Merge remote-tracking branch 'origin/master' into core-updates

8 files changed, 304 insertions, 332 deletions

diff --git a/gnu/packages/patches/borg-fix-archive-corruption-bug.patch b/gnu/packages/patches/borg-fix-archive-corruption-bug.patch
deleted file mode 100644
index 0debf119be..0000000000
--- a/gnu/packages/patches/borg-fix-archive-corruption-bug.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-Fix a bug in `borg check --repair` that corrupts existing archives:
-
-https://github.com/borgbackup/borg/issues/3444
-
-Patches copied from upstream source repository:
-
-https://github.com/borgbackup/borg/commit/e09892caec8a63d59e909518c4e9c230dbd69774
-https://github.com/borgbackup/borg/commit/a68d28bfa4db30561150c83eb6a0dca5efa4d9e8
-
-From a68d28bfa4db30561150c83eb6a0dca5efa4d9e8 Mon Sep 17 00:00:00 2001
-From: Thomas Waldmann <tw@waldmann-edv.de>
-Date: Sat, 16 Dec 2017 01:11:40 +0100
-Subject: [PATCH 1/2] modify borg check unit test so it "hangs", see #3444
-
-it doesn't infinitely hang, but slows down considerably.
----
- src/borg/testsuite/archiver.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/borg/testsuite/archiver.py b/src/borg/testsuite/archiver.py
-index c7def2c7..b3383e97 100644
---- a/src/borg/testsuite/archiver.py
-+++ b/src/borg/testsuite/archiver.py
-@@ -3006,7 +3006,7 @@ def test_missing_file_chunk(self):
-     def test_missing_archive_item_chunk(self):
-         archive, repository = self.open_archive('archive1')
-         with repository:
--            repository.delete(archive.metadata.items[-5])
-+            repository.delete(archive.metadata.items[0])
-             repository.commit()
-         self.cmd('check', self.repository_location, exit_code=1)
-         self.cmd('check', '--repair', self.repository_location, exit_code=0)
--- 
-2.15.1
-
-
-From e09892caec8a63d59e909518c4e9c230dbd69774 Mon Sep 17 00:00:00 2001
-From: Thomas Waldmann <tw@waldmann-edv.de>
-Date: Sat, 16 Dec 2017 01:16:05 +0100
-Subject: [PATCH 2/2] check --repair: fix malfunctioning validator, fixes #3444
-
-the major problem was the ('path' in item) expression.
-the dict has bytes-typed keys there, so it never succeeded as it
-looked for a str key. this is a 1.1 regression, 1.0 was fine.
-
-the dict -> StableDict change is just for being more specific,
-the check triggered correctly as StableDict subclasses dict,
-it was just a bit too general.
----
- src/borg/archive.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/borg/archive.py b/src/borg/archive.py
-index 239d00b7..be086800 100644
---- a/src/borg/archive.py
-+++ b/src/borg/archive.py
-@@ -1457,7 +1457,7 @@ def robust_iterator(archive):
-             """
-             item_keys = frozenset(key.encode() for key in self.manifest.item_keys)
-             required_item_keys = frozenset(key.encode() for key in REQUIRED_ITEM_KEYS)
--            unpacker = RobustUnpacker(lambda item: isinstance(item, dict) and 'path' in item,
-+            unpacker = RobustUnpacker(lambda item: isinstance(item, StableDict) and b'path' in item,
-                                       self.manifest.item_keys)
-             _state = 0
- 
--- 
-2.15.1
-
diff --git a/gnu/packages/patches/chicken-CVE-2017-11343.patch b/gnu/packages/patches/chicken-CVE-2017-11343.patch
deleted file mode 100644
index 1d46ad50d9..0000000000
--- a/gnu/packages/patches/chicken-CVE-2017-11343.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Fix CVE-2017-11343:
-
-https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343
-
-Patch copied from upstream mailing list:
-
-http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt
-
-From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001
-From: Peter Bex <address@hidden>
-Date: Fri, 30 Jun 2017 15:39:45 +0200
-Subject: [PATCH 2/2] Initialize symbol table after setting up randomization
-
-Otherwise, the symbol table wouldn't be correctly randomized.
----
- NEWS      | 3 +++
- runtime.c | 2 +-
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-#diff --git a/NEWS b/NEWS
-#index f4b0e041..6588b30e 100644
-#--- a/NEWS
-#+++ b/NEWS
-#@@ -96,6 +96,9 @@
-#     buffer overrun and/or segfault (thanks to Lemonboy).
-#   - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
-#     #1375, thanks to "megane").
-#+  - The randomization factor of the symbol table was set before
-#+    the random seed was set, causing it to have a fixed value on many
-#+    platforms.
-# 
-# - Core Libraries
-#   - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
-diff --git a/runtime.c b/runtime.c
-index 81c54dd2..a4580abc 100644
---- a/runtime.c
-+++ b/runtime.c
-@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
-   C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD;
-   C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD;
-   memset(signal_mapping_table, 0, sizeof(int) * NSIG);
--  initialize_symbol_table();
-   C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable";
-   error_location = C_SCHEME_FALSE;
-   C_pre_gc_hook = NULL;
-@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
-   callback_continuation_level = 0;
-   gc_ms = 0;
-   (void)C_randomize(C_fix(time(NULL)));
-+  initialize_symbol_table();
- 
-   if (profiling) {
- #ifndef C_NONUNIX
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/chicken-CVE-2017-6949.patch b/gnu/packages/patches/chicken-CVE-2017-6949.patch
deleted file mode 100644
index 00552eec76..0000000000
--- a/gnu/packages/patches/chicken-CVE-2017-6949.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From: LemonBoy <thatlemon@gmail.com>
-Date: Fri, 10 Mar 2017 16:29:47 +0100
-Subject: [PATCH] Add bound checking to all srfi-4 vector allocations.
-
-Do what C_allocate_vector already does and prevent the creation of a
-vector that's too big or too small.
-We should be very careful to avoid the latter case because the
-allocation size is directly fed into `malloc' as 'x + sizeof(C_header)'
-thus making possible to successfully allocate a vector smaller than the
-C_header structure and get C_block_header_init to write over
-uninitialized memory.
-
-To reduce code duplication, type checking is moved from each of the
-make-*vector procedures to the common "alloc" helper procedure.
-
-Signed-off-by: Peter Bex <peter@more-magic.net>
-Signed-off-by: Kooda <kooda@upyum.com>
----
- srfi-4.scm | 34 +++++++++++++++-------------------
- 1 file changed, 15 insertions(+), 19 deletions(-)
-
-diff --git a/srfi-4.scm b/srfi-4.scm
-index 7f5412b..69f58ba 100644
---- a/srfi-4.scm
-+++ b/srfi-4.scm
-@@ -255,24 +255,28 @@ EOF
- 
- ;;; Basic constructors:
- 
--(let* ([ext-alloc
--	(foreign-lambda* scheme-object ([int bytes])
--	  "C_word *buf = (C_word *)C_malloc(bytes + sizeof(C_header));"
-+(let* ((ext-alloc
-+	(foreign-lambda* scheme-object ((size_t bytes))
-+	  "C_word *buf;"
-+	  "if (bytes > C_HEADER_SIZE_MASK) C_return(C_SCHEME_FALSE);"
-+	  "buf = (C_word *)C_malloc(bytes + sizeof(C_header));"
- 	  "if(buf == NULL) C_return(C_SCHEME_FALSE);"
- 	  "C_block_header_init(buf, C_make_header(C_BYTEVECTOR_TYPE, bytes));"
--	  "C_return(buf);") ]
--       [ext-free
--	(foreign-lambda* void ([scheme-object bv])
--	  "C_free((void *)C_block_item(bv, 1));") ]
--       [alloc
-+	  "C_return(buf);") )
-+       (ext-free
-+	(foreign-lambda* void ((scheme-object bv))
-+	  "C_free((void *)C_block_item(bv, 1));") )
-+       (alloc
- 	(lambda (loc len ext?)
-+	  (##sys#check-exact len loc)
-+	  (when (fx< len 0) (##sys#error loc "size is negative" len))
- 	  (if ext?
--	      (let ([bv (ext-alloc len)])
-+	      (let ((bv (ext-alloc len)))
- 		(or bv
- 		    (##sys#error loc "not enough memory - cannot allocate external number vector" len)) )
--	      (let ([bv (##sys#allocate-vector len #t #f #t)]) ; this could be made better...
-+	      (let ((bv (##sys#allocate-vector len #t #f #t))) ; this could be made better...
- 		(##core#inline "C_string_to_bytevector" bv)
--		bv) ) ) ] )
-+		bv) ) ) ) )
- 
-   (set! release-number-vector
-     (lambda (v)
-@@ -282,7 +286,6 @@ EOF
- 
-   (set! make-u8vector
-     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
--      (##sys#check-exact len 'make-u8vector)
-       (let ((v (##sys#make-structure 'u8vector (alloc 'make-u8vector len ext?))))
- 	(when (and ext? fin?) (set-finalizer! v ext-free))
- 	(if (not init)
-@@ -295,7 +298,6 @@ EOF
- 
-   (set! make-s8vector
-     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
--      (##sys#check-exact len 'make-s8vector)
-       (let ((v (##sys#make-structure 's8vector (alloc 'make-s8vector len ext?))))
- 	(when (and ext? fin?) (set-finalizer! v ext-free))
- 	(if (not init)
-@@ -308,7 +310,6 @@ EOF
- 
-   (set! make-u16vector
-     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
--      (##sys#check-exact len 'make-u16vector)
-       (let ((v (##sys#make-structure 'u16vector (alloc 'make-u16vector (##core#inline "C_fixnum_shift_left" len 1) ext?))))
- 	(when (and ext? fin?) (set-finalizer! v ext-free))
- 	(if (not init)
-@@ -321,7 +322,6 @@ EOF
- 
-   (set! make-s16vector
-     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
--      (##sys#check-exact len 'make-s16vector)
-       (let ((v (##sys#make-structure 's16vector (alloc 'make-s16vector (##core#inline "C_fixnum_shift_left" len 1) ext?))))
- 	(when (and ext? fin?) (set-finalizer! v ext-free))
- 	(if (not init)
-@@ -334,7 +334,6 @@ EOF
- 
-   (set! make-u32vector
-     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
--      (##sys#check-exact len 'make-u32vector)
-       (let ((v (##sys#make-structure 'u32vector (alloc 'make-u32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
- 	(when (and ext? fin?) (set-finalizer! v ext-free))
- 	(if (not init)
-@@ -347,7 +346,6 @@ EOF
- 
-   (set! make-s32vector
-     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
--      (##sys#check-exact len 'make-s32vector)
-       (let ((v (##sys#make-structure 's32vector (alloc 'make-s32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
- 	(when (and ext? fin?) (set-finalizer! v ext-free))
- 	(if (not init)
-@@ -360,7 +358,6 @@ EOF
- 
-   (set! make-f32vector
-     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
--      (##sys#check-exact len 'make-f32vector)
-       (let ((v (##sys#make-structure 'f32vector (alloc 'make-f32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
- 	(when (and ext? fin?) (set-finalizer! v ext-free))
- 	(if (not init)
-@@ -375,7 +372,6 @@ EOF
- 
-   (set! make-f64vector
-     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
--      (##sys#check-exact len 'make-f64vector)
-       (let ((v (##sys#make-structure
- 		'f64vector
- 		(alloc 'make-f64vector (##core#inline "C_fixnum_shift_left" len 3) ext?))))
---
-2.1.4
-
diff --git a/gnu/packages/patches/icecat-bug-1414945.patch b/gnu/packages/patches/icecat-bug-1414945.patch
new file mode 100644
index 0000000000..3638ace1c4
--- /dev/null
+++ b/gnu/packages/patches/icecat-bug-1414945.patch
@@ -0,0 +1,73 @@
+Based on:
+  https://hg.mozilla.org/releases/mozilla-esr52/raw-rev/d303b3bb88c3
+
+Adapted to apply cleanly to IceCat.
+
+# HG changeset patch
+# User Philip Chimento <philip.chimento@gmail.com>
+# Date 1510012155 28800
+# Node ID d303b3bb88c3345d3a089901e2b6fe883d148e44
+# Parent  0152d097672f7e99504815cf7b06d9f303419fba
+Bug 1414945 - Don't use TimeDuration in static initializer. r=jandem, a=ritu
+
+On Darwin this would cause a race between two static initializers.
+
+diff --git a/js/src/shell/js.cpp b/js/src/shell/js.cpp
+--- a/js/src/shell/js.cpp
++++ b/js/src/shell/js.cpp
+@@ -138,17 +138,17 @@ static const size_t gMaxStackSize = 2 * 
+ #else
+ static const size_t gMaxStackSize = 128 * sizeof(size_t) * 1024;
+ #endif
+ 
+ /*
+  * Limit the timeout to 30 minutes to prevent an overflow on platfoms
+  * that represent the time internally in microseconds using 32-bit int.
+  */
+-static const TimeDuration MAX_TIMEOUT_INTERVAL = TimeDuration::FromSeconds(1800.0);
++static const double MAX_TIMEOUT_SECONDS = 1800.0;
+ 
+ // SharedArrayBuffer and Atomics settings track IceCat.  Choose a custom setting
+ // with --shared-memory={on,off}.
+ #ifndef RELEASE_OR_BETA
+ # define SHARED_MEMORY_DEFAULT 1
+ #else
+ # define SHARED_MEMORY_DEFAULT 0
+ #endif
+@@ -3518,16 +3518,17 @@ Sleep_fn(JSContext* cx, unsigned argc, V
+         if (!ToNumber(cx, args[0], &t_secs))
+             return false;
+         if (mozilla::IsNaN(t_secs)) {
+             JS_ReportErrorASCII(cx, "sleep interval is not a number");
+             return false;
+         }
+ 
+         duration = TimeDuration::FromSeconds(Max(0.0, t_secs));
++        const TimeDuration MAX_TIMEOUT_INTERVAL = TimeDuration::FromSeconds(MAX_TIMEOUT_SECONDS);
+         if (duration > MAX_TIMEOUT_INTERVAL) {
+             JS_ReportErrorASCII(cx, "Excessive sleep interval");
+             return false;
+         }
+     }
+     {
+         LockGuard<Mutex> guard(sc->watchdogLock);
+         TimeStamp toWakeup = TimeStamp::Now() + duration;
+@@ -3675,16 +3676,17 @@ CancelExecution(JSContext* cx)
+ 
+ static bool
+ SetTimeoutValue(JSContext* cx, double t)
+ {
+     if (mozilla::IsNaN(t)) {
+         JS_ReportErrorASCII(cx, "timeout is not a number");
+         return false;
+     }
++    const TimeDuration MAX_TIMEOUT_INTERVAL = TimeDuration::FromSeconds(MAX_TIMEOUT_SECONDS);
+     if (TimeDuration::FromSeconds(t) > MAX_TIMEOUT_INTERVAL) {
+         JS_ReportErrorASCII(cx, "Excessive timeout value");
+         return false;
+     }
+     GetShellContext(cx)->timeoutInterval = t;
+     if (!ScheduleWatchdog(cx, t)) {
+         JS_ReportErrorASCII(cx, "Failed to create the watchdog");
+         return false;
+
diff --git a/gnu/packages/patches/icecat-bug-1424373-pt2.patch b/gnu/packages/patches/icecat-bug-1424373-pt2.patch
new file mode 100644
index 0000000000..cdc7226bd3
--- /dev/null
+++ b/gnu/packages/patches/icecat-bug-1424373-pt2.patch
@@ -0,0 +1,183 @@
+Based on:
+  https://hg.mozilla.org/releases/mozilla-esr52/raw-rev/19ea736e7e3d
+
+Adapted to apply cleanly to IceCat.
+
+# HG changeset patch
+# User Mike Conley <mconley@mozilla.com>
+# Date 1513892173 18000
+# Node ID 19ea736e7e3d20555ee6633b9d7803c1225979e1
+# Parent  320032aaa06899f5585dcd0288059e5342118714
+Bug 1424373 - Rename crash report submission pref. r=Mossop a=jcristau
+
+diff --git a/browser/app/profile/icecat.js b/browser/app/profile/icecat.js
+--- a/browser/app/profile/icecat.js
++++ b/browser/app/profile/icecat.js
+@@ -1557,15 +1557,15 @@ pref("browser.crashReports.unsubmittedCh
+ pref("browser.crashReports.unsubmittedCheck.enabled", false);
+ #endif
+ 
+ // chancesUntilSuppress is how many times we'll show the unsubmitted
+ // crash report notification across different days and shutdown
+ // without a user choice before we suppress the notification for
+ // some number of days.
+ pref("browser.crashReports.unsubmittedCheck.chancesUntilSuppress", 4);
+-pref("browser.crashReports.unsubmittedCheck.autoSubmit", false);
++pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
+ 
+ #ifdef NIGHTLY_BUILD
+ // Enable the (fairly costly) client/server validation on nightly only. The other prefs
+ // controlling validation are located in /services/sync/services-sync.js
+ pref("services.sync.validation.enabled", true);
+ #endif
+diff --git a/browser/base/content/test/tabcrashed/browser_autoSubmitRequest.js b/browser/base/content/test/tabcrashed/browser_autoSubmitRequest.js
+--- a/browser/base/content/test/tabcrashed/browser_autoSubmitRequest.js
++++ b/browser/base/content/test/tabcrashed/browser_autoSubmitRequest.js
+@@ -1,12 +1,12 @@
+ "use strict";
+ 
+ const PAGE = "data:text/html,<html><body>A%20regular,%20everyday,%20normal%20page.";
+-const AUTOSUBMIT_PREF = "browser.crashReports.unsubmittedCheck.autoSubmit";
++const AUTOSUBMIT_PREF = "browser.crashReports.unsubmittedCheck.autoSubmit2";
+ 
+ const {TabStateFlusher} =
+   Cu.import("resource:///modules/sessionstore/TabStateFlusher.jsm", {});
+ 
+ // On debug builds, crashing tabs results in much thinking, which
+ // slows down the test and results in intermittent test timeouts,
+ // so we'll pump up the expected timeout for this test.
+ requestLongerTimeout(2);
+diff --git a/browser/components/preferences/in-content/advanced.xul b/browser/components/preferences/in-content/advanced.xul
+--- a/browser/components/preferences/in-content/advanced.xul
++++ b/browser/components/preferences/in-content/advanced.xul
+@@ -51,18 +51,18 @@
+ #ifdef MOZ_TELEMETRY_REPORTING
+   <preference id="toolkit.telemetry.enabled"
+               name="toolkit.telemetry.enabled"
+               type="bool"/>
+ #endif
+ 
+   <!-- Data Choices tab -->
+ #ifdef MOZ_CRASHREPORTER
+-  <preference id="browser.crashReports.unsubmittedCheck.autoSubmit"
+-              name="browser.crashReports.unsubmittedCheck.autoSubmit"
++  <preference id="browser.crashReports.unsubmittedCheck.autoSubmit2"
++              name="browser.crashReports.unsubmittedCheck.autoSubmit2"
+               type="bool"/>
+ #endif
+ 
+   <!-- Network tab -->
+   <preference id="browser.cache.disk.capacity"
+               name="browser.cache.disk.capacity"
+               type="int"/>
+   <preference id="browser.offline-apps.notify"
+@@ -232,17 +232,17 @@
+           </hbox>
+         </vbox>
+       </groupbox>
+ #endif
+ #ifdef MOZ_CRASHREPORTER
+       <groupbox>
+         <caption>
+           <checkbox id="automaticallySubmitCrashesBox"
+-                    preference="browser.crashReports.unsubmittedCheck.autoSubmit"
++                    preference="browser.crashReports.unsubmittedCheck.autoSubmit2"
+                     label="&alwaysSubmitCrashReports.label;"
+                     accesskey="&alwaysSubmitCrashReports.accesskey;"/>
+         </caption>
+         <hbox class="indent">
+           <label flex="1">&crashReporterDesc2.label;</label>
+           <spacer flex="10"/>
+           <label id="crashReporterLearnMore"
+                  class="text-link">&crashReporterLearnMore.label;</label>
+diff --git a/browser/components/sessionstore/test/browser_background_tab_crash.js b/browser/components/sessionstore/test/browser_background_tab_crash.js
+--- a/browser/components/sessionstore/test/browser_background_tab_crash.js
++++ b/browser/components/sessionstore/test/browser_background_tab_crash.js
+@@ -142,17 +142,17 @@ add_task(function* test_background_crash
+ /**
+  * Tests that if a content process crashes taking down only
+  * background tabs, and the user is configured to send backlogged
+  * crash reports automatically, that the tab crashed page is not
+  * shown.
+  */
+ add_task(function* test_background_crash_autosubmit_backlogged() {
+   yield SpecialPowers.pushPrefEnv({
+-    set: [["browser.crashReports.unsubmittedCheck.autoSubmit", true]],
++    set: [["browser.crashReports.unsubmittedCheck.autoSubmit2", true]],
+   });
+ 
+   yield setupBackgroundTabs(function*([tab1, tab2]) {
+     // Let's crash one of those background tabs now...
+     yield crashBackgroundTabs([tab1, tab2]);
+ 
+     // Selecting the first tab should restore it.
+     let tabRestored = promiseTabRestored(tab1);
+diff --git a/browser/modules/ContentCrashHandlers.jsm b/browser/modules/ContentCrashHandlers.jsm
+--- a/browser/modules/ContentCrashHandlers.jsm
++++ b/browser/modules/ContentCrashHandlers.jsm
+@@ -865,21 +865,21 @@ this.UnsubmittedCrashHandler = {
+     return nb.appendNotification(message, notificationID,
+                                  "chrome://browser/skin/tab-crashed.svg",
+                                  nb.PRIORITY_INFO_HIGH, buttons,
+                                  eventCallback);
+   },
+ 
+   get autoSubmit() {
+     return Services.prefs
+-                   .getBoolPref("browser.crashReports.unsubmittedCheck.autoSubmit");
++                   .getBoolPref("browser.crashReports.unsubmittedCheck.autoSubmit2");
+   },
+ 
+   set autoSubmit(val) {
+-    Services.prefs.setBoolPref("browser.crashReports.unsubmittedCheck.autoSubmit",
++    Services.prefs.setBoolPref("browser.crashReports.unsubmittedCheck.autoSubmit2",
+                                val);
+   },
+ 
+   /**
+    * Attempt to submit reports to the crash report server. Each
+    * report will have the "SubmittedFromInfobar" extra key set
+    * to true.
+    *
+diff --git a/browser/modules/test/browser_UnsubmittedCrashHandler.js b/browser/modules/test/browser_UnsubmittedCrashHandler.js
+--- a/browser/modules/test/browser_UnsubmittedCrashHandler.js
++++ b/browser/modules/test/browser_UnsubmittedCrashHandler.js
+@@ -344,17 +344,17 @@ add_task(function* test_can_submit_sever
+   clearPendingCrashReports();
+ });
+ 
+ /**
+  * Tests that choosing "Send Always" flips the autoSubmit pref
+  * and sends the pending crash reports.
+  */
+ add_task(function* test_can_submit_always() {
+-  let pref = "browser.crashReports.unsubmittedCheck.autoSubmit";
++  let pref = "browser.crashReports.unsubmittedCheck.autoSubmit2";
+   Assert.equal(Services.prefs.getBoolPref(pref), false,
+                "We should not be auto-submitting by default");
+ 
+   let reportIDs = yield createPendingCrashReports(1);
+   let notification =
+     yield UnsubmittedCrashHandler.checkForUnsubmittedCrashReports();
+   Assert.ok(notification, "There should be a notification");
+ 
+@@ -388,17 +388,17 @@ add_task(function* test_can_submit_alway
+ 
+ /**
+  * Tests that if the user has chosen to automatically send
+  * crash reports that no notification is displayed to the
+  * user.
+  */
+ add_task(function* test_can_auto_submit() {
+   yield SpecialPowers.pushPrefEnv({ set: [
+-    ["browser.crashReports.unsubmittedCheck.autoSubmit", true],
++    ["browser.crashReports.unsubmittedCheck.autoSubmit2", true],
+   ]});
+ 
+   let reportIDs = yield createPendingCrashReports(3);
+   let promiseReports = waitForSubmittedReports(reportIDs);
+   let notification =
+     yield UnsubmittedCrashHandler.checkForUnsubmittedCrashReports();
+   Assert.equal(notification, null, "There should be no notification");
+   info("Waiting on reports to be received.");
+
diff --git a/gnu/packages/patches/libgxps-CVE-2017-11590.patch b/gnu/packages/patches/libgxps-CVE-2017-11590.patch
new file mode 100644
index 0000000000..9caa79b6f0
--- /dev/null
+++ b/gnu/packages/patches/libgxps-CVE-2017-11590.patch
@@ -0,0 +1,48 @@
+Fix CVE-2017-11590:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=785479
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11590
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libgxps/commit/?id=9d5d292055250ed298f3b89dc332d6db4003a031
+
+From 9d5d292055250ed298f3b89dc332d6db4003a031 Mon Sep 17 00:00:00 2001
+From: Marek Kasik <mkasik@redhat.com>
+Date: Wed, 26 Jul 2017 16:23:37 +0200
+Subject: archive: Check for pathname being NULL before dereferencing
+
+Check whether "archive_entry_pathname ()" returns a non-NULL pathname
+before using it to avoid a NULL pointer being dereferenced.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=785479
+---
+ libgxps/gxps-archive.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
+index acf8d7d..e763773 100644
+--- a/libgxps/gxps-archive.c
++++ b/libgxps/gxps-archive.c
+@@ -257,6 +257,7 @@ gxps_archive_initable_init (GInitable     *initable,
+ 	GXPSArchive          *archive;
+ 	ZipArchive           *zip;
+ 	struct archive_entry *entry;
++	const gchar          *pathname;
+ 
+ 	archive = GXPS_ARCHIVE (initable);
+ 
+@@ -281,7 +282,9 @@ gxps_archive_initable_init (GInitable     *initable,
+ 
+         while (gxps_zip_archive_iter_next (zip, &entry)) {
+                 /* FIXME: We can ignore directories here */
+-                g_hash_table_add (archive->entries, g_strdup (archive_entry_pathname (entry)));
++                pathname = archive_entry_pathname (entry);
++                if (pathname != NULL)
++                        g_hash_table_add (archive->entries, g_strdup (pathname));
+                 archive_read_data_skip (zip->archive);
+         }
+ 
+-- 
+cgit v0.12
+
diff --git a/gnu/packages/patches/python-pillow-fix-failing-tests.patch b/gnu/packages/patches/python-pillow-fix-failing-tests.patch
new file mode 100644
index 0000000000..2575d6f612
--- /dev/null
+++ b/gnu/packages/patches/python-pillow-fix-failing-tests.patch
diff --git a/gnu/packages/patches/python-pillow-freetype-2.7-test-failure.patch b/gnu/packages/patches/python-pillow-freetype-2.7-test-failure.patch
deleted file mode 100644
index 18bc30bc79..0000000000
--- a/gnu/packages/patches/python-pillow-freetype-2.7-test-failure.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-Fix some test failures when building with freetype-2.7.
-
-https://github.com/python-pillow/Pillow/issues/2116
-https://github.com/python-pillow/Pillow/pull/2286
-
-Patch copied from upstream source repository:
-
-https://github.com/python-pillow/Pillow/commit/acf68c835c93ba144f83198306aa7e6082a43f43
-
-From acf68c835c93ba144f83198306aa7e6082a43f43 Mon Sep 17 00:00:00 2001
-From: hugovk <hugovk@users.noreply.github.com>
-Date: Mon, 12 Dec 2016 15:16:43 +0200
-Subject: [PATCH] Increase epsilon for FreeType 2.7
-
----
- Tests/test_imagefont.py | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
-diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py
-index de89ac92..5207dce3 100644
---- a/Tests/test_imagefont.py
-+++ b/Tests/test_imagefont.py
-@@ -125,7 +125,9 @@ try:
- 
-             target = 'Tests/images/rectangle_surrounding_text.png'
-             target_img = Image.open(target)
--            self.assert_image_similar(im, target_img, .5)
-+
-+            # Epsilon ~.5 fails with FreeType 2.7
-+            self.assert_image_similar(im, target_img, 2.5)
- 
-         def test_render_multiline(self):
-             im = Image.new(mode='RGB', size=(300, 100))
-@@ -144,7 +146,7 @@ try:
-             # some versions of freetype have different horizontal spacing.
-             # setting a tight epsilon, I'm showing the original test failure
-             # at epsilon = ~38.
--            self.assert_image_similar(im, target_img, .5)
-+            self.assert_image_similar(im, target_img, 6.2)
- 
-         def test_render_multiline_text(self):
-             ttf = ImageFont.truetype(FONT_PATH, FONT_SIZE)
-@@ -158,7 +160,8 @@ try:
-             target = 'Tests/images/multiline_text.png'
-             target_img = Image.open(target)
- 
--            self.assert_image_similar(im, target_img, .5)
-+            # Epsilon ~.5 fails with FreeType 2.7
-+            self.assert_image_similar(im, target_img, 6.2)
- 
-             # Test that text() can pass on additional arguments
-             # to multiline_text()
-@@ -178,7 +181,8 @@ try:
-                 target = 'Tests/images/multiline_text'+ext+'.png'
-                 target_img = Image.open(target)
- 
--                self.assert_image_similar(im, target_img, .5)
-+                # Epsilon ~.5 fails with FreeType 2.7
-+                self.assert_image_similar(im, target_img, 6.2)
- 
-         def test_unknown_align(self):
-             im = Image.new(mode='RGB', size=(300, 100))
-@@ -227,7 +231,8 @@ try:
-             target = 'Tests/images/multiline_text_spacing.png'
-             target_img = Image.open(target)
- 
--            self.assert_image_similar(im, target_img, .5)
-+            # Epsilon ~.5 fails with FreeType 2.7
-+            self.assert_image_similar(im, target_img, 6.2)
- 
-         def test_rotated_transposed_font(self):
-             img_grey = Image.new("L", (100, 100))
--- 
-2.12.0
-