Sec backports

mozilla-release/patches/1639613-1-786.patch

@@ -0,0 +1,36 @@
+# HG changeset patch
+# User Nick Alexander <nalexander@mozilla.com>
+# Date 1603745130 0
+#      Mon Oct 26 20:45:30 2020 +0000
+# Node ID d6cfe618fe6730b9ed238adb3407013401c6ee0d
+# Parent  a0077b5a77fedba9fcc18c37795bd4f2d82a63cf
+Bug 1639613 - Pre: Fix potential typo: lastUsed -> lastused. r=mhowell, a=RyanVM
+
+It's not 100% clear that this has any effect -- it might be that the
+string is case insensitive -- but in any case let's keep our source
+code uniform.
+
+Differential Revision: https://phabricator.services.mozilla.com/D94774
+
+diff --git a/browser/installer/windows/nsis/uninstaller.nsi b/browser/installer/windows/nsis/uninstaller.nsi
+--- a/browser/installer/windows/nsis/uninstaller.nsi
++++ b/browser/installer/windows/nsis/uninstaller.nsi
+@@ -188,17 +188,17 @@ Function un.UninstallServiceIfNotUsed
+     ${If} "$1" == ""
+       ${ExitDo}
+     ${EndIf}
+     IntOp $0 $0 + 1
+   ${Loop}
+ 
+   ; Restore back the registry view
+   ${If} ${RunningX64}
+-    SetRegView lastUsed
++    SetRegView lastused
+   ${EndIf}
+ 
+   ${If} $0 == 0
+     ; Get the path of the maintenance service uninstaller.
+     ; Look in both the 32-bit and 64-bit registry views.
+     SetRegView 32
+     ReadRegStr $1 HKLM ${MaintUninstallKey} "UninstallString"
+     SetRegView lastused

mozilla-release/patches/1639613-2-786.patch

@@ -0,0 +1,191 @@
+# HG changeset patch
+# User Nick Alexander <nalexander@mozilla.com>
+# Date 1603745794 0
+#      Mon Oct 26 20:56:34 2020 +0000
+# Node ID f683c43589b0659fecb47dd73e17d50c20c31f0b
+# Parent  484783c59dd8067873d037dcb625f8525ca6f8ad
+Bug 1639613 - Make Windows uninstaller conditionally request UAC elevation when silent. r=mhowell, a=RyanVM
+
+This essentially cribs the equivalent installer conditional elevation.
+I elected to guard this behind /S (silent) because it's not obvious to
+me that unelevated users will see identical behaviour when not
+elevating.
+
+Differential Revision: https://phabricator.services.mozilla.com/D76254
+
+diff --git a/toolkit/mozapps/installer/windows/nsis/common.nsh b/toolkit/mozapps/installer/windows/nsis/common.nsh
+--- a/toolkit/mozapps/installer/windows/nsis/common.nsh
++++ b/toolkit/mozapps/installer/windows/nsis/common.nsh
+@@ -5262,16 +5262,32 @@
+       Quit ; Nothing initialized so no need to call OnEndCommon
+ 
+       !ifdef HAVE_64BIT_BUILD
+         SetRegView 64
+       !endif
+ 
+       ${GetParameters} $R0
+ 
++      ${Unless} ${Silent}
++        ; Manually check for /S in the command line due to Bug 506867
++        ClearErrors
++        ${GetOptions} "$R0" "/S" $R2
++        ${Unless} ${Errors}
++          SetSilent silent
++        ${Else}
++          ; Support for the deprecated -ms command line argument.
++          ClearErrors
++          ${GetOptions} "$R0" "-ms" $R2
++          ${Unless} ${Errors}
++            SetSilent silent
++          ${EndUnless}
++        ${EndUnless}
++      ${EndUnless}
++
+       StrCmp "$R0" "" continue +1
+ 
+       ; Update this user's shortcuts with the latest app user model id.
+       ClearErrors
+       ${GetOptions} "$R0" "/UpdateShortcutAppUserModelIds" $R2
+       IfErrors hideshortcuts +1
+       StrCpy $R2 ""
+ !ifmacrodef InitHashAppModelId
+@@ -5360,38 +5376,121 @@
+ 
+       continue:
+ 
+       ; If the uninstall.log does not exist don't perform uninstall
+       ; operations. This prevents running the uninstaller for zip builds.
+       IfFileExists "$INSTDIR\uninstall\uninstall.log" +2 +1
+       Quit ; Nothing initialized so no need to call OnEndCommon
+ 
+-      ; Require elevation if the user can elevate
+-      ${ElevateUAC}
++      ; When silent, try to avoid elevation if we have a chance to succeed.  We
++      ; can succeed when we can write to (hence delete from) the install
++      ; directory and when we can clean up all registry entries.  Now, the
++      ; installer when elevated writes privileged registry entries for the use
++      ; of the Maintenance Service, even when the service is not and will not be
++      ; installed.  (In fact, even when a service installed in the future will
++      ; never update the installation, for example due to not being in a
++      ; privileged location.)  In practice this means we can only truly silently
++      ; remove an unelevated install: an elevated installer writing to an
++      ; unprivileged install directory will still write privileged registry
++      ; entries, requiring an elevated uninstaller to completely clean up.
++      ;
++      ; This avoids a wrinkle, whereby an uninstaller which runs unelevated will
++      ; never itself launch the Maintenance Service uninstaller, because it will
++      ; fail to remove its own service registration (removing the relevant
++      ; registry key would require elevation).  Therefore the check for the
++      ; service being unused will fail, which will prevent running the service
++      ; uninstaller.  That's both subtle and possibly leaves the service
++      ; registration hanging around, which might be a security risk.
++      ;
++      ; That is why we look for a privileged service registration for this
++      ; installation when deciding to elevate, and elevate unconditionally if we
++      ; find one, regardless of the result of the write check that would avoid
++      ; elevation.
++
++      ; The reason for requiring elevation, or "" for not required.
++      StrCpy $R4 ""
++
++      ${IfNot} ${Silent}
++        ; In normal operation, require elevation if the user can elevate so that
++        ; we are most likely to succeed.
++        StrCpy $R4 "not silent"
++      ${EndIf}
++
++      GetTempFileName $R6 "$INSTDIR"
++      FileOpen $R5 "$R6" w
++      FileWrite $R5 "Write Access Test"
++      FileClose $R5
++      Delete $R6
++      ${If} ${Errors}
++        StrCpy $R4 "write"
++      ${EndIf}
++
++      !ifdef MOZ_MAINTENANCE_SERVICE
++        ; We don't necessarily have $MaintCertKey, so use temporary registers.
++        ServicesHelper::PathToUniqueRegistryPath "$INSTDIR"
++        Pop $R5
++
++        ${If} $R5 != ""
++          ; Always use the 64bit registry for certs on 64bit systems.
++          ${If} ${RunningX64}
++          ${OrIf} ${IsNativeARM64}
++            SetRegView 64
++          ${EndIf}
++
++          EnumRegKey $R6 HKLM $R5 0
++          ClearErrors
++
++          ${If} ${RunningX64}
++          ${OrIf} ${IsNativeARM64}
++            SetRegView lastused
++          ${EndIf}
++
++          ${IfNot} "$R6" == ""
++            StrCpy $R4 "mms"
++          ${EndIf}
++        ${EndIf}
++      !endif
++
++      ${If} "$R4" != ""
++        ; In the future, we might not try to elevate to remain truly silent.  Or
++        ; we might add a command line arguments to specify behaviour.  One
++        ; reason to not do that immediately is that we have no great way to
++        ; signal that we exited without taking action.
++        ${ElevateUAC}
++      ${EndIf}
++
++      ; Now we've elevated, try the write access test again.
++      ClearErrors
++      GetTempFileName $R6 "$INSTDIR"
++      FileOpen $R5 "$R6" w
++      FileWrite $R5 "Write Access Test"
++      FileClose $R5
++      Delete $R6
++      ${If} ${Errors}
++        ; Nothing initialized so no need to call OnEndCommon
++        Quit
++      ${EndIf}
++
++      !ifdef MOZ_MAINTENANCE_SERVICE
++        ; And verify that if we need to, we're going to clean up the registry
++        ; correctly.
++        ${If} "$R4" == "mms"
++          WriteRegStr HKLM "Software\Mozilla" "${BrandShortName}InstallerTest" "Write Test"
++          ${If} ${Errors}
++            ; Nothing initialized so no need to call OnEndCommon
++            Quit
++          ${Endif}
++          DeleteRegValue HKLM "Software\Mozilla" "${BrandShortName}InstallerTest"
++        ${EndIf}
++      !endif
+ 
+       ; If we made it this far then this installer is being used as an uninstaller.
+       WriteUninstaller "$EXEDIR\uninstaller.exe"
+ 
+-      ${Unless} ${Silent}
+-        ; Manually check for /S in the command line due to Bug 506867
+-        ClearErrors
+-        ${GetOptions} "$R0" "/S" $R2
+-        ${Unless} ${Errors}
+-          SetSilent silent
+-        ${Else}
+-          ; Support for the deprecated -ms command line argument.
+-          ClearErrors
+-          ${GetOptions} "$R0" "-ms" $R2
+-          ${Unless} ${Errors}
+-            SetSilent silent
+-          ${EndUnless}
+-        ${EndUnless}
+-      ${EndUnless}
+-
+       ${If} ${Silent}
+         StrCpy $R1 "$\"$EXEDIR\uninstaller.exe$\" /S"
+       ${Else}
+         StrCpy $R1 "$\"$EXEDIR\uninstaller.exe$\""
+       ${EndIf}
+ 
+       ; When the uninstaller is launched it copies itself to the temp directory
+       ; so it won't be in use so it can delete itself.

mozilla-release/patches/1644240-787.patch

@@ -0,0 +1,131 @@
+# HG changeset patch
+# User Toshihito Kikuchi <tkikuchi@mozilla.com>
+# Date 1608159046 0
+#      Wed Dec 16 22:50:46 2020 +0000
+# Node ID f5259220ccf8d4c4c9542122a936002f55917593
+# Parent  011f89bce3e15b38fbf88dbbf1cabead411722ac
+Bug 1644240 - Suppress playing a sound if Diebold Warsaw's modules are partially unloaded. r=cmartin, a=RyanVM
+
+This patch is to mitigate the crash which was probably caused by Diebold Warsaw.
+We couldn't reproduce the problem, but our crash reports indicate the crash happened
+when `winmm!mciwindow` called `USER32!GetMessageA` but it was redirected to a freed
+buffer.  This happens Firefox calls to `PlaySound` e.g. showing the menu bar by
+pressing Alt key, or showing a dialogbox.
+
+Most of (not 100%) the crash instances have wslbdhm64 loaded but wslbscrwh64.dll
+was unloaded.  The proposed mitigation is to suppress playing a sound under
+such a condition.
+
+Differential Revision: https://phabricator.services.mozilla.com/D99705
+
+diff --git a/widget/windows/nsSound.cpp b/widget/windows/nsSound.cpp
+--- a/widget/windows/nsSound.cpp
++++ b/widget/windows/nsSound.cpp
+@@ -28,16 +28,37 @@
+ #include "nsNativeCharsetUtils.h"
+ #include "nsThreadUtils.h"
+ #include "mozilla/ClearOnShutdown.h"
+ 
+ using mozilla::LogLevel;
+ 
+ static mozilla::LazyLogModule gWin32SoundLog("nsSound");
+ 
++// Hackaround for bug 1644240
++// When we call PlaySound for the first time in the process, winmm.dll creates
++// a new thread and starts a message loop in winmm!mciwindow.  After that,
++// every call of PlaySound communicates with that thread via Window messages.
++// It seems that Warsaw application hooks USER32!GetMessageA, and there is
++// a timing window where they free their trampoline region without reverting
++// the hook on USER32!GetMessageA, resulting in crash when winmm!mciwindow
++// receives a message because it tries to jump to a freed buffer.
++// Based on the crash reports, it happened on all versions of Windows x64, and
++// the possible condition was wslbdhm64.dll was loaded but wslbscrwh64.dll was
++// unloaded.  Therefore we suppress playing a sound under such a condition.
++static bool ShouldSuppressPlaySound() {
++#if defined(_M_AMD64)
++  if (::GetModuleHandle(L"wslbdhm64.dll") &&
++      !::GetModuleHandle(L"wslbscrwh64.dll")) {
++    return true;
++  }
++#endif  // defined(_M_AMD64)
++  return false;
++}
++
+ class nsSoundPlayer: public mozilla::Runnable {
+ public:
+   explicit nsSoundPlayer(const nsAString& aSoundName)
+     : mozilla::Runnable("nsSoundPlayer")
+     , mSoundName(aSoundName)
+     , mSoundData(nullptr)
+   {
+   }
+@@ -59,18 +80,21 @@ public:
+ protected:
+   ~nsSoundPlayer();
+ 
+   nsString mSoundName;
+   uint8_t* mSoundData;
+ };
+ 
+ NS_IMETHODIMP
+-nsSoundPlayer::Run()
+-{
++nsSoundPlayer::Run() {
++  if (ShouldSuppressPlaySound()) {
++    return NS_OK;
++  }
++
+   MOZ_ASSERT(!mSoundName.IsEmpty() || mSoundData,
+     "Sound name or sound data should be specified");
+   DWORD flags = SND_NODEFAULT | SND_ASYNC;
+ 
+   if (mSoundData) {
+     flags |= SND_MEMORY;
+     ::PlaySoundW(reinterpret_cast<LPCWSTR>(mSoundData), nullptr, flags);
+   } else {
+@@ -131,16 +155,19 @@ void nsSound::PurgeLastSound()
+   // Halt any currently playing sound.
+   if (mSoundPlayer) {
+     if (mPlayerThread) {
+       mPlayerThread->Dispatch(NS_NewRunnableFunction(
+         "nsSound::PurgeLastSound", [player = std::move(mSoundPlayer)]() {
+           // Capture move mSoundPlayer to lambda then
+           // PlaySoundW(nullptr, nullptr, SND_PURGE) will be called before
+           // freeing the nsSoundPlayer.
++          if (ShouldSuppressPlaySound()) {
++            return;
++          }
+           ::PlaySoundW(nullptr, nullptr, SND_PURGE);
+         }), NS_DISPATCH_NORMAL);
+     }
+   }
+ }
+ 
+ NS_IMETHODIMP nsSound::Beep()
+ {
+@@ -265,18 +292,23 @@ NS_IMETHODIMP nsSound::Init()
+   // This call halts a sound if it was still playing.
+   // We have to use the sound library for something to make sure
+   // it is initialized.
+   // If we wait until the first sound is played, there will
+   // be a time lag as the library gets loaded.
+   // This should be done in player thread otherwise it will block main thread
+   // at the first time loading sound library.
+   mPlayerThread->Dispatch(
+-      NS_NewRunnableFunction(
+-          "nsSound::Init", []() { ::PlaySoundW(nullptr, nullptr, SND_PURGE); }),
++      NS_NewRunnableFunction("nsSound::Init",
++                             []() {
++                               if (ShouldSuppressPlaySound()) {
++                                 return;
++                               }
++                               ::PlaySoundW(nullptr, nullptr, SND_PURGE);
++                             }),
+       NS_DISPATCH_NORMAL);
+ 
+   mInited = true;
+ 
+   return NS_OK;
+ }
+ 
+ NS_IMETHODIMP nsSound::PlaySystemSound(const nsAString &aSoundAlias)

mozilla-release/patches/1659057-787.patch

@@ -0,0 +1,60 @@
+# HG changeset patch
+# User Mike Hommey <mh+mozilla@glandium.org>
+# Date 1597412434 0
+#      Fri Aug 14 13:40:34 2020 +0000
+# Node ID 8ca41bb3fd0d4bb47e8d6f86b518f060ae8129fe
+# Parent  871426eb733758440a043e8f00f5af15ab388efb
+Bug 1659057 - Allow hw.memsize system call. r=spohl, a=RyanVM
+
+This fixes the following error when running on Apple Silicon DTK:
+
+AGX: agxs_util.cpp:355:size_t getSystemMemorySize(): !!! Verification failed: status == 0
+
+Differential Revision: https://phabricator.services.mozilla.com/D87048
+
+diff --git a/security/sandbox/mac/SandboxPolicies.h b/security/sandbox/mac/SandboxPolicies.h
+--- a/security/sandbox/mac/SandboxPolicies.h
++++ b/security/sandbox/mac/SandboxPolicies.h
+@@ -117,16 +117,17 @@ static const char contentSandboxRules[] 
+       (sysctl-name "kern.osversion")
+       (sysctl-name "kern.osrelease")
+       (sysctl-name "kern.version")
+       ; TODO: remove "kern.hostname". Without it the tests hang, but the hostname
+       ; is arguably sensitive information, so we should see what can be done about
+       ; removing it.
+       (sysctl-name "kern.hostname")
+       (sysctl-name "hw.machine")
++      (sysctl-name "hw.memsize")
+       (sysctl-name "hw.model")
+       (sysctl-name "hw.ncpu")
+       (sysctl-name "hw.activecpu")
+       (sysctl-name "hw.byteorder")
+       (sysctl-name "hw.pagesize_compat")
+       (sysctl-name "hw.logicalcpu_max")
+       (sysctl-name "hw.physicalcpu_max")
+       (sysctl-name "hw.busfrequency_compat")
+diff --git a/security/sandbox/mac/SandboxPolicyContent.h.1659057.later b/security/sandbox/mac/SandboxPolicyContent.h.1659057.later
+new file mode 100644
+--- /dev/null
++++ b/security/sandbox/mac/SandboxPolicyContent.h.1659057.later
+@@ -0,0 +1,20 @@
++--- SandboxPolicyContent.h
+++++ SandboxPolicyContent.h
++@@ -110,16 +110,17 @@ static const char SandboxPolicyContent[]
++       (sysctl-name "kern.version")
++       (sysctl-name "kern.tcsm_available")
++       (sysctl-name "kern.tcsm_enable")
++       ; TODO: remove "kern.hostname". Without it the tests hang, but the hostname
++       ; is arguably sensitive information, so we should see what can be done about
++       ; removing it.
++       (sysctl-name "kern.hostname")
++       (sysctl-name "hw.machine")
+++      (sysctl-name "hw.memsize")
++       (sysctl-name "hw.model")
++       (sysctl-name "hw.ncpu")
++       (sysctl-name "hw.activecpu")
++       (sysctl-name "hw.byteorder")
++       (sysctl-name "hw.pagesize_compat")
++       (sysctl-name "hw.logicalcpu_max")
++       (sysctl-name "hw.physicalcpu_max")
++       (sysctl-name "hw.busfrequency_compat")

mozilla-release/patches/1659453-787.patch

@@ -0,0 +1,40 @@
+# HG changeset patch
+# User Jonathan Kew <jkew@mozilla.com>
+# Date 1597673090 0
+#      Mon Aug 17 14:04:50 2020 +0000
+# Node ID 324b0f37789356c3e7909a79321ac2167171b14d
+# Parent  f8f64df1b155f087c562dd87bd556eeecb99aadc
+Bug 1659453 - Accelerate gfxFontFamily::SearchAllFontsForChar by setting up the family charmap. r=lsalzman, a=RyanVM
+
+Differential Revision: https://phabricator.services.mozilla.com/D87285
+
+diff --git a/gfx/thebes/gfxFontEntry.cpp b/gfx/thebes/gfxFontEntry.cpp
+--- a/gfx/thebes/gfxFontEntry.cpp
++++ b/gfx/thebes/gfxFontEntry.cpp
+@@ -1512,19 +1512,23 @@ gfxFontFamily::FindFontForChar(GlobalFon
+         {
+             aMatchData->mBestMatch = fe;
+             aMatchData->mMatchedFamily = this;
+             aMatchData->mMatchRank = rank;
+         }
+     }
+ }
+ 
+-void
+-gfxFontFamily::SearchAllFontsForChar(GlobalFontMatch *aMatchData)
+-{
++void gfxFontFamily::SearchAllFontsForChar(GlobalFontMatch *aMatchData) {
++    if (!mFamilyCharacterMapInitialized) {
++      ReadAllCMAPs();
++    }
++    if (!mFamilyCharacterMap.test(aMatchData->mCh)) {
++      return;
++    }
+     uint32_t i, numFonts = mAvailableFonts.Length();
+     for (i = 0; i < numFonts; i++) {
+         gfxFontEntry *fe = mAvailableFonts[i];
+         if (fe && fe->HasCharacter(aMatchData->mCh)) {
+             int32_t rank = RANK_MATCHED_CMAP;
+             rank += CalcStyleMatch(fe, aMatchData->mStyle);
+             if (rank > aMatchData->mMatchRank
+                 || (rank == aMatchData->mMatchRank &&

mozilla-release/patches/1666072-786.patch

@@ -0,0 +1,43 @@
+# HG changeset patch
+# User Valentin Gosu <valentin.gosu@gmail.com>
+# Date 1605541969 0
+#      Mon Nov 16 15:52:49 2020 +0000
+# Node ID eda9c77d3a54028090810ee8aeea2f08c416d6e8
+# Parent  be11936b47865dcc8c4799d0be2a292273713917
+Bug 1666072 - Disable HSTS upgrade for captive portal channels. r=Gijs, a=jcristau
+
+https://firefox.com/ sends `strict-transport-security:	max-age=31536000; includeSubDomains`
+and http://firefox.com sends the `upgrade-insecure-requests: 1` header.
+
+Combined, these cause the captive portal check to report a redirect, which
+triggers the locked captive portal banner. The fix is to exclude the captive
+portal channel from the upgrade.
+
+Differential Revision: https://phabricator.services.mozilla.com/D97152
+
+diff --git a/toolkit/components/captivedetect/captivedetect.js b/toolkit/components/captivedetect/captivedetect.js
+--- a/toolkit/components/captivedetect/captivedetect.js
++++ b/toolkit/components/captivedetect/captivedetect.js
+@@ -30,16 +30,22 @@ function URLFetcher(url, timeout) {
+               .createInstance(Ci.nsIXMLHttpRequest);
+   xhr.open("GET", url, true);
+   // Prevent the request from reading from the cache.
+   xhr.channel.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;
+   // Prevent the request from writing to the cache.
+   xhr.channel.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
+   // Prevent privacy leaks
+   xhr.channel.loadFlags |= Ci.nsIRequest.LOAD_ANONYMOUS;
++
++  // bug 1666072 - firefox.com returns a HSTS header triggering a https upgrade
++  // but the upgrade triggers an internal redirect causing an incorrect locked
++  // portal notification. We exclude CP detection from STS.
++  xhr.channel.QueryInterface(Ci.nsIHttpChannel).allowSTS = false;
++
+   // The Cache-Control header is only interpreted by proxies and the
+   // final destination. It does not help if a resource is already
+   // cached locally.
+   xhr.setRequestHeader("Cache-Control", "no-cache");
+   // HTTP/1.0 servers might not implement Cache-Control and
+   // might only implement Pragma: no-cache
+   xhr.setRequestHeader("Pragma", "no-cache");
+ 

mozilla-release/patches/1666285-787.patch

@@ -0,0 +1,54 @@
+# HG changeset patch
+# User Olli Pettay <Olli.Pettay@helsinki.fi>
+# Date 1608028842 0
+#      Tue Dec 15 10:40:42 2020 +0000
+# Node ID 63e2fd8fb7d1d4126ee944b51729c828bb6a5756
+# Parent  90fcb9be8df03c2a7beebe8ea4f016ffeee618d4
+Bug 1666285, try to avoid slow shrinking GC during sync calls. r=sfink,asuth a=RyanVM
+
+Differential Revision: https://phabricator.services.mozilla.com/D97783
+
+diff --git a/dom/canvas/ImageBitmap.cpp b/dom/canvas/ImageBitmap.cpp
+--- a/dom/canvas/ImageBitmap.cpp
++++ b/dom/canvas/ImageBitmap.cpp
+@@ -873,17 +873,17 @@ ImageBitmap::CreateInternal(nsIGlobalObj
+   return ret.forget();
+ }
+ 
+ /* static */ already_AddRefed<ImageBitmap>
+ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, ImageData& aImageData,
+                             const Maybe<IntRect>& aCropRect, ErrorResult& aRv)
+ {
+   // Copy data into SourceSurface.
+-  dom::Uint8ClampedArray array;
++  RootedSpiderMonkeyInterface<Uint8ClampedArray> array(RootingCx());
+   DebugOnly<bool> inited = array.Init(aImageData.GetDataObject());
+   MOZ_ASSERT(inited);
+ 
+   array.ComputeLengthAndData();
+   const SurfaceFormat FORMAT = SurfaceFormat::R8G8B8A8;
+   // ImageData's underlying data is not alpha-premultiplied.
+   const auto alphaType = gfxAlphaType::NonPremult;
+   const uint32_t BYTES_PER_PIXEL = BytesPerPixel(FORMAT);
+diff --git a/dom/workers/WorkerPrivate.cpp b/dom/workers/WorkerPrivate.cpp
+--- a/dom/workers/WorkerPrivate.cpp
++++ b/dom/workers/WorkerPrivate.cpp
+@@ -6805,17 +6805,17 @@ WorkerPrivate::GarbageCollectInternal(JS
+   if (!GlobalScope()) {
+     // We haven't compiled anything yet. Just bail out.
+     return;
+   }
+ 
+   if (aShrinking || aCollectChildren) {
+     JS::PrepareForFullGC(aCx);
+ 
+-    if (aShrinking) {
++    if (aShrinking && mSyncLoopStack.IsEmpty()) {
+       JS::GCForReason(aCx, GC_SHRINK, JS::gcreason::DOM_WORKER);
+ 
+       if (!aCollectChildren) {
+         LOG(WorkerLog(), ("Worker %p collected idle garbage\n", this));
+       }
+     }
+     else {
+       JS::GCForReason(aCx, GC_NORMAL, JS::gcreason::DOM_WORKER);

mozilla-release/patches/1673770-786.patch

@@ -0,0 +1,74 @@
+# HG changeset patch
+# User Jed Davis <jld@mozilla.com>
+# Date 1603993288 0
+#      Thu Oct 29 17:41:28 2020 +0000
+# Node ID 3962fa9f3084c5bca8458cecdaac664dc431164a
+# Parent  ad4f39b105f69e55d8d797d7a77f19ce21163302
+Bug 1673770 - Extend the handling of fstatat-as-fstat to sandboxes that don't use a file broker. r=gcp, a=RyanVM
+
+The fix for bug 1660901, to handle the subset of fstatat that is
+equivalent to fstat, was incomplete: it was added to the existing
+hook for the file broker, so processes that don't use a broker (like
+GMP) didn't get the fix.  That wasn't a problem when the only use of
+that feature was in content processes via GTK, but now that glibc has
+reimplemented fstat that way, it's necessary for all processes.
+
+Differential Revision: https://phabricator.services.mozilla.com/D95108
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -453,16 +453,20 @@ private:
+         strcmp(path, "") == 0) {
+ #ifdef __NR_fstat64
+       return DoSyscall(__NR_fstat64, fd, buf);
+ #else
+       return DoSyscall(__NR_fstat, fd, buf);
+ #endif
+     }
+ 
++    if (!broker) {
++      return BlockedSyscallTrap(aArgs, nullptr);
++    }
++
+     if (fd != AT_FDCWD && path[0] != '/') {
+       SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, %d)",
+                         fd, path, buf, flags);
+       return BlockedSyscallTrap(aArgs, nullptr);
+     }
+     if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)) != 0) {
+       SANDBOX_LOG_ERROR("unsupported flags %d in fstatat(%d, \"%s\", %p, %d)",
+                         (flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)), fd,
+@@ -711,25 +715,31 @@ public:
+       case __NR_unlink:
+         return Trap(UnlinkTrap, mBroker);
+       case __NR_readlink:
+         return Trap(ReadlinkTrap, mBroker);
+       case __NR_readlinkat:
+         return Trap(ReadlinkAtTrap, mBroker);
+       }
+     } else {
++      // In the absence of a broker we still need to handle the
++      // fstat-equivalent subset of fstatat; see bug 1673770.
++      switch (sysno) {
++      CASES_FOR_fstatat:
++        return Trap(StatAtTrap, nullptr);
++      }
++
+       // No broker; allow the syscalls directly.  )-:
+       switch(sysno) {
+       case __NR_open:
+       case __NR_openat:
+       case __NR_access:
+       case __NR_faccessat:
+       CASES_FOR_stat:
+       CASES_FOR_lstat:
+-      CASES_FOR_fstatat:
+       case __NR_chmod:
+       case __NR_link:
+       case __NR_mkdir:
+       case __NR_symlink:
+       case __NR_rename:
+       case __NR_rmdir:
+       case __NR_unlink:
+       case __NR_readlink:

mozilla-release/patches/1677888-786.patch

@@ -0,0 +1,110 @@
+# HG changeset patch
+# User Karl Tomlinson <karlt+@karlt.net>
+# Date 1607092988 0
+#      Fri Dec 04 14:43:08 2020 +0000
+# Node ID 8d497e2aab1decac6fa692c1f958b0fb744685bc
+# Parent  590a3de191629ca503f26b42a9faa422f3b815be
+Bug 1677888 - Adjust IncrementalFinalizeRunnable no-op test. r=mccr8, a=RyanVM
+
+Differential Revision: https://phabricator.services.mozilla.com/D98121
+
+diff --git a/xpcom/base/CycleCollectedJSRuntime.cpp b/xpcom/base/CycleCollectedJSRuntime.cpp
+--- a/xpcom/base/CycleCollectedJSRuntime.cpp
++++ b/xpcom/base/CycleCollectedJSRuntime.cpp
+@@ -557,20 +557,20 @@ CycleCollectedJSRuntime::CycleCollectedJ
+ 
+ void
+ CycleCollectedJSRuntime::Shutdown(JSContext* cx)
+ {
+   JS_RemoveExtraGCRootsTracer(cx, TraceBlackJS, this);
+   JS_RemoveExtraGCRootsTracer(cx, TraceGrayJS, this);
+ }
+ 
+-CycleCollectedJSRuntime::~CycleCollectedJSRuntime()
+-{
++CycleCollectedJSRuntime::~CycleCollectedJSRuntime() {
+   MOZ_COUNT_DTOR(CycleCollectedJSRuntime);
+   MOZ_ASSERT(!mDeferredFinalizerTable.Count());
++  MOZ_ASSERT(!mFinalizeRunnable);
+ }
+ 
+ void
+ CycleCollectedJSRuntime::AddContext(CycleCollectedJSContext* aContext)
+ {
+   mContexts.insertBack(aContext);
+ }
+ 
+@@ -1299,21 +1299,22 @@ IncrementalFinalizeRunnable::Incremental
+ 
+     DeferredFinalizeFunctionHolder* holder =
+       mDeferredFinalizeFunctions.AppendElement();
+     holder->run = function;
+     holder->data = data;
+ 
+     iter.Remove();
+   }
++  MOZ_ASSERT(mDeferredFinalizeFunctions.Length());
+ }
+ 
+-IncrementalFinalizeRunnable::~IncrementalFinalizeRunnable()
+-{
+-  MOZ_ASSERT(this != mRuntime->mFinalizeRunnable);
++IncrementalFinalizeRunnable::~IncrementalFinalizeRunnable() {
++  MOZ_ASSERT(!mDeferredFinalizeFunctions.Length());
++  MOZ_ASSERT(!mRuntime);
+ }
+ 
+ void
+ IncrementalFinalizeRunnable::ReleaseNow(bool aLimited)
+ {
+   if (mReleasing) {
+     NS_WARNING("Re-entering ReleaseNow");
+     return;
+@@ -1353,38 +1354,42 @@ IncrementalFinalizeRunnable::ReleaseNow(
+         ++mFinalizeFunctionToRun;
+       }
+     } while (mFinalizeFunctionToRun < mDeferredFinalizeFunctions.Length());
+   }
+ 
+   if (mFinalizeFunctionToRun == mDeferredFinalizeFunctions.Length()) {
+     MOZ_ASSERT(mRuntime->mFinalizeRunnable == this);
+     mDeferredFinalizeFunctions.Clear();
++    CycleCollectedJSRuntime* runtime = mRuntime;
++    mRuntime = nullptr;
+     // NB: This may delete this!
+-    mRuntime->mFinalizeRunnable = nullptr;
++    runtime->mFinalizeRunnable = nullptr;
+   }
+ }
+ 
+ NS_IMETHODIMP
+-IncrementalFinalizeRunnable::Run()
+-{
+-  if (mRuntime->mFinalizeRunnable != this) {
++IncrementalFinalizeRunnable::Run() {
++  if (!mDeferredFinalizeFunctions.Length()) {
+     /* These items were already processed synchronously in JSGC_END. */
+-    MOZ_ASSERT(!mDeferredFinalizeFunctions.Length());
++    MOZ_ASSERT(!mRuntime);
+     return NS_OK;
+   }
+ 
++  MOZ_ASSERT(mRuntime->mFinalizeRunnable == this);
+   TimeStamp start = TimeStamp::Now();
+   ReleaseNow(true);
+ 
+   if (mDeferredFinalizeFunctions.Length()) {
+     nsresult rv = NS_DispatchToCurrentThread(this);
+     if (NS_FAILED(rv)) {
+       ReleaseNow(false);
+     }
++  } else {
++    MOZ_ASSERT(!mRuntime);
+   }
+ 
+   uint32_t duration = (uint32_t)((TimeStamp::Now() - start).ToMilliseconds());
+   Telemetry::Accumulate(Telemetry::DEFERRED_FINALIZE_ASYNC, duration);
+ 
+   return NS_OK;
+ }
+ 

mozilla-release/patches/1678413-786.patch

@@ -0,0 +1,109 @@
+# HG changeset patch
+# User Andrew McCreight <continuation@gmail.com>
+# Date 1606770571 0
+#      Mon Nov 30 21:09:31 2020 +0000
+# Node ID 95dacfb8daf33f1769058ac36997ea2b8dc94e60
+# Parent  9c6b684cc3057f19fe9373209a5e888236688d51
+Bug 1678413 - Release listeners for nsViewSourceChannel. r=necko-reviewers,dragana, a=jcristau
+
+Release the two kinds of listeners that view source channel has
+if AsyncOpen fails, or in OnStop. This matches the behavior of
+HttpChannelChild. The former change fixes a leak when view source
+channels are blocked by enterprise policies.
+
+It looks like clang-format deleted the double include of
+nsViewSourceChannel.h.
+
+Differential Revision: https://phabricator.services.mozilla.com/D98223
+
+diff --git a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
+--- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
++++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
+@@ -130,16 +130,20 @@ nsViewSourceChannel::InitSrcdoc(nsIURI* 
+     mUploadChannel = do_QueryInterface(mChannel);
+ 
+     nsCOMPtr<nsIInputStreamChannel> isc = do_QueryInterface(mChannel);
+     MOZ_ASSERT(isc);
+     isc->SetBaseURI(aBaseURI);
+     return NS_OK;
+ }
+ 
++void nsViewSourceChannel::ReleaseListeners() {
++  mListener = nullptr;
++}
++
+ ////////////////////////////////////////////////////////////////////////////////
+ // nsIRequest methods:
+ 
+ NS_IMETHODIMP
+ nsViewSourceChannel::GetName(nsACString &result)
+ {
+     return NS_ERROR_NOT_IMPLEMENTED;
+ }
+@@ -316,16 +320,18 @@ nsViewSourceChannel::AsyncOpen(nsIStream
+ 
+     if (NS_FAILED(rv) && loadGroup)
+         loadGroup->RemoveRequest(static_cast<nsIViewSourceChannel*>
+                                             (this),
+                                  nullptr, rv);
+ 
+     if (NS_SUCCEEDED(rv)) {
+         mOpened = true;
++    } else {
++        ReleaseListeners();
+     }
+ 
+     return rv;
+ }
+ 
+ NS_IMETHODIMP
+ nsViewSourceChannel::AsyncOpen2(nsIStreamListener *aListener)
+ {
+@@ -688,19 +694,23 @@ nsViewSourceChannel::OnStopRequest(nsIRe
+         mChannel->GetLoadGroup(getter_AddRefs(loadGroup));
+         if (loadGroup)
+         {
+             loadGroup->RemoveRequest(static_cast<nsIViewSourceChannel*>
+                                                 (this),
+                                      nullptr, aStatus);
+         }
+     }
+-    return mListener->OnStopRequest(static_cast<nsIViewSourceChannel*>
+-                                               (this),
+-                                    aContext, aStatus);
++    nsresult rv;
++    rv = mListener->OnStopRequest(static_cast<nsIViewSourceChannel*>(this),
++                                  aContext, aStatus);
++
++    ReleaseListeners();
++
++    return rv;
+ }
+ 
+ 
+ // nsIStreamListener methods
+ NS_IMETHODIMP
+ nsViewSourceChannel::OnDataAvailable(nsIRequest *aRequest, nsISupports* aContext,
+                                      nsIInputStream *aInputStream,
+                                      uint64_t aSourceOffset,
+diff --git a/netwerk/protocol/viewsource/nsViewSourceChannel.h b/netwerk/protocol/viewsource/nsViewSourceChannel.h
+--- a/netwerk/protocol/viewsource/nsViewSourceChannel.h
++++ b/netwerk/protocol/viewsource/nsViewSourceChannel.h
+@@ -52,16 +52,17 @@ public:
+ 
+     MOZ_MUST_USE nsresult InitSrcdoc(nsIURI* aURI,
+                                      nsIURI* aBaseURI,
+                                      const nsAString &aSrcdoc,
+                                      nsILoadInfo* aLoadInfo);
+ 
+ protected:
+     ~nsViewSourceChannel() {}
++    void ReleaseListeners();
+ 
+     nsCOMPtr<nsIChannel>        mChannel;
+     nsCOMPtr<nsIHttpChannel>    mHttpChannel;
+     nsCOMPtr<nsIHttpChannelInternal>    mHttpChannelInternal;
+     nsCOMPtr<nsICachingChannel> mCachingChannel;
+     nsCOMPtr<nsICacheInfoChannel> mCacheInfoChannel;
+     nsCOMPtr<nsIApplicationCacheChannel> mApplicationCacheChannel;
+     nsCOMPtr<nsIUploadChannel>  mUploadChannel;

mozilla-release/patches/1680372-787.patch

@@ -0,0 +1,38 @@
+# HG changeset patch
+# User Dana Keeler <dkeeler@mozilla.com>
+# Date 1607620632 0
+#      Thu Dec 10 17:17:12 2020 +0000
+# Node ID eef85e1639955ed4719518aa4d93d51cfdaa790b
+# Parent  7a7b002ee8f937fba7548afd9fe4bb2b705c1217
+Bug 1680372 - replace Let's Encrypt intermediate certificates with ISRG Root X1 in the mozilla_services pinset. r=kjacobs, a=RyanVM
+
+Now that we're actually using Let's Encrypt for Mozilla services, we should pin
+to the root.
+
+Differential Revision: https://phabricator.services.mozilla.com/D99293
+
+diff --git a/security/manager/tools/PreloadedHPKPins.json b/security/manager/tools/PreloadedHPKPins.json
+--- a/security/manager/tools/PreloadedHPKPins.json
++++ b/security/manager/tools/PreloadedHPKPins.json
+@@ -69,20 +69,17 @@
+     ]
+    },
+   "pinsets": [
+     {
+       "name": "mozilla_services",
+       "sha256_hashes": [
+         "DigiCert Global Root CA",
+         "DigiCert High Assurance EV Root CA",
+-        // Backup intermediates with Let's Encrypt are not normally
+-        // in use and require disabling Mozilla's sites blacklisting
+-        "Let's Encrypt Authority X3",
+-        "Let's Encrypt Authority X4"
++        "ISRG Root X1"
+       ]
+     },
+     // For pinning tests on pinning.example.com, the certificate must be 'End
+     // Entity Test Cert'
+     {
+       "name": "mozilla_test",
+       "sha256_hashes": [
+         "End Entity Test Cert"

mozilla-release/patches/series

@@ -5192,3 +5192,14 @@ TOP-1683545-PLASTER-webrender-2536.patch
 1426440-59a1.patch
 1426642-59a1.patch
 1426675-59a1.patch
+1673770-786.patch
+1639613-1-786.patch
+1639613-2-786.patch
+1666072-786.patch
+1678413-786.patch
+1677888-786.patch
+1680372-787.patch
+1666285-787.patch
+1659453-787.patch
+1644240-787.patch
+1659057-787.patch

scripts/copygitlab2l10n.cmd

@@ -0,0 +1,11 @@
+for /f "tokens=*" %%G in ('dir /b /ad "."') do (
+  cd %%G
+  hg qpop --all
+rem   pause
+  copy /y x:\x\patches-c\gitlab\253-gitlab\l10n-release\%%G\patches d:\seamonkey\l10n\l10n-release\%%G\.hg\patches
+  hg qpush --all
+  cd ..
+rem   pause
+)
+
+pause

scripts/copyl10n2gitlab.cmd

@@ -0,0 +1,5 @@
+for /f "tokens=*" %%G in ('dir /b /ad "."') do (
+  mkdir x:\x\patches-c\gitlab\253-gitlab\l10n-release\%%G\patches
+  copy /y d:\seamonkey\l10n\l10n-release\%%G\.hg\patches\*.patch x:\x\patches-c\gitlab\253-gitlab\l10n-release\%%G\patches
+  copy /y d:\seamonkey\l10n\l10n-release\%%G\.hg\patches\series  x:\x\patches-c\gitlab\253-gitlab\l10n-release\%%G\patches
+)