summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/gnuzilla.scm42
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0822.patch154
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch33
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch35
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch56
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch32
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch26
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch26
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch27
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch220
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch89
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch25
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch41
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch54
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch53
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch52
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch219
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch104
18 files changed, 11 insertions, 1277 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index bc74fa8d60..1d450cda64 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -216,7 +216,7 @@ standards.")
 (define-public icecat
   (package
     (name "icecat")
-    (version "31.4.0")
+    (version "31.5.0")
     (source
      (origin
       (method url-fetch)
@@ -224,29 +224,12 @@ standards.")
                           version "/" name "-" version ".tar.bz2"))
       (sha256
        (base32
-        "0q5ilgfybcrbwf9hq9zc1cpnlhq1pddnnjmdrxrcrrg8lgx5kkc2"))
-      (patches (map search-patch
-                    '("icecat-CVE-2015-0822.patch"
-                      "icecat-CVE-2015-0827-pt-1.patch"
-                      "icecat-CVE-2015-0827-pt-2.patch"
-                      "icecat-CVE-2015-0827-pt-3.patch"
-                      "icecat-CVE-2015-0831-pt-1.patch"
-                      "icecat-CVE-2015-0831-pt-2.patch"
-                      "icecat-CVE-2015-0836-pt-01.patch"
-                      "icecat-CVE-2015-0836-pt-02.patch"
-                      "icecat-CVE-2015-0836-pt-03.patch"
-                      "icecat-CVE-2015-0836-pt-04.patch"
-                      "icecat-CVE-2015-0836-pt-05.patch"
-                      "icecat-CVE-2015-0836-pt-06.patch"
-                      "icecat-CVE-2015-0836-pt-07.patch"
-                      "icecat-CVE-2015-0836-pt-08.patch"
-                      "icecat-CVE-2015-0836-pt-09.patch"
-                      "icecat-CVE-2015-0836-pt-10.patch"
-                      "icecat-CVE-2015-0836-pt-11.patch")))))
+        "1rr4axghaypdkrf60i1qp6dz4cd29ya02fs3vyffvp4x9kgcq2dd"))))
     (build-system gnu-build-system)
     (inputs
      `(("alsa-lib" ,alsa-lib)
        ("bzip2" ,bzip2)
+       ("cairo" ,cairo)
        ("dbus" ,dbus)
        ("dbus-glib" ,dbus-glib)
        ("glib" ,glib)
@@ -264,6 +247,8 @@ standards.")
        ("pixman" ,pixman)
        ("pulseaudio" ,pulseaudio)
        ("mesa" ,mesa)
+       ("nspr" ,nspr)
+       ("nss" ,nss)
        ("unzip" ,unzip)
        ("yasm" ,yasm)
        ("zip" ,zip)
@@ -290,19 +275,15 @@ standards.")
                            "--with-system-libevent"
                            "--with-system-libvpx"
                            "--with-system-icu"
+                           "--with-system-nspr"
+                           "--with-system-nss"
                            "--enable-system-pixman"
-
-                           ;; XXX unsure whether to use these.
-                           ;; "--with-system-nspr"
-                           ;; "--with-system-nss"
-
-                           ;; Fails with "configure: error: Library requirements
-                           ;; (cairo-tee >= 1.10) not met".
-                           ;; "--enable-system-cairo"
+                           "--enable-system-cairo"
+                           "--enable-system-ffi"
 
                            ;; Fails with "configure: error: System
                            ;; SQLite library is not compiled with
-                           ;; SQLITE_SECURE_DELETE."
+                           ;; SQLITE_ENABLE_UNLOCK_NOTIFY."
                            ;; "--enable-system-sqlite"
 
                            ;; Fails with "--with-system-png won't work because
@@ -324,8 +305,7 @@ standards.")
                            ;; to accelerate baseline JPEG compression/
                            ;; decompression", so we had better not use it
                            ;; "--with-system-jpeg"
-
-                           "--enable-system-ffi")
+                           )
 
        #:phases
        (alist-replace
diff --git a/gnu/packages/patches/icecat-CVE-2015-0822.patch b/gnu/packages/patches/icecat-CVE-2015-0822.patch
deleted file mode 100644
index 2625151453..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0822.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From 0922145c255bf2503d3b2dd5f8f1e813338ba990 Mon Sep 17 00:00:00 2001
-From: Mats Palmgren <mats@mozilla.com>
-Date: Sat, 24 Jan 2015 12:37:47 -0500
-Subject: [PATCH] Bug 1110557. r=mak, r=gavin, a=bkerensa
-
----
- .../components/satchel/nsFormFillController.cpp    | 67 +++++++++++++++-------
- toolkit/components/satchel/nsFormFillController.h  |  5 ++
- 2 files changed, 52 insertions(+), 20 deletions(-)
-
-diff --git a/toolkit/components/satchel/nsFormFillController.cpp b/toolkit/components/satchel/nsFormFillController.cpp
-index 315fc68..676ad84 100644
---- a/toolkit/components/satchel/nsFormFillController.cpp
-+++ b/toolkit/components/satchel/nsFormFillController.cpp
-@@ -61,6 +61,7 @@ nsFormFillController::nsFormFillController() :
-   mSuppressOnInput(false)
- {
-   mController = do_GetService("@mozilla.org/autocomplete/controller;1");
-+  MOZ_ASSERT(mController);
- }
- 
- struct PwmgrInputsEnumData
-@@ -104,6 +105,21 @@ nsFormFillController::AttributeChanged(nsIDocument* aDocument,
-                                        int32_t aNameSpaceID,
-                                        nsIAtom* aAttribute, int32_t aModType)
- {
-+  if ((aAttribute == nsGkAtoms::type || aAttribute == nsGkAtoms::readonly ||
-+       aAttribute == nsGkAtoms::autocomplete) &&
-+      aNameSpaceID == kNameSpaceID_None) {
-+    nsCOMPtr<nsIDOMHTMLInputElement> focusedInput(mFocusedInput);
-+    // Reset the current state of the controller, unconditionally.
-+    StopControllingInput();
-+    // Then restart based on the new values.  We have to delay this
-+    // to avoid ending up in an endless loop due to re-registering our
-+    // mutation observer (which would notify us again for *this* event).
-+    nsCOMPtr<nsIRunnable> event =
-+      NS_NewRunnableMethodWithArg<nsCOMPtr<nsIDOMHTMLInputElement>>
-+      (this, &nsFormFillController::MaybeStartControllingInput, focusedInput);
-+    NS_DispatchToCurrentThread(event);
-+  }
-+
-   if (mListNode && mListNode->Contains(aElement)) {
-     RevalidateDataList();
-   }
-@@ -841,28 +857,26 @@ nsFormFillController::RemoveForDocumentEnumerator(const nsINode* aKey,
-   return PL_DHASH_NEXT;
- }
- 
--nsresult
--nsFormFillController::Focus(nsIDOMEvent* aEvent)
-+void
-+nsFormFillController::MaybeStartControllingInput(nsIDOMHTMLInputElement* aInput)
- {
--  nsCOMPtr<nsIDOMHTMLInputElement> input = do_QueryInterface(
--    aEvent->InternalDOMEvent()->GetTarget());
--  nsCOMPtr<nsINode> inputNode = do_QueryInterface(input);
-+  nsCOMPtr<nsINode> inputNode = do_QueryInterface(aInput);
-   if (!inputNode)
--    return NS_OK;
-+    return;
- 
--  nsCOMPtr<nsIFormControl> formControl = do_QueryInterface(input);
-+  nsCOMPtr<nsIFormControl> formControl = do_QueryInterface(aInput);
-   if (!formControl || !formControl->IsSingleLineTextControl(true))
--    return NS_OK;
-+    return;
- 
-   bool isReadOnly = false;
--  input->GetReadOnly(&isReadOnly);
-+  aInput->GetReadOnly(&isReadOnly);
-   if (isReadOnly)
--    return NS_OK;
-+    return;
- 
--  bool autocomplete = nsContentUtils::IsAutocompleteEnabled(input);
-+  bool autocomplete = nsContentUtils::IsAutocompleteEnabled(aInput);
- 
-   nsCOMPtr<nsIDOMHTMLElement> datalist;
--  input->GetList(getter_AddRefs(datalist));
-+  aInput->GetList(getter_AddRefs(datalist));
-   bool hasList = datalist != nullptr;
- 
-   bool dummy;
-@@ -871,9 +885,16 @@ nsFormFillController::Focus(nsIDOMEvent* aEvent)
-       isPwmgrInput = true;
- 
-   if (isPwmgrInput || hasList || autocomplete) {
--    StartControllingInput(input);
-+    StartControllingInput(aInput);
-   }
-+}
- 
-+nsresult
-+nsFormFillController::Focus(nsIDOMEvent* aEvent)
-+{
-+  nsCOMPtr<nsIDOMHTMLInputElement> input = do_QueryInterface(
-+    aEvent->InternalDOMEvent()->GetTarget());
-+  MaybeStartControllingInput(input);
-   return NS_OK;
- }
- 
-@@ -1087,6 +1108,10 @@ nsFormFillController::StartControllingInput(nsIDOMHTMLInputElement *aInput)
-   // Make sure we're not still attached to an input
-   StopControllingInput();
- 
-+  if (!mController) {
-+    return;
-+  }
-+
-   // Find the currently focused docShell
-   nsCOMPtr<nsIDocShell> docShell = GetDocShellForInput(aInput);
-   int32_t index = GetIndexOfDocShell(docShell);
-@@ -1129,13 +1154,15 @@ nsFormFillController::StopControllingInput()
-     mListNode = nullptr;
-   }
- 
--  // Reset the controller's input, but not if it has been switched
--  // to another input already, which might happen if the user switches
--  // focus by clicking another autocomplete textbox
--  nsCOMPtr<nsIAutoCompleteInput> input;
--  mController->GetInput(getter_AddRefs(input));
--  if (input == this)
--    mController->SetInput(nullptr);
-+  if (mController) {
-+    // Reset the controller's input, but not if it has been switched
-+    // to another input already, which might happen if the user switches
-+    // focus by clicking another autocomplete textbox
-+    nsCOMPtr<nsIAutoCompleteInput> input;
-+    mController->GetInput(getter_AddRefs(input));
-+    if (input == this)
-+      mController->SetInput(nullptr);
-+  }
- 
-   if (mFocusedInputNode) {
-     MaybeRemoveMutationObserver(mFocusedInputNode);
-diff --git a/toolkit/components/satchel/nsFormFillController.h b/toolkit/components/satchel/nsFormFillController.h
-index b60d28d..8c3ba26 100644
---- a/toolkit/components/satchel/nsFormFillController.h
-+++ b/toolkit/components/satchel/nsFormFillController.h
-@@ -62,6 +62,11 @@ protected:
- 
-   void StartControllingInput(nsIDOMHTMLInputElement *aInput);
-   void StopControllingInput();
-+  /**
-+   * Checks that aElement is a type of element we want to fill, then calls
-+   * StartControllingInput on it.
-+   */
-+  void MaybeStartControllingInput(nsIDOMHTMLInputElement* aElement);
- 
-   nsresult PerformInputListAutoComplete(nsIAutoCompleteResult* aPreviousResult);
- 
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch
deleted file mode 100644
index c57da755d1..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 28b6204b1421aa57b3c10c43d90cb516910bc80f Mon Sep 17 00:00:00 2001
-From: Markus Stange <mstange@themasta.com>
-Date: Tue, 6 Jan 2015 12:08:39 +0100
-Subject: [PATCH] Bug 1117304 - Also do the checks at the start of CopyRect in
- release builds. r=Bas, a=sledru
-
----
- gfx/2d/FilterNodeSoftware.cpp | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp
-index 00d790f..396d0da 100644
---- a/gfx/2d/FilterNodeSoftware.cpp
-+++ b/gfx/2d/FilterNodeSoftware.cpp
-@@ -253,9 +253,12 @@ CopyRect(DataSourceSurface* aSrc, DataSourceSurface* aDest,
-     MOZ_CRASH("we should never be getting invalid rects at this point");
-   }
- 
--  MOZ_ASSERT(aSrc->GetFormat() == aDest->GetFormat(), "different surface formats");
--  MOZ_ASSERT(IntRect(IntPoint(), aSrc->GetSize()).Contains(aSrcRect), "source rect too big for source surface");
--  MOZ_ASSERT(IntRect(IntPoint(), aDest->GetSize()).Contains(aSrcRect - aSrcRect.TopLeft() + aDestPoint), "dest surface too small");
-+  MOZ_RELEASE_ASSERT(aSrc->GetFormat() == aDest->GetFormat(),
-+                     "different surface formats");
-+  MOZ_RELEASE_ASSERT(IntRect(IntPoint(), aSrc->GetSize()).Contains(aSrcRect),
-+                     "source rect too big for source surface");
-+  MOZ_RELEASE_ASSERT(IntRect(IntPoint(), aDest->GetSize()).Contains(IntRect(aDestPoint, aSrcRect.Size())),
-+                     "dest surface too small");
- 
-   if (aSrcRect.IsEmpty()) {
-     return;
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch
deleted file mode 100644
index 1ff68f4b4c..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 5ff75fbe51d5760a96b4e614617c9cbf35f1fbaa Mon Sep 17 00:00:00 2001
-From: Markus Stange <mstange@themasta.com>
-Date: Mon, 5 Jan 2015 18:40:27 +0100
-Subject: [PATCH] Bug 1117304 - Make sure the tile filter doesn't call CopyRect
- on surfaces with different formats. r=Bas, a=sledru
-
----
- gfx/2d/FilterNodeSoftware.cpp | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp
-index 396d0da..10d92c6 100644
---- a/gfx/2d/FilterNodeSoftware.cpp
-+++ b/gfx/2d/FilterNodeSoftware.cpp
-@@ -1568,7 +1568,16 @@ FilterNodeTileSoftware::Render(const IntRect& aRect)
-           return nullptr;
-         }
-       }
--      MOZ_ASSERT(input->GetFormat() == target->GetFormat(), "different surface formats from the same input?");
-+
-+      if (input->GetFormat() != target->GetFormat()) {
-+        // Different rectangles of the input can have different formats. If
-+        // that happens, just convert everything to B8G8R8A8.
-+        target = FilterProcessing::ConvertToB8G8R8A8(target);
-+        input = FilterProcessing::ConvertToB8G8R8A8(input);
-+        if (MOZ2D_WARN_IF(!target) || MOZ2D_WARN_IF(!input)) {
-+          return nullptr;
-+        }
-+      }
- 
-       CopyRect(input, target, srcRect - srcRect.TopLeft(), destRect.TopLeft() - aRect.TopLeft());
-     }
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch
deleted file mode 100644
index 8d40126849..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From c91087708686ae1c47abee65e19536688e5ec8f2 Mon Sep 17 00:00:00 2001
-From: Ryan VanderMeulen <ryanvm@gmail.com>
-Date: Mon, 26 Jan 2015 17:24:46 -0500
-Subject: [PATCH] Bug 1117304 - Add missing MOZ2D_WARN_IF definition to fix
- bustage. r=milan, a=bustage
-
----
- gfx/2d/FilterNodeSoftware.cpp |  1 +
- gfx/2d/Logging.h              | 19 +++++++++++++++++++
- 2 files changed, 20 insertions(+)
-
-diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp
-index 10d92c6..48bf162 100644
---- a/gfx/2d/FilterNodeSoftware.cpp
-+++ b/gfx/2d/FilterNodeSoftware.cpp
-@@ -12,6 +12,7 @@
- #include "Blur.h"
- #include <map>
- #include "FilterProcessing.h"
-+#include "Logging.h"
- #include "mozilla/PodOperations.h"
- #include "mozilla/DebugOnly.h"
- 
-diff --git a/gfx/2d/Logging.h b/gfx/2d/Logging.h
-index 85e788c..d7728bb 100644
---- a/gfx/2d/Logging.h
-+++ b/gfx/2d/Logging.h
-@@ -155,6 +155,25 @@ typedef Log<LOG_WARNING> WarningLog;
- #define gfxWarning if (1) ; else NoLog
- #endif
- 
-+// See nsDebug.h and the NS_WARN_IF macro
-+
-+#ifdef __cplusplus
-+#ifdef DEBUG
-+inline bool MOZ2D_warn_if_impl(bool aCondition, const char* aExpr,
-+                               const char* aFile, int32_t aLine)
-+{
-+  if (MOZ_UNLIKELY(aCondition)) {
-+    gfxWarning() << aExpr << " at " << aFile << ":" << aLine;
-+  }
-+  return aCondition;
-+}
-+#define MOZ2D_WARN_IF(condition) \
-+  MOZ2D_warn_if_impl(condition, #condition, __FILE__, __LINE__)
-+#else
-+#define MOZ2D_WARN_IF(condition) (bool)(condition)
-+#endif
-+#endif
-+
- const int INDENT_PER_LEVEL = 2;
- 
- class TreeLog
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch b/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch
deleted file mode 100644
index c04d604923..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c8437505a63fc2b2552b8af217d60d79abb92ba3 Mon Sep 17 00:00:00 2001
-From: Ben Turner <bent.mozilla@gmail.com>
-Date: Fri, 6 Feb 2015 15:25:33 -0800
-Subject: [PATCH] Bug 1130541. r=janv, a=sledru
-
----
- dom/indexedDB/IDBDatabase.cpp | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dom/indexedDB/IDBDatabase.cpp b/dom/indexedDB/IDBDatabase.cpp
-index 7329cec..c9c7e4f 100644
---- a/dom/indexedDB/IDBDatabase.cpp
-+++ b/dom/indexedDB/IDBDatabase.cpp
-@@ -536,6 +536,7 @@ IDBDatabase::CreateObjectStore(
-   IDBTransaction* transaction = AsyncConnectionHelper::GetCurrentTransaction();
- 
-   if (!transaction ||
-+      transaction->Database() != this ||
-       transaction->GetMode() != IDBTransaction::VERSION_CHANGE) {
-     aRv.Throw(NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR);
-     return nullptr;
-@@ -577,6 +578,7 @@ IDBDatabase::DeleteObjectStore(const nsAString& aName, ErrorResult& aRv)
-   IDBTransaction* transaction = AsyncConnectionHelper::GetCurrentTransaction();
- 
-   if (!transaction ||
-+      transaction->Database() != this ||
-       transaction->GetMode() != IDBTransaction::VERSION_CHANGE) {
-     aRv.Throw(NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR);
-     return;
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch b/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch
deleted file mode 100644
index 9510cd611f..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 4e799e44288c951f8d9acd17e7d8c56c9ee6a7d3 Mon Sep 17 00:00:00 2001
-From: Ben Turner <bent.mozilla@gmail.com>
-Date: Mon, 9 Feb 2015 14:38:26 -0800
-Subject: [PATCH] Bug 1130541 followup a=test-only
-
---HG--
-extra : amend_source : 23d80353f87897fdac9c99048d12ebe4ed390f76
----
- dom/indexedDB/test/browser_quotaPrompt.html | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/dom/indexedDB/test/browser_quotaPrompt.html b/dom/indexedDB/test/browser_quotaPrompt.html
-index c139970..dbeea68 100644
---- a/dom/indexedDB/test/browser_quotaPrompt.html
-+++ b/dom/indexedDB/test/browser_quotaPrompt.html
-@@ -38,6 +38,7 @@
-         let request = indexedDB.open(window.location.pathname, version++);
-         request.onerror = errorHandler;
-         request.onupgradeneeded = function(event) {
-+          let db = event.target.result;
-           db.deleteObjectStore("foo");
-           db.onversionchange = function () { db.close(); };
-           request.transaction.oncomplete = function(event) {
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch
deleted file mode 100644
index f6e2756054..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 4106ffa6ee83b814428bb07948b3595e3fa3847e Mon Sep 17 00:00:00 2001
-From: Jan de Mooij <jdemooij@mozilla.com>
-Date: Tue, 10 Feb 2015 09:40:46 +0100
-Subject: [PATCH] Bug 1128196 - Don't relazify scripts with a TypeScript.
- r=till, a=lmandel
-
----
- js/src/jsscript.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/js/src/jsscript.h b/js/src/jsscript.h
-index 4d548ef..9a0cfbb 100644
---- a/js/src/jsscript.h
-+++ b/js/src/jsscript.h
-@@ -1251,7 +1251,7 @@ class JSScript : public js::gc::BarrieredCell<JSScript>
-     }
- 
-     bool isRelazifiable() const {
--        return (selfHosted() || lazyScript) &&
-+        return (selfHosted() || lazyScript) && !types &&
-                !isGenerator() && !hasBaselineScript() && !hasAnyIonScript() && !hasBeenInlined();
-     }
-     void setLazyScript(js::LazyScript *lazy) {
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch
deleted file mode 100644
index c95cf23a29..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 83c4bfeea2d2203f726e3bfcb7ee6fe56b4d9703 Mon Sep 17 00:00:00 2001
-From: Ryan VanderMeulen <ryanvm@gmail.com>
-Date: Thu, 29 Jan 2015 10:31:25 -0500
-Subject: [PATCH] Bug 1111248. r=Waldo, a=sledru
-
----
- js/src/jsbool.cpp | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/js/src/jsbool.cpp b/js/src/jsbool.cpp
-index 5d88bd5..8d5d672 100644
---- a/js/src/jsbool.cpp
-+++ b/js/src/jsbool.cpp
-@@ -198,7 +198,8 @@ js::ToBooleanSlow(HandleValue v)
- bool
- js::BooleanGetPrimitiveValueSlow(HandleObject wrappedBool)
- {
--    JSObject *obj = wrappedBool->as<ProxyObject>().target();
--    JS_ASSERT(obj);
-+    JSObject *obj = CheckedUnwrap(wrappedBool);
-+    if (!obj || !obj->is<BooleanObject>())
-+        return false;
-     return obj->as<BooleanObject>().unbox();
- }
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch
deleted file mode 100644
index 115cd76201..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch
+++ /dev/null
@@ -1,220 +0,0 @@
-From 4e4e34238e5bb5af83a645a5f4d2097e3b30e9dd Mon Sep 17 00:00:00 2001
-From: Tom Schuster <evilpies@gmail.com>
-Date: Sun, 25 Jan 2015 21:42:10 +0100
-Subject: [PATCH] Bug 1111243 - Implement ES6 proxy behavior for IsArray.
- r=efaust, a=abillings
-
----
- browser/devtools/app-manager/app-projects.js |  2 ++
- js/public/Class.h                            |  5 +++-
- js/src/jsarray.cpp                           |  9 ++++--
- js/src/jsobjinlines.h                        | 15 +++++++++-
- js/src/json.cpp                              | 11 +++----
- js/src/jsproxy.cpp                           | 45 ++++++++++++++++++++++++++++
- 6 files changed, 78 insertions(+), 9 deletions(-)
-
-diff --git a/browser/devtools/app-manager/app-projects.js b/browser/devtools/app-manager/app-projects.js
-index d09f72f..77ca67b 100644
---- a/browser/devtools/app-manager/app-projects.js
-+++ b/browser/devtools/app-manager/app-projects.js
-@@ -61,6 +61,8 @@ const IDB = {
-   add: function(project) {
-     let deferred = promise.defer();
- 
-+    project = JSON.parse(JSON.stringify(project));
-+
-     if (!project.location) {
-       // We need to make sure this object has a `.location` property.
-       deferred.reject("Missing location property on project object.");
-diff --git a/js/public/Class.h b/js/public/Class.h
-index ff864b1..46f7d39 100644
---- a/js/public/Class.h
-+++ b/js/public/Class.h
-@@ -521,7 +521,10 @@ Valueify(const JSClass *c)
-  */
- enum ESClassValue {
-     ESClass_Array, ESClass_Number, ESClass_String, ESClass_Boolean,
--    ESClass_RegExp, ESClass_ArrayBuffer, ESClass_Date
-+    ESClass_RegExp, ESClass_ArrayBuffer, ESClass_Date,
-+    // Special snowflake for the ES6 IsArray method.
-+    // Please don't use it without calling that function.
-+    ESClass_IsArray
- };
- 
- /*
-diff --git a/js/src/jsarray.cpp b/js/src/jsarray.cpp
-index 24da176..46f1c20 100644
---- a/js/src/jsarray.cpp
-+++ b/js/src/jsarray.cpp
-@@ -2645,7 +2645,8 @@ js::array_concat(JSContext *cx, unsigned argc, Value *vp)
-         HandleValue v = HandleValue::fromMarkedLocation(&p[i]);
-         if (v.isObject()) {
-             RootedObject obj(cx, &v.toObject());
--            if (ObjectClassIs(obj, ESClass_Array, cx)) {
-+            // This should be IsConcatSpreadable
-+            if (IsArray(obj, cx)) {
-                 uint32_t alength;
-                 if (!GetLengthProperty(cx, obj, &alength))
-                     return false;
-@@ -2870,7 +2871,11 @@ static bool
- array_isArray(JSContext *cx, unsigned argc, Value *vp)
- {
-     CallArgs args = CallArgsFromVp(argc, vp);
--    bool isArray = args.length() > 0 && IsObjectWithClass(args[0], ESClass_Array, cx);
-+    bool isArray = false;
-+    if (args.get(0).isObject()) {
-+        RootedObject obj(cx, &args[0].toObject());
-+        isArray = IsArray(obj, cx);
-+    }
-     args.rval().setBoolean(isArray);
-     return true;
- }
-diff --git a/js/src/jsobjinlines.h b/js/src/jsobjinlines.h
-index e848ba7..557dd26 100644
---- a/js/src/jsobjinlines.h
-+++ b/js/src/jsobjinlines.h
-@@ -1032,7 +1032,10 @@ ObjectClassIs(HandleObject obj, ESClassValue classValue, JSContext *cx)
-         return Proxy::objectClassIs(obj, classValue, cx);
- 
-     switch (classValue) {
--      case ESClass_Array: return obj->is<ArrayObject>();
-+      case ESClass_Array:
-+      case ESClass_IsArray:
-+        // There difference between those is only relevant for proxies.
-+        return obj->is<ArrayObject>();
-       case ESClass_Number: return obj->is<NumberObject>();
-       case ESClass_String: return obj->is<StringObject>();
-       case ESClass_Boolean: return obj->is<BooleanObject>();
-@@ -1053,6 +1056,16 @@ IsObjectWithClass(const Value &v, ESClassValue classValue, JSContext *cx)
-     return ObjectClassIs(obj, classValue, cx);
- }
- 
-+// ES6 7.2.2
-+inline bool
-+IsArray(HandleObject obj, JSContext *cx)
-+{
-+    if (obj->is<ArrayObject>())
-+        return true;
-+
-+    return ObjectClassIs(obj, ESClass_IsArray, cx);
-+}
-+
- static MOZ_ALWAYS_INLINE bool
- NewObjectMetadata(ExclusiveContext *cxArg, JSObject **pmetadata)
- {
-diff --git a/js/src/json.cpp b/js/src/json.cpp
-index 6e45bfd..81a99a6 100644
---- a/js/src/json.cpp
-+++ b/js/src/json.cpp
-@@ -300,7 +300,7 @@ JO(JSContext *cx, HandleObject obj, StringifyContext *scx)
-     Maybe<AutoIdVector> ids;
-     const AutoIdVector *props;
-     if (scx->replacer && !scx->replacer->isCallable()) {
--        JS_ASSERT(JS_IsArrayObject(cx, scx->replacer));
-+        JS_ASSERT(IsArray(scx->replacer, cx));
-         props = &scx->propertyList;
-     } else {
-         JS_ASSERT_IF(scx->replacer, scx->propertyList.length() == 0);
-@@ -488,7 +488,7 @@ Str(JSContext *cx, const Value &v, StringifyContext *scx)
- 
-     scx->depth++;
-     bool ok;
--    if (ObjectClassIs(obj, ESClass_Array, cx))
-+    if (IsArray(obj, cx))
-         ok = JA(cx, obj, scx);
-     else
-         ok = JO(cx, obj, scx);
-@@ -510,7 +510,7 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp
-     if (replacer) {
-         if (replacer->isCallable()) {
-             /* Step 4a(i): use replacer to transform values.  */
--        } else if (ObjectClassIs(replacer, ESClass_Array, cx)) {
-+        } else if (IsArray(replacer, cx)) {
-             /*
-              * Step 4b: The spec algorithm is unhelpfully vague about the exact
-              * steps taken when the replacer is an array, regarding the exact
-@@ -541,7 +541,8 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp
- 
-             /* Step 4b(ii). */
-             uint32_t len;
--            JS_ALWAYS_TRUE(GetLengthProperty(cx, replacer, &len));
-+            if (!GetLengthProperty(cx, replacer, &len))
-+                return false;
-             if (replacer->is<ArrayObject>() && !replacer->isIndexed())
-                 len = Min(len, replacer->getDenseInitializedLength());
- 
-@@ -678,7 +679,7 @@ Walk(JSContext *cx, HandleObject holder, HandleId name, HandleValue reviver, Mut
-     if (val.isObject()) {
-         RootedObject obj(cx, &val.toObject());
- 
--        if (ObjectClassIs(obj, ESClass_Array, cx)) {
-+        if (IsArray(obj, cx)) {
-             /* Step 2a(ii). */
-             uint32_t length;
-             if (!GetLengthProperty(cx, obj, &length))
-diff --git a/js/src/jsproxy.cpp b/js/src/jsproxy.cpp
-index 7644da1..7453103 100644
---- a/js/src/jsproxy.cpp
-+++ b/js/src/jsproxy.cpp
-@@ -1108,6 +1108,14 @@ class ScriptedDirectProxyHandler : public DirectProxyHandler {
-     virtual bool isExtensible(JSContext *cx, HandleObject proxy, bool *extensible) MOZ_OVERRIDE;
- 
-     /* Spidermonkey extensions. */
-+    // A scripted proxy should not be treated as generic in most contexts.
-+    virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
-+                            CallArgs args) MOZ_OVERRIDE;
-+    virtual bool objectClassIs(HandleObject obj, ESClassValue classValue,
-+                               JSContext *cx) MOZ_OVERRIDE;
-+    virtual bool regexp_toShared(JSContext *cx, HandleObject proxy,
-+                                 RegExpGuard *g) MOZ_OVERRIDE;
-+
-     virtual bool call(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE;
-     virtual bool construct(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE;
-     virtual bool isScripted() MOZ_OVERRIDE { return true; }
-@@ -2350,6 +2358,43 @@ ScriptedDirectProxyHandler::construct(JSContext *cx, HandleObject proxy, const C
-     return true;
- }
- 
-+bool
-+ScriptedDirectProxyHandler::nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
-+                                       CallArgs args)
-+{
-+    ReportIncompatible(cx, args);
-+    return false;
-+}
-+
-+bool
-+ScriptedDirectProxyHandler::objectClassIs(HandleObject proxy, ESClassValue classValue,
-+                                          JSContext *cx)
-+{
-+    // Special case IsArray. In every other instance ES wants to have exactly
-+    // one object type and not a proxy around it, so return false.
-+    if (classValue != ESClass_IsArray)
-+        return false;
-+
-+    // In ES6 IsArray is supposed to poke at the Proxy target, instead we do this here.
-+    // The reason for this is that we have proxies for which looking at the target might
-+    // be impossible. So instead we use our little objectClassIs function that just works
-+    // already across different wrappers.
-+    RootedObject target(cx, proxy->as<ProxyObject>().target());
-+    if (!target)
-+        return false;
-+
-+    return IsArray(target, cx);
-+}
-+
-+bool
-+ScriptedDirectProxyHandler::regexp_toShared(JSContext *cx, HandleObject proxy,
-+                                            RegExpGuard *g)
-+{
-+    MOZ_CRASH("Should not end up in ScriptedDirectProxyHandler::regexp_toShared");
-+    return false;
-+}
-+
-+
- ScriptedDirectProxyHandler ScriptedDirectProxyHandler::singleton;
- 
- #define INVOKE_ON_PROTOTYPE(cx, handler, proxy, protoCall)                   \
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch
deleted file mode 100644
index 58e61d080c..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 97ba04bf95606b409b1b3035504a41c274ecffe2 Mon Sep 17 00:00:00 2001
-From: Shu-yu Guo <shu@rfrn.org>
-Date: Mon, 26 Jan 2015 18:26:25 -0800
-Subject: [PATCH] Bug 1119579 - Don't GC while iterating compartments in
- findAllGlobals. r=sfink, a=abillings
-
----
- js/src/vm/Debugger.cpp | 56 ++++++++++++++++++++++++++++++--------------------
- 1 file changed, 34 insertions(+), 22 deletions(-)
-
-diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp
-index 27e993d..a8decef 100644
---- a/js/src/vm/Debugger.cpp
-+++ b/js/src/vm/Debugger.cpp
-@@ -2825,37 +2825,49 @@ Debugger::findAllGlobals(JSContext *cx, unsigned argc, Value *vp)
- {
-     THIS_DEBUGGER(cx, argc, vp, "findAllGlobals", args, dbg);
- 
--    RootedObject result(cx, NewDenseEmptyArray(cx));
--    if (!result)
--        return false;
-+    AutoObjectVector globals(cx);
- 
--    for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) {
--        if (c->options().invisibleToDebugger())
--            continue;
-+    {
-+        // Accumulate the list of globals before wrapping them, because
-+        // wrapping can GC and collect compartments from under us, while
-+        // iterating.
- 
--        c->zone()->scheduledForDestruction = false;
-+        for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) {
-+            if (c->options().invisibleToDebugger())
-+                continue;
- 
--        GlobalObject *global = c->maybeGlobal();
-+            c->zone()->scheduledForDestruction = false;
- 
--        if (cx->runtime()->isSelfHostingGlobal(global))
--            continue;
-+            GlobalObject *global = c->maybeGlobal();
- 
--        if (global) {
--            /*
--             * We pulled |global| out of nowhere, so it's possible that it was
--             * marked gray by XPConnect. Since we're now exposing it to JS code,
--             * we need to mark it black.
--             */
--            JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT);
-+            if (cx->runtime()->isSelfHostingGlobal(global))
-+                continue;
- 
--            RootedValue globalValue(cx, ObjectValue(*global));
--            if (!dbg->wrapDebuggeeValue(cx, &globalValue))
--                return false;
--            if (!NewbornArrayPush(cx, result, globalValue))
--                return false;
-+            if (global) {
-+                /*
-+                 * We pulled |global| out of nowhere, so it's possible that it was
-+                 * marked gray by XPConnect. Since we're now exposing it to JS code,
-+                 * we need to mark it black.
-+                 */
-+                JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT);
-+                if (!globals.append(global))
-+                    return false;
-+            }
-         }
-     }
- 
-+    RootedObject result(cx, NewDenseEmptyArray(cx));
-+    if (!result)
-+        return false;
-+
-+    for (size_t i = 0; i < globals.length(); i++) {
-+        RootedValue globalValue(cx, ObjectValue(*globals[i]));
-+        if (!dbg->wrapDebuggeeValue(cx, &globalValue))
-+            return false;
-+        if (!NewbornArrayPush(cx, result, globalValue))
-+            return false;
-+    }
-+
-     args.rval().setObject(*result);
-     return true;
- }
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch
deleted file mode 100644
index 3e4ed17598..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 746ddf19ff532b8abc90d3a91322a04b462ebfa8 Mon Sep 17 00:00:00 2001
-From: Brian Hackett <bhackett1024@gmail.com>
-Date: Mon, 26 Jan 2015 13:14:34 -0500
-Subject: [PATCH] Bug 1124018 - Null the allocation site table if
- initialization fails. r=jonco, a=bkerensa
-
----
- js/src/jsinfer.cpp | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/js/src/jsinfer.cpp b/js/src/jsinfer.cpp
-index b62ad1f..4019b16 100644
---- a/js/src/jsinfer.cpp
-+++ b/js/src/jsinfer.cpp
-@@ -2035,6 +2035,7 @@ TypeCompartment::addAllocationSiteTypeObject(JSContext *cx, AllocationSiteKey ke
-         allocationSiteTable = cx->new_<AllocationSiteTable>();
-         if (!allocationSiteTable || !allocationSiteTable->init()) {
-             js_delete(allocationSiteTable);
-+            allocationSiteTable = nullptr;
-             return nullptr;
-         }
-     }
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch
deleted file mode 100644
index 181f9243e3..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0758363d982b0b3e6cf021c164715a028a345b9e Mon Sep 17 00:00:00 2001
-From: "Byron Campen [:bwc]" <docfaraday@gmail.com>
-Date: Wed, 21 Jan 2015 08:56:36 -0800
-Subject: [PATCH] Bug 1123882 - Fix case where offset != 0. r=derf, a=bkerensa
-
----
- content/media/MediaDecoderStateMachine.cpp | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/content/media/MediaDecoderStateMachine.cpp b/content/media/MediaDecoderStateMachine.cpp
-index ce5870f..4ed496c 100644
---- a/content/media/MediaDecoderStateMachine.cpp
-+++ b/content/media/MediaDecoderStateMachine.cpp
-@@ -328,6 +328,8 @@ void MediaDecoderStateMachine::SendStreamAudio(AudioData* aAudio,
-   if (offset >= aAudio->mFrames)
-     return;
- 
-+  size_t framesToWrite = aAudio->mFrames - offset;
-+
-   aAudio->EnsureAudioBuffer();
-   nsRefPtr<SharedBuffer> buffer = aAudio->mAudioBuffer;
-   AudioDataValue* bufferData = static_cast<AudioDataValue*>(buffer->Data());
-@@ -335,10 +337,11 @@ void MediaDecoderStateMachine::SendStreamAudio(AudioData* aAudio,
-   for (uint32_t i = 0; i < aAudio->mChannels; ++i) {
-     channels.AppendElement(bufferData + i*aAudio->mFrames + offset);
-   }
--  aOutput->AppendFrames(buffer.forget(), channels, aAudio->mFrames);
--  VERBOSE_LOG("writing %d frames of data to MediaStream for AudioData at %lld",
--              aAudio->mFrames - int32_t(offset), aAudio->mTime);
--  aStream->mAudioFramesWritten += aAudio->mFrames - int32_t(offset);
-+  aOutput->AppendFrames(buffer.forget(), channels, framesToWrite);
-+  VERBOSE_LOG("writing %u frames of data to MediaStream for AudioData at %lld",
-+              static_cast<unsigned>(framesToWrite),
-+              aAudio->mTime);
-+  aStream->mAudioFramesWritten += framesToWrite;
- }
- 
- static void WriteVideoToMediaStream(layers::Image* aImage,
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch
deleted file mode 100644
index 818d369b26..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 94899f849e50a765bb26420f5c70d49002d6673f Mon Sep 17 00:00:00 2001
-From: Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
-Date: Mon, 26 Jan 2015 16:07:00 -0500
-Subject: [PATCH] Bug 1117406 - Fix handling of out-of-range PNG tRNS values.
- r=jmuizelaar, a=abillings
-
----
- image/decoders/nsPNGDecoder.cpp | 22 ++++++++++++----------
- 1 file changed, 12 insertions(+), 10 deletions(-)
-
-diff --git a/image/decoders/nsPNGDecoder.cpp b/image/decoders/nsPNGDecoder.cpp
-index acaa835..8e6bc2d 100644
---- a/image/decoders/nsPNGDecoder.cpp
-+++ b/image/decoders/nsPNGDecoder.cpp
-@@ -528,24 +528,26 @@ nsPNGDecoder::info_callback(png_structp png_ptr, png_infop info_ptr)
-     png_set_expand(png_ptr);
- 
-   if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS)) {
--    int sample_max = (1 << bit_depth);
-     png_color_16p trans_values;
-     png_get_tRNS(png_ptr, info_ptr, &trans, &num_trans, &trans_values);
-     /* libpng doesn't reject a tRNS chunk with out-of-range samples
-        so we check it here to avoid setting up a useless opacity
--       channel or producing unexpected transparent pixels when using
--       libpng-1.2.19 through 1.2.26 (bug #428045) */
--    if ((color_type == PNG_COLOR_TYPE_GRAY &&
--       (int)trans_values->gray > sample_max) ||
--       (color_type == PNG_COLOR_TYPE_RGB &&
--       ((int)trans_values->red > sample_max ||
--       (int)trans_values->green > sample_max ||
--       (int)trans_values->blue > sample_max)))
-+       channel or producing unexpected transparent pixels (bug #428045) */
-+    if (bit_depth < 16) {
-+      png_uint_16 sample_max = (1 << bit_depth) - 1;
-+      if ((color_type == PNG_COLOR_TYPE_GRAY &&
-+           trans_values->gray > sample_max) ||
-+           (color_type == PNG_COLOR_TYPE_RGB &&
-+           (trans_values->red > sample_max ||
-+           trans_values->green > sample_max ||
-+           trans_values->blue > sample_max)))
-       {
-         /* clear the tRNS valid flag and release tRNS memory */
-         png_free_data(png_ptr, info_ptr, PNG_FREE_TRNS, 0);
-+        num_trans = 0;
-       }
--    else
-+    }
-+    if (num_trans != 0)
-       png_set_expand(png_ptr);
-   }
- 
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch
deleted file mode 100644
index 685e3a6d43..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 4920c5c447d1153dffa623dd70d8b535b9ca6795 Mon Sep 17 00:00:00 2001
-From: Jan de Mooij <jdemooij@mozilla.com>
-Date: Mon, 26 Jan 2015 12:59:47 +0100
-Subject: [PATCH] Bug 1115776 - Fix LApplyArgsGeneric to always emit the
- has-script check. r=shu, a=sledru
-
----
- js/src/jit/CodeGenerator.cpp | 24 ++++++++----------------
- 1 file changed, 8 insertions(+), 16 deletions(-)
-
-diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
-index ba14f86..0669692 100644
---- a/js/src/jit/CodeGenerator.cpp
-+++ b/js/src/jit/CodeGenerator.cpp
-@@ -2448,27 +2448,19 @@ CodeGenerator::visitApplyArgsGeneric(LApplyArgsGeneric *apply)
- 
-     masm.checkStackAlignment();
- 
--    // If the function is known to be uncompilable, only emit the call to InvokeFunction.
-+    // If the function is native, only emit the call to InvokeFunction.
-     ExecutionMode executionMode = gen->info().executionMode();
--    if (apply->hasSingleTarget()) {
--        JSFunction *target = apply->getSingleTarget();
--        if (target->isNative()) {
--            if (!emitCallInvokeFunction(apply, copyreg))
--                return false;
--            emitPopArguments(apply, copyreg);
--            return true;
--        }
-+    if (apply->hasSingleTarget() && apply->getSingleTarget()->isNative()) {
-+        if (!emitCallInvokeFunction(apply, copyreg))
-+            return false;
-+        emitPopArguments(apply, copyreg);
-+        return true;
-     }
- 
-     Label end, invoke;
- 
--    // Guard that calleereg is an interpreted function with a JSScript:
--    if (!apply->hasSingleTarget()) {
--        masm.branchIfFunctionHasNoScript(calleereg, &invoke);
--    } else {
--        // Native single targets are handled by LCallNative.
--        JS_ASSERT(!apply->getSingleTarget()->isNative());
--    }
-+    // Guard that calleereg is an interpreted function with a JSScript.
-+    masm.branchIfFunctionHasNoScript(calleereg, &invoke);
- 
-     // Knowing that calleereg is a non-native function, load the JSScript.
-     masm.loadPtr(Address(calleereg, JSFunction::offsetOfNativeOrScript()), objreg);
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch
deleted file mode 100644
index d067d8133d..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From f7d24f37425d3d9054a7e5657815440a07166d3f Mon Sep 17 00:00:00 2001
-From: Kartikaya Gupta <kgupta@mozilla.com>
-Date: Tue, 20 Jan 2015 10:33:27 -0500
-Subject: [PATCH] Bug 1107009 - Additional locking needed for esr31 backport.
- r=BenWa a=sledru
-
----
- gfx/layers/ipc/CompositorParent.cpp | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/gfx/layers/ipc/CompositorParent.cpp b/gfx/layers/ipc/CompositorParent.cpp
-index 97c8693..cb03e71 100644
---- a/gfx/layers/ipc/CompositorParent.cpp
-+++ b/gfx/layers/ipc/CompositorParent.cpp
-@@ -1286,13 +1286,19 @@ CrossProcessCompositorParent::ShadowLayersUpdated(
- {
-   uint64_t id = aLayerTree->GetId();
-   MOZ_ASSERT(id != 0);
-+  const CompositorParent::LayerTreeState* state = CompositorParent::GetIndirectShadowTree(id);
-+  if (!state) {
-+    return;
-+  }
-+  MOZ_ASSERT(state->mParent);
-+
-   Layer* shadowRoot = aLayerTree->GetRoot();
-   if (shadowRoot) {
-     SetShadowProperties(shadowRoot);
-   }
-   UpdateIndirectTree(id, shadowRoot, aTargetConfig);
- 
--  sIndirectLayerTrees[id].mParent->NotifyShadowTreeTransaction(id, aIsFirstPaint, aScheduleComposite);
-+  state->mParent->NotifyShadowTreeTransaction(id, aIsFirstPaint, aScheduleComposite);
- }
- 
- void
-@@ -1329,7 +1335,12 @@ AsyncCompositionManager*
- CrossProcessCompositorParent::GetCompositionManager(LayerTransactionParent* aLayerTree)
- {
-   uint64_t id = aLayerTree->GetId();
--  return sIndirectLayerTrees[id].mParent->GetCompositionManager(aLayerTree);
-+  const CompositorParent::LayerTreeState* state = CompositorParent::GetIndirectShadowTree(id);
-+  if (!state) {
-+    return nullptr;
-+  }
-+  MOZ_ASSERT(state->mParent);
-+  return state->mParent->GetCompositionManager(aLayerTree);
- }
- 
- void
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch
deleted file mode 100644
index 9a4668b2dc..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-From 66e65b2138c6db20288ef4cf78d15995f382a7e2 Mon Sep 17 00:00:00 2001
-From: Kartikaya Gupta <kgupta@mozilla.com>
-Date: Tue, 13 Jan 2015 13:26:26 -0500
-Subject: [PATCH] Bug 1107009. r=BenWa, a=sledru
-
----
- gfx/layers/ipc/CompositorParent.cpp | 57 ++++++++++++++++++++++++++++++-------
- 1 file changed, 46 insertions(+), 11 deletions(-)
-
-diff --git a/gfx/layers/ipc/CompositorParent.cpp b/gfx/layers/ipc/CompositorParent.cpp
-index ce50277..cbbb2ef 100644
---- a/gfx/layers/ipc/CompositorParent.cpp
-+++ b/gfx/layers/ipc/CompositorParent.cpp
-@@ -22,6 +22,7 @@
- #include "gfxPrefs.h"                   // for gfxPrefs
- #include "ipc/ShadowLayersManager.h"    // for ShadowLayersManager
- #include "mozilla/AutoRestore.h"        // for AutoRestore
-+#include "mozilla/ClearOnShutdown.h"    // for ClearOnShutdown
- #include "mozilla/DebugOnly.h"          // for DebugOnly
- #include "mozilla/gfx/2D.h"          // for DrawTarget
- #include "mozilla/gfx/Point.h"          // for IntSize
-@@ -70,6 +71,16 @@ CompositorParent::LayerTreeState::LayerTreeState()
- 
- typedef map<uint64_t, CompositorParent::LayerTreeState> LayerTreeMap;
- static LayerTreeMap sIndirectLayerTrees;
-+static StaticAutoPtr<mozilla::Monitor> sIndirectLayerTreesLock;
-+
-+static void EnsureLayerTreeMapReady()
-+{
-+  MOZ_ASSERT(NS_IsMainThread());
-+  if (!sIndirectLayerTreesLock) {
-+    sIndirectLayerTreesLock = new Monitor("IndirectLayerTree");
-+    mozilla::ClearOnShutdown(&sIndirectLayerTreesLock);
-+  }
-+}
- 
- // FIXME/bug 774386: we're assuming that there's only one
- // CompositorParent, but that's not always true.  This assumption only
-@@ -132,6 +143,7 @@ void CompositorParent::StartUp()
-     return;
-   }
-   MOZ_ASSERT(!sCompositorLoop);
-+  EnsureLayerTreeMapReady();
-   CreateCompositorMap();
-   CreateThread();
-   sMainLoop = MessageLoop::current();
-@@ -206,7 +218,11 @@ CompositorParent::CompositorParent(nsIWidget* aWidget,
-                                                           this, &mCompositorID));
- 
-   mRootLayerTreeID = AllocateLayerTreeId();
--  sIndirectLayerTrees[mRootLayerTreeID].mParent = this;
-+
-+  { // scope lock
-+    MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+    sIndirectLayerTrees[mRootLayerTreeID].mParent = this;
-+  }
- 
-   mApzcTreeManager = new APZCTreeManager();
-   ++sCompositorThreadRefCount;
-@@ -249,7 +265,10 @@ CompositorParent::Destroy()
-   mCompositionManager = nullptr;
-   mApzcTreeManager->ClearTree();
-   mApzcTreeManager = nullptr;
--  sIndirectLayerTrees.erase(mRootLayerTreeID);
-+  { // scope lock
-+    MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+    sIndirectLayerTrees.erase(mRootLayerTreeID);
-+  }
- }
- 
- void
-@@ -266,6 +285,7 @@ CompositorParent::RecvWillStop()
- 
-   // Ensure that the layer manager is destroyed before CompositorChild.
-   if (mLayerManager) {
-+    MonitorAutoLock lock(*sIndirectLayerTreesLock);
-     for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin();
-          it != sIndirectLayerTrees.end(); it++)
-     {
-@@ -380,7 +400,10 @@ CompositorParent::ActorDestroy(ActorDestroyReason why)
-   if (mLayerManager) {
-     mLayerManager->Destroy();
-     mLayerManager = nullptr;
--    sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr;
-+    { // scope lock
-+      MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+      sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr;
-+    }
-     mCompositionManager = nullptr;
-     mCompositor = nullptr;
-   }
-@@ -696,6 +719,7 @@ CompositorParent::DidComposite()
- {
-   unused << SendDidComposite(0);
- 
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-   for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin();
-        it != sIndirectLayerTrees.end(); it++) {
-     LayerTreeState* lts = &it->second;
-@@ -867,6 +891,7 @@ CompositorParent::InitializeLayerManager(const nsTArray<LayersBackend>& aBackend
-       mLayerManager = layerManager;
-       MOZ_ASSERT(compositor);
-       mCompositor = compositor;
-+      MonitorAutoLock lock(*sIndirectLayerTreesLock);
-       sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = layerManager;
-       return;
-     }
-@@ -969,6 +994,7 @@ CompositorParent::RecvNotifyChildCreated(const uint64_t& child)
- void
- CompositorParent::NotifyChildCreated(uint64_t aChild)
- {
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-   sIndirectLayerTrees[aChild].mParent = this;
-   sIndirectLayerTrees[aChild].mLayerManager = mLayerManager;
- }
-@@ -985,6 +1011,7 @@ CompositorParent::AllocateLayerTreeId()
- static void
- EraseLayerState(uint64_t aId)
- {
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-   sIndirectLayerTrees.erase(aId);
- }
- 
-@@ -1001,6 +1028,7 @@ UpdateControllerForLayersId(uint64_t aLayersId,
-                             GeckoContentController* aController)
- {
-   // Adopt ref given to us by SetControllerForLayerTree()
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-   sIndirectLayerTrees[aLayersId].mController =
-     already_AddRefed<GeckoContentController>(aController);
- }
-@@ -1010,12 +1038,15 @@ ScopedLayerTreeRegistration::ScopedLayerTreeRegistration(uint64_t aLayersId,
-                                                          GeckoContentController* aController)
-     : mLayersId(aLayersId)
- {
-+  EnsureLayerTreeMapReady();
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-   sIndirectLayerTrees[aLayersId].mRoot = aRoot;
-   sIndirectLayerTrees[aLayersId].mController = aController;
- }
- 
- ScopedLayerTreeRegistration::~ScopedLayerTreeRegistration()
- {
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-   sIndirectLayerTrees.erase(mLayersId);
- }
- 
-@@ -1175,6 +1206,7 @@ CompositorParent::CloneToplevel(const InfallibleTArray<mozilla::ipc::ProtocolFdM
- static void
- UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig)
- {
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-   sIndirectLayerTrees[aId].mRoot = aRoot;
-   sIndirectLayerTrees[aId].mTargetConfig = aTargetConfig;
- }
-@@ -1182,6 +1214,7 @@ UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig
- /* static */ const CompositorParent::LayerTreeState*
- CompositorParent::GetIndirectShadowTree(uint64_t aId)
- {
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-   LayerTreeMap::const_iterator cit = sIndirectLayerTrees.find(aId);
-   if (sIndirectLayerTrees.end() == cit) {
-     return nullptr;
-@@ -1189,12 +1222,6 @@ CompositorParent::GetIndirectShadowTree(uint64_t aId)
-   return &cit->second;
- }
- 
--static void
--RemoveIndirectTree(uint64_t aId)
--{
--  sIndirectLayerTrees.erase(aId);
--}
--
- void
- CrossProcessCompositorParent::ActorDestroy(ActorDestroyReason aWhy)
- {
-@@ -1211,6 +1238,8 @@ CrossProcessCompositorParent::AllocPLayerTransactionParent(const nsTArray<Layers
- {
-   MOZ_ASSERT(aId != 0);
- 
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+
-   if (sIndirectLayerTrees[aId].mLayerManager) {
-     sIndirectLayerTrees[aId].mCrossProcessParent = this;
-     LayerManagerComposite* lm = sIndirectLayerTrees[aId].mLayerManager;
-@@ -1234,7 +1263,7 @@ bool
- CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionParent* aLayers)
- {
-   LayerTransactionParent* slp = static_cast<LayerTransactionParent*>(aLayers);
--  RemoveIndirectTree(slp->GetId());
-+  EraseLayerState(slp->GetId());
-   static_cast<LayerTransactionParent*>(aLayers)->ReleaseIPDLReference();
-   return true;
- }
-@@ -1242,6 +1271,7 @@ CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionPa
- bool
- CrossProcessCompositorParent::RecvNotifyChildCreated(const uint64_t& child)
- {
-+  MonitorAutoLock lock(*sIndirectLayerTreesLock);
-   sIndirectLayerTrees[child].mParent->NotifyChildCreated(child);
-   return true;
- }
-@@ -1269,7 +1299,12 @@ CrossProcessCompositorParent::ForceComposite(LayerTransactionParent* aLayerTree)
- {
-   uint64_t id = aLayerTree->GetId();
-   MOZ_ASSERT(id != 0);
--  sIndirectLayerTrees[id].mParent->ForceComposite(aLayerTree);
-+  CompositorParent* parent;
-+  { // scope lock
-+    MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+    parent = sIndirectLayerTrees[id].mParent;
-+  }
-+  parent->ForceComposite(aLayerTree);
- }
- 
- bool
--- 
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch
deleted file mode 100644
index 869feaf7c6..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 3f0f685829445ae82974d61f6017fdb67349c32b Mon Sep 17 00:00:00 2001
-From: Dan Gohman <sunfish@mozilla.com>
-Date: Fri, 9 Jan 2015 09:04:12 -0500
-Subject: [PATCH] Bug 1096138 - IonMonkey: Augment Nops with Mops to avoid
- collisions with fixed live ranges. r=jandem, a=sledru
-
----
- js/src/jit/CodeGenerator.cpp |  6 ++++++
- js/src/jit/CodeGenerator.h   |  1 +
- js/src/jit/LIR-Common.h      |  6 ++++++
- js/src/jit/LOpcodes.h        |  1 +
- js/src/jit/Lowering.cpp      | 12 ++++++++++++
- 5 files changed, 26 insertions(+)
-
-diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
-index 4f07524..ba14f86 100644
---- a/js/src/jit/CodeGenerator.cpp
-+++ b/js/src/jit/CodeGenerator.cpp
-@@ -1077,6 +1077,12 @@ CodeGenerator::visitNop(LNop *lir)
- }
- 
- bool
-+CodeGenerator::visitMop(LMop *lir)
-+{
-+    return true;
-+}
-+
-+bool
- CodeGenerator::visitOsiPoint(LOsiPoint *lir)
- {
-     // Note: markOsiPoint ensures enough space exists between the last
-diff --git a/js/src/jit/CodeGenerator.h b/js/src/jit/CodeGenerator.h
-index 03677a5..dce095d 100644
---- a/js/src/jit/CodeGenerator.h
-+++ b/js/src/jit/CodeGenerator.h
-@@ -58,6 +58,7 @@ class CodeGenerator : public CodeGeneratorSpecific
- 
-     bool visitLabel(LLabel *lir);
-     bool visitNop(LNop *lir);
-+    bool visitMop(LMop *lir);
-     bool visitOsiPoint(LOsiPoint *lir);
-     bool visitGoto(LGoto *lir);
-     bool visitTableSwitch(LTableSwitch *ins);
-diff --git a/js/src/jit/LIR-Common.h b/js/src/jit/LIR-Common.h
-index c90aef9..e7a0e4c 100644
---- a/js/src/jit/LIR-Common.h
-+++ b/js/src/jit/LIR-Common.h
-@@ -42,6 +42,12 @@ class LNop : public LInstructionHelper<0, 0, 0>
-     LIR_HEADER(Nop)
- };
- 
-+class LMop : public LInstructionHelper<0, 0, 0>
-+{
-+  public:
-+    LIR_HEADER(Mop)
-+};
-+
- // An LOsiPoint captures a snapshot after a call and ensures enough space to
- // patch in a call to the invalidation mechanism.
- //
-diff --git a/js/src/jit/LOpcodes.h b/js/src/jit/LOpcodes.h
-index a32d64f..cd7eef8 100644
---- a/js/src/jit/LOpcodes.h
-+++ b/js/src/jit/LOpcodes.h
-@@ -10,6 +10,7 @@
- #define LIR_COMMON_OPCODE_LIST(_)   \
-     _(Label)                        \
-     _(Nop)                          \
-+    _(Mop)                          \
-     _(OsiPoint)                     \
-     _(MoveGroup)                    \
-     _(Integer)                      \
-diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp
-index d5f8227..48b7fa9 100644
---- a/js/src/jit/Lowering.cpp
-+++ b/js/src/jit/Lowering.cpp
-@@ -3616,12 +3616,24 @@ LIRGenerator::visitInstruction(MInstruction *ins)
-     ins->setInWorklistUnchecked();
- #endif
- 
-+    // If we added a Nop for this instruction, we'll also add a Mop, so that
-+    // that live-ranges for fixed register defs, which with LSRA extend through
-+    // the Nop so that they can extend through the OsiPoint don't, with their
-+    // one-extra extension, extend into a position where they use the input
-+    // move group for the following instruction.
-+    bool needsMop = !current->instructions().empty() && current->rbegin()->isNop();
-+
-     // If no safepoint was created, there's no need for an OSI point.
-     if (LOsiPoint *osiPoint = popOsiPoint()) {
-         if (!add(osiPoint))
-             return false;
-     }
- 
-+    if (needsMop) {
-+        if (!add(new(alloc()) LMop))
-+            return false;
-+    }
-+
-     return true;
- }
- 
--- 
-2.2.1
-