fix utf-8 and backports

mozilla-release/patches/1654795-80a1.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# User Emilio Cobos Álvarez <emilio@crisal.io>
+# User Emilio Cobos Alvarez <emilio@crisal.io>
 # Date 1595513174 0
 # Node ID 04c1d72c0353a2dd371d49aead7eafbbf5d50502
 # Parent  bb4a290d55ffd41cc22dc5c2e93dfca6ba7c1f51

mozilla-release/patches/1870579-126a1.patch

@@ -0,0 +1,100 @@
+# HG changeset patch
+# User Kershaw Chang <kershaw@mozilla.com>
+# Date 1710798674 0
+# Node ID 4c58e1b47bd6cd1610c6d4554314df14db3722e2
+# Parent  687d9288706814f80d0f9fff6ad7eade549f92e9
+Bug 1870579 - Use PK11_GenerateRandom to generate random number, r=necko-reviewers,valentin
+
+Differential Revision: https://phabricator.services.mozilla.com/D204755
+
+diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
+--- a/modules/libpref/init/all.js
++++ b/modules/libpref/init/all.js
+@@ -2011,16 +2011,19 @@ pref("network.http.tcp_keepalive.long_li
+ pref("network.http.tcp_keepalive.long_lived_idle_time", 600);
+ 
+ pref("network.http.enforce-framing.http1", false); // should be named "strict"
+ pref("network.http.enforce-framing.soft", true);
+ 
+ // Max size, in bytes, for received HTTP response header.
+ pref("network.http.max_response_header_size", 393216);
+ 
++// The length of the cnonce string used in HTTP digest auth.
++pref("network.http.digest_auth_cnonce_length", 64);
++
+ // If we should attempt to race the cache and network
+ pref("network.http.rcwn.enabled", false);
+ pref("network.http.rcwn.cache_queue_normal_threshold", 8);
+ pref("network.http.rcwn.cache_queue_priority_threshold", 2);
+ // We might attempt to race the cache with the network only if a resource
+ // is smaller than this size.
+ pref("network.http.rcwn.small_resource_size_kb", 256);
+ 
+diff --git a/netwerk/protocol/http/nsHttpDigestAuth.cpp b/netwerk/protocol/http/nsHttpDigestAuth.cpp
+--- a/netwerk/protocol/http/nsHttpDigestAuth.cpp
++++ b/netwerk/protocol/http/nsHttpDigestAuth.cpp
+@@ -2,30 +2,32 @@
+  *
+  * This Source Code Form is subject to the terms of the Mozilla Public
+  * License, v. 2.0. If a copy of the MPL was not distributed with this
+  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
+ // HttpLog.h should generally be included first
+ #include "HttpLog.h"
+ 
++#include "mozilla/Preferences.h"
+ #include "mozilla/Sprintf.h"
+ #include "mozilla/Unused.h"
+ 
+ #include "nsHttp.h"
+ #include "nsHttpDigestAuth.h"
+ #include "nsIHttpAuthenticableChannel.h"
+ #include "nsISupportsPrimitives.h"
+ #include "nsIURI.h"
+ #include "nsString.h"
+ #include "nsEscape.h"
+ #include "nsNetCID.h"
+ #include "nsCRT.h"
+ #include "nsICryptoHash.h"
+ #include "nsComponentManagerUtils.h"
++#include "pk11pub.h"
+ 
+ namespace mozilla {
+ namespace net {
+ 
+ //-----------------------------------------------------------------------------
+ // nsHttpDigestAuth <public>
+ //-----------------------------------------------------------------------------
+ 
+@@ -299,19 +301,28 @@ nsHttpDigestAuth::GenerateCredentials(ns
+   }
+   LOG(("   nonce_count=%s\n", nonce_count));
+ 
+   //
+   // this lets the client verify the server response (via a server
+   // returned Authentication-Info header). also used for session info.
+   //
+   nsAutoCString cnonce;
+-  static const char hexChar[] = "0123456789abcdef";
+-  for (int i=0; i<16; ++i) {
+-    cnonce.Append(hexChar[(int)(15.0 * rand()/(RAND_MAX + 1.0))]);
++  nsTArray<uint8_t> cnonceBuf;
++  int cnonceLength =
++     Preferences::GetInt("network.http.digest_auth_cnonce_length", 64);
++  if (cnonceLength < 4 || cnonceLength > 256) {
++    cnonceLength = 64;
++  }
++
++  cnonceBuf.SetLength(cnonceLength / 2);
++  PK11_GenerateRandom(reinterpret_cast<unsigned char*>(cnonceBuf.Elements()),
++                      cnonceBuf.Length());
++  for (auto byte : cnonceBuf) {
++    cnonce.AppendPrintf("%02x", byte);
+   }
+   LOG(("   cnonce=%s\n", cnonce.get()));
+ 
+   //
+   // calculate credentials
+   //
+ 
+   NS_ConvertUTF16toUTF8 cUser(username), cPass(password);

mozilla-release/patches/1892449-127a1.patch

@@ -0,0 +1,58 @@
+# HG changeset patch
+# User Kershaw Chang <kershaw@mozilla.com>
+# Date 1713783714 0
+# Node ID fbba7686c0b2d5bc3ebda66ecd3c8d0f29dfe35c
+# Parent  0a5642e202b542265ddc478ba070d7e0ed0b103a
+Bug 1892449 - Set network.http.digest_auth_cnonce_length to 16, r=necko-reviewers,valentin
+
+Apparently, setting this value to 64 breaks some sites. We should use the same length as Chrome.
+
+Differential Revision: https://phabricator.services.mozilla.com/D208103
+
+diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
+--- a/modules/libpref/init/all.js
++++ b/modules/libpref/init/all.js
+@@ -2012,17 +2012,17 @@ pref("network.http.tcp_keepalive.long_li
+ 
+ pref("network.http.enforce-framing.http1", false); // should be named "strict"
+ pref("network.http.enforce-framing.soft", true);
+ 
+ // Max size, in bytes, for received HTTP response header.
+ pref("network.http.max_response_header_size", 393216);
+ 
+ // The length of the cnonce string used in HTTP digest auth.
+-pref("network.http.digest_auth_cnonce_length", 64);
++pref("network.http.digest_auth_cnonce_length", 16);
+ 
+ // If we should attempt to race the cache and network
+ pref("network.http.rcwn.enabled", false);
+ pref("network.http.rcwn.cache_queue_normal_threshold", 8);
+ pref("network.http.rcwn.cache_queue_priority_threshold", 2);
+ // We might attempt to race the cache with the network only if a resource
+ // is smaller than this size.
+ pref("network.http.rcwn.small_resource_size_kb", 256);
+diff --git a/netwerk/protocol/http/nsHttpDigestAuth.cpp b/netwerk/protocol/http/nsHttpDigestAuth.cpp
+--- a/netwerk/protocol/http/nsHttpDigestAuth.cpp
++++ b/netwerk/protocol/http/nsHttpDigestAuth.cpp
+@@ -303,19 +303,19 @@ nsHttpDigestAuth::GenerateCredentials(ns
+ 
+   //
+   // this lets the client verify the server response (via a server
+   // returned Authentication-Info header). also used for session info.
+   //
+   nsAutoCString cnonce;
+   nsTArray<uint8_t> cnonceBuf;
+   int cnonceLength =
+-     Preferences::GetInt("network.http.digest_auth_cnonce_length", 64);
++     Preferences::GetInt("network.http.digest_auth_cnonce_length", 16);
+   if (cnonceLength < 4 || cnonceLength > 256) {
+-    cnonceLength = 64;
++    cnonceLength = 16;
+   }
+ 
+   cnonceBuf.SetLength(cnonceLength / 2);
+   PK11_GenerateRandom(reinterpret_cast<unsigned char*>(cnonceBuf.Elements()),
+                       cnonceBuf.Length());
+   for (auto byte : cnonceBuf) {
+     cnonce.AppendPrintf("%02x", byte);
+   }

mozilla-release/patches/1893891-127a1.patch

@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Jonathan Kew <jkew@mozilla.com>
+# Date 1714496742 0
+# Node ID c91b19ecb5d383d4d739efda8ba70cddf750599f
+# Parent  7e1f20c0eb4b8e89a0763b37dadf53b8044387f8
+Bug 1893891 - Clear mSharedBlobData if blob creation failed. r=gfx-reviewers,lsalzman
+
+Differential Revision: https://phabricator.services.mozilla.com/D208983
+
+diff --git a/gfx/thebes/gfxFontEntry.cpp b/gfx/thebes/gfxFontEntry.cpp
+--- a/gfx/thebes/gfxFontEntry.cpp
++++ b/gfx/thebes/gfxFontEntry.cpp
+@@ -495,18 +495,19 @@ ShareTableAndGetBlob(nsTArray<uint8_t>&&
+     mSharedBlobData = new FontTableBlobData(std::move(aTable));
+ 
+     mBlob = hb_blob_create(mSharedBlobData->GetTable(),
+                            mSharedBlobData->GetTableLength(),
+                            HB_MEMORY_MODE_READONLY,
+                            mSharedBlobData, DeleteFontTableBlobData);
+     if (mBlob == hb_blob_get_empty() ) {
+         // The FontTableBlobData was destroyed during hb_blob_create().
+-        // The (empty) blob is still be held in the hashtable with a strong
++        // The (empty) blob will still be held in the hashtable with a strong
+         // reference.
++        mSharedBlobData = nullptr;
+         return hb_blob_reference(mBlob);
+     }
+ 
+     // Tell the FontTableBlobData to remove this hash entry when destroyed.
+     // The hashtable does not keep a strong reference.
+     mSharedBlobData->ManageHashEntry(aHashtable, GetKey());
+     return mBlob;
+ }

mozilla-release/patches/series

@@ -7011,3 +7011,6 @@ TOP-NOBUG-seamonkey-credits.patch
 1713613-2-91a1.patch
 1713613-3-91a1.patch
 1713610-91a1.patch
+1870579-126a1.patch
+1892449-127a1.patch
+1893891-127a1.patch