diff options
Diffstat (limited to 'gnu')
18 files changed, 11 insertions, 1277 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index bc74fa8d60..1d450cda64 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -216,7 +216,7 @@ standards.") (define-public icecat (package (name "icecat") - (version "31.4.0") + (version "31.5.0") (source (origin (method url-fetch) @@ -224,29 +224,12 @@ standards.") version "/" name "-" version ".tar.bz2")) (sha256 (base32 - "0q5ilgfybcrbwf9hq9zc1cpnlhq1pddnnjmdrxrcrrg8lgx5kkc2")) - (patches (map search-patch - '("icecat-CVE-2015-0822.patch" - "icecat-CVE-2015-0827-pt-1.patch" - "icecat-CVE-2015-0827-pt-2.patch" - "icecat-CVE-2015-0827-pt-3.patch" - "icecat-CVE-2015-0831-pt-1.patch" - "icecat-CVE-2015-0831-pt-2.patch" - "icecat-CVE-2015-0836-pt-01.patch" - "icecat-CVE-2015-0836-pt-02.patch" - "icecat-CVE-2015-0836-pt-03.patch" - "icecat-CVE-2015-0836-pt-04.patch" - "icecat-CVE-2015-0836-pt-05.patch" - "icecat-CVE-2015-0836-pt-06.patch" - "icecat-CVE-2015-0836-pt-07.patch" - "icecat-CVE-2015-0836-pt-08.patch" - "icecat-CVE-2015-0836-pt-09.patch" - "icecat-CVE-2015-0836-pt-10.patch" - "icecat-CVE-2015-0836-pt-11.patch"))))) + "1rr4axghaypdkrf60i1qp6dz4cd29ya02fs3vyffvp4x9kgcq2dd")))) (build-system gnu-build-system) (inputs `(("alsa-lib" ,alsa-lib) ("bzip2" ,bzip2) + ("cairo" ,cairo) ("dbus" ,dbus) ("dbus-glib" ,dbus-glib) ("glib" ,glib) @@ -264,6 +247,8 @@ standards.") ("pixman" ,pixman) ("pulseaudio" ,pulseaudio) ("mesa" ,mesa) + ("nspr" ,nspr) + ("nss" ,nss) ("unzip" ,unzip) ("yasm" ,yasm) ("zip" ,zip) @@ -290,19 +275,15 @@ standards.") "--with-system-libevent" "--with-system-libvpx" "--with-system-icu" + "--with-system-nspr" + "--with-system-nss" "--enable-system-pixman" - - ;; XXX unsure whether to use these. - ;; "--with-system-nspr" - ;; "--with-system-nss" - - ;; Fails with "configure: error: Library requirements - ;; (cairo-tee >= 1.10) not met". - ;; "--enable-system-cairo" + "--enable-system-cairo" + "--enable-system-ffi" ;; Fails with "configure: error: System ;; SQLite library is not compiled with - ;; SQLITE_SECURE_DELETE." + ;; SQLITE_ENABLE_UNLOCK_NOTIFY." ;; "--enable-system-sqlite" ;; Fails with "--with-system-png won't work because @@ -324,8 +305,7 @@ standards.") ;; to accelerate baseline JPEG compression/ ;; decompression", so we had better not use it ;; "--with-system-jpeg" - - "--enable-system-ffi") + ) #:phases (alist-replace diff --git a/gnu/packages/patches/icecat-CVE-2015-0822.patch b/gnu/packages/patches/icecat-CVE-2015-0822.patch deleted file mode 100644 index 2625151453..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0822.patch +++ /dev/null @@ -1,154 +0,0 @@ -From 0922145c255bf2503d3b2dd5f8f1e813338ba990 Mon Sep 17 00:00:00 2001 -From: Mats Palmgren <mats@mozilla.com> -Date: Sat, 24 Jan 2015 12:37:47 -0500 -Subject: [PATCH] Bug 1110557. r=mak, r=gavin, a=bkerensa - ---- - .../components/satchel/nsFormFillController.cpp | 67 +++++++++++++++------- - toolkit/components/satchel/nsFormFillController.h | 5 ++ - 2 files changed, 52 insertions(+), 20 deletions(-) - -diff --git a/toolkit/components/satchel/nsFormFillController.cpp b/toolkit/components/satchel/nsFormFillController.cpp -index 315fc68..676ad84 100644 ---- a/toolkit/components/satchel/nsFormFillController.cpp -+++ b/toolkit/components/satchel/nsFormFillController.cpp -@@ -61,6 +61,7 @@ nsFormFillController::nsFormFillController() : - mSuppressOnInput(false) - { - mController = do_GetService("@mozilla.org/autocomplete/controller;1"); -+ MOZ_ASSERT(mController); - } - - struct PwmgrInputsEnumData -@@ -104,6 +105,21 @@ nsFormFillController::AttributeChanged(nsIDocument* aDocument, - int32_t aNameSpaceID, - nsIAtom* aAttribute, int32_t aModType) - { -+ if ((aAttribute == nsGkAtoms::type || aAttribute == nsGkAtoms::readonly || -+ aAttribute == nsGkAtoms::autocomplete) && -+ aNameSpaceID == kNameSpaceID_None) { -+ nsCOMPtr<nsIDOMHTMLInputElement> focusedInput(mFocusedInput); -+ // Reset the current state of the controller, unconditionally. -+ StopControllingInput(); -+ // Then restart based on the new values. We have to delay this -+ // to avoid ending up in an endless loop due to re-registering our -+ // mutation observer (which would notify us again for *this* event). -+ nsCOMPtr<nsIRunnable> event = -+ NS_NewRunnableMethodWithArg<nsCOMPtr<nsIDOMHTMLInputElement>> -+ (this, &nsFormFillController::MaybeStartControllingInput, focusedInput); -+ NS_DispatchToCurrentThread(event); -+ } -+ - if (mListNode && mListNode->Contains(aElement)) { - RevalidateDataList(); - } -@@ -841,28 +857,26 @@ nsFormFillController::RemoveForDocumentEnumerator(const nsINode* aKey, - return PL_DHASH_NEXT; - } - --nsresult --nsFormFillController::Focus(nsIDOMEvent* aEvent) -+void -+nsFormFillController::MaybeStartControllingInput(nsIDOMHTMLInputElement* aInput) - { -- nsCOMPtr<nsIDOMHTMLInputElement> input = do_QueryInterface( -- aEvent->InternalDOMEvent()->GetTarget()); -- nsCOMPtr<nsINode> inputNode = do_QueryInterface(input); -+ nsCOMPtr<nsINode> inputNode = do_QueryInterface(aInput); - if (!inputNode) -- return NS_OK; -+ return; - -- nsCOMPtr<nsIFormControl> formControl = do_QueryInterface(input); -+ nsCOMPtr<nsIFormControl> formControl = do_QueryInterface(aInput); - if (!formControl || !formControl->IsSingleLineTextControl(true)) -- return NS_OK; -+ return; - - bool isReadOnly = false; -- input->GetReadOnly(&isReadOnly); -+ aInput->GetReadOnly(&isReadOnly); - if (isReadOnly) -- return NS_OK; -+ return; - -- bool autocomplete = nsContentUtils::IsAutocompleteEnabled(input); -+ bool autocomplete = nsContentUtils::IsAutocompleteEnabled(aInput); - - nsCOMPtr<nsIDOMHTMLElement> datalist; -- input->GetList(getter_AddRefs(datalist)); -+ aInput->GetList(getter_AddRefs(datalist)); - bool hasList = datalist != nullptr; - - bool dummy; -@@ -871,9 +885,16 @@ nsFormFillController::Focus(nsIDOMEvent* aEvent) - isPwmgrInput = true; - - if (isPwmgrInput || hasList || autocomplete) { -- StartControllingInput(input); -+ StartControllingInput(aInput); - } -+} - -+nsresult -+nsFormFillController::Focus(nsIDOMEvent* aEvent) -+{ -+ nsCOMPtr<nsIDOMHTMLInputElement> input = do_QueryInterface( -+ aEvent->InternalDOMEvent()->GetTarget()); -+ MaybeStartControllingInput(input); - return NS_OK; - } - -@@ -1087,6 +1108,10 @@ nsFormFillController::StartControllingInput(nsIDOMHTMLInputElement *aInput) - // Make sure we're not still attached to an input - StopControllingInput(); - -+ if (!mController) { -+ return; -+ } -+ - // Find the currently focused docShell - nsCOMPtr<nsIDocShell> docShell = GetDocShellForInput(aInput); - int32_t index = GetIndexOfDocShell(docShell); -@@ -1129,13 +1154,15 @@ nsFormFillController::StopControllingInput() - mListNode = nullptr; - } - -- // Reset the controller's input, but not if it has been switched -- // to another input already, which might happen if the user switches -- // focus by clicking another autocomplete textbox -- nsCOMPtr<nsIAutoCompleteInput> input; -- mController->GetInput(getter_AddRefs(input)); -- if (input == this) -- mController->SetInput(nullptr); -+ if (mController) { -+ // Reset the controller's input, but not if it has been switched -+ // to another input already, which might happen if the user switches -+ // focus by clicking another autocomplete textbox -+ nsCOMPtr<nsIAutoCompleteInput> input; -+ mController->GetInput(getter_AddRefs(input)); -+ if (input == this) -+ mController->SetInput(nullptr); -+ } - - if (mFocusedInputNode) { - MaybeRemoveMutationObserver(mFocusedInputNode); -diff --git a/toolkit/components/satchel/nsFormFillController.h b/toolkit/components/satchel/nsFormFillController.h -index b60d28d..8c3ba26 100644 ---- a/toolkit/components/satchel/nsFormFillController.h -+++ b/toolkit/components/satchel/nsFormFillController.h -@@ -62,6 +62,11 @@ protected: - - void StartControllingInput(nsIDOMHTMLInputElement *aInput); - void StopControllingInput(); -+ /** -+ * Checks that aElement is a type of element we want to fill, then calls -+ * StartControllingInput on it. -+ */ -+ void MaybeStartControllingInput(nsIDOMHTMLInputElement* aElement); - - nsresult PerformInputListAutoComplete(nsIAutoCompleteResult* aPreviousResult); - --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch deleted file mode 100644 index c57da755d1..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 28b6204b1421aa57b3c10c43d90cb516910bc80f Mon Sep 17 00:00:00 2001 -From: Markus Stange <mstange@themasta.com> -Date: Tue, 6 Jan 2015 12:08:39 +0100 -Subject: [PATCH] Bug 1117304 - Also do the checks at the start of CopyRect in - release builds. r=Bas, a=sledru - ---- - gfx/2d/FilterNodeSoftware.cpp | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp -index 00d790f..396d0da 100644 ---- a/gfx/2d/FilterNodeSoftware.cpp -+++ b/gfx/2d/FilterNodeSoftware.cpp -@@ -253,9 +253,12 @@ CopyRect(DataSourceSurface* aSrc, DataSourceSurface* aDest, - MOZ_CRASH("we should never be getting invalid rects at this point"); - } - -- MOZ_ASSERT(aSrc->GetFormat() == aDest->GetFormat(), "different surface formats"); -- MOZ_ASSERT(IntRect(IntPoint(), aSrc->GetSize()).Contains(aSrcRect), "source rect too big for source surface"); -- MOZ_ASSERT(IntRect(IntPoint(), aDest->GetSize()).Contains(aSrcRect - aSrcRect.TopLeft() + aDestPoint), "dest surface too small"); -+ MOZ_RELEASE_ASSERT(aSrc->GetFormat() == aDest->GetFormat(), -+ "different surface formats"); -+ MOZ_RELEASE_ASSERT(IntRect(IntPoint(), aSrc->GetSize()).Contains(aSrcRect), -+ "source rect too big for source surface"); -+ MOZ_RELEASE_ASSERT(IntRect(IntPoint(), aDest->GetSize()).Contains(IntRect(aDestPoint, aSrcRect.Size())), -+ "dest surface too small"); - - if (aSrcRect.IsEmpty()) { - return; --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch deleted file mode 100644 index 1ff68f4b4c..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5ff75fbe51d5760a96b4e614617c9cbf35f1fbaa Mon Sep 17 00:00:00 2001 -From: Markus Stange <mstange@themasta.com> -Date: Mon, 5 Jan 2015 18:40:27 +0100 -Subject: [PATCH] Bug 1117304 - Make sure the tile filter doesn't call CopyRect - on surfaces with different formats. r=Bas, a=sledru - ---- - gfx/2d/FilterNodeSoftware.cpp | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp -index 396d0da..10d92c6 100644 ---- a/gfx/2d/FilterNodeSoftware.cpp -+++ b/gfx/2d/FilterNodeSoftware.cpp -@@ -1568,7 +1568,16 @@ FilterNodeTileSoftware::Render(const IntRect& aRect) - return nullptr; - } - } -- MOZ_ASSERT(input->GetFormat() == target->GetFormat(), "different surface formats from the same input?"); -+ -+ if (input->GetFormat() != target->GetFormat()) { -+ // Different rectangles of the input can have different formats. If -+ // that happens, just convert everything to B8G8R8A8. -+ target = FilterProcessing::ConvertToB8G8R8A8(target); -+ input = FilterProcessing::ConvertToB8G8R8A8(input); -+ if (MOZ2D_WARN_IF(!target) || MOZ2D_WARN_IF(!input)) { -+ return nullptr; -+ } -+ } - - CopyRect(input, target, srcRect - srcRect.TopLeft(), destRect.TopLeft() - aRect.TopLeft()); - } --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch deleted file mode 100644 index 8d40126849..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c91087708686ae1c47abee65e19536688e5ec8f2 Mon Sep 17 00:00:00 2001 -From: Ryan VanderMeulen <ryanvm@gmail.com> -Date: Mon, 26 Jan 2015 17:24:46 -0500 -Subject: [PATCH] Bug 1117304 - Add missing MOZ2D_WARN_IF definition to fix - bustage. r=milan, a=bustage - ---- - gfx/2d/FilterNodeSoftware.cpp | 1 + - gfx/2d/Logging.h | 19 +++++++++++++++++++ - 2 files changed, 20 insertions(+) - -diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp -index 10d92c6..48bf162 100644 ---- a/gfx/2d/FilterNodeSoftware.cpp -+++ b/gfx/2d/FilterNodeSoftware.cpp -@@ -12,6 +12,7 @@ - #include "Blur.h" - #include <map> - #include "FilterProcessing.h" -+#include "Logging.h" - #include "mozilla/PodOperations.h" - #include "mozilla/DebugOnly.h" - -diff --git a/gfx/2d/Logging.h b/gfx/2d/Logging.h -index 85e788c..d7728bb 100644 ---- a/gfx/2d/Logging.h -+++ b/gfx/2d/Logging.h -@@ -155,6 +155,25 @@ typedef Log<LOG_WARNING> WarningLog; - #define gfxWarning if (1) ; else NoLog - #endif - -+// See nsDebug.h and the NS_WARN_IF macro -+ -+#ifdef __cplusplus -+#ifdef DEBUG -+inline bool MOZ2D_warn_if_impl(bool aCondition, const char* aExpr, -+ const char* aFile, int32_t aLine) -+{ -+ if (MOZ_UNLIKELY(aCondition)) { -+ gfxWarning() << aExpr << " at " << aFile << ":" << aLine; -+ } -+ return aCondition; -+} -+#define MOZ2D_WARN_IF(condition) \ -+ MOZ2D_warn_if_impl(condition, #condition, __FILE__, __LINE__) -+#else -+#define MOZ2D_WARN_IF(condition) (bool)(condition) -+#endif -+#endif -+ - const int INDENT_PER_LEVEL = 2; - - class TreeLog --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch b/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch deleted file mode 100644 index c04d604923..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c8437505a63fc2b2552b8af217d60d79abb92ba3 Mon Sep 17 00:00:00 2001 -From: Ben Turner <bent.mozilla@gmail.com> -Date: Fri, 6 Feb 2015 15:25:33 -0800 -Subject: [PATCH] Bug 1130541. r=janv, a=sledru - ---- - dom/indexedDB/IDBDatabase.cpp | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/dom/indexedDB/IDBDatabase.cpp b/dom/indexedDB/IDBDatabase.cpp -index 7329cec..c9c7e4f 100644 ---- a/dom/indexedDB/IDBDatabase.cpp -+++ b/dom/indexedDB/IDBDatabase.cpp -@@ -536,6 +536,7 @@ IDBDatabase::CreateObjectStore( - IDBTransaction* transaction = AsyncConnectionHelper::GetCurrentTransaction(); - - if (!transaction || -+ transaction->Database() != this || - transaction->GetMode() != IDBTransaction::VERSION_CHANGE) { - aRv.Throw(NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR); - return nullptr; -@@ -577,6 +578,7 @@ IDBDatabase::DeleteObjectStore(const nsAString& aName, ErrorResult& aRv) - IDBTransaction* transaction = AsyncConnectionHelper::GetCurrentTransaction(); - - if (!transaction || -+ transaction->Database() != this || - transaction->GetMode() != IDBTransaction::VERSION_CHANGE) { - aRv.Throw(NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR); - return; --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch b/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch deleted file mode 100644 index 9510cd611f..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4e799e44288c951f8d9acd17e7d8c56c9ee6a7d3 Mon Sep 17 00:00:00 2001 -From: Ben Turner <bent.mozilla@gmail.com> -Date: Mon, 9 Feb 2015 14:38:26 -0800 -Subject: [PATCH] Bug 1130541 followup a=test-only - ---HG-- -extra : amend_source : 23d80353f87897fdac9c99048d12ebe4ed390f76 ---- - dom/indexedDB/test/browser_quotaPrompt.html | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/dom/indexedDB/test/browser_quotaPrompt.html b/dom/indexedDB/test/browser_quotaPrompt.html -index c139970..dbeea68 100644 ---- a/dom/indexedDB/test/browser_quotaPrompt.html -+++ b/dom/indexedDB/test/browser_quotaPrompt.html -@@ -38,6 +38,7 @@ - let request = indexedDB.open(window.location.pathname, version++); - request.onerror = errorHandler; - request.onupgradeneeded = function(event) { -+ let db = event.target.result; - db.deleteObjectStore("foo"); - db.onversionchange = function () { db.close(); }; - request.transaction.oncomplete = function(event) { --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch deleted file mode 100644 index f6e2756054..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4106ffa6ee83b814428bb07948b3595e3fa3847e Mon Sep 17 00:00:00 2001 -From: Jan de Mooij <jdemooij@mozilla.com> -Date: Tue, 10 Feb 2015 09:40:46 +0100 -Subject: [PATCH] Bug 1128196 - Don't relazify scripts with a TypeScript. - r=till, a=lmandel - ---- - js/src/jsscript.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/js/src/jsscript.h b/js/src/jsscript.h -index 4d548ef..9a0cfbb 100644 ---- a/js/src/jsscript.h -+++ b/js/src/jsscript.h -@@ -1251,7 +1251,7 @@ class JSScript : public js::gc::BarrieredCell<JSScript> - } - - bool isRelazifiable() const { -- return (selfHosted() || lazyScript) && -+ return (selfHosted() || lazyScript) && !types && - !isGenerator() && !hasBaselineScript() && !hasAnyIonScript() && !hasBeenInlined(); - } - void setLazyScript(js::LazyScript *lazy) { --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch deleted file mode 100644 index c95cf23a29..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 83c4bfeea2d2203f726e3bfcb7ee6fe56b4d9703 Mon Sep 17 00:00:00 2001 -From: Ryan VanderMeulen <ryanvm@gmail.com> -Date: Thu, 29 Jan 2015 10:31:25 -0500 -Subject: [PATCH] Bug 1111248. r=Waldo, a=sledru - ---- - js/src/jsbool.cpp | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/js/src/jsbool.cpp b/js/src/jsbool.cpp -index 5d88bd5..8d5d672 100644 ---- a/js/src/jsbool.cpp -+++ b/js/src/jsbool.cpp -@@ -198,7 +198,8 @@ js::ToBooleanSlow(HandleValue v) - bool - js::BooleanGetPrimitiveValueSlow(HandleObject wrappedBool) - { -- JSObject *obj = wrappedBool->as<ProxyObject>().target(); -- JS_ASSERT(obj); -+ JSObject *obj = CheckedUnwrap(wrappedBool); -+ if (!obj || !obj->is<BooleanObject>()) -+ return false; - return obj->as<BooleanObject>().unbox(); - } --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch deleted file mode 100644 index 115cd76201..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch +++ /dev/null @@ -1,220 +0,0 @@ -From 4e4e34238e5bb5af83a645a5f4d2097e3b30e9dd Mon Sep 17 00:00:00 2001 -From: Tom Schuster <evilpies@gmail.com> -Date: Sun, 25 Jan 2015 21:42:10 +0100 -Subject: [PATCH] Bug 1111243 - Implement ES6 proxy behavior for IsArray. - r=efaust, a=abillings - ---- - browser/devtools/app-manager/app-projects.js | 2 ++ - js/public/Class.h | 5 +++- - js/src/jsarray.cpp | 9 ++++-- - js/src/jsobjinlines.h | 15 +++++++++- - js/src/json.cpp | 11 +++---- - js/src/jsproxy.cpp | 45 ++++++++++++++++++++++++++++ - 6 files changed, 78 insertions(+), 9 deletions(-) - -diff --git a/browser/devtools/app-manager/app-projects.js b/browser/devtools/app-manager/app-projects.js -index d09f72f..77ca67b 100644 ---- a/browser/devtools/app-manager/app-projects.js -+++ b/browser/devtools/app-manager/app-projects.js -@@ -61,6 +61,8 @@ const IDB = { - add: function(project) { - let deferred = promise.defer(); - -+ project = JSON.parse(JSON.stringify(project)); -+ - if (!project.location) { - // We need to make sure this object has a `.location` property. - deferred.reject("Missing location property on project object."); -diff --git a/js/public/Class.h b/js/public/Class.h -index ff864b1..46f7d39 100644 ---- a/js/public/Class.h -+++ b/js/public/Class.h -@@ -521,7 +521,10 @@ Valueify(const JSClass *c) - */ - enum ESClassValue { - ESClass_Array, ESClass_Number, ESClass_String, ESClass_Boolean, -- ESClass_RegExp, ESClass_ArrayBuffer, ESClass_Date -+ ESClass_RegExp, ESClass_ArrayBuffer, ESClass_Date, -+ // Special snowflake for the ES6 IsArray method. -+ // Please don't use it without calling that function. -+ ESClass_IsArray - }; - - /* -diff --git a/js/src/jsarray.cpp b/js/src/jsarray.cpp -index 24da176..46f1c20 100644 ---- a/js/src/jsarray.cpp -+++ b/js/src/jsarray.cpp -@@ -2645,7 +2645,8 @@ js::array_concat(JSContext *cx, unsigned argc, Value *vp) - HandleValue v = HandleValue::fromMarkedLocation(&p[i]); - if (v.isObject()) { - RootedObject obj(cx, &v.toObject()); -- if (ObjectClassIs(obj, ESClass_Array, cx)) { -+ // This should be IsConcatSpreadable -+ if (IsArray(obj, cx)) { - uint32_t alength; - if (!GetLengthProperty(cx, obj, &alength)) - return false; -@@ -2870,7 +2871,11 @@ static bool - array_isArray(JSContext *cx, unsigned argc, Value *vp) - { - CallArgs args = CallArgsFromVp(argc, vp); -- bool isArray = args.length() > 0 && IsObjectWithClass(args[0], ESClass_Array, cx); -+ bool isArray = false; -+ if (args.get(0).isObject()) { -+ RootedObject obj(cx, &args[0].toObject()); -+ isArray = IsArray(obj, cx); -+ } - args.rval().setBoolean(isArray); - return true; - } -diff --git a/js/src/jsobjinlines.h b/js/src/jsobjinlines.h -index e848ba7..557dd26 100644 ---- a/js/src/jsobjinlines.h -+++ b/js/src/jsobjinlines.h -@@ -1032,7 +1032,10 @@ ObjectClassIs(HandleObject obj, ESClassValue classValue, JSContext *cx) - return Proxy::objectClassIs(obj, classValue, cx); - - switch (classValue) { -- case ESClass_Array: return obj->is<ArrayObject>(); -+ case ESClass_Array: -+ case ESClass_IsArray: -+ // There difference between those is only relevant for proxies. -+ return obj->is<ArrayObject>(); - case ESClass_Number: return obj->is<NumberObject>(); - case ESClass_String: return obj->is<StringObject>(); - case ESClass_Boolean: return obj->is<BooleanObject>(); -@@ -1053,6 +1056,16 @@ IsObjectWithClass(const Value &v, ESClassValue classValue, JSContext *cx) - return ObjectClassIs(obj, classValue, cx); - } - -+// ES6 7.2.2 -+inline bool -+IsArray(HandleObject obj, JSContext *cx) -+{ -+ if (obj->is<ArrayObject>()) -+ return true; -+ -+ return ObjectClassIs(obj, ESClass_IsArray, cx); -+} -+ - static MOZ_ALWAYS_INLINE bool - NewObjectMetadata(ExclusiveContext *cxArg, JSObject **pmetadata) - { -diff --git a/js/src/json.cpp b/js/src/json.cpp -index 6e45bfd..81a99a6 100644 ---- a/js/src/json.cpp -+++ b/js/src/json.cpp -@@ -300,7 +300,7 @@ JO(JSContext *cx, HandleObject obj, StringifyContext *scx) - Maybe<AutoIdVector> ids; - const AutoIdVector *props; - if (scx->replacer && !scx->replacer->isCallable()) { -- JS_ASSERT(JS_IsArrayObject(cx, scx->replacer)); -+ JS_ASSERT(IsArray(scx->replacer, cx)); - props = &scx->propertyList; - } else { - JS_ASSERT_IF(scx->replacer, scx->propertyList.length() == 0); -@@ -488,7 +488,7 @@ Str(JSContext *cx, const Value &v, StringifyContext *scx) - - scx->depth++; - bool ok; -- if (ObjectClassIs(obj, ESClass_Array, cx)) -+ if (IsArray(obj, cx)) - ok = JA(cx, obj, scx); - else - ok = JO(cx, obj, scx); -@@ -510,7 +510,7 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp - if (replacer) { - if (replacer->isCallable()) { - /* Step 4a(i): use replacer to transform values. */ -- } else if (ObjectClassIs(replacer, ESClass_Array, cx)) { -+ } else if (IsArray(replacer, cx)) { - /* - * Step 4b: The spec algorithm is unhelpfully vague about the exact - * steps taken when the replacer is an array, regarding the exact -@@ -541,7 +541,8 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp - - /* Step 4b(ii). */ - uint32_t len; -- JS_ALWAYS_TRUE(GetLengthProperty(cx, replacer, &len)); -+ if (!GetLengthProperty(cx, replacer, &len)) -+ return false; - if (replacer->is<ArrayObject>() && !replacer->isIndexed()) - len = Min(len, replacer->getDenseInitializedLength()); - -@@ -678,7 +679,7 @@ Walk(JSContext *cx, HandleObject holder, HandleId name, HandleValue reviver, Mut - if (val.isObject()) { - RootedObject obj(cx, &val.toObject()); - -- if (ObjectClassIs(obj, ESClass_Array, cx)) { -+ if (IsArray(obj, cx)) { - /* Step 2a(ii). */ - uint32_t length; - if (!GetLengthProperty(cx, obj, &length)) -diff --git a/js/src/jsproxy.cpp b/js/src/jsproxy.cpp -index 7644da1..7453103 100644 ---- a/js/src/jsproxy.cpp -+++ b/js/src/jsproxy.cpp -@@ -1108,6 +1108,14 @@ class ScriptedDirectProxyHandler : public DirectProxyHandler { - virtual bool isExtensible(JSContext *cx, HandleObject proxy, bool *extensible) MOZ_OVERRIDE; - - /* Spidermonkey extensions. */ -+ // A scripted proxy should not be treated as generic in most contexts. -+ virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl, -+ CallArgs args) MOZ_OVERRIDE; -+ virtual bool objectClassIs(HandleObject obj, ESClassValue classValue, -+ JSContext *cx) MOZ_OVERRIDE; -+ virtual bool regexp_toShared(JSContext *cx, HandleObject proxy, -+ RegExpGuard *g) MOZ_OVERRIDE; -+ - virtual bool call(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE; - virtual bool construct(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE; - virtual bool isScripted() MOZ_OVERRIDE { return true; } -@@ -2350,6 +2358,43 @@ ScriptedDirectProxyHandler::construct(JSContext *cx, HandleObject proxy, const C - return true; - } - -+bool -+ScriptedDirectProxyHandler::nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl, -+ CallArgs args) -+{ -+ ReportIncompatible(cx, args); -+ return false; -+} -+ -+bool -+ScriptedDirectProxyHandler::objectClassIs(HandleObject proxy, ESClassValue classValue, -+ JSContext *cx) -+{ -+ // Special case IsArray. In every other instance ES wants to have exactly -+ // one object type and not a proxy around it, so return false. -+ if (classValue != ESClass_IsArray) -+ return false; -+ -+ // In ES6 IsArray is supposed to poke at the Proxy target, instead we do this here. -+ // The reason for this is that we have proxies for which looking at the target might -+ // be impossible. So instead we use our little objectClassIs function that just works -+ // already across different wrappers. -+ RootedObject target(cx, proxy->as<ProxyObject>().target()); -+ if (!target) -+ return false; -+ -+ return IsArray(target, cx); -+} -+ -+bool -+ScriptedDirectProxyHandler::regexp_toShared(JSContext *cx, HandleObject proxy, -+ RegExpGuard *g) -+{ -+ MOZ_CRASH("Should not end up in ScriptedDirectProxyHandler::regexp_toShared"); -+ return false; -+} -+ -+ - ScriptedDirectProxyHandler ScriptedDirectProxyHandler::singleton; - - #define INVOKE_ON_PROTOTYPE(cx, handler, proxy, protoCall) \ --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch deleted file mode 100644 index 58e61d080c..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 97ba04bf95606b409b1b3035504a41c274ecffe2 Mon Sep 17 00:00:00 2001 -From: Shu-yu Guo <shu@rfrn.org> -Date: Mon, 26 Jan 2015 18:26:25 -0800 -Subject: [PATCH] Bug 1119579 - Don't GC while iterating compartments in - findAllGlobals. r=sfink, a=abillings - ---- - js/src/vm/Debugger.cpp | 56 ++++++++++++++++++++++++++++++-------------------- - 1 file changed, 34 insertions(+), 22 deletions(-) - -diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp -index 27e993d..a8decef 100644 ---- a/js/src/vm/Debugger.cpp -+++ b/js/src/vm/Debugger.cpp -@@ -2825,37 +2825,49 @@ Debugger::findAllGlobals(JSContext *cx, unsigned argc, Value *vp) - { - THIS_DEBUGGER(cx, argc, vp, "findAllGlobals", args, dbg); - -- RootedObject result(cx, NewDenseEmptyArray(cx)); -- if (!result) -- return false; -+ AutoObjectVector globals(cx); - -- for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) { -- if (c->options().invisibleToDebugger()) -- continue; -+ { -+ // Accumulate the list of globals before wrapping them, because -+ // wrapping can GC and collect compartments from under us, while -+ // iterating. - -- c->zone()->scheduledForDestruction = false; -+ for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) { -+ if (c->options().invisibleToDebugger()) -+ continue; - -- GlobalObject *global = c->maybeGlobal(); -+ c->zone()->scheduledForDestruction = false; - -- if (cx->runtime()->isSelfHostingGlobal(global)) -- continue; -+ GlobalObject *global = c->maybeGlobal(); - -- if (global) { -- /* -- * We pulled |global| out of nowhere, so it's possible that it was -- * marked gray by XPConnect. Since we're now exposing it to JS code, -- * we need to mark it black. -- */ -- JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT); -+ if (cx->runtime()->isSelfHostingGlobal(global)) -+ continue; - -- RootedValue globalValue(cx, ObjectValue(*global)); -- if (!dbg->wrapDebuggeeValue(cx, &globalValue)) -- return false; -- if (!NewbornArrayPush(cx, result, globalValue)) -- return false; -+ if (global) { -+ /* -+ * We pulled |global| out of nowhere, so it's possible that it was -+ * marked gray by XPConnect. Since we're now exposing it to JS code, -+ * we need to mark it black. -+ */ -+ JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT); -+ if (!globals.append(global)) -+ return false; -+ } - } - } - -+ RootedObject result(cx, NewDenseEmptyArray(cx)); -+ if (!result) -+ return false; -+ -+ for (size_t i = 0; i < globals.length(); i++) { -+ RootedValue globalValue(cx, ObjectValue(*globals[i])); -+ if (!dbg->wrapDebuggeeValue(cx, &globalValue)) -+ return false; -+ if (!NewbornArrayPush(cx, result, globalValue)) -+ return false; -+ } -+ - args.rval().setObject(*result); - return true; - } --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch deleted file mode 100644 index 3e4ed17598..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 746ddf19ff532b8abc90d3a91322a04b462ebfa8 Mon Sep 17 00:00:00 2001 -From: Brian Hackett <bhackett1024@gmail.com> -Date: Mon, 26 Jan 2015 13:14:34 -0500 -Subject: [PATCH] Bug 1124018 - Null the allocation site table if - initialization fails. r=jonco, a=bkerensa - ---- - js/src/jsinfer.cpp | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/js/src/jsinfer.cpp b/js/src/jsinfer.cpp -index b62ad1f..4019b16 100644 ---- a/js/src/jsinfer.cpp -+++ b/js/src/jsinfer.cpp -@@ -2035,6 +2035,7 @@ TypeCompartment::addAllocationSiteTypeObject(JSContext *cx, AllocationSiteKey ke - allocationSiteTable = cx->new_<AllocationSiteTable>(); - if (!allocationSiteTable || !allocationSiteTable->init()) { - js_delete(allocationSiteTable); -+ allocationSiteTable = nullptr; - return nullptr; - } - } --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch deleted file mode 100644 index 181f9243e3..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0758363d982b0b3e6cf021c164715a028a345b9e Mon Sep 17 00:00:00 2001 -From: "Byron Campen [:bwc]" <docfaraday@gmail.com> -Date: Wed, 21 Jan 2015 08:56:36 -0800 -Subject: [PATCH] Bug 1123882 - Fix case where offset != 0. r=derf, a=bkerensa - ---- - content/media/MediaDecoderStateMachine.cpp | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/content/media/MediaDecoderStateMachine.cpp b/content/media/MediaDecoderStateMachine.cpp -index ce5870f..4ed496c 100644 ---- a/content/media/MediaDecoderStateMachine.cpp -+++ b/content/media/MediaDecoderStateMachine.cpp -@@ -328,6 +328,8 @@ void MediaDecoderStateMachine::SendStreamAudio(AudioData* aAudio, - if (offset >= aAudio->mFrames) - return; - -+ size_t framesToWrite = aAudio->mFrames - offset; -+ - aAudio->EnsureAudioBuffer(); - nsRefPtr<SharedBuffer> buffer = aAudio->mAudioBuffer; - AudioDataValue* bufferData = static_cast<AudioDataValue*>(buffer->Data()); -@@ -335,10 +337,11 @@ void MediaDecoderStateMachine::SendStreamAudio(AudioData* aAudio, - for (uint32_t i = 0; i < aAudio->mChannels; ++i) { - channels.AppendElement(bufferData + i*aAudio->mFrames + offset); - } -- aOutput->AppendFrames(buffer.forget(), channels, aAudio->mFrames); -- VERBOSE_LOG("writing %d frames of data to MediaStream for AudioData at %lld", -- aAudio->mFrames - int32_t(offset), aAudio->mTime); -- aStream->mAudioFramesWritten += aAudio->mFrames - int32_t(offset); -+ aOutput->AppendFrames(buffer.forget(), channels, framesToWrite); -+ VERBOSE_LOG("writing %u frames of data to MediaStream for AudioData at %lld", -+ static_cast<unsigned>(framesToWrite), -+ aAudio->mTime); -+ aStream->mAudioFramesWritten += framesToWrite; - } - - static void WriteVideoToMediaStream(layers::Image* aImage, --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch deleted file mode 100644 index 818d369b26..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 94899f849e50a765bb26420f5c70d49002d6673f Mon Sep 17 00:00:00 2001 -From: Glenn Randers-Pehrson <glennrp+bmo@gmail.com> -Date: Mon, 26 Jan 2015 16:07:00 -0500 -Subject: [PATCH] Bug 1117406 - Fix handling of out-of-range PNG tRNS values. - r=jmuizelaar, a=abillings - ---- - image/decoders/nsPNGDecoder.cpp | 22 ++++++++++++---------- - 1 file changed, 12 insertions(+), 10 deletions(-) - -diff --git a/image/decoders/nsPNGDecoder.cpp b/image/decoders/nsPNGDecoder.cpp -index acaa835..8e6bc2d 100644 ---- a/image/decoders/nsPNGDecoder.cpp -+++ b/image/decoders/nsPNGDecoder.cpp -@@ -528,24 +528,26 @@ nsPNGDecoder::info_callback(png_structp png_ptr, png_infop info_ptr) - png_set_expand(png_ptr); - - if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS)) { -- int sample_max = (1 << bit_depth); - png_color_16p trans_values; - png_get_tRNS(png_ptr, info_ptr, &trans, &num_trans, &trans_values); - /* libpng doesn't reject a tRNS chunk with out-of-range samples - so we check it here to avoid setting up a useless opacity -- channel or producing unexpected transparent pixels when using -- libpng-1.2.19 through 1.2.26 (bug #428045) */ -- if ((color_type == PNG_COLOR_TYPE_GRAY && -- (int)trans_values->gray > sample_max) || -- (color_type == PNG_COLOR_TYPE_RGB && -- ((int)trans_values->red > sample_max || -- (int)trans_values->green > sample_max || -- (int)trans_values->blue > sample_max))) -+ channel or producing unexpected transparent pixels (bug #428045) */ -+ if (bit_depth < 16) { -+ png_uint_16 sample_max = (1 << bit_depth) - 1; -+ if ((color_type == PNG_COLOR_TYPE_GRAY && -+ trans_values->gray > sample_max) || -+ (color_type == PNG_COLOR_TYPE_RGB && -+ (trans_values->red > sample_max || -+ trans_values->green > sample_max || -+ trans_values->blue > sample_max))) - { - /* clear the tRNS valid flag and release tRNS memory */ - png_free_data(png_ptr, info_ptr, PNG_FREE_TRNS, 0); -+ num_trans = 0; - } -- else -+ } -+ if (num_trans != 0) - png_set_expand(png_ptr); - } - --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch deleted file mode 100644 index 685e3a6d43..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4920c5c447d1153dffa623dd70d8b535b9ca6795 Mon Sep 17 00:00:00 2001 -From: Jan de Mooij <jdemooij@mozilla.com> -Date: Mon, 26 Jan 2015 12:59:47 +0100 -Subject: [PATCH] Bug 1115776 - Fix LApplyArgsGeneric to always emit the - has-script check. r=shu, a=sledru - ---- - js/src/jit/CodeGenerator.cpp | 24 ++++++++---------------- - 1 file changed, 8 insertions(+), 16 deletions(-) - -diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp -index ba14f86..0669692 100644 ---- a/js/src/jit/CodeGenerator.cpp -+++ b/js/src/jit/CodeGenerator.cpp -@@ -2448,27 +2448,19 @@ CodeGenerator::visitApplyArgsGeneric(LApplyArgsGeneric *apply) - - masm.checkStackAlignment(); - -- // If the function is known to be uncompilable, only emit the call to InvokeFunction. -+ // If the function is native, only emit the call to InvokeFunction. - ExecutionMode executionMode = gen->info().executionMode(); -- if (apply->hasSingleTarget()) { -- JSFunction *target = apply->getSingleTarget(); -- if (target->isNative()) { -- if (!emitCallInvokeFunction(apply, copyreg)) -- return false; -- emitPopArguments(apply, copyreg); -- return true; -- } -+ if (apply->hasSingleTarget() && apply->getSingleTarget()->isNative()) { -+ if (!emitCallInvokeFunction(apply, copyreg)) -+ return false; -+ emitPopArguments(apply, copyreg); -+ return true; - } - - Label end, invoke; - -- // Guard that calleereg is an interpreted function with a JSScript: -- if (!apply->hasSingleTarget()) { -- masm.branchIfFunctionHasNoScript(calleereg, &invoke); -- } else { -- // Native single targets are handled by LCallNative. -- JS_ASSERT(!apply->getSingleTarget()->isNative()); -- } -+ // Guard that calleereg is an interpreted function with a JSScript. -+ masm.branchIfFunctionHasNoScript(calleereg, &invoke); - - // Knowing that calleereg is a non-native function, load the JSScript. - masm.loadPtr(Address(calleereg, JSFunction::offsetOfNativeOrScript()), objreg); --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch deleted file mode 100644 index d067d8133d..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch +++ /dev/null @@ -1,52 +0,0 @@ -From f7d24f37425d3d9054a7e5657815440a07166d3f Mon Sep 17 00:00:00 2001 -From: Kartikaya Gupta <kgupta@mozilla.com> -Date: Tue, 20 Jan 2015 10:33:27 -0500 -Subject: [PATCH] Bug 1107009 - Additional locking needed for esr31 backport. - r=BenWa a=sledru - ---- - gfx/layers/ipc/CompositorParent.cpp | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/gfx/layers/ipc/CompositorParent.cpp b/gfx/layers/ipc/CompositorParent.cpp -index 97c8693..cb03e71 100644 ---- a/gfx/layers/ipc/CompositorParent.cpp -+++ b/gfx/layers/ipc/CompositorParent.cpp -@@ -1286,13 +1286,19 @@ CrossProcessCompositorParent::ShadowLayersUpdated( - { - uint64_t id = aLayerTree->GetId(); - MOZ_ASSERT(id != 0); -+ const CompositorParent::LayerTreeState* state = CompositorParent::GetIndirectShadowTree(id); -+ if (!state) { -+ return; -+ } -+ MOZ_ASSERT(state->mParent); -+ - Layer* shadowRoot = aLayerTree->GetRoot(); - if (shadowRoot) { - SetShadowProperties(shadowRoot); - } - UpdateIndirectTree(id, shadowRoot, aTargetConfig); - -- sIndirectLayerTrees[id].mParent->NotifyShadowTreeTransaction(id, aIsFirstPaint, aScheduleComposite); -+ state->mParent->NotifyShadowTreeTransaction(id, aIsFirstPaint, aScheduleComposite); - } - - void -@@ -1329,7 +1335,12 @@ AsyncCompositionManager* - CrossProcessCompositorParent::GetCompositionManager(LayerTransactionParent* aLayerTree) - { - uint64_t id = aLayerTree->GetId(); -- return sIndirectLayerTrees[id].mParent->GetCompositionManager(aLayerTree); -+ const CompositorParent::LayerTreeState* state = CompositorParent::GetIndirectShadowTree(id); -+ if (!state) { -+ return nullptr; -+ } -+ MOZ_ASSERT(state->mParent); -+ return state->mParent->GetCompositionManager(aLayerTree); - } - - void --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch deleted file mode 100644 index 9a4668b2dc..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 66e65b2138c6db20288ef4cf78d15995f382a7e2 Mon Sep 17 00:00:00 2001 -From: Kartikaya Gupta <kgupta@mozilla.com> -Date: Tue, 13 Jan 2015 13:26:26 -0500 -Subject: [PATCH] Bug 1107009. r=BenWa, a=sledru - ---- - gfx/layers/ipc/CompositorParent.cpp | 57 ++++++++++++++++++++++++++++++------- - 1 file changed, 46 insertions(+), 11 deletions(-) - -diff --git a/gfx/layers/ipc/CompositorParent.cpp b/gfx/layers/ipc/CompositorParent.cpp -index ce50277..cbbb2ef 100644 ---- a/gfx/layers/ipc/CompositorParent.cpp -+++ b/gfx/layers/ipc/CompositorParent.cpp -@@ -22,6 +22,7 @@ - #include "gfxPrefs.h" // for gfxPrefs - #include "ipc/ShadowLayersManager.h" // for ShadowLayersManager - #include "mozilla/AutoRestore.h" // for AutoRestore -+#include "mozilla/ClearOnShutdown.h" // for ClearOnShutdown - #include "mozilla/DebugOnly.h" // for DebugOnly - #include "mozilla/gfx/2D.h" // for DrawTarget - #include "mozilla/gfx/Point.h" // for IntSize -@@ -70,6 +71,16 @@ CompositorParent::LayerTreeState::LayerTreeState() - - typedef map<uint64_t, CompositorParent::LayerTreeState> LayerTreeMap; - static LayerTreeMap sIndirectLayerTrees; -+static StaticAutoPtr<mozilla::Monitor> sIndirectLayerTreesLock; -+ -+static void EnsureLayerTreeMapReady() -+{ -+ MOZ_ASSERT(NS_IsMainThread()); -+ if (!sIndirectLayerTreesLock) { -+ sIndirectLayerTreesLock = new Monitor("IndirectLayerTree"); -+ mozilla::ClearOnShutdown(&sIndirectLayerTreesLock); -+ } -+} - - // FIXME/bug 774386: we're assuming that there's only one - // CompositorParent, but that's not always true. This assumption only -@@ -132,6 +143,7 @@ void CompositorParent::StartUp() - return; - } - MOZ_ASSERT(!sCompositorLoop); -+ EnsureLayerTreeMapReady(); - CreateCompositorMap(); - CreateThread(); - sMainLoop = MessageLoop::current(); -@@ -206,7 +218,11 @@ CompositorParent::CompositorParent(nsIWidget* aWidget, - this, &mCompositorID)); - - mRootLayerTreeID = AllocateLayerTreeId(); -- sIndirectLayerTrees[mRootLayerTreeID].mParent = this; -+ -+ { // scope lock -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ sIndirectLayerTrees[mRootLayerTreeID].mParent = this; -+ } - - mApzcTreeManager = new APZCTreeManager(); - ++sCompositorThreadRefCount; -@@ -249,7 +265,10 @@ CompositorParent::Destroy() - mCompositionManager = nullptr; - mApzcTreeManager->ClearTree(); - mApzcTreeManager = nullptr; -- sIndirectLayerTrees.erase(mRootLayerTreeID); -+ { // scope lock -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ sIndirectLayerTrees.erase(mRootLayerTreeID); -+ } - } - - void -@@ -266,6 +285,7 @@ CompositorParent::RecvWillStop() - - // Ensure that the layer manager is destroyed before CompositorChild. - if (mLayerManager) { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin(); - it != sIndirectLayerTrees.end(); it++) - { -@@ -380,7 +400,10 @@ CompositorParent::ActorDestroy(ActorDestroyReason why) - if (mLayerManager) { - mLayerManager->Destroy(); - mLayerManager = nullptr; -- sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr; -+ { // scope lock -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr; -+ } - mCompositionManager = nullptr; - mCompositor = nullptr; - } -@@ -696,6 +719,7 @@ CompositorParent::DidComposite() - { - unused << SendDidComposite(0); - -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin(); - it != sIndirectLayerTrees.end(); it++) { - LayerTreeState* lts = &it->second; -@@ -867,6 +891,7 @@ CompositorParent::InitializeLayerManager(const nsTArray<LayersBackend>& aBackend - mLayerManager = layerManager; - MOZ_ASSERT(compositor); - mCompositor = compositor; -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = layerManager; - return; - } -@@ -969,6 +994,7 @@ CompositorParent::RecvNotifyChildCreated(const uint64_t& child) - void - CompositorParent::NotifyChildCreated(uint64_t aChild) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[aChild].mParent = this; - sIndirectLayerTrees[aChild].mLayerManager = mLayerManager; - } -@@ -985,6 +1011,7 @@ CompositorParent::AllocateLayerTreeId() - static void - EraseLayerState(uint64_t aId) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees.erase(aId); - } - -@@ -1001,6 +1028,7 @@ UpdateControllerForLayersId(uint64_t aLayersId, - GeckoContentController* aController) - { - // Adopt ref given to us by SetControllerForLayerTree() -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[aLayersId].mController = - already_AddRefed<GeckoContentController>(aController); - } -@@ -1010,12 +1038,15 @@ ScopedLayerTreeRegistration::ScopedLayerTreeRegistration(uint64_t aLayersId, - GeckoContentController* aController) - : mLayersId(aLayersId) - { -+ EnsureLayerTreeMapReady(); -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[aLayersId].mRoot = aRoot; - sIndirectLayerTrees[aLayersId].mController = aController; - } - - ScopedLayerTreeRegistration::~ScopedLayerTreeRegistration() - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees.erase(mLayersId); - } - -@@ -1175,6 +1206,7 @@ CompositorParent::CloneToplevel(const InfallibleTArray<mozilla::ipc::ProtocolFdM - static void - UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[aId].mRoot = aRoot; - sIndirectLayerTrees[aId].mTargetConfig = aTargetConfig; - } -@@ -1182,6 +1214,7 @@ UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig - /* static */ const CompositorParent::LayerTreeState* - CompositorParent::GetIndirectShadowTree(uint64_t aId) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - LayerTreeMap::const_iterator cit = sIndirectLayerTrees.find(aId); - if (sIndirectLayerTrees.end() == cit) { - return nullptr; -@@ -1189,12 +1222,6 @@ CompositorParent::GetIndirectShadowTree(uint64_t aId) - return &cit->second; - } - --static void --RemoveIndirectTree(uint64_t aId) --{ -- sIndirectLayerTrees.erase(aId); --} -- - void - CrossProcessCompositorParent::ActorDestroy(ActorDestroyReason aWhy) - { -@@ -1211,6 +1238,8 @@ CrossProcessCompositorParent::AllocPLayerTransactionParent(const nsTArray<Layers - { - MOZ_ASSERT(aId != 0); - -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ - if (sIndirectLayerTrees[aId].mLayerManager) { - sIndirectLayerTrees[aId].mCrossProcessParent = this; - LayerManagerComposite* lm = sIndirectLayerTrees[aId].mLayerManager; -@@ -1234,7 +1263,7 @@ bool - CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionParent* aLayers) - { - LayerTransactionParent* slp = static_cast<LayerTransactionParent*>(aLayers); -- RemoveIndirectTree(slp->GetId()); -+ EraseLayerState(slp->GetId()); - static_cast<LayerTransactionParent*>(aLayers)->ReleaseIPDLReference(); - return true; - } -@@ -1242,6 +1271,7 @@ CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionPa - bool - CrossProcessCompositorParent::RecvNotifyChildCreated(const uint64_t& child) - { -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); - sIndirectLayerTrees[child].mParent->NotifyChildCreated(child); - return true; - } -@@ -1269,7 +1299,12 @@ CrossProcessCompositorParent::ForceComposite(LayerTransactionParent* aLayerTree) - { - uint64_t id = aLayerTree->GetId(); - MOZ_ASSERT(id != 0); -- sIndirectLayerTrees[id].mParent->ForceComposite(aLayerTree); -+ CompositorParent* parent; -+ { // scope lock -+ MonitorAutoLock lock(*sIndirectLayerTreesLock); -+ parent = sIndirectLayerTrees[id].mParent; -+ } -+ parent->ForceComposite(aLayerTree); - } - - bool --- -2.2.1 - diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch deleted file mode 100644 index 869feaf7c6..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 3f0f685829445ae82974d61f6017fdb67349c32b Mon Sep 17 00:00:00 2001 -From: Dan Gohman <sunfish@mozilla.com> -Date: Fri, 9 Jan 2015 09:04:12 -0500 -Subject: [PATCH] Bug 1096138 - IonMonkey: Augment Nops with Mops to avoid - collisions with fixed live ranges. r=jandem, a=sledru - ---- - js/src/jit/CodeGenerator.cpp | 6 ++++++ - js/src/jit/CodeGenerator.h | 1 + - js/src/jit/LIR-Common.h | 6 ++++++ - js/src/jit/LOpcodes.h | 1 + - js/src/jit/Lowering.cpp | 12 ++++++++++++ - 5 files changed, 26 insertions(+) - -diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp -index 4f07524..ba14f86 100644 ---- a/js/src/jit/CodeGenerator.cpp -+++ b/js/src/jit/CodeGenerator.cpp -@@ -1077,6 +1077,12 @@ CodeGenerator::visitNop(LNop *lir) - } - - bool -+CodeGenerator::visitMop(LMop *lir) -+{ -+ return true; -+} -+ -+bool - CodeGenerator::visitOsiPoint(LOsiPoint *lir) - { - // Note: markOsiPoint ensures enough space exists between the last -diff --git a/js/src/jit/CodeGenerator.h b/js/src/jit/CodeGenerator.h -index 03677a5..dce095d 100644 ---- a/js/src/jit/CodeGenerator.h -+++ b/js/src/jit/CodeGenerator.h -@@ -58,6 +58,7 @@ class CodeGenerator : public CodeGeneratorSpecific - - bool visitLabel(LLabel *lir); - bool visitNop(LNop *lir); -+ bool visitMop(LMop *lir); - bool visitOsiPoint(LOsiPoint *lir); - bool visitGoto(LGoto *lir); - bool visitTableSwitch(LTableSwitch *ins); -diff --git a/js/src/jit/LIR-Common.h b/js/src/jit/LIR-Common.h -index c90aef9..e7a0e4c 100644 ---- a/js/src/jit/LIR-Common.h -+++ b/js/src/jit/LIR-Common.h -@@ -42,6 +42,12 @@ class LNop : public LInstructionHelper<0, 0, 0> - LIR_HEADER(Nop) - }; - -+class LMop : public LInstructionHelper<0, 0, 0> -+{ -+ public: -+ LIR_HEADER(Mop) -+}; -+ - // An LOsiPoint captures a snapshot after a call and ensures enough space to - // patch in a call to the invalidation mechanism. - // -diff --git a/js/src/jit/LOpcodes.h b/js/src/jit/LOpcodes.h -index a32d64f..cd7eef8 100644 ---- a/js/src/jit/LOpcodes.h -+++ b/js/src/jit/LOpcodes.h -@@ -10,6 +10,7 @@ - #define LIR_COMMON_OPCODE_LIST(_) \ - _(Label) \ - _(Nop) \ -+ _(Mop) \ - _(OsiPoint) \ - _(MoveGroup) \ - _(Integer) \ -diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp -index d5f8227..48b7fa9 100644 ---- a/js/src/jit/Lowering.cpp -+++ b/js/src/jit/Lowering.cpp -@@ -3616,12 +3616,24 @@ LIRGenerator::visitInstruction(MInstruction *ins) - ins->setInWorklistUnchecked(); - #endif - -+ // If we added a Nop for this instruction, we'll also add a Mop, so that -+ // that live-ranges for fixed register defs, which with LSRA extend through -+ // the Nop so that they can extend through the OsiPoint don't, with their -+ // one-extra extension, extend into a position where they use the input -+ // move group for the following instruction. -+ bool needsMop = !current->instructions().empty() && current->rbegin()->isNop(); -+ - // If no safepoint was created, there's no need for an OSI point. - if (LOsiPoint *osiPoint = popOsiPoint()) { - if (!add(osiPoint)) - return false; - } - -+ if (needsMop) { -+ if (!add(new(alloc()) LMop)) -+ return false; -+ } -+ - return true; - } - --- -2.2.1 - |