unsigned narenas;
+  size_t active, allocated, mapped, page, pdirty;
+
+  CTL_GET("arenas.narenas", narenas);
+  CTL_GET("arenas.page", page);
+  CTL_GET("stats.active", active);
+  CTL_GET("stats.allocated", allocated);
+  CTL_GET("stats.mapped", mapped);
+
+  /* get the summation for all arenas, i == narenas */
+  CTL_I_GET("stats.arenas.0.pdirty", pdirty, narenas);
+
+  stats->allocated = allocated;
+  stats->mapped = mapped;
+  stats->dirty = pdirty * page;
+  stats->committed = active + stats->dirty;
 }
--- a/mobile/android/app/mobile.js
+++ b/mobile/android/app/mobile.js
@@ -512,16 +512,17 @@ pref("editor.singleLine.pasteNewlines", 
 // threshold where a tap becomes a drag, in 1/240" reference pixels
 // The names of the preferences are to be in sync with nsEventStateManager.cpp
 pref("ui.dragThresholdX", 25);
 pref("ui.dragThresholdY", 25);
 
 pref("layers.acceleration.disabled", false);
 pref("layers.offmainthreadcomposition.enabled", true);
 pref("layers.async-video.enabled", true);
+pref("layers.progressive-paint", false);
 
 pref("notification.feature.enabled", true);
 
 // prevent tooltips from showing up
 pref("browser.chrome.toolbar_tips", false);
 pref("indexedDB.feature.enabled", true);
 pref("dom.indexedDB.warningQuota", 5);
 
--- a/mobile/android/base/BrowserApp.java
+++ b/mobile/android/base/BrowserApp.java
@@ -81,17 +81,17 @@ abstract public class BrowserApp extends
             t -= 1.0f;
             return t * t * t * t * t + 1.0f;
         }
     };
 
     private FindInPageBar mFindInPageBar;
 
     // We'll ask for feedback after the user launches the app this many times.
-    private static final int FEEDBACK_LAUNCH_COUNT = 10;
+    private static final int FEEDBACK_LAUNCH_COUNT = 15;
 
     @Override
     public void onTabChanged(Tab tab, Tabs.TabEvents msg, Object data) {
         switch(msg) {
             case LOCATION_CHANGE:
                 if (Tabs.getInstance().isSelectedTab(tab)) {
                     String url = tab.getURL();
                     if (url.equals("about:home"))
--- a/mobile/android/base/Makefile.in
+++ b/mobile/android/base/Makefile.in
@@ -261,16 +261,17 @@ DEFINES += \
   -DMOZ_UPDATE_CHANNEL=$(MOZ_UPDATE_CHANNEL) \
   -DANDROID_VERSION_CODE=$(ANDROID_VERSION_CODE) \
   -DMOZILLA_OFFICIAL=$(MOZILLA_OFFICIAL) \
   -DUA_BUILDID=$(UA_BUILDID) \
   -DMOZ_APP_BASENAME=$(MOZ_APP_BASENAME) \
   -DMOZ_APP_BUILDID=$(MOZ_APP_BUILDID) \
   -DMOZ_APP_ABI=$(TARGET_XPCOM_ABI) \
   -DMOZ_UPDATER=$(MOZ_UPDATER) \
+  -DMOZ_PKG_SPECIAL=$(MOZ_PKG_SPECIAL) \
   $(NULL)
 
 ifdef MOZ_LINKER_EXTRACT
 DEFINES += -DMOZ_LINKER_EXTRACT=1
 endif
 
 GARBAGE += \
   AndroidManifest.xml  \
--- a/mobile/android/base/MultiChoicePreference.java
+++ b/mobile/android/base/MultiChoicePreference.java
@@ -164,16 +164,22 @@ class MultiChoicePreference extends Dial
                 if (button.isEnabled() != enabled)
                     button.setEnabled(enabled);
             }
         });
     }
 
     @Override
     protected void onDialogClosed(boolean positiveResult) {
+        if (mPrevValues == null || mInitialValues == null) {
+            // Initialization is done asynchronously, so these values may not
+            // have been set before the dialog was closed.
+            return;
+        }
+
         if (!positiveResult) {
             // user cancelled; reset checkbox values to their previous state
             mValues = mPrevValues.clone();
             return;
         } else {
             mPrevValues = mValues.clone();
         }
 
--- a/mobile/android/base/Tabs.java
+++ b/mobile/android/base/Tabs.java
@@ -125,17 +125,17 @@ public class Tabs implements GeckoEventL
     public Tab selectTab(int id) {
         if (!mTabs.containsKey(id))
             return null;
 
         final Tab oldTab = getSelectedTab();
         final Tab tab = mTabs.get(id);
         // This avoids a NPE below, but callers need to be careful to
         // handle this case
-        if (tab == null)
+        if (tab == null || oldTab == tab)
             return null;
 
         mSelectedTab = tab;
         mActivity.runOnUiThread(new Runnable() { 
             public void run() {
                 mActivity.hideFormAssistPopup();
                 if (isSelectedTab(tab)) {
                     String url = tab.getURL();
--- a/mobile/android/base/TabsTray.java
+++ b/mobile/android/base/TabsTray.java
@@ -412,16 +412,17 @@ public class TabsTray extends LinearLayo
                     view.onTouchEvent(e);
                     return true;
                 }
 
                 case MotionEvent.ACTION_UP: {
                     if (mSwipeView == null)
                         break;
 
+                    cancelCheckForTap();
                     mSwipeView.setPressed(false);
 
                     if (!mSwiping) {
                         TabRow tab = (TabRow) mSwipeView.getTag();
                         Tabs.getInstance().selectTab(tab.id);
                         autoHidePanel();
                         break;
                     }
--- a/mobile/android/base/TextSelection.java
+++ b/mobile/android/base/TextSelection.java
@@ -49,32 +49,36 @@ class TextSelection extends Layer implem
     }
 
     void destroy() {
         unregisterEventListener("TextSelection:ShowHandles");
         unregisterEventListener("TextSelection:HideHandles");
         unregisterEventListener("TextSelection:PositionHandles");
     }
 
+    private TextSelectionHandle getHandle(String name) {
+        if (name.equals("START")) {
+            return mStartHandle;
+        } else if (name.equals("MIDDLE")) {
+            return mMiddleHandle;
+        } else {
+            return mEndHandle;
+        }
+    }
+
     public void handleMessage(String event, JSONObject message) {
         try {
             if (event.equals("TextSelection:ShowHandles")) {
                 final JSONArray handles = message.getJSONArray("handles");
                 GeckoApp.mAppContext.mMainHandler.post(new Runnable() {
                     public void run() {
                         try {
                             for (int i=0; i < handles.length(); i++) {
                                 String handle = handles.getString(i);
-
-                                if (handle.equals("START"))
-                                    mStartHandle.setVisibility(View.VISIBLE);
-                                else if (handle.equals("MIDDLE"))
-                                    mMiddleHandle.setVisibility(View.VISIBLE);
-                                else
-                                    mEndHandle.setVisibility(View.VISIBLE);
+                                getHandle(handle).setVisibility(View.VISIBLE);
                             }
 
                             mViewLeft = 0.0f;
                             mViewTop = 0.0f;
                             mViewZoom = 0.0f;
                             LayerView layerView = GeckoApp.mAppContext.getLayerView();
                             if (layerView != null) {
                                 layerView.addLayer(TextSelection.this);
@@ -89,45 +93,36 @@ class TextSelection extends Layer implem
                         try {
                             LayerView layerView = GeckoApp.mAppContext.getLayerView();
                             if (layerView != null) {
                                 layerView.removeLayer(TextSelection.this);
                             }
 
                             for (int i=0; i < handles.length(); i++) {
                                 String handle = handles.getString(i);
-                                if (handle.equals("START"))
-                                    mStartHandle.setVisibility(View.GONE);
-                                else if (handle.equals("MIDDLE"))
-                                    mMiddleHandle.setVisibility(View.GONE);
-                                else
-                                    mEndHandle.setVisibility(View.GONE);
+                                getHandle(handle).setVisibility(View.GONE);
                             }
 
                         } catch(Exception e) {}
                     }
                 });
             } else if (event.equals("TextSelection:PositionHandles")) {
                 final JSONArray positions = message.getJSONArray("positions");
                 GeckoApp.mAppContext.mMainHandler.post(new Runnable() {
                     public void run() {
                         try {
                             for (int i=0; i < positions.length(); i++) {
                                 JSONObject position = positions.getJSONObject(i);
-                                String handle = position.getString("handle");
                                 int left = position.getInt("left");
                                 int top = position.getInt("top");
 
-                                if (handle.equals("START"))
-                                    mStartHandle.positionFromGecko(left, top);
-                                else if (handle.equals("MIDDLE"))
-                                    mMiddleHandle.positionFromGecko(left, top);
-                                else
-                                    mEndHandle.positionFromGecko(left, top);
-                             }
+                                TextSelectionHandle handle = getHandle(position.getString("handle"));
+                                handle.setVisibility(position.getBoolean("hidden") ? View.GONE : View.VISIBLE);
+                                handle.positionFromGecko(left, top);
+                            }
                         } catch (Exception e) { }
                     }
                 });
             }
         } catch (Exception e) {
             Log.e(LOGTAG, "Exception handling message \"" + event + "\":", e);
         }
     }
--- a/mobile/android/base/gfx/BufferedCairoImage.java
+++ b/mobile/android/base/gfx/BufferedCairoImage.java
@@ -3,25 +3,28 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 package org.mozilla.gecko.gfx;
 
 import org.mozilla.gecko.mozglue.DirectBufferAllocator;
 
 import android.graphics.Bitmap;
+import android.util.Log;
 
 import java.nio.ByteBuffer;
 
 /** A Cairo image that simply saves a buffer of pixel data. */
 public class BufferedCairoImage extends CairoImage {
     private ByteBuffer mBuffer;
     private IntSize mSize;
     private int mFormat;
 
+    private static String LOGTAG = "GeckoBufferedCairoImage";
+
     /** Creates a buffered Cairo image from a byte buffer. */
     public BufferedCairoImage(ByteBuffer inBuffer, int inWidth, int inHeight, int inFormat) {
         setBuffer(inBuffer, inWidth, inHeight, inFormat);
     }
 
     /** Creates a buffered Cairo image from an Android bitmap. */
     public BufferedCairoImage(Bitmap bitmap) {
         setBitmap(bitmap);
@@ -36,16 +39,25 @@ public class BufferedCairoImage extends 
         try {
             freeBuffer();
         } finally {
             super.finalize();
         }
     }
 
     @Override
+    public void destroy() {
+        try {
+            freeBuffer();
+        } catch (Exception ex) {
+            Log.e(LOGTAG, "error clearing buffer: ", ex);
+        }
+    }
+
+    @Override
     public ByteBuffer getBuffer() { return mBuffer; }
     @Override
     public IntSize getSize() { return mSize; }
     @Override
     public int getFormat() { return mFormat; }
 
 
     public void setBuffer(ByteBuffer buffer, int width, int height, int format) {
--- a/mobile/android/base/gfx/CairoImage.java
+++ b/mobile/android/base/gfx/CairoImage.java
@@ -8,16 +8,18 @@ package org.mozilla.gecko.gfx;
 import java.nio.ByteBuffer;
 
 /*
  * A bitmap with pixel data in one of the formats that Cairo understands.
  */
 public abstract class CairoImage {
     public abstract ByteBuffer getBuffer();
 
+    public abstract void destroy();
+
     public abstract IntSize getSize();
     public abstract int getFormat();
 
     public static final int FORMAT_INVALID = -1;
     public static final int FORMAT_ARGB32 = 0;
     public static final int FORMAT_RGB24 = 1;
     public static final int FORMAT_A8 = 2;
     public static final int FORMAT_A1 = 3;
--- a/mobile/android/base/gfx/CheckerboardImage.java
+++ b/mobile/android/base/gfx/CheckerboardImage.java
@@ -3,32 +3,35 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 package org.mozilla.gecko.gfx;
 
 import org.mozilla.gecko.mozglue.DirectBufferAllocator;
 
 import android.graphics.Color;
+import android.util.Log;
 
 import java.nio.ByteBuffer;
 import java.nio.ShortBuffer;
 import java.util.Arrays;
 
 /** A Cairo image that displays a tinted checkerboard. */
 public class CheckerboardImage extends CairoImage {
     // The width and height of the checkerboard tile.
     private static final int SIZE = 16;
     // The pixel format of the checkerboard tile.
     private static final int FORMAT = CairoImage.FORMAT_RGB16_565;
     // The color to mix in to tint the background color.
     private static final int TINT_COLOR = Color.GRAY;
     // The amount to mix in.
     private static final float TINT_OPACITY = 0.4f;
 
+    private static String LOGTAG = "GeckoCheckerboardImage";
+
     private ByteBuffer mBuffer;
     private int mMainColor;
     private boolean mShowChecks;
 
     /** Creates a new checkerboard image. */
     public CheckerboardImage() {
         int bpp = CairoUtils.bitsPerPixelForCairoFormat(FORMAT);
         mBuffer = DirectBufferAllocator.allocate(SIZE * SIZE * bpp / 8);
@@ -117,16 +120,26 @@ public class CheckerboardImage extends C
             DirectBufferAllocator.free(mBuffer);
             mBuffer = null;
         } finally {
             super.finalize();
         }
     }
 
     @Override
+    public void destroy() {
+        try {
+            DirectBufferAllocator.free(mBuffer);
+            mBuffer = null;
+        } catch (Exception ex) {
+            Log.e(LOGTAG, "error clearing buffer: ", ex);
+        }
+    }
+
+    @Override
     public ByteBuffer getBuffer() {
         return mBuffer;
     }
 
     @Override
     public IntSize getSize() {
         return new IntSize(SIZE, SIZE);
     }
--- a/mobile/android/base/gfx/GeckoLayerClient.java
+++ b/mobile/android/base/gfx/GeckoLayerClient.java
@@ -492,16 +492,22 @@ public class GeckoLayerClient
             // At this point, we have just switched to displaying a different document than we
             // we previously displaying. This means we need to abort any panning/zooming animations
             // that are in progress and send an updated display port request to browser.js as soon
             // as possible. We accomplish this by passing true to abortPanZoomAnimation, which
             // sends the request after aborting the animation. The display port request is actually
             // a full viewport update, which is fine because if browser.js has somehow moved to
             // be out of sync with this first-paint viewport, then we force them back in sync.
             abortPanZoomAnimation();
+
+            // Indicate that the document is about to be composited so the
+            // LayerView background can be removed.
+            if (mView.getPaintState() == LayerView.PAINT_START) {
+                mView.setPaintState(LayerView.PAINT_BEFORE_FIRST);
+            }
         }
         DisplayPortCalculator.resetPageState();
         mDrawTimingQueue.reset();
         mView.getRenderer().resetCheckerboard();
         ScreenshotHandler.screenshotWholePage(Tabs.getInstance().getSelectedTab());
     }
 
     /** This function is invoked by Gecko via JNI; be careful when modifying signature.
--- a/mobile/android/base/gfx/LayerRenderer.java
+++ b/mobile/android/base/gfx/LayerRenderer.java
@@ -1,16 +1,18 @@
 /* -*- Mode: Java; c-basic-offset: 4; tab-width: 20; indent-tabs-mode: nil; -*-
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 package org.mozilla.gecko.gfx;
 
 import org.mozilla.gecko.GeckoAppShell;
+import org.mozilla.gecko.Tab;
+import org.mozilla.gecko.Tabs;
 import org.mozilla.gecko.gfx.Layer.RenderContext;
 import org.mozilla.gecko.mozglue.DirectBufferAllocator;
 
 import android.content.Context;
 import android.content.SharedPreferences;
 import android.graphics.Color;
 import android.graphics.Point;
 import android.graphics.Rect;
@@ -27,17 +29,17 @@ import java.nio.FloatBuffer;
 import java.nio.IntBuffer;
 import java.util.concurrent.CopyOnWriteArrayList;
 
 import javax.microedition.khronos.egl.EGLConfig;
 
 /**
  * The layer renderer implements the rendering logic for a layer view.
  */
-public class LayerRenderer {
+public class LayerRenderer implements Tabs.OnTabsChangedListener {
     private static final String LOGTAG = "GeckoLayerRenderer";
     private static final String PROFTAG = "GeckoLayerRendererProf";
 
     /*
      * The amount of time a frame is allowed to take to render before we declare it a dropped
      * frame.
      */
     private static final int MAX_FRAME_TIME = 16;   /* 1000 ms / 60 FPS */
@@ -161,29 +163,45 @@ public class LayerRenderer {
         mFrameTimings = new int[60];
         mCurrentFrame = mFrameTimingsSum = mDroppedFrames = 0;
 
         // Initialize the FloatBuffer that will be used to store all vertices and texture
         // coordinates in draw() commands.
         mCoordByteBuffer = DirectBufferAllocator.allocate(COORD_BUFFER_SIZE * 4);
         mCoordByteBuffer.order(ByteOrder.nativeOrder());
         mCoordBuffer = mCoordByteBuffer.asFloatBuffer();
+
+        Tabs.registerOnTabsChangedListener(this);
     }
 
     @Override
     protected void finalize() throws Throwable {
         try {
             DirectBufferAllocator.free(mCoordByteBuffer);
             mCoordByteBuffer = null;
             mCoordBuffer = null;
         } finally {
             super.finalize();
         }
     }
 
+    public void destroy() {
+        DirectBufferAllocator.free(mCoordByteBuffer);
+        mCoordByteBuffer = null;
+        mCoordBuffer = null;
+        mScreenshotLayer.destroy();
+        mBackgroundLayer.destroy();
+        mShadowLayer.destroy();
+        mHorizScrollLayer.destroy();
+        mVertScrollLayer.destroy();
+        if (mFrameRateLayer != null) {
+            mFrameRateLayer.destroy();
+        }
+    }
+
     void onSurfaceCreated(EGLConfig config) {
         checkMonitoringEnabled();
         createDefaultProgram();
         activateDefaultProgram();
     }
 
     public void createDefaultProgram() {
         int vertexShader = loadShader(GLES20.GL_VERTEX_SHADER, DEFAULT_VERTEX_SHADER);
@@ -664,20 +682,34 @@ public class LayerRenderer {
                     pixelBuffer.position(0);
                     GLES20.glReadPixels(0, 0, (int)mScreenContext.viewport.width(),
                                         (int)mScreenContext.viewport.height(), GLES20.GL_RGBA,
                                         GLES20.GL_UNSIGNED_BYTE, pixelBuffer);
                     pixelBuffer.notify();
                 }
             }
 
-            // Remove white screen once we've painted
+            // Remove background color once we've painted. GeckoLayerClient is
+            // responsible for setting this flag before current document is
+            // composited.
             if (mView.getPaintState() == LayerView.PAINT_BEFORE_FIRST) {
                 mView.post(new Runnable() {
                     public void run() {
                         mView.getChildAt(0).setBackgroundColor(Color.TRANSPARENT);
                     }
                 });
                 mView.setPaintState(LayerView.PAINT_AFTER_FIRST);
             }
         }
     }
+
+    @Override
+    public void onTabChanged(final Tab tab, Tabs.TabEvents msg, Object data) {
+        // Sets the background of the newly selected tab. This background color
+        // gets cleared in endDrawing(). This function runs on the UI thread,
+        // but other code that touches the paint state is run on the compositor
+        // thread, so this may need to be changed if any problems appear.
+        if (msg == Tabs.TabEvents.SELECTED) {
+            mView.getChildAt(0).setBackgroundColor(tab.getCheckerboardColor());
+            mView.setPaintState(LayerView.PAINT_START);
+        }
+    }
 }
--- a/mobile/android/base/gfx/LayerView.java
+++ b/mobile/android/base/gfx/LayerView.java
@@ -55,18 +55,19 @@ public class LayerView extends FrameLayo
     private boolean mCheckerboardShouldShowChecks;
 
     private SurfaceView mSurfaceView;
     private TextureView mTextureView;
 
     private Listener mListener;
 
     /* Flags used to determine when to show the painted surface. */
-    public static final int PAINT_BEFORE_FIRST = 0;
-    public static final int PAINT_AFTER_FIRST = 1;
+    public static final int PAINT_START = 0;
+    public static final int PAINT_BEFORE_FIRST = 1;
+    public static final int PAINT_AFTER_FIRST = 2;
 
     public boolean shouldUseTextureView() {
         // Disable TextureView support for now as it causes panning/zooming
         // performance regressions (see bug 792259). Uncomment the code below
         // once this bug is fixed.
         return false;
 
         /*
@@ -85,17 +86,17 @@ public class LayerView extends FrameLayo
             return false;
         } */
     }
 
     public LayerView(Context context, AttributeSet attrs) {
         super(context, attrs);
 
         mGLController = new GLController(this);
-        mPaintState = PAINT_BEFORE_FIRST;
+        mPaintState = PAINT_START;
         mCheckerboardColor = Color.WHITE;
         mCheckerboardShouldShowChecks = true;
     }
 
     public void initializeView(EventDispatcher eventDispatcher) {
         mLayerClient = new GeckoLayerClient(getContext(), this, eventDispatcher);
 
         mTouchEventHandler = new TouchEventHandler(getContext(), this, mLayerClient);
@@ -107,16 +108,19 @@ public class LayerView extends FrameLayo
 
         GeckoAccessibility.setDelegate(this);
     }
 
     public void destroy() {
         if (mLayerClient != null) {
             mLayerClient.destroy();
         }
+        if (mRenderer != null) {
+            mRenderer.destroy();
+        }
     }
 
     @Override
     public boolean onTouchEvent(MotionEvent event) {
         if (event.getActionMasked() == MotionEvent.ACTION_DOWN)
             requestFocus();
 
         /** We need to manually hide FormAssistPopup because it is not a regular PopupWindow. */
--- a/mobile/android/base/gfx/ScreenshotLayer.java
+++ b/mobile/android/base/gfx/ScreenshotLayer.java
@@ -110,16 +110,26 @@ public class ScreenshotLayer extends Sin
             try {
                 DirectBufferAllocator.free(mBuffer);
                 mBuffer = null;
             } finally {
                 super.finalize();
             }
         }
 
+        @Override
+        public void destroy() {
+            try {
+                DirectBufferAllocator.free(mBuffer);
+                mBuffer = null;
+            } catch (Exception ex) {
+                Log.e(LOGTAG, "error clearing buffers: ", ex);
+            }
+        }
+
         void copyBuffer(ByteBuffer src, ByteBuffer dst, Rect rect, int stride) {
             int start = (rect.top * stride) + (rect.left * BYTES_FOR_16BPP);
             int end = ((rect.bottom - 1) * stride) + (rect.right * BYTES_FOR_16BPP);
             // clamp stuff just to be safe
             start = Math.max(0, Math.min(dst.limit(), Math.min(src.limit(), start)));
             end = Math.max(start, Math.min(dst.limit(), Math.min(src.capacity(), end)));
             dst.position(start);
             src.position(start).limit(end);
--- a/mobile/android/base/gfx/TileLayer.java
+++ b/mobile/android/base/gfx/TileLayer.java
@@ -2,16 +2,17 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 package org.mozilla.gecko.gfx;
 
 import android.graphics.Rect;
 import android.opengl.GLES20;
+import android.util.Log;
 
 import java.nio.ByteBuffer;
 
 /**
  * Base class for tile layers, which encapsulate the logic needed to draw textured tiles in OpenGL
  * ES.
  */
 public abstract class TileLayer extends Layer {
@@ -45,16 +46,26 @@ public abstract class TileLayer extends 
         try {
             if (mTextureIDs != null)
                 TextureReaper.get().add(mTextureIDs);
         } finally {
             super.finalize();
         }
     }
 
+    public void destroy() {
+        try {
+            if (mImage != null) {
+                mImage.destroy();
+            }
+        } catch (Exception ex) {
+            Log.e(LOGTAG, "error clearing buffers: ", ex);
+        }
+    }
+
     public void setPaintMode(PaintMode mode) {
         mPaintMode = mode;
     }
 
     /**
      * Invalidates the entire buffer so that it will be uploaded again. Only valid inside a
      * transaction.
      */
--- a/mobile/android/chrome/content/browser.js
+++ b/mobile/android/chrome/content/browser.js
@@ -2030,37 +2030,83 @@ var SelectionHandler = {
 
   positionHandles: function sh_positionHandles() {
     // Translate coordinates to account for selections in sub-frames. We can't cache
     // this because the top-level page may have scrolled since selection started.
     let offset = this._getViewOffset();
     let scrollX = {}, scrollY = {};
     this._view.top.QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDOMWindowUtils).getScrollXY(false, scrollX, scrollY);
 
+    // the checkHidden function tests to see if the given point is hidden inside an
+    // iframe/subdocument. this is so that if we select some text inside an iframe and
+    // scroll the iframe so the selection is out of view, we hide the handles rather
+    // than having them float on top of the main page content.
+    let checkHidden = function(x, y) {
+      return false;
+    };
+    if (this._view.frameElement) {
+      let bounds = this._view.frameElement.getBoundingClientRect();
+      checkHidden = function(x, y) {
+        return x < 0 || y < 0 || x > bounds.width || y > bounds.height;
+      }
+    }
+
     let positions = null;
     if (this._activeType == this.TYPE_CURSOR) {
       let cursor = this._cwu.sendQueryContentEvent(this._cwu.QUERY_CARET_RECT, this._target.selectionEnd, 0, 0, 0);
+      let x = cursor.left;
+      let y = cursor.top + cursor.height;
       positions = [ { handle: this.HANDLE_TYPE_MIDDLE,
-                     left: cursor.left + offset.x + scrollX.value,
-                     top: cursor.top + cursor.height + offset.y + scrollY.value } ];
+                     left: x + offset.x + scrollX.value,
+                     top: y + offset.y + scrollY.value,
+                     hidden: checkHidden(x, y) } ];
     } else {
+      let sx = this.cache.start.x;
+      let sy = this.cache.start.y;
+      let ex = this.cache.end.x;
+      let ey = this.cache.end.y;
       positions = [ { handle: this.HANDLE_TYPE_START,
-                     left: this.cache.start.x + offset.x + scrollX.value,
-                     top: this.cache.start.y + offset.y + scrollY.value },
+                     left: sx + offset.x + scrollX.value,
+                     top: sy + offset.y + scrollY.value,
+                     hidden: checkHidden(sx, sy) },
                    { handle: this.HANDLE_TYPE_END,
-                     left: this.cache.end.x + offset.x + scrollX.value,
-                     top: this.cache.end.y + offset.y + scrollY.value } ];
+                     left: ex + offset.x + scrollX.value,
+                     top: ey + offset.y + scrollY.value,
+                     hidden: checkHidden(ex, ey) } ];
     }
 
     sendMessageToJava({
       gecko: {
         type: "TextSelection:PositionHandles",
         positions: positions
       }
     });
+  },
+
+  subdocumentScrolled: function sh_subdocumentScrolled(aElement) {
+    if (this._activeType == this.TYPE_NONE) {
+      return;
+    }
+    let scrollView = aElement.ownerDocument.defaultView;
+    let view = this._view;
+    while (true) {
+      if (view == scrollView) {
+        // The selection is in a view (or sub-view) of the view that scrolled.
+        // So we need to reposition the handles.
+        if (this._activeType == this.TYPE_SELECTION) {
+          this.updateCacheForSelection();
+        }
+        this.positionHandles();
+        break;
+      }
+      if (view == view.parent) {
+        break;
+      }
+      view = view.parent;
+    }
   }
 };
 
 var UserAgent = {
   DESKTOP_UA: null,
 
   init: function ua_init() {
     Services.obs.addObserver(this, "DesktopMode:Change", false);
@@ -2795,22 +2841,19 @@ Tab.prototype = {
         if (target != this.browser.contentDocument)
           return;
 
         // Sample the background color of the page and pass it along. (This is used to draw the
         // checkerboard.) Right now we don't detect changes in the background color after this
         // event fires; it's not clear that doing so is worth the effort.
         var backgroundColor = null;
         try {
-          let browser = BrowserApp.selectedBrowser;
-          if (browser) {
-            let { contentDocument, contentWindow } = browser;
-            let computedStyle = contentWindow.getComputedStyle(contentDocument.body);
-            backgroundColor = computedStyle.backgroundColor;
-          }
+          let { contentDocument, contentWindow } = this.browser;
+          let computedStyle = contentWindow.getComputedStyle(contentDocument.body);
+          backgroundColor = computedStyle.backgroundColor;
         } catch (e) {
           // Ignore. Catching and ignoring exceptions here ensures that Talos succeeds.
         }
 
         sendMessageToJava({
           gecko: {
             type: "DOMContentLoaded",
             tabID: this.id,
@@ -3644,59 +3687,51 @@ var BrowserEventHandler = {
 
         this._firstScrollEvent = false;
       }
 
       // Scroll the scrollable element
       if (this._elementCanScroll(this._scrollableElement, data.x, data.y)) {
         this._scrollElementBy(this._scrollableElement, data.x, data.y);
         sendMessageToJava({ gecko: { type: "Gesture:ScrollAck", scrolled: true } });
+        SelectionHandler.subdocumentScrolled(this._scrollableElement);
       } else {
         sendMessageToJava({ gecko: { type: "Gesture:ScrollAck", scrolled: false } });
       }
     } else if (aTopic == "Gesture:CancelTouch") {
       this._cancelTapHighlight();
     } else if (aTopic == "Gesture:SingleTap") {
       let element = this._highlightElement;
       if (element) {
         try {
           let data = JSON.parse(aData);
-          let isClickable = ElementTouchHelper.isElementClickable(element);
-
-          if (isClickable) {
+          if (ElementTouchHelper.isElementClickable(element)) {
             [data.x, data.y] = this._moveClickPoint(element, data.x, data.y);
             element = ElementTouchHelper.anyElementFromPoint(data.x, data.y);
-            isClickable = ElementTouchHelper.isElementClickable(element);
           }
 
           this._sendMouseEvent("mousemove", element, data.x, data.y);
           this._sendMouseEvent("mousedown", element, data.x, data.y);
           this._sendMouseEvent("mouseup",   element, data.x, data.y);
 
           // See if its a input element
           if ((element instanceof HTMLInputElement && element.mozIsTextField(false)) || (element instanceof HTMLTextAreaElement))
              SelectionHandler.showThumb(element);
-  
-          if (isClickable)
-            Haptic.performSimpleAction(Haptic.LongPress);
         } catch(e) {
           Cu.reportError(e);
         }
       }
       this._cancelTapHighlight();
     } else if (aTopic == "Gesture:DoubleTap") {
       this._cancelTapHighlight();
       this.onDoubleTap(aData);
-    } else if (aTopic == "MozMagnifyGestureStart" ||
-               aTopic == "MozMagnifyGestureUpdate") {
+    } else if (aTopic == "MozMagnifyGestureStart" || aTopic == "MozMagnifyGestureUpdate") {
       this.onPinch(aData);
     } else if (aTopic == "MozMagnifyGesture") {
-      this.onPinchFinish(aData,
-                         this._mLastPinchPoint.x,
-                         this._mLastPinchPoint.y);
+      this.onPinchFinish(aData, this._mLastPinchPoint.x, this._mLastPinchPoint.y);
     } else if (aTopic == "nsPref:changed") {
       if (aData == "browser.zoom.reflowOnZoom") {
         this.updateReflozPref();
       }
     }
   },
 
   _zoomOut: function() {
--- a/netwerk/base/public/nsNetUtil.h
+++ b/netwerk/base/public/nsNetUtil.h
@@ -73,16 +73,17 @@
 #include "nsISocketProviderService.h"
 #include "nsISocketProvider.h"
 #include "nsIRedirectChannelRegistrar.h"
 #include "nsIMIMEHeaderParam.h"
 #include "nsILoadContext.h"
 #include "mozilla/Services.h"
 #include "nsIPrivateBrowsingChannel.h"
 #include "mozIApplicationClearPrivateDataParams.h"
+#include "nsIOfflineCacheUpdate.h"
 
 #include <limits>
 
 #ifdef MOZILLA_INTERNAL_API
 
 inline already_AddRefed<nsIIOService>
 do_GetIOService(nsresult* error = 0)
 {
@@ -1371,16 +1372,39 @@ NS_GetAppInfoFromClearDataNotification(n
     NS_ENSURE_SUCCESS(rv, rv);
 
     *aAppID = appId;
     *aBrowserOnly = browserOnly;
     return NS_OK;
 }
 
 /**
+ * Determines whether appcache should be checked for a given URI.
+ */
+inline bool
+NS_ShouldCheckAppCache(nsIURI *aURI, bool usePrivateBrowsing)
+{
+    if (usePrivateBrowsing) {
+        return false;
+    }
+
+    nsCOMPtr<nsIOfflineCacheUpdateService> offlineService =
+        do_GetService("@mozilla.org/offlinecacheupdate-service;1");
+    if (!offlineService) {
+        return false;
+    }
+
+    bool allowed;
+    nsresult rv = offlineService->OfflineAppAllowedForURI(aURI,
+                                                          nullptr,
+                                                          &allowed);
+    return NS_SUCCEEDED(rv) && allowed;
+}
+
+/**
  * Wraps an nsIAuthPrompt so that it can be used as an nsIAuthPrompt2. This
  * method is provided mainly for use by other methods in this file.
  *
  * *aAuthPrompt2 should be set to null before calling this function.
  */
 inline void
 NS_WrapAuthPrompt(nsIAuthPrompt *aAuthPrompt, nsIAuthPrompt2** aAuthPrompt2)
 {
--- a/netwerk/protocol/http/HttpChannelParent.cpp
+++ b/netwerk/protocol/http/HttpChannelParent.cpp
@@ -206,40 +206,34 @@ HttpChannelParent::RecvAsyncOpen(const U
   nsCOMPtr<nsIApplicationCacheChannel> appCacheChan =
     do_QueryInterface(mChannel);
   nsCOMPtr<nsIApplicationCacheService> appCacheService =
     do_GetService(NS_APPLICATIONCACHESERVICE_CONTRACTID);
 
   bool setChooseApplicationCache = chooseApplicationCache;
   if (appCacheChan && appCacheService) {
     // We might potentially want to drop this flag (that is TRUE by default)
-    // after we succefully associate the channel with an application cache
+    // after we successfully associate the channel with an application cache
     // reported by the channel child.  Dropping it here may be too early.
     appCacheChan->SetInheritApplicationCache(false);
     if (!appCacheClientID.IsEmpty()) {
       nsCOMPtr<nsIApplicationCache> appCache;
       rv = appCacheService->GetApplicationCache(appCacheClientID,
                                                 getter_AddRefs(appCache));
       if (NS_SUCCEEDED(rv)) {
         appCacheChan->SetApplicationCache(appCache);
         setChooseApplicationCache = false;
       }
     }
 
     if (setChooseApplicationCache) {
-      nsCOMPtr<nsIOfflineCacheUpdateService> offlineUpdateService =
-        do_GetService("@mozilla.org/offlinecacheupdate-service;1", &rv);
-      if (NS_SUCCEEDED(rv)) {
-        rv = offlineUpdateService->OfflineAppAllowedForURI(uri,
-                                                           nullptr,
-                                                           &setChooseApplicationCache);
-
-        if (setChooseApplicationCache && NS_SUCCEEDED(rv))
-          appCacheChan->SetChooseApplicationCache(true);
-      }
+      // This works because we've already called SetNotificationCallbacks and
+      // done mPBOverride logic by this point.
+      appCacheChan->SetChooseApplicationCache(
+            NS_ShouldCheckAppCache(uri, NS_UsePrivateBrowsing(mChannel)));
     }
   }
 
   rv = httpChan->AsyncOpen(channelListener, nullptr);
   if (NS_FAILED(rv))
     return SendFailedAsyncOpen(rv);
 
   return true;
--- a/netwerk/srtp/src/crypto/cipher/aes_icm.c
+++ b/netwerk/srtp/src/crypto/cipher/aes_icm.c
@@ -160,34 +160,40 @@ aes_icm_dealloc(cipher_t *c) {
  *
  * the salt is unpredictable (but not necessarily secret) data which
  * randomizes the starting point in the keystream
  */
 
 err_status_t
 aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) {
   err_status_t status;
-  int base_key_len;
+  int base_key_len, copy_len;
 
   if (key_len > 16 && key_len < 30) /* Ismacryp */
     base_key_len = 16;
   else if (key_len == 30 || key_len == 38 || key_len == 46)
     base_key_len = key_len - 14;
   else
     return err_status_bad_param;
 
-  /* set counter and initial values to 'offset' value */
-  /* Note this copies past the end of the 'key' array by 2 bytes! */
-  v128_copy_octet_string(&c->counter, key + base_key_len);
-  v128_copy_octet_string(&c->offset, key + base_key_len);
+  /*
+   * set counter and initial values to 'offset' value, being careful not to
+   * go past the end of the key buffer
+   */
+  v128_set_to_zero(&c->counter);
+  v128_set_to_zero(&c->offset);
 
-  /* force last two octets of the offset to zero (for srtp compatibility) */
-  c->offset.v8[14] = c->offset.v8[15] = 0;
-  c->counter.v8[14] = c->counter.v8[15] = 0;
-  
+  copy_len = key_len - base_key_len;
+  /* force last two octets of the offset to be left zero (for srtp compatibility) */
+  if (copy_len > 14)
+    copy_len = 14;
+
+  memcpy(&c->counter, key + base_key_len, copy_len);
+  memcpy(&c->offset, key + base_key_len, copy_len);
+
   debug_print(mod_aes_icm, 
 	      "key:  %s", octet_string_hex_string(key, base_key_len)); 
   debug_print(mod_aes_icm, 
 	      "offset: %s", v128_hex_string(&c->offset)); 
 
   /* expand key */
   status = aes_expand_encryption_key(key, base_key_len, &c->expanded_key);
   if (status) {
--- a/parser/html/nsHtml5MetaScannerCppSupplement.h
+++ b/parser/html/nsHtml5MetaScannerCppSupplement.h
@@ -51,20 +51,17 @@ nsHtml5MetaScanner::tryCharset(nsString*
   res = nsCharsetAlias::GetPreferred(encoding, preferred);
   if (NS_FAILED(res)) {
     return false;
   }
   if (preferred.LowerCaseEqualsLiteral("utf-16") ||
       preferred.LowerCaseEqualsLiteral("utf-16be") ||
       preferred.LowerCaseEqualsLiteral("utf-16le") ||
       preferred.LowerCaseEqualsLiteral("utf-7") ||
-      preferred.LowerCaseEqualsLiteral("jis_x0212-1990") ||
-      preferred.LowerCaseEqualsLiteral("x-jis0208") ||
-      preferred.LowerCaseEqualsLiteral("x-imap4-modified-utf7") ||
-      preferred.LowerCaseEqualsLiteral("x-user-defined")) {
+      preferred.LowerCaseEqualsLiteral("x-imap4-modified-utf7")) {
     return false;
   }
   res = convManager->GetUnicodeDecoderRaw(preferred.get(), getter_AddRefs(mUnicodeDecoder));
   if (res == NS_ERROR_UCONV_NOCONV) {
     return false;
   } else if (NS_FAILED(res)) {
     NS_ERROR("Getting an encoding decoder failed in a bad way.");
     mUnicodeDecoder = nullptr;
--- a/parser/html/nsHtml5StreamParser.cpp
+++ b/parser/html/nsHtml5StreamParser.cpp
@@ -1208,20 +1208,17 @@ nsHtml5StreamParser::PreferredForInterna
   // ??? Explicit further blacklist of character sets that are not
   // "rough supersets" of ASCII.  Some of these are handled above (utf-16),
   // some by the XSS smuggling blacklist in charsetData.properties,
   // maybe all of the remainder should also be blacklisted there.
   if (preferred.LowerCaseEqualsLiteral("utf-16") ||
       preferred.LowerCaseEqualsLiteral("utf-16be") ||
       preferred.LowerCaseEqualsLiteral("utf-16le") ||
       preferred.LowerCaseEqualsLiteral("utf-7") ||
-      preferred.LowerCaseEqualsLiteral("jis_x0212-1990") ||
-      preferred.LowerCaseEqualsLiteral("x-jis0208") ||
-      preferred.LowerCaseEqualsLiteral("x-imap4-modified-utf7") ||
-      preferred.LowerCaseEqualsLiteral("x-user-defined")) {
+      preferred.LowerCaseEqualsLiteral("x-imap4-modified-utf7")) {
     // Not a rough ASCII superset
     mTreeBuilder->MaybeComplainAboutCharset("EncMetaNonRoughSuperset",
                                             true,
                                             mTokenizer->getLineNumber());
     return false;
   }
   aEncoding.Assign(preferred);
   return true;
new file mode 100644
--- /dev/null
+++ b/parser/htmlparser/tests/reftest/bug599320-1-ref.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset=utf-8>
+<meta content="width=device-width, initial-scale=1" name="viewport">
+<title>UTF-16 doc</title>
+</head>
+<body>
+<h1>UTF-16 doc</h1>
+
+<p>Euro sign: €</p>
+<p>iframe:</p>
+<iframe src=frame599320-1-ref.html width=300 height=400></iframe>
+
+</body>
+</html>
+
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..590e9126c3fa1abdde37eca08dd8708c670da3b2
GIT binary patch
literal 616
zc$|HbK~IBF5QOK<uRzXLid7SvmW$S_9`xW*3l@^n5<naOlfO~@-iqYm!4SgE?Ck9B
z<9&TDbfjzD>Pq)|)SXreRj5;?tx^SA3@GG%(oP#K6)7i*;MT^rJdSPPU(n~^P7@u-
zl|<3tmBVB`sz4psx$N=l%(XM819cg30m|Utz-zt}FLO*~NrmfB;<F{&qH<AAU1AgN
zz?I?1Tyh+0`ZeBMoq4#bR1ciQ4Ni$JsLoKXQN$xnV9a=%XOx-VhfR}zyneEQDQlvY
zUYTc)rlre<ndihGq0`pAqx+VeZqx5Gm!I`B&ZVK#(&Nr`$urZbrZ&%s_h0?9o{^v0
b9ms8x!v4pZv8i?RJN@nu|Jgns-Jw9=rVnHN
new file mode 100644
--- /dev/null
+++ b/parser/htmlparser/tests/reftest/frame599320-1-ref.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset=utf-8>
+<meta content="width=device-width, initial-scale=1" name="viewport">
+<title>Non-UTF-16 doc</title>
+</head>
+<body>
+<h1>Non-UTF-16 doc</h1>
+
+<p>Euro sign: €</p>
+
+</body>
+</html>
+
new file mode 100644
--- /dev/null
+++ b/parser/htmlparser/tests/reftest/frame599320-1.html
@@ -0,0 +1,1092 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<!-- More than 1 KB of space -->
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<meta charset=utf-8>
+<meta content="width=device-width, initial-scale=1" name="viewport">
+<title>Non-UTF-16 doc</title>
+</head>
+<body>
+<h1>Non-UTF-16 doc</h1>
+
+<p>Euro sign: €</p>
+<script>
+window.onload = function() {
+  window.mozRequestAnimationFrame(function() {
+    parent.document.documentElement.removeAttribute("class");
+  });
+}
+</script>
+</body>
+</html>
+
--- a/parser/htmlparser/tests/reftest/reftest.list
+++ b/parser/htmlparser/tests/reftest/reftest.list
@@ -1,15 +1,16 @@
 == bug535530-1.html bug535530-1-ref.html
 == view-source:bug535530-2.html bug535530-2-ref.html
 == bug566280-1.html bug566280-1-ref.html
 == bug577418-1.html bug577418-1-ref.html
 == bug582788-1.html bug582788-1-ref.html
 == bug582940-1.html bug582940-1-ref.html
 == bug592656-1.html bug592656-1-ref.html
+== bug599320-1.html bug599320-1-ref.html
 == bug608373-1.html bug608373-1-ref.html
 fails-if(/^Windows\x20NT\x206\.1/.test(http.oscpu)&&!layersGPUAccelerated&&!azureSkia) == view-source:bug482921-1.html bug482921-1-ref.html # bug 703201
 == view-source:bug482921-2.xhtml bug482921-2-ref.html
 == bug659763-1.html bug659763-1-ref.html
 == bug659763-2.html bug659763-2-ref.html
 == bug659763-3.html bug659763-3-ref.html
 == bug659763-4.html bug659763-4-ref.html
 == bug659763-5.html bug659763-5-ref.html
--- a/security/coreconf/coreconf.dep
+++ b/security/coreconf/coreconf.dep
@@ -1,12 +1,13 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * A dummy header file that is a dependency for all the object files.
- * Used to force a full recompilation of NSS in Mozilla's Tinderbox
- * depend builds.  See comments in rules.mk.
- */
-
-#error "Do not include this header file."
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * A dummy header file that is a dependency for all the object files.
+ * Used to force a full recompilation of NSS in Mozilla's Tinderbox
+ * depend builds.  See comments in rules.mk.
+ */
+
+#error "Do not include this header file."
+
--- a/security/manager/ssl/src/nsIdentityChecking.cpp
+++ b/security/manager/ssl/src/nsIdentityChecking.cpp
@@ -97,27 +97,50 @@ static struct nsMyTrustedEVInfo myTruste
     "D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61",
     "MEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMT"
     "FlN3aXNzU2lnbiBHb2xkIENBIC0gRzI=",
     "ALtAHEP1Xk+w",
     nullptr
   },
   {
     // CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
-    "1.3.6.1.4.1.23223.2",
+    "1.3.6.1.4.1.23223.1.1.1",
     "StartCom EV OID",
     SEC_OID_UNKNOWN,
     "3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F",
     "MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL"
     "EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT"
     "dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==",
     "AQ==",
     nullptr
   },
   {
+    // CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+    "1.3.6.1.4.1.23223.1.1.1",
+    "StartCom EV OID",
+    SEC_OID_UNKNOWN,
+    "A3:F1:33:3F:E2:42:BF:CF:C5:D1:4E:8F:39:42:98:40:68:10:D1:A0",
+    "MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL"
+    "EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT"
+    "dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==",
+    "LQ==",
+    nullptr
+  },
+  {
+    // CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL
+    "1.3.6.1.4.1.23223.1.1.1",
+    "StartCom EV OID",
+    SEC_OID_UNKNOWN,
+    "31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17",
+    "MFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYDVQQD"
+    "EyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMg==",
+    "Ow==",
+    nullptr
+  },
+  {
     // CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
     "2.16.840.1.113733.1.7.23.6",
     "VeriSign EV OID",
     SEC_OID_UNKNOWN,
     "4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5",
     "MIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV"
     "BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZl"
     "cmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMT"
@@ -400,25 +423,36 @@ static struct nsMyTrustedEVInfo myTruste
     "MEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpH"
     "bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu",
     "BAAAAAABIVhTCKI=",
     nullptr
   },
   {
     // CN=Buypass Class 3 CA 1,O=Buypass AS-983163327,C=NO
     "2.16.578.1.26.1.3.3",
-    "Buypass Class 3 CA 1",
+    "Buypass EV OID",
     SEC_OID_UNKNOWN,
     "61:57:3A:11:DF:0E:D8:7E:D5:92:65:22:EA:D0:56:D7:44:B3:23:71",
     "MEsxCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2MzMyNzEd"
     "MBsGA1UEAwwUQnV5cGFzcyBDbGFzcyAzIENBIDE=",
     "Ag==",
     nullptr
   },
   {
+    // CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO
+    "2.16.578.1.26.1.3.3",
+    "Buypass EV OID",
+    SEC_OID_UNKNOWN,
+    "DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57",
+    "ME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2MzMyNzEg"
+    "MB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAzIFJvb3QgQ0E=",
+    "Ag==",
+    nullptr
+  },
+  {
     // CN=Class 2 Primary CA,O=Certplus,C=FR
     "1.3.6.1.4.1.22234.2.5.2.3.1",
     "Certplus EV OID",
     SEC_OID_UNKNOWN,
     "74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB",
     "MD0xCzAJBgNVBAYTAkZSMREwDwYDVQQKEwhDZXJ0cGx1czEbMBkGA1UEAxMSQ2xh"
     "c3MgMiBQcmltYXJ5IENB",
     "AIW9S/PY2uNp9pTXX8OlRCM=",
new file mode 100644
--- /dev/null
+++ b/security/nss/COPYING
@@ -0,0 +1,403 @@
+NSS is available under the Mozilla Public License, version 2, a copy of which
+is below.
+
+Note on GPL Compatibility
+-------------------------
+
+The MPL 2, section 3.3, permits you to combine NSS with code under the GNU
+General Public License (GPL) version 2, or any later version of that
+license, to make a Larger Work, and distribute the result under the GPL.
+The only condition is that you must also make NSS, and any changes you
+have made to it, available to recipients under the terms of the MPL 2 also.
+
+Anyone who receives the combined code from you does not have to continue
+to dual licence in this way, and may, if they wish, distribute under the
+terms of either of the two licences - either the MPL alone or the GPL
+alone. However, we discourage people from distributing copies of NSS under
+the GPL alone, because it means that any improvements they make cannot be
+reincorporated into the main version of NSS. There is never a need to do
+this for license compatibility reasons.
+
+Note on LGPL Compatibility
+--------------------------
+
+The above also applies to combining MPLed code in a single library with
+code under the GNU Lesser General Public License (LGPL) version 2.1, or
+any later version of that license. If the LGPLed code and the MPLed code
+are not in the same library, then the copyleft coverage of the two
+licences does not overlap, so no issues arise.
+
+
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in 
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_14_BETA1
+NSS_3_14_RC1
--- a/security/nss/TAG-INFO-CKBI
+++ b/security/nss/TAG-INFO-CKBI
@@ -1,1 +1,1 @@
-NSS_3_14_BETA1
+NSS_3_14_RC1
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -2180,16 +2180,17 @@ dsaOp(bltestCipherInfo *cipherInfo)
                                             &cipherInfo->input.pBuf);
                         CHECKERROR(rv, __LINE__);
                     }
                     cipherInfo->repetitions += j;
                 }
             }
             TIMEFINISH(cipherInfo->optime, 1.0);
         }
+	cipherInfo->output.buf.len = cipherInfo->output.pBuf.len;
         bltestCopyIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, 
                      &cipherInfo->output);
     } else {
         TIMESTART();
         rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx,
                               &cipherInfo->params.dsa.sig.buf,
                               &cipherInfo->input.pBuf);
         TIMEFINISH(cipherInfo->optime, 1.0);
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt
@@ -0,0 +1,47 @@
+# Raeburn                     Standards Track                    [Page 12]
+# 
+# RFC 3962             AES Encryption for Kerberos 5         February 2005
+# 
+# Some test vectors for CBC with ciphertext stealing, using an initial
+# vector of all-zero.
+#
+# Original Test vectors were for AES CTS-3 (Kerberos). These test vectors have been modified for AES CTS-1 (NIST)
+#
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20
+Output:   97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+Next IV:  c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+Next IV:  fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+Next IV:  39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+Next IV:  b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+Next IV:  9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+Next IV:  48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20
+Output:   97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+Next IV:  c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+Next IV:  fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+Next IV:  39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+Next IV:  b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+Next IV:  9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+Next IV:  48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext0
@@ -0,0 +1,1 @@
+l8Y1NWjyv4y02KWANi2n/38=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext1
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/l/AB4Pg79ssHURdTI7/ftIg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext2
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9ag=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext3
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9bP//ZQMFqGMG1VJ0vg4Ap4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext4
@@ -0,0 +1,1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/ciphertext5
@@ -0,0 +1,2 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY
+SAfv6DbuiaUmcw28L3vIQA==
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..4bdfab8333086af48b9ece6d1f9db9aa9a07cdff
GIT binary patch
literal 34
dc${NkKm~jZ$4pH#KJD+>a${+OneOuc^#Dwl2^|0c
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..3e8c8e9e6b97306f58059d6807b665465bc3bc64
GIT binary patch
literal 34
ec${NkKm~jZe;6w4`2KD>c*XU~iTB^%DggjZ*a_(X
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..b4bbc2e76fb0ee149bce3609e147cae594ccf0d4
GIT binary patch
literal 34
dc${NkKm~jZmWHaz%iEH!?yEn2X2$EUD*!$l2^jzY
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c065e8362dc47e875113249f9a575f490363087a
GIT binary patch
literal 34
dc${NkKm~jZoB#iv!Xvh@M>^E=(hm!!c>qgx2mAm4
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..ba11a0ec02ff240e50a83121b4c2b60eed06e3a3
GIT binary patch
literal 34
ec${NkKm~jZbJuq7o_6Hy0qcXz4;N0^eFFeigbFSI
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..213a4bd3c7541d93cdc6bd0427ca28cc3cb2c062
GIT binary patch
literal 34
dc${NkKm~jZ9_;U5n7!*<s#eUqN5A@n0{}x72b%x@
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key0
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key1
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key2
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key3
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key4
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/key5
@@ -0,0 +1,1 @@
+chicken teriyaki
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/mktst.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+for i in 0 1 2 3 4 5
+do
+    file="aes_cts_$i.txt"
+    grep "Key" $file | sed -e 's;Key:;;' | hex > key$i
+    grep "IV"  $file | sed -e 's;IV:;;' | hex > iv$i
+    grep "Input"  $file | sed -e 's;Input:;;' | hex  > plaintext$i
+    grep "Output"  $file | sed -e 's;Output:;;' | hex | btoa > ciphertext$i
+done
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/numtests
@@ -0,0 +1,1 @@
+6
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext0
@@ -0,0 +1,1 @@
+I would like the 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext1
@@ -0,0 +1,1 @@
+I would like the General Gau's 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext2
@@ -0,0 +1,1 @@
+I would like the General Gau's C
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext3
@@ -0,0 +1,1 @@
+I would like the General Gau's Chicken, please,
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext4
@@ -0,0 +1,1 @@
+I would like the General Gau's Chicken, please, 
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/aes_cts/plaintext5
@@ -0,0 +1,1 @@
+I would like the General Gau's Chicken, please, and wonton soup.
\ No newline at end of file
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -1,14 +1,14 @@
 /* THIS IS A GENERATED FILE */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $";
+static const char CVS_ID[] = "@(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $";
 #endif /* DEBUG */
 
 #ifndef BUILTINS_H
 #include "builtins.h"
 #endif /* BUILTINS_H */
 
 static const CK_BBOOL ck_false = CK_FALSE;
 static const CK_BBOOL ck_true = CK_TRUE;
@@ -1079,25 +1079,43 @@ static const CK_ATTRIBUTE_TYPE nss_built
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_352 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_353 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
 };
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_354 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_355 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_356 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_357 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_358 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
+};
+static const CK_ATTRIBUTE_TYPE nss_builtins_types_359 [] = {
+ CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING,  CKA_TRUST_STEP_UP_APPROVED
+};
 #ifdef DEBUG
 static const NSSItem nss_builtins_items_0 [] = {
   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"CVS ID", (PRUint32)7 },
   { (void *)"NSS", (PRUint32)4 },
-  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.89 $ $Date: 2012/09/21 23:12:31 $", (PRUint32)160 }
+  { (void *)"@(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $""; @(#) $RCSfile: certdata.c,v $ $Revision: 1.90 $ $Date: 2012/10/18 16:26:52 $", (PRUint32)160 }
 };
 #endif /* DEBUG */
 static const NSSItem nss_builtins_items_1 [] = {
   { (void *)&cko_nss_builtin_root_list, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Mozilla Builtin Roots", (PRUint32)22 }
@@ -23602,16 +23620,402 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)80 },
   { (void *)"\002\001\002"
 , (PRUint32)3 },
   { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
 };
+static const NSSItem nss_builtins_items_354 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı", (PRUint32)55 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303"
+"\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157"
+"\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151"
+"\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304"
+"\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124"
+"\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141"
+"\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234"
+"\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260"
+"\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151"
+"\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151"
+"\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236"
+"\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060"
+"\060\067"
+, (PRUint32)194 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303"
+"\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157"
+"\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151"
+"\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304"
+"\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124"
+"\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141"
+"\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234"
+"\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260"
+"\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151"
+"\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151"
+"\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236"
+"\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060"
+"\060\067"
+, (PRUint32)194 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)"\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001"
+"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060"
+"\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234"
+"\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156"
+"\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172"
+"\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261"
+"\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122"
+"\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162"
+"\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122"
+"\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154"
+"\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305"
+"\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040"
+"\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056"
+"\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060"
+"\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061"
+"\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071"
+"\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124"
+"\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162"
+"\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110"
+"\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143"
+"\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002"
+"\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153"
+"\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303"
+"\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304"
+"\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154"
+"\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237"
+"\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305"
+"\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062"
+"\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367"
+"\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002"
+"\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357"
+"\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077"
+"\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130"
+"\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352"
+"\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132"
+"\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006"
+"\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217"
+"\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302"
+"\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206"
+"\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177"
+"\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044"
+"\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217"
+"\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050"
+"\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371"
+"\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114"
+"\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252"
+"\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006"
+"\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344"
+"\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003"
+"\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003"
+"\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006"
+"\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001"
+"\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121"
+"\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026"
+"\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050"
+"\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017"
+"\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210"
+"\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153"
+"\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374"
+"\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271"
+"\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330"
+"\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265"
+"\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032"
+"\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325"
+"\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277"
+"\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031"
+"\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146"
+"\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071"
+"\175"
+, (PRUint32)1089 }
+};
+static const NSSItem nss_builtins_items_355 [] = {
+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı", (PRUint32)55 },
+  { (void *)"\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020"
+"\210\331\140\063"
+, (PRUint32)20 },
+  { (void *)"\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162"
+, (PRUint32)16 },
+  { (void *)"\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303"
+"\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157"
+"\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151"
+"\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304"
+"\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124"
+"\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141"
+"\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234"
+"\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260"
+"\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151"
+"\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151"
+"\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236"
+"\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060"
+"\060\067"
+, (PRUint32)194 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_356 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"T-TeleSec GlobalRoot Class 3", (PRUint32)29 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105"
+"\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163"
+"\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040"
+"\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060"
+"\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155"
+"\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045"
+"\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123"
+"\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154"
+"\141\163\163\040\063"
+, (PRUint32)133 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105"
+"\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163"
+"\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040"
+"\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060"
+"\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155"
+"\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045"
+"\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123"
+"\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154"
+"\141\163\163\040\063"
+, (PRUint32)133 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)"\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001"
+"\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060"
+"\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061"
+"\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164"
+"\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123"
+"\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035"
+"\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163"
+"\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060"
+"\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145"
+"\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141"
+"\163\163\040\063\060\036\027\015\060\070\061\060\060\061\061\060"
+"\062\071\065\066\132\027\015\063\063\061\060\060\061\062\063\065"
+"\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006"
+"\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124"
+"\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162"
+"\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142"
+"\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171"
+"\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164"
+"\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124"
+"\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157"
+"\164\040\103\154\141\163\163\040\063\060\202\001\042\060\015\006"
+"\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017"
+"\000\060\202\001\012\002\202\001\001\000\275\165\223\360\142\042"
+"\157\044\256\340\172\166\254\175\275\331\044\325\270\267\374\315"
+"\360\102\340\353\170\210\126\136\233\232\124\035\115\014\212\366"
+"\323\317\160\364\122\265\330\223\004\343\106\206\161\101\112\053"
+"\360\052\054\125\003\326\110\303\340\071\070\355\362\134\074\077"
+"\104\274\223\075\141\253\116\315\015\276\360\040\047\130\016\104"
+"\177\004\032\207\245\327\226\024\066\220\320\111\173\241\165\373"
+"\032\153\163\261\370\316\251\011\054\362\123\325\303\024\104\270"
+"\206\245\366\213\053\071\332\243\063\124\331\372\162\032\367\042"
+"\025\034\210\221\153\177\146\345\303\152\200\260\044\363\337\206"
+"\105\210\375\031\177\165\207\037\037\261\033\012\163\044\133\271"
+"\145\340\054\124\310\140\323\146\027\077\341\314\124\063\163\221"
+"\002\072\246\177\173\166\071\242\037\226\266\070\256\265\310\223"
+"\164\035\236\271\264\345\140\235\057\126\321\340\353\136\133\114"
+"\022\160\014\154\104\040\253\021\330\364\031\366\322\234\122\067"
+"\347\372\266\302\061\073\112\324\024\231\255\307\032\365\135\137"
+"\372\007\270\174\015\037\326\203\036\263\002\003\001\000\001\243"
+"\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060"
+"\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004"
+"\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\265"
+"\003\367\166\073\141\202\152\022\252\030\123\353\003\041\224\277"
+"\376\316\312\060\015\006\011\052\206\110\206\367\015\001\001\013"
+"\005\000\003\202\001\001\000\126\075\357\224\325\275\332\163\262"
+"\130\276\256\220\255\230\047\227\376\001\261\260\122\000\270\115"
+"\344\033\041\164\033\176\300\356\136\151\052\045\257\134\326\035"
+"\332\322\171\311\363\227\051\340\206\207\336\004\131\017\361\131"
+"\324\144\205\113\231\257\045\004\036\311\106\251\227\336\202\262"
+"\033\160\237\234\366\257\161\061\335\173\005\245\054\323\271\312"
+"\107\366\312\362\366\347\255\271\110\077\274\026\267\301\155\364"
+"\352\011\257\354\363\265\347\005\236\246\036\212\123\121\326\223"
+"\201\314\164\223\366\271\332\246\045\005\164\171\132\176\100\076"
+"\202\113\046\021\060\156\341\077\101\307\107\000\065\325\365\323"
+"\367\124\076\201\075\332\111\152\232\263\357\020\075\346\353\157"
+"\321\310\042\107\313\314\317\001\061\222\331\030\343\042\276\011"
+"\036\032\076\132\262\344\153\014\124\172\175\103\116\270\211\245"
+"\173\327\242\075\226\206\314\362\046\064\055\152\222\235\232\032"
+"\320\060\342\135\116\004\260\137\213\040\176\167\301\075\225\202"
+"\321\106\232\073\074\170\270\157\241\320\015\144\242\170\036\051"
+"\116\223\303\244\124\024\133"
+, (PRUint32)967 }
+};
+static const NSSItem nss_builtins_items_357 [] = {
+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"T-TeleSec GlobalRoot Class 3", (PRUint32)29 },
+  { (void *)"\125\246\162\076\313\362\354\315\303\043\164\160\031\235\052\276"
+"\021\343\201\321"
+, (PRUint32)20 },
+  { (void *)"\312\373\100\250\116\071\222\212\035\376\216\057\304\047\352\357"
+, (PRUint32)16 },
+  { (void *)"\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105"
+"\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163"
+"\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040"
+"\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060"
+"\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155"
+"\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045"
+"\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123"
+"\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154"
+"\141\163\163\040\063"
+, (PRUint32)133 },
+  { (void *)"\002\001\001"
+, (PRUint32)3 },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
+static const NSSItem nss_builtins_items_358 [] = {
+  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"EE Certification Centre Root CA", (PRUint32)32 },
+  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061"
+"\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162"
+"\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163"
+"\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105"
+"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103"
+"\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060"
+"\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153"
+"\151\100\163\153\056\145\145"
+, (PRUint32)119 },
+  { (void *)"0", (PRUint32)2 },
+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061"
+"\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162"
+"\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163"
+"\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105"
+"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103"
+"\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060"
+"\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153"
+"\151\100\163\153\056\145\145"
+, (PRUint32)119 },
+  { (void *)"\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161"
+"\346\112"
+, (PRUint32)18 },
+  { (void *)"\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124"
+"\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060"
+"\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165"
+"\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060"
+"\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151"
+"\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165"
+"\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103"
+"\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156"
+"\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006"
+"\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100"
+"\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063"
+"\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062"
+"\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006"
+"\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004"
+"\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145"
+"\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046"
+"\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146"
+"\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122"
+"\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206"
+"\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145"
+"\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001"
+"\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001"
+"\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373"
+"\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062"
+"\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114"
+"\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303"
+"\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316"
+"\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123"
+"\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174"
+"\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060"
+"\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247"
+"\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125"
+"\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335"
+"\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176"
+"\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352"
+"\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104"
+"\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203"
+"\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241"
+"\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003"
+"\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006"
+"\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006"
+"\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277"
+"\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003"
+"\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003"
+"\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001"
+"\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006"
+"\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005"
+"\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005"
+"\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267"
+"\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216"
+"\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225"
+"\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257"
+"\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120"
+"\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006"
+"\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274"
+"\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032"
+"\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156"
+"\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134"
+"\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072"
+"\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026"
+"\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123"
+"\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356"
+"\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357"
+"\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220"
+"\307\314\165\301\226\305\235"
+, (PRUint32)1031 }
+};
+static const NSSItem nss_builtins_items_359 [] = {
+  { (void *)&cko_nss_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+  { (void *)"EE Certification Centre Root CA", (PRUint32)32 },
+  { (void *)"\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303"
+"\173\047\314\327"
+, (PRUint32)20 },
+  { (void *)"\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157"
+, (PRUint32)16 },
+  { (void *)"\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061"
+"\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162"
+"\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163"
+"\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105"
+"\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103"
+"\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060"
+"\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153"
+"\151\100\163\153\056\145\145"
+, (PRUint32)119 },
+  { (void *)"\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161"
+"\346\112"
+, (PRUint32)18 },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_must_verify_trust, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ckt_nss_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
+  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) }
+};
 
 builtinsInternalObject
 nss_builtins_data[] = {
 #ifdef DEBUG
   { 7, nss_builtins_types_0, nss_builtins_items_0, {NULL} },
 #endif /* DEBUG */
   { 5, nss_builtins_types_1, nss_builtins_items_1, {NULL} },
   { 11, nss_builtins_types_2, nss_builtins_items_2, {NULL} },
@@ -23960,16 +24364,22 @@ nss_builtins_data[] = {
   { 13, nss_builtins_types_345, nss_builtins_items_345, {NULL} },
   { 11, nss_builtins_types_346, nss_builtins_items_346, {NULL} },
   { 13, nss_builtins_types_347, nss_builtins_items_347, {NULL} },
   { 11, nss_builtins_types_348, nss_builtins_items_348, {NULL} },
   { 13, nss_builtins_types_349, nss_builtins_items_349, {NULL} },
   { 11, nss_builtins_types_350, nss_builtins_items_350, {NULL} },
   { 13, nss_builtins_types_351, nss_builtins_items_351, {NULL} },
   { 11, nss_builtins_types_352, nss_builtins_items_352, {NULL} },
-  { 13, nss_builtins_types_353, nss_builtins_items_353, {NULL} }
+  { 13, nss_builtins_types_353, nss_builtins_items_353, {NULL} },
+  { 11, nss_builtins_types_354, nss_builtins_items_354, {NULL} },
+  { 13, nss_builtins_types_355, nss_builtins_items_355, {NULL} },
+  { 11, nss_builtins_types_356, nss_builtins_items_356, {NULL} },
+  { 13, nss_builtins_types_357, nss_builtins_items_357, {NULL} },
+  { 11, nss_builtins_types_358, nss_builtins_items_358, {NULL} },
+  { 13, nss_builtins_types_359, nss_builtins_items_359, {NULL} }
 };
 const PRUint32
 #ifdef DEBUG
-  nss_builtins_nObjects = 353+1;
+  nss_builtins_nObjects = 359+1;
 #else
-  nss_builtins_nObjects = 353;
+  nss_builtins_nObjects = 359;
 #endif /* DEBUG */
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -1,13 +1,13 @@
 # 
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.85 $ $Date: 2012/06/28 13:50:18 $"
+CVS_ID "@(#) $RCSfile: certdata.txt,v $ $Revision: 1.86 $ $Date: 2012/10/18 16:26:52 $"
 
 #
 # certdata.txt
 #
 # This file contains the object definitions for the certs and other
 # information "built into" NSS.
 #
 # Object definitions:
@@ -24417,8 +24417,466 @@ CKA_ISSUER MULTILINE_OCTAL
 END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\002
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+#
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234
+\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156
+\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060
+\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061
+\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071
+\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124
+\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162
+\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110
+\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143
+\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002
+\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153
+\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303
+\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304
+\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154
+\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237
+\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305
+\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062
+\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357
+\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077
+\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130
+\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352
+\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132
+\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006
+\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217
+\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302
+\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206
+\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177
+\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044
+\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217
+\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050
+\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371
+\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114
+\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252
+\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344
+\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121
+\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026
+\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050
+\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017
+\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210
+\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153
+\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374
+\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271
+\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330
+\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265
+\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032
+\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325
+\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277
+\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031
+\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146
+\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071
+\175
+END
+
+# Trust for "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020
+\210\331\140\063
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "T-TeleSec GlobalRoot Class 3"
+#
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164
+\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123
+\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035
+\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163
+\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060
+\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145
+\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141
+\163\163\040\063\060\036\027\015\060\070\061\060\060\061\061\060
+\062\071\065\066\132\027\015\063\063\061\060\060\061\062\063\065
+\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006
+\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124
+\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162
+\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142
+\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171
+\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164
+\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124
+\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157
+\164\040\103\154\141\163\163\040\063\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\275\165\223\360\142\042
+\157\044\256\340\172\166\254\175\275\331\044\325\270\267\374\315
+\360\102\340\353\170\210\126\136\233\232\124\035\115\014\212\366
+\323\317\160\364\122\265\330\223\004\343\106\206\161\101\112\053
+\360\052\054\125\003\326\110\303\340\071\070\355\362\134\074\077
+\104\274\223\075\141\253\116\315\015\276\360\040\047\130\016\104
+\177\004\032\207\245\327\226\024\066\220\320\111\173\241\165\373
+\032\153\163\261\370\316\251\011\054\362\123\325\303\024\104\270
+\206\245\366\213\053\071\332\243\063\124\331\372\162\032\367\042
+\025\034\210\221\153\177\146\345\303\152\200\260\044\363\337\206
+\105\210\375\031\177\165\207\037\037\261\033\012\163\044\133\271
+\145\340\054\124\310\140\323\146\027\077\341\314\124\063\163\221
+\002\072\246\177\173\166\071\242\037\226\266\070\256\265\310\223
+\164\035\236\271\264\345\140\235\057\126\321\340\353\136\133\114
+\022\160\014\154\104\040\253\021\330\364\031\366\322\234\122\067
+\347\372\266\302\061\073\112\324\024\231\255\307\032\365\135\137
+\372\007\270\174\015\037\326\203\036\263\002\003\001\000\001\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\265
+\003\367\166\073\141\202\152\022\252\030\123\353\003\041\224\277
+\376\316\312\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\001\001\000\126\075\357\224\325\275\332\163\262
+\130\276\256\220\255\230\047\227\376\001\261\260\122\000\270\115
+\344\033\041\164\033\176\300\356\136\151\052\045\257\134\326\035
+\332\322\171\311\363\227\051\340\206\207\336\004\131\017\361\131
+\324\144\205\113\231\257\045\004\036\311\106\251\227\336\202\262
+\033\160\237\234\366\257\161\061\335\173\005\245\054\323\271\312
+\107\366\312\362\366\347\255\271\110\077\274\026\267\301\155\364
+\352\011\257\354\363\265\347\005\236\246\036\212\123\121\326\223
+\201\314\164\223\366\271\332\246\045\005\164\171\132\176\100\076
+\202\113\046\021\060\156\341\077\101\307\107\000\065\325\365\323
+\367\124\076\201\075\332\111\152\232\263\357\020\075\346\353\157
+\321\310\042\107\313\314\317\001\061\222\331\030\343\042\276\011
+\036\032\076\132\262\344\153\014\124\172\175\103\116\270\211\245
+\173\327\242\075\226\206\314\362\046\064\055\152\222\235\232\032
+\320\060\342\135\116\004\260\137\213\040\176\167\301\075\225\202
+\321\106\232\073\074\170\270\157\241\320\015\144\242\170\036\051
+\116\223\303\244\124\024\133
+END
+
+# Trust for "T-TeleSec GlobalRoot Class 3"
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\246\162\076\313\362\354\315\303\043\164\160\031\235\052\276
+\021\343\201\321
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\312\373\100\250\116\071\222\212\035\376\216\057\304\047\352\357
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "EE Certification Centre Root CA"
+#
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124
+\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165
+\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060
+\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151
+\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165
+\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156
+\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006
+\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100
+\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063
+\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062
+\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006
+\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004
+\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145
+\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046
+\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122
+\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206
+\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373
+\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062
+\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114
+\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303
+\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316
+\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123
+\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174
+\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060
+\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247
+\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125
+\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335
+\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176
+\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352
+\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104
+\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203
+\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241
+\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
+\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277
+\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003
+\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003
+\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006
+\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005
+\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267
+\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216
+\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225
+\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257
+\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120
+\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006
+\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274
+\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032
+\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156
+\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134
+\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072
+\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026
+\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123
+\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356
+\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357
+\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220
+\307\314\165\301\226\305\235
+END
+
+# Trust for "EE Certification Centre Root CA"
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303
+\173\047\314\327
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -40,18 +40,18 @@
  *     ...
  *   - NSS 3.29 branch: 250-255
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 91
-#define NSS_BUILTINS_LIBRARY_VERSION "1.91"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 92
+#define NSS_BUILTINS_LIBRARY_VERSION "1.92"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself 
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -1,15 +1,15 @@
 /*
  * crypto.h - public data structures and prototypes for the crypto library
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: blapi.h,v 1.48 2012/06/28 17:55:05 rrelyea%redhat.com Exp $ */
+/* $Id: blapi.h,v 1.49 2012/10/11 00:10:26 rrelyea%redhat.com Exp $ */
 
 #ifndef _BLAPI_H_
 #define _BLAPI_H_
 
 #include "blapit.h"
 #include "hasht.h"
 #include "alghmac.h"
 
@@ -1267,16 +1267,20 @@ PQG_ParamGenSeedLen(
  * match the table below or an error will result:
  *
  *  L            N
  * 1024         160
  * 2048         224
  * 2048         256
  * 3072         256
  *
+ * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will
+ * pick a default value (typically the smallest secure value for these
+ * variables).
+ *
  * The verify parameters will conform to FIPS186-3 using the smallest 
  * permissible hash for the key strength.
  */
 extern SECStatus
 PQG_ParamGenV2(
              unsigned int L, 	     /* input : determines length of P. */
              unsigned int N, 	     /* input : determines length of Q. */
 	     unsigned int seedBytes, /* input : length of seed in bytes.*/
--- a/security/nss/lib/freebl/cts.c
+++ b/security/nss/lib/freebl/cts.c
@@ -110,17 +110,17 @@ CTS_EncryptUpdate(CTSContext *cts, unsig
 	return SECFailure;
     }
     fullblocks = (inlen/blocksize)*blocksize;
     rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
 	 fullblocks, blocksize);
     if (rv != SECSuccess) {
 	return SECFailure;
     }
-    PORT_Assert(*outlen == fullblocks);
+    *outlen = fullblocks; /* AES low level doesn't set outlen */
     inbuf += fullblocks;
     inlen -= fullblocks;
     if (inlen == 0) {
 	return SECSuccess;
     }
     written = *outlen - (blocksize - inlen);
     outbuf += written;
     maxout -= written;
@@ -135,17 +135,16 @@ CTS_EncryptUpdate(CTSContext *cts, unsig
      * we decrypt (at the cost of some complexity as you can see in decrypt
      * below */
     PORT_Memcpy(lastBlock, inbuf, inlen);
     PORT_Memset(lastBlock + inlen, 0, blocksize - inlen);
     rv = (*cts->cipher)(cts->context, outbuf, &tmp, maxout, lastBlock,
 			blocksize, blocksize);
     PORT_Memset(lastBlock, 0, blocksize);
     if (rv == SECSuccess) {
-	PORT_Assert(tmp == blocksize);
 	*outlen = written + blocksize;
     }
     return rv;
 }
 
 
 #define XOR_BLOCK(x,y,count) for(i=0; i < count; i++) x[i] = x[i] ^ y[i]
 
@@ -203,42 +202,42 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
 
     fullblocks = (inlen/blocksize)*blocksize;
 
     /* even though we expect the input to be CS-1, CS-2 is easier to parse,
      * so convert to CS-2 immediately. NOTE: this is the same code as in
      * the comment for encrypt. NOTE2: since we can't modify inbuf unless
      * inbuf and outbuf overlap, just copy inbuf to outbuf and modify it there
      */
-    pad = blocksize + (inlen - fullblocks);
-    if (pad != blocksize) {
+    pad = inlen - fullblocks;
+    if (pad != 0) {
 	if (inbuf != outbuf) {
 	    memcpy(outbuf, inbuf, inlen);
 	    /* keep the names so we logically know how we are using the
 	     * buffers */
 	    inbuf = outbuf;
 	}
-	memcpy(lastBlock,        inbuf+inlen-blocksize-pad, blocksize);
+	memcpy(lastBlock, inbuf+inlen-blocksize, blocksize);
 	/* we know inbuf == outbuf now, inbuf is declared const and can't
 	 * be the target, so use outbuf for the target here */
-	memcpy(outbuf+inlen-blocksize-pad, inbuf+inlen-pad, pad);
-	memcpy(outbuf+inlen-blocksize,     lastBlock,       blocksize);
+	memcpy(outbuf+inlen-pad, inbuf+inlen-blocksize-pad, pad);
+	memcpy(outbuf+inlen-blocksize-pad, lastBlock, blocksize);
     }
     /* save the previous to last block so we can undo the misordered
      * chaining */
     tmp =  (fullblocks < blocksize*2) ? cts->iv :
 			inbuf+fullblocks-blocksize*2;
     PORT_Memcpy(Cn_2, tmp, blocksize);
     PORT_Memcpy(Cn, inbuf+fullblocks-blocksize, blocksize);
     rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
 	 fullblocks, blocksize);
     if (rv != SECSuccess) {
 	return SECFailure;
     }
-    PORT_Assert(*outlen == fullblocks);
+    *outlen = fullblocks; /* AES low level doesn't set outlen */
     inbuf += fullblocks;
     inlen -= fullblocks;
     if (inlen == 0) {
 	return SECSuccess;
     }
     outbuf += fullblocks;
     maxout -= fullblocks;
 
@@ -270,26 +269,25 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
 
     /* make up for the out of order CBC decryption */
     XOR_BLOCK(lastBlock, Cn_2, blocksize);
     XOR_BLOCK(lastBlock, Pn, blocksize);
     /* last buf now has Pn || Cn-1**, copy out Pn */
     PORT_Memcpy(outbuf, lastBlock, inlen);
     *outlen += inlen;
     /* copy Cn-1* into last buf to recover Cn-1 */
-    PORT_Memcpy(lastBlock, Cn-1, inlen);
+    PORT_Memcpy(lastBlock, Cn_1, inlen);
     /* note: because Cn and Cn-1 were out of order, our pointer to Pn also
      * points to where Pn-1 needs to reside. From here on out read Pn in
      * the code as really Pn-1. */
     rv = (*cts->cipher)(cts->context, Pn, &tmpLen, blocksize, lastBlock,
 	 blocksize, blocksize);
     if (rv != SECSuccess) {
 	return SECFailure;
     }
-    PORT_Assert(tmpLen == blocksize);
     /* make up for the out of order CBC decryption */
     XOR_BLOCK(Pn, Cn_2, blocksize);
     XOR_BLOCK(Pn, Cn, blocksize);
     /* reset iv to Cn  */
     PORT_Memcpy(cts->iv, Cn, blocksize);
     /* This makes Cn the last block for the next decrypt operation, which
      * matches the encrypt. We don't care about the contexts of last block,
      * only the side effect of setting the internal IV */
--- a/security/nss/lib/freebl/gcm.c
+++ b/security/nss/lib/freebl/gcm.c
@@ -128,18 +128,16 @@ struct gcmHashContextStr {
      unsigned int bufLen;
      int m; /* XXX what is m? */
      unsigned char counterBuf[2*GCM_HASH_LEN_LEN];
      PRUint64 cLen;
 };
 
 /* f = x^128 + x^7 + x^2 + x + 1 */
 static const unsigned int poly_128[] = { 128, 7, 2, 1, 0 };
-/* f = x^64 + x^4 + x^3 + x + 1 */
-static const unsigned int poly_64[] = { 64, 4, 3, 1, 0 };
 
 /* sigh, GCM defines the bit strings exactly backwards from everything else */
 static void
 gcm_reverse(unsigned char *target, const unsigned char *src,
 							unsigned int blocksize)
 {
     unsigned int i;
     for (i=0; i < blocksize; i++) {
@@ -162,24 +160,21 @@ gcmHash_InitContext(gcmHashContext *ghas
     CHECK_MPI_OK( mp_init(&ghash->X) );
     CHECK_MPI_OK( mp_init(&ghash->C_i) );
 
     mp_zero(&ghash->X);
     gcm_reverse(H_rev, H, blocksize);
     CHECK_MPI_OK( mp_read_unsigned_octets(&ghash->H, H_rev, blocksize) );
 
     /* set the irreducible polynomial. Each blocksize has its own polynomial.
-     * for now only blocksizes 16 (=128 bits) and 8 (=64 bits) are defined */
+     * for now only blocksize 16 (=128 bits) is defined */
     switch (blocksize) {
     case 16: /* 128 bits */
 	ghash->poly = poly_128;
 	break;
-    case 8: /* 64 bits */
-	ghash->poly = poly_64;
-	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	goto cleanup;
     }
     ghash->cLen = 0;
     ghash->bufLen = 0;
     ghash->m = 0;
     PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
@@ -342,25 +337,22 @@ gcm_longs_to_bytes(const unsigned long *
 static SECStatus
 gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
 		    unsigned int blocksize)
 {
     PORT_Memset(ghash->X, 0, sizeof(ghash->X));
     PORT_Memset(ghash->H, 0, sizeof(ghash->H));
     gcm_bytes_to_longs(ghash->H, H, blocksize);
 
-    /* set the irreducible polynomial. Each blocksize has it's own polynommial
-     * for now only blocksizes 16 (=128 bits) and 8 (=64 bits) are defined */
+    /* set the irreducible polynomial. Each blocksize has its own polynommial
+     * for now only blocksize 16 (=128 bits) is defined */
     switch (blocksize) {
     case 16: /* 128 bits */
 	ghash->R = (unsigned long) 0x87; /* x^7 + x^2 + x +1 */
 	break;
-    case 8: /* 64 bits */
-	ghash->R = (unsigned long) 0x1b; /* x^4 + x^3 + x + 1 */
-	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	goto cleanup;
     }
     ghash->cLen = 0;
     ghash->bufLen = 0;
     ghash->m = 0;
     PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
@@ -608,17 +600,17 @@ GCM_CreateContext(void *context, freeblC
 		  const unsigned char *params, unsigned int blocksize)
 {
     GCMContext *gcm = NULL;
     gcmHashContext *ghash;
     unsigned char H[MAX_BLOCK_SIZE];
     unsigned int tmp;
     PRBool freeCtr = PR_FALSE;
     PRBool freeHash = PR_FALSE;
-    const CK_AES_GCM_PARAMS *gcmParams = (const CK_AES_GCM_PARAMS *)params;
+    const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
     CK_AES_CTR_PARAMS ctrParams;
     SECStatus rv;
 
     if (blocksize > MAX_BLOCK_SIZE || blocksize > sizeof(ctrParams.cb)) {
 	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
 	return NULL;
     }
     gcm = PORT_ZNew(GCMContext);
@@ -636,20 +628,17 @@ GCM_CreateContext(void *context, freeblC
     if (rv != SECSuccess) {
 	goto loser;
     }
     freeHash = PR_TRUE;
 
     /* fill in the Counter context */
     ctrParams.ulCounterBits = 32;
     PORT_Memset(ctrParams.cb, 0, sizeof(ctrParams.cb));
-    if ((blocksize == 8) && (gcmParams->ulIvLen == 4)) {
-	ctrParams.cb[3] = 1;
-	PORT_Memcpy(&ctrParams.cb[4], gcmParams->pIv, gcmParams->ulIvLen);
-    } else if ((blocksize == 16) && (gcmParams->ulIvLen == 12)) {
+    if ((blocksize == 16) && (gcmParams->ulIvLen == 12)) {
 	PORT_Memcpy(ctrParams.cb, gcmParams->pIv, gcmParams->ulIvLen);
 	ctrParams.cb[blocksize-1] = 1;
     } else {
 	rv = gcmHash_Update(ghash, gcmParams->pIv, gcmParams->ulIvLen,
 			    blocksize);
 	if (rv != SECSuccess) {
 	    goto loser;
 	}
--- a/security/nss/lib/freebl/pqg.c
+++ b/security/nss/lib/freebl/pqg.c
@@ -1,16 +1,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * PQG parameter generation/verification.  Based on FIPS 186-3.
  *
- * $Id: pqg.c,v 1.23 2012/09/25 23:38:38 wtc%google.com Exp $
+ * $Id: pqg.c,v 1.25 2012/10/11 00:18:23 rrelyea%redhat.com Exp $
  */
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
 
 #include "prerr.h"
 #include "secerr.h"
 
@@ -68,17 +68,17 @@ int prime_testcount_q(int L, int N)
     return prime_testcount_p(L,N);
 }
 
 /*
  * generic function to make sure our input matches DSA2 requirements 
  * this gives us one place to go if we need to bump the requirements in the
  * future.
  */
-SECStatus static
+static SECStatus
 pqg_validate_dsa2(unsigned int L, unsigned int N)
 {
 
     switch (L) {
     case 1024:
 	if (N != DSA1_Q_BITS) {
 	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	    return SECFailure;
@@ -98,16 +98,37 @@ pqg_validate_dsa2(unsigned int L, unsign
 	break;
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
     }
     re