diff options
author | Mark H Weaver <mhw@netris.org> | 2015-03-09 20:50:12 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-03-10 10:13:38 -0400 |
commit | 5b17fabca63296e04d35679b92150c1c73d1df53 (patch) | |
tree | d1b2e08bd30f380603a8e34ae035952c231f2497 /gnu | |
parent | a24175ac8d772e714a7cb5796e2da8799d9cf055 (diff) | |
download | guix-5b17fabca63296e04d35679b92150c1c73d1df53.tar.gz |
gnu: icecat: Update to 31.5.0.
* gnu/packages/patches/icecat-CVE-2015-0822.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch, gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch, gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch: Remove files. * gnu-system.am (dist_patch_DATA): Remove them. * gnu/packages/gnuzilla.scm (icecat): Update to 31.5.0. Remove patches. Add 'nspr', 'nss', and 'cairo' to inputs. Add configure flags to use those system libraries.
Diffstat (limited to 'gnu')
18 files changed, 11 insertions, 1277 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index bc74fa8d60..1d450cda64 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -216,7 +216,7 @@ standards.") (define-public icecat (package (name "icecat") - (version "31.4.0") + (version "31.5.0") (source (origin (method url-fetch) @@ -224,29 +224,12 @@ standards.") version "/" name "-" version ".tar.bz2")) (sha256 (base32 - "0q5ilgfybcrbwf9hq9zc1cpnlhq1pddnnjmdrxrcrrg8lgx5kkc2")) - (patches (map search-patch - '("icecat-CVE-2015-0822.patch" - "icecat-CVE-2015-0827-pt-1.patch" - "icecat-CVE-2015-0827-pt-2.patch" - "icecat-CVE-2015-0827-pt-3.patch" - "icecat-CVE-2015-0831-pt-1.patch" - "icecat-CVE-2015-0831-pt-2.patch" - "icecat-CVE-2015-0836-pt-01.patch" - "icecat-CVE-2015-0836-pt-02.patch" - "icecat-CVE-2015-0836-pt-03.patch" - "icecat-CVE-2015-0836-pt-04.patch" - "icecat-CVE-2015-0836-pt-05.patch" - "icecat-CVE-2015-0836-pt-06.patch" - "icecat-CVE-2015-0836-pt-07.patch" - "icecat-CVE-2015-0836-pt-08.patch" - "icecat-CVE-2015-0836-pt-09.patch" - "icecat-CVE-2015-0836-pt-10.patch" - "icecat-CVE-2015-0836-pt-11.patch"))))) + "1rr4axghaypdkrf60i1qp6dz4cd29ya02fs3vyffvp4x9kgcq2dd")))) (build-system gnu-build-system) (inputs `(("alsa-lib" ,alsa-lib) ("bzip2" ,bzip2) + ("cairo" ,cairo) ("dbus" ,dbus) ("dbus-glib" ,dbus-glib) ("glib" ,glib) @@ -264,6 +247,8 @@ standards.") ("pixman" ,pixman) ("pulseaudio" ,pulseaudio) ("mesa" ,mesa) + ("nspr" ,nspr) + ("nss" ,nss) ("unzip" ,unzip) ("yasm" ,yasm) ("zip" ,zip) @@ -290,19 +275,15 @@ standards.") "--with-system-libevent" "--with-system-libvpx" "--with-system-icu" + "--with-system-nspr" + "--with-system-nss" "--enable-system-pixman" - - ;; XXX unsure whether to use these. - ;; "--with-system-nspr" - ;; "--with-system-nss" - - ;; Fails with "configure: error: Library requirements - ;; (cairo-tee >= 1.10) not met". - ;; "--enable-system-cairo" + "--enable-system-cairo" + "--enable-system-ffi" ;; Fails with "configure: error: System ;; SQLite library is not compiled with - ;; SQLITE_SECURE_DELETE." + ;; SQLITE_ENABLE_UNLOCK_NOTIFY." ;; "--enable-system-sqlite" ;; Fails with "--with-system-png won't work because @@ -324,8 +305,7 @@ standards.") ;; to accelerate baseline JPEG compression/ ;; decompression", so we had better not use it ;; "--with-system-jpeg" - - "--enable-system-ffi") + ) #:phases (alist-replace diff --git a/gnu/packages/patches/icecat-CVE-2015-0822.patch b/gnu/packages/patches/icecat-CVE-2015-0822.patch deleted file mode 100644 index 2625151453..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0822.patch +++ /dev/null @@ -1,154 +0,0 @@ -From 0922145c255bf2503d3b2dd5f8f1e813338ba990 Mon Sep 17 00:00:00 2001 -From: Mats Palmgren <mats@mozilla.com> -Date: Sat, 24 Jan 2015 12:37:47 -0500 -Subject: [PATCH] Bug 1110557. r=mak, r=gavin, a=bkerensa - ---- - .../components/satchel/nsFormFillController.cpp | 67 +++++++++++++++------- - toolkit/components/satchel/nsFormFillController.h | 5 ++ - 2 files changed, 52 insertions(+), 20 deletions(-) - -diff --git a/toolkit/components/satchel/nsFormFillController.cpp b/toolkit/components/satchel/nsFormFillController.cpp -index 315fc68..676ad84 100644 ---- a/toolkit/components/satchel/nsFormFillController.cpp -+++ b/toolkit/components/satchel/nsFormFillController.cpp -@@ -61,6 +61,7 @@ nsFormFillController::nsFormFillController() : - mSuppressOnInput(false) - { - mController = do_GetService("@mozilla.org/autocomplete/controller;1"); -+ MOZ_ASSERT(mController); - } - - struct PwmgrInputsEnumData -@@ -104,6 +105,21 @@ nsFormFillController::AttributeChanged(nsIDocument* aDocument, - int32_t aNameSpaceID, - nsIAtom* aAttribute, int32_t aModType) - { -+ if ((aAttribute == nsGkAtoms::type || aAttribute == nsGkAtoms::readonly || -+ aAttribute == nsGkAtoms::autocomplete) && -+ aNameSpaceID == kNameSpaceID_None) { -+ nsCOMPtr<nsIDOMHTMLInputElement> focusedInput(mFocusedInput); -+ // Reset the current state of the controller, unconditionally. -+ StopControllingInput(); -+ // Then restart based on the new values. We have to delay this -+ // to avoid ending up in an endless loop due to re-registering our -+ // mutation observer (which would notify us again for *this* event). -+ nsCOMPtr<nsIRunnable> event = -+ NS_NewRunnableMethodWithArg<nsCOMPtr<nsIDOMHTMLInputElement>> -+ (this, &nsFormFillController::MaybeStartControllingInput, focusedInput); -+ NS_DispatchToCurrentThread(event); -+ } -+ - if (mListNode && mListNode->Contains(aElement)) { - RevalidateDataList(); - } -@@ -841,28 +857,26 @@ nsFormFillController::RemoveForDocumentEnumerator(const nsINode* aKey, - return PL_DHASH_NEXT; - } - --nsresult --nsFormFillController::Focus(nsIDOMEvent* aEvent) -+void -+nsFormFillController::MaybeStartControllingInput(nsIDOMHTMLInputElement* aInput) - { -- nsCOMPtr<nsIDOMHTMLInputElement> input = do_QueryInterface( -- aEvent->InternalDOMEvent()->GetTarget()); -- nsCOMPtr<nsINode> inputNode = do_QueryInterface(input); -+ nsCOMPtr<nsINode> inputNode = do_QueryInterface(aInput); - if (!inputNode) -- return NS_OK; -+ return; - -- nsCOMPtr<nsIFormControl> formControl = do_QueryInterface(input); -+ nsCOMPtr<nsIFormControl> formControl = do_QueryInterface(aInput); - if (!formControl || !formControl->IsSingleLineTextControl(true)) -- return NS_OK; -+ return; - - bool isReadOnly = false; -- input->GetReadOnly(&isReadOnly); -+ aInput->GetReadOnly(&isReadOnly); - if (isReadOnly) -- return NS_OK; -+ return; - -- bool autocomplete = nsContentUtils::IsAutocompleteEnabled(input); -+ bool autocomplete = nsContentUtils::IsAutocompleteEnabled(aInput); - - nsCOMPtr<nsIDOMHTMLElement> datalist; -- input->GetList(getter_AddRefs(datalist)); -+ aInput->GetList(getter_AddRefs(datalist)); - bool hasList = datalist != nullptr; - - bool dummy; -@@ -871,9 +885,16 @@ nsFormFillController::Focus(nsIDOMEvent* aEvent) - isPwmgrInput = true; - - if (isPwmgrInput || hasList || autocomplete) { -- StartControllingInput(input); -+ StartControllingInput(aInput); - } -+} - -+nsresult -+nsFormFillController::Focus(nsIDOMEvent* aEvent) -+{ -+ nsCOMPtr<nsIDOMHTMLInputElement> input = do_QueryInterface( -+ aEvent->InternalDOMEvent()->GetTarget()); -+ MaybeStartControllingInput(input); - return NS_OK; - } - -@@ -1087,6 +1108,10 @@ nsFormFillController::StartControllingInput(nsIDOMHTMLInputElement *aInput) - // Make sure we're not still attached to an input - StopControllingInput(); - -+ if (!mController) { -+ return; -+ } -+ - // Find the currently focused docShell - nsCOMPtr<nsIDocShell> docShell = GetDocShellForInput(aInput); - int32_t index = GetIndexOfDocShell(docShell); -@@ -1129,13 +1154,15 @@ nsFormFillController::StopControllingInput() - mListNode = nullptr; - } - -- // Reset the controller's input, but not if it has been switched -- // to another input already, which might happen if the user switches -- // focus by clicking another autocomplete textbox -- nsCOMPtr<nsIAutoCompleteInput> input; -- mController->GetInput(getter_AddRefs(input)); -- if (input == this) -- mController->SetInput(nullptr); -+ if (mController) { -+ // Reset the controller's input, but not if it has been switched -+ // to another input already, which might happen if the user switches -+ // focus by clicking another autocomplete textbox -+ nsCOMPtr<nsIAutoCompleteInput> input; -+ mController->GetInput(getter_AddRefs(input)); -+ if (input == this) -+ mController->SetInput(nullptr); -+ } - - if (mFocusedInputNode) { - MaybeRemoveMutationObserver(mFocusedInputNode); -diff --git a/toolkit/components/satchel/nsFormFillController.h b/toolkit/components/satchel/nsFormFillController.h -index b60d28d..8c3ba26 100644 ---- a/toolkit/components/satchel/nsFormFillController.h -+++ b/toolkit/components/satchel/nsFormFillController.h -@@ -62,6 +62,11 @@ protected: - - void StartControllingInput(nsIDOMHTMLInputElement *aInput); - void StopControllingInput(); -+ /** -+ * Checks that aElement is a type of element we want to fill, then calls -+ * StartControllingInput on it. -+ */ -+ void MaybeStartControllingInput(nsIDOMHTMLInputElement* aElement); - - nsresult PerformInputListAutoComplete(nsIAutoCompleteResult* aPreviousResult); - --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch deleted file mode 100644 index c57da755d1..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 28b6204b1421aa57b3c10c43d90cb516910bc80f Mon Sep 17 00:00:00 2001 -From: Markus Stange <mstange@themasta.com> -Date: Tue, 6 Jan 2015 12:08:39 +0100 -Subject: [PATCH] Bug 1117304 - Also do the checks at the start of CopyRect in - release builds. r=Bas, a=sledru - ---- - gfx/2d/FilterNodeSoftware.cpp | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp -index 00d790f..396d0da 100644 ---- a/gfx/2d/FilterNodeSoftware.cpp -+++ b/gfx/2d/FilterNodeSoftware.cpp -@@ -253,9 +253,12 @@ CopyRect(DataSourceSurface* aSrc, DataSourceSurface* aDest, - MOZ_CRASH("we should never be getting invalid rects at this point"); - } - -- MOZ_ASSERT(aSrc->GetFormat() == aDest->GetFormat(), "different surface formats"); -- MOZ_ASSERT(IntRect(IntPoint(), aSrc->GetSize()).Contains(aSrcRect), "source rect too big for source surface"); -- MOZ_ASSERT(IntRect(IntPoint(), aDest->GetSize()).Contains(aSrcRect - aSrcRect.TopLeft() + aDestPoint), "dest surface too small"); -+ MOZ_RELEASE_ASSERT(aSrc->GetFormat() == aDest->GetFormat(), -+ "different surface formats"); -+ MOZ_RELEASE_ASSERT(IntRect(IntPoint(), aSrc->GetSize()).Contains(aSrcRect), -+ "source rect too big for source surface"); -+ MOZ_RELEASE_ASSERT(IntRect(IntPoint(), aDest->GetSize()).Contains(IntRect(aDestPoint, aSrcRect.Size())), -+ "dest surface too small"); - - if (aSrcRect.IsEmpty()) { - return; --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch deleted file mode 100644 index 1ff68f4b4c..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5ff75fbe51d5760a96b4e614617c9cbf35f1fbaa Mon Sep 17 00:00:00 2001 -From: Markus Stange <mstange@themasta.com> -Date: Mon, 5 Jan 2015 18:40:27 +0100 -Subject: [PATCH] Bug 1117304 - Make sure the tile filter doesn't call CopyRect - on surfaces with different formats. r=Bas, a=sledru - ---- - gfx/2d/FilterNodeSoftware.cpp | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp -index 396d0da..10d92c6 100644 ---- a/gfx/2d/FilterNodeSoftware.cpp -+++ b/gfx/2d/FilterNodeSoftware.cpp -@@ -1568,7 +1568,16 @@ FilterNodeTileSoftware::Render(const IntRect& aRect) - return nullptr; - } - } -- MOZ_ASSERT(input->GetFormat() == target->GetFormat(), "different surface formats from the same input?"); -+ -+ if (input->GetFormat() != target->GetFormat()) { -+ // Different rectangles of the input can have different formats. If -+ // that happens, just convert everything to B8G8R8A8. -+ target = FilterProcessing::ConvertToB8G8R8A8(target); -+ input = FilterProcessing::ConvertToB8G8R8A8(input); -+ if (MOZ2D_WARN_IF(!target) || MOZ2D_WARN_IF(!input)) { -+ return nullptr; -+ } -+ } - - CopyRect(input, target, srcRect - srcRect.TopLeft(), destRect.TopLeft() - aRect.TopLeft()); - } --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch deleted file mode 100644 index 8d40126849..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c91087708686ae1c47abee65e19536688e5ec8f2 Mon Sep 17 00:00:00 2001 -From: Ryan VanderMeulen <ryanvm@gmail.com> -Date: Mon, 26 Jan 2015 17:24:46 -0500 -Subject: [PATCH] Bug 1117304 - Add missing MOZ2D_WARN_IF definition to fix - bustage. r=milan, a=bustage - ---- - gfx/2d/FilterNodeSoftware.cpp | 1 + - gfx/2d/Logging.h | 19 +++++++++++++++++++ - 2 files changed, 20 insertions(+) - -diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp -index 10d92c6..48bf162 100644 ---- a/gfx/2d/FilterNodeSoftware.cpp -+++ b/gfx/2d/FilterNodeSoftware.cpp -@@ -12,6 +12,7 @@ - #include "Blur.h" - #include <map> - #include "FilterProcessing.h" -+#include "Logging.h" - #include "mozilla/PodOperations.h" - #include "mozilla/DebugOnly.h" - -diff --git a/gfx/2d/Logging.h b/gfx/2d/Logging.h -index 85e788c..d7728bb 100644 ---- a/gfx/2d/Logging.h -+++ b/gfx/2d/Logging.h -@@ -155,6 +155,25 @@ typedef Log<LOG_WARNING> WarningLog; - #define gfxWarning if (1) ; else NoLog - #endif - -+// See nsDebug.h and the NS_WARN_IF macro -+ -+#ifdef __cplusplus -+#ifdef DEBUG -+inline bool MOZ2D_warn_if_impl(bool aCondition, const char* aExpr, -+ const char* aFile, int32_t aLine) -+{ -+ if (MOZ_UNLIKELY(aCondition)) { -+ gfxWarning() << aExpr << " at " << aFile << ":" << aLine; -+ } -+ return aCondition; -+} -+#define MOZ2D_WARN_IF(condition) \ -+ MOZ2D_warn_if_impl(condition, #condition, __FILE__, __LINE__) -+#else -+#define MOZ2D_WARN_IF(condition) (bool)(condition) -+#endif -+#endif -+ - const int INDENT_PER_LEVEL = 2; - - class TreeLog --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch b/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch deleted file mode 100644 index c04d604923..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c8437505a63fc2b2552b8af217d60d79abb92ba3 Mon Sep 17 00:00:00 2001 -From: Ben Turner <bent.mozilla@gmail.com> -Date: Fri, 6 Feb 2015 15:25:33 -0800 -Subject: [PATCH] Bug 1130541. r=janv, a=sledru - ---- - dom/indexedDB/IDBDatabase.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/dom/indexedDB/IDBDatabase.cpp b/dom/indexedDB/IDBDatabase.cpp -index 7329cec..c9c7e4f 100644 ---- a/dom/indexedDB/IDBDatabase.cpp -+++ b/dom/indexedDB/IDBDatabase.cpp -@@ -536,6 +536,7 @@ IDBDatabase::CreateObjectStore( - IDBTransaction* transaction = AsyncConnectionHelper::GetCurrentTransaction(); - - if (!transaction || -+ transaction->Database() != this || - transaction->GetMode() != IDBTransaction::VERSION_CHANGE) { - aRv.Throw(NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR); - return nullptr; -@@ -577,6 +578,7 @@ IDBDatabase::DeleteObjectStore(const nsAString& aName, ErrorResult& aRv) - IDBTransaction* transaction = AsyncConnectionHelper::GetCurrentTransaction(); - - if (!transaction || -+ transaction->Database() != this || - transaction->GetMode() != IDBTransaction::VERSION_CHANGE) { - aRv.Throw(NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR); - return; --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch b/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch deleted file mode 100644 index 9510cd611f..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4e799e44288c951f8d9acd17e7d8c56c9ee6a7d3 Mon Sep 17 00:00:00 2001 -From: Ben Turner <bent.mozilla@gmail.com> -Date: Mon, 9 Feb 2015 14:38:26 -0800 -Subject: [PATCH] Bug 1130541 followup a=test-only - ---HG-- -extra : amend_source : 23d80353f87897fdac9c99048d12ebe4ed390f76 ---- - dom/indexedDB/test/browser_quotaPrompt.html | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/dom/indexedDB/test/browser_quotaPrompt.html b/dom/indexedDB/test/browser_quotaPrompt.html -index c139970..dbeea68 100644 ---- a/dom/indexedDB/test/browser_quotaPrompt.html -+++ b/dom/indexedDB/test/browser_quotaPrompt.html -@@ -38,6 +38,7 @@ - let request = indexedDB.open(window.location.pathname, version++); - request.onerror = errorHandler; - request.onupgradeneeded = function(event) { -+ let db = event.target.result; - db.deleteObjectStore("foo"); - db.onversionchange = function () { db.close(); }; - request.transaction.oncomplete = function(event) { --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch deleted file mode 100644 index f6e2756054..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4106ffa6ee83b814428bb07948b3595e3fa3847e Mon Sep 17 00:00:00 2001 -From: Jan de Mooij <jdemooij@mozilla.com> -Date: Tue, 10 Feb 2015 09:40:46 +0100 -Subject: [PATCH] Bug 1128196 - Don't relazify scripts with a TypeScript. - r=till, a=lmandel - ---- - js/src/jsscript.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/js/src/jsscript.h b/js/src/jsscript.h -index 4d548ef..9a0cfbb 100644 ---- a/js/src/jsscript.h -+++ b/js/src/jsscript.h -@@ -1251,7 +1251,7 @@ class JSScript : public js::gc::BarrieredCell<JSScript> - } - - bool isRelazifiable() const { -- return (selfHosted() || lazyScript) && -+ return (selfHosted() || lazyScript) && !types && - !isGenerator() && !hasBaselineScript() && !hasAnyIonScript() && !hasBeenInlined(); - } - void setLazyScript(js::LazyScript *lazy) { --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch deleted file mode 100644 index c95cf23a29..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 83c4bfeea2d2203f726e3bfcb7ee6fe56b4d9703 Mon Sep 17 00:00:00 2001 -From: Ryan VanderMeulen <ryanvm@gmail.com> -Date: Thu, 29 Jan 2015 10:31:25 -0500 -Subject: [PATCH] Bug 1111248. r=Waldo, a=sledru - ---- - js/src/jsbool.cpp | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/js/src/jsbool.cpp b/js/src/jsbool.cpp -index 5d88bd5..8d5d672 100644 ---- a/js/src/jsbool.cpp -+++ b/js/src/jsbool.cpp -@@ -198,7 +198,8 @@ js::ToBooleanSlow(HandleValue v) - bool - js::BooleanGetPrimitiveValueSlow(HandleObject wrappedBool) - { -- JSObject *obj = wrappedBool->as<ProxyObject>().target(); -- JS_ASSERT(obj); -+ JSObject *obj = CheckedUnwrap(wrappedBool); -+ if (!obj || !obj->is<BooleanObject>()) -+ return false; - return obj->as<BooleanObject>().unbox(); - } --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch deleted file mode 100644 index 115cd76201..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch +++ /dev/null @@ -1,220 +0,0 @@ -From 4e4e34238e5bb5af83a645a5f4d2097e3b30e9dd Mon Sep 17 00:00:00 2001 -From: Tom Schuster <evilpies@gmail.com> -Date: Sun, 25 Jan 2015 21:42:10 +0100 -Subject: [PATCH] Bug 1111243 - Implement ES6 proxy behavior for IsArray. - r=efaust, a=abillings - ---- - browser/devtools/app-manager/app-projects.js | 2 ++ - js/public/Class.h | 5 +++- - js/src/jsarray.cpp | 9 ++++-- - js/src/jsobjinlines.h | 15 +++++++++- - js/src/json.cpp | 11 +++---- - js/src/jsproxy.cpp | 45 ++++++++++++++++++++++++++++ - 6 files changed, 78 insertions(+), 9 deletions(-) - -diff --git a/browser/devtools/app-manager/app-projects.js b/browser/devtools/app-manager/app-projects.js -index d09f72f..77ca67b 100644 ---- a/browser/devtools/app-manager/app-projects.js -+++ b/browser/devtools/app-manager/app-projects.js -@@ -61,6 +61,8 @@ const IDB = { - add: function(project) { - let deferred = promise.defer(); - -+ project = JSON.parse(JSON.stringify(project)); -+ - if (!project.location) { - // We need to make sure this object has a `.location` property. - deferred.reject("Missing location property on project object."); -diff --git a/js/public/Class.h b/js/public/Class.h -index ff864b1..46f7d39 100644 ---- a/js/public/Class.h -+++ b/js/public/Class.h -@@ -521,7 +521,10 @@ Valueify(const JSClass *c) - */ - enum ESClassValue { - ESClass_Array, ESClass_Number, ESClass_String, ESClass_Boolean, -- ESClass_RegExp, ESClass_ArrayBuffer, ESClass_Date -+ ESClass_RegExp, ESClass_ArrayBuffer, ESClass_Date, -+ // Special snowflake for the ES6 IsArray method. -+ // Please don't use it without calling that function. -+ ESClass_IsArray - }; - - /* -diff --git a/js/src/jsarray.cpp b/js/src/jsarray.cpp -index 24da176..46f1c20 100644 ---- a/js/src/jsarray.cpp -+++ b/js/src/jsarray.cpp -@@ -2645,7 +2645,8 @@ js::array_concat(JSContext *cx, unsigned argc, Value *vp) - HandleValue v = HandleValue::fromMarkedLocation(&p[i]); - if (v.isObject()) { - RootedObject obj(cx, &v.toObject()); -- if (ObjectClassIs(obj, ESClass_Array, cx)) { -+ // This should be IsConcatSpreadable -+ if (IsArray(obj, cx)) { - uint32_t alength; - if (!GetLengthProperty(cx, obj, &alength)) - return false; -@@ -2870,7 +2871,11 @@ static bool - array_isArray(JSContext *cx, unsigned argc, Value *vp) - { - CallArgs args = CallArgsFromVp(argc, vp); -- bool isArray = args.length() > 0 && IsObjectWithClass(args[0], ESClass_Array, cx); -+ bool isArray = false; -+ if (args.get(0).isObject()) { -+ RootedObject obj(cx, &args[0].toObject()); -+ isArray = IsArray(obj, cx); -+ } - args.rval().setBoolean(isArray); - return true; - } -diff --git a/js/src/jsobjinlines.h b/js/src/jsobjinlines.h -index e848ba7..557dd26 100644 ---- a/js/src/jsobjinlines.h -+++ b/js/src/jsobjinlines.h -@@ -1032,7 +1032,10 @@ ObjectClassIs(HandleObject obj, ESClassValue classValue, JSContext *cx) - return Proxy::objectClassIs(obj, classValue, cx); - - switch (classValue) { -- case ESClass_Array: return obj->is<ArrayObject>(); -+ case ESClass_Array: -+ case ESClass_IsArray: -+ // There difference between those is only relevant for proxies. -+ return obj->is<ArrayObject>(); - case ESClass_Number: return obj->is<NumberObject>(); - case ESClass_String: return obj->is<StringObject>(); - case ESClass_Boolean: return obj->is<BooleanObject>(); -@@ -1053,6 +1056,16 @@ IsObjectWithClass(const Value &v, ESClassValue classValue, JSContext *cx) - return ObjectClassIs(obj, classValue, cx); - } - -+// ES6 7.2.2 -+inline bool -+IsArray(HandleObject obj, JSContext *cx) -+{ -+ if (obj->is<ArrayObject>()) -+ return true; -+ -+ return ObjectClassIs(obj, ESClass_IsArray, cx); -+} -+ - static MOZ_ALWAYS_INLINE bool - NewObjectMetadata(ExclusiveContext *cxArg, JSObject **pmetadata) - { -diff --git a/js/src/json.cpp b/js/src/json.cpp -index 6e45bfd..81a99a6 100644 ---- a/js/src/json.cpp -+++ b/js/src/json.cpp -@@ -300,7 +300,7 @@ JO(JSContext *cx, HandleObject obj, StringifyContext *scx) - Maybe<AutoIdVector> ids; - const AutoIdVector *props; - if (scx->replacer && !scx->replacer->isCallable()) { -- JS_ASSERT(JS_IsArrayObject(cx, scx->replacer)); -+ JS_ASSERT(IsArray(scx->replacer, cx)); - props = &scx->propertyList; - } else { - JS_ASSERT_IF(scx->replacer, scx->propertyList.length() == 0); -@@ -488,7 +488,7 @@ Str(JSContext *cx, const Value &v, StringifyContext *scx) - - scx->depth++; - bool ok; -- if (ObjectClassIs(obj, ESClass_Array, cx)) -+ if (IsArray(obj, cx)) - ok = JA(cx, obj, scx); - else - ok = JO(cx, obj, scx); -@@ -510,7 +510,7 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp - if (replacer) { - if (replacer->isCallable()) { - /* Step 4a(i): use replacer to transform values. */ -- } else if (ObjectClassIs(replacer, ESClass_Array, cx)) { -+ } else if (IsArray(replacer, cx)) { - /* - * Step 4b: The spec algorithm is unhelpfully vague about the exact - * steps taken when the replacer is an array, regarding the exact -@@ -541,7 +541,8 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp - - /* Step 4b(ii). */ - uint32_t len; -- JS_ALWAYS_TRUE(GetLengthProperty(cx, replacer, &len)); -+ if (!GetLengthProperty(cx, replacer, &len)) -+ return false; - if (replacer->is<ArrayObject>() && !replacer->isIndexed()) - len = Min(len, replacer->getDenseInitializedLength()); - -@@ -678,7 +679,7 @@ Walk(JSContext *cx, HandleObject holder, HandleId name, HandleValue reviver, Mut - if (val.isObject()) { - RootedObject obj(cx, &val.toObject()); - -- if (ObjectClassIs(obj, ESClass_Array, cx)) { -+ if (IsArray(obj, cx)) { - /* Step 2a(ii). */ - uint32_t length; - if (!GetLengthProperty(cx, obj, &length)) -diff --git a/js/src/jsproxy.cpp b/js/src/jsproxy.cpp -index 7644da1..7453103 100644 ---- a/js/src/jsproxy.cpp -+++ b/js/src/jsproxy.cpp -@@ -1108,6 +1108,14 @@ class ScriptedDirectProxyHandler : public DirectProxyHandler { - virtual bool isExtensible(JSContext *cx, HandleObject proxy, bool *extensible) MOZ_OVERRIDE; - - /* Spidermonkey extensions. */ -+ // A scripted proxy should not be treated as generic in most contexts. -+ virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl, -+ CallArgs args) MOZ_OVERRIDE; -+ virtual bool objectClassIs(HandleObject obj, ESClassValue classValue, -+ JSContext *cx) MOZ_OVERRIDE; -+ virtual bool regexp_toShared(JSContext *cx, HandleObject proxy, -+ RegExpGuard *g) MOZ_OVERRIDE; -+ - virtual bool call(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE; - virtual bool construct(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE; - virtual bool isScripted() MOZ_OVERRIDE { return true; } -@@ -2350,6 +2358,43 @@ ScriptedDirectProxyHandler::construct(JSContext *cx, HandleObject proxy, const C - return true; - } - -+bool -+ScriptedDirectProxyHandler::nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl, -+ CallArgs args) -+{ -+ ReportIncompatible(cx, args); -+ return false; -+} -+ -+bool -+ScriptedDirectProxyHandler::objectClassIs(HandleObject proxy, ESClassValue classValue, -+ JSContext *cx) -+{ -+ // Special case IsArray. In every other instance ES wants to have exactly -+ // one object type and not a proxy around it, so return false. -+ if (classValue != ESClass_IsArray) -+ return false; -+ -+ // In ES6 IsArray is supposed to poke at the Proxy target, instead we do this here. -+ // The reason for this is that we have proxies for which looking at the target might -+ // be impossible. So instead we use our little objectClassIs function that just works -+ // already across different wrappers. -+ RootedObject target(cx, proxy->as<ProxyObject>().target()); -+ if (!target) -+ return false; -+ -+ return IsArray(target, cx); -+} -+ -+bool -+ScriptedDirectProxyHandler::regexp_toShared(JSContext *cx, HandleObject proxy, -+ RegExpGuard *g) -+{ -+ MOZ_CRASH("Should not end up in ScriptedDirectProxyHandler::regexp_toShared"); -+ return false; -+} -+ -+ - ScriptedDirectProxyHandler ScriptedDirectProxyHandler::singleton; - - #define INVOKE_ON_PROTOTYPE(cx, handler, proxy, protoCall) \ --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch deleted file mode 100644 index 58e61d080c..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 97ba04bf95606b409b1b3035504a41c274ecffe2 Mon Sep 17 00:00:00 2001 -From: Shu-yu Guo <shu@rfrn.org> -Date: Mon, 26 Jan 2015 18:26:25 -0800 -Subject: [PATCH] Bug 1119579 - Don't GC while iterating compartments in - findAllGlobals. r=sfink, a=abillings - ---- - js/src/vm/Debugger.cpp | 56 ++++++++++++++++++++++++++++++-------------------- - 1 file changed, 34 insertions(+), 22 deletions(-) - -diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp -index 27e993d..a8decef 100644 ---- a/js/src/vm/Debugger.cpp -+++ b/js/src/vm/Debugger.cpp -@@ -2825,37 +2825,49 @@ Debugger::findAllGlobals(JSContext *cx, unsigned argc, Value *vp) - { - THIS_DEBUGGER(cx, argc, vp, "findAllGlobals", args, dbg); - -- RootedObject result(cx, NewDenseEmptyArray(cx)); -- if (!result) -- return false; -+ AutoObjectVector globals(cx); - -- for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) { -- if (c->options().invisibleToDebugger()) -- continue; -+ { -+ // Accumulate the list of globals before wrapping them, because -+ // wrapping can GC and collect compartments from under us, while -+ // iterating. - -- c->zone()->scheduledForDestruction = false; -+ for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) { -+ if (c->options().invisibleToDebugger()) -+ continue; - -- GlobalObject *global = c->maybeGlobal(); -+ c->zone()->scheduledForDestruction = false; - -- if (cx->runtime()->isSelfHostingGlobal(global)) -- continue; -+ GlobalObject *global = c->maybeGlobal(); - -- if (global) { -- /* -- * We pulled |global| out of nowhere, so it's possible that it was -- * marked gray by XPConnect. Since we're now exposing it to JS code, -- * we need to mark it black. -- */ -- JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT); -+ if (cx->runtime()->isSelfHostingGlobal(global)) -+ continue; - -- RootedValue globalValue(cx, ObjectValue(*global)); -- if (!dbg->wrapDebuggeeValue(cx, &globalValue)) -- return false; -- if (!NewbornArrayPush(cx, result, globalValue)) -- return false; -+ if (global) { -+ /* -+ * We pulled |global| out of nowhere, so it's possible that it was -+ * marked gray by XPConnect. Since we're now exposing it to JS code, -+ * we need to mark it black. -+ */ -+ JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT); -+ if (!globals.append(global)) -+ return false; -+ } - } - } - -+ RootedObject result(cx, NewDenseEmptyArray(cx)); -+ if (!result) -+ return false; -+ -+ for (size_t i = 0; i < globals.length(); i++) { -+ RootedValue globalValue(cx, ObjectValue(*globals[i])); -+ if (!dbg->wrapDebuggeeValue(cx, &globalValue)) -+ return false; -+ if (!NewbornArrayPush(cx, result, globalValue)) -+ return false; -+ } -+ - args.rval().setObject(*result); - return true; - } --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch deleted file mode 100644 index 3e4ed17598..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 746ddf19ff532b8abc90d3a91322a04b462ebfa8 Mon Sep 17 00:00:00 2001 -From: Brian Hackett <bhackett1024@gmail.com> -Date: Mon, 26 Jan 2015 13:14:34 -0500 -Subject: [PATCH] Bug 1124018 - Null the allocation site table if - initialization fails. r=jonco, a=bkerensa - ---- - js/src/jsinfer.cpp | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/js/src/jsinfer.cpp b/js/src/jsinfer.cpp -index b62ad1f..4019b16 100644 ---- a/js/src/jsinfer.cpp -+++ b/js/src/jsinfer.cpp -@@ -2035,6 +2035,7 @@ TypeCompartment::addAllocationSiteTypeObject(JSContext *cx, AllocationSiteKey ke - allocationSiteTable = cx->new_<AllocationSiteTable>(); - if (!allocationSiteTable || !allocationSiteTable->init()) { - js_delete(allocationSiteTable); -+ allocationSiteTable = nullptr; - return nullptr; - } - } --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch deleted file mode 100644 index 181f9243e3..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0758363d982b0b3e6cf021c164715a028a345b9e Mon Sep 17 00:00:00 2001 -From: "Byron Campen [:bwc]" <docfaraday@gmail.com> -Date: Wed, 21 Jan 2015 08:56:36 -0800 -Subject: [PATCH] Bug 1123882 - Fix case where offset != 0. r=derf, a=bkerensa - ---- - content/media/MediaDecoderStateMachine.cpp | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/content/media/MediaDecoderStateMachine.cpp b/content/media/MediaDecoderStateMachine.cpp -index ce5870f..4ed496c 100644 ---- a/content/media/MediaDecoderStateMachine.cpp -+++ b/content/media/MediaDecoderStateMachine.cpp -@@ -328,6 +328,8 @@ void MediaDecoderStateMachine::SendStreamAudio(AudioData* aAudio, - if (offset >= aAudio->mFrames) - return; - -+ size_t framesToWrite = aAudio->mFrames - offset; -+ - aAudio->EnsureAudioBuffer(); - nsRefPtr<SharedBuffer> buffer = aAudio->mAudioBuffer; - AudioDataValue* bufferData = static_cast<AudioDataValue*>(buffer->Data()); -@@ -335,10 +337,11 @@ void MediaDecoderStateMachine::SendStreamAudio(AudioData* aAudio, - for (uint32_t i = 0; i < aAudio->mChannels; ++i) { - channels.AppendElement(bufferData + i*aAudio->mFrames + offset); - } -- aOutput->AppendFrames(buffer.forget(), channels, aAudio->mFrames); -- VERBOSE_LOG("writing %d frames of data to MediaStream for AudioData at %lld", -- aAudio->mFrames - int32_t(offset), aAudio->mTime); -- aStream->mAudioFramesWritten += aAudio->mFrames - int32_t(offset); -+ aOutput->AppendFrames(buffer.forget(), channels, framesToWrite); -+ VERBOSE_LOG("writing %u frames of data to MediaStream for AudioData at %lld", -+ static_cast<unsigned>(framesToWrite), -+ aAudio->mTime); -+ aStream->mAudioFramesWritten += framesToWrite; - } - - static void WriteVideoToMediaStream(layers::Image* aImage, --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch deleted file mode 100644 index 818d369b26..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 94899f849e50a765bb26420f5c70d49002d6673f Mon Sep 17 00:00:00 2001 -From: Glenn Randers-Pehrson <glennrp+bmo@gmail.com> -Date: Mon, 26 Jan 2015 16:07:00 -0500 -Subject: [PATCH] Bug 1117406 - Fix handling of out-of-range PNG tRNS values. - r=jmuizelaar, a=abillings - ---- - image/decoders/nsPNGDecoder.cpp | 22 ++++++++++++---------- - 1 file changed, 12 insertions(+), 10 deletions(-) - -diff --git a/image/decoders/nsPNGDecoder.cpp b/image/decoders/nsPNGDecoder.cpp -index acaa835..8e6bc2d 100644 ---- a/image/decoders/nsPNGDecoder.cpp -+++ b/image/decoders/nsPNGDecoder.cpp -@@ -528,24 +528,26 @@ nsPNGDecoder::info_callback(png_structp png_ptr, png_infop info_ptr) - png_set_expand(png_ptr); - - if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS)) { -- int sample_max = (1 << bit_depth); - png_color_16p trans_values; - png_get_tRNS(png_ptr, info_ptr, &trans, &num_trans, &trans_values); - /* libpng doesn't reject a tRNS chunk with out-of-range samples - so we check it here to avoid setting up a useless opacity -- channel or producing unexpected transparent pixels when using -- libpng-1.2.19 through 1.2.26 (bug #428045) */ -- if ((color_type == PNG_COLOR_TYPE_GRAY && -- (int)trans_values->gray > sample_max) || -- (color_type == PNG_COLOR_TYPE_RGB && -- ((int)trans_values->red > sample_max || -- (int)trans_values->green > sample_max || -- (int)trans_values->blue > sample_max))) -+ channel or producing unexpected transparent pixels (bug #428045) */ -+ if (bit_depth < 16) { -+ png_uint_16 sample_max = (1 << bit_depth) - 1; -+ if ((color_type == PNG_COLOR_TYPE_GRAY && -+ trans_values->gray > sample_max) || -+ (color_type == PNG_COLOR_TYPE_RGB && -+ (trans_values->red > sample_max || -+ trans_values->green > sample_max || -+ trans_values->blue > sample_max))) - { - /* clear the tRNS valid flag and release tRNS memory */ - png_free_data(png_ptr, info_ptr, PNG_FREE_TRNS, 0); -+ num_trans = 0; - } -- else -+ } -+ if (num_trans != 0) - png_set_expand(png_ptr); - } - --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch deleted file mode 100644 index 685e3a6d43..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4920c5c447d1153dffa623dd70d8b535b9ca6795 Mon Sep 17 00:00:00 2001 -From: Jan de Mooij <jdemooij@mozilla.com> -Date: Mon, 26 Jan 2015 12:59:47 +0100 -Subject: [PATCH] Bug 1115776 - Fix LApplyArgsGeneric to always emit the - has-script check. r=shu, a=sledru - ---- - js/src/jit/CodeGenerator.cpp | 24 ++++++++---------------- - 1 file changed, 8 insertions(+), 16 deletions(-) - -diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp -index ba14f86..0669692 100644 ---- a/js/src/jit/CodeGenerator.cpp -+++ b/js/src/jit/CodeGenerator.cpp -@@ -2448,27 +2448,19 @@ CodeGenerator::visitApplyArgsGeneric(LApplyArgsGeneric *apply) - - masm.checkStackAlignment(); - -- // If the function is known to be uncompilable, only emit the call to InvokeFunction. -+ // If the function is native, only emit the call to InvokeFunction. - ExecutionMode executionMode = gen->info().executionMode(); -- if (apply->hasSingleTarget()) { -- JSFunction *target = apply->getSingleTarget(); -- if (target->isNative()) { -- if (!emitCallInvokeFunction(apply, copyreg)) -- return false; -- emitPopArguments(apply, copyreg); -- return true; -- } -+ if (apply->hasSingleTarget() && apply->getSingleTarget()->isNative()) { -+ if (!emitCallInvokeFunction(apply, copyreg)) -+ return false; -+ emitPopArguments(apply, copyreg); -+ return true; - } - - Label end, invoke; - -- // Guard that calleereg is an interpreted function with a JSScript: -- if (!apply->hasSingleTarget()) { -- masm.branchIfFunctionHasNoScript(calleereg, &invoke); -- } else { -- // Native single targets are handled by LCallNative. -- JS_ASSERT(!apply->getSingleTarget()->isNative()); -- } -+ // Guard that calleereg is an interpreted function with a JSScript. -+ masm.branchIfFunctionHasNoScript(calleereg, &invoke); - - // Knowing that calleereg is a non-native function, load the JSScript. - masm.loadPtr(Address(calleereg, JSFunction::offsetOfNativeOrScript()), objreg); --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch deleted file mode 100644 index d067d8133d..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch +++ /dev/null @@ -1,52 +0,0 @@ -From f7d24f37425d3d9054a7e5657815440a07166d3f Mon Sep 17 00:00:00 2001 -From: Kartikaya Gupta <kgupta@mozilla.com> -Date: Tue, 20 Jan 2015 10:33:27 -0500 -Subject: [PATCH] Bug 1107009 - Additional locking needed for esr31 backport. - r=BenWa a=sledru - ---- - gfx/layers/ipc/CompositorParent.cpp | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/gfx/layers/ipc/CompositorParent.cpp b/gfx/layers/ipc/CompositorParent.cpp -index 97c8693..cb03e71 100644 ---- a/gfx/layers/ipc/CompositorParent.cpp -+++ b/gfx/layers/ipc/CompositorParent.cpp -@@ -1286,13 +1286,19 @@ CrossProcessCompositorParent::ShadowLayersUpdated( - { - uint64_t id = aLayerTree->GetId(); - MOZ_ASSERT(id != 0); -+ const CompositorParent::LayerTreeState* state = CompositorParent::GetIndirectShadowTree(id); -+ if (!state) { -+ return; -+ } -+ MOZ_ASSERT(state->mParent); -+ - Layer* shadowRoot = aLayerTree->GetRoot(); - if (shadowRoot) { - SetShadowProperties(shadowRoot); - } - UpdateIndirectTree(id, shadowRoot, aTargetConfig); - -- sIndirectLayerTrees[id].mParent->NotifyShadowTreeTransaction(id, aIsFirstPaint, aScheduleComposite); -+ state->mParent->NotifyShadowTreeTransaction(id, aIsFirstPaint, aScheduleComposite); - } - - void -@@ -1329,7 +1335,12 @@ AsyncCompositionManager* - CrossProcessCompositorParent::GetCompositionManager(LayerTransactionParent* aLayerTree) - { - uint64_t id = aLayerTree->GetId(); -- return sIndirectLayerTrees[id].mParent->GetCompositionManager(aLayerTree); -+ const CompositorParent::LayerTreeState* state = CompositorParent::GetIndirectShadowTree(id); -+ if (!state) { -+ return nullptr; -+ } -+ MOZ_ASSERT(state->mParent); -+ return state->mParent->GetCompositionManager(aLayerTree); - } - - void --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch deleted file mode 100644 index 9a4668b2dc..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 66e65b2138c6db20288ef4cf78d15995f382a7e2 Mon Sep 17 00:00:00 2001 -From: Kartikaya Gupta <kgupta@mozilla.com> -Date: Tue, 13 Jan 2015 13:26:26 -0500 -Subject: [PATCH] Bug 1107009. r=BenWa, a=sledru - ---- - gfx/layers/ipc/CompositorParent.cpp | 57 ++++++++++++++++++++++++++++++------- - 1 file changed, 46 insertions(+), 11 deletions(-) - -diff --git a/gfx/layers/ipc/CompositorParent.cpp b/gfx/layers/ipc/CompositorParent.cpp -index ce50277..cbbb2ef 100644 ---- a/gfx/layers/ipc/CompositorParent.cpp -+++ b/gfx/layers/ipc/CompositorParent.cpp -@@ -22,6 +22,7 @@ - #include "gfxPrefs.h" // for gfxPrefs - #include "ipc/ShadowLayersManager.h" // for ShadowLayersManager - #include "mozilla/AutoRestore.h" // for AutoRestore -+#include "mozilla/ClearOnShutdown.h" // for ClearOnShutdown - #include "mozilla/DebugOnly.h" // for DebugOnly - #include "mozilla/gfx/2D.h" // for DrawTarget - #include "mozilla/gfx/Point.h" // for IntSize -@@ -70,6 +71,16 @@ CompositorParent::LayerTreeState::LayerTreeState() - - typedef map<uint64_t, CompositorParent::LayerTreeState> LayerTreeMap; - static LayerTreeMap sIndirectLayerTrees; -+static StaticAutoPtr<mozilla::Monitor> sIndirectLayerTreesLock; -+ -+static void EnsureLayerTreeMapReady() -+{ -+ MOZ_ASSERT(NS_IsMainThread()); -+ if (!sIndirectLayerTreesLock) { -+ sIndirectLayerTreesLock = new Monitor("IndirectLayerTree"); -+ mozilla::ClearOnShutdown(&sIndirectLayerTreesLock); -+ } -+} - - // FIXME/bug 774386: we're assuming that there's only one - // CompositorParent, but that's not always true. This assumption only -@@ -132,6 +143,7 @@ void CompositorParent::StartUp() - return; - } - MOZ_ASSERT(!sCompositorLoop); -+ EnsureLayerTreeMapReady(); - CreateCompositorMap(); - CreateThread(); - sMainLoop = MessageLoop::current(); -@@ -206,7 +218,11 @@ CompositorParent::CompositorParent(nsIWidget* aWidget, - this, &mCompositorID)); - - mRootLayerTreeID = AllocateLayerTreeId(); -- sIndirectLayerTrees[mRootLayerTreeID].mParent = this; -+ -+ { // scope lock -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ sIndirectLayerTrees[mRootLayerTreeID].mParent = this; -+ } - - mApzcTreeManager = new APZCTreeManager(); - ++sCompositorThreadRefCount; -@@ -249,7 +265,10 @@ CompositorParent::Destroy() - mCompositionManager = nullptr; - mApzcTreeManager->ClearTree(); - mApzcTreeManager = nullptr; -- sIndirectLayerTrees.erase(mRootLayerTreeID); -+ { // scope lock -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ sIndirectLayerTrees.erase(mRootLayerTreeID); -+ } - } - - void -@@ -266,6 +285,7 @@ CompositorParent::RecvWillStop() - - // Ensure that the layer manager is destroyed before CompositorChild. - if (mLayerManager) { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin(); - it != sIndirectLayerTrees.end(); it++) - { -@@ -380,7 +400,10 @@ CompositorParent::ActorDestroy(ActorDestroyReason why) - if (mLayerManager) { - mLayerManager->Destroy(); - mLayerManager = nullptr; -- sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr; -+ { // scope lock -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr; -+ } - mCompositionManager = nullptr; - mCompositor = nullptr; - } -@@ -696,6 +719,7 @@ CompositorParent::DidComposite() - { - unused << SendDidComposite(0); - -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin(); - it != sIndirectLayerTrees.end(); it++) { - LayerTreeState* lts = &it->second; -@@ -867,6 +891,7 @@ CompositorParent::InitializeLayerManager(const nsTArray<LayersBackend>& aBackend - mLayerManager = layerManager; - MOZ_ASSERT(compositor); - mCompositor = compositor; -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = layerManager; - return; - } -@@ -969,6 +994,7 @@ CompositorParent::RecvNotifyChildCreated(const uint64_t& child) - void - CompositorParent::NotifyChildCreated(uint64_t aChild) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[aChild].mParent = this; - sIndirectLayerTrees[aChild].mLayerManager = mLayerManager; - } -@@ -985,6 +1011,7 @@ CompositorParent::AllocateLayerTreeId() - static void - EraseLayerState(uint64_t aId) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees.erase(aId); - } - -@@ -1001,6 +1028,7 @@ UpdateControllerForLayersId(uint64_t aLayersId, - GeckoContentController* aController) - { - // Adopt ref given to us by SetControllerForLayerTree() -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[aLayersId].mController = - already_AddRefed<GeckoContentController>(aController); - } -@@ -1010,12 +1038,15 @@ ScopedLayerTreeRegistration::ScopedLayerTreeRegistration(uint64_t aLayersId, - GeckoContentController* aController) - : mLayersId(aLayersId) - { -+ EnsureLayerTreeMapReady(); -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[aLayersId].mRoot = aRoot; - sIndirectLayerTrees[aLayersId].mController = aController; - } - - ScopedLayerTreeRegistration::~ScopedLayerTreeRegistration() - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees.erase(mLayersId); - } - -@@ -1175,6 +1206,7 @@ CompositorParent::CloneToplevel(const InfallibleTArray<mozilla::ipc::ProtocolFdM - static void - UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[aId].mRoot = aRoot; - sIndirectLayerTrees[aId].mTargetConfig = aTargetConfig; - } -@@ -1182,6 +1214,7 @@ UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig - /* static */ const CompositorParent::LayerTreeState* - CompositorParent::GetIndirectShadowTree(uint64_t aId) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - LayerTreeMap::const_iterator cit = sIndirectLayerTrees.find(aId); - if (sIndirectLayerTrees.end() == cit) { - return nullptr; -@@ -1189,12 +1222,6 @@ CompositorParent::GetIndirectShadowTree(uint64_t aId) - return &cit->second; - } - --static void --RemoveIndirectTree(uint64_t aId) --{ -- sIndirectLayerTrees.erase(aId); --} -- - void - CrossProcessCompositorParent::ActorDestroy(ActorDestroyReason aWhy) - { -@@ -1211,6 +1238,8 @@ CrossProcessCompositorParent::AllocPLayerTransactionParent(const nsTArray<Layers - { - MOZ_ASSERT(aId != 0); - -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ - if (sIndirectLayerTrees[aId].mLayerManager) { - sIndirectLayerTrees[aId].mCrossProcessParent = this; - LayerManagerComposite* lm = sIndirectLayerTrees[aId].mLayerManager; -@@ -1234,7 +1263,7 @@ bool - CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionParent* aLayers) - { - LayerTransactionParent* slp = static_cast<LayerTransactionParent*>(aLayers); -- RemoveIndirectTree(slp->GetId()); -+ EraseLayerState(slp->GetId()); - static_cast<LayerTransactionParent*>(aLayers)->ReleaseIPDLReference(); - return true; - } -@@ -1242,6 +1271,7 @@ CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionPa - bool - CrossProcessCompositorParent::RecvNotifyChildCreated(const uint64_t& child) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[child].mParent->NotifyChildCreated(child); - return true; - } -@@ -1269,7 +1299,12 @@ CrossProcessCompositorParent::ForceComposite(LayerTransactionParent* aLayerTree) - { - uint64_t id = aLayerTree->GetId(); - MOZ_ASSERT(id != 0); -- sIndirectLayerTrees[id].mParent->ForceComposite(aLayerTree); -+ CompositorParent* parent; -+ { // scope lock -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ parent = sIndirectLayerTrees[id].mParent; -+ } -+ parent->ForceComposite(aLayerTree); - } - - bool --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch deleted file mode 100644 index 869feaf7c6..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 3f0f685829445ae82974d61f6017fdb67349c32b Mon Sep 17 00:00:00 2001 -From: Dan Gohman <sunfish@mozilla.com> -Date: Fri, 9 Jan 2015 09:04:12 -0500 -Subject: [PATCH] Bug 1096138 - IonMonkey: Augment Nops with Mops to avoid - collisions with fixed live ranges. r=jandem, a=sledru - ---- - js/src/jit/CodeGenerator.cpp | 6 ++++++ - js/src/jit/CodeGenerator.h | 1 + - js/src/jit/LIR-Common.h | 6 ++++++ - js/src/jit/LOpcodes.h | 1 + - js/src/jit/Lowering.cpp | 12 ++++++++++++ - 5 files changed, 26 insertions(+) - -diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp -index 4f07524..ba14f86 100644 ---- a/js/src/jit/CodeGenerator.cpp -+++ b/js/src/jit/CodeGenerator.cpp -@@ -1077,6 +1077,12 @@ CodeGenerator::visitNop(LNop *lir) - } - - bool -+CodeGenerator::visitMop(LMop *lir) -+{ -+ return true; -+} -+ -+bool - CodeGenerator::visitOsiPoint(LOsiPoint *lir) - { - // Note: markOsiPoint ensures enough space exists between the last -diff --git a/js/src/jit/CodeGenerator.h b/js/src/jit/CodeGenerator.h -index 03677a5..dce095d 100644 ---- a/js/src/jit/CodeGenerator.h -+++ b/js/src/jit/CodeGenerator.h -@@ -58,6 +58,7 @@ class CodeGenerator : public CodeGeneratorSpecific - - bool visitLabel(LLabel *lir); - bool visitNop(LNop *lir); -+ bool visitMop(LMop *lir); - bool visitOsiPoint(LOsiPoint *lir); - bool visitGoto(LGoto *lir); - bool visitTableSwitch(LTableSwitch *ins); -diff --git a/js/src/jit/LIR-Common.h b/js/src/jit/LIR-Common.h -index c90aef9..e7a0e4c 100644 ---- a/js/src/jit/LIR-Common.h -+++ b/js/src/jit/LIR-Common.h -@@ -42,6 +42,12 @@ class LNop : public LInstructionHelper<0, 0, 0> - LIR_HEADER(Nop) - }; - -+class LMop : public LInstructionHelper<0, 0, 0> -+{ -+ public: -+ LIR_HEADER(Mop) -+}; -+ - // An LOsiPoint captures a snapshot after a call and ensures enough space to - // patch in a call to the invalidation mechanism. - // -diff --git a/js/src/jit/LOpcodes.h b/js/src/jit/LOpcodes.h -index a32d64f..cd7eef8 100644 ---- a/js/src/jit/LOpcodes.h -+++ b/js/src/jit/LOpcodes.h -@@ -10,6 +10,7 @@ - #define LIR_COMMON_OPCODE_LIST(_) \ - _(Label) \ - _(Nop) \ -+ _(Mop) \ - _(OsiPoint) \ - _(MoveGroup) \ - _(Integer) \ -diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp -index d5f8227..48b7fa9 100644 ---- a/js/src/jit/Lowering.cpp -+++ b/js/src/jit/Lowering.cpp -@@ -3616,12 +3616,24 @@ LIRGenerator::visitInstruction(MInstruction *ins) - ins->setInWorklistUnchecked(); - #endif - -+ // If we added a Nop for this instruction, we'll also add a Mop, so that -+ // that live-ranges for fixed register defs, which with LSRA extend through -+ // the Nop so that they can extend through the OsiPoint don't, with their -+ // one-extra extension, extend into a position where they use the input -+ // move group for the following instruction. -+ bool needsMop = !current->instructions().empty() && current->rbegin()->isNop(); -+ - // If no safepoint was created, there's no need for an OSI point. - if (LOsiPoint *osiPoint = popOsiPoint()) { - if (!add(osiPoint)) - return false; - } - -+ if (needsMop) { -+ if (!add(new(alloc()) LMop)) -+ return false; -+ } -+ - return true; - } - --- -2.2.1 - |