From 89e58e8e8c941b74f2280f40a1204ba97fd9a323 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Wed, 9 Mar 2016 15:19:50 -0500
Subject: libotr: Update to 4.1.1 [fixes CVE-2016-2851].

* gnu/packages/messaging.scm (libotr): Update to 4.1.1.
[native-inputs]: New field.
---
 gnu/packages/messaging.scm | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 076c4dcdc6..6e1c474876 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -63,17 +63,19 @@
 (define-public libotr
   (package
     (name "libotr")
-    (version "4.1.0")
+    (version "4.1.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://otr.cypherpunks.ca/libotr-"
                                   version ".tar.gz"))
               (sha256
-               (base32 "0c6rkh58s6wqzcrpccwdik5qs91qj6dgd60a340d72gc80cqknsg"))))
+               (base32
+                "1x8rliydhbibmzwdbyr7pd7n87m2jmxnqkpvaalnf4154hj1hfwb"))))
     (build-system gnu-build-system)
     (propagated-inputs
      `(("libgcrypt" ,libgcrypt)))  ; libotr headers include gcrypt.h
     (inputs `(("libgpg-error" ,libgpg-error)))
+    (native-inputs `(("perl" ,perl))) ; for the test suite
     (synopsis "Off-the-Record (OTR) Messaging Library and Toolkit")
     (description
      "OTR allows you to have private conversations over instant messaging by
-- 
cgit v1.2.3


From 5adb3a4db4f75a3d9e8e469e9c9c97e9c6809bba Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Wed, 9 Mar 2016 21:31:02 +0100
Subject: gnu: libotr: Remove version 3.2.1.

* gnu/packages/messaging.scm (libotr-3): Remove variable.
---
 gnu/packages/messaging.scm | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 6e1c474876..64c57b12eb 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -90,16 +90,6 @@ keys, no previous conversation is compromised.")
     (home-page "https://otr.cypherpunks.ca/")
     (license (list lgpl2.1 gpl2))))
 
-(define-public libotr-3
-  (package (inherit libotr)
-    (version "3.2.1")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://otr.cypherpunks.ca/libotr-"
-                                  version ".tar.gz"))
-              (sha256
-               (base32 "1x6dd4rh499hdraiqfhz81igrj0a5rs0gjhc8l4sljwqhjjyla6l"))))))
-
 (define-public bitlbee
   (package
     (name "bitlbee")
-- 
cgit v1.2.3


From f97334220ce80952cffa03e5985502c9c0f63599 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Wed, 9 Mar 2016 15:49:33 -0500
Subject: gnu: pidgin-otr: Update to 4.0.2.

* gnu/packages/messaging.scm (pidgin-otr): Update to 4.0.2.
---
 gnu/packages/messaging.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 64c57b12eb..dccb6dbc34 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -318,14 +318,14 @@ chat protocols.")
 (define-public pidgin-otr
   (package
     (name "pidgin-otr")
-    (version "4.0.1")
+    (version "4.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://otr.cypherpunks.ca/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "02pkkf86fh5jvzsdn9y78impsgzj1n0p81kc2girvk3vq941yy0v"))))
+                "1i5s9rrgbyss9rszq6c6y53hwqyw1k86s40cpsfx5ccl9bprxdgl"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
-- 
cgit v1.2.3


From fb9ca51130a6939a665dccbc331de3e30cf8dd88 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>
Date: Tue, 8 Mar 2016 23:04:35 +0100
Subject: gnu: simple-scan: Update to 3.19.91.

* gnu/packages/gnome.scm (simple-scan): Update to 3.19.91.
[arguments]: Add 'clean' phase.
---
 gnu/packages/gnome.scm | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index c945c0e658..0f37f90cbd 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -3382,7 +3382,7 @@ USB transfers with your high-level application or system daemon.")
 (define-public simple-scan
   (package
     (name "simple-scan")
-    (version "3.17.4")
+    (version "3.19.91")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://launchpad.net/simple-scan/"
@@ -3391,7 +3391,7 @@ USB transfers with your high-level application or system daemon.")
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1pslbv45g01g039zj2b01k08f763kkhzqw8wwz7yh27m7bjllnx6"))))
+                "1c5glf5vxgld41w4jxfqcv17q76qnh43fawpv33hncgh8d283xkf"))))
     (build-system glib-or-gtk-build-system)
     (inputs
      `(("gtk" ,gtk+)
@@ -3409,6 +3409,21 @@ USB transfers with your high-level application or system daemon.")
        ("pkg-config" ,pkg-config)
        ("vala" ,vala)
        ("xmllint" ,libxml2)))
+    (arguments
+     '(#:configure-flags '("--disable-packagekit")
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'clean
+                    (lambda _
+                      ;; Remove a left-over reference to PackageKit.
+
+                      ;; https://bugs.launchpad.net/simple-scan/+bug/1462769
+
+                      ;; There are some generated C files erroneously
+                      ;; included in the source distribution, and this
+                      ;; one breaks the build by referring to a
+                      ;; non-existent header (packagekit.h)
+                      (delete-file "src/ui.c"))))))
     (home-page "https://launchpad.net/simple-scan")
     (synopsis "Document and image scanner")
     (description "Simple Scan is an easy-to-use application, designed to let
-- 
cgit v1.2.3


From 289adba7a374d73433e89673f0d202a4b769b568 Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Sat, 5 Mar 2016 21:41:03 +0100
Subject: gnu: gnuplot: Use texlive-minimal instead of texlive-bin.

* gnu/packages/maths.scm (gnuplot)[inputs]: Replace texlive-bin by
  texlive-minimal.
---
 gnu/packages/maths.scm | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 6a9715db73..159e26fc51 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -354,9 +354,7 @@ singular value problems.")
               ("pango" ,pango)
               ("gd" ,gd)))
     (native-inputs `(("pkg-config" ,pkg-config)
-                     ;; Need 'tex', 'latex', 'pdflatex', 'kpsexand', and
-                     ;; 'texhash' binaries.
-                     ("texlive" ,texlive-bin)))
+                     ("texlive" ,texlive-minimal)))
     (home-page "http://www.gnuplot.info")
     (synopsis "Command-line driven graphing utility")
     (description "Gnuplot is a portable command-line driven graphing
-- 
cgit v1.2.3


From aad375c9bcb1b0b79141c2cf42a6dbc55f7a9e4f Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Sat, 5 Mar 2016 22:15:45 +0100
Subject: gnu: statistics: Remove import of unused texlive module.

* gnu/packages/statistics.scm: Do not import (gnu packages texlive).
---
 gnu/packages/statistics.scm | 1 -
 1 file changed, 1 deletion(-)

(limited to 'gnu')

diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index b30a718ac1..3d445332b8 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -44,7 +44,6 @@
   #:use-module (gnu packages python)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages ssh)
-  #:use-module (gnu packages texlive)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages base)
-- 
cgit v1.2.3


From fde60603474cc7665b226436ecf7f75edf6219a5 Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Wed, 9 Mar 2016 20:21:30 +0100
Subject: gnu: po4a: Use texlive-minimal instead of texlive-bin.

* gnu/packages/gettext.scm (po4a)[inputs]: Replace texlive-bin by
  texlive-minimal.
---
 gnu/packages/gettext.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'gnu')

diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm
index 7cd1ab73e7..50d480a4ad 100644
--- a/gnu/packages/gettext.scm
+++ b/gnu/packages/gettext.scm
@@ -144,7 +144,7 @@ catalogs.  Nearly all GNU packages use Gettext.")
        ("perl-module-build" ,perl-module-build)
        ("docbook-xsl" ,docbook-xsl)
        ("docbook-xml" ,docbook-xml) ;for tests
-       ("texlive-bin" ,texlive-bin) ;for tests
+       ("texlive" ,texlive-minimal) ;for tests
        ("libxml2" ,libxml2)
        ("xsltproc" ,libxslt)))
     (home-page "http://po4a.alioth.debian.org/")
-- 
cgit v1.2.3


From 8bcdc23fd0476ed56a91cb8a4c0a115fd7194e2d Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Wed, 9 Mar 2016 22:31:23 +0100
Subject: gnu: texlive: Make texlive-bin and texlive-texmf private.

* gnu/packages/texlive.scm (texlive-bin, texlive-texmf): Define the variables
  as non-public; they should not be installed into a profile.
---
 gnu/packages/texlive.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/texlive.scm b/gnu/packages/texlive.scm
index d8200846ac..cbcb6c87fc 100644
--- a/gnu/packages/texlive.scm
+++ b/gnu/packages/texlive.scm
@@ -64,7 +64,7 @@
     (sha256 (base32
               "1a3hpcg6x69ysqx432v6sk4alg0x34813cwk41frmvzprdajpyqy"))))
 
-(define-public texlive-bin
+(define texlive-bin
   (package
    (name "texlive-bin")
    (version "2015")
@@ -166,7 +166,7 @@ This package contains the binaries.")
    (license (license:fsf-free "http://tug.org/texlive/copying.html"))
    (home-page "http://www.tug.org/texlive/")))
 
-(define-public texlive-texmf
+(define texlive-texmf
   (package
    (name "texlive-texmf")
    (version "2015")
-- 
cgit v1.2.3


From ce6027bf43210d0b68bb26dbf110ca6c47aa8478 Mon Sep 17 00:00:00 2001
From: 宋文武 <iyzsong@gmail.com>
Date: Wed, 9 Mar 2016 13:17:48 +0800
Subject: gnu: nautilus: Don't propagate gtk+.

* gnu/packages/gnome.scm (nautilus): Move gtk+ from propagated-inputs to inputs.
---
 gnu/packages/gnome.scm | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 0f37f90cbd..a26b609c19 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -4650,13 +4650,17 @@ as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
        ("gobject-introspection" ,gobject-introspection)
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
-    (propagated-inputs
-     `(("gtk+" ,gtk+))) ; required by libnautilus-extension.pc
     (inputs
      ;; TODO: add gvfs support.
      `(("dconf" ,dconf)
        ("exempi" ,exempi)
        ("gnome-desktop" ,gnome-desktop)
+       ;; XXX: gtk+ is required by libnautilus-extension.pc
+       ;;
+       ;; Don't propagate it to reduces "profile pollution" of the 'gnome' meta
+       ;; package.  See:
+       ;; <http://lists.gnu.org/archive/html/guix-devel/2016-03/msg00283.html>.
+       ("gtk+" ,gtk+)
        ("libexif" ,libexif)
        ("libxml2" ,libxml2)))
     (synopsis "File manager for GNOME")
-- 
cgit v1.2.3


From 82f145ef7aef8f4d28a144ee8efcadf3fdd4b877 Mon Sep 17 00:00:00 2001
From: Ricardo Wurmus <rekado@elephly.net>
Date: Thu, 10 Mar 2016 07:05:08 +0100
Subject: gnu: custom-gcc: Delete broken or conflicting executables.

* gnu/packages/gcc.scm (custom-gcc)[arguments]: Add phase to remove
executables that are non-functional or conflict with the executables of
"gcc".
---
 gnu/packages/gcc.scm | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index e15b07752b..73c6d488fb 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2014, 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
 ;;;
@@ -440,7 +440,15 @@ as the 'native-search-paths' field."
         `(cons (string-append "--enable-languages="
                               ,(string-join languages ","))
                (remove (cut string-match "--enable-languages.*" <>)
-                       ,flags)))))))
+                       ,flags)))
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-after 'install 'remove-broken-or-conflicting-files
+             (lambda* (#:key outputs #:allow-other-keys)
+               (for-each delete-file
+                         (find-files (string-append (assoc-ref outputs "out") "/bin")
+                                     ".*(c\\+\\+|cpp|g\\+\\+|gcov|gcc.*)"))
+               #t))))))))
 
 (define %generic-search-paths
   ;; This is the language-neutral search path for GCC.  Entries in $CPATH are
-- 
cgit v1.2.3


From 0d88031c2f35f69e3a6978482b45c75ac15f383a Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 10 Mar 2016 09:29:55 +0200
Subject: gnu: bind-utils: Update to 9.10.3-P4 [fixes CVE-2016-1285,
 CVE-2016-1286].

* gnu/packages/dns.scm (bind-utils): Update to 9.10.3-P4.
---
 gnu/packages/dns.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index ef07f30adf..5c0bfc3f87 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -65,14 +66,14 @@ and BOOTP/TFTP for network booting of diskless machines.")
 (define-public bind-utils
   (package
     (name "bind-utils")
-    (version "9.10.3-P3")
+    (version "9.10.3-P4")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://ftp.isc.org/isc/bind9/" version
                                   "/bind-" version ".tar.gz"))
               (sha256
                (base32
-                "10yblk8qbb85qxakzdjy5qmqvqj4rlcqsqvlkriglampzg8i0239"))))
+                "0giys46ifypysf799w9v58kbaz1v3fbdzw3s212znifzzfsl9h1a"))))
     (build-system gnu-build-system)
     (inputs
      ;; it would be nice to add GeoIP and gssapi once there is package
-- 
cgit v1.2.3


From 2f9862ffd0cdcfbd05bc5baaaae9bbd499b1d7d8 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 10 Mar 2016 09:49:04 +0200
Subject: gnu: isc-dhcp: Update bundled bind to 9.9.8-P4 [fixes CVE-2016-1285,
 CVE-2016-1286].

* gnu/packages/admin.scm (isc-dhcp): Update bundled bind to 9.9.8-P4.
---
 gnu/packages/admin.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index b0b2046d2e..69802e9a36 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -424,7 +425,7 @@ connection alive.")
          (bind-minor-version "9")
          (bind-patch-version "8")
          (bind-release-type "-P")
-         (bind-release-version "3")
+         (bind-release-version "4")
          (bind-version (string-append bind-major-version
                                       "."
                                       bind-minor-version
@@ -540,7 +541,7 @@ connection alive.")
                                         "/bind-" bind-version ".tar.gz"))
                     (sha256
                      (base32
-                      "01qa17479jghy90lb2j8b1bpg3ay6k6aaajpigyirwzsvyc9yj3a"))))
+                      "1wl9kl0630dc1qjrf7fnp8cscagfm5qgmisi0zhr1p6iwi9bil2y"))))
 
                 ;; When cross-compiling, we need the cross Coreutils and sed.
                 ;; Otherwise just use those from %FINAL-INPUTS.
-- 
cgit v1.2.3


From c3499ad6b8cfdf1c6b09aa51f9f681a5be6c8962 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Thu, 10 Mar 2016 02:57:05 -0500
Subject: gnu: icecat: Add several security fixes.

* gnu/packages/patches/icecat-CVE-2015-4477.patch,
gnu/packages/patches/icecat-CVE-2015-7207.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch,
gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch,
gnu/packages/patches/icecat-CVE-2016-1954.patch,
gnu/packages/patches/icecat-CVE-2016-1960.patch,
gnu/packages/patches/icecat-CVE-2016-1961.patch,
gnu/packages/patches/icecat-CVE-2016-1962.patch,
gnu/packages/patches/icecat-CVE-2016-1964.patch,
gnu/packages/patches/icecat-CVE-2016-1965.patch,
gnu/packages/patches/icecat-CVE-2016-1966.patch,
gnu/packages/patches/icecat-CVE-2016-1974.patch,
gnu/packages/patches/icecat-bug-1248851.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
---
 gnu-system.am                                      |   17 +
 gnu/packages/gnuzilla.scm                          |   19 +-
 gnu/packages/patches/icecat-CVE-2015-4477.patch    |   37 +
 gnu/packages/patches/icecat-CVE-2015-7207.patch    | 1140 ++++++++++++++++++++
 .../patches/icecat-CVE-2016-1952-pt01.patch        |  356 ++++++
 .../patches/icecat-CVE-2016-1952-pt02.patch        |   58 +
 .../patches/icecat-CVE-2016-1952-pt03.patch        |   60 ++
 .../patches/icecat-CVE-2016-1952-pt04.patch        |   53 +
 .../patches/icecat-CVE-2016-1952-pt05.patch        |   32 +
 .../patches/icecat-CVE-2016-1952-pt06.patch        |  103 ++
 gnu/packages/patches/icecat-CVE-2016-1954.patch    |   32 +
 gnu/packages/patches/icecat-CVE-2016-1960.patch    |   55 +
 gnu/packages/patches/icecat-CVE-2016-1961.patch    |   33 +
 gnu/packages/patches/icecat-CVE-2016-1962.patch    |  107 ++
 gnu/packages/patches/icecat-CVE-2016-1964.patch    |   54 +
 gnu/packages/patches/icecat-CVE-2016-1965.patch    |   44 +
 gnu/packages/patches/icecat-CVE-2016-1966.patch    |   36 +
 gnu/packages/patches/icecat-CVE-2016-1974.patch    |  530 +++++++++
 gnu/packages/patches/icecat-bug-1248851.patch      |   37 +
 19 files changed, 2802 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/icecat-CVE-2015-4477.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2015-7207.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1954.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1960.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1961.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1962.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1964.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1965.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1966.patch
 create mode 100644 gnu/packages/patches/icecat-CVE-2016-1974.patch
 create mode 100644 gnu/packages/patches/icecat-bug-1248851.patch

(limited to 'gnu')

diff --git a/gnu-system.am b/gnu-system.am
index 4566ecac7d..2ca703c58f 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -528,6 +528,23 @@ dist_patch_DATA =						\
   gnu/packages/patches/icecat-update-graphite2.patch		\
   gnu/packages/patches/icecat-update-graphite2-pt2.patch	\
   gnu/packages/patches/icecat-re-enable-DHE-cipher-suites.patch	\
+  gnu/packages/patches/icecat-CVE-2015-4477.patch		\
+  gnu/packages/patches/icecat-CVE-2015-7207.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1954.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1960.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1961.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1962.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1964.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1965.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1966.patch		\
+  gnu/packages/patches/icecat-CVE-2016-1974.patch		\
+  gnu/packages/patches/icecat-bug-1248851.patch			\
   gnu/packages/patches/icu4c-CVE-2014-6585.patch		\
   gnu/packages/patches/icu4c-CVE-2015-1270.patch		\
   gnu/packages/patches/icu4c-CVE-2015-4760.patch		\
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 1a2057a343..b4892d77cd 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -291,7 +291,24 @@ standards.")
                     '("icecat-avoid-bundled-includes.patch"
                       "icecat-re-enable-DHE-cipher-suites.patch"
                       "icecat-update-graphite2.patch"
-                      "icecat-update-graphite2-pt2.patch")))
+                      "icecat-update-graphite2-pt2.patch"
+                      "icecat-CVE-2015-4477.patch"
+                      "icecat-CVE-2015-7207.patch"
+                      "icecat-CVE-2016-1952-pt01.patch"
+                      "icecat-CVE-2016-1952-pt02.patch"
+                      "icecat-CVE-2016-1952-pt03.patch"
+                      "icecat-CVE-2016-1952-pt04.patch"
+                      "icecat-CVE-2016-1952-pt05.patch"
+                      "icecat-CVE-2016-1952-pt06.patch"
+                      "icecat-CVE-2016-1954.patch"
+                      "icecat-CVE-2016-1960.patch"
+                      "icecat-CVE-2016-1961.patch"
+                      "icecat-CVE-2016-1962.patch"
+                      "icecat-CVE-2016-1964.patch"
+                      "icecat-CVE-2016-1965.patch"
+                      "icecat-CVE-2016-1966.patch"
+                      "icecat-CVE-2016-1974.patch"
+                      "icecat-bug-1248851.patch")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/patches/icecat-CVE-2015-4477.patch b/gnu/packages/patches/icecat-CVE-2015-4477.patch
new file mode 100644
index 0000000000..c010c5ecec
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-4477.patch
@@ -0,0 +1,37 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/beae8783b8c2
+
+# HG changeset patch
+# User Paul Adenot <paul@paul.cx>
+# Date 1456422965 0
+# Node ID beae8783b8c2c672da12a95c70ae663cbd0d5016
+# Parent  3a606f8182c82480f8f350b622ab55a170ec1eb6
+Bug 1179484. r=roc
+
+MozReview-Commit-ID: HNaYLyMe3sM
+
+diff --git a/dom/media/webaudio/MediaStreamAudioDestinationNode.cpp b/dom/media/webaudio/MediaStreamAudioDestinationNode.cpp
+--- a/dom/media/webaudio/MediaStreamAudioDestinationNode.cpp
++++ b/dom/media/webaudio/MediaStreamAudioDestinationNode.cpp
+@@ -69,16 +69,20 @@ MediaStreamAudioDestinationNode::MediaSt
+               ChannelInterpretation::Speakers)
+   , mDOMStream(DOMAudioNodeMediaStream::CreateTrackUnionStream(GetOwner(),
+                                                                this))
+ {
+   TrackUnionStream* tus = static_cast<TrackUnionStream*>(mDOMStream->GetStream());
+   MOZ_ASSERT(tus == mDOMStream->GetStream()->AsProcessedStream());
+   tus->SetTrackIDFilter(FilterAudioNodeStreamTrack);
+ 
++  if (aContext->Graph() != tus->Graph()) {
++    return;
++  }
++
+   MediaStreamDestinationEngine* engine = new MediaStreamDestinationEngine(this, tus);
+   mStream = aContext->Graph()->CreateAudioNodeStream(engine, MediaStreamGraph::INTERNAL_STREAM);
+   mPort = tus->AllocateInputPort(mStream, 0);
+ 
+   nsIDocument* doc = aContext->GetParentObject()->GetExtantDoc();
+   if (doc) {
+     mDOMStream->CombineWithPrincipal(doc->NodePrincipal());
+   }
+
diff --git a/gnu/packages/patches/icecat-CVE-2015-7207.patch b/gnu/packages/patches/icecat-CVE-2015-7207.patch
new file mode 100644
index 0000000000..db5fc6ce66
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-7207.patch
@@ -0,0 +1,1140 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/532544c91db7
+
+# HG changeset patch
+# User Dragana Damjanovic <dd.mozilla@gmail.com>
+# Date 1456962626 28800
+# Node ID 532544c91db7f13c39be1b7b7c4461cd03126e9c
+# Parent  f4220254d5bd0851a439467da39ba431e0ce2804
+Bug 1185256 - Save originURI to the history. r=bz ba=ritu
+
+MozReview-Commit-ID: Lvh9C84RQUc
+
+diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
+--- a/docshell/base/nsDocShell.cpp
++++ b/docshell/base/nsDocShell.cpp
+@@ -1020,16 +1020,17 @@ nsDocShell::DestroyChildren()
+ //*****************************************************************************
+ // nsDocShell::nsISupports
+ //*****************************************************************************
+ 
+ NS_IMPL_ADDREF_INHERITED(nsDocShell, nsDocLoader)
+ NS_IMPL_RELEASE_INHERITED(nsDocShell, nsDocLoader)
+ 
+ NS_INTERFACE_MAP_BEGIN(nsDocShell)
++  NS_INTERFACE_MAP_ENTRY(nsIDocShell_ESR38_2)
+   NS_INTERFACE_MAP_ENTRY(nsIDocShell_ESR38)
+   NS_INTERFACE_MAP_ENTRY(nsIDocShell)
+   NS_INTERFACE_MAP_ENTRY(nsIDocShellTreeItem)
+   NS_INTERFACE_MAP_ENTRY(nsIWebNavigation)
+   NS_INTERFACE_MAP_ENTRY(nsIBaseWindow)
+   NS_INTERFACE_MAP_ENTRY(nsIScrollable)
+   NS_INTERFACE_MAP_ENTRY(nsITextScroll)
+   NS_INTERFACE_MAP_ENTRY(nsIDocCharset)
+@@ -1372,16 +1373,17 @@ nsDocShell::LoadURI(nsIURI* aURI,
+     return NS_OK; // JS may not handle returning of an error code
+   }
+ 
+   if (DoAppRedirectIfNeeded(aURI, aLoadInfo, aFirstParty)) {
+     return NS_OK;
+   }
+ 
+   nsCOMPtr<nsIURI> referrer;
++  nsCOMPtr<nsIURI> originalURI;
+   nsCOMPtr<nsIInputStream> postStream;
+   nsCOMPtr<nsIInputStream> headersStream;
+   nsCOMPtr<nsISupports> owner;
+   bool inheritOwner = false;
+   bool ownerIsExplicit = false;
+   bool sendReferrer = true;
+   uint32_t referrerPolicy = mozilla::net::RP_Default;
+   bool isSrcdoc = false;
+@@ -1398,16 +1400,20 @@ nsDocShell::LoadURI(nsIURI* aURI,
+   if (!StartupTimeline::HasRecord(StartupTimeline::FIRST_LOAD_URI) &&
+       mItemType == typeContent && !NS_IsAboutBlank(aURI)) {
+     StartupTimeline::RecordOnce(StartupTimeline::FIRST_LOAD_URI);
+   }
+ 
+   // Extract the info from the DocShellLoadInfo struct...
+   if (aLoadInfo) {
+     aLoadInfo->GetReferrer(getter_AddRefs(referrer));
++    nsCOMPtr<nsIDocShellLoadInfo_ESR38> liESR38 = do_QueryInterface(aLoadInfo);
++    if (liESR38) {
++      liESR38->GetOriginalURI(getter_AddRefs(originalURI));
++    }
+ 
+     nsDocShellInfoLoadType lt = nsIDocShellLoadInfo::loadNormal;
+     aLoadInfo->GetLoadType(&lt);
+     // Get the appropriate loadType from nsIDocShellLoadInfo type
+     loadType = ConvertDocShellLoadInfoToLoadType(lt);
+ 
+     aLoadInfo->GetOwner(getter_AddRefs(owner));
+     aLoadInfo->GetInheritOwner(&inheritOwner);
+@@ -1652,34 +1658,35 @@ nsDocShell::LoadURI(nsIURI* aURI,
+   if (aLoadFlags & LOAD_FLAGS_FORCE_ALLOW_COOKIES) {
+     flags |= INTERNAL_LOAD_FLAGS_FORCE_ALLOW_COOKIES;
+   }
+ 
+   if (isSrcdoc) {
+     flags |= INTERNAL_LOAD_FLAGS_IS_SRCDOC;
+   }
+ 
+-  return InternalLoad(aURI,
+-                      referrer,
+-                      referrerPolicy,
+-                      owner,
+-                      flags,
+-                      target.get(),
+-                      nullptr,      // No type hint
+-                      NullString(), // No forced download
+-                      postStream,
+-                      headersStream,
+-                      loadType,
+-                      nullptr, // No SHEntry
+-                      aFirstParty,
+-                      srcdoc,
+-                      sourceDocShell,
+-                      baseURI,
+-                      nullptr,  // No nsIDocShell
+-                      nullptr); // No nsIRequest
++  return InternalLoad2(aURI,
++                       originalURI,
++                       referrer,
++                       referrerPolicy,
++                       owner,
++                       flags,
++                       target.get(),
++                       nullptr,      // No type hint
++                       NullString(), // No forced download
++                       postStream,
++                       headersStream,
++                       loadType,
++                       nullptr, // No SHEntry
++                       aFirstParty,
++                       srcdoc,
++                       sourceDocShell,
++                       baseURI,
++                       nullptr,  // No nsIDocShell
++                       nullptr); // No nsIRequest
+ }
+ 
+ NS_IMETHODIMP
+ nsDocShell::LoadStream(nsIInputStream* aStream, nsIURI* aURI,
+                        const nsACString& aContentType,
+                        const nsACString& aContentCharset,
+                        nsIDocShellLoadInfo* aLoadInfo)
+ {
+@@ -5398,21 +5405,21 @@ nsDocShell::LoadErrorPage(nsIURI* aURI, 
+   // end of the URL, so append it last.
+   errorPageUrl.AppendLiteral("&d=");
+   errorPageUrl.AppendASCII(escapedDescription.get());
+ 
+   nsCOMPtr<nsIURI> errorPageURI;
+   rv = NS_NewURI(getter_AddRefs(errorPageURI), errorPageUrl);
+   NS_ENSURE_SUCCESS(rv, rv);
+ 
+-  return InternalLoad(errorPageURI, nullptr, mozilla::net::RP_Default,
+-                      nullptr, INTERNAL_LOAD_FLAGS_INHERIT_OWNER, nullptr,
+-                      nullptr, NullString(), nullptr, nullptr, LOAD_ERROR_PAGE,
+-                      nullptr, true, NullString(), this, nullptr, nullptr,
+-                      nullptr);
++  return InternalLoad2(errorPageURI, nullptr, nullptr, mozilla::net::RP_Default,
++                       nullptr, INTERNAL_LOAD_FLAGS_INHERIT_OWNER, nullptr,
++                       nullptr, NullString(), nullptr, nullptr, LOAD_ERROR_PAGE,
++                       nullptr, true, NullString(), this, nullptr, nullptr,
++                       nullptr);
+ }
+ 
+ NS_IMETHODIMP
+ nsDocShell::Reload(uint32_t aReloadFlags)
+ {
+   if (!IsNavigationAllowed()) {
+     return NS_OK; // JS may not handle returning of an error code
+   }
+@@ -5448,44 +5455,54 @@ nsDocShell::Reload(uint32_t aReloadFlags
+     nsCOMPtr<nsIDocument> doc(GetDocument());
+ 
+     // Do not inherit owner from document
+     uint32_t flags = INTERNAL_LOAD_FLAGS_NONE;
+     nsAutoString srcdoc;
+     nsIPrincipal* principal = nullptr;
+     nsAutoString contentTypeHint;
+     nsCOMPtr<nsIURI> baseURI;
++    nsCOMPtr<nsIURI> originalURI;
+     if (doc) {
+       principal = doc->NodePrincipal();
+       doc->GetContentType(contentTypeHint);
+ 
+       if (doc->IsSrcdocDocument()) {
+         doc->GetSrcdocData(srcdoc);
+         flags |= INTERNAL_LOAD_FLAGS_IS_SRCDOC;
+         baseURI = doc->GetBaseURI();
+       }
+-    }
+-    rv = InternalLoad(mCurrentURI,
+-                      mReferrerURI,
+-                      mReferrerPolicy,
+-                      principal,
+-                      flags,
+-                      nullptr,         // No window target
+-                      NS_LossyConvertUTF16toASCII(contentTypeHint).get(),
+-                      NullString(),    // No forced download
+-                      nullptr,         // No post data
+-                      nullptr,         // No headers data
+-                      loadType,        // Load type
+-                      nullptr,         // No SHEntry
+-                      true,
+-                      srcdoc,          // srcdoc argument for iframe
+-                      this,            // For reloads we are the source
+-                      baseURI,
+-                      nullptr,         // No nsIDocShell
+-                      nullptr);        // No nsIRequest
++      nsCOMPtr<nsIChannel> chan = doc->GetChannel();
++      if (chan) {
++        nsCOMPtr<nsIHttpChannel> httpChan(do_QueryInterface(chan));
++        if (httpChan) {
++          httpChan->GetOriginalURI(getter_AddRefs(originalURI));
++        }
++      } 
++    }
++
++    rv = InternalLoad2(mCurrentURI,
++                       originalURI,
++                       mReferrerURI,
++                       mReferrerPolicy,
++                       principal,
++                       flags,
++                       nullptr,         // No window target
++                       NS_LossyConvertUTF16toASCII(contentTypeHint).get(),
++                       NullString(),    // No forced download
++                       nullptr,         // No post data
++                       nullptr,         // No headers data
++                       loadType,        // Load type
++                       nullptr,         // No SHEntry
++                       true,
++                       srcdoc,          // srcdoc argument for iframe
++                       this,            // For reloads we are the source
++                       baseURI,
++                       nullptr,         // No nsIDocShell
++                       nullptr);        // No nsIRequest
+   }
+ 
+   return rv;
+ }
+ 
+ NS_IMETHODIMP
+ nsDocShell::Stop(uint32_t aStopFlags)
+ {
+@@ -9463,27 +9480,28 @@ CopyFavicon(nsIURI* aOldURI, nsIURI* aNe
+ #endif
+ }
+ 
+ } // anonymous namespace
+ 
+ class InternalLoadEvent : public nsRunnable
+ {
+ public:
+-  InternalLoadEvent(nsDocShell* aDocShell, nsIURI* aURI,
++  InternalLoadEvent(nsDocShell* aDocShell, nsIURI* aURI, nsIURI* aOriginalURI,
+                     nsIURI* aReferrer, uint32_t aReferrerPolicy,
+                     nsISupports* aOwner, uint32_t aFlags,
+                     const char* aTypeHint, nsIInputStream* aPostData,
+                     nsIInputStream* aHeadersData, uint32_t aLoadType,
+                     nsISHEntry* aSHEntry, bool aFirstParty,
+                     const nsAString& aSrcdoc, nsIDocShell* aSourceDocShell,
+                     nsIURI* aBaseURI)
+     : mSrcdoc(aSrcdoc)
+     , mDocShell(aDocShell)
+     , mURI(aURI)
++    , mOriginalURI(aOriginalURI)
+     , mReferrer(aReferrer)
+     , mReferrerPolicy(aReferrerPolicy)
+     , mOwner(aOwner)
+     , mPostData(aPostData)
+     , mHeadersData(aHeadersData)
+     , mSHEntry(aSHEntry)
+     , mFlags(aFlags)
+     , mLoadType(aLoadType)
+@@ -9494,34 +9512,36 @@ public:
+     // Make sure to keep null things null as needed
+     if (aTypeHint) {
+       mTypeHint = aTypeHint;
+     }
+   }
+ 
+   NS_IMETHOD Run()
+   {
+-    return mDocShell->InternalLoad(mURI, mReferrer,
+-                                   mReferrerPolicy,
+-                                   mOwner, mFlags,
+-                                   nullptr, mTypeHint.get(),
+-                                   NullString(), mPostData, mHeadersData,
+-                                   mLoadType, mSHEntry, mFirstParty,
+-                                   mSrcdoc, mSourceDocShell, mBaseURI,
+-                                   nullptr, nullptr);
++    return mDocShell->InternalLoad2(mURI, mOriginalURI,
++                                    mReferrer,
++                                    mReferrerPolicy,
++                                    mOwner, mFlags,
++                                    nullptr, mTypeHint.get(),
++                                    NullString(), mPostData, mHeadersData,
++                                    mLoadType, mSHEntry, mFirstParty,
++                                    mSrcdoc, mSourceDocShell, mBaseURI,
++                                    nullptr, nullptr);
+   }
+ 
+ private:
+   // Use IDL strings so .get() returns null by default
+   nsXPIDLString mWindowTarget;
+   nsXPIDLCString mTypeHint;
+   nsString mSrcdoc;
+ 
+   nsRefPtr<nsDocShell> mDocShell;
+   nsCOMPtr<nsIURI> mURI;
++  nsCOMPtr<nsIURI> mOriginalURI;
+   nsCOMPtr<nsIURI> mReferrer;
+   uint32_t mReferrerPolicy;
+   nsCOMPtr<nsISupports> mOwner;
+   nsCOMPtr<nsIInputStream> mPostData;
+   nsCOMPtr<nsIInputStream> mHeadersData;
+   nsCOMPtr<nsISHEntry> mSHEntry;
+   uint32_t mFlags;
+   uint32_t mLoadType;
+@@ -9584,16 +9604,43 @@ nsDocShell::InternalLoad(nsIURI* aURI,
+                          nsISHEntry* aSHEntry,
+                          bool aFirstParty,
+                          const nsAString& aSrcdoc,
+                          nsIDocShell* aSourceDocShell,
+                          nsIURI* aBaseURI,
+                          nsIDocShell** aDocShell,
+                          nsIRequest** aRequest)
+ {
++  return InternalLoad2(aURI, nullptr, aReferrer, aReferrerPolicy, aOwner,
++                       aFlags, aWindowTarget, aTypeHint, aFileName, aPostData,
++                       aHeadersData, aLoadType, aSHEntry, aFirstParty, aSrcdoc,
++                       aSourceDocShell, aBaseURI, aDocShell, aRequest);
++}
++
++NS_IMETHODIMP
++nsDocShell::InternalLoad2(nsIURI* aURI,
++                          nsIURI* aOriginalURI,
++                          nsIURI* aReferrer,
++                          uint32_t aReferrerPolicy,
++                          nsISupports* aOwner,
++                          uint32_t aFlags,
++                          const char16_t* aWindowTarget,
++                          const char* aTypeHint,
++                          const nsAString& aFileName,
++                          nsIInputStream* aPostData,
++                          nsIInputStream* aHeadersData,
++                          uint32_t aLoadType,
++                          nsISHEntry* aSHEntry,
++                          bool aFirstParty,
++                          const nsAString& aSrcdoc,
++                          nsIDocShell* aSourceDocShell,
++                          nsIURI* aBaseURI,
++                          nsIDocShell** aDocShell,
++                          nsIRequest** aRequest)
++{
+   nsresult rv = NS_OK;
+   mOriginalUriString.Truncate();
+ 
+ #ifdef PR_LOGGING
+   if (gDocShellLeakLog && PR_LOG_TEST(gDocShellLeakLog, PR_LOG_DEBUG)) {
+     nsAutoCString spec;
+     if (aURI) {
+       aURI->GetSpec(spec);
+@@ -9831,34 +9878,58 @@ nsDocShell::InternalLoad(nsIURI* aURI,
+       targetDocShell = do_QueryInterface(webNav);
+     }
+ 
+     //
+     // Transfer the load to the target DocShell...  Pass nullptr as the
+     // window target name from to prevent recursive retargeting!
+     //
+     if (NS_SUCCEEDED(rv) && targetDocShell) {
+-      rv = targetDocShell->InternalLoad(aURI,
+-                                        aReferrer,
+-                                        aReferrerPolicy,
+-                                        owner,
+-                                        aFlags,
+-                                        nullptr,         // No window target
+-                                        aTypeHint,
+-                                        NullString(),    // No forced download
+-                                        aPostData,
+-                                        aHeadersData,
+-                                        aLoadType,
+-                                        aSHEntry,
+-                                        aFirstParty,
+-                                        aSrcdoc,
+-                                        aSourceDocShell,
+-                                        aBaseURI,
+-                                        aDocShell,
+-                                        aRequest);
++      nsCOMPtr<nsIDocShell_ESR38_2> dsESR38 = do_QueryInterface(targetDocShell);
++      if (dsESR38) {
++        rv = dsESR38->InternalLoad2(aURI,
++                                    aOriginalURI,
++                                    aReferrer,
++                                    aReferrerPolicy,
++                                    owner,
++                                    aFlags,
++                                    nullptr,         // No window target
++                                    aTypeHint,
++                                    NullString(),    // No forced download
++                                    aPostData,
++                                    aHeadersData,
++                                    aLoadType,
++                                    aSHEntry,
++                                    aFirstParty,
++                                    aSrcdoc,
++                                    aSourceDocShell,
++                                    aBaseURI,
++                                    aDocShell,
++                                    aRequest);
++      } else {
++        rv = targetDocShell->InternalLoad(aURI,
++                                          aReferrer,
++                                          aReferrerPolicy,
++                                          owner,
++                                          aFlags,
++                                          nullptr,         // No window target
++                                          aTypeHint,
++                                          NullString(),    // No forced download
++                                          aPostData,
++                                          aHeadersData,
++                                          aLoadType,
++                                          aSHEntry,
++                                          aFirstParty,
++                                          aSrcdoc,
++                                          aSourceDocShell,
++                                          aBaseURI,
++                                          aDocShell,
++                                          aRequest);
++      }
++
+       if (rv == NS_ERROR_NO_CONTENT) {
+         // XXXbz except we never reach this code!
+         if (isNewWindow) {
+           //
+           // At this point, a new window has been created, but the
+           // URI did not have any data associated with it...
+           //
+           // So, the best we can do, is to tear down the new window
+@@ -9913,17 +9984,17 @@ nsDocShell::InternalLoad(nsIURI* aURI,
+       // the unload event also a replace load, so we don't
+       // create extra history entries.
+       if (LOAD_TYPE_HAS_FLAGS(aLoadType, LOAD_FLAGS_REPLACE_HISTORY)) {
+         mLoadType = LOAD_NORMAL_REPLACE;
+       }
+ 
+       // Do this asynchronously
+       nsCOMPtr<nsIRunnable> ev =
+-        new InternalLoadEvent(this, aURI, aReferrer,
++        new InternalLoadEvent(this, aURI, aOriginalURI, aReferrer,
+                               aReferrerPolicy, aOwner, aFlags,
+                               aTypeHint, aPostData, aHeadersData,
+                               aLoadType, aSHEntry, aFirstParty, aSrcdoc,
+                               aSourceDocShell, aBaseURI);
+       return NS_DispatchToCurrentThread(ev);
+     }
+ 
+     // Just ignore this load attempt
+@@ -10371,17 +10442,17 @@ nsDocShell::InternalLoad(nsIURI* aURI,
+   }
+ 
+   net::PredictorLearn(aURI, nullptr,
+                       nsINetworkPredictor::LEARN_LOAD_TOPLEVEL, this);
+   net::PredictorPredict(aURI, nullptr,
+                         nsINetworkPredictor::PREDICT_LOAD, this, nullptr);
+ 
+   nsCOMPtr<nsIRequest> req;
+-  rv = DoURILoad(aURI, aReferrer,
++  rv = DoURILoad(aURI, aOriginalURI, aReferrer,
+                  !(aFlags & INTERNAL_LOAD_FLAGS_DONT_SEND_REFERRER),
+                  aReferrerPolicy,
+                  owner, aTypeHint, aFileName, aPostData, aHeadersData,
+                  aFirstParty, aDocShell, getter_AddRefs(req),
+                  (aFlags & INTERNAL_LOAD_FLAGS_FIRST_LOAD) != 0,
+                  (aFlags & INTERNAL_LOAD_FLAGS_BYPASS_CLASSIFIER) != 0,
+                  (aFlags & INTERNAL_LOAD_FLAGS_FORCE_ALLOW_COOKIES) != 0,
+                  srcdoc, aBaseURI, contentType);
+@@ -10445,16 +10516,17 @@ nsDocShell::GetInheritedPrincipal(bool a
+     return docPrincipal;
+   }
+ 
+   return nullptr;
+ }
+ 
+ nsresult
+ nsDocShell::DoURILoad(nsIURI* aURI,
++                      nsIURI* aOriginalURI,
+                       nsIURI* aReferrerURI,
+                       bool aSendReferrer,
+                       uint32_t aReferrerPolicy,
+                       nsISupports* aOwner,
+                       const char* aTypeHint,
+                       const nsAString& aFileName,
+                       nsIInputStream* aPostData,
+                       nsIInputStream* aHeadersData,
+@@ -10652,17 +10724,22 @@ nsDocShell::DoURILoad(nsIURI* aURI,
+   }
+ 
+   // Make sure to give the caller a channel if we managed to create one
+   // This is important for correct error page/session history interaction
+   if (aRequest) {
+     NS_ADDREF(*aRequest = channel);
+   }
+ 
+-  channel->SetOriginalURI(aURI);
++  if (aOriginalURI) {
++    channel->SetOriginalURI(aOriginalURI);
++  } else {
++    channel->SetOriginalURI(aURI);
++  }
++
+   if (aTypeHint && *aTypeHint) {
+     channel->SetContentType(nsDependentCString(aTypeHint));
+     mContentTypeHint = aTypeHint;
+   } else {
+     mContentTypeHint.Truncate();
+   }
+ 
+   if (!aFileName.IsVoid()) {
+@@ -11624,16 +11701,20 @@ nsDocShell::AddState(JS::Handle<JS::Valu
+ 
+     // AddToSessionHistory may not modify mOSHE.  In case it doesn't,
+     // we'll just set mOSHE here.
+     mOSHE = newSHEntry;
+ 
+   } else {
+     newSHEntry = mOSHE;
+     newSHEntry->SetURI(newURI);
++    nsCOMPtr<nsISHEntry_ESR38> entryESR38 = do_QueryInterface(newSHEntry);
++    if (entryESR38) {
++      entryESR38->SetOriginalURI(newURI);
++    }
+   }
+ 
+   // Step 4: Modify new/original session history entry and clear its POST
+   // data, if there is any.
+   newSHEntry->SetStateData(scContainer);
+   newSHEntry->SetPostData(nullptr);
+ 
+   // If this push/replaceState changed the document's current URI and the new
+@@ -11816,16 +11897,17 @@ nsDocShell::AddToSessionHistory(nsIURI* 
+ 
+     if (!entry) {
+       return NS_ERROR_OUT_OF_MEMORY;
+     }
+   }
+ 
+   // Get the post data & referrer
+   nsCOMPtr<nsIInputStream> inputStream;
++  nsCOMPtr<nsIURI> originalURI;
+   nsCOMPtr<nsIURI> referrerURI;
+   uint32_t referrerPolicy = mozilla::net::RP_Default;
+   nsCOMPtr<nsISupports> cacheKey;
+   nsCOMPtr<nsISupports> owner = aOwner;
+   bool expired = false;
+   bool discardLayoutState = false;
+   nsCOMPtr<nsICachingChannel> cacheChannel;
+   if (aChannel) {
+@@ -11843,16 +11925,17 @@ nsDocShell::AddToSessionHistory(nsIURI* 
+     if (!httpChannel) {
+       GetHttpChannel(aChannel, getter_AddRefs(httpChannel));
+     }
+     if (httpChannel) {
+       nsCOMPtr<nsIUploadChannel> uploadChannel(do_QueryInterface(httpChannel));
+       if (uploadChannel) {
+         uploadChannel->GetUploadStream(getter_AddRefs(inputStream));
+       }
++      httpChannel->GetOriginalURI(getter_AddRefs(originalURI));
+       httpChannel->GetReferrer(getter_AddRefs(referrerURI));
+       httpChannel->GetReferrerPolicy(&referrerPolicy);
+ 
+       discardLayoutState = ShouldDiscardLayoutState(httpChannel);
+     }
+     aChannel->GetOwner(getter_AddRefs(owner));
+     if (!owner) {
+       nsCOMPtr<nsILoadInfo> loadInfo;
+@@ -11875,16 +11958,21 @@ nsDocShell::AddToSessionHistory(nsIURI* 
+                 EmptyString(),     // Title
+                 inputStream,       // Post data stream
+                 nullptr,           // LayoutHistory state
+                 cacheKey,          // CacheKey
+                 mContentTypeHint,  // Content-type
+                 owner,             // Channel or provided owner
+                 mHistoryID,
+                 mDynamicallyCreated);
++
++  nsCOMPtr<nsISHEntry_ESR38> entryESR38 = do_QueryInterface(entry);
++  if (entryESR38) {
++    entryESR38->SetOriginalURI(originalURI);
++  }
+   entry->SetReferrerURI(referrerURI);
+   entry->SetReferrerPolicy(referrerPolicy);
+   nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(aChannel);
+   if (inStrmChan) {
+     bool isSrcdocChannel;
+     inStrmChan->GetIsSrcdocChannel(&isSrcdocChannel);
+     if (isSrcdocChannel) {
+       nsAutoString srcdoc;
+@@ -11976,25 +12064,32 @@ nsDocShell::AddToSessionHistory(nsIURI* 
+ nsresult
+ nsDocShell::LoadHistoryEntry(nsISHEntry* aEntry, uint32_t aLoadType)
+ {
+   if (!IsNavigationAllowed()) {
+     return NS_OK;
+   }
+ 
+   nsCOMPtr<nsIURI> uri;
++  nsCOMPtr<nsIURI> originalURI;
+   nsCOMPtr<nsIInputStream> postData;
+   nsCOMPtr<nsIURI> referrerURI;
+   uint32_t referrerPolicy;
+   nsAutoCString contentType;
+   nsCOMPtr<nsISupports> owner;
+ 
+   NS_ENSURE_TRUE(aEntry, NS_ERROR_FAILURE);
+ 
+   NS_ENSURE_SUCCESS(aEntry->GetURI(getter_AddRefs(uri)), NS_ERROR_FAILURE);
++
++  nsCOMPtr<nsISHEntry_ESR38> entryESR38 = do_QueryInterface(aEntry);
++  if (entryESR38) {
++    NS_ENSURE_SUCCESS(entryESR38->GetOriginalURI(getter_AddRefs(originalURI)),
++                      NS_ERROR_FAILURE);
++  }
+   NS_ENSURE_SUCCESS(aEntry->GetReferrerURI(getter_AddRefs(referrerURI)),
+                     NS_ERROR_FAILURE);
+   NS_ENSURE_SUCCESS(aEntry->GetReferrerPolicy(&referrerPolicy),
+                     NS_ERROR_FAILURE);
+   NS_ENSURE_SUCCESS(aEntry->GetPostData(getter_AddRefs(postData)),
+                     NS_ERROR_FAILURE);
+   NS_ENSURE_SUCCESS(aEntry->GetContentType(contentType), NS_ERROR_FAILURE);
+   NS_ENSURE_SUCCESS(aEntry->GetOwner(getter_AddRefs(owner)), NS_ERROR_FAILURE);
+@@ -12064,34 +12159,35 @@ nsDocShell::LoadHistoryEntry(nsISHEntry*
+   } else {
+     srcdoc = NullString();
+   }
+ 
+   // Passing nullptr as aSourceDocShell gives the same behaviour as before
+   // aSourceDocShell was introduced. According to spec we should be passing
+   // the source browsing context that was used when the history entry was
+   // first created. bug 947716 has been created to address this issue.
+-  rv = InternalLoad(uri,
+-                    referrerURI,
+-                    referrerPolicy,
+-                    owner,
+-                    flags,
+-                    nullptr,            // No window target
+-                    contentType.get(),  // Type hint
+-                    NullString(),       // No forced file download
+-                    postData,           // Post data stream
+-                    nullptr,            // No headers stream
+-                    aLoadType,          // Load type
+-                    aEntry,             // SHEntry
+-                    true,
+-                    srcdoc,
+-                    nullptr,            // Source docshell, see comment above
+-                    baseURI,
+-                    nullptr,            // No nsIDocShell
+-                    nullptr);           // No nsIRequest
++  rv = InternalLoad2(uri,
++                     originalURI,
++                     referrerURI,
++                     referrerPolicy,
++                     owner,
++                     flags,
++                     nullptr,            // No window target
++                     contentType.get(),  // Type hint
++                     NullString(),       // No forced file download
++                     postData,           // Post data stream
++                     nullptr,            // No headers stream
++                     aLoadType,          // Load type
++                     aEntry,             // SHEntry
++                     true,
++                     srcdoc,
++                     nullptr,            // Source docshell, see comment above
++                     baseURI,
++                     nullptr,            // No nsIDocShell
++                     nullptr);           // No nsIRequest
+   return rv;
+ }
+ 
+ NS_IMETHODIMP
+ nsDocShell::GetShouldSaveLayoutState(bool* aShould)
+ {
+   *aShould = false;
+   if (mOSHE) {
+@@ -13527,35 +13623,36 @@ nsDocShell::OnLinkClickSync(nsIContent* 
+   // with it under InternalLoad; we do _not_ want to change the URI
+   // our caller passed in.
+   nsCOMPtr<nsIURI> clonedURI;
+   aURI->Clone(getter_AddRefs(clonedURI));
+   if (!clonedURI) {
+     return NS_ERROR_OUT_OF_MEMORY;
+   }
+ 
+-  nsresult rv = InternalLoad(clonedURI,                 // New URI
+-                             referer,                   // Referer URI
+-                             refererPolicy,             // Referer policy
+-                             aContent->NodePrincipal(), // Owner is our node's
+-                                                        // principal
+-                             flags,
+-                             target.get(),              // Window target
+-                             NS_LossyConvertUTF16toASCII(typeHint).get(),
+-                             aFileName,                 // Download as file
+-                             aPostDataStream,           // Post data stream
+-                             aHeadersDataStream,        // Headers stream
+-                             LOAD_LINK,                 // Load type
+-                             nullptr,                   // No SHEntry
+-                             true,                      // first party site
+-                             NullString(),              // No srcdoc
+-                             this,                      // We are the source
+-                             nullptr,                   // baseURI not needed
+-                             aDocShell,                 // DocShell out-param
+-                             aRequest);                 // Request out-param
++  nsresult rv = InternalLoad2(clonedURI,                 // New URI
++                              nullptr,                   // Original URI
++                              referer,                   // Referer URI
++                              refererPolicy,             // Referer policy
++                              aContent->NodePrincipal(), // Owner is our node's
++                                                         // principal
++                              flags,
++                              target.get(),              // Window target
++                              NS_LossyConvertUTF16toASCII(typeHint).get(),
++                              aFileName,                 // Download as file
++                              aPostDataStream,           // Post data stream
++                              aHeadersDataStream,        // Headers stream
++                              LOAD_LINK,                 // Load type
++                              nullptr,                   // No SHEntry
++                              true,                      // first party site
++                              NullString(),              // No srcdoc
++                              this,                      // We are the source
++                              nullptr,                   // baseURI not needed
++                              aDocShell,                 // DocShell out-param
++                              aRequest);                 // Request out-param
+   if (NS_SUCCEEDED(rv)) {
+     DispatchPings(aContent, aURI, referer, refererPolicy);
+   }
+   return rv;
+ }
+ 
+ NS_IMETHODIMP
+ nsDocShell::OnOverLink(nsIContent* aContent,
+diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h
+--- a/docshell/base/nsDocShell.h
++++ b/docshell/base/nsDocShell.h
+@@ -132,17 +132,17 @@ enum eCharsetReloadState
+ };
+ 
+ //*****************************************************************************
+ //***    nsDocShell
+ //*****************************************************************************
+ 
+ class nsDocShell final
+   : public nsDocLoader
+-  , public nsIDocShell_ESR38
++  , public nsIDocShell_ESR38_2
+   , public nsIWebNavigation
+   , public nsIBaseWindow
+   , public nsIScrollable
+   , public nsITextScroll
+   , public nsIDocCharset
+   , public nsIContentViewerContainer
+   , public nsIRefreshURI
+   , public nsIWebProgressListener
+@@ -164,16 +164,17 @@ public:
+   nsDocShell();
+ 
+   NS_DECL_AND_IMPL_ZEROING_OPERATOR_NEW
+ 
+   virtual nsresult Init() override;
+ 
+   NS_DECL_ISUPPORTS_INHERITED
+ 
++  NS_DECL_NSIDOCSHELL_ESR38_2
+   NS_DECL_NSIDOCSHELL_ESR38
+   NS_DECL_NSIDOCSHELL
+   NS_DECL_NSIDOCSHELLTREEITEM
+   NS_DECL_NSIWEBNAVIGATION
+   NS_DECL_NSIBASEWINDOW
+   NS_DECL_NSISCROLLABLE
+   NS_DECL_NSITEXTSCROLL
+   NS_DECL_NSIDOCCHARSET
+@@ -312,17 +313,20 @@ protected:
+   // at the parent.
+   nsIPrincipal* GetInheritedPrincipal(bool aConsiderCurrentDocument);
+ 
+   // Actually open a channel and perform a URI load.  Note: whatever owner is
+   // passed to this function will be set on the channel.  Callers who wish to
+   // not have an owner on the channel should just pass null.
+   // If aSrcdoc is not void, the load will be considered as a srcdoc load,
+   // and the contents of aSrcdoc will be loaded instead of aURI.
++  // aOriginalURI will be set as the originalURI on the channel that does the
++  // load. If aOriginalURI is null, aURI will be set as the originalURI.
+   nsresult DoURILoad(nsIURI* aURI,
++                     nsIURI* aOriginalURI,
+                      nsIURI* aReferrer,
+                      bool aSendReferrer,
+                      uint32_t aReferrerPolicy,
+                      nsISupports* aOwner,
+                      const char* aTypeHint,
+                      const nsAString& aFileName,
+                      nsIInputStream* aPostData,
+                      nsIInputStream* aHeadersData,
+diff --git a/docshell/base/nsDocShellLoadInfo.cpp b/docshell/base/nsDocShellLoadInfo.cpp
+--- a/docshell/base/nsDocShellLoadInfo.cpp
++++ b/docshell/base/nsDocShellLoadInfo.cpp
+@@ -34,16 +34,17 @@ nsDocShellLoadInfo::~nsDocShellLoadInfo(
+ // nsDocShellLoadInfo::nsISupports
+ //*****************************************************************************
+ 
+ NS_IMPL_ADDREF(nsDocShellLoadInfo)
+ NS_IMPL_RELEASE(nsDocShellLoadInfo)
+ 
+ NS_INTERFACE_MAP_BEGIN(nsDocShellLoadInfo)
+   NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIDocShellLoadInfo)
++  NS_INTERFACE_MAP_ENTRY(nsIDocShellLoadInfo_ESR38)
+   NS_INTERFACE_MAP_ENTRY(nsIDocShellLoadInfo)
+ NS_INTERFACE_MAP_END
+ 
+ //*****************************************************************************
+ // nsDocShellLoadInfo::nsIDocShellLoadInfo
+ //*****************************************************************************
+ 
+ NS_IMETHODIMP
+@@ -59,16 +60,33 @@ nsDocShellLoadInfo::GetReferrer(nsIURI**
+ NS_IMETHODIMP
+ nsDocShellLoadInfo::SetReferrer(nsIURI* aReferrer)
+ {
+   mReferrer = aReferrer;
+   return NS_OK;
+ }
+ 
+ NS_IMETHODIMP
++nsDocShellLoadInfo::GetOriginalURI(nsIURI** aOriginalURI)
++{
++  NS_ENSURE_ARG_POINTER(aOriginalURI);
++
++  *aOriginalURI = mOriginalURI;
++  NS_IF_ADDREF(*aOriginalURI);
++  return NS_OK;
++}
++
++NS_IMETHODIMP
++nsDocShellLoadInfo::SetOriginalURI(nsIURI* aOriginalURI)
++{
++  mOriginalURI = aOriginalURI;
++  return NS_OK;
++}
++
++NS_IMETHODIMP
+ nsDocShellLoadInfo::GetOwner(nsISupports** aOwner)
+ {
+   NS_ENSURE_ARG_POINTER(aOwner);
+ 
+   *aOwner = mOwner;
+   NS_IF_ADDREF(*aOwner);
+   return NS_OK;
+ }
+diff --git a/docshell/base/nsDocShellLoadInfo.h b/docshell/base/nsDocShellLoadInfo.h
+--- a/docshell/base/nsDocShellLoadInfo.h
++++ b/docshell/base/nsDocShellLoadInfo.h
+@@ -14,29 +14,31 @@
+ // Interfaces Needed
+ #include "nsIDocShellLoadInfo.h"
+ 
+ class nsIInputStream;
+ class nsISHEntry;
+ class nsIURI;
+ class nsIDocShell;
+ 
+-class nsDocShellLoadInfo : public nsIDocShellLoadInfo
++class nsDocShellLoadInfo : public nsIDocShellLoadInfo_ESR38
+ {
+ public:
+   nsDocShellLoadInfo();
+ 
+   NS_DECL_ISUPPORTS
++  NS_DECL_NSIDOCSHELLLOADINFO_ESR38
+   NS_DECL_NSIDOCSHELLLOADINFO
+ 
+ protected:
+   virtual ~nsDocShellLoadInfo();
+ 
+ protected:
+   nsCOMPtr<nsIURI> mReferrer;
++  nsCOMPtr<nsIURI> mOriginalURI;
+   nsCOMPtr<nsISupports> mOwner;
+   bool mInheritOwner;
+   bool mOwnerIsExplicit;
+   bool mSendReferrer;
+   nsDocShellInfoReferrerPolicy mReferrerPolicy;
+   nsDocShellInfoLoadType mLoadType;
+   nsCOMPtr<nsISHEntry> mSHEntry;
+   nsString mTarget;
+diff --git a/docshell/base/nsIDocShell.idl b/docshell/base/nsIDocShell.idl
+--- a/docshell/base/nsIDocShell.idl
++++ b/docshell/base/nsIDocShell.idl
+@@ -1059,8 +1059,66 @@ interface nsIDocShell : nsIDocShellTreeI
+ interface nsIDocShell_ESR38 : nsIDocShell
+ {
+   /**
+    * True if new child docshells should allow content retargeting.
+    * Setting allowContentRetargeting also overwrites this value.
+    */
+   [infallible] attribute boolean allowContentRetargetingOnChildren;
+ };
++
++[scriptable, builtinclass, uuid(607604b6-8fe0-4d2c-8a6c-44f5f31a6e02)]
++interface nsIDocShell_ESR38_2 : nsIDocShell_ESR38
++{
++  /**
++   * Loads the given URI.  This method is identical to loadURI(...) except
++   * that its parameter list is broken out instead of being packaged inside
++   * of an nsIDocShellLoadInfo object...
++   *
++   * @param aURI            - The URI to load.
++   * @param aOriginalURI    - The URI to set as the originalURI on the channel
++   *                          that does the load. If null, aURI will be set as
++   *                          the originalURI.
++   * @param aReferrer       - Referring URI
++   * @param aReferrerPolicy - Referrer policy
++   * @param aOwner          - Owner (security principal) 
++   * @param aInheritOwner   - Flag indicating whether the owner of the current
++   *                          document should be inherited if aOwner is null.
++   * @param aStopActiveDoc  - Flag indicating whether loading the current
++   *                          document should be stopped.
++   * @param aWindowTarget   - Window target for the load.
++   * @param aTypeHint       - A hint as to the content-type of the resulting
++   *                          data.  May be null or empty if no hint.
++   * @param aFileName       - Non-null when the link should be downloaded as
++                              the given filename.
++   * @param aPostDataStream - Post data stream (if POSTing)
++   * @param aHeadersStream  - Stream containing "extra" request headers...
++   * @param aLoadFlags      - Flags to modify load behaviour. Flags are defined
++   *                          in nsIWebNavigation.
++   * @param aSHEntry        - Active Session History entry (if loading from SH)
++   * @param aSrcdoc           When INTERNAL_LOAD_FLAGS_IS_SRCDOC is set, the
++   *                          contents of this parameter will be loaded instead
++   *                          of aURI.
++   * @param aSourceDocShell - The source browsing context for the navigation.
++   * @param aBaseURI        - The base URI to be used for the load.  Set in
++   *                          srcdoc loads as it cannot otherwise be inferred
++   *                          in certain situations such as view-source.
++   */
++  [noscript]void internalLoad2(in nsIURI aURI,
++                               in nsIURI aOriginalURI,
++                               in nsIURI aReferrer,
++                               in unsigned long aReferrerPolicy,
++                               in nsISupports aOwner,
++                               in uint32_t aFlags,
++                               in wstring aWindowTarget,
++                               in string aTypeHint,
++                               in AString aFileName,
++                               in nsIInputStream aPostDataStream,
++                               in nsIInputStream aHeadersStream,
++                               in unsigned long aLoadFlags,
++                               in nsISHEntry aSHEntry,
++                               in boolean firstParty,
++                               in AString aSrcdoc,
++                               in nsIDocShell aSourceDocShell,
++                               in nsIURI aBaseURI,
++                               out nsIDocShell aDocShell,
++                               out nsIRequest aRequest);
++};
+diff --git a/docshell/base/nsIDocShellLoadInfo.idl b/docshell/base/nsIDocShellLoadInfo.idl
+--- a/docshell/base/nsIDocShellLoadInfo.idl
++++ b/docshell/base/nsIDocShellLoadInfo.idl
+@@ -106,8 +106,17 @@ interface nsIDocShellLoadInfo : nsISuppo
+     attribute nsIDocShell sourceDocShell;
+ 
+     /**
+      * Used for srcdoc loads to give view-source knowledge of the load's base
+      * URI as this information isn't embedded in the load's URI.
+      */
+     attribute nsIURI baseURI;
+ };
++
++[scriptable, uuid(9d3bc466-5efe-414d-ae8b-3830b45877bb)]
++interface nsIDocShellLoadInfo_ESR38 : nsIDocShellLoadInfo
++{
++    /**
++     * The originalURI to be passed to nsIDocShell.internalLoad. May be null.
++     */
++    attribute nsIURI originalURI;
++};
+diff --git a/docshell/shistory/public/nsISHEntry.idl b/docshell/shistory/public/nsISHEntry.idl
+--- a/docshell/shistory/public/nsISHEntry.idl
++++ b/docshell/shistory/public/nsISHEntry.idl
+@@ -319,8 +319,18 @@ interface nsISHEntryInternal : nsISuppor
+ #define NS_SHENTRY_CID \
+ {0xbfd1a791, 0xad9f, 0x11d3, {0xbd, 0xc7, 0x0, 0x50, 0x4, 0xa, 0x9b, 0x44}}
+ 
+ #define NS_SHENTRY_CONTRACTID \
+     "@mozilla.org/browser/session-history-entry;1"
+ 
+ %}
+ 
++[scriptable, uuid(e45ab6ef-3485-449c-b91c-0846b2bf6faf)]
++interface nsISHEntry_ESR38 : nsISHEntry
++{
++    /**
++     * A readonly property that returns the original URI of the current entry.
++     * If an entry is the result of a redirect this attribute holds original
++     * URI. The object returned is of type nsIURI
++     */
++    attribute nsIURI originalURI;
++};
+diff --git a/docshell/shistory/src/nsSHEntry.cpp b/docshell/shistory/src/nsSHEntry.cpp
+--- a/docshell/shistory/src/nsSHEntry.cpp
++++ b/docshell/shistory/src/nsSHEntry.cpp
+@@ -38,16 +38,17 @@ nsSHEntry::nsSHEntry()
+   , mIsSrcdocEntry(false)
+ {
+   mShared = new nsSHEntryShared();
+ }
+ 
+ nsSHEntry::nsSHEntry(const nsSHEntry &other)
+   : mShared(other.mShared)
+   , mURI(other.mURI)
++  , mOriginalURI(other.mOriginalURI)
+   , mReferrerURI(other.mReferrerURI)
+   , mReferrerPolicy(other.mReferrerPolicy)
+   , mTitle(other.mTitle)
+   , mPostData(other.mPostData)
+   , mLoadType(0)         // XXX why not copy?
+   , mID(other.mID)
+   , mScrollPositionX(0)  // XXX why not copy?
+   , mScrollPositionY(0)  // XXX why not copy?
+@@ -74,17 +75,17 @@ nsSHEntry::~nsSHEntry()
+   // Null out the mParent pointers on all our kids.
+   mChildren.EnumerateForwards(ClearParentPtr, nullptr);
+ }
+ 
+ //*****************************************************************************
+ //    nsSHEntry: nsISupports
+ //*****************************************************************************
+ 
+-NS_IMPL_ISUPPORTS(nsSHEntry, nsISHContainer, nsISHEntry, nsISHEntryInternal)
++NS_IMPL_ISUPPORTS(nsSHEntry, nsISHContainer, nsISHEntry_ESR38, nsISHEntry, nsISHEntryInternal)
+ 
+ //*****************************************************************************
+ //    nsSHEntry: nsISHEntry
+ //*****************************************************************************
+ 
+ NS_IMETHODIMP nsSHEntry::SetScrollPosition(int32_t x, int32_t y)
+ {
+   mScrollPositionX = x;
+@@ -119,16 +120,29 @@ NS_IMETHODIMP nsSHEntry::GetURI(nsIURI**
+ }
+ 
+ NS_IMETHODIMP nsSHEntry::SetURI(nsIURI* aURI)
+ {
+   mURI = aURI;
+   return NS_OK;
+ }
+ 
++NS_IMETHODIMP nsSHEntry::GetOriginalURI(nsIURI** aOriginalURI)
++{
++  *aOriginalURI = mOriginalURI;
++  NS_IF_ADDREF(*aOriginalURI);
++  return NS_OK;
++}
++
++NS_IMETHODIMP nsSHEntry::SetOriginalURI(nsIURI* aOriginalURI)
++{
++  mOriginalURI = aOriginalURI;
++  return NS_OK;
++}
++
+ NS_IMETHODIMP nsSHEntry::GetReferrerURI(nsIURI **aReferrerURI)
+ {
+   *aReferrerURI = mReferrerURI;
+   NS_IF_ADDREF(*aReferrerURI);
+   return NS_OK;
+ }
+ 
+ NS_IMETHODIMP nsSHEntry::SetReferrerURI(nsIURI *aReferrerURI)
+diff --git a/docshell/shistory/src/nsSHEntry.h b/docshell/shistory/src/nsSHEntry.h
+--- a/docshell/shistory/src/nsSHEntry.h
++++ b/docshell/shistory/src/nsSHEntry.h
+@@ -17,25 +17,26 @@
+ // Interfaces needed
+ #include "nsISHEntry.h"
+ #include "nsISHContainer.h"
+ 
+ class nsSHEntryShared;
+ class nsIInputStream;
+ class nsIURI;
+ 
+-class nsSHEntry final : public nsISHEntry,
++class nsSHEntry final : public nsISHEntry_ESR38,
+                             public nsISHContainer,
+                             public nsISHEntryInternal
+ {
+ public: 
+   nsSHEntry();
+   nsSHEntry(const nsSHEntry &other);
+ 
+   NS_DECL_ISUPPORTS
++  NS_DECL_NSISHENTRY_ESR38
+   NS_DECL_NSISHENTRY
+   NS_DECL_NSISHENTRYINTERNAL
+   NS_DECL_NSISHCONTAINER
+ 
+   void DropPresentationState();
+ 
+   static nsresult Startup();
+   static void Shutdown();
+@@ -44,16 +45,17 @@ private:
+   ~nsSHEntry();
+ 
+   // We share the state in here with other SHEntries which correspond to the
+   // same document.
+   nsRefPtr<nsSHEntryShared> mShared;
+ 
+   // See nsSHEntry.idl for comments on these members.
+   nsCOMPtr<nsIURI>         mURI;
++  nsCOMPtr<nsIURI>         mOriginalURI;
+   nsCOMPtr<nsIURI>         mReferrerURI;
+   uint32_t                 mReferrerPolicy;
+   nsString                 mTitle;
+   nsCOMPtr<nsIInputStream> mPostData;
+   uint32_t                 mLoadType;
+   uint32_t                 mID;
+   int32_t                  mScrollPositionX;
+   int32_t                  mScrollPositionY;
+diff --git a/docshell/shistory/src/nsSHistory.cpp b/docshell/shistory/src/nsSHistory.cpp
+--- a/docshell/shistory/src/nsSHistory.cpp
++++ b/docshell/shistory/src/nsSHistory.cpp
+@@ -1779,16 +1779,26 @@ nsSHistory::InitiateLoad(nsISHEntry * aF
+    * so that proper loadType is maintained through out a frameset
+    */
+   aFrameEntry->SetLoadType(aLoadType);    
+   aFrameDS->CreateLoadInfo (getter_AddRefs(loadInfo));
+ 
+   loadInfo->SetLoadType(aLoadType);
+   loadInfo->SetSHEntry(aFrameEntry);
+ 
++  nsCOMPtr<nsIURI> originalURI;
++  nsCOMPtr<nsISHEntry_ESR38> feESR38 = do_QueryInterface(aFrameEntry);
++  if (feESR38) {
++    feESR38->GetOriginalURI(getter_AddRefs(originalURI));
++  }
++  nsCOMPtr<nsIDocShellLoadInfo_ESR38> liESR38 = do_QueryInterface(loadInfo);
++  if (liESR38) {
++    liESR38->SetOriginalURI(originalURI);
++  }
++
+   nsCOMPtr<nsIURI> nextURI;
+   aFrameEntry->GetURI(getter_AddRefs(nextURI));
+   // Time   to initiate a document load
+   return aFrameDS->LoadURI(nextURI, loadInfo, nsIWebNavigation::LOAD_FLAGS_NONE, false);
+ 
+ }
+ 
+ 
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch b/gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch
new file mode 100644
index 0000000000..2b711b1761
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1952-pt01.patch
@@ -0,0 +1,356 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/c1d67bd4c993
+
+# HG changeset patch
+# User Timothy Nikkel <tnikkel@gmail.com>
+# Date 1454023801 21600
+# Node ID c1d67bd4c993b9e344c68954e6f0392c82b81e38
+# Parent  530559abe159d3c23f078d673d30ff03d9c244e2
+Bug 1224979 - Check if we compute usable filters for the downscaler, and if not put the downscaler in error state so it's not used. r=edwin, a=al
+
+diff --git a/image/Downscaler.cpp b/image/Downscaler.cpp
+new file mode 100644
+--- /dev/null
++++ b/image/Downscaler.cpp
+@@ -0,0 +1,340 @@
++/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
++ *
++ * This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#include "Downscaler.h"
++
++#include <algorithm>
++#include <ctime>
++#include "gfxPrefs.h"
++#include "image_operations.h"
++#include "mozilla/SSE.h"
++#include "convolver.h"
++#include "skia/include/core/SkTypes.h"
++
++using std::max;
++using std::swap;
++
++namespace mozilla {
++namespace image {
++
++Downscaler::Downscaler(const nsIntSize& aTargetSize)
++  : mTargetSize(aTargetSize)
++  , mOutputBuffer(nullptr)
++  , mXFilter(MakeUnique<skia::ConvolutionFilter1D>())
++  , mYFilter(MakeUnique<skia::ConvolutionFilter1D>())
++  , mWindowCapacity(0)
++  , mHasAlpha(true)
++  , mFlipVertically(false)
++{
++  MOZ_ASSERT(gfxPrefs::ImageDownscaleDuringDecodeEnabled(),
++             "Downscaling even though downscale-during-decode is disabled?");
++  MOZ_ASSERT(mTargetSize.width > 0 && mTargetSize.height > 0,
++             "Invalid target size");
++}
++
++Downscaler::~Downscaler()
++{
++  ReleaseWindow();
++}
++
++void
++Downscaler::ReleaseWindow()
++{
++  if (!mWindow) {
++    return;
++  }
++
++  for (int32_t i = 0; i < mWindowCapacity; ++i) {
++    delete[] mWindow[i];
++  }
++
++  mWindow = nullptr;
++  mWindowCapacity = 0;
++}
++
++nsresult
++Downscaler::BeginFrame(const nsIntSize& aOriginalSize,
++                       const Maybe<nsIntRect>& aFrameRect,
++                       uint8_t* aOutputBuffer,
++                       bool aHasAlpha,
++                       bool aFlipVertically /* = false */)
++{
++  MOZ_ASSERT(aOutputBuffer);
++  MOZ_ASSERT(mTargetSize != aOriginalSize,
++             "Created a downscaler, but not downscaling?");
++  MOZ_ASSERT(mTargetSize.width <= aOriginalSize.width,
++             "Created a downscaler, but width is larger");
++  MOZ_ASSERT(mTargetSize.height <= aOriginalSize.height,
++             "Created a downscaler, but height is larger");
++  MOZ_ASSERT(aOriginalSize.width > 0 && aOriginalSize.height > 0,
++             "Invalid original size");
++
++  mFrameRect = aFrameRect.valueOr(nsIntRect(nsIntPoint(), aOriginalSize));
++  MOZ_ASSERT(mFrameRect.x >= 0 && mFrameRect.y >= 0 &&
++             mFrameRect.width >= 0 && mFrameRect.height >= 0,
++             "Frame rect must have non-negative components");
++  MOZ_ASSERT(nsIntRect(0, 0, aOriginalSize.width, aOriginalSize.height)
++               .Contains(mFrameRect),
++             "Frame rect must fit inside image");
++  MOZ_ASSERT_IF(!nsIntRect(0, 0, aOriginalSize.width, aOriginalSize.height)
++                  .IsEqualEdges(mFrameRect),
++                aHasAlpha);
++
++  mOriginalSize = aOriginalSize;
++  mScale = gfxSize(double(mOriginalSize.width) / mTargetSize.width,
++                   double(mOriginalSize.height) / mTargetSize.height);
++  mOutputBuffer = aOutputBuffer;
++  mHasAlpha = aHasAlpha;
++  mFlipVertically = aFlipVertically;
++
++  ReleaseWindow();
++
++  auto resizeMethod = skia::ImageOperations::RESIZE_LANCZOS3;
++
++  skia::resize::ComputeFilters(resizeMethod,
++                               mOriginalSize.width, mTargetSize.width,
++                               0, mTargetSize.width,
++                               mXFilter.get());
++
++  if (mXFilter->max_filter() <= 0 || mXFilter->num_values() != mTargetSize.width) {
++    NS_WARNING("Failed to compute filters for image downscaling");
++    return NS_ERROR_OUT_OF_MEMORY;
++  }
++
++  skia::resize::ComputeFilters(resizeMethod,
++                               mOriginalSize.height, mTargetSize.height,
++                               0, mTargetSize.height,
++                               mYFilter.get());
++
++  if (mYFilter->max_filter() <= 0 || mYFilter->num_values() != mTargetSize.height) {
++    NS_WARNING("Failed to compute filters for image downscaling");
++    return NS_ERROR_OUT_OF_MEMORY;
++  }
++
++  // Allocate the buffer, which contains scanlines of the original image.
++  // pad by 15 to handle overreads by the simd code
++  size_t bufferLen = mOriginalSize.width * sizeof(uint32_t) + 15;
++  mRowBuffer.reset(new (fallible) uint8_t[bufferLen]);
++  if (MOZ_UNLIKELY(!mRowBuffer)) {
++    return NS_ERROR_OUT_OF_MEMORY;
++  }
++
++  // Zero buffer to keep valgrind happy.
++  memset(mRowBuffer.get(), 0, bufferLen);
++
++  // Allocate the window, which contains horizontally downscaled scanlines. (We
++  // can store scanlines which are already downscale because our downscaling
++  // filter is separable.)
++  mWindowCapacity = mYFilter->max_filter();
++  mWindow.reset(new (fallible) uint8_t*[mWindowCapacity]);
++  if (MOZ_UNLIKELY(!mWindow)) {
++    return NS_ERROR_OUT_OF_MEMORY;
++  }
++
++  bool anyAllocationFailed = false;
++  // pad by 15 to handle overreads by the simd code
++  const int rowSize = mTargetSize.width * sizeof(uint32_t) + 15;
++  for (int32_t i = 0; i < mWindowCapacity; ++i) {
++    mWindow[i] = new (fallible) uint8_t[rowSize];
++    anyAllocationFailed = anyAllocationFailed || mWindow[i] == nullptr;
++  }
++
++  if (MOZ_UNLIKELY(anyAllocationFailed)) {
++    // We intentionally iterate through the entire array even if an allocation
++    // fails, to ensure that all the pointers in it are either valid or nullptr.
++    // That in turn ensures that ReleaseWindow() can clean up correctly.
++    return NS_ERROR_OUT_OF_MEMORY;
++  }
++
++  ResetForNextProgressivePass();
++
++  return NS_OK;
++}
++
++void
++Downscaler::SkipToRow(int32_t aRow)
++{
++  if (mCurrentInLine < aRow) {
++    ClearRow();
++    do {
++      CommitRow();
++    } while (mCurrentInLine < aRow);
++  }
++}
++
++void
++Downscaler::ResetForNextProgressivePass()
++{
++  mPrevInvalidatedLine = 0;
++  mCurrentOutLine = 0;
++  mCurrentInLine = 0;
++  mLinesInBuffer = 0;
++
++  if (mFrameRect.IsEmpty()) {
++    // Our frame rect is zero size; commit rows until the end of the image.
++    SkipToRow(mOriginalSize.height - 1);
++  } else {
++    // If we have a vertical offset, commit rows to shift us past it.
++    SkipToRow(mFrameRect.y);
++  }
++}
++
++static void
++GetFilterOffsetAndLength(UniquePtr<skia::ConvolutionFilter1D>& aFilter,
++                         int32_t aOutputImagePosition,
++                         int32_t* aFilterOffsetOut,
++                         int32_t* aFilterLengthOut)
++{
++  MOZ_ASSERT(aOutputImagePosition < aFilter->num_values());
++  aFilter->FilterForValue(aOutputImagePosition,
++                          aFilterOffsetOut,
++                          aFilterLengthOut);
++}
++
++void
++Downscaler::ClearRow(uint32_t aStartingAtCol)
++{
++  MOZ_ASSERT(int64_t(mOriginalSize.width) > int64_t(aStartingAtCol));
++  uint32_t bytesToClear = (mOriginalSize.width - aStartingAtCol)
++                        * sizeof(uint32_t);
++  memset(mRowBuffer.get() + (aStartingAtCol * sizeof(uint32_t)),
++         0, bytesToClear);
++}
++
++void
++Downscaler::CommitRow()
++{
++  MOZ_ASSERT(mOutputBuffer, "Should have a current frame");
++  MOZ_ASSERT(mCurrentInLine < mOriginalSize.height, "Past end of input");
++
++  if (mCurrentOutLine < mTargetSize.height) {
++    int32_t filterOffset = 0;
++    int32_t filterLength = 0;
++    GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
++                             &filterOffset, &filterLength);
++
++    int32_t inLineToRead = filterOffset + mLinesInBuffer;
++    MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
++    if (mCurrentInLine == inLineToRead) {
++      skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
++                                 mWindow[mLinesInBuffer++], mHasAlpha,
++                                 supports_sse2());
++    }
++
++    MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
++               "Writing past end of output");
++
++    while (mLinesInBuffer == filterLength) {
++      DownscaleInputLine();
++
++      if (mCurrentOutLine == mTargetSize.height) {
++        break;  // We're done.
++      }
++
++      GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
++                               &filterOffset, &filterLength);
++    }
++  }
++
++  mCurrentInLine += 1;
++
++  // If we're at the end of the part of the original image that has data, commit
++  // rows to shift us to the end.
++  if (mCurrentInLine == (mFrameRect.y + mFrameRect.height)) {
++    SkipToRow(mOriginalSize.height - 1);
++  }
++}
++
++bool
++Downscaler::HasInvalidation() const
++{
++  return mCurrentOutLine > mPrevInvalidatedLine;
++}
++
++DownscalerInvalidRect
++Downscaler::TakeInvalidRect()
++{
++  if (MOZ_UNLIKELY(!HasInvalidation())) {
++    return DownscalerInvalidRect();
++  }
++
++  DownscalerInvalidRect invalidRect;
++
++  // Compute the target size invalid rect.
++  if (mFlipVertically) {
++    // We need to flip it. This will implicitly flip the original size invalid
++    // rect, since we compute it by scaling this rect.
++    invalidRect.mTargetSizeRect =
++      IntRect(0, mTargetSize.height - mCurrentOutLine,
++              mTargetSize.width, mCurrentOutLine - mPrevInvalidatedLine);
++  } else {
++    invalidRect.mTargetSizeRect =
++      IntRect(0, mPrevInvalidatedLine,
++              mTargetSize.width, mCurrentOutLine - mPrevInvalidatedLine);
++  }
++
++  mPrevInvalidatedLine = mCurrentOutLine;
++
++  // Compute the original size invalid rect.
++  invalidRect.mOriginalSizeRect = invalidRect.mTargetSizeRect;
++  invalidRect.mOriginalSizeRect.ScaleRoundOut(mScale.width, mScale.height);
++
++  return invalidRect;
++}
++
++void
++Downscaler::DownscaleInputLine()
++{
++  typedef skia::ConvolutionFilter1D::Fixed FilterValue;
++
++  MOZ_ASSERT(mOutputBuffer);
++  MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
++             "Writing past end of output");
++
++  int32_t filterOffset = 0;
++  int32_t filterLength = 0;
++  MOZ_ASSERT(mCurrentOutLine < mYFilter->num_values());
++  auto filterValues =
++    mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
++
++  int32_t currentOutLine = mFlipVertically
++                         ? mTargetSize.height - (mCurrentOutLine + 1)
++                         : mCurrentOutLine;
++  MOZ_ASSERT(currentOutLine >= 0);
++
++  uint8_t* outputLine =
++    &mOutputBuffer[currentOutLine * mTargetSize.width * sizeof(uint32_t)];
++  skia::ConvolveVertically(static_cast<const FilterValue*>(filterValues),
++                           filterLength, mWindow.get(), mXFilter->num_values(),
++                           outputLine, mHasAlpha, supports_sse2());
++
++  mCurrentOutLine += 1;
++
++  if (mCurrentOutLine == mTargetSize.height) {
++    // We're done.
++    return;
++  }
++
++  int32_t newFilterOffset = 0;
++  int32_t newFilterLength = 0;
++  GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
++                           &newFilterOffset, &newFilterLength);
++
++  int diff = newFilterOffset - filterOffset;
++  MOZ_ASSERT(diff >= 0, "Moving backwards in the filter?");
++
++  // Shift the buffer. We're just moving pointers here, so this is cheap.
++  mLinesInBuffer -= diff;
++  mLinesInBuffer = max(mLinesInBuffer, 0);
++  for (int32_t i = 0; i < mLinesInBuffer; ++i) {
++    swap(mWindow[i], mWindow[filterLength - mLinesInBuffer + i]);
++  }
++}
++
++
++
++} // namespace image
++} // namespace mozilla
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch b/gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch
new file mode 100644
index 0000000000..e01b5eaf2f
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1952-pt02.patch
@@ -0,0 +1,58 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/9719b71d72dd
+
+# HG changeset patch
+# User Byron Campen [:bwc] <docfaraday@gmail.com>
+# Date 1454100887 21600
+# Node ID 9719b71d72dd2a3c5ee12ace156af2a63d9595ac
+# Parent  b68673d974a10f65390f80b36d4307eb31e44669
+Bug 1234578 - Assert if PCM is destroyed improperly. r=rjesup, a=sylvestre
+
+diff --git a/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp b/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp
+--- a/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp
++++ b/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp
+@@ -712,16 +712,18 @@ PeerConnectionMedia::SelfDestruct_m()
+ {
+   CSFLogDebug(logTag, "%s: ", __FUNCTION__);
+ 
+   ASSERT_ON_THREAD(mMainThread);
+ 
+   mLocalSourceStreams.Clear();
+   mRemoteSourceStreams.Clear();
+ 
++  mMainThread = nullptr;
++
+   // Final self-destruct.
+   this->Release();
+ }
+ 
+ void
+ PeerConnectionMedia::ShutdownMediaTransport_s()
+ {
+   ASSERT_ON_THREAD(mSTSThread);
+diff --git a/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.h b/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.h
+--- a/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.h
++++ b/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.h
+@@ -210,17 +210,20 @@ class RemoteSourceStreamInfo : public So
+   std::vector<std::string> mTrackIdMap;
+ 
+   // True iff SetPullEnabled(true) has been called on the DOMMediaStream. This
+   // happens when offer/answer concludes.
+   bool mReceiving;
+ };
+ 
+ class PeerConnectionMedia : public sigslot::has_slots<> {
+-  ~PeerConnectionMedia() {}
++  ~PeerConnectionMedia()
++  {
++    MOZ_RELEASE_ASSERT(!mMainThread);
++  }
+ 
+  public:
+   explicit PeerConnectionMedia(PeerConnectionImpl *parent);
+ 
+   PeerConnectionImpl* GetPC() { return mParent; }
+   nsresult Init(const std::vector<NrIceStunServer>& stun_servers,
+                 const std::vector<NrIceTurnServer>& turn_servers);
+   // WARNING: This destroys the object!
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch b/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch
new file mode 100644
index 0000000000..96b83c118c
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1952-pt03.patch
@@ -0,0 +1,60 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/2839062f84fb
+
+# HG changeset patch
+# User Jan de Mooij <jdemooij@mozilla.com>
+# Date 1455119320 -3600
+# Node ID 2839062f84fb6cba2781ea8d59150f13d4813ddc
+# Parent  185b233ea03f3811404e3979b65ec86b29d13555
+Bug 1242279 - r=bhackett1024 a=sylvestre
+
+diff --git a/js/src/vm/TypeInference.cpp b/js/src/vm/TypeInference.cpp
+--- a/js/src/vm/TypeInference.cpp
++++ b/js/src/vm/TypeInference.cpp
+@@ -3961,16 +3961,22 @@ JSScript::maybeSweepTypes(AutoClearTypeI
+ 
+     unsigned num = TypeScript::NumTypeSets(this);
+     StackTypeSet* typeArray = types_->typeArray();
+ 
+     // Remove constraints and references to dead objects from stack type sets.
+     for (unsigned i = 0; i < num; i++)
+         typeArray[i].sweep(zone(), *oom);
+ 
++    if (oom->hadOOM()) {
++        // It's possible we OOM'd while copying freeze constraints, so they
++        // need to be regenerated.
++        hasFreezeConstraints_ = false;
++    }
++
+     // Update the recompile indexes in any IonScripts still on the script.
+     if (hasIonScript())
+         ionScript()->recompileInfoRef().shouldSweep(types);
+ }
+ 
+ void
+ TypeScript::destroy()
+ {
+diff --git a/js/src/vm/TypeInference.h b/js/src/vm/TypeInference.h
+--- a/js/src/vm/TypeInference.h
++++ b/js/src/vm/TypeInference.h
+@@ -566,16 +566,19 @@ class AutoClearTypeInferenceStateOnOOM
+       : zone(zone), oom(false)
+     {}
+ 
+     ~AutoClearTypeInferenceStateOnOOM();
+ 
+     void setOOM() {
+         oom = true;
+     }
++    bool hadOOM() const {
++        return oom;
++    }
+ };
+ 
+ /* Superclass common to stack and heap type sets. */
+ class ConstraintTypeSet : public TypeSet
+ {
+   public:
+     /* Chain of constraints which propagate changes out from this type set. */
+     TypeConstraint* constraintList;
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch b/gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch
new file mode 100644
index 0000000000..4eeb2377b0
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1952-pt04.patch
@@ -0,0 +1,53 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/9dd60e798819
+
+# HG changeset patch
+# User Olli Pettay <bugs@pettay.fi>
+# Date 1455204078 -3600
+# Node ID 9dd60e798819fe2ebf1e5bd36aa9006ecd2f82c9
+# Parent  c1d67bd4c993b9e344c68954e6f0392c82b81e38
+Bug 1244250 - r=mats, a=al
+
+diff --git a/layout/style/nsAnimationManager.cpp b/layout/style/nsAnimationManager.cpp
+--- a/layout/style/nsAnimationManager.cpp
++++ b/layout/style/nsAnimationManager.cpp
+@@ -715,16 +715,17 @@ nsAnimationManager::FlushAnimations(Flus
+   }
+ 
+   DispatchEvents(); // may destroy us
+ }
+ 
+ void
+ nsAnimationManager::DoDispatchEvents()
+ {
++  nsRefPtr<nsAnimationManager> kungFuDeathGrip(this);
+   EventArray events;
+   mPendingEvents.SwapElements(events);
+   for (uint32_t i = 0, i_end = events.Length(); i < i_end; ++i) {
+     AnimationEventInfo &info = events[i];
+     EventDispatcher::Dispatch(info.mElement, mPresContext, &info.mEvent);
+ 
+     if (!mPresContext) {
+       break;
+diff --git a/layout/style/nsTransitionManager.cpp b/layout/style/nsTransitionManager.cpp
+--- a/layout/style/nsTransitionManager.cpp
++++ b/layout/style/nsTransitionManager.cpp
+@@ -753,16 +753,17 @@ nsTransitionManager::FlushTransitions(Fl
+       }
+     }
+   }
+ 
+   if (didThrottle) {
+     mPresContext->Document()->SetNeedStyleFlush();
+   }
+ 
++  nsRefPtr<nsTransitionManager> kungFuDeathGrip(this);
+   for (uint32_t i = 0, i_end = events.Length(); i < i_end; ++i) {
+     TransitionEventInfo &info = events[i];
+     EventDispatcher::Dispatch(info.mElement, mPresContext, &info.mEvent);
+ 
+     if (!mPresContext) {
+       break;
+     }
+   }
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch b/gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch
new file mode 100644
index 0000000000..d222feff2a
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1952-pt05.patch
@@ -0,0 +1,32 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/1dd0ca8e70bd
+
+# HG changeset patch
+# User Nicolas B. Pierron <nicolas.b.pierron@mozilla.com>
+# Date 1456161361 0
+# Node ID 1dd0ca8e70bd77b6fd93f36cc4e9c2cebfe8ba0a
+# Parent  95ff874886905ef46a7bbc760981d15ad0831096
+Bug 1221872 - ValueNumbering: Set the dominator index of fixup blocks when they are created. r=sunfish, a=ritu
+
+diff --git a/js/src/jit/ValueNumbering.cpp b/js/src/jit/ValueNumbering.cpp
+--- a/js/src/jit/ValueNumbering.cpp
++++ b/js/src/jit/ValueNumbering.cpp
+@@ -433,16 +433,17 @@ ValueNumberer::fixupOSROnlyLoop(MBasicBl
+     MBasicBlock* fake = MBasicBlock::NewAsmJS(graph_, block->info(),
+                                               nullptr, MBasicBlock::NORMAL);
+     if (fake == nullptr)
+         return false;
+ 
+     graph_.insertBlockBefore(block, fake);
+     fake->setImmediateDominator(fake);
+     fake->addNumDominated(1);
++    fake->setDomIndex(fake->id());
+ 
+     // Create zero-input phis to use as inputs for any phis in |block|.
+     // Again, this is a little odd, but it's the least-odd thing we can do
+     // without significant complexity.
+     for (MPhiIterator iter(block->phisBegin()), end(block->phisEnd()); iter != end; ++iter) {
+         MPhi* phi = *iter;
+         MPhi* fakePhi = MPhi::New(graph_.alloc(), phi->type());
+         fake->addPhi(fakePhi);
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch b/gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch
new file mode 100644
index 0000000000..3de568493b
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1952-pt06.patch
@@ -0,0 +1,103 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/6f4d51302387
+
+# HG changeset patch
+# User Andrew McCreight <continuation@gmail.com>
+# Date 1456273423 28800
+# Node ID 6f4d5130238790fa5810c76ffeb9eccc65efa8c9
+# Parent  70f6c59d9d73a5edefd216b48ca74a931da12cf1
+Bug 1249685 - Use more nsCOMPtrs for stack variables in DOM code. r=smaug, a=ritu
+
+diff --git a/dom/base/nsRange.cpp b/dom/base/nsRange.cpp
+--- a/dom/base/nsRange.cpp
++++ b/dom/base/nsRange.cpp
+@@ -1985,17 +1985,17 @@ nsRange::CutContents(DocumentFragment** 
+       rv = closestAncestor ? PrependChild(closestAncestor, nodeToResult)
+                            : PrependChild(commonCloneAncestor, nodeToResult);
+       NS_ENSURE_SUCCESS(rv, rv);
+       NS_ENSURE_STATE(!guard.Mutated(parent ? 2 : 1) ||
+                       ValidateCurrentNode(this, iter));
+     } else if (nodeToResult) {
+       nsMutationGuard guard;
+       nsCOMPtr<nsINode> node = nodeToResult;
+-      nsINode* parent = node->GetParentNode();
++      nsCOMPtr<nsINode> parent = node->GetParentNode();
+       if (parent) {
+         mozilla::ErrorResult error;
+         parent->RemoveChild(*node, error);
+         NS_ENSURE_FALSE(error.Failed(), error.ErrorCode());
+       }
+       NS_ENSURE_STATE(!guard.Mutated(1) ||
+                       ValidateCurrentNode(this, iter));
+     }
+diff --git a/dom/base/nsTreeSanitizer.cpp b/dom/base/nsTreeSanitizer.cpp
+--- a/dom/base/nsTreeSanitizer.cpp
++++ b/dom/base/nsTreeSanitizer.cpp
+@@ -1423,18 +1423,18 @@ nsTreeSanitizer::SanitizeChildren(nsINod
+                              mAllowStyles,
+                              false);
+         }
+         node = node->GetNextNonChildNode(aRoot);
+         continue;
+       }
+       if (MustFlatten(ns, localName)) {
+         RemoveAllAttributes(node);
+-        nsIContent* next = node->GetNextNode(aRoot);
+-        nsIContent* parent = node->GetParent();
++        nsCOMPtr<nsIContent> next = node->GetNextNode(aRoot);
++        nsCOMPtr<nsIContent> parent = node->GetParent();
+         nsCOMPtr<nsIContent> child; // Must keep the child alive during move
+         ErrorResult rv;
+         while ((child = node->GetFirstChild())) {
+           parent->InsertBefore(*child, node, rv);
+           if (rv.Failed()) {
+             break;
+           }
+         }
+diff --git a/dom/html/HTMLSelectElement.cpp b/dom/html/HTMLSelectElement.cpp
+--- a/dom/html/HTMLSelectElement.cpp
++++ b/dom/html/HTMLSelectElement.cpp
+@@ -624,17 +624,17 @@ HTMLSelectElement::Add(nsGenericHTMLElem
+ {
+   if (!aBefore) {
+     Element::AppendChild(aElement, aError);
+     return;
+   }
+ 
+   // Just in case we're not the parent, get the parent of the reference
+   // element
+-  nsINode* parent = aBefore->Element::GetParentNode();
++  nsCOMPtr<nsINode> parent = aBefore->Element::GetParentNode();
+   if (!parent || !nsContentUtils::ContentIsDescendantOf(parent, this)) {
+     // NOT_FOUND_ERR: Raised if before is not a descendant of the SELECT
+     // element.
+     aError.Throw(NS_ERROR_DOM_NOT_FOUND_ERR);
+     return;
+   }
+ 
+   // If the before parameter is not null, we are equivalent to the
+diff --git a/dom/html/HTMLTableElement.cpp b/dom/html/HTMLTableElement.cpp
+--- a/dom/html/HTMLTableElement.cpp
++++ b/dom/html/HTMLTableElement.cpp
+@@ -516,18 +516,18 @@ HTMLTableElement::InsertRow(int32_t aInd
+   if (rowCount > 0) {
+     if (refIndex == rowCount || aIndex == -1) {
+       // we set refIndex to the last row so we can get the last row's
+       // parent we then do an AppendChild below if (rowCount<aIndex)
+ 
+       refIndex = rowCount - 1;
+     }
+ 
+-    Element* refRow = rows->Item(refIndex);
+-    nsINode* parent = refRow->GetParentNode();
++    RefPtr<Element> refRow = rows->Item(refIndex);
++    nsCOMPtr<nsINode> parent = refRow->GetParentNode();
+ 
+     // create the row
+     nsRefPtr<mozilla::dom::NodeInfo> nodeInfo;
+     nsContentUtils::NameChanged(mNodeInfo, nsGkAtoms::tr,
+                                 getter_AddRefs(nodeInfo));
+ 
+     newRow = NS_NewHTMLTableRowElement(nodeInfo.forget());
+ 
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1954.patch b/gnu/packages/patches/icecat-CVE-2016-1954.patch
new file mode 100644
index 0000000000..bbb4b3217c
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1954.patch
@@ -0,0 +1,32 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/a5c4c18849b4
+
+# HG changeset patch
+# User Christoph Kerschbaumer <mozilla@christophkerschbaumer.com>
+# Date 1456157874 28800
+# Node ID a5c4c18849b486ef8693e20421b69239a2cbe574
+# Parent  e93aeb25e2a44df8d22f5a065b4410620e2c8730
+Bug 1243178: CSP - Skip sending reports for non http schemes (r=dveditz) a=ritu
+
+diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp
+--- a/dom/security/nsCSPContext.cpp
++++ b/dom/security/nsCSPContext.cpp
+@@ -798,16 +798,17 @@ nsCSPContext::SendReports(nsISupports* a
+       (NS_SUCCEEDED(reportURI->SchemeIs("https", &isHttpScheme)) && isHttpScheme);
+ 
+     if (!isHttpScheme) {
+       const char16_t* params[] = { reportURIs[r].get() };
+       CSP_LogLocalizedStr(NS_LITERAL_STRING("reportURInotHttpsOrHttp2").get(),
+                           params, ArrayLength(params),
+                           aSourceFile, aScriptSample, aLineNum, 0,
+                           nsIScriptError::errorFlag, "CSP", mInnerWindowID);
++      continue;
+     }
+ 
+     // make sure this is an anonymous request (no cookies) so in case the
+     // policy URI is injected, it can't be abused for CSRF.
+     nsLoadFlags flags;
+     rv = reportChannel->GetLoadFlags(&flags);
+     NS_ENSURE_SUCCESS(rv, rv);
+     flags |= nsIRequest::LOAD_ANONYMOUS;
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1960.patch b/gnu/packages/patches/icecat-CVE-2016-1960.patch
new file mode 100644
index 0000000000..6c5c885e8b
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1960.patch
@@ -0,0 +1,55 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/185b233ea03f
+
+# HG changeset patch
+# User Henri Sivonen <hsivonen@hsivonen.fi>
+# Date 1455100746 -7200
+# Node ID 185b233ea03f3811404e3979b65ec86b29d13555
+# Parent  271e3a5a53d96871141e89271f611033b512e3e4
+Bug 1246014. r=wchen. a=sylvestre
+
+diff --git a/parser/html/javasrc/TreeBuilder.java b/parser/html/javasrc/TreeBuilder.java
+--- a/parser/html/javasrc/TreeBuilder.java
++++ b/parser/html/javasrc/TreeBuilder.java
+@@ -4437,17 +4437,17 @@ public abstract class TreeBuilder<T> imp
+         return TreeBuilder.NOT_FOUND_ON_STACK;
+     }
+ 
+     private void clearStackBackTo(int eltPos) throws SAXException {
+         int eltGroup = stack[eltPos].getGroup();
+         while (currentPtr > eltPos) { // > not >= intentional
+             if (stack[currentPtr].ns == "http://www.w3.org/1999/xhtml"
+                     && stack[currentPtr].getGroup() == TEMPLATE
+-                    && (eltGroup == TABLE || eltGroup == TBODY_OR_THEAD_OR_TFOOT|| eltGroup == TR || eltGroup == HTML)) {
++                    && (eltGroup == TABLE || eltGroup == TBODY_OR_THEAD_OR_TFOOT|| eltGroup == TR || eltPos == 0)) {
+                 return;
+             }
+             pop();
+         }
+     }
+ 
+     private void resetTheInsertionMode() {
+         StackNode<T> node;
+diff --git a/parser/html/nsHtml5TreeBuilder.cpp b/parser/html/nsHtml5TreeBuilder.cpp
+--- a/parser/html/nsHtml5TreeBuilder.cpp
++++ b/parser/html/nsHtml5TreeBuilder.cpp
+@@ -3301,17 +3301,17 @@ nsHtml5TreeBuilder::findLastInTableScope
+   return NS_HTML5TREE_BUILDER_NOT_FOUND_ON_STACK;
+ }
+ 
+ void 
+ nsHtml5TreeBuilder::clearStackBackTo(int32_t eltPos)
+ {
+   int32_t eltGroup = stack[eltPos]->getGroup();
+   while (currentPtr > eltPos) {
+-    if (stack[currentPtr]->ns == kNameSpaceID_XHTML && stack[currentPtr]->getGroup() == NS_HTML5TREE_BUILDER_TEMPLATE && (eltGroup == NS_HTML5TREE_BUILDER_TABLE || eltGroup == NS_HTML5TREE_BUILDER_TBODY_OR_THEAD_OR_TFOOT || eltGroup == NS_HTML5TREE_BUILDER_TR || eltGroup == NS_HTML5TREE_BUILDER_HTML)) {
++    if (stack[currentPtr]->ns == kNameSpaceID_XHTML && stack[currentPtr]->getGroup() == NS_HTML5TREE_BUILDER_TEMPLATE && (eltGroup == NS_HTML5TREE_BUILDER_TABLE || eltGroup == NS_HTML5TREE_BUILDER_TBODY_OR_THEAD_OR_TFOOT || eltGroup == NS_HTML5TREE_BUILDER_TR || !eltPos)) {
+       return;
+     }
+     pop();
+   }
+ }
+ 
+ void 
+ nsHtml5TreeBuilder::resetTheInsertionMode()
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1961.patch b/gnu/packages/patches/icecat-CVE-2016-1961.patch
new file mode 100644
index 0000000000..10162be24b
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1961.patch
@@ -0,0 +1,33 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/e93aeb25e2a4
+
+# HG changeset patch
+# User Andrew McCreight <continuation@gmail.com>
+# Date 1455891967 28800
+# Node ID e93aeb25e2a44df8d22f5a065b4410620e2c8730
+# Parent  221de852fda32714a9e484774ceafafb450ea73c
+Bug 1249377 - Hold a strong reference to |root| in nsHTMLDocument::SetBody. r=bz, a=sylvestre
+
+diff --git a/dom/html/nsHTMLDocument.cpp b/dom/html/nsHTMLDocument.cpp
+--- a/dom/html/nsHTMLDocument.cpp
++++ b/dom/html/nsHTMLDocument.cpp
+@@ -1044,17 +1044,17 @@ nsHTMLDocument::SetBody(nsIDOMHTMLElemen
+   ErrorResult rv;
+   SetBody(static_cast<nsGenericHTMLElement*>(newBody.get()), rv);
+   return rv.ErrorCode();
+ }
+ 
+ void
+ nsHTMLDocument::SetBody(nsGenericHTMLElement* newBody, ErrorResult& rv)
+ {
+-  Element* root = GetRootElement();
++  nsCOMPtr<Element> root = GetRootElement();
+ 
+   // The body element must be either a body tag or a frameset tag. And we must
+   // have a html root tag, otherwise GetBody will not return the newly set
+   // body.
+   if (!newBody || !(newBody->Tag() == nsGkAtoms::body ||
+                     newBody->Tag() == nsGkAtoms::frameset) ||
+       !root || !root->IsHTML() ||
+       root->Tag() != nsGkAtoms::html) {
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1962.patch b/gnu/packages/patches/icecat-CVE-2016-1962.patch
new file mode 100644
index 0000000000..7eb4e072a1
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1962.patch
@@ -0,0 +1,107 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/221de852fda3
+
+# HG changeset patch
+# User Randell Jesup <rjesup@jesup.org>
+# Date 1455862087 18000
+# Node ID 221de852fda32714a9e484774ceafafb450ea73c
+# Parent  b03db72e32f6e3acdc9f8705371cb222d7e6c456
+Bug 1240760: Update DataChannel::Close() r=mcmanus, a=ritu
+
+MozReview-Commit-ID: 7nN9h3M3O8w
+
+diff --git a/netwerk/sctp/datachannel/DataChannel.cpp b/netwerk/sctp/datachannel/DataChannel.cpp
+--- a/netwerk/sctp/datachannel/DataChannel.cpp
++++ b/netwerk/sctp/datachannel/DataChannel.cpp
+@@ -1771,17 +1771,17 @@ DataChannelConnection::HandleStreamReset
+           }
+           NS_DispatchToMainThread(new DataChannelOnMessageAvailable(
+                                     DataChannelOnMessageAvailable::ON_CHANNEL_CLOSED, this,
+                                     channel));
+           mStreams[channel->mStream] = nullptr;
+ 
+           LOG(("Disconnected DataChannel %p from connection %p",
+                (void *) channel.get(), (void *) channel->mConnection.get()));
+-          channel->Destroy();
++          channel->DestroyLocked();
+           // At this point when we leave here, the object is a zombie held alive only by the DOM object
+         } else {
+           LOG(("Can't find incoming channel %d",i));
+         }
+       }
+     }
+   }
+ 
+@@ -2498,17 +2498,17 @@ DataChannelConnection::CloseInt(DataChan
+       mStreams[channel->mStream] = nullptr;
+     } else {
+       SendOutgoingStreamReset();
+     }
+   }
+   aChannel->mState = CLOSING;
+   if (mState == CLOSED) {
+     // we're not going to hang around waiting
+-    channel->Destroy();
++    channel->DestroyLocked();
+   }
+   // At this point when we leave here, the object is a zombie held alive only by the DOM object
+ }
+ 
+ void DataChannelConnection::CloseAll()
+ {
+   LOG(("Closing all channels (connection %p)", (void*) this));
+   // Don't need to lock here
+@@ -2552,23 +2552,25 @@ DataChannel::~DataChannel()
+   // wrong, nothing bad happens.  A worst it's a leak.
+   NS_ASSERTION(mState == CLOSED || mState == CLOSING, "unexpected state in ~DataChannel");
+ }
+ 
+ void
+ DataChannel::Close()
+ {
+   ENSURE_DATACONNECTION;
++  RefPtr<DataChannelConnection> connection(mConnection);
+   mConnection->Close(this);
+ }
+ 
+ // Used when disconnecting from the DataChannelConnection
+ void
+-DataChannel::Destroy()
++DataChannel::DestroyLocked()
+ {
++  mConnection->mLock.AssertCurrentThreadOwns();
+   ENSURE_DATACONNECTION;
+ 
+   LOG(("Destroying Data channel %u", mStream));
+   MOZ_ASSERT_IF(mStream != INVALID_STREAM,
+                 !mConnection->FindChannelByStream(mStream));
+   mStream = INVALID_STREAM;
+   mState = CLOSED;
+   mConnection = nullptr;
+diff --git a/netwerk/sctp/datachannel/DataChannel.h b/netwerk/sctp/datachannel/DataChannel.h
+--- a/netwerk/sctp/datachannel/DataChannel.h
++++ b/netwerk/sctp/datachannel/DataChannel.h
+@@ -331,19 +331,20 @@ public:
+     {
+       NS_ASSERTION(mConnection,"NULL connection");
+     }
+ 
+ private:
+   ~DataChannel();
+ 
+ public:
+-  void Destroy(); // when we disconnect from the connection after stream RESET
++  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DataChannel)
+ 
+-  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DataChannel)
++  // when we disconnect from the connection after stream RESET
++  void DestroyLocked();
+ 
+   // Close this DataChannel.  Can be called multiple times.  MUST be called
+   // before destroying the DataChannel (state must be CLOSED or CLOSING).
+   void Close();
+ 
+   // Set the listener (especially for channels created from the other side)
+   void SetListener(DataChannelListener *aListener, nsISupports *aContext);
+ 
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1964.patch b/gnu/packages/patches/icecat-CVE-2016-1964.patch
new file mode 100644
index 0000000000..e53fc749b5
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1964.patch
@@ -0,0 +1,54 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/a653013e7b50
+
+# HG changeset patch
+# User Peter Van der Beken <peterv@propagandism.org>
+# Date 1454340035 -3600
+# Node ID a653013e7b503912a32621e8da64a37171316588
+# Parent  0d0d7e8292f7ecf5f1149d528c0524f04447c4ad
+Bug 1243335 - report bad QName. r=sicking, a=sylvestre
+
+diff --git a/dom/xslt/xslt/txInstructions.cpp b/dom/xslt/xslt/txInstructions.cpp
+--- a/dom/xslt/xslt/txInstructions.cpp
++++ b/dom/xslt/xslt/txInstructions.cpp
+@@ -93,16 +93,19 @@ txAttribute::txAttribute(nsAutoPtr<Expr>
+                          txNamespaceMap* aMappings)
+     : mName(Move(aName)), mNamespace(Move(aNamespace)), mMappings(aMappings)
+ {
+ }
+ 
+ nsresult
+ txAttribute::execute(txExecutionState& aEs)
+ {
++    nsAutoPtr<txTextHandler> handler(
++        static_cast<txTextHandler*>(aEs.popResultHandler()));
++
+     nsAutoString name;
+     nsresult rv = mName->evaluateToString(aEs.getEvalContext(), name);
+     NS_ENSURE_SUCCESS(rv, rv);
+ 
+     const char16_t* colon;
+     if (!XMLUtils::isValidQName(name, &colon) ||
+         TX_StringEqualsAtom(name, nsGkAtoms::xmlns)) {
+         return NS_OK;
+@@ -125,19 +128,16 @@ txAttribute::execute(txExecutionState& a
+         if (!nspace.IsEmpty()) {
+             nsId = txNamespaceManager::getNamespaceID(nspace);
+         }
+     }
+     else if (colon) {
+         nsId = mMappings->lookupNamespace(prefix);
+     }
+ 
+-    nsAutoPtr<txTextHandler> handler(
+-        static_cast<txTextHandler*>(aEs.popResultHandler()));
+-
+     // add attribute if everything was ok
+     return nsId != kNameSpaceID_Unknown ?
+            aEs.mResultHandler->attribute(prefix, Substring(name, lnameStart),
+                                          nsId, handler->mValue) :
+            NS_OK;
+ }
+ 
+ txCallTemplate::txCallTemplate(const txExpandedName& aName)
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1965.patch b/gnu/packages/patches/icecat-CVE-2016-1965.patch
new file mode 100644
index 0000000000..8a37d4975c
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1965.patch
@@ -0,0 +1,44 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/b4467681abd6
+
+# HG changeset patch
+# User Gijs Kruitbosch <gijskruitbosch@gmail.com>
+# Date 1455276061 0
+# Node ID b4467681abd676cd5575cbdf922927f8f54d2ad9
+# Parent  8c1d40e45a72c6432e879137a0afa519dc6c9841
+Bug 1245264 - r=bz, r=ritu
+
+MozReview-Commit-ID: I0sVdritpD3
+
+diff --git a/dom/base/nsLocation.cpp b/dom/base/nsLocation.cpp
+--- a/dom/base/nsLocation.cpp
++++ b/dom/base/nsLocation.cpp
+@@ -735,16 +735,27 @@ nsLocation::SetProtocol(const nsAString&
+     return rv;
+   }
+ 
+   rv = uri->SetScheme(NS_ConvertUTF16toUTF8(aProtocol));
+   if (NS_WARN_IF(NS_FAILED(rv))) {
+     return rv;
+   }
+ 
++  nsAutoCString newSpec;
++  rv = uri->GetSpec(newSpec);
++  if (NS_FAILED(rv)) {
++    return rv;
++  }
++  // We may want a new URI class for the new URI, so recreate it:
++  rv = NS_NewURI(getter_AddRefs(uri), newSpec);
++  if (NS_FAILED(rv)) {
++    return rv;
++  }
++
+   return SetURI(uri);
+ }
+ 
+ void
+ nsLocation::GetUsername(nsAString& aUsername, ErrorResult& aError)
+ {
+   if (!CallerSubsumes()) {
+     aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1966.patch b/gnu/packages/patches/icecat-CVE-2016-1966.patch
new file mode 100644
index 0000000000..6bf5f9f95e
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1966.patch
@@ -0,0 +1,36 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/291c2f31c48c
+
+# HG changeset patch
+# User Nicholas Nethercote <nnethercote@mozilla.com>
+# Date 1454650565 -39600
+# Node ID 291c2f31c48c7e96b1884b55273355970fa0fc30
+# Parent  11e6614756551cfd7291e73eefb90c52873a8480
+Bug 1246054 - Fix an erroneous nsNPObjWrapper assertion. r=froydnj. a=ritu
+
+diff --git a/dom/plugins/base/nsJSNPRuntime.cpp b/dom/plugins/base/nsJSNPRuntime.cpp
+--- a/dom/plugins/base/nsJSNPRuntime.cpp
++++ b/dom/plugins/base/nsJSNPRuntime.cpp
+@@ -1915,18 +1915,19 @@ nsNPObjWrapper::GetNewOrUsed(NPP npp, JS
+   // No existing JSObject, create one.
+ 
+   JS::Rooted<JSObject*> obj(cx, ::JS_NewObject(cx, js::Jsvalify(&sNPObjectJSWrapperClass)));
+ 
+   if (generation != sNPObjWrappers.Generation()) {
+       // Reload entry if the JS_NewObject call caused a GC and reallocated
+       // the table (see bug 445229). This is guaranteed to succeed.
+ 
+-      NS_ASSERTION(PL_DHashTableSearch(&sNPObjWrappers, npobj),
+-                   "Hashtable didn't find what we just added?");
++      entry = static_cast<NPObjWrapperHashEntry*>
++        (PL_DHashTableSearch(&sNPObjWrappers, npobj));
++      NS_ASSERTION(entry, "Hashtable didn't find what we just added?");
+   }
+ 
+   if (!obj) {
+     // OOM? Remove the stale entry from the hash.
+ 
+     PL_DHashTableRawRemove(&sNPObjWrappers, entry);
+ 
+     return nullptr;
+
diff --git a/gnu/packages/patches/icecat-CVE-2016-1974.patch b/gnu/packages/patches/icecat-CVE-2016-1974.patch
new file mode 100644
index 0000000000..70fc23b8f3
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1974.patch
@@ -0,0 +1,530 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/271e3a5a53d9
+
+# HG changeset patch
+# User Henri Sivonen <hsivonen@hsivonen.fi>
+# Date 1455014759 -7200
+# Node ID 271e3a5a53d96871141e89271f611033b512e3e4
+# Parent  9719b71d72dd2a3c5ee12ace156af2a63d9595ac
+Bug 1228103. r=smaug. a=sylvestre
+
+diff --git a/parser/htmlparser/nsExpatDriver.cpp b/parser/htmlparser/nsExpatDriver.cpp
+--- a/parser/htmlparser/nsExpatDriver.cpp
++++ b/parser/htmlparser/nsExpatDriver.cpp
+@@ -1127,22 +1127,28 @@ nsExpatDriver::ConsumeToken(nsScanner& a
+       XML_Size lastLineLength = XML_GetCurrentColumnNumber(mExpatParser);
+ 
+       if (lastLineLength <= consumed) {
+         // The length of the last line was less than what expat consumed, so
+         // there was at least one line break in the consumed data. Store the
+         // last line until the point where we stopped parsing.
+         nsScannerIterator startLastLine = currentExpatPosition;
+         startLastLine.advance(-((ptrdiff_t)lastLineLength));
+-        CopyUnicodeTo(startLastLine, currentExpatPosition, mLastLine);
++        if (!CopyUnicodeTo(startLastLine, currentExpatPosition, mLastLine)) {
++          return (mInternalState = NS_ERROR_OUT_OF_MEMORY);
++        }
+       }
+       else {
+         // There was no line break in the consumed data, append the consumed
+         // data.
+-        AppendUnicodeTo(oldExpatPosition, currentExpatPosition, mLastLine);
++        if (!AppendUnicodeTo(oldExpatPosition,
++                             currentExpatPosition,
++                             mLastLine)) {
++          return (mInternalState = NS_ERROR_OUT_OF_MEMORY);
++        }
+       }
+     }
+ 
+     mExpatBuffered += length - consumed;
+ 
+     if (BlockedOrInterrupted()) {
+       PR_LOG(GetExpatDriverLog(), PR_LOG_DEBUG,
+              ("Blocked or interrupted parser (probably for loading linked "
+diff --git a/parser/htmlparser/nsParser.cpp b/parser/htmlparser/nsParser.cpp
+--- a/parser/htmlparser/nsParser.cpp
++++ b/parser/htmlparser/nsParser.cpp
+@@ -1508,17 +1508,19 @@ nsParser::ResumeParse(bool allowIteratio
+                 DidBuildModel(mStreamStatus);
+                 return NS_OK;
+               }
+             } else {
+               CParserContext* theContext = PopContext();
+               if (theContext) {
+                 theIterationIsOk = allowIteration && theContextIsStringBased;
+                 if (theContext->mCopyUnused) {
+-                  theContext->mScanner->CopyUnusedData(mUnusedInput);
++                  if (!theContext->mScanner->CopyUnusedData(mUnusedInput)) {
++                    mInternalState = NS_ERROR_OUT_OF_MEMORY;
++                  }
+                 }
+ 
+                 delete theContext;
+               }
+ 
+               result = mInternalState;
+               aIsFinalChunk = mParserContext &&
+                               mParserContext->mStreamListenerState == eOnStop;
+diff --git a/parser/htmlparser/nsScanner.cpp b/parser/htmlparser/nsScanner.cpp
+--- a/parser/htmlparser/nsScanner.cpp
++++ b/parser/htmlparser/nsScanner.cpp
+@@ -379,17 +379,19 @@ nsresult nsScanner::Peek(nsAString& aStr
+   if (mCountRemaining < uint32_t(aNumChars + aOffset)) {
+     end = mEndPosition;
+   }
+   else {
+     end = start;
+     end.advance(aNumChars);
+   }
+ 
+-  CopyUnicodeTo(start, end, aStr);
++  if (!CopyUnicodeTo(start, end, aStr)) {
++    return NS_ERROR_OUT_OF_MEMORY;
++  }
+ 
+   return NS_OK;
+ }
+ 
+ 
+ /**
+  *  Skip whitespace on scanner input stream
+  *  
+@@ -542,17 +544,19 @@ nsresult nsScanner::ReadTagIdentifier(ns
+ 
+     if (!found) {
+       ++current;
+     }
+   }
+ 
+   // Don't bother appending nothing.
+   if (current != mCurrentPosition) {
+-    AppendUnicodeTo(mCurrentPosition, current, aString);
++    if (!AppendUnicodeTo(mCurrentPosition, current, aString)) {
++      return NS_ERROR_OUT_OF_MEMORY;
++    }
+   }
+ 
+   SetPosition(current);  
+   if (current == end) {
+     result = kEOF;
+   }
+ 
+   //DoErrTest(aString);
+@@ -597,26 +601,30 @@ nsresult nsScanner::ReadEntityIdentifier
+         default:
+           found = ('a'<=theChar && theChar<='z') ||
+                   ('A'<=theChar && theChar<='Z') ||
+                   ('0'<=theChar && theChar<='9');
+           break;
+       }
+ 
+       if(!found) {
+-        AppendUnicodeTo(mCurrentPosition, current, aString);
++        if (!AppendUnicodeTo(mCurrentPosition, current, aString)) {
++          return NS_ERROR_OUT_OF_MEMORY;
++        }
+         break;
+       }
+     }
+     ++current;
+   }
+   
+   SetPosition(current);
+   if (current == end) {
+-    AppendUnicodeTo(origin, current, aString);
++    if (!AppendUnicodeTo(origin, current, aString)) {
++      return NS_ERROR_OUT_OF_MEMORY;
++    }
+     return kEOF;
+   }
+ 
+   //DoErrTest(aString);
+ 
+   return result;
+ }
+ 
+@@ -646,26 +654,30 @@ nsresult nsScanner::ReadNumber(nsString&
+   while(current != end) {
+     theChar=*current;
+     if(theChar) {
+       done = (theChar < '0' || theChar > '9') && 
+              ((aBase == 16)? (theChar < 'A' || theChar > 'F') &&
+                              (theChar < 'a' || theChar > 'f')
+                              :true);
+       if(done) {
+-        AppendUnicodeTo(origin, current, aString);
++        if (!AppendUnicodeTo(origin, current, aString)) {
++          return NS_ERROR_OUT_OF_MEMORY;
++        }
+         break;
+       }
+     }
+     ++current;
+   }
+ 
+   SetPosition(current);
+   if (current == end) {
+-    AppendUnicodeTo(origin, current, aString);
++    if (!AppendUnicodeTo(origin, current, aString)) {
++      return NS_ERROR_OUT_OF_MEMORY;
++    }
+     return kEOF;
+   }
+ 
+   //DoErrTest(aString);
+ 
+   return result;
+ }
+ 
+@@ -712,37 +724,43 @@ nsresult nsScanner::ReadWhitespace(nsSca
+           char16_t thePrevChar = theChar;
+           theChar = (++current != end) ? *current : '\0';
+           if ((thePrevChar == '\r' && theChar == '\n') ||
+               (thePrevChar == '\n' && theChar == '\r')) {
+             theChar = (++current != end) ? *current : '\0'; // CRLF == LFCR => LF
+             haveCR = true;
+           } else if (thePrevChar == '\r') {
+             // Lone CR becomes CRLF; callers should know to remove extra CRs
+-            AppendUnicodeTo(origin, current, aString);
++            if (!AppendUnicodeTo(origin, current, aString)) {
++              return NS_ERROR_OUT_OF_MEMORY;
++            }
+             aString.writable().Append(char16_t('\n'));
+             origin = current;
+             haveCR = true;
+           }
+         }
+         break;
+       case ' ' :
+       case '\t':
+         theChar = (++current != end) ? *current : '\0';
+         break;
+       default:
+         done = true;
+-        AppendUnicodeTo(origin, current, aString);
++        if (!AppendUnicodeTo(origin, current, aString)) {
++          return NS_ERROR_OUT_OF_MEMORY;
++        }
+         break;
+     }
+   }
+ 
+   SetPosition(current);
+   if (current == end) {
+-    AppendUnicodeTo(origin, current, aString);
++    if (!AppendUnicodeTo(origin, current, aString)) {
++      return NS_ERROR_OUT_OF_MEMORY;
++    }
+     result = kEOF;
+   }
+ 
+   aHaveCR = haveCR;
+   return result;
+ }
+ 
+ //XXXbz callers of this have to manage their lone '\r' themselves if they want
+@@ -846,34 +864,38 @@ nsresult nsScanner::ReadUntil(nsAString&
+     if(!(theChar & aEndCondition.mFilter)) {
+       // They were. Do a thorough check.
+ 
+       setcurrent = setstart;
+       while (*setcurrent) {
+         if (*setcurrent == theChar) {
+           if(addTerminal)
+             ++current;
+-          AppendUnicodeTo(origin, current, aString);
++          if (!AppendUnicodeTo(origin, current, aString)) {
++            return NS_ERROR_OUT_OF_MEMORY;
++          }
+           SetPosition(current);
+ 
+           //DoErrTest(aString);
+ 
+           return NS_OK;
+         }
+         ++setcurrent;
+       }
+     }
+     
+     ++current;
+   }
+ 
+   // If we are here, we didn't find any terminator in the string and
+   // current = mEndPosition
+   SetPosition(current);
+-  AppendUnicodeTo(origin, current, aString);
++  if (!AppendUnicodeTo(origin, current, aString)) {
++    return NS_ERROR_OUT_OF_MEMORY;
++  }
+   return kEOF;
+ }
+ 
+ nsresult nsScanner::ReadUntil(nsScannerSharedSubstring& aString,
+                               const nsReadEndCondition& aEndCondition,
+                               bool addTerminal)
+ {  
+   if (!mSlidingBuffer) {
+@@ -906,34 +928,38 @@ nsresult nsScanner::ReadUntil(nsScannerS
+     if(!(theChar & aEndCondition.mFilter)) {
+       // They were. Do a thorough check.
+ 
+       setcurrent = setstart;
+       while (*setcurrent) {
+         if (*setcurrent == theChar) {
+           if(addTerminal)
+             ++current;
+-          AppendUnicodeTo(origin, current, aString);
++          if (!AppendUnicodeTo(origin, current, aString)) {
++            return NS_ERROR_OUT_OF_MEMORY;
++          }
+           SetPosition(current);
+ 
+           //DoErrTest(aString);
+ 
+           return NS_OK;
+         }
+         ++setcurrent;
+       }
+     }
+     
+     ++current;
+   }
+ 
+   // If we are here, we didn't find any terminator in the string and
+   // current = mEndPosition
+   SetPosition(current);
+-  AppendUnicodeTo(origin, current, aString);
++  if (!AppendUnicodeTo(origin, current, aString)) {
++    return NS_ERROR_OUT_OF_MEMORY;
++  }
+   return kEOF;
+ }
+ 
+ nsresult nsScanner::ReadUntil(nsScannerIterator& aStart, 
+                               nsScannerIterator& aEnd,
+                               const nsReadEndCondition &aEndCondition,
+                               bool addTerminal)
+ {
+@@ -1025,26 +1051,30 @@ nsresult nsScanner::ReadUntil(nsAString&
+     if (theChar == '\0') {
+       ReplaceCharacter(current, sInvalid);
+       theChar = sInvalid;
+     }
+ 
+     if (aTerminalChar == theChar) {
+       if(addTerminal)
+         ++current;
+-      AppendUnicodeTo(origin, current, aString);
++      if (!AppendUnicodeTo(origin, current, aString)) {
++        return NS_ERROR_OUT_OF_MEMORY;
++      }
+       SetPosition(current);
+       return NS_OK;
+     }
+     ++current;
+   }
+ 
+   // If we are here, we didn't find any terminator in the string and
+   // current = mEndPosition
+-  AppendUnicodeTo(origin, current, aString);
++  if (!AppendUnicodeTo(origin, current, aString)) {
++    return NS_ERROR_OUT_OF_MEMORY;
++  }
+   SetPosition(current);
+   return kEOF;
+ 
+ }
+ 
+ void nsScanner::BindSubstring(nsScannerSubstring& aSubstring, const nsScannerIterator& aStart, const nsScannerIterator& aEnd)
+ {
+   aSubstring.Rebind(*mSlidingBuffer, aStart, aEnd);
+@@ -1142,29 +1172,29 @@ bool nsScanner::AppendToBuffer(nsScanner
+ }
+ 
+ /**
+  *  call this to copy bytes out of the scanner that have not yet been consumed
+  *  by the tokenization process.
+  *  
+  *  @update  gess 5/12/98
+  *  @param   aCopyBuffer is where the scanner buffer will be copied to
+- *  @return  nada
++ *  @return  true if OK or false on OOM
+  */
+-void nsScanner::CopyUnusedData(nsString& aCopyBuffer) {
++bool nsScanner::CopyUnusedData(nsString& aCopyBuffer) {
+   if (!mSlidingBuffer) {
+     aCopyBuffer.Truncate();
+-    return;
++    return true;
+   }
+ 
+   nsScannerIterator start, end;
+   start = mCurrentPosition;
+   end = mEndPosition;
+ 
+-  CopyUnicodeTo(start, end, aCopyBuffer);
++  return CopyUnicodeTo(start, end, aCopyBuffer);
+ }
+ 
+ /**
+  *  Retrieve the name of the file that the scanner is reading from.
+  *  In some cases, it's just a given name, because the scanner isn't
+  *  really reading from a file.
+  *  
+  *  @update  gess 5/12/98
+diff --git a/parser/htmlparser/nsScanner.h b/parser/htmlparser/nsScanner.h
+--- a/parser/htmlparser/nsScanner.h
++++ b/parser/htmlparser/nsScanner.h
+@@ -204,19 +204,19 @@ class nsScanner {
+                       nsIRequest *aRequest);
+ 
+       /**
+        *  Call this to copy bytes out of the scanner that have not yet been consumed
+        *  by the tokenization process.
+        *  
+        *  @update  gess 5/12/98
+        *  @param   aCopyBuffer is where the scanner buffer will be copied to
+-       *  @return  nada
++       *  @return  true if OK or false on OOM
+        */
+-      void CopyUnusedData(nsString& aCopyBuffer);
++      bool CopyUnusedData(nsString& aCopyBuffer);
+ 
+       /**
+        *  Retrieve the name of the file that the scanner is reading from.
+        *  In some cases, it's just a given name, because the scanner isn't
+        *  really reading from a file.
+        *  
+        *  @update  gess 5/12/98
+        *  @return  
+diff --git a/parser/htmlparser/nsScannerString.cpp b/parser/htmlparser/nsScannerString.cpp
+--- a/parser/htmlparser/nsScannerString.cpp
++++ b/parser/htmlparser/nsScannerString.cpp
+@@ -461,61 +461,63 @@ copy_multifragment_string( nsScannerIter
+         sink_traits::write(result, source_traits::read(first), distance);
+         NS_ASSERTION(distance > 0, "|copy_multifragment_string| will never terminate");
+         source_traits::advance(first, distance);
+       }
+ 
+     return result;
+   }
+ 
+-void
++bool
+ CopyUnicodeTo( const nsScannerIterator& aSrcStart,
+                const nsScannerIterator& aSrcEnd,
+                nsAString& aDest )
+   {
+     nsAString::iterator writer;
+     if (!aDest.SetLength(Distance(aSrcStart, aSrcEnd), mozilla::fallible)) {
+       aDest.Truncate();
+-      return; // out of memory
++      return false; // out of memory
+     }
+     aDest.BeginWriting(writer);
+     nsScannerIterator fromBegin(aSrcStart);
+     
+     copy_multifragment_string(fromBegin, aSrcEnd, writer);
++    return true;
+   }
+ 
+-void
++bool
+ AppendUnicodeTo( const nsScannerIterator& aSrcStart,
+                  const nsScannerIterator& aSrcEnd,
+                  nsScannerSharedSubstring& aDest )
+   {
+     // Check whether we can just create a dependent string.
+     if (aDest.str().IsEmpty()) {
+       // We can just make |aDest| point to the buffer.
+       // This will take care of copying if the buffer spans fragments.
+       aDest.Rebind(aSrcStart, aSrcEnd);
+-    } else {
+-      // The dest string is not empty, so it can't be a dependent substring.
+-      AppendUnicodeTo(aSrcStart, aSrcEnd, aDest.writable());
++      return true;
+     }
++    // The dest string is not empty, so it can't be a dependent substring.
++    return AppendUnicodeTo(aSrcStart, aSrcEnd, aDest.writable());
+   }
+ 
+-void
++bool
+ AppendUnicodeTo( const nsScannerIterator& aSrcStart,
+                  const nsScannerIterator& aSrcEnd,
+                  nsAString& aDest )
+   {
+     nsAString::iterator writer;
+     uint32_t oldLength = aDest.Length();
+     if (!aDest.SetLength(oldLength + Distance(aSrcStart, aSrcEnd), mozilla::fallible))
+-      return; // out of memory
++      return false; // out of memory
+     aDest.BeginWriting(writer).advance(oldLength);
+     nsScannerIterator fromBegin(aSrcStart);
+     
+     copy_multifragment_string(fromBegin, aSrcEnd, writer);
++    return true;
+   }
+ 
+ bool
+ FindCharInReadable( char16_t aChar,
+                     nsScannerIterator& aSearchStart,
+                     const nsScannerIterator& aSearchEnd )
+   {
+     while ( aSearchStart != aSearchEnd )
+diff --git a/parser/htmlparser/nsScannerString.h b/parser/htmlparser/nsScannerString.h
+--- a/parser/htmlparser/nsScannerString.h
++++ b/parser/htmlparser/nsScannerString.h
+@@ -539,43 +539,43 @@ nsScannerBufferList::Position::operator=
+ inline
+ size_t
+ Distance( const nsScannerIterator& aStart, const nsScannerIterator& aEnd )
+   {
+     typedef nsScannerBufferList::Position Position;
+     return Position::Distance(Position(aStart), Position(aEnd));
+   }
+ 
+-void
++bool
+ CopyUnicodeTo( const nsScannerIterator& aSrcStart,
+                const nsScannerIterator& aSrcEnd,
+                nsAString& aDest );
+ 
+ inline
+-void
++bool
+ CopyUnicodeTo( const nsScannerSubstring& aSrc, nsAString& aDest )
+   {
+     nsScannerIterator begin, end;
+-    CopyUnicodeTo(aSrc.BeginReading(begin), aSrc.EndReading(end), aDest);
++    return CopyUnicodeTo(aSrc.BeginReading(begin), aSrc.EndReading(end), aDest);
+   }
+ 
+-void
++bool
+ AppendUnicodeTo( const nsScannerIterator& aSrcStart,
+                  const nsScannerIterator& aSrcEnd,
+                  nsAString& aDest );
+ 
+ inline
+-void
++bool
+ AppendUnicodeTo( const nsScannerSubstring& aSrc, nsAString& aDest )
+   {
+     nsScannerIterator begin, end;
+-    AppendUnicodeTo(aSrc.BeginReading(begin), aSrc.EndReading(end), aDest);
++    return AppendUnicodeTo(aSrc.BeginReading(begin), aSrc.EndReading(end), aDest);
+   }
+ 
+-void
++bool
+ AppendUnicodeTo( const nsScannerIterator& aSrcStart,
+                  const nsScannerIterator& aSrcEnd,
+                  nsScannerSharedSubstring& aDest );
+ 
+ bool
+ FindCharInReadable( char16_t aChar,
+                     nsScannerIterator& aStart,
+                     const nsScannerIterator& aEnd );
+
diff --git a/gnu/packages/patches/icecat-bug-1248851.patch b/gnu/packages/patches/icecat-bug-1248851.patch
new file mode 100644
index 0000000000..ea4d6831b5
--- /dev/null
+++ b/gnu/packages/patches/icecat-bug-1248851.patch
@@ -0,0 +1,37 @@
+Copied from upstream:
+https://hg.mozilla.org/releases/mozilla-esr38/raw-rev/8c1d40e45a72
+
+# HG changeset patch
+# User Xidorn Quan <quanxunzhen@gmail.com>
+# Date 1456199544 -28800
+# Node ID 8c1d40e45a72c6432e879137a0afa519dc6c9841
+# Parent  1dd0ca8e70bd77b6fd93f36cc4e9c2cebfe8ba0a
+Bug 1248851 - r=sicking, a=ritu
+
+diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp
+--- a/dom/indexedDB/ActorsParent.cpp
++++ b/dom/indexedDB/ActorsParent.cpp
+@@ -14823,22 +14823,19 @@ ObjectStoreAddOrPutRequestOp::DoDatabase
+     }
+ 
+     snappy::RawCompress(uncompressed, uncompressedLength, compressed,
+                         &compressedLength);
+ 
+     uint8_t* dataBuffer = reinterpret_cast<uint8_t*>(compressed);
+     size_t dataBufferLength = compressedLength;
+ 
+-    // If this call succeeds, | compressed | is now owned by the statement, and
+-    // we are no longer responsible for it.
+     rv = stmt->BindAdoptedBlobByName(NS_LITERAL_CSTRING("data"), dataBuffer,
+                                      dataBufferLength);
+     if (NS_WARN_IF(NS_FAILED(rv))) {
+-      moz_free(compressed);
+       return rv;
+     }
+   }
+ 
+   nsCOMPtr<nsIFile> fileDirectory;
+   nsCOMPtr<nsIFile> journalDirectory;
+ 
+   if (mFileManager) {
+
-- 
cgit v1.2.3


From 83820c0f102d0e829e3bcf2dfa06a793b82bda5b Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 10 Mar 2016 14:24:36 +0200
Subject: gnu: obs: Update to 0.13.2.

* gnu/packages/video.scm (obs): Update to 0.13.2.
---
 gnu/packages/video.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index ad951ef0a0..cb7fbd1768 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1304,7 +1304,7 @@ be used for realtime video capture via Linux-specific APIs.")
 (define-public obs
   (package
     (name "obs")
-    (version "0.13.1")
+    (version "0.13.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/jp9000/obs-studio"
@@ -1312,7 +1312,7 @@ be used for realtime video capture via Linux-specific APIs.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1vsn4r3wzfdwjrn69kgx3c5wfx17i72nxdv298pq772fp4j2iy2r"))))
+                "1awaqlhlzlqqnwqixw54z40hqcnr3fwlclq4vlsy2kvsfyqjfr2b"))))
     (build-system cmake-build-system)
     (arguments '(#:tests? #f)) ; no tests
     (native-inputs
-- 
cgit v1.2.3


From 9720651942b94d853b2a7064dac9fbe4a8cb5a85 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 10 Mar 2016 18:18:56 +0200
Subject: gnu: libass: Update to 0.13.2.

* gnu/packages/video.scm (libass): Update to 0.13.2.
---
 gnu/packages/video.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index cb7fbd1768..a870dd8ee1 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -224,7 +224,7 @@ H.264 (MPEG-4 AVC) video streams.")
 (define-public libass
   (package
     (name "libass")
-    (version "0.13.1")
+    (version "0.13.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -232,7 +232,7 @@ H.264 (MPEG-4 AVC) video streams.")
                     version "/libass-" version ".tar.xz"))
               (sha256
                (base32
-                "1rrz6is2blx8jqyydcz71y2f5f948blgx14jzi3an756fqc6p8sa"))))
+                "1kpsw4zw95v4cjvild9wpk73dzavn1khsm3bm32kcz6amnkd166n"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
-- 
cgit v1.2.3


From 1e42d8b8badf30efb0fe37f33539dab0ad3c704e Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 10 Mar 2016 20:15:15 +0200
Subject: gnu: complexity: Update to 1.10.

* gnu/packages/code.scm (complexity): Update to 1.10.
---
 gnu/packages/code.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 847165d4a6..c74fc09aee 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -68,14 +68,14 @@ a major mode for Emacs for examining the flowcharts that it produces.")
 (define-public complexity
   (package
     (name "complexity")
-    (version "1.9")
+    (version "1.10")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/complexity/complexity-"
-                                  version ".tar.gz"))
+                                  version ".tar.xz"))
               (sha256
                (base32
-                "1jn61389bjxgc49ldzcp89kylagcd2b19i38jv99nl3blylkkwf6"))))
+                "0lr0l9kj2w3jilz9h9y4np9pf9i9ccpy6331lanki2fnz4z8ldvd"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("texinfo" ,texinfo)
-- 
cgit v1.2.3


From 1d116171a0378377b6481bbb65677100c239d262 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 10 Mar 2016 20:17:50 +0200
Subject: gnu: the-silver-searcher: Update to 0.31.0.

* gnu/packages/code.scm (the-silver-searcher): Update to 0.31.0.
---
 gnu/packages/code.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index c74fc09aee..77818b4142 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -190,7 +190,7 @@ COCOMO model or user-provided parameters.")
 (define-public the-silver-searcher
   (package
     (name "the-silver-searcher")
-    (version "0.29.1")
+    (version "0.31.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -198,7 +198,7 @@ COCOMO model or user-provided parameters.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "0ah7vcqprl9hhafi68bvzaiywy7dfm28zf7kpw3xrlqzfn0vg7kp"))
+                "1a3xncsq3x8pci194k484s5mdqij2sirpz6dj6711n2p8mzq5g31"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system gnu-build-system)
     (native-inputs
-- 
cgit v1.2.3


From 591f1d3e4cb789cff35ed47b7132f8a3270568c0 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 10 Mar 2016 20:20:26 +0200
Subject: gnu: lcov: Update to 1.12.

* gnu/packages/code.scm (lcov): Update to 1.12.
---
 gnu/packages/code.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 77818b4142..0bc1a7d33b 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -284,14 +284,14 @@ stack traces.")
 (define-public lcov
   (package
     (name "lcov")
-    (version "1.10")
+    (version "1.12")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/ltp/lcov-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "13xq2ln4jjasslqzzhr5g11q1c19gwpng1jphzbzmylmrjz62ila"))))
+                "19wfifdpxxivhq9adbphanjfga9bg9spms9v7c3589wndjff8x5l"))))
     (build-system gnu-build-system)
     (arguments
      '(#:make-flags (let ((out (assoc-ref %outputs "out")))
-- 
cgit v1.2.3


From 34a6f4dcf926d94f75c51c9919df051bb6266364 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 10 Mar 2016 21:24:32 +0200
Subject: gnu: cppunit: Update to 1.13.2.

* gnu/packages/check.scm (cppunit): Update to 1.13.2.
[source]: Change to libreoffice's hosted release tarballs.
[home-page]: Change to freedesktop.
---
 gnu/packages/check.scm | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index c612a2a4fc..a530c1a2e2 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -90,15 +90,14 @@ with a flexible variety of user interfaces.")
 (define-public cppunit
   (package
     (name "cppunit")
-    (version "1.12.1")
+    (version "1.13.2")
     (source (origin
              (method url-fetch)
-              (uri (string-append "mirror://sourceforge/cppunit/" name "/"
-                                  name "-"
-                                  version ".tar.gz"))
+              (uri (string-append "http://dev-www.libreoffice.org/src/"
+                                  name "-" version ".tar.gz"))
              (sha256
               (base32
-               "0jm49v5rmc5qw34vqs56gy8xja1dhci73bmh23cig4kcir6a0a5c"))))
+               "17s2kzmkw3kfjhpp72rfppyd7syr7bdq5s69syj2nvrlwd3d4irz"))))
     ;; Explicitly link with libdl. This is expected to be done by packages
     ;; relying on cppunit for their tests. However, not all of them do.
     ;; If we added the linker flag to such packages, we would pollute all
@@ -106,7 +105,7 @@ with a flexible variety of user interfaces.")
     (arguments
      `(#:make-flags '("LDFLAGS=-ldl")))
     (build-system gnu-build-system)
-    (home-page "http://sourceforge.net/projects/cppunit/")
+    (home-page "https://wiki.freedesktop.org/www/Software/cppunit/")
     (synopsis "Unit testing framework for C++")
     (description "CppUnit is the C++ port of the famous JUnit framework for
 unit testing.  Test output is in XML for automatic testing and GUI based for
-- 
cgit v1.2.3


From a232ce429e5eb9516a937a8aa24dd7b4f0c92f16 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Thu, 10 Mar 2016 21:41:24 +0200
Subject: gnu: catch: Update to 1.3.5.

* gnu/packages/check.scm (catch): Update to 1.3.5.
---
 gnu/packages/check.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index a530c1a2e2..4db2e6c071 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -115,17 +115,17 @@ supervised tests.")
 (define-public catch-framework
   (package
     (name "catch")
-    (version "1.1.3")                  ;Sub-minor is the build number
+    (version "1.3.5")                  ;Sub-minor is the build number
     (source (origin
               (method git-fetch)
               (uri (git-reference
                     (url "https://github.com/philsquared/Catch")
                     ;; Semi-arbitrary.
-                    (commit "c51e86819d")))
+                    (commit "ae5ee2cf63d6d67bd1369b512d2a7b60b571c907")))
               (file-name (string-append name "-" version))
               (sha256
                (base32
-                "0kgi7wxxysgjbpisqfj4dj0k19cyyai92f001zi8gzkybd4fkgv5"))))
+                "1yfb3lxv929szqy1nw9xw3d45wzkppziqshkjxvrb1fdmf46x564"))))
     (build-system trivial-build-system)
     (arguments
      `(#:modules ((guix build utils))
-- 
cgit v1.2.3


From efa3752964521ceb31d99692ae9ec6dfa4a2fa33 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 10 Mar 2016 15:30:00 -0500
Subject: gnu: openssh: Update to 7.2p2 [fixes CVE-2016-3115].

* gnu/packages/ssh.scm (openssh): Update to 7.2p2.
---
 gnu/packages/ssh.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 307ac70659..299457601f 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -115,7 +115,7 @@ a server that supports the SSH-2 protocol.")
 (define-public openssh
   (package
    (name "openssh")
-   (version "7.2p1")
+   (version "7.2p2")
    (source (origin
             (method url-fetch)
             (uri (let ((tail (string-append name "-" version ".tar.gz")))
@@ -126,7 +126,7 @@ a server that supports the SSH-2 protocol.")
                          (string-append "http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
                                         tail))))
             (sha256 (base32
-                     "1hsa1f3641pdj57a55gmnvcya3wwww2fc2cvb77y95rm5xxw6g4p"))))
+                     "132lh9aanb0wkisji1d6cmsxi520m8nh7c7i9wi6m1s3l38q29x7"))))
    (build-system gnu-build-system)
    (inputs `(("groff" ,groff)
              ("openssl" ,openssl)
-- 
cgit v1.2.3


From ff22f01d671b35ebffda6b7badbf17801c52b92e Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 10 Mar 2016 15:33:18 -0500
Subject: gnu: dropbear: Update to 2016.72 [fixes CVE-2016-3116].

* gnu/packages/ssh.scm (dropbear): Update to 2016.72.
---
 gnu/packages/ssh.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 299457601f..d7f2f363a8 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -336,7 +336,7 @@ especially over Wi-Fi, cellular, and long-distance links.")
 (define-public dropbear
   (package
     (name "dropbear")
-    (version "2015.71")
+    (version "2016.72")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -344,7 +344,7 @@ especially over Wi-Fi, cellular, and long-distance links.")
                     name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1bw3lzmisn6gs6zy9vcqbfnicl437ydskqcayklpw60fkhb18qip"))))
+                "10fnlaf6rm537v3rml1gnd58d42plv2q5cp7svbrysap69npc8wk"))))
     (build-system gnu-build-system)
     (arguments  `(#:tests? #f)) ; There is no "make check" or anything similar
     (inputs `(("zlib" ,zlib)))
-- 
cgit v1.2.3


From 9514662322d4f2892e5a7c21ba60776314686d58 Mon Sep 17 00:00:00 2001
From: Raimon Grau <raimon@3scale.net>
Date: Thu, 10 Mar 2016 12:47:56 +0000
Subject: gnu: Add nload.

* gnu/packages/networking.scm (nload): New variable.

Signed-off-by: Leo Famulari <leo@famulari.name>
---
 gnu/packages/networking.scm | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'gnu')

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index e7311833ed..ac7e4e70e6 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Stefan Reichör <stefan@xsteve.at>
+;;; Copyright © 2016 Raimon Grau <raimonster@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -187,3 +188,25 @@ needed/wanted real-time traffic statistics of multiple network
 interfaces, with a simple and efficient view on the command line.  It is
 intended as a substitute for the PPPStatus and EthStatus projects.")
     (license license:gpl2+)))
+
+(define-public nload
+  (package
+    (name "nload")
+    (version "0.7.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/nload/nload-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1rb9skch2kgqzigf19x8bzk211jdfjfdkrcvaqyj89jy2pkm3h61"))))
+    (build-system gnu-build-system)
+    (inputs `(("ncurses" ,ncurses)))
+    (home-page "http://www.roland-riegel.de/nload/")
+    (synopsis "Realtime console network usage monitor")
+    (description
+     "Nload is a console application which monitors network traffic and
+bandwidth usage in real time.  It visualizes the in- and outgoing traffic using
+two graphs and provides additional info like total amount of transfered data
+and min/max network usage.")
+    (license license:gpl2+)))
-- 
cgit v1.2.3


From 7bf4bd09914070d4fd45d60c3cd6ba2a9f290eed Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Thu, 10 Mar 2016 15:45:54 -0500
Subject: gnu: linux-libre: Update to 4.4.5.

* gnu/packages/linux.scm (linux-libre): Update to 4.4.5.
---
 gnu/packages/linux.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 37f161451e..65f55fcf97 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -220,7 +220,7 @@ for SYSTEM and optionally VARIANT, or #f if there is no such configuration."
     (search-path %load-path file)))
 
 (define-public linux-libre
-  (let* ((version "4.4.4")
+  (let* ((version "4.4.5")
          (build-phase
           '(lambda* (#:key system inputs #:allow-other-keys #:rest args)
              ;; Apply the neat patch.
@@ -294,7 +294,7 @@ for SYSTEM and optionally VARIANT, or #f if there is no such configuration."
              (uri (linux-libre-urls version))
              (sha256
               (base32
-               "0i398ylpkwbrvda970j0ci4k7fl6ljnvra70k8ksqp9xgflm15gx"))))
+               "19yyw6yssyxr9k5y3whgz2p731mb1pnq3xajpv8g01m13cxs32dd"))))
     (build-system gnu-build-system)
     (supported-systems '("x86_64-linux" "i686-linux"))
     (native-inputs `(("perl" ,perl)
-- 
cgit v1.2.3


From a0a71439fa3b5a4a6b3f782faedf7bb68fd57951 Mon Sep 17 00:00:00 2001
From: Roel Janssen <roel@gnu.org>
Date: Thu, 10 Mar 2016 23:54:31 +0100
Subject: gnu: Add bioawk.

* gnu/packages/bioinformatics.scm (bioawk): New variable.

Signed-off-by: Leo Famulari <leo@famulari.name>
---
 gnu/packages/bioinformatics.scm | 43 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

(limited to 'gnu')

diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 5d53dc9eef..b3d882761b 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015, 2016 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2015, 2016 Pjotr Prins <pjotr.guix@thebird.nl>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -36,6 +37,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
   #:use-module (gnu packages boost)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cpio)
@@ -247,6 +249,47 @@ intervals from multiple files in widely-used genomic file formats such as BAM,
 BED, GFF/GTF, VCF.")
     (license license:gpl2)))
 
+(define-public bioawk
+  (package
+    (name "bioawk")
+    (version "1.0")
+    (source (origin
+      (method url-fetch)
+      (uri (string-append "https://github.com/lh3/bioawk/archive/v"
+                          version ".tar.gz"))
+      (file-name (string-append name "-" version ".tar.gz"))
+      (sha256
+       (base32 "1daizxsk17ahi9n58fj8vpgwyhzrzh54bzqhanjanp88kgrz7gjw"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("zlib" ,zlib)))
+    (native-inputs
+     `(("bison" ,bison)))
+    (arguments
+     `(#:tests? #f ; There are no tests to run.
+       ;; Bison must generate files, before other targets can build.
+       #:parallel-build? #f
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure) ; There is no configure phase.
+         (replace 'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref outputs "out"))
+                   (bin  (string-append out "/bin"))
+                   (man (string-append out "/share/man/man1")))
+              (mkdir-p man)
+              (copy-file "awk.1" (string-append man "/bioawk.1"))
+              (install-file "bioawk" bin)))))))
+    (home-page "https://github.com/lh3/bioawk")
+    (synopsis "AWK with bioinformatics extensions")
+    (description "Bioawk is an extension to Brian Kernighan's awk, adding the
+support of several common biological data formats, including optionally gzip'ed
+BED, GFF, SAM, VCF, FASTA/Q and TAB-delimited formats with column names.  It
+also adds a few built-in functions and a command line option to use TAB as the
+input/output delimiter.  When the new functionality is not used, bioawk is
+intended to behave exactly the same as the original BWK awk.")
+    (license license:x11)))
+
 (define-public python2-pybedtools
   (package
     (name "python2-pybedtools")
-- 
cgit v1.2.3


From d381962f35bf8e9facc1a495254235ee707167e3 Mon Sep 17 00:00:00 2001
From: Nils Gillmann <niasterisk@grrlz.net>
Date: Thu, 3 Mar 2016 12:41:08 +0100
Subject: gnu: Add powwow.

* gnu/packages/games.scm (powwow): New variable.
---
 gnu/packages/games.scm | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'gnu')

diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 9494e6853f..3203c444c0 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2016 Rodger Fox <thylakoid@openmailbox.org>
 ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
+;;; Copyright © 2016 Nils Gillmann <niasterisk@grrlz.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -2001,3 +2002,27 @@ is attributed to Albert Einstein.")
     ;; license information.
     (license license:gpl3+)))
 
+(define-public powwow
+  (package
+    (name "powwow")
+    (version "1.2.17")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "http://www.hoopajoo.net/static/projects/powwow-"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1xmsg2y7qcvj67i9ilnih0mvfxcpni7fzrz343x9rdfnkkzf3pp8"))))
+    (inputs
+     `(("ncurses" ,ncurses)))
+    (build-system gnu-build-system)
+    (home-page "http://www.hoopajoo.net/projects/powwow.html")
+    (synopsis "MUD and telnet client")
+    (description
+     "POWWOW is a client software which can be used for telnet as well as for
+@dfn{Multi-User Dungeon} (MUD).  Additionally it can serve as a nice client for
+the chat server psyced with the specific config located at
+http://lavachat.symlynx.com/unix/")
+    (license license:gpl2+)))
-- 
cgit v1.2.3


From ef0f0d5f971bf9c7a755b6b5c4bda34fc50e1987 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Fri, 11 Mar 2016 15:52:45 +0100
Subject: gnu: vorbis-tools: Patch buffer overflow [fixes CVE-2015-6749].

* gnu/packages/patches/vorbis-tools-CVE-2015-6749.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/xiph.scm (vorbis-tools)[source]: Use it.
---
 gnu-system.am                                      |  1 +
 .../patches/vorbis-tools-CVE-2015-6749.patch       | 44 ++++++++++++++++++++++
 gnu/packages/xiph.scm                              |  3 +-
 3 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/vorbis-tools-CVE-2015-6749.patch

(limited to 'gnu')

diff --git a/gnu-system.am b/gnu-system.am
index 2ca703c58f..38c1f5a2dc 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -770,6 +770,7 @@ dist_patch_DATA =						\
   gnu/packages/patches/util-linux-tests.patch			\
   gnu/packages/patches/upower-builddir.patch			\
   gnu/packages/patches/valgrind-enable-arm.patch		\
+  gnu/packages/patches/vorbis-tools-CVE-2015-6749.patch		\
   gnu/packages/patches/vpnc-script.patch			\
   gnu/packages/patches/vtk-mesa-10.patch			\
   gnu/packages/patches/w3m-libgc.patch				\
diff --git a/gnu/packages/patches/vorbis-tools-CVE-2015-6749.patch b/gnu/packages/patches/vorbis-tools-CVE-2015-6749.patch
new file mode 100644
index 0000000000..bcddcbfd70
--- /dev/null
+++ b/gnu/packages/patches/vorbis-tools-CVE-2015-6749.patch
@@ -0,0 +1,44 @@
+Upstream fix for CVE-2015-6749.
+https://trac.xiph.org/ticket/2212
+
+From 04815d3e1bfae3a6cdfb2c25358a5a72b61299f7 Mon Sep 17 00:00:00 2001
+From: Mark Harris <mark.hsj@gmail.com>
+Date: Sun, 30 Aug 2015 05:54:46 -0700
+Subject: [PATCH] oggenc: Fix large alloca on bad AIFF input
+
+Fixes #2212
+---
+ oggenc/audio.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/oggenc/audio.c b/oggenc/audio.c
+index 477da8c..4921fb9 100644
+--- a/oggenc/audio.c
++++ b/oggenc/audio.c
+@@ -245,8 +245,8 @@ static int aiff_permute_matrix[6][6] =
+ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ {
+     int aifc; /* AIFC or AIFF? */
+-    unsigned int len;
+-    unsigned char *buffer;
++    unsigned int len, readlen;
++    unsigned char buffer[22];
+     unsigned char buf2[8];
+     aiff_fmt format;
+     aifffile *aiff = malloc(sizeof(aifffile));
+@@ -269,9 +269,9 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+         return 0; /* Weird common chunk */
+     }
+ 
+-    buffer = alloca(len);
+-
+-    if(fread(buffer,1,len,in) < len)
++    readlen = len < sizeof(buffer) ? len : sizeof(buffer);
++    if(fread(buffer,1,readlen,in) < readlen ||
++       (len > readlen && !seek_forward(in, len-readlen)))
+     {
+         fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n"));
+         return 0;
+-- 
+2.5.0
+
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index a602a34645..04dfd70c5a 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -266,7 +266,8 @@ Kate stream.")
                                 "vorbis-tools-" version ".tar.gz"))
             (sha256
              (base32
-              "1g12bnh5ah08v529y72kfdz5lhvy75iaz7f9jskyby23m9dkk2d3"))))
+              "1g12bnh5ah08v529y72kfdz5lhvy75iaz7f9jskyby23m9dkk2d3"))
+            (patches (list (search-patch "vorbis-tools-CVE-2015-6749.patch")))))
    (build-system gnu-build-system)
    (inputs `(("ao" ,ao)
              ("curl" ,curl)
-- 
cgit v1.2.3


From 66a30a3ea47ef1086d1b924ebe1d7c6bba8ee72f Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Fri, 11 Mar 2016 16:19:25 +0100
Subject: gnu: libevent: Update to 2.0.22 [fixes CVE-2015-6525].

* gnu/packages/libevent.scm (libevent): Update to 2.0.22.
---
 gnu/packages/libevent.scm | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 752963077b..b4c9c0ce5e 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;;
@@ -32,16 +32,15 @@
 (define-public libevent
   (package
     (name "libevent")
-    (version "2.0.21")
+    (version "2.0.22")
     (source (origin
              (method url-fetch)
              (uri (string-append
-                   "https://github.com/downloads/libevent/libevent/libevent-"
-                   version
-                   "-stable.tar.gz"))
+                   "https://github.com/libevent/libevent/releases/download/release-"
+                   version "-stable/libevent-" version "-stable.tar.gz"))
              (sha256
               (base32
-               "1xblymln9vihdmf1aqkp8chwvnhpdch3786bh30bj75slnl31992"))
+               "18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"))
              (patches (list (search-patch "libevent-dns-tests.patch")))))
     (build-system gnu-build-system)
     (inputs
-- 
cgit v1.2.3


From bce6f7ce635a6ff16643d741b29b8b6ba3c83cc3 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 10 Mar 2016 15:03:19 -0500
Subject: gnu: openexr: Disable broken test to fix build on i686.

* gnu/packages/graphics.scm (openexr)[arguments]: New field.
---
 gnu/packages/graphics.scm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'gnu')

diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm
index c022d74ca2..6edba5025d 100644
--- a/gnu/packages/graphics.scm
+++ b/gnu/packages/graphics.scm
@@ -206,6 +206,20 @@ exception-handling library.")
                    "\"/tmp/\"")))
               (patches (list (search-patch "openexr-missing-samples.patch")))))
     (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'disable-broken-test
+           ;; This test fails on i686. Upstream developers suggest that
+           ;; this test is broken on i686 and can be safely disabled:
+           ;; https://github.com/openexr/openexr/issues/67#issuecomment-21169748
+           (lambda _
+             (substitute* "IlmImfTest/main.cpp"
+               (("#include \"testOptimizedInterleavePatterns.h\"")
+                 "//#include \"testOptimizedInterleavePatterns.h\"")
+               (("TEST \\(testOptimizedInterleavePatterns")
+                 "//TEST (testOptimizedInterleavePatterns"))
+             #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (propagated-inputs
-- 
cgit v1.2.3


From 81a96539839597403c16fbaf878b413054d5ad84 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Fri, 11 Mar 2016 17:57:54 -0500
Subject: gnu: webkitgtk: Update to 2.10.8 [fixes CVE-2016-1726].

* gnu/packages/webkit.scm (webkitgtk): Update to 2.10.8.
---
 gnu/packages/webkit.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 4be2738848..3f2d11e70c 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -53,14 +53,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.10.7")
+    (version "2.10.8")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0kl6a9v644vis69i0gpz88l82szi8zc842pzlqqxxpnn5v4643cr"))))
+                "1a98z7fa8vxk7y2hlbnkl767908anyyxbwkyiar5gi037yr84dii"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
-- 
cgit v1.2.3


From 0ede252b6672f8df65754a0859dddde295797660 Mon Sep 17 00:00:00 2001
From: Danny Milosavljevic <dannym@scratchpost.org>
Date: Sun, 28 Feb 2016 00:37:22 -0600
Subject: gnu: Add fluxbox.

* gnu/packages/wm.scm (fluxbox): New variable.

Co-authored-by: Eric Bavier <bavier@member.fsf.org>
---
 gnu/packages/wm.scm | 72 ++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 63 insertions(+), 9 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index 1765c3a6b0..53259dcb29 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -1,9 +1,10 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2015 Siniša Biđin <sinisa@bidin.eu>
-;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 xd1le <elisp.vim@gmail.com>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
+;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -21,7 +22,7 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages wm)
-  #:use-module (guix licenses)
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (gnu packages)
   #:use-module (gnu packages linux)
@@ -38,11 +39,14 @@
   #:use-module (gnu packages xml)
   #:use-module (gnu packages m4)
   #:use-module (gnu packages docbook)
+  #:use-module (gnu packages image)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libevent)
+  #:use-module (gnu packages fribidi)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages web)
+  #:use-module (gnu packages fontutils)
   #:use-module (guix download)
   #:use-module (guix git-download))
 
@@ -65,7 +69,7 @@ supports sections and (lists of) values (strings, integers, floats, booleans
 or other sections), as well as some other features (such as
 single/double-quoted strings, environment variable expansion, functions and
 nested include statements).")
-    (license isc)))
+    (license license:isc)))
 
 (define-public bspwm
   (package
@@ -98,7 +102,7 @@ nested include statements).")
     (synopsis "Tiling window manager based on binary space partitioning")
     (description "bspwm is a tiling window manager that represents windows as
 the leaves of a full binary tree.")
-    (license bsd-2)))
+    (license license:bsd-2)))
 
 (define-public i3status
   (package
@@ -135,7 +139,7 @@ update such a status line every second.  This ensures that even under high
 load, your status bar is updated correctly.  Also, it saves a bit of energy by
 not hogging your CPU as much as spawning the corresponding amount of shell
 commands would.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public i3-wm
   (package
@@ -182,7 +186,7 @@ commands would.")
     (description "A tiling window manager, completely written
 from scratch.  i3 is primarily targeted at advanced users and
 developers.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public xmonad
   (package
@@ -238,7 +242,7 @@ Custom layout algorithms, and other extensions, may be written by the user in
 config files.  Layouts are applied dynamically, and different layouts may be
 used on each workspace.  Xinerama is fully supported, allowing windows to be
 tiled on several screens.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public ghc-xmonad-contrib
   (package
@@ -267,7 +271,7 @@ tiled on several screens.")
     (description
      "Third party tiling algorithms, configurations, and scripts to Xmonad, a
 tiling window manager for X.")
-    (license bsd-3)))
+    (license license:bsd-3)))
 
 (define-public evilwm
   (package
@@ -310,4 +314,54 @@ tiling window manager for X.")
      "evilwm is a minimalist window manager based on aewm, extended to feature
 many keyboard controls with repositioning and maximize toggles, solid window
 drags, snap-to-border support, and virtual desktops.")
-    (license (x11-style "file:///README"))))
+    (license (license:x11-style "file:///README"))))
+
+(define-public fluxbox
+  (package
+    (name "fluxbox")
+    (version "1.3.7")
+    (synopsis "Small and fast window manager")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/fluxbox/"
+                                  version "/fluxbox-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1h1f70y40qd225dqx937vzb4k2cz219agm1zvnjxakn5jkz7b37w"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags '("CPPFLAGS=-U__TIME__") ;ugly, but for reproducibility
+       #:phases
+       (modify-phases %standard-phases
+         (add-after
+          'install 'install-xsession
+          (lambda _
+            (let ((xsessions (string-append %output "/share/xsessions")))
+              (mkdir-p xsessions)
+              (call-with-output-file
+                  (string-append xsessions "/fluxbox.desktop")
+                (lambda (port)
+                  (format port "~
+                    [Desktop Entry]~@
+                    Name=~a~@
+                    Comment=~a~@
+                    Exec=~a/bin/startfluxbox~@
+                    Type=Application~%" ,name ,synopsis %output)))))))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("freetype" ,freetype)
+       ("fribidi" ,fribidi)
+       ("imlib2" ,imlib2)
+       ("libx11" ,libx11)
+       ("libxext" ,libxext)
+       ("libxft" ,libxft)
+       ("libxinerama" ,libxinerama)
+       ("libxpm"  ,libxpm)
+       ("libxrandr" ,libxrandr)
+       ("libxrender" ,libxrender)))
+    (description "Fluxbox is a window manager.  It is light on resources
+and easy to handle yet full of features to make an easy and fast desktop
+experience.")
+    (home-page "http://fluxbox.org/")
+    (license license:expat)))
-- 
cgit v1.2.3


From 8e755b1bcd377a4c475ae4cad586e6e192f20320 Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Sat, 12 Mar 2016 09:56:27 +0100
Subject: gnu: mupdf: Simplify package.

* gnu/packages/pdf.scm (mupdf)[source]: Drop patch and part of snippet
  modifying permissions of files added by the patch.
  [arguments]: Use #:make-flags instead of modified build and install phases.
  Drop superfluous module inclusion. Use modify-phases syntax.
* gnu/packages/patches/mupdf-buildsystem-fix.patch: Remove patch.
* gnu-system.am (dist_patch_DATA): Unregister patch.
---
 gnu-system.am                                    |  1 -
 gnu/packages/patches/mupdf-buildsystem-fix.patch | 69 ------------------------
 gnu/packages/pdf.scm                             | 34 +++---------
 3 files changed, 8 insertions(+), 96 deletions(-)
 delete mode 100644 gnu/packages/patches/mupdf-buildsystem-fix.patch

(limited to 'gnu')

diff --git a/gnu-system.am b/gnu-system.am
index 38c1f5a2dc..e198793a87 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -636,7 +636,6 @@ dist_patch_DATA =						\
   gnu/packages/patches/module-init-tools-moduledir.patch	\
   gnu/packages/patches/mumps-build-parallelism.patch		\
   gnu/packages/patches/mupen64plus-ui-console-notice.patch	\
-  gnu/packages/patches/mupdf-buildsystem-fix.patch		\
   gnu/packages/patches/mutt-store-references.patch		\
   gnu/packages/patches/net-tools-bitrot.patch			\
   gnu/packages/patches/ngircd-handle-zombies.patch		\
diff --git a/gnu/packages/patches/mupdf-buildsystem-fix.patch b/gnu/packages/patches/mupdf-buildsystem-fix.patch
deleted file mode 100644
index 0b17dda911..0000000000
--- a/gnu/packages/patches/mupdf-buildsystem-fix.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-Since openjpeg doesn't seem to ship with a .pc file, provide an alternative.
-
---- a/ojp2_cppflags.sh	1970-01-01 01:00:00.000000000 +0100
-+++ b/ojp2_cppflags.sh	2014-09-13 22:56:38.842418777 +0200
-@@ -0,0 +1,7 @@
-+#!/bin/sh
-+
-+# Return the preprocessor flags to link against openjpeg.
-+
-+cpppath=$(echo ${NIX_STORE}/*-openjpeg-*/include/openjpeg-*)
-+
-+echo -I$cpppath
-
---- a/ojp2_ldflags.sh	1970-01-01 01:00:00.000000000 +0100
-+++ b/ojp2_ldflags.sh	2014-09-13 22:56:38.842418777 +0200
-@@ -0,0 +1,7 @@
-+#!/bin/sh
-+
-+# Return the linker flags to link against openjpeg.
-+
-+ldpath=$(echo ${NIX_STORE}/*-openjpeg-*/lib)
-+
-+echo -L$ldpath -lopenjp2
-
-Make use of the above alternatives, compile with gcc.
-
---- a/Makerules	2014-09-14 09:13:40.729149860 +0200
-+++ b/Makerules	2014-09-14 09:17:06.425156595 +0200
-@@ -75,12 +75,14 @@
- 
- SYS_FREETYPE_CFLAGS = $(shell pkg-config --cflags freetype2)
- SYS_FREETYPE_LIBS = $(shell pkg-config --libs freetype2)
--SYS_OPENJPEG_CFLAGS = $(shell pkg-config --cflags libopenjp2)
--SYS_OPENJPEG_LIBS = $(shell pkg-config --libs libopenjp2)
-+SYS_OPENJPEG_CFLAGS = $(shell ./ojp2_cppflags.sh)
-+SYS_OPENJPEG_LIBS = $(shell ./ojp2_ldflags.sh)
- SYS_JBIG2DEC_LIBS = -ljbig2dec
- SYS_JPEG_LIBS = -ljpeg
- SYS_ZLIB_LIBS = -lz
- 
-+CC = gcc
-+
- endif
- 
- # The following section is an example of how to simply do cross-compilation
-
-Remove the -x11 from the built binaries, since X11 is implied on GNU. (This
-might change when Wayland gets more popular)
-
---- a/Makefile	2014-06-10 17:09:28.000000000 +0200
-+++ b/Makefile	2014-09-14 09:57:10.381235299 +0200
-@@ -255,7 +255,7 @@
- 	$(LINK_CMD)
- 
- ifeq "$(HAVE_X11)" "yes"
--MUVIEW_X11 := $(OUT)/mupdf-x11
-+MUVIEW_X11 := $(OUT)/mupdf
- MUVIEW_X11_OBJ := $(addprefix $(OUT)/platform/x11/, x11_main.o x11_image.o pdfapp.o)
- $(MUVIEW_X11_OBJ) : $(FITZ_HDR) $(PDF_HDR)
- $(MUVIEW_X11) : $(MUPDF_LIB) $(THIRD_LIBS)
-@@ -263,7 +263,7 @@
- 	$(LINK_CMD) $(X11_LIBS)
- 
- ifeq "$(HAVE_CURL)" "yes"
--MUVIEW_X11_CURL := $(OUT)/mupdf-x11-curl
-+MUVIEW_X11_CURL := $(OUT)/mupdf-curl
- MUVIEW_X11_CURL_OBJ := $(addprefix $(OUT)/platform/x11/curl/, x11_main.o x11_image.o pdfapp.o curl_stream.o)
- $(MUVIEW_X11_CURL_OBJ) : $(FITZ_HDR) $(PDF_HDR)
- $(MUVIEW_X11_CURL) : $(MUPDF_LIB) $(THIRD_LIBS) $(CURL_LIB)
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index a99fdd70ae..67e9beaa32 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2013, 2015, 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
@@ -418,18 +418,10 @@ extracting content or merging files.")
                             name "-" version "-source.tar.gz"))
         (sha256
           (base32 "0qx51rj6alzcagcixm59rvdpm54w6syrwr4184v439jh14ryw4wq"))
-        (patches
-          (list (search-patch "mupdf-buildsystem-fix.patch")))
         (modules '((guix build utils)))
         (snippet
-          '(begin
             ;; Don't build the bundled-in third party libraries.
-            (delete-file-recursively "thirdparty")
-
-            ;; Make the scripts for finding openjpeg build details executable.
-            (chmod "ojp2_cppflags.sh" #o0755)
-            (chmod "ojp2_ldflags.sh" #o0755)))))
-
+            '(delete-file-recursively "thirdparty"))))
     (build-system gnu-build-system)
     (inputs
       `(("curl" ,curl)
@@ -444,22 +436,12 @@ extracting content or merging files.")
     (native-inputs
       `(("pkg-config" ,pkg-config)))
     (arguments
-      ;; Trying to run `$ make check' results in a no rule fault.
-      '(#:tests? #f
-
-        #:modules ((guix build gnu-build-system)
-                     (guix build utils)
-                     (srfi srfi-1))
-        #:phases (alist-replace
-                   'build
-                   (lambda _ (zero? (system* "make" "XCFLAGS=-fpic")))
-                   (alist-replace
-                     'install
-                     (lambda* (#:key outputs #:allow-other-keys)
-                       (let ((out (assoc-ref outputs "out")))
-                         (zero? (system* "make" (string-append "prefix=" out)
-                                         "install"))))
-                     (alist-delete 'configure %standard-phases)))))
+      '(#:tests? #f ; no check target
+        #:make-flags (list "CC=gcc"
+                           "XCFLAGS=-fpic"
+                           (string-append "prefix=" (assoc-ref %outputs "out")))
+        #:phases (modify-phases %standard-phases
+                  (delete 'configure))))
     (home-page "http://mupdf.com")
     (synopsis "Lightweight PDF viewer and toolkit")
     (description
-- 
cgit v1.2.3


From dfbe56c36d4d0e5abed75ba22de6d439643029a4 Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Sat, 12 Mar 2016 10:03:38 +0100
Subject: gnu: mupdf: Update to 1.8.

* gnu/packages/pdf.scm (mupdf): Update to 1.8.
---
 gnu/packages/pdf.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 67e9beaa32..e8e6993a9c 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -410,14 +410,14 @@ extracting content or merging files.")
 (define-public mupdf
   (package
     (name "mupdf")
-    (version "1.6")
+    (version "1.8")
     (source
       (origin
         (method url-fetch)
         (uri (string-append "http://mupdf.com/downloads/archive/"
                             name "-" version "-source.tar.gz"))
         (sha256
-          (base32 "0qx51rj6alzcagcixm59rvdpm54w6syrwr4184v439jh14ryw4wq"))
+          (base32 "01n26cy41lc2fjri63s4js23ixxb4nd37aafry3hz4i4id6wd8x2"))
         (modules '((guix build utils)))
         (snippet
             ;; Don't build the bundled-in third party libraries.
-- 
cgit v1.2.3


From e1c644a0441daef9254648fa3f4171e697c2c96e Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 12 Mar 2016 12:18:08 -0500
Subject: gnu: accountsservice: Use HTTPS URL.

* gnu/packages/freedesktop.scm (accountsservice)[source]: Use HTTPS URL.
---
 gnu/packages/freedesktop.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'gnu')

diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index a799c056a4..c9d18eb909 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -411,7 +411,7 @@ message bus.")
     (version "0.6.40")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.freedesktop.org/software/"
+              (uri (string-append "https://www.freedesktop.org/software/"
                                   name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-- 
cgit v1.2.3


From 9591e11a4c87982943c9eb527b3b1d72aab8cc08 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Sat, 12 Mar 2016 21:52:50 +0200
Subject: gnu: samba: Update to 4.3.6 [fixes CVE-2015-7560, CVE-2016-0771].

* gnu/packages/samba.scm (samba): Update to 4.3.6.
---
 gnu/packages/samba.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index 1adc8aa218..8c4f064cf8 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -98,14 +99,14 @@ anywhere.")
 (define-public samba
   (package
     (name "samba")
-    (version "4.3.3")
+    (version "4.3.6")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://www.samba.org/samba/ftp/stable/samba-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "1pvh78d5magc7lriyx7v9k7crlgxccmsy2mqn0j9xcnb78qj2bg6"))))
+               "0929fpk2pq4v389naai519xvsm9bzpar4jlgjxwlx1cnn6jyql9j"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
-- 
cgit v1.2.3