Security and patch rollup for FPR2 from ESR52

[classilla]

From esr52

stopped at M1378826 commit 98ff43fb228a
through M1367692

Not relevant:
M1378826 (code not present)
M1308820 (not affected, code not present)
M1375472 (Windows)
M1359477 (Sierra-specific crash)
M1355898 (not a shipped configuration)
M1374148 (Windows, not a shipped configuration)
M1372063 (Windows)
M1364870 (not a shipped configuration)
M1353312 (not vulnerable)
M1372849 (Windows)
M1369386 (Windows)
M1342417 (not vulnerable)
M1354796 (not affected)
M1369994 (not vulnerable) but we will add the test to suite in test tree as tests-typedarray-bug-1369994.js
M1358073 (not affected)
M1370869 (required for M1358073, therefore n/a)
M1368652 (not vulnerable)
M1371889 (not a shipped configuration)
M1375708 (not a shipped configuration)
M1372112 (code not present)
M1344034 (Windows)
M1366203 (code not present)
M1318845 (Windows)
M1371586 (code not present)
M1357022 (not vulnerable) (test not relevant)
M1353625 (not affected)

Not taking:
M1339826 no profile changes expected now, most users on 45 or FPR
M1359837 not a policy I agree with
M1364002 no profile changes expected now
M1342913 our code is very different and I’ve manually patched it

Deferred:
M1338646 (JS) we have only one of the two codepaths in the commit, there’s no automated test, the crash doesn’t seem to have occurred in 45 and it doesn’t seem to be exploitable
M1354443 this is big and scary, but we likely have some similar issues
M1371259 this is more tedious than scary, though https://hg.mozilla.org/releases/mozilla-esr52/rev/0a86729d653e

Candidates:
test from M1369994
M1355168 https://hg.mozilla.org/releases/mozilla-esr52/rev/f45ba43512ad we have IsTargetValid(), we should just move the other block from our code
M1368105 https://hg.mozilla.org/releases/mozilla-esr52/rev/11c8e23f0fd7 (JS)
M1366903 https://hg.mozilla.org/releases/mozilla-esr52/rev/6785c2a852da (JS) (also take tests)
M1371283 https://hg.mozilla.org/releases/mozilla-esr52/rev/f9bc084fbb8a (JS)
M1373970 https://hg.mozilla.org/releases/mozilla-esr52/rev/8321ef71adb5
M1365333 https://hg.mozilla.org/releases/mozilla-esr52/rev/e3d13b270f45
M1362924 a little complex, but should work. https://hg.mozilla.org/releases/mozilla-esr52/rev/057ed884ecb0 https://hg.mozilla.org/releases/mozilla-esr52/rev/dd7ed649b82f
M1354796 root problem possibly not in 45 but this is a good fix to take https://hg.mozilla.org/releases/mozilla-esr52/rev/69d1a9de76b9
M1322896 proven-v https://hg.mozilla.org/releases/mozilla-esr52/rev/c254d3cc826c
M1376087 https://hg.mozilla.org/releases/mozilla-esr52/rev/8353a3fa4106
M1346590 proven-v https://hg.mozilla.org/releases/mozilla-esr52/rev/f19b6c6a0c6c61a19f649d1c6ecb68dcb00aa321
M1365875 https://hg.mozilla.org/releases/mozilla-esr52/rev/f21e4d78a0a869af0cd10ad787d2a15a97cebc93 (regression risk, test modals)
M1365189 pt1 only https://hg.mozilla.org/releases/mozilla-esr52/rev/5c26df489768
M1371424 proven-v https://hg.mozilla.org/releases/mozilla-esr52/rev/40ce248a8c15 (easy backport)
M1369913 https://hg.mozilla.org/releases/mozilla-esr52/rev/f47eaebc0c5c
M1368576 https://hg.mozilla.org/releases/mozilla-esr52/rev/5a51a9ef8149 (JS)
M1364513 https://hg.mozilla.org/releases/mozilla-esr52/rev/88e9c2137640
M1374047 https://hg.mozilla.org/releases/mozilla-esr52/rev/0a44ed156da5
M1265568 https://hg.mozilla.org/mozilla-central/rev/8c65edcc96d0 followed by M1305036 https://hg.mozilla.org/releases/mozilla-esr52/rev/c42a348f2ed0 (perf issue primarily)

[classilla]

Idea for down payment on M1371259: transitional UNWRAP_OBJECT_R that implements the new semantics so that we can mess with the binding codegen separately (the part that isn't working right), then merge implementations when it is all functional.

[classilla]

through M1373220 / 3856be3d222f

Not relevant:
M1321803 (from M1380453) (not affected)
M1373220 (Windows only)

Not taking:
M1346389 (and M1334338, M1379538) static builds 4 eva
M1356812 fallout from patches we didn't take above

Deferred:
M1378147 safe to land per se but needs audit per comments 3 and 6 to find other GetP.F. callers (if any)
M1364984 I haven't heard any issues with our code on NFS mounts using the 10.4 SDK but this is probably a better API
M1377426 (M1073952) applies to when we actually implement CSP sandbox. This is actually easier than it looks because we preserved ::SetCsp in a number of places.

Candidates:
M1378147 (but see above) https://hg.mozilla.org/releases/mozilla-esr52/rev/09f62bfc5800
M1371890 (+- tests) https://hg.mozilla.org/releases/mozilla-esr52/rev/7c095249ef8a
M1380426 https://hg.mozilla.org/releases/mozilla-esr52/rev/d68c9edf056f

[classilla]

through M1376459 / a86c77d533ee

Not relevant:
M1379444 (Windows)
M1367128 (Windows, not a shipped configuration)
M1359058 (not a shipped configuration)
M1368030 (not a shipped configuration)
M1346620 (not a shipped configuration)
M1382303 (not affected)

Not taking:
M1377016 (no use to us)
M1379537 (no use to us)
M1339931 (no use to us)
M1346389 (no use to us)

Deferred:
M1347667 (we have different code, not clear this crash can occur)

Candidates:
M1372985 https://hg.mozilla.org/releases/mozilla-esr52/rev/8fc70b2b57a8 except “//Make an attempt”
M1372467 https://hg.mozilla.org/releases/mozilla-esr52/rev/0f906e04a41d
M1372383 https://hg.mozilla.org/releases/mozilla-esr52/rev/56349462ff47 (combine with above)
M1383002 https://hg.mozilla.org/releases/mozilla-esr52/rev/7b79969a18ee
M1368362 https://hg.mozilla.org/releases/mozilla-esr52/rev/f0ab032fd674 (JS)
M1308908 https://hg.mozilla.org/releases/mozilla-esr52/rev/48a89721d076
M1342433 https://hg.mozilla.org/releases/mozilla-esr52/rev/09f5bd33efb8
M1376459 https://hg.mozilla.org/releases/mozilla-esr52/rev/a86c77d533ee
M1383000 https://hg.mozilla.org/releases/mozilla-esr52/rev/ce65d0641c07

[classilla]

Deferrring M1372985 too. There is a regression risk, and there are some sections of code that are different.