Merge branch 'master' into staging

7 files changed, 932 insertions, 59 deletions

diff --git a/gnu/packages/patches/beignet-correct-file-names.patch b/gnu/packages/patches/beignet-correct-file-names.patch
new file mode 100644
index 0000000000..2c5d0bbaea
--- /dev/null
+++ b/gnu/packages/patches/beignet-correct-file-names.patch
@@ -0,0 +1,32 @@
+Help CMake find Clang's libraries.
+Have it install the ICD file in the right place.
+
+diff --git a/CMake/FindLLVM.cmake b/CMake/FindLLVM.cmake
+index 5457f248..e8e8f94a 100644
+--- a/CMake/FindLLVM.cmake
++++ b/CMake/FindLLVM.cmake
+@@ -107,7 +107,7 @@ endif (LLVM_VERSION_NODOT VERSION_GREATER 34)
+ macro(add_one_lib name)
+   FIND_LIBRARY(CLANG_LIB
+     NAMES ${name}
+-    PATHS ${LLVM_LIBRARY_DIR} NO_DEFAULT_PATH)
++    PATHS ${CLANG_LIBRARY_DIR} NO_DEFAULT_PATH)
+   set(CLANG_LIBRARIES ${CLANG_LIBRARIES} ${CLANG_LIB})
+ 	unset(CLANG_LIB CACHE)
+ endmacro()
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index c11acbb2..fb99e5c8 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -217,7 +217,7 @@ IF(OCLIcd_FOUND)
+     "intel-beignet.icd.in"
+     "${ICD_FILE_NAME}"
+   )
+-  install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${ICD_FILE_NAME} DESTINATION /etc/OpenCL/vendors)
++  install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${ICD_FILE_NAME} DESTINATION etc/OpenCL/vendors COMPONENT config)
+ ELSE(OCLIcd_FOUND)
+   MESSAGE(STATUS "Looking for OCL ICD header file - not found")
+   MESSAGE(FATAL_ERROR "OCL ICD loader miss. If you really want to disable OCL ICD support, please run cmake with option -DOCLICD_COMPAT=0.")
+--
+2.14.3
+
diff --git a/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch b/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch
deleted file mode 100644
index b90017fdb4..0000000000
--- a/gnu/packages/patches/emacs-browse-at-remote-cgit-gnu.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
-
-This patch adds a support for Git repositories hosted on git.savannah.gnu.org.
-
-Upstream bug URL:
-
-https://github.com/rmuslimov/browse-at-remote/pull/46
-
-From cd2ccdaef8b1d97337d790175f71cc3dbcfcff64 Mon Sep 17 00:00:00 2001
-From: Oleg Pykhalov <go.wigust@gmail.com>
-Date: Fri, 26 Jan 2018 00:05:30 +0300
-Subject: [PATCH] Add support for repositories that are hosted on gnu cgit
-
----
- browse-at-remote.el | 21 ++++++++++++++++++++-
- 1 file changed, 20 insertions(+), 1 deletion(-)
-
-diff --git a/browse-at-remote.el b/browse-at-remote.el
-index 66967b3..e210d18 100644
---- a/browse-at-remote.el
-+++ b/browse-at-remote.el
-@@ -44,7 +44,8 @@
- (defcustom browse-at-remote-remote-type-domains
-   '(("bitbucket.org" ."bitbucket")
-     ("github.com" . "github")
--    ("gitlab.com" . "gitlab"))
-+    ("gitlab.com" . "gitlab")
-+    ("git.savannah.gnu.org" . "gnu"))
-   "Alist of domain patterns to remote types."
- 
-   :type '(alist :key-type (string :tag "Domain")
-@@ -199,6 +200,24 @@ If HEAD is detached, return nil."
-     (if (fboundp formatter)
-         formatter nil)))
- 
-+(defun browse-at-remote-gnu-format-url (repo-url)
-+  "Get a gnu formatted URL."
-+  (replace-regexp-in-string
-+   (concat "https://" (car (rassoc "gnu" browse-at-remote-remote-type-domains))
-+           "/\\(git\\).*\\'")
-+   "cgit" repo-url nil nil 1))
-+
-+(defun browse-at-remote--format-region-url-as-gnu (repo-url location filename &optional linestart lineend)
-+  "URL formatter for gnu."
-+  (let ((repo-url (browse-at-remote-gnu-format-url repo-url)))
-+    (cond
-+     (linestart (format "%s.git/tree/%s?h=%s#n%d" repo-url filename location linestart))
-+     (t (format "%s.git/tree/%s?h=%s" repo-url filename location)))))
-+
-+(defun browse-at-remote--format-commit-url-as-gnu (repo-url commithash)
-+  "Commit URL formatted for gnu"
-+  (format "%s.git/commit/?id=%s" (browse-at-remote-gnu-format-url repo-url) commithash))
-+
- (defun browse-at-remote--format-region-url-as-github (repo-url location filename &optional linestart lineend)
-   "URL formatted for github."
-   (cond
--- 
-2.15.1
-
diff --git a/gnu/packages/patches/gcc-8-strmov-store-file-names.patch b/gnu/packages/patches/gcc-8-strmov-store-file-names.patch
new file mode 100644
index 0000000000..f8e6b951b2
--- /dev/null
+++ b/gnu/packages/patches/gcc-8-strmov-store-file-names.patch
@@ -0,0 +1,110 @@
+Make sure that statements such as:
+
+  strcpy (dst, "/gnu/store/…");
+
+or
+
+  static const char str[] = "/gnu/store/…";
+  …
+  strcpy (dst, str);
+
+do not result in chunked /gnu/store strings that are undetectable by
+Guix's GC and its grafting code.  See <https://bugs.gnu.org/24703>
+and <https://bugs.gnu.org/30395>.
+
+--- gcc-5.3.0/gcc/builtins.c	2016-10-18 10:50:46.080616285 +0200
++++ gcc-5.3.0/gcc/builtins.c	2016-11-09 15:26:43.693042737 +0100
+@@ -3012,6 +3012,58 @@ determine_block_size (tree len, rtx len_rtx,
+ 			  GET_MODE_MASK (GET_MODE (len_rtx)));
+ }
+ 
++extern void debug_tree (tree);
++
++/* Return true if STR contains the string "/gnu/store".  */
++
++bool
++store_reference_p (tree str)
++{
++  if (getenv ("GUIX_GCC_DEBUG") != NULL)
++    debug_tree (str);
++
++  if (TREE_CODE (str) == ADDR_EXPR)
++    str = TREE_OPERAND (str, 0);
++
++  if (TREE_CODE (str) == VAR_DECL
++      && TREE_STATIC (str)
++      && TREE_READONLY (str))
++    {
++      /* STR may be a 'static const' variable whose initial value
++         is a string constant.  See <https://bugs.gnu.org/30395>.  */
++      str = DECL_INITIAL (str);
++      if (str == NULL_TREE)
++        return false;
++    }
++
++  if (TREE_CODE (str) != STRING_CST)
++    return false;
++
++  int len;
++  const char *store;
++
++  store = getenv ("NIX_STORE") ? getenv ("NIX_STORE") : "/gnu/store";
++  len = strlen (store);
++
++  /* Size of the hash part of store file names, including leading slash and
++     trailing hyphen.  */
++  const int hash_len = 34;
++
++  if (TREE_STRING_LENGTH (str) < len + hash_len)
++    return false;
++
++  /* We cannot use 'strstr' because 'TREE_STRING_POINTER' returns a string
++     that is not necessarily NUL-terminated.  */
++
++  for (int i = 0; i < TREE_STRING_LENGTH (str) - (len + hash_len); i++)
++    {
++      if (strncmp (TREE_STRING_POINTER (str) + i, store, len) == 0)
++	return true;
++    }
++
++  return false;
++}
++
+ /* Try to verify that the sizes and lengths of the arguments to a string
+    manipulation function given by EXP are within valid bounds and that
+    the operation does not lead to buffer overflow or read past the end.
+@@ -3605,6 +3657,13 @@ expand_builtin_memory_copy_args (tree dest, tree src, tree len,
+   unsigned HOST_WIDE_INT max_size;
+   unsigned HOST_WIDE_INT probable_max_size;
+ 
++  /* Do not emit block moves, which translate to the 'movabs' instruction on
++     x86_64, when SRC refers to store items.  That way, store references
++     remain visible to the Guix GC and grafting code.  See
++     <https://bugs.gnu.org/24703>.  */
++  if (store_reference_p (src))
++    return NULL_RTX;
++
+   /* If DEST is not a pointer type, call the normal function.  */
+   if (dest_align == 0)
+     return NULL_RTX;
+--- gcc-5.5.0/gcc/gimple-fold.c	2018-03-20 11:36:16.709442004 +0100
++++ gcc-5.5.0/gcc/gimple-fold.c	2018-03-20 11:46:43.838487065 +0100
+@@ -635,6 +635,8 @@ var_decl_component_p (tree var)
+   return SSA_VAR_P (inner);
+ }
+ 
++extern bool store_reference_p (tree);
++
+ /* If the SIZE argument representing the size of an object is in a range
+    of values of which exactly one is valid (and that is zero), return
+    true, otherwise false.  */
+@@ -742,6 +744,9 @@ gimple_fold_builtin_memory_op (gimple_stmt_iterator *gsi,
+       off0 = build_int_cst (build_pointer_type_for_mode (char_type_node,
+ 							 ptr_mode, true), 0);
+ 
++      if (store_reference_p (src))
++        return false;
++
+       /* If we can perform the copy efficiently with first doing all loads
+          and then all stores inline it that way.  Currently efficiently
+ 	 means that we can load all the memory into a single integer
diff --git a/gnu/packages/patches/icecat-bug-1413868-pt1.patch b/gnu/packages/patches/icecat-bug-1413868-pt1.patch
new file mode 100644
index 0000000000..18382dc33a
--- /dev/null
+++ b/gnu/packages/patches/icecat-bug-1413868-pt1.patch
@@ -0,0 +1,663 @@
+Based on <https://hg.mozilla.org/releases/mozilla-esr52/rev/431fa5dd4016>
+Adapted to apply cleanly to GNU IceCat.
+
+# HG changeset patch
+# User Honza Bambas <honzab.moz@firemni.cz>
+# Date 1528830658 14400
+# Node ID 431fa5dd4016bdab7e4bb0d3c4df85468fe337b0
+# Parent  e8e9e1ef79f2a18c61ec1b87cfb214c8d4960f8e
+Bug 1413868. r=valentin, a=RyanVM
+
+diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
+--- a/toolkit/xre/nsAppRunner.cpp
++++ b/toolkit/xre/nsAppRunner.cpp
+@@ -4,16 +4,17 @@
+  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
+ #include "mozilla/dom/ContentParent.h"
+ #include "mozilla/dom/ContentChild.h"
+ #include "mozilla/ipc/GeckoChildProcessHost.h"
+ 
+ #include "mozilla/ArrayUtils.h"
+ #include "mozilla/Attributes.h"
++#include "mozilla/FilePreferences.h"
+ #include "mozilla/ChaosMode.h"
+ #include "mozilla/IOInterposer.h"
+ #include "mozilla/Likely.h"
+ #include "mozilla/MemoryChecking.h"
+ #include "mozilla/Poison.h"
+ #include "mozilla/Preferences.h"
+ #include "mozilla/ScopeExit.h"
+ #include "mozilla/Services.h"
+@@ -4304,16 +4305,20 @@ XREMain::XRE_mainRun()
+       // Need to write out the fact that the profile has been removed and potentially
+       // that the selected/default profile changed.
+       mProfileSvc->Flush();
+     }
+   }
+ 
+   mDirProvider.DoStartup();
+ 
++  // As FilePreferences need the profile directory, we must initialize right here.
++  mozilla::FilePreferences::InitDirectoriesWhitelist();
++  mozilla::FilePreferences::InitPrefs();
++
+   OverrideDefaultLocaleIfNeeded();
+ 
+ #ifdef MOZ_CRASHREPORTER
+   nsCString userAgentLocale;
+   // Try a localized string first. This pref is always a localized string in
+   // IceCatMobile, and might be elsewhere, too.
+   if (NS_SUCCEEDED(Preferences::GetLocalizedCString("general.useragent.locale", &userAgentLocale))) {
+     CrashReporter::AnnotateCrashReport(NS_LITERAL_CSTRING("useragent_locale"), userAgentLocale);
+diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp
+--- a/toolkit/xre/nsEmbedFunctions.cpp
++++ b/toolkit/xre/nsEmbedFunctions.cpp
+@@ -46,16 +46,17 @@
+ #include "nsX11ErrorHandler.h"
+ #include "nsGDKErrorHandler.h"
+ #include "base/at_exit.h"
+ #include "base/command_line.h"
+ #include "base/message_loop.h"
+ #include "base/process_util.h"
+ #include "chrome/common/child_process.h"
+ 
++#include "mozilla/FilePreferences.h"
+ #include "mozilla/ipc/BrowserProcessSubThread.h"
+ #include "mozilla/ipc/GeckoChildProcessHost.h"
+ #include "mozilla/ipc/IOThreadChild.h"
+ #include "mozilla/ipc/ProcessChild.h"
+ #include "ScopedXREEmbed.h"
+ 
+ #include "mozilla/plugins/PluginProcessChild.h"
+ #include "mozilla/dom/ContentProcess.h"
+@@ -680,16 +681,18 @@ XRE_InitChildProcess(int aArgc,
+       ::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY);
+ #endif
+ 
+ #if defined(MOZ_SANDBOX) && defined(XP_WIN)
+       // We need to do this after the process has been initialised, as
+       // InitLoggingIfRequired may need access to prefs.
+       mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction);
+ #endif
++      mozilla::FilePreferences::InitDirectoriesWhitelist();
++      mozilla::FilePreferences::InitPrefs();
+ 
+       OverrideDefaultLocaleIfNeeded();
+ 
+ #if defined(MOZ_CRASHREPORTER)
+ #if defined(MOZ_CONTENT_SANDBOX) && !defined(MOZ_WIDGET_GONK)
+       AddContentSandboxLevelAnnotation();
+ #endif
+ #endif
+diff --git a/xpcom/io/FilePreferences.cpp b/xpcom/io/FilePreferences.cpp
+new file mode 100644
+--- /dev/null
++++ b/xpcom/io/FilePreferences.cpp
+@@ -0,0 +1,271 @@
++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
++/* vim: set ts=8 sts=2 et sw=2 tw=80: */
++/* This Source Code Form is subject to the terms of the Mozilla Public
++* License, v. 2.0. If a copy of the MPL was not distributed with this
++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#include "FilePreferences.h"
++
++#include "mozilla/Preferences.h"
++#include "nsAppDirectoryServiceDefs.h"
++#include "nsDirectoryServiceDefs.h"
++#include "nsDirectoryServiceUtils.h"
++
++namespace mozilla {
++namespace FilePreferences {
++
++static bool sBlockUNCPaths = false;
++typedef nsTArray<nsString> Paths;
++
++static Paths& PathArray()
++{
++  static Paths sPaths;
++  return sPaths;
++}
++
++static void AllowDirectory(char const* directory)
++{
++  nsCOMPtr<nsIFile> file;
++  NS_GetSpecialDirectory(directory, getter_AddRefs(file));
++  if (!file) {
++    return;
++  }
++
++  nsString path;
++  if (NS_FAILED(file->GetTarget(path))) {
++    return;
++  }
++
++  // The whitelist makes sense only for UNC paths, because this code is used
++  // to block only UNC paths, hence, no need to add non-UNC directories here
++  // as those would never pass the check.
++  if (!StringBeginsWith(path, NS_LITERAL_STRING("\\\\"))) {
++    return;
++  }
++
++  if (!PathArray().Contains(path)) {
++    PathArray().AppendElement(path);
++  }
++}
++
++void InitPrefs()
++{
++  sBlockUNCPaths = Preferences::GetBool("network.file.disable_unc_paths", false);
++}
++
++void InitDirectoriesWhitelist()
++{
++  // NS_GRE_DIR is the installation path where the binary resides.
++  AllowDirectory(NS_GRE_DIR);
++  // NS_APP_USER_PROFILE_50_DIR and NS_APP_USER_PROFILE_LOCAL_50_DIR are the two
++  // parts of the profile we store permanent and local-specific data.
++  AllowDirectory(NS_APP_USER_PROFILE_50_DIR);
++  AllowDirectory(NS_APP_USER_PROFILE_LOCAL_50_DIR);
++}
++
++namespace { // anon
++
++class Normalizer
++{
++public:
++  Normalizer(const nsAString& aFilePath, const char16_t aSeparator);
++  bool Get(nsAString& aNormalizedFilePath);
++
++private:
++  bool ConsumeItem();
++  bool ConsumeSeparator();
++  bool IsEOF() { return mFilePathCursor == mFilePathEnd; }
++
++  bool ConsumeName();
++  bool CheckParentDir();
++  bool CheckCurrentDir();
++
++  nsString::const_char_iterator mFilePathCursor;
++  nsString::const_char_iterator mFilePathEnd;
++
++  nsDependentSubstring mItem;
++  char16_t const mSeparator;
++  nsTArray<nsDependentSubstring> mStack;
++};
++
++Normalizer::Normalizer(const nsAString& aFilePath, const char16_t aSeparator)
++  : mFilePathCursor(aFilePath.BeginReading())
++  , mFilePathEnd(aFilePath.EndReading())
++  , mSeparator(aSeparator)
++{
++}
++
++bool Normalizer::ConsumeItem()
++{
++  if (IsEOF()) {
++    return false;
++  }
++
++  nsString::const_char_iterator nameBegin = mFilePathCursor;
++  while (mFilePathCursor != mFilePathEnd) {
++    if (*mFilePathCursor == mSeparator) {
++      break; // don't include the separator
++    }
++    ++mFilePathCursor;
++  }
++
++  mItem.Rebind(nameBegin, mFilePathCursor);
++  return true;
++}
++
++bool Normalizer::ConsumeSeparator()
++{
++  if (IsEOF()) {
++    return false;
++  }
++
++  if (*mFilePathCursor != mSeparator) {
++    return false;
++  }
++
++  ++mFilePathCursor;
++  return true;
++}
++
++bool Normalizer::Get(nsAString& aNormalizedFilePath)
++{
++  aNormalizedFilePath.Truncate();
++
++  if (IsEOF()) {
++    return true;
++  }
++  if (ConsumeSeparator()) {
++    aNormalizedFilePath.Append(mSeparator);
++  }
++
++  if (IsEOF()) {
++    return true;
++  }
++  if (ConsumeSeparator()) {
++    aNormalizedFilePath.Append(mSeparator);
++  }
++
++  while (!IsEOF()) {
++    if (!ConsumeName()) {
++      return false;
++    }
++  }
++
++  for (auto const& name : mStack) {
++    aNormalizedFilePath.Append(name);
++  }
++
++  return true;
++}
++
++bool Normalizer::ConsumeName()
++{
++  if (!ConsumeItem()) {
++    return true;
++  }
++
++  if (CheckCurrentDir()) {
++    return true;
++  }
++
++  if (CheckParentDir()) {
++    if (!mStack.Length()) {
++      // This means there are more \.. than valid names
++      return false;
++    }
++
++    mStack.RemoveElementAt(mStack.Length() - 1);
++    return true;
++  }
++
++  if (mItem.IsEmpty()) {
++    // this means an empty name (a lone slash), which is illegal
++    return false;
++  }
++
++  if (ConsumeSeparator()) {
++    mItem.Rebind(mItem.BeginReading(), mFilePathCursor);
++  }
++  mStack.AppendElement(mItem);
++
++  return true;
++}
++
++bool Normalizer::CheckCurrentDir()
++{
++  if (mItem == NS_LITERAL_STRING(".")) {
++    ConsumeSeparator();
++    // EOF is acceptable
++    return true;
++  }
++
++  return false;
++}
++
++bool Normalizer::CheckParentDir()
++{
++  if (mItem == NS_LITERAL_STRING("..")) {
++    ConsumeSeparator();
++    // EOF is acceptable
++    return true;
++  }
++
++  return false;
++}
++
++} // anon
++
++bool IsBlockedUNCPath(const nsAString& aFilePath)
++{
++  if (!sBlockUNCPaths) {
++    return false;
++  }
++
++  if (!StringBeginsWith(aFilePath, NS_LITERAL_STRING("\\\\"))) {
++    return false;
++  }
++
++  nsAutoString normalized;
++  if (!Normalizer(aFilePath, L'\\').Get(normalized)) {
++    // Broken paths are considered invalid and thus inaccessible
++    return true;
++  }
++
++  for (const auto& allowedPrefix : PathArray()) {
++    if (StringBeginsWith(normalized, allowedPrefix)) {
++      if (normalized.Length() == allowedPrefix.Length()) {
++        return false;
++      }
++      if (normalized[allowedPrefix.Length()] == L'\\') {
++        return false;
++      }
++
++      // When we are here, the path has a form "\\path\prefixevil"
++      // while we have an allowed prefix of "\\path\prefix".
++      // Note that we don't want to add a slash to the end of a prefix
++      // so that opening the directory (no slash at the end) still works.
++      break;
++    }
++  }
++
++  return true;
++}
++
++void testing::SetBlockUNCPaths(bool aBlock)
++{
++  sBlockUNCPaths = aBlock;
++}
++
++void testing::AddDirectoryToWhitelist(nsAString const & aPath)
++{
++  PathArray().AppendElement(aPath);
++}
++
++bool testing::NormalizePath(nsAString const & aPath, nsAString & aNormalized)
++{
++  Normalizer normalizer(aPath, L'\\');
++  return normalizer.Get(aNormalized);
++}
++
++} // ::FilePreferences
++} // ::mozilla
+diff --git a/xpcom/io/FilePreferences.h b/xpcom/io/FilePreferences.h
+new file mode 100644
+--- /dev/null
++++ b/xpcom/io/FilePreferences.h
+@@ -0,0 +1,25 @@
++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
++/* vim: set ts=8 sts=2 et sw=2 tw=80: */
++/* This Source Code Form is subject to the terms of the Mozilla Public
++* License, v. 2.0. If a copy of the MPL was not distributed with this
++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#include "nsIObserver.h"
++
++namespace mozilla {
++namespace FilePreferences {
++
++void InitPrefs();
++void InitDirectoriesWhitelist();
++bool IsBlockedUNCPath(const nsAString& aFilePath);
++
++namespace testing {
++
++void SetBlockUNCPaths(bool aBlock);
++void AddDirectoryToWhitelist(nsAString const& aPath);
++bool NormalizePath(nsAString const & aPath, nsAString & aNormalized);
++
++}
++
++} // FilePreferences
++} // mozilla
+diff --git a/xpcom/io/moz.build b/xpcom/io/moz.build
+--- a/xpcom/io/moz.build
++++ b/xpcom/io/moz.build
+@@ -79,24 +79,26 @@ EXPORTS += [
+     'nsUnicharInputStream.h',
+     'nsWildCard.h',
+     'SlicedInputStream.h',
+     'SpecialSystemDirectory.h',
+ ]
+ 
+ EXPORTS.mozilla += [
+     'Base64.h',
++    'FilePreferences.h',
+     'SnappyCompressOutputStream.h',
+     'SnappyFrameUtils.h',
+     'SnappyUncompressInputStream.h',
+ ]
+ 
+ UNIFIED_SOURCES += [
+     'Base64.cpp',
+     'crc32c.c',
++    'FilePreferences.cpp',
+     'nsAnonymousTemporaryFile.cpp',
+     'nsAppFileLocationProvider.cpp',
+     'nsBinaryStream.cpp',
+     'nsDirectoryService.cpp',
+     'nsEscape.cpp',
+     'nsInputStreamTee.cpp',
+     'nsIOUtil.cpp',
+     'nsLinebreakConverter.cpp',
+diff --git a/xpcom/io/nsLocalFileWin.cpp b/xpcom/io/nsLocalFileWin.cpp
+--- a/xpcom/io/nsLocalFileWin.cpp
++++ b/xpcom/io/nsLocalFileWin.cpp
+@@ -41,16 +41,17 @@
+ #include  <stdio.h>
+ #include  <stdlib.h>
+ #include  <mbstring.h>
+ 
+ #include "nsXPIDLString.h"
+ #include "prproces.h"
+ #include "prlink.h"
+ 
++#include "mozilla/FilePreferences.h"
+ #include "mozilla/Mutex.h"
+ #include "SpecialSystemDirectory.h"
+ 
+ #include "nsTraceRefcnt.h"
+ #include "nsXPCOMCIDInternal.h"
+ #include "nsThreadUtils.h"
+ #include "nsXULAppAPI.h"
+ 
+@@ -1162,16 +1163,20 @@ nsLocalFile::InitWithPath(const nsAStrin
+   char16_t secondChar = *(++begin);
+ 
+   // just do a sanity check.  if it has any forward slashes, it is not a Native path
+   // on windows.  Also, it must have a colon at after the first char.
+   if (FindCharInReadable(L'/', begin, end)) {
+     return NS_ERROR_FILE_UNRECOGNIZED_PATH;
+   }
+ 
++  if (FilePreferences::IsBlockedUNCPath(aFilePath)) {
++    return NS_ERROR_FILE_ACCESS_DENIED;
++  }
++
+   if (secondChar != L':' && (secondChar != L'\\' || firstChar != L'\\')) {
+     return NS_ERROR_FILE_UNRECOGNIZED_PATH;
+   }
+ 
+   if (secondChar == L':') {
+     // Make sure we have a valid drive, later code assumes the drive letter
+     // is a single char a-z or A-Z.
+     if (PathGetDriveNumberW(aFilePath.Data()) == -1) {
+@@ -1974,16 +1979,20 @@ nsLocalFile::CopySingleFile(nsIFile* aSo
+     bool path1Remote, path2Remote;
+     if (!IsRemoteFilePath(filePath.get(), path1Remote) ||
+         !IsRemoteFilePath(destPath.get(), path2Remote) ||
+         path1Remote || path2Remote) {
+       dwCopyFlags |= COPY_FILE_NO_BUFFERING;
+     }
+   }
+ 
++  if (FilePreferences::IsBlockedUNCPath(destPath)) {
++    return NS_ERROR_FILE_ACCESS_DENIED;
++  }
++
+   if (!move) {
+     copyOK = ::CopyFileExW(filePath.get(), destPath.get(), nullptr,
+                            nullptr, nullptr, dwCopyFlags);
+   } else {
+     copyOK = ::MoveFileExW(filePath.get(), destPath.get(),
+                            MOVEFILE_REPLACE_EXISTING);
+ 
+     // Check if copying the source file to a different volume,
+diff --git a/xpcom/tests/gtest/TestFilePreferencesWin.cpp b/xpcom/tests/gtest/TestFilePreferencesWin.cpp
+new file mode 100644
+--- /dev/null
++++ b/xpcom/tests/gtest/TestFilePreferencesWin.cpp
+@@ -0,0 +1,141 @@
++#include "gtest/gtest.h"
++
++#include "mozilla/FilePreferences.h"
++#include "nsIFile.h"
++#include "nsXPCOMCID.h"
++
++TEST(FilePreferencesWin, Normalization)
++{
++  nsAutoString normalized;
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("foo"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\foo"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\foo"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("foo\\some"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo\\some"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\foo"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\."), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\."), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\."), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\.\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\..\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\.."), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\..\\bar\\..\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\..\\bar"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\bar"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\.\\..\\.\\..\\"), normalized);
++  ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\"));
++
++  bool result;
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.."), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\..\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\..\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\\\bar"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\..\\..\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\.\\\\"), normalized);
++  ASSERT_FALSE(result);
++
++  result = mozilla::FilePreferences::testing::NormalizePath(
++    NS_LITERAL_STRING("\\\\..\\\\"), normalized);
++  ASSERT_FALSE(result);
++}
++
++TEST(FilePreferencesWin, AccessUNC)
++{
++  nsCOMPtr<nsIFile> lf = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID);
++
++  nsresult rv;
++
++  mozilla::FilePreferences::testing::SetBlockUNCPaths(false);
++
++  rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share"));
++  ASSERT_EQ(rv, NS_OK);
++
++  mozilla::FilePreferences::testing::SetBlockUNCPaths(true);
++
++  rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share"));
++  ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED);
++
++  mozilla::FilePreferences::testing::AddDirectoryToWhitelist(NS_LITERAL_STRING("\\\\nice"));
++
++  rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\share"));
++  ASSERT_EQ(rv, NS_OK);
++
++  rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share"));
++  ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED);
++}
+diff --git a/xpcom/tests/gtest/moz.build b/xpcom/tests/gtest/moz.build
+--- a/xpcom/tests/gtest/moz.build
++++ b/xpcom/tests/gtest/moz.build
+@@ -51,16 +51,21 @@ UNIFIED_SOURCES += [
+ if CONFIG['MOZ_DEBUG'] and CONFIG['OS_ARCH'] not in ('WINNT') and CONFIG['OS_TARGET'] != 'Android':
+     # FIXME bug 523392: TestDeadlockDetector doesn't like Windows
+     # Bug 1054249: Doesn't work on Android
+     UNIFIED_SOURCES += [
+         'TestDeadlockDetector.cpp',
+         'TestDeadlockDetectorScalability.cpp',
+     ]
+ 
++if CONFIG['OS_TARGET'] == 'WINNT':
++    UNIFIED_SOURCES += [
++        'TestFilePreferencesWin.cpp',
++    ]
++
+ if CONFIG['WRAP_STL_INCLUDES'] and not CONFIG['CLANG_CL']:
+     UNIFIED_SOURCES += [
+         'TestSTLWrappers.cpp',
+     ]
+ 
+ # Compile TestAllocReplacement separately so Windows headers don't pollute
+ # the global namespace for other files.
+ SOURCES += [
+
diff --git a/gnu/packages/patches/libtiff-CVE-2018-10963.patch b/gnu/packages/patches/libtiff-CVE-2018-10963.patch
new file mode 100644
index 0000000000..d31c12399d
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2018-10963.patch
@@ -0,0 +1,40 @@
+Fix CVE-2018-10963:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2795
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
+
+From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 14:24:15 +0200
+Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2795. CVE-2018-10963
+
+---
+ libtiff/tif_dirwrite.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index 2430de6d..c15a28db 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
+ 								}
+ 								break;
+ 							default:
+-								assert(0);   /* we should never get here */
+-								break;
++								TIFFErrorExt(tif->tif_clientdata,module,
++								            "Cannot write tag %d (%s)",
++								            TIFFFieldTag(o),
++                                                                            o->field_name ? o->field_name : "unknown");
++								goto bad;
+ 						}
+ 					}
+ 				}
+-- 
+2.17.0
+
diff --git a/gnu/packages/patches/libtiff-CVE-2018-8905.patch b/gnu/packages/patches/libtiff-CVE-2018-8905.patch
new file mode 100644
index 0000000000..f49815789e
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2018-8905.patch
@@ -0,0 +1,61 @@
+Fix CVE-2018-8095:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2780
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
+
+From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 15:32:31 +0200
+Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / CVE-2018-8905
+
+The fix consists in using the similar code LZWDecode() to validate we
+don't write outside of the output buffer.
+---
+ libtiff/tif_lzw.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index 4ccb443c..94d85e38 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ 	char *tp;
+ 	unsigned char *bp;
+ 	int code, nbits;
++	int len;
+ 	long nextbits, nextdata, nbitsmask;
+ 	code_t *codep, *free_entp, *maxcodep, *oldcodep;
+ 
+@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ 				}  while (--occ);
+ 				break;
+ 			}
+-			assert(occ >= codep->length);
+-			op += codep->length;
+-			occ -= codep->length;
+-			tp = op;
++			len = codep->length;
++			tp = op + len;
+ 			do {
+-				*--tp = codep->value;
+-			} while( (codep = codep->next) != NULL );
++				int t;
++				--tp;
++				t = codep->value;
++				codep = codep->next;
++				*tp = (char)t;
++			} while (codep && tp > op);
++			assert(occ >= len);
++			op += len;
++			occ -= len;
+ 		} else {
+ 			*op++ = (char)code;
+ 			occ--;
+-- 
+2.17.0
+
diff --git a/gnu/packages/patches/qtoctave-qt-5.11-fix.patch b/gnu/packages/patches/qtoctave-qt-5.11-fix.patch
new file mode 100644
index 0000000000..67317d1b36
--- /dev/null
+++ b/gnu/packages/patches/qtoctave-qt-5.11-fix.patch
@@ -0,0 +1,26 @@
+This patch comes from upstream:
+https://hg.savannah.gnu.org/hgweb/octave/rev/cdaa884568b1.
+
+# HG changeset patch
+# User Mike Miller <mtmiller@octave.org>
+# Date 1527214835 25200
+# Node ID cdaa884568b159549bd373f04386ff62417f6df9
+# Parent  9e39a53b4e007d3f79f88b711ab9fa5f2f24fbc9
+add Qt include needed to build against Qt 5.11 (bug #53978)
+
+* settings-dialog.cc: Add missing include for <QButtonGroup> to fix build
+failure with Qt 5.11.
+
+diff --git a/libgui/src/settings-dialog.cc b/libgui/src/settings-dialog.cc
+--- a/libgui/src/settings-dialog.cc
++++ b/libgui/src/settings-dialog.cc
+@@ -34,6 +34,8 @@
+ #include "workspace-model.h"
+ #include "settings-dialog.h"
+ #include "ui-settings-dialog.h"
++
++#include <QButtonGroup>
+ #include <QDir>
+ #include <QFileInfo>
+ #include <QFileDialog>
+