Assorted fixes for:

https://bugzilla.mozilla.org/show_bug.cgi?id=643137 (crash on sparc64
when displaying opentypes fonts, fix from tobias ulmer)
https://bugzilla.mozilla.org/show_bug.cgi?id=644012 (crash on ssl certs
with empty issuer name, pointed our by roberth at openbsd dot pap dot st
and mikolaj kucharski)

www/firefox35/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.62 2011/03/23 15:27:04 landry Exp $
+# $OpenBSD: Makefile,v 1.63 2011/03/24 11:41:11 landry Exp $
 
 COMMENT =	Mozilla web browser
 
@@ -6,7 +6,7 @@ MOZILLA_VERSION =	3.5.18
 MOZILLA_BRANCH =	1.9.1
 MOZILLA_PROJECT =	firefox35
 MOZILLA_CODENAME =	browser
-REVISION =	0
+REVISION =	1
 
 SO_VERSION =	24.0
 # NOTE: Must bump minor version if any shlib's are removed from the

www/firefox35/patches/patch-gfx_ots_include_opentype-sanitiser_h

@@ -0,0 +1,17 @@
+$OpenBSD: patch-gfx_ots_include_opentype-sanitiser_h,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=643137
+--- gfx/ots/include/opentype-sanitiser.h.orig	Fri Mar 18 00:02:27 2011
++++ gfx/ots/include/opentype-sanitiser.h	Fri Mar 18 00:02:35 2011
+@@ -64,8 +64,10 @@ class OTSStream {
+     }
+ 
+     while (length >= 4) {
+-      chksum_ += ntohl(*reinterpret_cast<const uint32_t*>(
+-          reinterpret_cast<const uint8_t*>(data) + offset));
++      uint32_t tmp;
++      std::memcpy(&tmp, reinterpret_cast<const uint8_t *>(data) + offset,
++        sizeof(uint32_t));
++      chksum_ += ntohl(tmp);
+       length -= 4;
+       offset += 4;
+     }

www/firefox35/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp

@@ -0,0 +1,25 @@
+$OpenBSD: patch-security_manager_ssl_src_nsNSSCallbacks_cpp,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=644012
+--- security/manager/ssl/src/nsNSSCallbacks.cpp.orig	Sat Mar 19 20:02:41 2011
++++ security/manager/ssl/src/nsNSSCallbacks.cpp	Thu Mar 24 10:53:49 2011
+@@ -1005,8 +1005,11 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   nsNSSShutDownPreventionLock locker;
+ 
+   CERTCertificate *serverCert = SSL_PeerCertificate(fd);
++  CERTCertificateCleaner serverCertCleaner(serverCert);
++
+   if (serverCert && 
+       serverCert->serialNumber.data &&
++      serverCert->issuerName &&
+       !strcmp(serverCert->issuerName, 
+         "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
+ 
+@@ -1049,8 +1052,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   // We want to remember the CA certs in the temp db, so that the application can find the
+   // complete chain at any time it might need it.
+   // But we keep only those CA certs in the temp db, that we didn't already know.
+-  
+-  CERTCertificateCleaner serverCertCleaner(serverCert);
+ 
+   if (serverCert) {
+     nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;

www/mozilla-firefox/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.171 2011/03/23 15:27:04 landry Exp $
+# $OpenBSD: Makefile,v 1.172 2011/03/24 11:41:11 landry Exp $
 
 COMMENT =	Mozilla web browser
 
@@ -9,6 +9,7 @@ MOZILLA_VERSION =	3.6.16
 MOZILLA_BRANCH =	1.9.2
 MOZILLA_PROJECT =	mozilla-firefox
 MOZILLA_CODENAME =	browser
+REVISION =	0
 
 SO_VERSION =	22.2
 # NOTE: Must bump minor version if any shlib's are removed from the

www/mozilla-firefox/patches/patch-gfx_ots_include_opentype-sanitiser_h

@@ -0,0 +1,17 @@
+$OpenBSD: patch-gfx_ots_include_opentype-sanitiser_h,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=643137
+--- gfx/ots/include/opentype-sanitiser.h.orig	Fri Mar 18 00:02:27 2011
++++ gfx/ots/include/opentype-sanitiser.h	Fri Mar 18 00:02:35 2011
+@@ -64,8 +64,10 @@ class OTSStream {
+     }
+ 
+     while (length >= 4) {
+-      chksum_ += ntohl(*reinterpret_cast<const uint32_t*>(
+-          reinterpret_cast<const uint8_t*>(data) + offset));
++      uint32_t tmp;
++      std::memcpy(&tmp, reinterpret_cast<const uint8_t *>(data) + offset,
++        sizeof(uint32_t));
++      chksum_ += ntohl(tmp);
+       length -= 4;
+       offset += 4;
+     }

www/mozilla-firefox/patches/patch-security_manager_ssl_src_nsNSSCallbacks_cpp

@@ -0,0 +1,25 @@
+$OpenBSD: patch-security_manager_ssl_src_nsNSSCallbacks_cpp,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=644012
+--- security/manager/ssl/src/nsNSSCallbacks.cpp.orig	Thu Mar 24 01:18:45 2011
++++ security/manager/ssl/src/nsNSSCallbacks.cpp	Thu Mar 24 01:20:00 2011
+@@ -1007,8 +1007,11 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   nsNSSShutDownPreventionLock locker;
+ 
+   CERTCertificate *serverCert = SSL_PeerCertificate(fd);
++  CERTCertificateCleaner serverCertCleaner(serverCert);
++
+   if (serverCert && 
+       serverCert->serialNumber.data &&
++      serverCert->issuerName &&
+       !strcmp(serverCert->issuerName, 
+         "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
+ 
+@@ -1051,8 +1054,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   // We want to remember the CA certs in the temp db, so that the application can find the
+   // complete chain at any time it might need it.
+   // But we keep only those CA certs in the temp db, that we didn't already know.
+-  
+-  CERTCertificateCleaner serverCertCleaner(serverCert);
+ 
+   if (serverCert) {
+     nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;

www/seamonkey/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.76 2011/03/23 15:27:04 landry Exp $
+# $OpenBSD: Makefile,v 1.77 2011/03/24 11:41:11 landry Exp $
 
 COMMENT-main =		Mozilla application suite
 COMMENT-lightning =	Mozilla Seamonkey calendar extension
@@ -12,6 +12,7 @@ MULTI_PACKAGES =	-main -lightning
 PKGNAME-main =		${PKGNAME}
 PKGNAME-lightning =	lightning-seamonkey-1.0beta1
 REVISION-lightning =	16
+REVISION-main =		0
 EPOCH-lightning =	0
 
 # must be in sync with SO_VERSION in main/enigmail/seamonkey

www/seamonkey/patches/patch-mozilla_gfx_ots_include_opentype-sanitiser_h

@@ -0,0 +1,17 @@
+$OpenBSD: patch-mozilla_gfx_ots_include_opentype-sanitiser_h,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=643137
+--- mozilla/gfx/ots/include/opentype-sanitiser.h.orig	Thu Mar 24 09:44:17 2011
++++ mozilla/gfx/ots/include/opentype-sanitiser.h	Thu Mar 24 09:44:47 2011
+@@ -64,8 +64,10 @@ class OTSStream {
+     }
+ 
+     while (length >= 4) {
+-      chksum_ += ntohl(*reinterpret_cast<const uint32_t*>(
+-          reinterpret_cast<const uint8_t*>(data) + offset));
++      uint32_t tmp;
++      std::memcpy(&tmp, reinterpret_cast<const uint8_t *>(data) + offset,
++        sizeof(uint32_t));
++      chksum_ += ntohl(tmp);
+       length -= 4;
+       offset += 4;
+     }

www/seamonkey/patches/patch-mozilla_security_manager_ssl_src_nsNSSCallbacks_cpp

@@ -0,0 +1,25 @@
+$OpenBSD: patch-mozilla_security_manager_ssl_src_nsNSSCallbacks_cpp,v 1.1 2011/03/24 11:41:11 landry Exp $
+https://bugzilla.mozilla.org/show_bug.cgi?id=644012
+--- mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.orig	Sun Mar 20 21:56:57 2011
++++ mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp	Thu Mar 24 11:03:50 2011
+@@ -1005,8 +1005,11 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   nsNSSShutDownPreventionLock locker;
+ 
+   CERTCertificate *serverCert = SSL_PeerCertificate(fd);
++  CERTCertificateCleaner serverCertCleaner(serverCert);
++
+   if (serverCert && 
+       serverCert->serialNumber.data &&
++      serverCert->issuerName &&
+       !strcmp(serverCert->issuerName, 
+         "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
+ 
+@@ -1049,8 +1052,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* cl
+   // We want to remember the CA certs in the temp db, so that the application can find the
+   // complete chain at any time it might need it.
+   // But we keep only those CA certs in the temp db, that we didn't already know.
+-  
+-  CERTCertificateCleaner serverCertCleaner(serverCert);
+ 
+   if (serverCert) {
+     nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;