summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/gnuzilla.scm25
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch34
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch33
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch308
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch47
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch51
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch170
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch56
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch48
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch189
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch33
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch183
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch91
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch34
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch83
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch35
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1935.patch77
-rw-r--r--gnu/packages/patches/icecat-bug-1146335-pt1.patch141
-rw-r--r--gnu/packages/patches/icecat-bug-1146335-pt2.patch43
-rw-r--r--gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch73
20 files changed, 3 insertions, 1751 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 62010dbf6b..7978ca6abe 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -277,7 +277,7 @@ standards.")
 (define-public icecat
   (package
     (name "icecat")
-    (version "38.5.2-gnu1")
+    (version "38.6.0-gnu1")
     (source
      (origin
       (method url-fetch)
@@ -286,28 +286,9 @@ standards.")
                           name "-" version ".tar.bz2"))
       (sha256
        (base32
-        "0m18xyb0rd02yaw9xd5z4bab1wr2599iszzqhm86c134jv5vk6cg"))
+        "0bd4k5cwr8ynscaxffvj2x3kgky3dmjq0qhpcb931l98bh0103lx"))
       (patches (map search-patch
-                    '("icecat-avoid-bundled-includes.patch"
-                      "icecat-CVE-2016-1930-pt01.patch"
-                      "icecat-CVE-2016-1930-pt02.patch"
-                      "icecat-CVE-2016-1930-pt03.patch"
-                      "icecat-CVE-2016-1930-pt04.patch"
-                      "icecat-CVE-2016-1930-pt05.patch"
-                      "icecat-CVE-2016-1930-pt06.patch"
-                      "icecat-CVE-2016-1930-pt07.patch"
-                      "icecat-CVE-2016-1930-pt08.patch"
-                      "icecat-CVE-2016-1930-pt09.patch"
-                      "icecat-CVE-2016-1930-pt10.patch"
-                      "icecat-CVE-2016-1930-pt11.patch"
-                      "icecat-CVE-2016-1930-pt12.patch"
-                      "icecat-CVE-2016-1930-pt13.patch"
-                      "icecat-bug-1146335-pt1.patch"
-                      "icecat-bug-1146335-pt2.patch"
-                      "icecat-CVE-2016-1935.patch"
-                      "icecat-CVE-2016-1930-pt14.patch"
-                      "icecat-CVE-2016-1930-pt15.patch"
-                      "icecat-limit-max-buffers-size-for-ANGLE.patch")))
+                    '("icecat-avoid-bundled-includes.patch")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch
deleted file mode 100644
index 27768fa1ac..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/925215cae26f
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233346
-
-# HG changeset patch
-# User Nils Ohlmeier <drno@ohlmeier.org>
-# Date 1451439902 18000
-# Node ID 925215cae26f9c0ccff07ef403a5b3194a4c45c4
-# Parent  ff8e52467d793e935b80bf22a722a71a96fe2d63
-Bug 1233346 - r=ekr a=abillings
-
-diff --git a/media/mtransport/third_party/nICEr/src/stun/addrs.c b/media/mtransport/third_party/nICEr/src/stun/addrs.c
---- a/media/mtransport/third_party/nICEr/src/stun/addrs.c
-+++ b/media/mtransport/third_party/nICEr/src/stun/addrs.c
-@@ -530,16 +530,18 @@ stun_get_win32_addrs(nr_local_addr addrs
- 
-     for (tmpAddress = AdapterAddresses; tmpAddress != NULL; tmpAddress = tmpAddress->Next) {
-       char *c;
- 
-       if (tmpAddress->OperStatus != IfOperStatusUp)
-         continue;
- 
-       snprintf(munged_ifname, IFNAMSIZ, "%S%c", tmpAddress->FriendlyName, 0);
-+      munged_ifname[IFNAMSIZ-1] = '\0';
-+
-       /* replace spaces with underscores */
-       c = strchr(munged_ifname, ' ');
-       while (c != NULL) {
-         *c = '_';
-          c = strchr(munged_ifname, ' ');
-       }
-       c = strchr(munged_ifname, '.');
-       while (c != NULL) {
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch
deleted file mode 100644
index fa1804eb82..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/fc78180165a8
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
-
-# HG changeset patch
-# User Karl Tomlinson <karlt+@karlt.net>
-# Date 1449117514 -46800
-# Node ID fc78180165a8262c80bbb722ed99b2e0c27b02d0
-# Parent  925215cae26f9c0ccff07ef403a5b3194a4c45c4
-bug 1223670 assert that connected streams have the same graph r=padenot a=abillings
-
-diff --git a/dom/media/MediaStreamGraph.cpp b/dom/media/MediaStreamGraph.cpp
---- a/dom/media/MediaStreamGraph.cpp
-+++ b/dom/media/MediaStreamGraph.cpp
-@@ -2696,16 +2696,17 @@ ProcessedMediaStream::AllocateInputPort(
-       unused << mPort.forget();
-     }
-     virtual void RunDuringShutdown()
-     {
-       Run();
-     }
-     nsRefPtr<MediaInputPort> mPort;
-   };
-+  MOZ_ASSERT(aStream->GraphImpl() == GraphImpl());
-   nsRefPtr<MediaInputPort> port = new MediaInputPort(aStream, this, aFlags,
-                                                      aInputNumber, aOutputNumber);
-   port->SetGraphImpl(GraphImpl());
-   GraphImpl()->AppendMessage(new Message(port));
-   return port.forget();
- }
- 
- void
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch
deleted file mode 100644
index cf0843b8b3..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch
+++ /dev/null
@@ -1,308 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f746c38d160e
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
-
-# HG changeset patch
-# User Karl Tomlinson <karlt+@karlt.net>
-# Date 1449764754 18000
-# Node ID f746c38d160ea29088c15cacae44f3662befaec5
-# Parent  fc78180165a8262c80bbb722ed99b2e0c27b02d0
-bug 1223670 replace public constructors with fallible factory methods r=baku a=abillings
-
-diff --git a/dom/media/webaudio/AudioContext.cpp b/dom/media/webaudio/AudioContext.cpp
---- a/dom/media/webaudio/AudioContext.cpp
-+++ b/dom/media/webaudio/AudioContext.cpp
-@@ -299,32 +299,29 @@ AudioContext::CreateMediaElementSource(H
-     aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
-     return nullptr;
-   }
- #endif
-   nsRefPtr<DOMMediaStream> stream = aMediaElement.MozCaptureStream(aRv);
-   if (aRv.Failed()) {
-     return nullptr;
-   }
--  nsRefPtr<MediaElementAudioSourceNode> mediaElementAudioSourceNode =
--    new MediaElementAudioSourceNode(this, stream);
--  return mediaElementAudioSourceNode.forget();
-+  return MediaElementAudioSourceNode::Create(this, stream, aRv);
- }
- 
- already_AddRefed<MediaStreamAudioSourceNode>
- AudioContext::CreateMediaStreamSource(DOMMediaStream& aMediaStream,
-                                       ErrorResult& aRv)
- {
-   if (mIsOffline) {
-     aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
-     return nullptr;
-   }
--  nsRefPtr<MediaStreamAudioSourceNode> mediaStreamAudioSourceNode =
--    new MediaStreamAudioSourceNode(this, &aMediaStream);
--  return mediaStreamAudioSourceNode.forget();
-+
-+  return MediaStreamAudioSourceNode::Create(this, &aMediaStream, aRv);
- }
- 
- already_AddRefed<GainNode>
- AudioContext::CreateGain()
- {
-   nsRefPtr<GainNode> gainNode = new GainNode(this);
-   return gainNode.forget();
- }
-diff --git a/dom/media/webaudio/AudioNode.cpp b/dom/media/webaudio/AudioNode.cpp
---- a/dom/media/webaudio/AudioNode.cpp
-+++ b/dom/media/webaudio/AudioNode.cpp
-@@ -61,34 +61,29 @@ AudioNode::AudioNode(AudioContext* aCont
-                      ChannelInterpretation aChannelInterpretation)
-   : DOMEventTargetHelper(aContext->GetParentObject())
-   , mContext(aContext)
-   , mChannelCount(aChannelCount)
-   , mChannelCountMode(aChannelCountMode)
-   , mChannelInterpretation(aChannelInterpretation)
-   , mId(gId++)
-   , mPassThrough(false)
--#ifdef DEBUG
--  , mDemiseNotified(false)
--#endif
- {
-   MOZ_ASSERT(aContext);
-   DOMEventTargetHelper::BindToOwner(aContext->GetParentObject());
-   aContext->UpdateNodeCount(1);
- }
- 
- AudioNode::~AudioNode()
- {
-   MOZ_ASSERT(mInputNodes.IsEmpty());
-   MOZ_ASSERT(mOutputNodes.IsEmpty());
-   MOZ_ASSERT(mOutputParams.IsEmpty());
--#ifdef DEBUG
--  MOZ_ASSERT(mDemiseNotified,
-+  MOZ_ASSERT(!mStream,
-              "The webaudio-node-demise notification must have been sent");
--#endif
-   if (mContext) {
-     mContext->UpdateNodeCount(-1);
-   }
- }
- 
- size_t
- AudioNode::SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const
- {
-@@ -399,19 +394,16 @@ AudioNode::DestroyMediaStream()
-     mStream = nullptr;
- 
-     nsCOMPtr<nsIObserverService> obs = services::GetObserverService();
-     if (obs) {
-       nsAutoString id;
-       id.AppendPrintf("%u", mId);
-       obs->NotifyObservers(nullptr, "webaudio-node-demise", id.get());
-     }
--#ifdef DEBUG
--    mDemiseNotified = true;
--#endif
-   }
- }
- 
- void
- AudioNode::RemoveOutputParam(AudioParam* aParam)
- {
-   mOutputParams.RemoveElement(aParam);
- }
-diff --git a/dom/media/webaudio/AudioNode.h b/dom/media/webaudio/AudioNode.h
---- a/dom/media/webaudio/AudioNode.h
-+++ b/dom/media/webaudio/AudioNode.h
-@@ -239,19 +239,14 @@ private:
-   nsTArray<nsRefPtr<AudioParam> > mOutputParams;
-   uint32_t mChannelCount;
-   ChannelCountMode mChannelCountMode;
-   ChannelInterpretation mChannelInterpretation;
-   const uint32_t mId;
-   // Whether the node just passes through its input.  This is a devtools API that
-   // only works for some node types.
-   bool mPassThrough;
--#ifdef DEBUG
--  // In debug builds, check to make sure that the node demise notification has
--  // been properly sent before the node is destroyed.
--  bool mDemiseNotified;
--#endif
- };
- 
- }
- }
- 
- #endif
-diff --git a/dom/media/webaudio/MediaElementAudioSourceNode.cpp b/dom/media/webaudio/MediaElementAudioSourceNode.cpp
---- a/dom/media/webaudio/MediaElementAudioSourceNode.cpp
-+++ b/dom/media/webaudio/MediaElementAudioSourceNode.cpp
-@@ -5,22 +5,36 @@
-  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
- 
- #include "MediaElementAudioSourceNode.h"
- #include "mozilla/dom/MediaElementAudioSourceNodeBinding.h"
- 
- namespace mozilla {
- namespace dom {
- 
--MediaElementAudioSourceNode::MediaElementAudioSourceNode(AudioContext* aContext,
--                                                         DOMMediaStream* aStream)
--  : MediaStreamAudioSourceNode(aContext, aStream)
-+MediaElementAudioSourceNode::MediaElementAudioSourceNode(AudioContext* aContext)
-+  : MediaStreamAudioSourceNode(aContext)
- {
- }
- 
-+/* static */ already_AddRefed<MediaElementAudioSourceNode>
-+MediaElementAudioSourceNode::Create(AudioContext* aContext,
-+                                    DOMMediaStream* aStream, ErrorResult& aRv)
-+{
-+  nsRefPtr<MediaElementAudioSourceNode> node =
-+    new MediaElementAudioSourceNode(aContext);
-+
-+  node->Init(aStream, aRv);
-+  if (aRv.Failed()) {
-+    return nullptr;
-+  }
-+
-+  return node.forget();
-+}
-+
- JSObject*
- MediaElementAudioSourceNode::WrapObject(JSContext* aCx)
- {
-   return MediaElementAudioSourceNodeBinding::Wrap(aCx, this);
- }
- 
- }
- }
-diff --git a/dom/media/webaudio/MediaElementAudioSourceNode.h b/dom/media/webaudio/MediaElementAudioSourceNode.h
---- a/dom/media/webaudio/MediaElementAudioSourceNode.h
-+++ b/dom/media/webaudio/MediaElementAudioSourceNode.h
-@@ -10,28 +10,30 @@
- #include "MediaStreamAudioSourceNode.h"
- 
- namespace mozilla {
- namespace dom {
- 
- class MediaElementAudioSourceNode : public MediaStreamAudioSourceNode
- {
- public:
--  MediaElementAudioSourceNode(AudioContext* aContext,
--                              DOMMediaStream* aStream);
-+  static already_AddRefed<MediaElementAudioSourceNode>
-+  Create(AudioContext* aContext, DOMMediaStream* aStream, ErrorResult& aRv);
- 
-   virtual JSObject* WrapObject(JSContext* aCx) override;
- 
-   virtual const char* NodeType() const override
-   {
-     return "MediaElementAudioSourceNode";
-   }
- 
-   virtual size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const override
-   {
-     return aMallocSizeOf(this) + SizeOfExcludingThis(aMallocSizeOf);
-   }
-+private:
-+  explicit MediaElementAudioSourceNode(AudioContext* aContext);
- };
- 
- }
- }
- 
- #endif
-diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
---- a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
-+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
-@@ -25,26 +25,45 @@ NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_
- NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
- 
- NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(MediaStreamAudioSourceNode)
- NS_INTERFACE_MAP_END_INHERITING(AudioNode)
- 
- NS_IMPL_ADDREF_INHERITED(MediaStreamAudioSourceNode, AudioNode)
- NS_IMPL_RELEASE_INHERITED(MediaStreamAudioSourceNode, AudioNode)
- 
--MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* aContext,
--                                                       DOMMediaStream* aMediaStream)
-+MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* aContext)
-   : AudioNode(aContext,
-               2,
-               ChannelCountMode::Max,
--              ChannelInterpretation::Speakers),
--    mInputStream(aMediaStream)
-+              ChannelInterpretation::Speakers)
- {
-+}
-+
-+/* static */ already_AddRefed<MediaStreamAudioSourceNode>
-+MediaStreamAudioSourceNode::Create(AudioContext* aContext,
-+                                   DOMMediaStream* aStream, ErrorResult& aRv)
-+{
-+  nsRefPtr<MediaStreamAudioSourceNode> node =
-+    new MediaStreamAudioSourceNode(aContext);
-+
-+  node->Init(aStream, aRv);
-+  if (aRv.Failed()) {
-+    return nullptr;
-+  }
-+
-+  return node.forget();
-+}
-+
-+void
-+MediaStreamAudioSourceNode::Init(DOMMediaStream* aMediaStream, ErrorResult& aRv)
-+{
-+  mInputStream = aMediaStream;
-   AudioNodeEngine* engine = new MediaStreamAudioSourceNodeEngine(this);
--  mStream = aContext->Graph()->CreateAudioNodeExternalInputStream(engine);
-+  mStream = Context()->Graph()->CreateAudioNodeExternalInputStream(engine);
-   ProcessedMediaStream* outputStream = static_cast<ProcessedMediaStream*>(mStream.get());
-   mInputPort = outputStream->AllocateInputPort(aMediaStream->GetStream(),
-                                                MediaInputPort::FLAG_BLOCK_INPUT);
-   mInputStream->AddConsumerToKeepAlive(static_cast<nsIDOMEventTarget*>(this));
- 
-   PrincipalChanged(mInputStream); // trigger enabling/disabling of the connector
-   mInputStream->AddPrincipalChangeObserver(this);
- }
-diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.h b/dom/media/webaudio/MediaStreamAudioSourceNode.h
---- a/dom/media/webaudio/MediaStreamAudioSourceNode.h
-+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.h
-@@ -38,17 +38,18 @@ public:
- private:
-   bool mEnabled;
- };
- 
- class MediaStreamAudioSourceNode : public AudioNode,
-                                    public DOMMediaStream::PrincipalChangeObserver
- {
- public:
--  MediaStreamAudioSourceNode(AudioContext* aContext, DOMMediaStream* aMediaStream);
-+  static already_AddRefed<MediaStreamAudioSourceNode>
-+  Create(AudioContext* aContext, DOMMediaStream* aStream, ErrorResult& aRv);
- 
-   NS_DECL_ISUPPORTS_INHERITED
-   NS_DECL_CYCLE_COLLECTION_CLASS_INHERITED(MediaStreamAudioSourceNode, AudioNode)
- 
-   virtual JSObject* WrapObject(JSContext* aCx) override;
- 
-   virtual void DestroyMediaStream() override;
- 
-@@ -60,16 +61,18 @@ public:
-   }
- 
-   virtual size_t SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const override;
-   virtual size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const override;
- 
-   virtual void PrincipalChanged(DOMMediaStream* aMediaStream) override;
- 
- protected:
-+  explicit MediaStreamAudioSourceNode(AudioContext* aContext);
-+  void Init(DOMMediaStream* aMediaStream, ErrorResult& aRv);
-   virtual ~MediaStreamAudioSourceNode();
- 
- private:
-   nsRefPtr<MediaInputPort> mInputPort;
-   nsRefPtr<DOMMediaStream> mInputStream;
- };
- 
- }
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch
deleted file mode 100644
index b212a70d4a..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/6d43ff33bd55
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
-
-# HG changeset patch
-# User Karl Tomlinson <karlt+@karlt.net>
-# Date 1451362442 -46800
-# Node ID 6d43ff33bd552b8f7a34e4105cf5bcc0a8c8ea8c
-# Parent  f746c38d160ea29088c15cacae44f3662befaec5
-bug 1223670 throw not supported when creating a node from a stream with different channel r=baku a=abillings
-
-diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
---- a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
-+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
-@@ -51,21 +51,29 @@ MediaStreamAudioSourceNode::Create(Audio
-   }
- 
-   return node.forget();
- }
- 
- void
- MediaStreamAudioSourceNode::Init(DOMMediaStream* aMediaStream, ErrorResult& aRv)
- {
-+  MOZ_ASSERT(aMediaStream);
-+  MediaStream* inputStream = aMediaStream->GetStream();
-+  MediaStreamGraph* graph = Context()->Graph();
-+  if (NS_WARN_IF(graph != inputStream->Graph())) {
-+    aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
-+    return;
-+  }
-+
-   mInputStream = aMediaStream;
-   AudioNodeEngine* engine = new MediaStreamAudioSourceNodeEngine(this);
--  mStream = Context()->Graph()->CreateAudioNodeExternalInputStream(engine);
-+  mStream = graph->CreateAudioNodeExternalInputStream(engine);
-   ProcessedMediaStream* outputStream = static_cast<ProcessedMediaStream*>(mStream.get());
--  mInputPort = outputStream->AllocateInputPort(aMediaStream->GetStream(),
-+  mInputPort = outputStream->AllocateInputPort(inputStream,
-                                                MediaInputPort::FLAG_BLOCK_INPUT);
-   mInputStream->AddConsumerToKeepAlive(static_cast<nsIDOMEventTarget*>(this));
- 
-   PrincipalChanged(mInputStream); // trigger enabling/disabling of the connector
-   mInputStream->AddPrincipalChangeObserver(this);
- }
- 
- MediaStreamAudioSourceNode::~MediaStreamAudioSourceNode()
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch
deleted file mode 100644
index 3e62c9c5f1..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4f6e81673f69
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
-
-# HG changeset patch
-# User Karl Tomlinson <karlt+@karlt.net>
-# Date 1449145091 -46800
-# Node ID 4f6e81673f6938719c86516606f2fda493e8c23c
-# Parent  6d43ff33bd552b8f7a34e4105cf5bcc0a8c8ea8c
-bug 1223670 make SetMozAudioChannelType() private because the type will not change after construction r=baku a=abillings
-
-diff --git a/dom/media/webaudio/AudioDestinationNode.h b/dom/media/webaudio/AudioDestinationNode.h
---- a/dom/media/webaudio/AudioDestinationNode.h
-+++ b/dom/media/webaudio/AudioDestinationNode.h
-@@ -57,17 +57,16 @@ public:
-   void StartRendering(Promise* aPromise);
- 
-   void OfflineShutdown();
- 
-   // nsIDOMEventListener - by proxy
-   NS_IMETHOD HandleEvent(nsIDOMEvent* aEvent) override;
- 
-   AudioChannel MozAudioChannelType() const;
--  void SetMozAudioChannelType(AudioChannel aValue, ErrorResult& aRv);
- 
-   virtual void NotifyMainThreadStateChanged() override;
-   void FireOfflineCompletionEvent();
- 
-   // An amount that should be added to the MediaStream's current time to
-   // get the AudioContext.currentTime.
-   double ExtraCurrentTime();
- 
-@@ -86,16 +85,17 @@ public:
- 
-   void InputMuted(bool aInputMuted);
-   void ResolvePromise(AudioBuffer* aRenderedBuffer);
- 
- protected:
-   virtual ~AudioDestinationNode();
- 
- private:
-+  void SetMozAudioChannelType(AudioChannel aValue, ErrorResult& aRv);
-   bool CheckAudioChannelPermissions(AudioChannel aValue);
- 
-   void SetCanPlay(bool aCanPlay);
- 
-   void NotifyStableState();
-   void ScheduleStableStateNotification();
- 
-   SelfReference<AudioDestinationNode> mOfflineRenderingRef;
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
deleted file mode 100644
index ec1f479ee4..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/93617c30c0df
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230686
-
-# HG changeset patch
-# User Lee Salzman <lsalzman@mozilla.com>
-# Date 1451932822 18000
-# Node ID 93617c30c0df35f719dead526b78649d564f5ac3
-# Parent  4f6e81673f6938719c86516606f2fda493e8c23c
-Bug 1230686 - use RefPtr<DrawTarget>& instead of DrawTarget* to track changes in SurfaceFromElement a=ritu
-
-diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp
---- a/layout/base/nsLayoutUtils.cpp
-+++ b/layout/base/nsLayoutUtils.cpp
-@@ -6494,17 +6494,17 @@ nsLayoutUtils::IsReallyFixedPos(nsIFrame
-   nsIAtom *parentType = aFrame->GetParent()->GetType();
-   return parentType == nsGkAtoms::viewportFrame ||
-          parentType == nsGkAtoms::pageContentFrame;
- }
- 
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement,
-                                   uint32_t aSurfaceFlags,
--                                  DrawTarget* aTarget)
-+                                  RefPtr<DrawTarget>& aTarget)
- {
-   SurfaceFromElementResult result;
-   nsresult rv;
- 
-   nsCOMPtr<imgIRequest> imgRequest;
-   rv = aElement->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST,
-                             getter_AddRefs(imgRequest));
-   if (NS_FAILED(rv) || !imgRequest)
-@@ -6586,41 +6586,41 @@ nsLayoutUtils::SurfaceFromElement(nsIIma
-   result.mImageRequest = imgRequest.forget();
- 
-   return result;
- }
- 
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(HTMLImageElement *aElement,
-                                   uint32_t aSurfaceFlags,
--                                  DrawTarget* aTarget)
-+                                  RefPtr<DrawTarget>& aTarget)
- {
-   return SurfaceFromElement(static_cast<nsIImageLoadingContent*>(aElement),
-                             aSurfaceFlags, aTarget);
- }
- 
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(HTMLCanvasElement* aElement,
-                                   uint32_t aSurfaceFlags,
--                                  DrawTarget* aTarget)
-+                                  RefPtr<DrawTarget>& aTarget)
- {
-   SurfaceFromElementResult result;
- 
-   bool* isPremultiplied = nullptr;
-   if (aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) {
-     isPremultiplied = &result.mIsPremultiplied;
-   }
- 
-   gfxIntSize size = aElement->GetSize();
- 
-   result.mSourceSurface = aElement->GetSurfaceSnapshot(isPremultiplied);
-   if (!result.mSourceSurface) {
-      // If the element doesn't have a context then we won't get a snapshot. The canvas spec wants us to not error and just
-      // draw nothing, so return an empty surface.
--     DrawTarget *ref = aTarget ? aTarget : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget();
-+     DrawTarget *ref = aTarget ? aTarget.get() : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget();
-      RefPtr<DrawTarget> dt = ref->CreateSimilarDrawTarget(IntSize(size.width, size.height),
-                                                           SurfaceFormat::B8G8R8A8);
-      if (dt) {
-        result.mSourceSurface = dt->Snapshot();
-      }
-   } else if (aTarget) {
-     RefPtr<SourceSurface> opt = aTarget->OptimizeSourceSurface(result.mSourceSurface);
-     if (opt) {
-@@ -6637,17 +6637,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLCa
-   result.mIsWriteOnly = aElement->IsWriteOnly();
- 
-   return result;
- }
- 
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement,
-                                   uint32_t aSurfaceFlags,
--                                  DrawTarget* aTarget)
-+                                  RefPtr<DrawTarget>& aTarget)
- {
-   SurfaceFromElementResult result;
- 
-   NS_WARN_IF_FALSE((aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) == 0, "We can't support non-premultiplied alpha for video!");
- 
- #ifdef MOZ_EME
-   if (aElement->ContainsRestrictedContent()) {
-     return result;
-@@ -6689,17 +6689,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLVi
-   result.mIsWriteOnly = false;
- 
-   return result;
- }
- 
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(dom::Element* aElement,
-                                   uint32_t aSurfaceFlags,
--                                  DrawTarget* aTarget)
-+                                  RefPtr<DrawTarget>& aTarget)
- {
-   // If it's a <canvas>, we may be able to just grab its internal surface
-   if (HTMLCanvasElement* canvas =
-         HTMLCanvasElement::FromContentOrNull(aElement)) {
-     return SurfaceFromElement(canvas, aSurfaceFlags, aTarget);
-   }
- 
-   // Maybe it's <video>?
-diff --git a/layout/base/nsLayoutUtils.h b/layout/base/nsLayoutUtils.h
---- a/layout/base/nsLayoutUtils.h
-+++ b/layout/base/nsLayoutUtils.h
-@@ -2018,33 +2018,39 @@ public:
-     bool mIsStillLoading;
-     /* Whether the element used CORS when loading. */
-     bool mCORSUsed;
-     /* Whether the returned image contains premultiplied pixel data */
-     bool mIsPremultiplied;
-   };
- 
-   static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement,
--                                                     uint32_t aSurfaceFlags = 0,
--                                                     DrawTarget *aTarget = nullptr);
-+                                                     uint32_t aSurfaceFlags,
-+                                                     mozilla::RefPtr<DrawTarget>& aTarget);
-+  static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement,
-+                                                     uint32_t aSurfaceFlags = 0) {
-+    mozilla::RefPtr<DrawTarget> target = nullptr;
-+    return SurfaceFromElement(aElement, aSurfaceFlags, target);
-+  }
-+
-   static SurfaceFromElementResult SurfaceFromElement(nsIImageLoadingContent *aElement,
--                                                     uint32_t aSurfaceFlags = 0,
--                                                     DrawTarget *aTarget = nullptr);
-+                                                     uint32_t aSurfaceFlags,
-+                                                     mozilla::RefPtr<DrawTarget>& aTarget);
-   // Need an HTMLImageElement overload, because otherwise the
-   // nsIImageLoadingContent and mozilla::dom::Element overloads are ambiguous
-   // for HTMLImageElement.
-   static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLImageElement *aElement,
--                                                     uint32_t aSurfaceFlags = 0,
--                                                     DrawTarget *aTarget = nullptr);
-+                                                     uint32_t aSurfaceFlags,
-+                                                     mozilla::RefPtr<DrawTarget>& aTarget);
-   static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLCanvasElement *aElement,
--                                                     uint32_t aSurfaceFlags = 0,
--                                                     DrawTarget *aTarget = nullptr);
-+                                                     uint32_t aSurfaceFlags,
-+                                                     mozilla::RefPtr<DrawTarget>& aTarget);
-   static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLVideoElement *aElement,
--                                                     uint32_t aSurfaceFlags = 0,
--                                                     DrawTarget *aTarget = nullptr);
-+                                                     uint32_t aSurfaceFlags,
-+                                                     mozilla::RefPtr<DrawTarget>& aTarget);
- 
-   /**
-    * When the document is editable by contenteditable attribute of its root
-    * content or body content.
-    *
-    * Be aware, this returns nullptr if it's in designMode.
-    *
-    * For example:
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
deleted file mode 100644
index 4f349747c0..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/750e4cfc90f8
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233152
-
-# HG changeset patch
-# User Jan de Mooij <jdemooij@mozilla.com>
-# Date 1451478493 -3600
-# Node ID 750e4cfc90f80df657e44c9c63b1865023d88682
-# Parent  93617c30c0df35f719dead526b78649d564f5ac3
-Bug 1233152 - Use PersistentRooted for ParseTask script and sourceObject. r=terrence a=abillings
-
-diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp
---- a/js/src/vm/HelperThreads.cpp
-+++ b/js/src/vm/HelperThreads.cpp
-@@ -198,17 +198,17 @@ static const JSClass parseTaskGlobalClas
- 
- ParseTask::ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, JSContext* initCx,
-                      const char16_t* chars, size_t length,
-                      JS::OffThreadCompileCallback callback, void* callbackData)
-   : cx(cx), options(initCx), chars(chars), length(length),
-     alloc(JSRuntime::TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE),
-     exclusiveContextGlobal(initCx, exclusiveContextGlobal),
-     callback(callback), callbackData(callbackData),
--    script(nullptr), errors(cx), overRecursed(false)
-+    script(initCx->runtime(), nullptr), errors(cx), overRecursed(false)
- {
- }
- 
- bool
- ParseTask::init(JSContext* cx, const ReadOnlyCompileOptions& options)
- {
-     if (!this->options.copy(cx, options))
-         return false;
-diff --git a/js/src/vm/HelperThreads.h b/js/src/vm/HelperThreads.h
---- a/js/src/vm/HelperThreads.h
-+++ b/js/src/vm/HelperThreads.h
-@@ -472,17 +472,17 @@ struct ParseTask
- 
-     // Callback invoked off the main thread when the parse finishes.
-     JS::OffThreadCompileCallback callback;
-     void* callbackData;
- 
-     // Holds the final script between the invocation of the callback and the
-     // point where FinishOffThreadScript is called, which will destroy the
-     // ParseTask.
--    JSScript* script;
-+    PersistentRootedScript script;
- 
-     // Any errors or warnings produced during compilation. These are reported
-     // when finishing the script.
-     Vector<frontend::CompileError*> errors;
-     bool overRecursed;
- 
-     ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal,
-               JSContext* initCx, const char16_t* chars, size_t length,
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch
deleted file mode 100644
index 406ce1bf2b..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4444e94a99cb
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1221385
-
-# HG changeset patch
-# User Jan de Mooij <jdemooij@mozilla.com>
-# Date 1451478429 -3600
-# Node ID 4444e94a99cb9b00c0351cc8bf5459739cc036a5
-# Parent  750e4cfc90f80df657e44c9c63b1865023d88682
-Bug 1221385 - Handle OOM during JitRuntime initialization a bit better. r=bhackett a=abillings
-
-diff --git a/js/src/jscompartment.cpp b/js/src/jscompartment.cpp
---- a/js/src/jscompartment.cpp
-+++ b/js/src/jscompartment.cpp
-@@ -138,28 +138,20 @@ JSRuntime::createJitRuntime(JSContext* c
- 
-     // Protect jitRuntime_ from being observed (by InterruptRunningJitCode)
-     // while it is being initialized. Unfortunately, initialization depends on
-     // jitRuntime_ being non-null, so we can't just wait to assign jitRuntime_.
-     JitRuntime::AutoMutateBackedges amb(jrt);
-     jitRuntime_ = jrt;
- 
-     if (!jitRuntime_->initialize(cx)) {
--        js_ReportOutOfMemory(cx);
--
--        js_delete(jitRuntime_);
--        jitRuntime_ = nullptr;
--
--        JSCompartment* comp = cx->runtime()->atomsCompartment();
--        if (comp->jitCompartment_) {
--            js_delete(comp->jitCompartment_);
--            comp->jitCompartment_ = nullptr;
--        }
--
--        return nullptr;
-+        // Handling OOM here is complicated: if we delete jitRuntime_ now, we
-+        // will destroy the ExecutableAllocator, even though there may still be
-+        // JitCode instances holding references to ExecutablePools.
-+        CrashAtUnhandlableOOM("OOM in createJitRuntime");
-     }
- 
-     return jitRuntime_;
- }
- 
- bool
- JSCompartment::ensureJitCompartmentExists(JSContext* cx)
- {
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch
deleted file mode 100644
index e87b95f729..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch
+++ /dev/null
@@ -1,189 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f31d643afd41
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233925
-
-# HG changeset patch
-# User Jan de Mooij <jdemooij@mozilla.com>
-# Date 1452110721 -3600
-# Node ID f31d643afd4159b5422ae5aebcbbea0a088e018e
-# Parent  4444e94a99cb9b00c0351cc8bf5459739cc036a5
-Bug 1233925 - Treat functions with rest more like functions with lazy arguments. r=nbp a=ritu
-
-diff --git a/js/src/jit/BacktrackingAllocator.cpp b/js/src/jit/BacktrackingAllocator.cpp
---- a/js/src/jit/BacktrackingAllocator.cpp
-+++ b/js/src/jit/BacktrackingAllocator.cpp
-@@ -201,20 +201,19 @@ BacktrackingAllocator::tryGroupRegisters
-     // constructor calling convention.
-     if (IsThisSlotDefinition(reg0->def()) || IsThisSlotDefinition(reg1->def())) {
-         if (*reg0->def()->output() != *reg1->def()->output())
-             return true;
-     }
- 
-     // Registers which might spill to the frame's argument slots can only be
-     // grouped with other such registers if the frame might access those
--    // arguments through a lazy arguments object.
-+    // arguments through a lazy arguments object or rest parameter.
-     if (IsArgumentSlotDefinition(reg0->def()) || IsArgumentSlotDefinition(reg1->def())) {
--        JSScript* script = graph.mir().entryBlock()->info().script();
--        if (script && script->argumentsAliasesFormals()) {
-+        if (graph.mir().entryBlock()->info().mayReadFrameArgsDirectly()) {
-             if (*reg0->def()->output() != *reg1->def()->output())
-                 return true;
-         }
-     }
- 
-     VirtualRegisterGroup* group0 = reg0->group(), *group1 = reg1->group();
- 
-     if (!group0 && group1)
-diff --git a/js/src/jit/CompileInfo.h b/js/src/jit/CompileInfo.h
---- a/js/src/jit/CompileInfo.h
-+++ b/js/src/jit/CompileInfo.h
-@@ -194,16 +194,17 @@ enum AnalysisMode {
- class CompileInfo
- {
-   public:
-     CompileInfo(JSScript* script, JSFunction* fun, jsbytecode* osrPc, bool constructing,
-                 AnalysisMode analysisMode, bool scriptNeedsArgsObj,
-                 InlineScriptTree* inlineScriptTree)
-       : script_(script), fun_(fun), osrPc_(osrPc), constructing_(constructing),
-         analysisMode_(analysisMode), scriptNeedsArgsObj_(scriptNeedsArgsObj),
-+        mayReadFrameArgsDirectly_(script->mayReadFrameArgsDirectly()),
-         inlineScriptTree_(inlineScriptTree)
-     {
-         MOZ_ASSERT_IF(osrPc, JSOp(*osrPc) == JSOP_LOOPENTRY);
- 
-         // The function here can flow in from anywhere so look up the canonical
-         // function to ensure that we do not try to embed a nursery pointer in
-         // jit-code. Precisely because it can flow in from anywhere, it's not
-         // guaranteed to be non-lazy. Hence, don't access its script!
-@@ -222,17 +223,17 @@ class CompileInfo
-         fixedLexicalBegin_ = script->fixedLexicalBegin();
-         nstack_ = script->nslots() - script->nfixed();
-         nslots_ = nimplicit_ + nargs_ + nlocals_ + nstack_;
-     }
- 
-     explicit CompileInfo(unsigned nlocals)
-       : script_(nullptr), fun_(nullptr), osrPc_(nullptr), osrStaticScope_(nullptr),
-         constructing_(false), analysisMode_(Analysis_None), scriptNeedsArgsObj_(false),
--        inlineScriptTree_(nullptr)
-+        mayReadFrameArgsDirectly_(false), inlineScriptTree_(nullptr)
-     {
-         nimplicit_ = 0;
-         nargs_ = 0;
-         nbodyfixed_ = 0;
-         nlocals_ = nlocals;
-         nstack_ = 1;  /* For FunctionCompiler::pushPhiInput/popPhiOutput */
-         nslots_ = nlocals_ + nstack_;
-         fixedLexicalBegin_ = nlocals;
-@@ -539,16 +540,20 @@ class CompileInfo
-             return false;
- 
-         if (needsArgsObj() && isObservableArgumentSlot(slot))
-             return false;
- 
-         return true;
-     }
- 
-+    bool mayReadFrameArgsDirectly() const {
-+        return mayReadFrameArgsDirectly_;
-+    }
-+
-   private:
-     unsigned nimplicit_;
-     unsigned nargs_;
-     unsigned nbodyfixed_;
-     unsigned nlocals_;
-     unsigned nstack_;
-     unsigned nslots_;
-     unsigned fixedLexicalBegin_;
-@@ -559,15 +564,17 @@ class CompileInfo
-     bool constructing_;
-     AnalysisMode analysisMode_;
- 
-     // Whether a script needs an arguments object is unstable over compilation
-     // since the arguments optimization could be marked as failed on the main
-     // thread, so cache a value here and use it throughout for consistency.
-     bool scriptNeedsArgsObj_;
- 
-+    bool mayReadFrameArgsDirectly_;
-+
-     InlineScriptTree* inlineScriptTree_;
- };
- 
- } // namespace jit
- } // namespace js
- 
- #endif /* jit_CompileInfo_h */
-diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp
---- a/js/src/jit/JitFrames.cpp
-+++ b/js/src/jit/JitFrames.cpp
-@@ -1002,17 +1002,17 @@ MarkThisAndArguments(JSTracer* trc, JitF
-     // formal arguments is taken care of by the frame's safepoint/snapshot,
-     // except when the script's lazy arguments object aliases those formals,
-     // in which case we mark them as well.
- 
-     size_t nargs = layout->numActualArgs();
-     size_t nformals = 0;
-     if (CalleeTokenIsFunction(layout->calleeToken())) {
-         JSFunction* fun = CalleeTokenToFunction(layout->calleeToken());
--        nformals = fun->nonLazyScript()->argumentsAliasesFormals() ? 0 : fun->nargs();
-+        nformals = fun->nonLazyScript()->mayReadFrameArgsDirectly() ? 0 : fun->nargs();
-     }
- 
-     Value* argv = layout->argv();
- 
-     // Trace |this|.
-     gc::MarkValueRoot(trc, argv, "ion-thisv");
- 
-     // Trace actual arguments beyond the formals. Note + 1 for thisv.
-diff --git a/js/src/jsscript.cpp b/js/src/jsscript.cpp
---- a/js/src/jsscript.cpp
-+++ b/js/src/jsscript.cpp
-@@ -3894,16 +3894,22 @@ JSScript::hasLoops()
-     JSTryNote* tnlimit = tn + trynotes()->length;
-     for (; tn < tnlimit; tn++) {
-         if (tn->kind == JSTRY_FOR_IN || tn->kind == JSTRY_LOOP)
-             return true;
-     }
-     return false;
- }
- 
-+bool
-+JSScript::mayReadFrameArgsDirectly()
-+{
-+    return argumentsHasVarBinding() || (function_ && function_->hasRest());
-+}
-+
- static inline void
- LazyScriptHash(uint32_t lineno, uint32_t column, uint32_t begin, uint32_t end,
-                HashNumber hashes[3])
- {
-     HashNumber hash = lineno;
-     hash = RotateLeft(hash, 4) ^ column;
-     hash = RotateLeft(hash, 4) ^ begin;
-     hash = RotateLeft(hash, 4) ^ end;
-diff --git a/js/src/jsscript.h b/js/src/jsscript.h
---- a/js/src/jsscript.h
-+++ b/js/src/jsscript.h
-@@ -1397,16 +1397,20 @@ class JSScript : public js::gc::TenuredC
-     }
-     inline void setFunction(JSFunction* fun);
-     /*
-      * De-lazifies the canonical function. Must be called before entering code
-      * that expects the function to be non-lazy.
-      */
-     inline void ensureNonLazyCanonicalFunction(JSContext* cx);
- 
-+    // Returns true if the script may read formal arguments on the stack
-+    // directly, via lazy arguments or a rest parameter.
-+    bool mayReadFrameArgsDirectly();
-+
-     JSFlatString* sourceData(JSContext* cx);
- 
-     static bool loadSource(JSContext* cx, js::ScriptSource* ss, bool* worked);
- 
-     void setSourceObject(JSObject* object);
-     JSObject* sourceObject() const {
-         return sourceObject_;
-     }
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch
deleted file mode 100644
index b92bfa4f4e..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/debff255c08e
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1234571
-
-# HG changeset patch
-# User Randell Jesup <rjesup@jesup.org>
-# Date 1451928471 18000
-# Node ID debff255c08e898be370e307e1e014f5601c20c6
-# Parent  f31d643afd4159b5422ae5aebcbbea0a088e018e
-Bug 1234571 - unregister encoded-frame callback when releasing codec databases. r=pkerr, a=al
-
-diff --git a/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc b/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc
---- a/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc
-+++ b/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc
-@@ -71,16 +71,17 @@ VCMGenericEncoder::VCMGenericEncoder(Vid
- VCMGenericEncoder::~VCMGenericEncoder()
- {
- }
- 
- int32_t VCMGenericEncoder::Release()
- {
-     _bitRate = 0;
-     _frameRate = 0;
-+    _encoder.RegisterEncodeCompleteCallback(NULL);
-     _VCMencodedFrameCallback = NULL;
-     return _encoder.Release();
- }
- 
- int32_t
- VCMGenericEncoder::InitEncode(const VideoCodec* settings,
-                               int32_t numberOfCores,
-                               uint32_t maxPayloadSize)
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch
deleted file mode 100644
index 2e409d961c..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/0f7224441f20
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1234280
-
-# HG changeset patch
-# User Benjamin Bouvier <benj@benj.me>
-# Date 1450947090 -3600
-# Node ID 0f7224441f2089001f7934b46ac10cb72d267606
-# Parent  debff255c08e898be370e307e1e014f5601c20c6
-Bug 1234280: Handle oom in CodeGeneratorShared::allocateData; r=jandem, a=sledru
-
-diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
---- a/js/src/jit/CodeGenerator.cpp
-+++ b/js/src/jit/CodeGenerator.cpp
-@@ -7902,17 +7902,19 @@ const VMFunction GetPropertyIC::UpdateIn
- void
- CodeGenerator::visitGetPropertyIC(OutOfLineUpdateCache* ool, DataPtr<GetPropertyIC>& ic)
- {
-     LInstruction* lir = ool->lir();
- 
-     if (ic->idempotent()) {
-         size_t numLocs;
-         CacheLocationList& cacheLocs = lir->mirRaw()->toGetPropertyCache()->location();
--        size_t locationBase = addCacheLocations(cacheLocs, &numLocs);
-+        size_t locationBase;
-+        if (!addCacheLocations(cacheLocs, &numLocs, &locationBase))
-+            return;
-         ic->setLocationInfo(locationBase, numLocs);
-     }
- 
-     saveLive(lir);
- 
-     pushArg(ic->object());
-     pushArg(Imm32(ool->getCacheIndex()));
-     pushArg(ImmGCPtr(gen->info().script()));
-diff --git a/js/src/jit/shared/CodeGenerator-shared.cpp b/js/src/jit/shared/CodeGenerator-shared.cpp
---- a/js/src/jit/shared/CodeGenerator-shared.cpp
-+++ b/js/src/jit/shared/CodeGenerator-shared.cpp
-@@ -1527,31 +1527,34 @@ CodeGeneratorShared::jumpToBlock(MBasicB
- 
-         masm.propagateOOM(patchableBackedges_.append(PatchableBackedgeInfo(backedge, mir->lir()->label(), oolEntry)));
-     } else {
-         masm.j(cond, mir->lir()->label());
-     }
- }
- #endif
- 
--size_t
--CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs)
-+MOZ_WARN_UNUSED_RESULT bool
-+CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs,
-+                                       size_t* curIndex)
- {
-     size_t firstIndex = runtimeData_.length();
-     size_t numLocations = 0;
-     for (CacheLocationList::iterator iter = locs.begin(); iter != locs.end(); iter++) {
-         // allocateData() ensures that sizeof(CacheLocation) is word-aligned.
-         // If this changes, we will need to pad to ensure alignment.
--        size_t curIndex = allocateData(sizeof(CacheLocation));
--        new (&runtimeData_[curIndex]) CacheLocation(iter->pc, iter->script);
-+        if (!allocateData(sizeof(CacheLocation), curIndex))
-+            return false;
-+        new (&runtimeData_[*curIndex]) CacheLocation(iter->pc, iter->script);
-         numLocations++;
-     }
-     MOZ_ASSERT(numLocations != 0);
-     *numLocs = numLocations;
--    return firstIndex;
-+    *curIndex = firstIndex;
-+    return true;
- }
- 
- ReciprocalMulConstants
- CodeGeneratorShared::computeDivisionConstants(int d) {
-     // In what follows, d is positive and is not a power of 2.
-     MOZ_ASSERT(d > 0 && (d & (d - 1)) != 0);
- 
-     // Speeding up division by non power-of-2 constants is possible by
-diff --git a/js/src/jit/shared/CodeGenerator-shared.h b/js/src/jit/shared/CodeGenerator-shared.h
---- a/js/src/jit/shared/CodeGenerator-shared.h
-+++ b/js/src/jit/shared/CodeGenerator-shared.h
-@@ -3,16 +3,17 @@
-  * This Source Code Form is subject to the terms of the Mozilla Public
-  * License, v. 2.0. If a copy of the MPL was not distributed with this
-  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
- 
- #ifndef jit_shared_CodeGenerator_shared_h
- #define jit_shared_CodeGenerator_shared_h
- 
- #include "mozilla/Alignment.h"
-+#include "mozilla/TypeTraits.h"
- 
- #include "jit/JitFrames.h"
- #include "jit/LIR.h"
- #include "jit/MacroAssembler.h"
- #include "jit/MIRGenerator.h"
- #include "jit/MIRGraph.h"
- #include "jit/OptimizationTracking.h"
- #include "jit/Safepoints.h"
-@@ -242,24 +243,16 @@ class CodeGeneratorShared : public LElem
-         return SlotToStackOffset(a->toStackSlot()->slot());
-     }
- 
-     uint32_t frameSize() const {
-         return frameClass_ == FrameSizeClass::None() ? frameDepth_ : frameClass_.frameSize();
-     }
- 
-   protected:
--    // Ensure the cache is an IonCache while expecting the size of the derived
--    // class. We only need the cache list at GC time. Everyone else can just take
--    // runtimeData offsets.
--    size_t allocateCache(const IonCache&, size_t size) {
--        size_t dataOffset = allocateData(size);
--        masm.propagateOOM(cacheList_.append(dataOffset));
--        return dataOffset;
--    }
- 
- #ifdef CHECK_OSIPOINT_REGISTERS
-     void resetOsiPointRegs(LSafepoint* safepoint);
-     bool shouldVerifyOsiPointRegs(LSafepoint* safepoint);
-     void verifyOsiPointRegs(LSafepoint* safepoint);
- #endif
- 
-     bool addNativeToBytecodeEntry(const BytecodeSite* site);
-@@ -295,27 +288,33 @@ class CodeGeneratorShared : public LElem
-             return lookup();
-         }
-         T * operator*() {
-             return lookup();
-         }
-     };
- 
-   protected:
--
--    size_t allocateData(size_t size) {
-+    MOZ_WARN_UNUSED_RESULT
-+    bool allocateData(size_t size, size_t* offset) {
-         MOZ_ASSERT(size % sizeof(void*) == 0);
--        size_t dataOffset = runtimeData_.length();
-+        *offset = runtimeData_.length();
-         masm.propagateOOM(runtimeData_.appendN(0, size));
--        return dataOffset;
-+        return !masm.oom();
-     }
- 
-+    // Ensure the cache is an IonCache while expecting the size of the derived
-+    // class. We only need the cache list at GC time. Everyone else can just take
-+    // runtimeData offsets.
-     template <typename T>
-     inline size_t allocateCache(const T& cache) {
--        size_t index = allocateCache(cache, sizeof(mozilla::AlignedStorage2<T>));
-+        static_assert(mozilla::IsBaseOf<IonCache, T>::value, "T must inherit from IonCache");
-+        size_t index;
-+        masm.propagateOOM(allocateData(sizeof(mozilla::AlignedStorage2<T>), &index));
-+        masm.propagateOOM(cacheList_.append(index));
-         if (masm.oom())
-             return SIZE_MAX;
-         // Use the copy constructor on the allocated space.
-         MOZ_ASSERT(index == cacheList_.back());
-         new (&runtimeData_[index]) T(cache);
-         return index;
-     }
- 
-@@ -475,17 +474,17 @@ class CodeGeneratorShared : public LElem
- 
-     void callVM(const VMFunction& f, LInstruction* ins, const Register* dynStack = nullptr);
- 
-     template <class ArgSeq, class StoreOutputTo>
-     inline OutOfLineCode* oolCallVM(const VMFunction& fun, LInstruction* ins, const ArgSeq& args,
-                                     const StoreOutputTo& out);
- 
-     void addCache(LInstruction* lir, size_t cacheIndex);
--    size_t addCacheLocations(const CacheLocationList& locs, size_t* numLocs);
-+    bool addCacheLocations(const CacheLocationList& locs, size_t* numLocs, size_t* offset);
-     ReciprocalMulConstants computeDivisionConstants(int d);
- 
-   protected:
-     void addOutOfLineCode(OutOfLineCode* code, const MInstruction* mir);
-     void addOutOfLineCode(OutOfLineCode* code, const BytecodeSite* site);
-     bool hasOutOfLineCode() { return !outOfLineCode_.empty(); }
-     bool generateOutOfLineCode();
- 
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch
deleted file mode 100644
index 7861e24c89..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8c184c30caa6
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668
-
-# HG changeset patch
-# User L. David Baron <dbaron@dbaron.org>
-# Date 1452248144 -39600
-# Node ID 8c184c30caa6d16f5ec63cce9a77d16f25d2e57e
-# Parent  0f7224441f2089001f7934b46ac10cb72d267606
-Bug 1230668 - Don't use frame when not in composed document.  r=heycam a=sylvestre
-
-diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp
---- a/layout/style/nsComputedDOMStyle.cpp
-+++ b/layout/style/nsComputedDOMStyle.cpp
-@@ -421,26 +421,31 @@ nsComputedDOMStyle::GetStyleContextForEl
- {
-   MOZ_ASSERT(aElement, "NULL element");
-   // If the content has a pres shell, we must use it.  Otherwise we'd
-   // potentially mix rule trees by using the wrong pres shell's style
-   // set.  Using the pres shell from the content also means that any
-   // content that's actually *in* a document will get the style from the
-   // correct document.
-   nsIPresShell *presShell = GetPresShellForContent(aElement);
-+  bool inDocWithShell = true;
-   if (!presShell) {
-+    inDocWithShell = false;
-     presShell = aPresShell;
-     if (!presShell)
-       return nullptr;
-   }
- 
--  // XXX the !aElement->IsHTML(nsGkAtoms::area)

--  // check is needed due to bug 135040 (to avoid using 

-+  // XXX the !aElement->IsHTML(nsGkAtoms::area)
-+  // check is needed due to bug 135040 (to avoid using 
-   // mPrimaryFrame). Remove it once that's fixed.
--  if (!aPseudo && aStyleType == eAll && !aElement->IsHTML(nsGkAtoms::area)) {
-+  if (!aPseudo && aStyleType == eAll && inDocWithShell &&
-+      !aElement->IsHTML(nsGkAtoms::area)) {
-+  if (!aPseudo && aStyleType == eAll && inDocWithShell &&
-+      !aElement->IsHTMLElement(nsGkAtoms::area)) {
-     nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
-     if (frame) {
-       nsStyleContext* result = frame->StyleContext();
-       // Don't use the style context if it was influenced by
-       // pseudo-elements, since then it's not the primary style
-       // for this element.
-       if (!result->HasPseudoElementData()) {
-         // this function returns an addrefed style context
-@@ -468,17 +473,18 @@ nsComputedDOMStyle::GetStyleContextForEl
- 
-   nsRefPtr<nsStyleContext> sc;
-   if (aPseudo) {
-     nsCSSPseudoElements::Type type = nsCSSPseudoElements::GetPseudoType(aPseudo);
-     if (type >= nsCSSPseudoElements::ePseudo_PseudoElementCount) {
-       return nullptr;
-     }
-     nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
--    Element* pseudoElement = frame ? frame->GetPseudoElement(type) : nullptr;
-+    Element* pseudoElement =
-+      frame && inDocWithShell ? frame->GetPseudoElement(type) : nullptr;
-     sc = styleSet->ResolvePseudoElementStyle(aElement, type, parentContext,
-                                              pseudoElement);
-   } else {
-     sc = styleSet->ResolveStyleFor(aElement, parentContext);
-   }
- 
-   if (aStyleType == eDefaultOnly) {
-     // We really only want the user and UA rules.  Filter out the other ones.
-@@ -592,18 +598,18 @@ nsComputedDOMStyle::UpdateCurrentStyleSo
-   mFlushedPendingReflows = aNeedsLayoutFlush;
- #endif
- 
-   mPresShell = document->GetShell();
-   if (!mPresShell || !mPresShell->GetPresContext()) {
-     return;
-   }
- 
--  // XXX the !mContent->IsHTML(nsGkAtoms::area)

--  // check is needed due to bug 135040 (to avoid using 

-+  // XXX the !mContent->IsHTML(nsGkAtoms::area)
-+  // check is needed due to bug 135040 (to avoid using 
-   // mPrimaryFrame). Remove it once that's fixed.
-   if (!mPseudo && mStyleType == eAll && !mContent->IsHTML(nsGkAtoms::area)) {
-     mOuterFrame = mContent->GetPrimaryFrame();
-     mInnerFrame = mOuterFrame;
-     if (mOuterFrame) {
-       nsIAtom* type = mOuterFrame->GetType();
-       if (type == nsGkAtoms::tableOuterFrame) {
-         // If the frame is an outer table frame then we should get the style
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch
deleted file mode 100644
index 0e5825becf..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/fceff80a84a3
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668
-
-# HG changeset patch
-# User Wes Kocher <wkocher@mozilla.com>
-# Date 1452542163 28800
-# Node ID fceff80a84a32b68d02abc00486fe6c7b86d545b
-# Parent  8c184c30caa6d16f5ec63cce9a77d16f25d2e57e
-Fix up some rebase errors in bug 1230668 r=me a=bustage
-
-diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp
---- a/layout/style/nsComputedDOMStyle.cpp
-+++ b/layout/style/nsComputedDOMStyle.cpp
-@@ -434,18 +434,16 @@ nsComputedDOMStyle::GetStyleContextForEl
-       return nullptr;
-   }
- 
-   // XXX the !aElement->IsHTML(nsGkAtoms::area)
-   // check is needed due to bug 135040 (to avoid using 
-   // mPrimaryFrame). Remove it once that's fixed.
-   if (!aPseudo && aStyleType == eAll && inDocWithShell &&
-       !aElement->IsHTML(nsGkAtoms::area)) {
--  if (!aPseudo && aStyleType == eAll && inDocWithShell &&
--      !aElement->IsHTMLElement(nsGkAtoms::area)) {
-     nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
-     if (frame) {
-       nsStyleContext* result = frame->StyleContext();
-       // Don't use the style context if it was influenced by
-       // pseudo-elements, since then it's not the primary style
-       // for this element.
-       if (!result->HasPseudoElementData()) {
-         // this function returns an addrefed style context
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch
deleted file mode 100644
index 02c1af1775..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/94a95291d095
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1224200
-
-# HG changeset patch
-# User Timothy Nikkel <tnikkel@gmail.com>
-# Date 1453303652 -3600
-# Node ID 94a95291d0958439dbed5b7dc99fae59e1318592
-# Parent  999c13acb40e1113306c65925a7d96688339d945
-Bug 1224200 - Allow downscaler to get (and ignore) new input lines after it has finished producing all output lines. r=seth, a=lizzard
-
-diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
---- a/image/src/Downscaler.cpp
-+++ b/image/src/Downscaler.cpp
-@@ -145,43 +145,44 @@ GetFilterOffsetAndLength(UniquePtr<skia:
-                           aFilterLengthOut);
- }
- 
- void
- Downscaler::CommitRow()
- {
-   MOZ_ASSERT(mOutputBuffer, "Should have a current frame");
-   MOZ_ASSERT(mCurrentInLine < mOriginalSize.height, "Past end of input");
--  MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Past end of output");
- 
--  int32_t filterOffset = 0;
--  int32_t filterLength = 0;
--  GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
--                           &filterOffset, &filterLength);
-+  if (mCurrentOutLine < mTargetSize.height) {
-+    int32_t filterOffset = 0;
-+    int32_t filterLength = 0;
-+    GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+                             &filterOffset, &filterLength);
- 
--  int32_t inLineToRead = filterOffset + mLinesInBuffer;
--  MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
--  if (mCurrentInLine == inLineToRead) {
--    skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
--                               mWindow[mLinesInBuffer++], mHasAlpha,
--                               /* use_sse2 = */ true);
--  }
--
--  MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
--             "Writing past end of output");
--
--  while (mLinesInBuffer == filterLength) {
--    DownscaleInputLine();
--
--    if (mCurrentOutLine == mTargetSize.height) {
--      break;  // We're done.
-+    int32_t inLineToRead = filterOffset + mLinesInBuffer;
-+    MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
-+    if (mCurrentInLine == inLineToRead) {
-+      skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
-+                                 mWindow[mLinesInBuffer++], mHasAlpha,
-+                                 /* use_sse2 = */ true);
-     }
- 
--    GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
--                             &filterOffset, &filterLength);
-+    MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
-+               "Writing past end of output");
-+
-+    while (mLinesInBuffer == filterLength) {
-+      DownscaleInputLine();
-+
-+      if (mCurrentOutLine == mTargetSize.height) {
-+        break;  // We're done.
-+      }
-+
-+      GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+                               &filterOffset, &filterLength);
-+    }
-   }
- 
-   mCurrentInLine += 1;
- }
- 
- bool
- Downscaler::HasInvalidation() const
- {
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch
deleted file mode 100644
index 9ebf18a5d3..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/ee68c3dae5f6
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230483
-
-# HG changeset patch
-# User JW Wang <jwwang@mozilla.com>
-# Date 1450698943 -28800
-# Node ID ee68c3dae5f639fdd439f69ef2f724067fce0ea6
-# Parent  762d015e1854c28c213293ac1e9b2ab51cf201f9
-Bug 1230483 - Part 2 - LoadFromSourceChildren() should be queued at most once in an event cycle. r=roc, a=lizzard
-
-diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp
---- a/dom/html/HTMLMediaElement.cpp
-+++ b/dom/html/HTMLMediaElement.cpp
-@@ -4033,16 +4033,19 @@ void HTMLMediaElement::NotifyAddedSource
-       mNetworkState == nsIDOMHTMLMediaElement::NETWORK_EMPTY)
-   {
-     QueueSelectResourceTask();
-   }
- 
-   // A load was paused in the resource selection algorithm, waiting for
-   // a new source child to be added, resume the resource selection algorithm.
-   if (mLoadWaitStatus == WAITING_FOR_SOURCE) {
-+    // Rest the flag so we don't queue multiple LoadFromSourceTask() when
-+    // multiple <source> are attached in an event loop.
-+    mLoadWaitStatus = NOT_WAITING;
-     QueueLoadFromSourceTask();
-   }
- }
- 
- nsIContent* HTMLMediaElement::GetNextSource()
- {
-   nsCOMPtr<nsIDOMNode> thisDomNode = do_QueryObject(this);
- 
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1935.patch b/gnu/packages/patches/icecat-CVE-2016-1935.patch
deleted file mode 100644
index a6db4b9b6a..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1935.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f9aad6c0253a
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1220450
-
-# HG changeset patch
-# User Jeff Gilbert <jgilbert@mozilla.com>
-# Date 1452570660 28800
-# Node ID f9aad6c0253a3b81699a3d7a05e78615dd814ea3
-# Parent  c47640f24251b48c0bba9d2f0f6ee059eca58362
-Bug 1220450 - Clear length on cache OOM. r=kamidphish, a=ritu
-
-diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp
---- a/dom/canvas/WebGLContextBuffers.cpp
-+++ b/dom/canvas/WebGLContextBuffers.cpp
-@@ -185,16 +185,17 @@ WebGLContext::BufferData(GLenum target, 
- 
-     if (error) {
-         GenerateWarning("bufferData generated error %s", ErrorName(error));
-         return;
-     }
- 
-     boundBuffer->SetByteLength(size);
-     if (!boundBuffer->ElementArrayCacheBufferData(nullptr, size)) {
-+        boundBuffer->SetByteLength(0);
-         return ErrorOutOfMemory("bufferData: out of memory");
-     }
- }
- 
- void
- WebGLContext::BufferData(GLenum target,
-                          const dom::Nullable<dom::ArrayBuffer>& maybeData,
-                          GLenum usage)
-@@ -234,18 +235,20 @@ WebGLContext::BufferData(GLenum target,
-     GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
- 
-     if (error) {
-         GenerateWarning("bufferData generated error %s", ErrorName(error));
-         return;
-     }
- 
-     boundBuffer->SetByteLength(data.Length());
--    if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length()))
-+    if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) {
-+        boundBuffer->SetByteLength(0);
-         return ErrorOutOfMemory("bufferData: out of memory");
-+    }
- }
- 
- void
- WebGLContext::BufferData(GLenum target, const dom::ArrayBufferView& data,
-                          GLenum usage)
- {
-     if (IsContextLost())
-         return;
-@@ -274,18 +277,20 @@ WebGLContext::BufferData(GLenum target, 
- 
-     GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
-     if (error) {
-         GenerateWarning("bufferData generated error %s", ErrorName(error));
-         return;
-     }
- 
-     boundBuffer->SetByteLength(data.Length());
--    if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length()))
-+    if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) {
-+        boundBuffer->SetByteLength(0);
-         return ErrorOutOfMemory("bufferData: out of memory");
-+    }
- }
- 
- void
- WebGLContext::BufferSubData(GLenum target, WebGLsizeiptr byteOffset,
-                             const dom::Nullable<dom::ArrayBuffer>& maybeData)
- {
-     if (IsContextLost())
-         return;
-
diff --git a/gnu/packages/patches/icecat-bug-1146335-pt1.patch b/gnu/packages/patches/icecat-bug-1146335-pt1.patch
deleted file mode 100644
index a41e638b2f..0000000000
--- a/gnu/packages/patches/icecat-bug-1146335-pt1.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9d14787bd10e
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1146335
-
-# HG changeset patch
-# User Seth Fowler <mark.seth.fowler@gmail.com>
-# Date 1428627143 25200
-# Node ID 9d14787bd10e6f3013263a2cae0bcc78bebde1db
-# Parent  aaf922ae679685acb5d2b8ffa5f0bf22f1e6987a
-Bug 1146335 (Part 1) - Add assertions and fix style issues in image::Downscaler. r=tn a=lizzard
-
-diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
---- a/image/src/Downscaler.cpp
-+++ b/image/src/Downscaler.cpp
-@@ -72,23 +72,25 @@ Downscaler::BeginFrame(const nsIntSize& 
-   mOutputBuffer = aOutputBuffer;
-   mHasAlpha = aHasAlpha;
- 
-   ResetForNextProgressivePass();
-   ReleaseWindow();
- 
-   auto resizeMethod = skia::ImageOperations::RESIZE_LANCZOS3;
- 
--  skia::resize::ComputeFilters(resizeMethod, mOriginalSize.width,
--                               mTargetSize.width, 0,
--                               mTargetSize.width, mXFilter.get());
-+  skia::resize::ComputeFilters(resizeMethod,
-+                               mOriginalSize.width, mTargetSize.width,
-+                               0, mTargetSize.width,
-+                               mXFilter.get());
- 
--  skia::resize::ComputeFilters(resizeMethod, mOriginalSize.height,
--                               mTargetSize.height, 0,
--                               mTargetSize.height, mYFilter.get());
-+  skia::resize::ComputeFilters(resizeMethod,
-+                               mOriginalSize.height, mTargetSize.height,
-+                               0, mTargetSize.height,
-+                               mYFilter.get());
- 
-   // Allocate the buffer, which contains scanlines of the original image.
-   size_t bufferLen = mOriginalSize.width * sizeof(uint32_t);
-   mRowBuffer = MakeUnique<uint8_t[]>(bufferLen);
-   if (MOZ_UNLIKELY(!mRowBuffer)) {
-     return NS_ERROR_OUT_OF_MEMORY;
-   }
- 
-@@ -126,39 +128,54 @@ void
- Downscaler::ResetForNextProgressivePass()
- {
-   mPrevInvalidatedLine = 0;
-   mCurrentOutLine = 0;
-   mCurrentInLine = 0;
-   mLinesInBuffer = 0;
- }
- 
-+static void
-+GetFilterOffsetAndLength(UniquePtr<skia::ConvolutionFilter1D>& aFilter,
-+                         int32_t aOutputImagePosition,
-+                         int32_t* aFilterOffsetOut,
-+                         int32_t* aFilterLengthOut)
-+{
-+  MOZ_ASSERT(aOutputImagePosition < aFilter->num_values());
-+  aFilter->FilterForValue(aOutputImagePosition,
-+                          aFilterOffsetOut,
-+                          aFilterLengthOut);
-+}
-+
- void
- Downscaler::CommitRow()
- {
-   MOZ_ASSERT(mOutputBuffer, "Should have a current frame");
-   MOZ_ASSERT(mCurrentInLine < mOriginalSize.height, "Past end of input");
-   MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Past end of output");
- 
-   int32_t filterOffset = 0;
-   int32_t filterLength = 0;
--  mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
-+  GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+                           &filterOffset, &filterLength);
- 
-   int32_t inLineToRead = filterOffset + mLinesInBuffer;
-   MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
-   if (mCurrentInLine == inLineToRead) {
-     skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
-                                mWindow[mLinesInBuffer++], mHasAlpha,
-                                /* use_sse2 = */ true);
-   }
- 
-   while (mLinesInBuffer == filterLength &&
-          mCurrentOutLine < mTargetSize.height) {
-     DownscaleInputLine();
--    mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
-+
-+    GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+                             &filterOffset, &filterLength);
-   }
- 
-   mCurrentInLine += 1;
- }
- 
- bool
- Downscaler::HasInvalidation() const
- {
-@@ -184,16 +201,17 @@ Downscaler::DownscaleInputLine()
- {
-   typedef skia::ConvolutionFilter1D::Fixed FilterValue;
- 
-   MOZ_ASSERT(mOutputBuffer);
-   MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Writing past end of output");
- 
-   int32_t filterOffset = 0;
-   int32_t filterLength = 0;
-+  MOZ_ASSERT(mCurrentOutLine < mYFilter->num_values());
-   auto filterValues =
-     mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
- 
-   uint8_t* outputLine =
-     &mOutputBuffer[mCurrentOutLine * mTargetSize.width * sizeof(uint32_t)];
-   skia::ConvolveVertically(static_cast<const FilterValue*>(filterValues),
-                            filterLength, mWindow.get(), mXFilter->num_values(),
-                            outputLine, mHasAlpha, /* use_sse2 = */ true);
-@@ -202,17 +220,18 @@ Downscaler::DownscaleInputLine()
- 
-   if (mCurrentOutLine == mTargetSize.height) {
-     // We're done.
-     return;
-   }
- 
-   int32_t newFilterOffset = 0;
-   int32_t newFilterLength = 0;
--  mYFilter->FilterForValue(mCurrentOutLine, &newFilterOffset, &newFilterLength);
-+  GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+                           &newFilterOffset, &newFilterLength);
- 
-   int diff = newFilterOffset - filterOffset;
-   MOZ_ASSERT(diff >= 0, "Moving backwards in the filter?");
- 
-   // Shift the buffer. We're just moving pointers here, so this is cheap.
-   mLinesInBuffer -= diff;
-   mLinesInBuffer = max(mLinesInBuffer, 0);
-   for (int32_t i = 0; i < mLinesInBuffer; ++i) {
-
diff --git a/gnu/packages/patches/icecat-bug-1146335-pt2.patch b/gnu/packages/patches/icecat-bug-1146335-pt2.patch
deleted file mode 100644
index 240e0cfc66..0000000000
--- a/gnu/packages/patches/icecat-bug-1146335-pt2.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8bfaa27698ca
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1146335
-
-# HG changeset patch
-# User Seth Fowler <mark.seth.fowler@gmail.com>
-# Date 1428627143 25200
-# Node ID 8bfaa27698ca0720d5c9f3910ab7148b38db0625
-# Parent  9d14787bd10e6f3013263a2cae0bcc78bebde1db
-Bug 1146335 (Part 2) - Fix an off-by-one error in image::Downscaler. r=tn a=lizzard
-
-diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
---- a/image/src/Downscaler.cpp
-+++ b/image/src/Downscaler.cpp
-@@ -160,20 +160,26 @@ Downscaler::CommitRow()
-   int32_t inLineToRead = filterOffset + mLinesInBuffer;
-   MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
-   if (mCurrentInLine == inLineToRead) {
-     skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
-                                mWindow[mLinesInBuffer++], mHasAlpha,
-                                /* use_sse2 = */ true);
-   }
- 
--  while (mLinesInBuffer == filterLength &&
--         mCurrentOutLine < mTargetSize.height) {
-+  MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
-+             "Writing past end of output");
-+
-+  while (mLinesInBuffer == filterLength) {
-     DownscaleInputLine();
- 
-+    if (mCurrentOutLine == mTargetSize.height) {
-+      break;  // We're done.
-+    }
-+
-     GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-                              &filterOffset, &filterLength);
-   }
- 
-   mCurrentInLine += 1;
- }
- 
- bool
-
diff --git a/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch b/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch
deleted file mode 100644
index 5a3a934dba..0000000000
--- a/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9632375c6aac
-
-# HG changeset patch
-# User Jeff Gilbert <jdashg@gmail.com>
-# Date 1453320785 28800
-# Node ID 9632375c6aacbf673b996b53231d70b91e480fb5
-# Parent  ee68c3dae5f639fdd439f69ef2f724067fce0ea6
-Limit max buffers size for ANGLE. r=jrmuizel a=lizzard
-
-diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp
---- a/dom/canvas/WebGLContextBuffers.cpp
-+++ b/dom/canvas/WebGLContextBuffers.cpp
-@@ -164,16 +164,19 @@ WebGLContext::BufferData(GLenum target, 
- 
-     if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
-         return;
- 
-     // careful: WebGLsizeiptr is always 64-bit, but GLsizeiptr is like intptr_t.
-     if (!CheckedInt<GLsizeiptr>(size).isValid())
-         return ErrorOutOfMemory("bufferData: bad size");
- 
-+    if (gl->IsANGLE() && size > UINT32_MAX)
-+        return ErrorOutOfMemory("bufferData: size too large");
-+
-     WebGLBuffer* boundBuffer = bufferSlot.get();
- 
-     if (!boundBuffer)
-         return ErrorInvalidOperation("bufferData: no buffer bound!");
- 
-     UniquePtr<uint8_t> zeroBuffer((uint8_t*)moz_calloc(size, 1));
-     if (!zeroBuffer)
-         return ErrorOutOfMemory("bufferData: out of memory");
-@@ -216,16 +219,19 @@ WebGLContext::BufferData(GLenum target,
-     const dom::ArrayBuffer& data = maybeData.Value();
-     data.ComputeLengthAndData();
- 
-     // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
-     // is like intptr_t.
-     if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
-         return ErrorOutOfMemory("bufferData: bad size");
- 
-+    if (gl->IsANGLE() && data.Length() > UINT32_MAX)
-+        return ErrorOutOfMemory("bufferData: size too large");
-+
-     if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
-         return;
- 
-     WebGLBuffer* boundBuffer = bufferSlot.get();
- 
-     if (!boundBuffer)
-         return ErrorInvalidOperation("bufferData: no buffer bound!");
- 
-@@ -267,16 +273,19 @@ WebGLContext::BufferData(GLenum target, 
- 
-     data.ComputeLengthAndData();
- 
-     // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
-     // is like intptr_t.
-     if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
-         return ErrorOutOfMemory("bufferData: bad size");
- 
-+    if (gl->IsANGLE() && data.Length() > UINT32_MAX)
-+        return ErrorOutOfMemory("bufferData: size too large");
-+
-     InvalidateBufferFetching();
-     MakeContextCurrent();
- 
-     GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
-     if (error) {
-         GenerateWarning("bufferData generated error %s", ErrorName(error));
-         return;
-     }
-