diff -Nru nspr-4.11/debian/changelog nspr-4.12/debian/changelog
--- nspr-4.11/debian/changelog	2015-11-26 09:18:01.000000000 +0000
+++ nspr-4.12/debian/changelog	2016-06-28 15:14:33.000000000 +0000
@@ -1,3 +1,25 @@
+nspr (2:4.12-2ubuntu1) yakkety; urgency=medium
+
+   * Resynchronize with Debian, remaining changes
+    - rules: Enable Thumb2 build on armel, armhf.
+    - control: Change Vcs-* to XS-Debian-Vcs-*.
+
+ -- Jon Grimm <jon.grimm@canonical.com>  Fri, 24 Jun 2016 01:04:28 -0500
+
+nspr (2:4.12-2) unstable; urgency=medium
+
+  * debian/rules, debian/libnspr4.triggers. Replace makeshlibs scripts that
+    don't exist anymore with ldconfig triggers. Closes: #811118.
+
+ -- Mike Hommey <glandium@debian.org>  Sun, 03 Apr 2016 17:36:49 +0900
+
+nspr (2:4.12-1) unstable; urgency=medium
+
+  * New upstream release.
+  * debian/libnspr4.symbols: Updated.
+
+ -- Mike Hommey <glandium@debian.org>  Wed, 09 Mar 2016 09:28:19 +0900
+
 nspr (2:4.11-1ubuntu1) xenial; urgency=medium
 
   * Resynchronize with Debian, remaining changes
diff -Nru nspr-4.11/debian/libnspr4.symbols nspr-4.12/debian/libnspr4.symbols
--- nspr-4.11/debian/libnspr4.symbols	2015-11-26 09:17:22.000000000 +0000
+++ nspr-4.12/debian/libnspr4.symbols	2016-06-28 15:14:33.000000000 +0000
@@ -150,6 +150,7 @@
  PR_GetDirectorySeparator@Base 1.8.0.10
  PR_GetDirectorySepartor@Base 1.8.0.10
  PR_GetEnv@Base 1.8.0.10
+ PR_GetEnvSecure@Base 2:4.12 1
  PR_GetError@Base 1.8.0.10
  PR_GetErrorText@Base 1.8.0.10
  PR_GetErrorTextLength@Base 1.8.0.10
diff -Nru nspr-4.11/debian/libnspr4.triggers nspr-4.12/debian/libnspr4.triggers
--- nspr-4.11/debian/libnspr4.triggers	1970-01-01 00:00:00.000000000 +0000
+++ nspr-4.12/debian/libnspr4.triggers	2016-06-28 15:14:33.000000000 +0000
@@ -0,0 +1 @@
+activate-noawait ldconfig
diff -Nru nspr-4.11/debian/rules nspr-4.12/debian/rules
--- nspr-4.11/debian/rules	2015-11-26 09:17:22.000000000 +0000
+++ nspr-4.12/debian/rules	2016-06-28 15:14:33.000000000 +0000
@@ -75,10 +75,8 @@
 override_dh_strip:
 	dh_strip -a --dbg-package=libnspr4-dbg
 
-override_dh_makeshlibs: /usr/share/debhelper/autoscripts/postinst-makeshlibs /usr/share/debhelper/autoscripts/postrm-makeshlibs
+override_dh_makeshlibs:
 	dh_makeshlibs -a -- -c4
-	cat /usr/share/debhelper/autoscripts/postinst-makeshlibs > debian/libnspr4.postinst.debhelper
-	cat /usr/share/debhelper/autoscripts/postrm-makeshlibs > debian/libnspr4.postrm.debhelper
 
 ifneq (,$(DEB_HOST_MULTIARCH))
 override_dh_gencontrol:
diff -Nru nspr-4.11/nspr/configure nspr-4.12/nspr/configure
--- nspr-4.11/nspr/configure	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/configure	2016-02-12 13:51:25.000000000 +0000
@@ -2488,7 +2488,7 @@
   program_prefix=${target_alias}-
 
 MOD_MAJOR_VERSION=4
-MOD_MINOR_VERSION=11
+MOD_MINOR_VERSION=12
 MOD_PATCH_VERSION=0
 NSPR_MODNAME=nspr20
 _HAVE_PTHREADS=
@@ -7048,10 +7048,6 @@
             PR_MD_ASFILES=os_Linux_ppc.s
         fi
         ;;
-    m68k)
-        CFLAGS="$CFLAGS -m68020-60"
-        CXXFLAGS="$CXXFLAGS -m68020-60"
-        ;;
     esac
     ;;
 
@@ -7894,7 +7890,7 @@
 
 _SAVE_LIBS="$LIBS"
 LIBS="$LIBS $OS_LIBS"
-for ac_func in dladdr gettid lchown setpriority strerror syscall
+for ac_func in dladdr gettid lchown setpriority strerror syscall  secure_getenv __secure_getenv
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
diff -Nru nspr-4.11/nspr/configure.in nspr-4.12/nspr/configure.in
--- nspr-4.11/nspr/configure.in	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/configure.in	2016-02-12 13:51:25.000000000 +0000
@@ -15,7 +15,7 @@
 dnl = Defaults
 dnl ========================================================
 MOD_MAJOR_VERSION=4
-MOD_MINOR_VERSION=11
+MOD_MINOR_VERSION=12
 MOD_PATCH_VERSION=0
 NSPR_MODNAME=nspr20
 _HAVE_PTHREADS=
@@ -1856,10 +1856,6 @@
             PR_MD_ASFILES=os_Linux_ppc.s
         fi
         ;;
-    m68k)
-        CFLAGS="$CFLAGS -m68020-60"
-        CXXFLAGS="$CXXFLAGS -m68020-60"
-        ;;
     esac    
     ;;
 
@@ -2543,7 +2539,8 @@
 AC_PROG_GCC_TRADITIONAL
 _SAVE_LIBS="$LIBS"
 LIBS="$LIBS $OS_LIBS"
-AC_CHECK_FUNCS(dladdr gettid lchown setpriority strerror syscall)
+AC_CHECK_FUNCS(dladdr gettid lchown setpriority strerror syscall dnl
+ secure_getenv __secure_getenv)
 LIBS="$_SAVE_LIBS"
 
 dnl ========================================================
diff -Nru nspr-4.11/nspr/.hg_archival.txt nspr-4.12/nspr/.hg_archival.txt
--- nspr-4.11/nspr/.hg_archival.txt	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/.hg_archival.txt	2016-02-12 13:51:25.000000000 +0000
@@ -1,4 +1,4 @@
 repo: a4b34919bf34db2ee22acbbc305693c8980b6dc6
-node: ebae38973a1a7241482448091e96e4e4fe5dbc27
+node: 88265db540d75d59e12ea8dbc34031160fce9ccc
 branch: default
-tag: NSPR_4_11_RTM
+tag: NSPR_4_12_RTM
diff -Nru nspr-4.11/nspr/lib/ds/plarena.h nspr-4.12/nspr/lib/ds/plarena.h
--- nspr-4.11/nspr/lib/ds/plarena.h	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/lib/ds/plarena.h	2016-02-12 13:51:25.000000000 +0000
@@ -96,11 +96,11 @@
 
 /* These definitions are usually provided through the
  * sanitizer/asan_interface.h header installed by ASan.
- * See https://code.google.com/p/address-sanitizer/wiki/ManualPoisoning
+ * See https://github.com/google/sanitizers/wiki/AddressSanitizerManualPoisoning
  */
 
-void __asan_poison_memory_region(void const volatile *addr, size_t size);
-void __asan_unpoison_memory_region(void const volatile *addr, size_t size);
+PR_IMPORT(void) __asan_poison_memory_region(void const volatile *addr, size_t size);
+PR_IMPORT(void) __asan_unpoison_memory_region(void const volatile *addr, size_t size);
 
 #define PL_MAKE_MEM_NOACCESS(addr, size) \
     __asan_poison_memory_region((addr), (size))
diff -Nru nspr-4.11/nspr/pr/include/md/_freebsd.cfg nspr-4.12/nspr/pr/include/md/_freebsd.cfg
--- nspr-4.11/nspr/pr/include/md/_freebsd.cfg	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/include/md/_freebsd.cfg	2016-02-12 13:51:25.000000000 +0000
@@ -342,6 +342,52 @@
 #define PR_BYTES_PER_WORD_LOG2   2
 #define PR_BYTES_PER_DWORD_LOG2  3
 
+#elif defined(__aarch64__)
+
+#undef  IS_BIG_ENDIAN
+#define IS_LITTLE_ENDIAN 1
+#define IS_64
+
+#define PR_BYTES_PER_BYTE   1
+#define PR_BYTES_PER_SHORT  2
+#define PR_BYTES_PER_INT    4
+#define PR_BYTES_PER_INT64  8
+#define PR_BYTES_PER_LONG   8
+#define PR_BYTES_PER_FLOAT  4
+#define PR_BYTES_PER_DOUBLE 8
+#define PR_BYTES_PER_WORD   8
+#define PR_BYTES_PER_DWORD  8
+
+#define PR_BITS_PER_BYTE    8
+#define PR_BITS_PER_SHORT   16
+#define PR_BITS_PER_INT     32
+#define PR_BITS_PER_INT64   64
+#define PR_BITS_PER_LONG    64
+#define PR_BITS_PER_FLOAT   32
+#define PR_BITS_PER_DOUBLE  64
+#define PR_BITS_PER_WORD    64
+
+#define PR_BITS_PER_BYTE_LOG2   3
+#define PR_BITS_PER_SHORT_LOG2  4
+#define PR_BITS_PER_INT_LOG2    5
+#define PR_BITS_PER_INT64_LOG2  6
+#define PR_BITS_PER_LONG_LOG2   6
+#define PR_BITS_PER_FLOAT_LOG2  5
+#define PR_BITS_PER_DOUBLE_LOG2 6
+#define PR_BITS_PER_WORD_LOG2   6
+
+#define PR_ALIGN_OF_SHORT   2
+#define PR_ALIGN_OF_INT     4
+#define PR_ALIGN_OF_LONG    8
+#define PR_ALIGN_OF_INT64   8
+#define PR_ALIGN_OF_FLOAT   4
+#define PR_ALIGN_OF_DOUBLE  8
+#define PR_ALIGN_OF_POINTER 8
+#define PR_ALIGN_OF_WORD    8
+
+#define PR_BYTES_PER_WORD_LOG2  3
+#define PR_BYTES_PER_DWORD_LOG2 3
+
 #elif defined(__arm__)
 
 #if defined(__ARMEB__) || defined(__ARM_BIG_ENDIAN__)
diff -Nru nspr-4.11/nspr/pr/include/md/_freebsd.h nspr-4.12/nspr/pr/include/md/_freebsd.h
--- nspr-4.11/nspr/pr/include/md/_freebsd.h	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/include/md/_freebsd.h	2016-02-12 13:51:25.000000000 +0000
@@ -29,6 +29,8 @@
 #define _PR_SI_ARCHITECTURE "powerpc64"
 #elif defined(__powerpc__)
 #define _PR_SI_ARCHITECTURE "powerpc"
+#elif defined(__aarch64__)
+#define _PR_SI_ARCHITECTURE "aarch64"
 #elif defined(__arm__)
 #define _PR_SI_ARCHITECTURE "arm"
 #elif defined(__mips64__)
@@ -228,7 +230,7 @@
 
 #define _MD_EARLY_INIT                  _MD_EarlyInit
 #define _MD_FINAL_INIT			_PR_UnixInit
-#define _MD_INTERVAL_USE_GTOD
+#define _PR_HAVE_CLOCK_MONOTONIC
 
 /*
  * We wrapped the select() call.  _MD_SELECT refers to the built-in,
diff -Nru nspr-4.11/nspr/pr/include/md/_linux.h nspr-4.12/nspr/pr/include/md/_linux.h
--- nspr-4.11/nspr/pr/include/md/_linux.h	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/include/md/_linux.h	2016-02-12 13:51:25.000000000 +0000
@@ -671,7 +671,7 @@
 
 #define _MD_EARLY_INIT                  _MD_EarlyInit
 #define _MD_FINAL_INIT                  _PR_UnixInit
-#define HAVE_CLOCK_MONOTONIC
+#define _PR_HAVE_CLOCK_MONOTONIC
 
 /*
  * We wrapped the select() call.  _MD_SELECT refers to the built-in,
diff -Nru nspr-4.11/nspr/pr/include/md/_netbsd.h nspr-4.12/nspr/pr/include/md/_netbsd.h
--- nspr-4.11/nspr/pr/include/md/_netbsd.h	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/include/md/_netbsd.h	2016-02-12 13:51:25.000000000 +0000
@@ -211,7 +211,7 @@
 
 #define _MD_EARLY_INIT                  _MD_EarlyInit
 #define _MD_FINAL_INIT			_PR_UnixInit
-#define _MD_INTERVAL_USE_GTOD
+#define _PR_HAVE_CLOCK_MONOTONIC
 
 /*
  * We wrapped the select() call.  _MD_SELECT refers to the built-in,
diff -Nru nspr-4.11/nspr/pr/include/md/_openbsd.h nspr-4.12/nspr/pr/include/md/_openbsd.h
--- nspr-4.11/nspr/pr/include/md/_openbsd.h	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/include/md/_openbsd.h	2016-02-12 13:51:25.000000000 +0000
@@ -192,7 +192,7 @@
 
 #define _MD_EARLY_INIT                  _MD_EarlyInit
 #define _MD_FINAL_INIT			_PR_UnixInit
-#define _MD_INTERVAL_USE_GTOD
+#define _PR_HAVE_CLOCK_MONOTONIC
 
 /*
  * We wrapped the select() call.  _MD_SELECT refers to the built-in,
diff -Nru nspr-4.11/nspr/pr/include/md/_unixos.h nspr-4.12/nspr/pr/include/md/_unixos.h
--- nspr-4.11/nspr/pr/include/md/_unixos.h	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/include/md/_unixos.h	2016-02-12 13:51:25.000000000 +0000
@@ -302,7 +302,7 @@
 #define _MD_INTERVAL_PER_SEC		_PR_UNIX_TicksPerSecond
 #endif
 
-#ifdef HAVE_CLOCK_MONOTONIC
+#ifdef _PR_HAVE_CLOCK_MONOTONIC
 extern PRIntervalTime   _PR_UNIX_GetInterval2(void);
 extern PRIntervalTime   _PR_UNIX_TicksPerSecond2(void);
 #define _MD_INTERVAL_INIT()
diff -Nru nspr-4.11/nspr/pr/include/prenv.h nspr-4.12/nspr/pr/include/prenv.h
--- nspr-4.11/nspr/pr/include/prenv.h	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/include/prenv.h	2016-02-12 13:51:25.000000000 +0000
@@ -91,6 +91,20 @@
 NSPR_API(char*) PR_GetEnv(const char *var);
 
 /*
+** PR_GetEnvSecure() -- get a security-sensitive environment variable
+**
+** Description:
+**
+** PR_GetEnvSecure() is similar to PR_GetEnv(), but it returns NULL if
+** the program was run with elevated privilege (e.g., setuid or setgid
+** on Unix).  This can be used for cases like log file paths which
+** could otherwise be used for privilege escalation.  Note that some
+** platforms may have platform-specific privilege elevation mechanisms
+** not recognized by this function; see the implementation for details.
+*/
+NSPR_API(char*) PR_GetEnvSecure(const char *var);
+
+/*
 ** PR_SetEnv() -- set, unset or change an environment variable
 ** 
 ** Description:
diff -Nru nspr-4.11/nspr/pr/include/prinit.h nspr-4.12/nspr/pr/include/prinit.h
--- nspr-4.11/nspr/pr/include/prinit.h	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/include/prinit.h	2016-02-12 13:51:25.000000000 +0000
@@ -31,9 +31,9 @@
 ** The format of the version string is
 **     "<major version>.<minor version>[.<patch level>] [<Beta>]"
 */
-#define PR_VERSION  "4.11"
+#define PR_VERSION  "4.12"
 #define PR_VMAJOR   4
-#define PR_VMINOR   11
+#define PR_VMINOR   12
 #define PR_VPATCH   0
 #define PR_BETA     PR_FALSE
 
diff -Nru nspr-4.11/nspr/pr/src/io/prlog.c nspr-4.12/nspr/pr/src/io/prlog.c
--- nspr-4.11/nspr/pr/src/io/prlog.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/io/prlog.c	2016-02-12 13:51:25.000000000 +0000
@@ -238,13 +238,7 @@
         }
         PR_SetLogBuffering(isSync ? 0 : bufSize);
 
-#ifdef XP_UNIX
-        if ((getuid() != geteuid()) || (getgid() != getegid())) {
-            return;
-        }
-#endif /* XP_UNIX */
-
-        ev = PR_GetEnv("NSPR_LOG_FILE");
+        ev = PR_GetEnvSecure("NSPR_LOG_FILE");
         if (ev && ev[0]) {
             if (!PR_SetLogFile(ev)) {
 #ifdef XP_PC
diff -Nru nspr-4.11/nspr/pr/src/io/prprf.c nspr-4.12/nspr/pr/src/io/prprf.c
--- nspr-4.11/nspr/pr/src/io/prprf.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/io/prprf.c	2016-02-12 13:51:25.000000000 +0000
@@ -37,7 +37,7 @@
 
     char *base;
     char *cur;
-    PRUint32 maxlen;
+    PRUint32 maxlen;  /* Must not exceed PR_INT32_MAX. */
 
     int (*func)(void *arg, const char *sp, PRUint32 len);
     void *arg;
@@ -697,7 +697,7 @@
     char *hexp;
     int rv, i;
     struct NumArg* nas = NULL;
-    struct NumArg* nap;
+    struct NumArg* nap = NULL;
     struct NumArg  nasArray[ NAS_DEFAULT_NUM ];
     char  pattern[20];
     const char* dolPt = NULL;  /* in "%4$.2f", dolPt will point to . */
@@ -1060,6 +1060,13 @@
 {
     int rv;
 
+    /*
+    ** We will add len to ss->maxlen at the end of the function. First check
+    ** if ss->maxlen + len would overflow or be greater than PR_INT32_MAX.
+    */
+    if (PR_UINT32_MAX - ss->maxlen < len || ss->maxlen + len > PR_INT32_MAX) {
+	return -1;
+    }
     rv = (*ss->func)(ss->arg, sp, len);
     if (rv < 0) {
 	return rv;
@@ -1105,9 +1112,21 @@
     PRUint32 newlen;
 
     off = ss->cur - ss->base;
+    if (PR_UINT32_MAX - len < off) {
+	/* off + len would be too big. */
+	return -1;
+    }
     if (off + len >= ss->maxlen) {
 	/* Grow the buffer */
-	newlen = ss->maxlen + ((len > 32) ? len : 32);
+	PRUint32 increment = (len > 32) ? len : 32;
+	if (PR_UINT32_MAX - ss->maxlen < increment) {
+	    /* ss->maxlen + increment would overflow. */
+	    return -1;
+	}
+	newlen = ss->maxlen + increment;
+	if (newlen > PR_INT32_MAX) {
+	    return -1;
+	}
 	if (ss->base) {
 	    newbase = (char*) PR_REALLOC(ss->base, newlen);
 	} else {
@@ -1210,8 +1229,8 @@
     SprintfState ss;
     PRUint32 n;
 
-    PR_ASSERT((PRInt32)outlen > 0);
-    if ((PRInt32)outlen <= 0) {
+    PR_ASSERT(outlen != 0 && outlen <= PR_INT32_MAX);
+    if (outlen == 0 || outlen > PR_INT32_MAX) {
 	return 0;
     }
 
@@ -1247,7 +1266,10 @@
 
     ss.stuff = GrowStuff;
     if (last) {
-	int lastlen = strlen(last);
+	size_t lastlen = strlen(last);
+	if (lastlen > PR_INT32_MAX) {
+	    return 0;
+	}
 	ss.base = last;
 	ss.cur = last + lastlen;
 	ss.maxlen = lastlen;
diff -Nru nspr-4.11/nspr/pr/src/io/prscanf.c nspr-4.12/nspr/pr/src/io/prscanf.c
--- nspr-4.11/nspr/pr/src/io/prscanf.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/io/prscanf.c	2016-02-12 13:51:25.000000000 +0000
@@ -194,7 +194,7 @@
 GetInt(ScanfState *state, int code)
 {
     char buf[FMAX + 1], *p;
-    int ch;
+    int ch = 0;
     static const char digits[] = "0123456789abcdefABCDEF";
     PRBool seenDigit = PR_FALSE;
     int base;
@@ -304,7 +304,7 @@
 GetFloat(ScanfState *state)
 {
     char buf[FMAX + 1], *p;
-    int ch;
+    int ch = 0;
     PRBool seenDigit = PR_FALSE;
 
     if (state->width == 0 || state->width > FMAX) {
diff -Nru nspr-4.11/nspr/pr/src/md/unix/unix.c nspr-4.12/nspr/pr/src/md/unix/unix.c
--- nspr-4.11/nspr/pr/src/md/unix/unix.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/md/unix/unix.c	2016-02-12 13:51:25.000000000 +0000
@@ -2715,7 +2715,7 @@
 
 /* Android <= 19 doesn't have mmap64. */
 #if defined(ANDROID) && __ANDROID_API__ <= 19
-extern void *__mmap2(void *, size_t, int, int, int, size_t);
+PR_IMPORT(void) *__mmap2(void *, size_t, int, int, int, size_t);
 
 #define ANDROID_PAGE_SIZE 4096
 
@@ -3040,7 +3040,7 @@
 }
 #endif
 
-#if defined(HAVE_CLOCK_MONOTONIC)
+#if defined(_PR_HAVE_CLOCK_MONOTONIC)
 PRIntervalTime _PR_UNIX_GetInterval2()
 {
     struct timespec time;
diff -Nru nspr-4.11/nspr/pr/src/md/windows/ntinrval.c nspr-4.12/nspr/pr/src/md/windows/ntinrval.c
--- nspr-4.11/nspr/pr/src/md/windows/ntinrval.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/md/windows/ntinrval.c	2016-02-12 13:51:25.000000000 +0000
@@ -8,6 +8,10 @@
  *
  */
 
+/* Mozilla's build system defines this globally. */
+#ifdef WIN32_LEAN_AND_MEAN
+#undef WIN32_LEAN_AND_MEAN
+#endif
 #include "primpl.h"
 
 #ifdef WINCE
diff -Nru nspr-4.11/nspr/pr/src/md/windows/w95thred.c nspr-4.12/nspr/pr/src/md/windows/w95thred.c
--- nspr-4.11/nspr/pr/src/md/windows/w95thred.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/md/windows/w95thred.c	2016-02-12 13:51:25.000000000 +0000
@@ -65,7 +65,7 @@
         ** suspending).  Therefore, get a real handle from
         ** the pseudo handle via DuplicateHandle(...)
         */
-        DuplicateHandle(
+        BOOL ok = DuplicateHandle(
                 GetCurrentProcess(),     /* Process of source handle */
                 GetCurrentThread(),      /* Pseudo Handle to dup */
                 GetCurrentProcess(),     /* Process of handle */
@@ -73,6 +73,11 @@
                 0L,                      /* access flags */
                 FALSE,                   /* Inheritable */
                 DUPLICATE_SAME_ACCESS);  /* Options */
+        if (!ok) {
+            return PR_FAILURE;
+        }
+        thread->id = GetCurrentThreadId();
+        thread->md.id = thread->id;
     }
 
     /* Create the blocking IO semaphore */
diff -Nru nspr-4.11/nspr/pr/src/misc/prenv.c nspr-4.12/nspr/pr/src/misc/prenv.c
--- nspr-4.11/nspr/pr/src/misc/prenv.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/misc/prenv.c	2016-02-12 13:51:25.000000000 +0000
@@ -4,10 +4,12 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include <string.h>
+#include <stdlib.h>
 #include "primpl.h"
 #include "prmem.h"
 
 #if defined(XP_UNIX)
+#include <unistd.h>
 #if defined(DARWIN)
 #if defined(HAVE_CRT_EXTERNS_H)
 #include <crt_externs.h>
@@ -17,6 +19,11 @@
 #endif /* DARWIN */
 #endif /* XP_UNIX */
 
+#if !defined(HAVE_SECURE_GETENV) && defined(HAVE___SECURE_GETENV)
+#define secure_getenv __secure_getenv
+#define HAVE_SECURE_GETENV 1
+#endif
+
 /* Lock used to lock the environment */
 #if defined(_PR_NO_PREEMPT)
 #define _PR_NEW_LOCK_ENV()
@@ -63,6 +70,34 @@
     return ev;
 }
 
+PR_IMPLEMENT(char*) PR_GetEnvSecure(const char *var)
+{
+#ifdef HAVE_SECURE_GETENV
+  char *ev;
+
+  if (!_pr_initialized) _PR_ImplicitInitialization();
+
+  _PR_LOCK_ENV();
+  ev = secure_getenv(var);
+  _PR_UNLOCK_ENV();
+
+  return ev;
+#else
+#ifdef XP_UNIX
+  /*
+  ** Fall back to checking uids and gids.  This won't detect any other
+  ** privilege-granting mechanisms the platform may have.  This also
+  ** can't detect the case where the process already called
+  ** setuid(geteuid()) and/or setgid(getegid()).
+  */
+  if (getuid() != geteuid() || getgid() != getegid()) {
+    return NULL;
+  }
+#endif /* XP_UNIX */
+  return PR_GetEnv(var);
+#endif /* HAVE_SECURE_GETENV */
+}
+
 PR_IMPLEMENT(PRStatus) PR_SetEnv(const char *string)
 {
     PRIntn result;
diff -Nru nspr-4.11/nspr/pr/src/misc/prnetdb.c nspr-4.12/nspr/pr/src/misc/prnetdb.c
--- nspr-4.11/nspr/pr/src/misc/prnetdb.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/misc/prnetdb.c	2016-02-12 13:51:25.000000000 +0000
@@ -63,8 +63,7 @@
 
 #if defined(SOLARIS) || (defined(BSDI) && defined(_REENTRANT)) \
 	|| (defined(LINUX) && defined(_REENTRANT) \
-        && !(defined(__GLIBC__) && __GLIBC__ >= 2) \
-        && !defined(ANDROID))
+        && defined(__GLIBC__) && __GLIBC__ < 2)
 #define _PR_HAVE_GETPROTO_R
 #define _PR_HAVE_GETPROTO_R_POINTER
 #endif
diff -Nru nspr-4.11/nspr/pr/src/misc/prtpool.c nspr-4.12/nspr/pr/src/misc/prtpool.c
--- nspr-4.11/nspr/pr/src/misc/prtpool.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/misc/prtpool.c	2016-02-12 13:51:25.000000000 +0000
@@ -281,8 +281,8 @@
 int pollfd_cnt, pollfds_used;
 int rv;
 PRCList *qp, *nextqp;
-PRPollDesc *pollfds;
-PRJob **polljobs;
+PRPollDesc *pollfds = NULL;
+PRJob **polljobs = NULL;
 int poll_timeout;
 PRIntervalTime now;
 
diff -Nru nspr-4.11/nspr/pr/src/misc/prtrace.c nspr-4.12/nspr/pr/src/misc/prtrace.c
--- nspr-4.11/nspr/pr/src/misc/prtrace.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/misc/prtrace.c	2016-02-12 13:51:25.000000000 +0000
@@ -657,14 +657,8 @@
     logLostData = 0; /* reset at entry */
     logState = LogReset;
 
-#ifdef XP_UNIX
-    if ((getuid() != geteuid()) || (getgid() != getegid())) {
-        return NULL;
-    }
-#endif /* XP_UNIX */
-
     /* Get the filename for the logfile from the environment */
-    logFileName = PR_GetEnv( "NSPR_TRACE_LOG" );
+    logFileName = PR_GetEnvSecure( "NSPR_TRACE_LOG" );
     if ( logFileName == NULL )
     {
         PR_LOG( lm, PR_LOG_ERROR,
diff -Nru nspr-4.11/nspr/pr/src/nspr.def nspr-4.12/nspr/pr/src/nspr.def
--- nspr-4.11/nspr/pr/src/nspr.def	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/nspr.def	2016-02-12 13:51:25.000000000 +0000
@@ -455,3 +455,10 @@
 ;+      global:
 		PR_SyncMemMap;
 ;+} NSPR_4.9.2;
+;+# Function PR_DuplicateEnvironment had been added in NSPR 4.10.9,
+;+# but we neglected to add it to nspr.def until NSPR 4.12
+;+NSPR_4.12 {
+;+      global:
+		PR_DuplicateEnvironment;
+		PR_GetEnvSecure;
+;+} NSPR_4.10.3;
diff -Nru nspr-4.11/nspr/pr/src/pthreads/ptio.c nspr-4.12/nspr/pr/src/pthreads/ptio.c
--- nspr-4.11/nspr/pr/src/pthreads/ptio.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/pthreads/ptio.c	2016-02-12 13:51:25.000000000 +0000
@@ -3765,7 +3765,7 @@
      * We use these variables to figure out how much time has
      * elapsed and how much of the timeout still remains.
      */
-    PRIntervalTime start, elapsed, remaining;
+    PRIntervalTime start = 0, elapsed, remaining;
 
     if (pt_TestAbort()) return -1;
 
@@ -4019,7 +4019,7 @@
      * We use these variables to figure out how much time has
      * elapsed and how much of the timeout still remains.
      */
-    PRIntervalTime start, elapsed, remaining;
+    PRIntervalTime start = 0, elapsed, remaining;
 
     if (pt_TestAbort()) return -1;
 
@@ -4919,7 +4919,7 @@
      * We use these variables to figure out how much time has elapsed
      * and how much of the timeout still remains.
      */
-    PRIntervalTime start, elapsed, remaining;
+    PRIntervalTime start = 0, elapsed, remaining;
 
     static PRBool unwarned = PR_TRUE;
     if (unwarned) unwarned = _PR_Obsolete( "PR_Select", "PR_Poll");
diff -Nru nspr-4.11/nspr/pr/src/pthreads/ptthread.c nspr-4.12/nspr/pr/src/pthreads/ptthread.c
--- nspr-4.11/nspr/pr/src/pthreads/ptthread.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/src/pthreads/ptthread.c	2016-02-12 13:51:25.000000000 +0000
@@ -21,6 +21,10 @@
 #include <signal.h>
 #include <dlfcn.h>
 
+#if defined(OPENBSD) || defined(FREEBSD) || defined(DRAGONFLY)
+#include <pthread_np.h>
+#endif
+
 #ifdef SYMBIAN
 /* In Open C sched_get_priority_min/max do not work properly, so we undefine
  * _POSIX_THREAD_PRIORITY_SCHEDULING here.
@@ -1733,7 +1737,7 @@
 {
     PRThread *thread;
     size_t nameLen;
-    int result;
+    int result = 0;
 
     if (!name) {
         PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
@@ -1751,8 +1755,10 @@
         return PR_FAILURE;
     memcpy(thread->name, name, nameLen + 1);
 
-#if defined(OPENBSD) || defined(FREEBSD)
-    result = pthread_set_name_np(thread->id, name);
+#if defined(OPENBSD) || defined(FREEBSD) || defined(DRAGONFLY)
+    pthread_set_name_np(thread->id, name);
+#elif defined(NETBSD)
+    result = pthread_setname_np(thread->id, "%s", (void *)name);
 #else /* not BSD */
     /*
      * On OSX, pthread_setname_np is only available in 10.6 or later, so test
diff -Nru nspr-4.11/nspr/pr/tests/env.c nspr-4.12/nspr/pr/tests/env.c
--- nspr-4.11/nspr/pr/tests/env.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/tests/env.c	2016-02-12 13:51:25.000000000 +0000
@@ -18,6 +18,7 @@
 
 PRIntn  debug = 0;
 PRIntn  verbose = 0;
+PRIntn  secure = 0;
 PRBool  failedAlready = PR_FALSE;
 
 #define  ENVNAME    "NSPR_ENVIRONMENT_TEST_VARIABLE"
@@ -43,7 +44,7 @@
 
     {   /* Get command line options */
         PLOptStatus os;
-        PLOptState *opt = PL_CreateOptState(argc, argv, "vd");
+        PLOptState *opt = PL_CreateOptState(argc, argv, "vds");
 
 	    while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
         {
@@ -56,6 +57,15 @@
             case 'v':  /* verbose */
                 verbose = 1;
                 break;
+            case 's':  /* secure / set[ug]id */
+                /*
+                ** To test PR_GetEnvSecure, make this executable (or a
+                ** copy of it) setuid / setgid / otherwise inherently
+                ** privileged (e.g., file capabilities) and run it
+                ** with this flag.
+                */
+                secure = 1;
+                break;
              default:
                 break;
             }
@@ -113,6 +123,32 @@
         if (verbose) printf("env: PR_GetEnv() worked after setting it. Found: %s\n", value );
     }
 
+    if ( secure ) {
+        /*
+        ** In this case we've been run with elevated privileges, so
+        ** test that PR_GetEnvSecure *doesn't* find that env var.
+        */
+        value = PR_GetEnvSecure( ENVNAME );
+        if ( NULL != value ) {
+            if (debug) printf( "env: PR_GetEnvSecure() failed; expected NULL, found \"%s\"\n", value );
+            failedAlready = PR_TRUE;
+        } else {
+            if (verbose) printf("env: PR_GetEnvSecure() worked\n" );
+        }
+    } else {
+        /*
+        ** In this case the program is being run normally, so do the
+        ** same check for PR_GetEnvSecure as for PR_GetEnv.
+        */
+        value = PR_GetEnvSecure( ENVNAME );
+        if ( (NULL == value ) || (strcmp( value, ENVVALUE)))  {
+            if (debug) printf( "env: PR_GetEnvSecure() Failed after setting\n" );
+            failedAlready = PR_TRUE;
+        } else {
+            if (verbose) printf("env: PR_GetEnvSecure() worked after setting it. Found: %s\n", value );
+        }
+    }
+
 /* ---------------------------------------------------------------------- */
     /* check that PR_DuplicateEnvironment() agrees with PR_GetEnv() */
     {
diff -Nru nspr-4.11/nspr/pr/tests/server_test.c nspr-4.12/nspr/pr/tests/server_test.c
--- nspr-4.11/nspr/pr/tests/server_test.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/tests/server_test.c	2016-02-12 13:51:25.000000000 +0000
@@ -37,6 +37,7 @@
 #define PASS 0
 #define FAIL 1
 static int debug_mode = 0;
+static int failed_already = 0;
 
 static int _iterations = 1000;
 static int _clients = 1;
@@ -90,6 +91,7 @@
 			break;
 		case FAIL:
 			printf ("FAIL\n");
+			failed_already = 1;
 			break;
 		default:
 			break;
@@ -246,21 +248,32 @@
 ServerSetup(void)
 {
     PRFileDesc *listenSocket;
+    PRSocketOptionData sockOpt;
     PRNetAddr serverAddr;
     PRThread *WorkerThread;
 
-    if ( (listenSocket = PR_NewTCPSocket()) == NULL) {
+    if ((listenSocket = PR_NewTCPSocket()) == NULL) {
         if (debug_mode) printf("\tServer error creating listen socket\n");
 		else Test_Result(FAIL);
         return NULL;
     }
 
+    sockOpt.option = PR_SockOpt_Reuseaddr;
+    sockOpt.value.reuse_addr = PR_TRUE;
+    if (PR_SetSocketOption(listenSocket, &sockOpt) != PR_SUCCESS) {
+        if (debug_mode) printf("\tServer error setting socket option: OS error %d\n",
+                PR_GetOSError());
+        else Test_Result(FAIL);
+        PR_Close(listenSocket);
+        return NULL;
+    }
+
     memset(&serverAddr, 0, sizeof(PRNetAddr));
     serverAddr.inet.family = PR_AF_INET;
     serverAddr.inet.port = PR_htons(PORT);
     serverAddr.inet.ip = PR_htonl(PR_INADDR_ANY);
 
-    if ( PR_Bind(listenSocket, &serverAddr) == PR_FAILURE) {
+    if (PR_Bind(listenSocket, &serverAddr) != PR_SUCCESS) {
         if (debug_mode) printf("\tServer error binding to server address: OS error %d\n",
                 PR_GetOSError());
 		else Test_Result(FAIL);
@@ -268,7 +281,7 @@
         return NULL;
     }
 
-    if ( PR_Listen(listenSocket, 128) == PR_FAILURE) {
+    if (PR_Listen(listenSocket, 128) != PR_SUCCESS) {
         if (debug_mode) printf("\tServer error listening to server socket\n");
 		else Test_Result(FAIL);
         PR_Close(listenSocket);
@@ -548,7 +561,7 @@
 	Usage: test_name -d
 	*/
 	PLOptStatus os;
-	PLOptState *opt = PL_CreateOptState(argc, argv, "d:");
+	PLOptState *opt = PL_CreateOptState(argc, argv, "d");
 	while (PL_OPT_EOL != (os = PL_GetNextOpt(opt)))
     {
 		if (PL_OPT_BAD == os) continue;
@@ -606,5 +619,5 @@
 
     PR_Cleanup();
 
-    return 0;
+    return failed_already;
 }
diff -Nru nspr-4.11/nspr/pr/tests/vercheck.c nspr-4.12/nspr/pr/tests/vercheck.c
--- nspr-4.11/nspr/pr/tests/vercheck.c	2015-11-18 12:36:52.000000000 +0000
+++ nspr-4.12/nspr/pr/tests/vercheck.c	2016-02-12 13:51:25.000000000 +0000
@@ -22,7 +22,7 @@
 /*
  * This release (4.10.10) is backward compatible with the
  * 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 4.5.x, 4.6.x, 4.7.x,
- * 4.8.x, 4.9.x, and 4.10.x releases.
+ * 4.8.x, 4.9.x, 4.10.x and 4.11.X releases.
  * It, of course, is compatible with itself.
  */
 static char *compatible_version[] = {
@@ -39,7 +39,7 @@
     "4.9.6",
     "4.10", "4.10.1", "4.10.2", "4.10.3", "4.10.4",
     "4.10.5", "4.10.6", "4.10.7", "4.10.8", "4.10.9",
-    "4.10.10",
+    "4.10.10", "4.11",
     PR_VERSION
 };
 
@@ -56,7 +56,7 @@
     "3.1", "3.1.1", "3.1.2", "3.1.3",
     "3.5", "3.5.1",
     "4.11.1",
-    "4.12", "4.12.1",
+    "4.12.1",
     "10.0", "11.1", "12.14.20"
 };