aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/gnuzilla.scm15
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0797.patch35
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2708-pt1.patch240
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch284
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch228
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2708-pt4.patch26
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2710-pt1.patch199
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2710-pt2.patch64
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2710-pt3.patch50
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2713-pt1.patch102
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2713-pt2.patch47
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2716.patch62
12 files changed, 2 insertions, 1350 deletions
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 2450a1e68a..7caa7314a9 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -225,7 +225,7 @@ standards.")
(define-public icecat
(package
(name "icecat")
- (version "31.6.0-gnu1")
+ (version "31.7.0-gnu1")
(source
(origin
(method url-fetch)
@@ -234,18 +234,7 @@ standards.")
name "-" version ".tar.bz2"))
(sha256
(base32
- "1a4l23msg4cpc4yp59q2z6xv63r6advlbnjy65v4djv6yhgnqf1i"))
- (patches (map search-patch '("icecat-CVE-2015-0797.patch"
- "icecat-CVE-2015-2708-pt1.patch"
- "icecat-CVE-2015-2708-pt2.patch"
- "icecat-CVE-2015-2708-pt3.patch"
- "icecat-CVE-2015-2708-pt4.patch"
- "icecat-CVE-2015-2710-pt1.patch"
- "icecat-CVE-2015-2710-pt2.patch"
- "icecat-CVE-2015-2710-pt3.patch"
- "icecat-CVE-2015-2713-pt1.patch"
- "icecat-CVE-2015-2713-pt2.patch"
- "icecat-CVE-2015-2716.patch")))))
+ "0a25jp5afla2dxzj7i4cyvqpa5smsn7ns3xvpzqw6pc7naixkpap"))))
(build-system gnu-build-system)
(inputs
`(("alsa-lib" ,alsa-lib)
diff --git a/gnu/packages/patches/icecat-CVE-2015-0797.patch b/gnu/packages/patches/icecat-CVE-2015-0797.patch
deleted file mode 100644
index 5727ed753c..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0797.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 147543038273042f71284fa8487c71670163da5f Mon Sep 17 00:00:00 2001
-From: Ralph Giles <giles@mozilla.com>
-Date: Tue, 31 Mar 2015 16:18:22 -0700
-Subject: [PATCH] Bug 1080995 - Don't use the h264parser gstreamer element.
- r=kinetik, a=sledru
-
----
- content/media/gstreamer/GStreamerFormatHelper.cpp | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/content/media/gstreamer/GStreamerFormatHelper.cpp b/content/media/gstreamer/GStreamerFormatHelper.cpp
-index 25095e7..ebd12c2 100644
---- a/content/media/gstreamer/GStreamerFormatHelper.cpp
-+++ b/content/media/gstreamer/GStreamerFormatHelper.cpp
-@@ -67,6 +67,7 @@ static char const * const sDefaultCodecCaps[][2] = {
-
- static char const * const sPluginBlacklist[] = {
- "flump3dec",
-+ "h264parse",
- };
-
- GStreamerFormatHelper::GStreamerFormatHelper()
-@@ -251,7 +252,8 @@ static gboolean FactoryFilter(GstPluginFeature *aFeature, gpointer)
- const gchar *className =
- gst_element_factory_get_klass(GST_ELEMENT_FACTORY_CAST(aFeature));
-
-- if (!strstr(className, "Decoder") && !strstr(className, "Demux")) {
-+ if (!strstr(className, "Decoder") && !strstr(className, "Demux") &&
-+ !strstr(className, "Parser")) {
- return FALSE;
- }
-
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2708-pt1.patch b/gnu/packages/patches/icecat-CVE-2015-2708-pt1.patch
deleted file mode 100644
index e755d7531a..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2708-pt1.patch
+++ /dev/null
@@ -1,240 +0,0 @@
-From 5f61ae17ec82d288a3fe4892ec999c0e20c486c0 Mon Sep 17 00:00:00 2001
-From: "Byron Campen [:bwc]" <docfaraday@gmail.com>
-Date: Mon, 6 Apr 2015 11:52:28 -0700
-Subject: [PATCH] Bug 1151139 - Simplify how we choose which streams to gather
- stats from. r=mt, a=abillings
-
----
- ...t_peerConnection_offerRequiresReceiveAudio.html | 2 +
- ...t_peerConnection_offerRequiresReceiveVideo.html | 2 +
- ...rConnection_offerRequiresReceiveVideoAudio.html | 2 +
- media/mtransport/nricectx.h | 13 +++++
- media/mtransport/nricemediastream.cpp | 1 +
- media/mtransport/nricemediastream.h | 5 +-
- .../src/peerconnection/PeerConnectionImpl.cpp | 66 ++++++++++------------
- .../src/peerconnection/PeerConnectionImpl.h | 2 +-
- 8 files changed, 54 insertions(+), 39 deletions(-)
-
-diff --git a/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveAudio.html b/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveAudio.html
-index 69d7e49..d68c078 100644
---- a/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveAudio.html
-+++ b/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveAudio.html
-@@ -17,6 +17,8 @@
-
- runTest(function() {
- var test = new PeerConnectionTest();
-+ test.chain.remove('PC_LOCAL_CHECK_STATS');
-+ test.chain.remove('PC_REMOTE_CHECK_STATS');
- test.setOfferConstraints({ mandatory: { OfferToReceiveAudio: true } });
- test.run();
- });
-diff --git a/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveVideo.html b/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveVideo.html
-index 5f1d0e5..0ecb0b7 100644
---- a/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveVideo.html
-+++ b/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveVideo.html
-@@ -17,6 +17,8 @@
-
- runTest(function() {
- var test = new PeerConnectionTest();
-+ test.chain.remove('PC_LOCAL_CHECK_STATS');
-+ test.chain.remove('PC_REMOTE_CHECK_STATS');
- test.setOfferConstraints({ mandatory: { OfferToReceiveVideo: true } });
- test.run();
- });
-diff --git a/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveVideoAudio.html b/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveVideoAudio.html
-index c3dea10..78eb0d4 100644
---- a/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveVideoAudio.html
-+++ b/dom/media/tests/mochitest/test_peerConnection_offerRequiresReceiveVideoAudio.html
-@@ -17,6 +17,8 @@
-
- runTest(function() {
- var test = new PeerConnectionTest();
-+ test.chain.remove('PC_LOCAL_CHECK_STATS');
-+ test.chain.remove('PC_REMOTE_CHECK_STATS');
- test.setOfferConstraints({ mandatory: {
- OfferToReceiveVideo: true,
- OfferToReceiveAudio: true
-diff --git a/media/mtransport/nricectx.h b/media/mtransport/nricectx.h
-index d1209a7..7350666 100644
---- a/media/mtransport/nricectx.h
-+++ b/media/mtransport/nricectx.h
-@@ -196,6 +196,19 @@ class NrIceCtx {
- RefPtr<NrIceMediaStream> CreateStream(const std::string& name,
- int components);
-
-+ RefPtr<NrIceMediaStream> GetStream(size_t index) {
-+ if (index < streams_.size()) {
-+ return streams_[index];
-+ }
-+ return nullptr;
-+ }
-+
-+ // Some might be null
-+ size_t GetStreamCount() const
-+ {
-+ return streams_.size();
-+ }
-+
- // The name of the ctx
- const std::string& name() const { return name_; }
-
-diff --git a/media/mtransport/nricemediastream.cpp b/media/mtransport/nricemediastream.cpp
-index 9e96cb5..d2b6429 100644
---- a/media/mtransport/nricemediastream.cpp
-+++ b/media/mtransport/nricemediastream.cpp
-@@ -209,6 +209,7 @@ nsresult NrIceMediaStream::ParseAttributes(std::vector<std::string>&
- return NS_ERROR_FAILURE;
- }
-
-+ has_parsed_attrs_ = true;
- return NS_OK;
- }
-
-diff --git a/media/mtransport/nricemediastream.h b/media/mtransport/nricemediastream.h
-index aba5fc3..2494ecf 100644
---- a/media/mtransport/nricemediastream.h
-+++ b/media/mtransport/nricemediastream.h
-@@ -149,6 +149,7 @@ class NrIceMediaStream {
-
- // Parse remote attributes
- nsresult ParseAttributes(std::vector<std::string>& candidates);
-+ bool HasParsedAttributes() const { return has_parsed_attrs_; }
-
- // Parse trickle ICE candidate
- nsresult ParseTrickleCandidate(const std::string& candidate);
-@@ -204,7 +205,8 @@ class NrIceMediaStream {
- name_(name),
- components_(components),
- stream_(nullptr),
-- opaque_(nullptr) {}
-+ opaque_(nullptr),
-+ has_parsed_attrs_(false) {}
-
- DISALLOW_COPY_ASSIGN(NrIceMediaStream);
-
-@@ -214,6 +216,7 @@ class NrIceMediaStream {
- const int components_;
- nr_ice_media_stream *stream_;
- ScopedDeletePtr<NrIceOpaque> opaque_;
-+ bool has_parsed_attrs_;
- };
-
-
-diff --git a/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp b/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp
-index ebcc17d..c70e3e4 100644
---- a/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp
-+++ b/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.cpp
-@@ -149,7 +149,8 @@ PRLogModuleInfo *signalingLogInfo() {
- namespace sipcc {
-
- #ifdef MOZILLA_INTERNAL_API
--RTCStatsQuery::RTCStatsQuery(bool internal) : internalStats(internal) {
-+RTCStatsQuery::RTCStatsQuery(bool internal) : internalStats(internal),
-+ grabAllLevels(false) {
- }
-
- RTCStatsQuery::~RTCStatsQuery() {
-@@ -2037,32 +2038,8 @@ PeerConnectionImpl::BuildStatsQuery_m(
-
- query->iceCtx = mMedia->ice_ctx();
-
-- // From the list of MediaPipelines, determine the set of NrIceMediaStreams
-- // we are interested in.
-- std::set<size_t> levelsToGrab;
-- if (trackId) {
-- for (size_t p = 0; p < query->pipelines.Length(); ++p) {
-- size_t level = query->pipelines[p]->level();
-- MOZ_ASSERT(level);
-- levelsToGrab.insert(level);
-- }
-- } else {
-- // We want to grab all streams, so ignore the pipelines (this also ends up
-- // grabbing DataChannel streams, which is what we want)
-- for (size_t s = 0; s < mMedia->num_ice_media_streams(); ++s) {
-- levelsToGrab.insert(s + 1); // mIceStreams is 0-indexed
-- }
-- }
--
-- for (auto s = levelsToGrab.begin(); s != levelsToGrab.end(); ++s) {
-- // TODO(bcampen@mozilla.com): I may need to revisit this for bundle.
-- // (Bug 786234)
-- RefPtr<NrIceMediaStream> temp(mMedia->ice_media_stream(*s - 1));
-- RefPtr<TransportFlow> flow(mMedia->GetTransportFlow(*s, false));
-- // flow can be null for unused levels, such as unused DataChannels
-- if (temp && flow) {
-- query->streams.AppendElement(temp);
-- }
-+ if (!trackId) {
-+ query->grabAllLevels = true;
- }
-
- return rv;
-@@ -2103,6 +2080,9 @@ static void RecordIceStats_s(
- bool internalStats,
- DOMHighResTimeStamp now,
- RTCStatsReportInternal* report) {
-+ if (!mediaStream.HasParsedAttributes()) {
-+ return;
-+ }
-
- NS_ConvertASCIItoUTF16 componentId(mediaStream.name().c_str());
- if (internalStats) {
-@@ -2292,20 +2272,32 @@ PeerConnectionImpl::ExecuteStatsQuery_s(RTCStatsQuery *query) {
- break;
- }
- }
-+
-+ if (!query->grabAllLevels) {
-+ // If we're grabbing all levels, that means we want datachannels too,
-+ // which don't have pipelines.
-+ if (query->iceCtx->GetStream(p - 1)) {
-+ RecordIceStats_s(*query->iceCtx->GetStream(p - 1),
-+ query->internalStats,
-+ query->now,
-+ &(query->report));
-+ }
-+ }
- }
-
-- // Gather stats from ICE
-- for (size_t s = 0; s != query->streams.Length(); ++s) {
-- RecordIceStats_s(*query->streams[s],
-- query->internalStats,
-- query->now,
-- &(query->report));
-+ if (query->grabAllLevels) {
-+ for (size_t i = 0; i < query->iceCtx->GetStreamCount(); ++i) {
-+ if (query->iceCtx->GetStream(i)) {
-+ RecordIceStats_s(*query->iceCtx->GetStream(i),
-+ query->internalStats,
-+ query->now,
-+ &(query->report));
-+ }
-+ }
- }
-
-- // NrIceCtx and NrIceMediaStream must be destroyed on STS, so it is not safe
-- // to dispatch them back to main.
-- // We clear streams first to maintain destruction order
-- query->streams.Clear();
-+ // NrIceCtx must be destroyed on STS, so it is not safe
-+ // to dispatch it back to main.
- query->iceCtx = nullptr;
- return NS_OK;
- }
-diff --git a/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.h b/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.h
-index 847085c..497230a 100644
---- a/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.h
-+++ b/media/webrtc/signaling/src/peerconnection/PeerConnectionImpl.h
-@@ -174,7 +174,7 @@ class RTCStatsQuery {
- bool internalStats;
- nsTArray<mozilla::RefPtr<mozilla::MediaPipeline>> pipelines;
- mozilla::RefPtr<NrIceCtx> iceCtx;
-- nsTArray<mozilla::RefPtr<NrIceMediaStream>> streams;
-+ bool grabAllLevels;
- DOMHighResTimeStamp now;
- };
- #endif // MOZILLA_INTERNAL_API
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch b/gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch
deleted file mode 100644
index 9788806557..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2708-pt2.patch
+++ /dev/null
@@ -1,284 +0,0 @@
-From 272c1ba11fac7a9ceede2f4f737bb27b4bbcad71 Mon Sep 17 00:00:00 2001
-From: Steve Fink <sfink@mozilla.com>
-Date: Thu, 19 Mar 2015 20:50:57 -0700
-Subject: [PATCH] Bug 1120655 - Suppress zone/compartment collection while
- iterating. r=terrence, a=bkerensa
-
----
- js/src/gc/Zone.h | 9 ++++----
- js/src/jsgc.cpp | 57 +++++++++++++++++++++++++++++++++++----------------
- js/src/jsgc.h | 11 +++++++++-
- js/src/vm/Runtime.cpp | 1 +
- js/src/vm/Runtime.h | 3 +++
- 5 files changed, 58 insertions(+), 23 deletions(-)
-
-diff --git a/js/src/gc/Zone.h b/js/src/gc/Zone.h
-index e7f687a..dd058f0 100644
---- a/js/src/gc/Zone.h
-+++ b/js/src/gc/Zone.h
-@@ -353,10 +353,11 @@ enum ZoneSelector {
-
- class ZonesIter {
- private:
-+ gc::AutoEnterIteration iterMarker;
- JS::Zone **it, **end;
-
- public:
-- ZonesIter(JSRuntime *rt, ZoneSelector selector) {
-+ ZonesIter(JSRuntime *rt, ZoneSelector selector) : iterMarker(rt) {
- it = rt->zones.begin();
- end = rt->zones.end();
-
-@@ -427,13 +428,13 @@ struct CompartmentsInZoneIter
- template<class ZonesIterT>
- class CompartmentsIterT
- {
-- private:
-+ gc::AutoEnterIteration iterMarker;
- ZonesIterT zone;
- mozilla::Maybe<CompartmentsInZoneIter> comp;
-
- public:
- explicit CompartmentsIterT(JSRuntime *rt)
-- : zone(rt)
-+ : iterMarker(rt), zone(rt)
- {
- if (zone.done())
- comp.construct();
-@@ -442,7 +443,7 @@ class CompartmentsIterT
- }
-
- CompartmentsIterT(JSRuntime *rt, ZoneSelector selector)
-- : zone(rt, selector)
-+ : iterMarker(rt), zone(rt, selector)
- {
- if (zone.done())
- comp.construct();
-diff --git a/js/src/jsgc.cpp b/js/src/jsgc.cpp
-index 15c86c8..1dfe0ab 100644
---- a/js/src/jsgc.cpp
-+++ b/js/src/jsgc.cpp
-@@ -2525,7 +2525,7 @@ ReleaseObservedTypes(JSRuntime* rt)
- * arbitrary compartment in the zone.
- */
- static void
--SweepCompartments(FreeOp *fop, Zone *zone, bool keepAtleastOne, bool lastGC)
-+SweepCompartments(FreeOp *fop, Zone *zone, bool keepAtleastOne, bool destroyingRuntime)
- {
- JSRuntime *rt = zone->runtimeFromMainThread();
- JSDestroyCompartmentCallback callback = rt->destroyCompartmentCallback;
-@@ -2543,7 +2543,7 @@ SweepCompartments(FreeOp *fop, Zone *zone, bool keepAtleastOne, bool lastGC)
- * deleted and keepAtleastOne is true.
- */
- bool dontDelete = read == end && !foundOne && keepAtleastOne;
-- if ((!comp->marked && !dontDelete) || lastGC) {
-+ if ((!comp->marked && !dontDelete) || destroyingRuntime) {
- if (callback)
- callback(fop, comp);
- if (comp->principals)
-@@ -2559,9 +2559,13 @@ SweepCompartments(FreeOp *fop, Zone *zone, bool keepAtleastOne, bool lastGC)
- }
-
- static void
--SweepZones(FreeOp *fop, bool lastGC)
-+SweepZones(FreeOp *fop, bool destroyingRuntime)
- {
- JSRuntime *rt = fop->runtime();
-+ MOZ_ASSERT_IF(destroyingRuntime, rt->numActiveZoneIters == 0);
-+ if (rt->numActiveZoneIters)
-+ return;
-+
- JSZoneCallback callback = rt->destroyZoneCallback;
-
- /* Skip the atomsCompartment zone. */
-@@ -2576,17 +2580,17 @@ SweepZones(FreeOp* fop, bool lastGC)
-
- if (zone->wasGCStarted()) {
- if ((zone->allocator.arenas.arenaListsAreEmpty() && !zone->hasMarkedCompartments()) ||
-- lastGC)
-+ destroyingRuntime)
- {
- zone->allocator.arenas.checkEmptyFreeLists();
- if (callback)
- callback(zone);
-- SweepCompartments(fop, zone, false, lastGC);
-+ SweepCompartments(fop, zone, false, destroyingRuntime);
- JS_ASSERT(zone->compartments.empty());
- fop->delete_(zone);
- continue;
- }
-- SweepCompartments(fop, zone, true, lastGC);
-+ SweepCompartments(fop, zone, true, destroyingRuntime);
- }
- *write++ = zone;
- }
-@@ -3787,7 +3791,7 @@ EndSweepingZoneGroup(JSRuntime *rt)
- }
-
- static void
--BeginSweepPhase(JSRuntime *rt, bool lastGC)
-+BeginSweepPhase(JSRuntime *rt, bool destroyingRuntime)
- {
- /*
- * Sweep phase.
-@@ -3804,7 +3808,7 @@ BeginSweepPhase(JSRuntime *rt, bool lastGC)
- gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_SWEEP);
-
- #ifdef JS_THREADSAFE
-- rt->gcSweepOnBackgroundThread = !lastGC && rt->useHelperThreads();
-+ rt->gcSweepOnBackgroundThread = !destroyingRuntime && rt->useHelperThreads();
- #endif
-
- #ifdef DEBUG
-@@ -3903,12 +3907,12 @@ SweepPhase(JSRuntime *rt, SliceBudget &sliceBudget)
- }
-
- static void
--EndSweepPhase(JSRuntime *rt, JSGCInvocationKind gckind, bool lastGC)
-+EndSweepPhase(JSRuntime *rt, JSGCInvocationKind gckind, bool destroyingRuntime)
- {
- gcstats::AutoPhase ap(rt->gcStats, gcstats::PHASE_SWEEP);
- FreeOp fop(rt, rt->gcSweepOnBackgroundThread);
-
-- JS_ASSERT_IF(lastGC, !rt->gcSweepOnBackgroundThread);
-+ JS_ASSERT_IF(destroyingRuntime, !rt->gcSweepOnBackgroundThread);
-
- JS_ASSERT(rt->gcMarker.isDrained());
- rt->gcMarker.stop();
-@@ -3959,8 +3963,8 @@ EndSweepPhase(JSRuntime *rt, JSGCInvocationKind gckind, bool lastGC)
- * This removes compartments from rt->compartment, so we do it last to make
- * sure we don't miss sweeping any compartments.
- */
-- if (!lastGC)
-- SweepZones(&fop, lastGC);
-+ if (!destroyingRuntime)
-+ SweepZones(&fop, destroyingRuntime);
-
- if (!rt->gcSweepOnBackgroundThread) {
- /*
-@@ -4001,8 +4005,8 @@ EndSweepPhase(JSRuntime *rt, JSGCInvocationKind gckind, bool lastGC)
- rt->freeLifoAlloc.freeAll();
-
- /* Ensure the compartments get swept if it's the last GC. */
-- if (lastGC)
-- SweepZones(&fop, lastGC);
-+ if (destroyingRuntime)
-+ SweepZones(&fop, destroyingRuntime);
- }
-
- for (ZonesIter zone(rt, WithAtoms); !zone.done(); zone.next()) {
-@@ -4339,7 +4343,7 @@ IncrementalCollectSlice(JSRuntime *rt,
- AutoCopyFreeListToArenasForGC copy(rt);
- AutoGCSlice slice(rt);
-
-- bool lastGC = (reason == JS::gcreason::DESTROY_RUNTIME);
-+ bool destroyingRuntime = (reason == JS::gcreason::DESTROY_RUNTIME);
-
- gc::State initialState = rt->gcIncrementalState;
-
-@@ -4384,7 +4388,7 @@ IncrementalCollectSlice(JSRuntime *rt,
- return;
- }
-
-- if (!lastGC)
-+ if (!destroyingRuntime)
- PushZealSelectedObjects(rt);
-
- rt->gcIncrementalState = MARK;
-@@ -4426,7 +4430,7 @@ IncrementalCollectSlice(JSRuntime *rt,
- * This runs to completion, but we don't continue if the budget is
- * now exhasted.
- */
-- BeginSweepPhase(rt, lastGC);
-+ BeginSweepPhase(rt, destroyingRuntime);
- if (sliceBudget.isOverBudget())
- break;
-
-@@ -4445,7 +4449,7 @@ IncrementalCollectSlice(JSRuntime *rt,
- if (!finished)
- break;
-
-- EndSweepPhase(rt, gckind, lastGC);
-+ EndSweepPhase(rt, gckind, destroyingRuntime);
-
- if (rt->gcSweepOnBackgroundThread)
- rt->gcHelperThread.startBackgroundSweep(gckind == GC_SHRINK);
-@@ -5386,3 +5390,20 @@ JS::AutoAssertNoGC::~AutoAssertNoGC()
- MOZ_ASSERT(gcNumber == runtime->gcNumber, "GC ran inside an AutoAssertNoGC scope.");
- }
- #endif
-+
-+namespace js {
-+namespace gc {
-+
-+AutoEnterIteration::AutoEnterIteration(JSRuntime *rt_) : rt(rt_)
-+{
-+ ++rt->numActiveZoneIters;
-+}
-+
-+AutoEnterIteration::~AutoEnterIteration()
-+{
-+ MOZ_ASSERT(rt->numActiveZoneIters);
-+ --rt->numActiveZoneIters;
-+}
-+
-+} /* namespace gc */
-+} /* namespace js */
-diff --git a/js/src/jsgc.h b/js/src/jsgc.h
-index 825cff5..ca331c0 100644
---- a/js/src/jsgc.h
-+++ b/js/src/jsgc.h
-@@ -1077,7 +1077,7 @@ MaybeVerifyBarriers(JSContext* cx, bool always = false)
- /*
- * Instances of this class set the |JSRuntime::suppressGC| flag for the duration
- * that they are live. Use of this class is highly discouraged. Please carefully
-- * read the comment in jscntxt.h above |suppressGC| and take all appropriate
-+ * read the comment in vm/Runtime.h above |suppressGC| and take all appropriate
- * precautions before instantiating this class.
- */
- class AutoSuppressGC
-@@ -1113,6 +1113,15 @@ class AutoEnterOOMUnsafeRegion
- class AutoEnterOOMUnsafeRegion {};
- #endif /* DEBUG */
-
-+/* Prevent compartments and zones from being collected during iteration. */
-+class AutoEnterIteration {
-+ JSRuntime *rt;
-+
-+ public:
-+ AutoEnterIteration(JSRuntime *rt_);
-+ ~AutoEnterIteration();
-+};
-+
- } /* namespace gc */
-
- #ifdef DEBUG
-diff --git a/js/src/vm/Runtime.cpp b/js/src/vm/Runtime.cpp
-index bb5c8680..0d8c6cd 100644
---- a/js/src/vm/Runtime.cpp
-+++ b/js/src/vm/Runtime.cpp
-@@ -195,6 +195,7 @@ JSRuntime::JSRuntime(JSRuntime *parentRuntime, JSUseHelperThreads useHelperThrea
- gcShouldCleanUpEverything(false),
- gcGrayBitsValid(false),
- gcIsNeeded(0),
-+ numActiveZoneIters(0),
- gcStats(thisFromCtor()),
- gcNumber(0),
- gcStartNumber(0),
-diff --git a/js/src/vm/Runtime.h b/js/src/vm/Runtime.h
-index 5aeb924..ba4180e 100644
---- a/js/src/vm/Runtime.h
-+++ b/js/src/vm/Runtime.h
-@@ -1061,6 +1061,9 @@ struct JSRuntime : public JS::shadow::Runtime,
- */
- volatile uintptr_t gcIsNeeded;
-
-+ mozilla::Atomic<size_t, mozilla::ReleaseAcquire> numActiveZoneIters;
-+ friend class js::gc::AutoEnterIteration;
-+
- js::gcstats::Statistics gcStats;
-
- /* Incremented on every GC slice. */
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch b/gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch
deleted file mode 100644
index f684804d0b..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2708-pt3.patch
+++ /dev/null
@@ -1,228 +0,0 @@
-From 4dcbca8b3c26b451e1376cd1b7c88ab984a45b39 Mon Sep 17 00:00:00 2001
-From: Mats Palmgren <mats@mozilla.com>
-Date: Tue, 14 Apr 2015 22:12:39 -0400
-Subject: [PATCH] Bug 1143299 - Make frame insertion methods deal with
- aPrevFrame being on an overflow list. r=roc, a=bkerensa
-
----
- layout/generic/nsBlockFrame.cpp | 18 ++++++++++++---
- layout/generic/nsBlockFrame.h | 14 ++++++++----
- layout/generic/nsContainerFrame.cpp | 41 +++++++++++++++++++---------------
- layout/tables/nsTableFrame.cpp | 2 ++
- layout/tables/nsTableRowFrame.cpp | 2 ++
- layout/tables/nsTableRowGroupFrame.cpp | 2 ++
- 6 files changed, 54 insertions(+), 25 deletions(-)
-
-diff --git a/layout/generic/nsBlockFrame.cpp b/layout/generic/nsBlockFrame.cpp
-index a011bcf..70d5297 100644
---- a/layout/generic/nsBlockFrame.cpp
-+++ b/layout/generic/nsBlockFrame.cpp
-@@ -1049,7 +1049,7 @@ nsBlockFrame::Reflow(nsPresContext* aPresContext,
- state.mOverflowTracker = &tracker;
-
- // Drain & handle pushed floats
-- DrainPushedFloats(state);
-+ DrainPushedFloats();
- nsOverflowAreas fcBounds;
- nsReflowStatus fcStatus = NS_FRAME_COMPLETE;
- ReflowPushedFloats(state, fcBounds, fcStatus);
-@@ -4438,9 +4438,13 @@ nsBlockFrame::DrainSelfOverflowList()
- * might push some of them on). Floats with placeholders in this block
- * are reflowed by (nsBlockReflowState/nsLineLayout)::AddFloat, which
- * also maintains these invariants.
-+ *
-+ * DrainSelfPushedFloats moves any pushed floats from this block's own
-+ * PushedFloats list back into mFloats. DrainPushedFloats additionally
-+ * moves frames from its prev-in-flow's PushedFloats list into mFloats.
- */
- void
--nsBlockFrame::DrainPushedFloats(nsBlockReflowState& aState)
-+nsBlockFrame::DrainSelfPushedFloats()
- {
- #ifdef DEBUG
- // Between when we drain pushed floats and when we complete reflow,
-@@ -4503,12 +4507,18 @@ nsBlockFrame::DrainPushedFloats(nsBlockReflowState& aState)
- RemovePushedFloats()->Delete(presContext->PresShell());
- }
- }
-+}
-+
-+void
-+nsBlockFrame::DrainPushedFloats()
-+{
-+ DrainSelfPushedFloats();
-
- // After our prev-in-flow has completed reflow, it may have a pushed
- // floats list, containing floats that we need to own. Take these.
- nsBlockFrame* prevBlock = static_cast<nsBlockFrame*>(GetPrevInFlow());
- if (prevBlock) {
-- AutoFrameListPtr list(presContext, prevBlock->RemovePushedFloats());
-+ AutoFrameListPtr list(PresContext(), prevBlock->RemovePushedFloats());
- if (list && list->NotEmpty()) {
- mFloats.InsertFrames(this, nullptr, *list);
- }
-@@ -4711,6 +4721,7 @@ nsBlockFrame::AppendFrames(ChildListID aListID,
- return nsContainerFrame::AppendFrames(aListID, aFrameList);
- }
- else if (kFloatList == aListID) {
-+ DrainSelfPushedFloats(); // ensure the last frame is in mFloats
- mFloats.AppendFrames(nullptr, aFrameList);
- return NS_OK;
- }
-@@ -4757,6 +4768,7 @@ nsBlockFrame::InsertFrames(ChildListID aListID,
- return nsContainerFrame::InsertFrames(aListID, aPrevFrame, aFrameList);
- }
- else if (kFloatList == aListID) {
-+ DrainSelfPushedFloats(); // ensure aPrevFrame is in mFloats
- mFloats.InsertFrames(this, aPrevFrame, aFrameList);
- return NS_OK;
- }
-diff --git a/layout/generic/nsBlockFrame.h b/layout/generic/nsBlockFrame.h
-index 1a6bb1e..07f7508 100644
---- a/layout/generic/nsBlockFrame.h
-+++ b/layout/generic/nsBlockFrame.h
-@@ -533,10 +533,16 @@ protected:
- return GetStateBits() & NS_BLOCK_HAS_OVERFLOW_OUT_OF_FLOWS;
- }
-
-- /** grab pushed floats from this block's prevInFlow, and splice
-- * them into this block's mFloats list.
-- */
-- void DrainPushedFloats(nsBlockReflowState& aState);
-+ /**
-+ * Moves frames from our PushedFloats list back into our mFloats list.
-+ */
-+ void DrainSelfPushedFloats();
-+
-+ /**
-+ * First calls DrainSelfPushedFloats() then grabs pushed floats from this
-+ * block's prev-in-flow, and splice them into this block's mFloats list too.
-+ */
-+ void DrainPushedFloats();
-
- /** Load all our floats into the float manager (without reflowing them).
- * Assumes float manager is in our own coordinate system.
-diff --git a/layout/generic/nsContainerFrame.cpp b/layout/generic/nsContainerFrame.cpp
-index 76f0748..3ffcba7 100644
---- a/layout/generic/nsContainerFrame.cpp
-+++ b/layout/generic/nsContainerFrame.cpp
-@@ -102,16 +102,18 @@ nsContainerFrame::AppendFrames(ChildListID aListID,
- return NS_ERROR_INVALID_ARG;
- }
- }
-- if (aFrameList.NotEmpty()) {
-- mFrames.AppendFrames(this, aFrameList);
-
-- // Ask the parent frame to reflow me.
-- if (aListID == kPrincipalList)
-- {
-- PresContext()->PresShell()->
-- FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-- NS_FRAME_HAS_DIRTY_CHILDREN);
-- }
-+ if (MOZ_UNLIKELY(aFrameList.IsEmpty())) {
-+ return NS_OK;
-+ }
-+
-+ DrainSelfOverflowList(); // ensure the last frame is in mFrames
-+ mFrames.AppendFrames(this, aFrameList);
-+
-+ if (aListID != kNoReflowPrincipalList) {
-+ PresContext()->PresShell()->
-+ FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-+ NS_FRAME_HAS_DIRTY_CHILDREN);
- }
- return NS_OK;
- }
-@@ -131,16 +133,19 @@ nsContainerFrame::InsertFrames(ChildListID aListID,
- return NS_ERROR_INVALID_ARG;
- }
- }
-- if (aFrameList.NotEmpty()) {
-- // Insert frames after aPrevFrame
-- mFrames.InsertFrames(this, aPrevFrame, aFrameList);
-
-- if (aListID == kPrincipalList)
-- {
-- PresContext()->PresShell()->
-- FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-- NS_FRAME_HAS_DIRTY_CHILDREN);
-- }
-+ if (MOZ_UNLIKELY(aFrameList.IsEmpty())) {
-+ return NS_OK;
-+ }
-+
-+ DrainSelfOverflowList(); // ensure aPrevFrame is in mFrames
-+ mFrames.InsertFrames(this, aPrevFrame, aFrameList);
-+
-+ if (aListID != kNoReflowPrincipalList) {
-+ PresContext()->PresShell()->
-+ FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-+ NS_FRAME_HAS_DIRTY_CHILDREN);
-+
- }
- return NS_OK;
- }
-diff --git a/layout/tables/nsTableFrame.cpp b/layout/tables/nsTableFrame.cpp
-index 60613ba..44088da 100644
---- a/layout/tables/nsTableFrame.cpp
-+++ b/layout/tables/nsTableFrame.cpp
-@@ -2232,6 +2232,7 @@ nsTableFrame::AppendFrames(ChildListID aListID,
- InsertColGroups(startColIndex,
- nsFrameList::Slice(mColGroups, f, f->GetNextSibling()));
- } else if (IsRowGroup(display->mDisplay)) {
-+ DrainSelfOverflowList(); // ensure the last frame is in mFrames
- // Append the new row group frame to the sibling chain
- mFrames.AppendFrame(nullptr, f);
-
-@@ -2404,6 +2405,7 @@ nsTableFrame::HomogenousInsertFrames(ChildListID aListID,
- InsertColGroups(startColIndex, newColgroups);
- } else if (IsRowGroup(display->mDisplay)) {
- NS_ASSERTION(aListID == kPrincipalList, "unexpected child list");
-+ DrainSelfOverflowList(); // ensure aPrevFrame is in mFrames
- // Insert the frames in the sibling chain
- const nsFrameList::Slice& newRowGroups =
- mFrames.InsertFrames(nullptr, aPrevFrame, aFrameList);
-diff --git a/layout/tables/nsTableRowFrame.cpp b/layout/tables/nsTableRowFrame.cpp
-index d1c493b..2351de3 100644
---- a/layout/tables/nsTableRowFrame.cpp
-+++ b/layout/tables/nsTableRowFrame.cpp
-@@ -182,6 +182,7 @@ nsTableRowFrame::AppendFrames(ChildListID aListID,
- {
- NS_ASSERTION(aListID == kPrincipalList, "unexpected child list");
-
-+ DrainSelfOverflowList(); // ensure the last frame is in mFrames
- const nsFrameList::Slice& newCells = mFrames.AppendFrames(nullptr, aFrameList);
-
- // Add the new cell frames to the table
-@@ -208,6 +209,7 @@ nsTableRowFrame::InsertFrames(ChildListID aListID,
- NS_ASSERTION(aListID == kPrincipalList, "unexpected child list");
- NS_ASSERTION(!aPrevFrame || aPrevFrame->GetParent() == this,
- "inserting after sibling frame with different parent");
-+ DrainSelfOverflowList(); // ensure aPrevFrame is in mFrames
- //Insert Frames in the frame list
- const nsFrameList::Slice& newCells = mFrames.InsertFrames(nullptr, aPrevFrame, aFrameList);
-
-diff --git a/layout/tables/nsTableRowGroupFrame.cpp b/layout/tables/nsTableRowGroupFrame.cpp
-index 34aaf02..40b349b 100644
---- a/layout/tables/nsTableRowGroupFrame.cpp
-+++ b/layout/tables/nsTableRowGroupFrame.cpp
-@@ -1389,6 +1389,7 @@ nsTableRowGroupFrame::AppendFrames(ChildListID aListID,
- {
- NS_ASSERTION(aListID == kPrincipalList, "unexpected child list");
-
-+ DrainSelfOverflowList(); // ensure the last frame is in mFrames
- ClearRowCursor();
-
- // collect the new row frames in an array
-@@ -1430,6 +1431,7 @@ nsTableRowGroupFrame::InsertFrames(ChildListID aListID,
- NS_ASSERTION(!aPrevFrame || aPrevFrame->GetParent() == this,
- "inserting after sibling frame with different parent");
-
-+ DrainSelfOverflowList(); // ensure aPrevFrame is in mFrames
- ClearRowCursor();
-
- // collect the new row frames in an array
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2708-pt4.patch b/gnu/packages/patches/icecat-CVE-2015-2708-pt4.patch
deleted file mode 100644
index eb2295f5ac..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2708-pt4.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From e6082e031f0fa2a4a7a63ff124c6f22aeb75393d Mon Sep 17 00:00:00 2001
-From: Terrence Cole <terrence@mozilla.com>
-Date: Fri, 10 Apr 2015 08:58:26 -0700
-Subject: [PATCH] Bug 1152177 - Make jsid and Value pre barriers symetrical.
- r=jonco, a=abillings
-
----
- js/src/gc/Barrier.h | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/js/src/gc/Barrier.h b/js/src/gc/Barrier.h
-index 7efd785..9fc6bd0 100644
---- a/js/src/gc/Barrier.h
-+++ b/js/src/gc/Barrier.h
-@@ -1062,6 +1062,8 @@ class BarrieredId
- JS_ASSERT(obj == JSID_TO_OBJECT(value));
- }
- } else if (JSID_IS_STRING(value)) {
-+ if (StringIsPermanentAtom(JSID_TO_STRING(value)))
-+ return;
- JSString *str = JSID_TO_STRING(value);
- JS::shadow::Zone *shadowZone = ShadowZoneOfStringFromAnyThread(str);
- if (shadowZone->needsBarrier()) {
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2710-pt1.patch b/gnu/packages/patches/icecat-CVE-2015-2710-pt1.patch
deleted file mode 100644
index 4f119f6fe9..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2710-pt1.patch
+++ /dev/null
@@ -1,199 +0,0 @@
-From 0bd8486f4088c0845514986f61861688e0be011d Mon Sep 17 00:00:00 2001
-From: Cameron McCormack <cam@mcc.id.au>
-Date: Mon, 6 Apr 2015 09:11:55 -0400
-Subject: [PATCH] Bug 1149542 - Part 1: Return early from SVG text layout if we
- discover mPositions is not long enough. r=dholbert, a=sledru
-
----
- layout/svg/SVGTextFrame.cpp | 59 +++++++++++++++++++++++++++++++--------------
- layout/svg/SVGTextFrame.h | 23 ++++++++++++------
- 2 files changed, 56 insertions(+), 26 deletions(-)
-
-diff --git a/layout/svg/SVGTextFrame.cpp b/layout/svg/SVGTextFrame.cpp
-index 721e699..45327881 100644
---- a/layout/svg/SVGTextFrame.cpp
-+++ b/layout/svg/SVGTextFrame.cpp
-@@ -14,6 +14,7 @@
- #include "gfxTypes.h"
- #include "LookAndFeel.h"
- #include "mozilla/gfx/2D.h"
-+#include "mozilla/Likely.h"
- #include "nsAlgorithm.h"
- #include "nsBlockFrame.h"
- #include "nsCaret.h"
-@@ -4316,23 +4317,28 @@ ShouldStartRunAtIndex(const nsTArray<CharPosition>& aPositions,
- return false;
- }
-
--uint32_t
--SVGTextFrame::ResolvePositions(nsIContent* aContent,
-- uint32_t aIndex,
-- bool aInTextPath,
-- bool& aForceStartOfChunk,
-- nsTArray<gfxPoint>& aDeltas)
-+bool
-+SVGTextFrame::ResolvePositionsForNode(nsIContent* aContent,
-+ uint32_t& aIndex,
-+ bool aInTextPath,
-+ bool& aForceStartOfChunk,
-+ nsTArray<gfxPoint>& aDeltas)
- {
- if (aContent->IsNodeOfType(nsINode::eTEXT)) {
- // We found a text node.
- uint32_t length = static_cast<nsTextNode*>(aContent)->TextLength();
- if (length) {
-+ uint32_t end = aIndex + length;
-+ if (MOZ_UNLIKELY(end > mPositions.Length())) {
-+ MOZ_ASSERT_UNREACHABLE("length of mPositions does not match characters "
-+ "found by iterating content");
-+ return false;
-+ }
- if (aForceStartOfChunk) {
- // Note this character as starting a new anchored chunk.
- mPositions[aIndex].mStartOfChunk = true;
- aForceStartOfChunk = false;
- }
-- uint32_t end = aIndex + length;
- while (aIndex < end) {
- // Record whether each of these characters should start a new rendered
- // run. That is always the case for characters on a text path.
-@@ -4345,18 +4351,23 @@ SVGTextFrame::ResolvePositions(nsIContent* aContent,
- aIndex++;
- }
- }
-- return aIndex;
-+ return true;
- }
-
- // Skip past elements that aren't text content elements.
- if (!IsTextContentElement(aContent)) {
-- return aIndex;
-+ return true;
- }
-
- if (aContent->Tag() == nsGkAtoms::textPath) {
- // <textPath> elements are as if they are specified with x="0" y="0", but
- // only if they actually have some text content.
- if (HasTextContent(aContent)) {
-+ if (MOZ_UNLIKELY(aIndex >= mPositions.Length())) {
-+ MOZ_ASSERT_UNREACHABLE("length of mPositions does not match characters "
-+ "found by iterating content");
-+ return false;
-+ }
- mPositions[aIndex].mPosition = gfxPoint();
- mPositions[aIndex].mStartOfChunk = true;
- }
-@@ -4376,8 +4387,14 @@ SVGTextFrame::ResolvePositions(nsIContent* aContent,
- rotate = &animatedRotate->GetAnimValue();
- }
-
-- uint32_t count = GetTextContentLength(aContent);
- bool percentages = false;
-+ uint32_t count = GetTextContentLength(aContent);
-+
-+ if (MOZ_UNLIKELY(aIndex + count > mPositions.Length())) {
-+ MOZ_ASSERT_UNREACHABLE("length of mPositions does not match characters "
-+ "found by iterating content");
-+ return false;
-+ }
-
- // New text anchoring chunks start at each character assigned a position
- // with x="" or y="", or if we forced one with aForceStartOfChunk due to
-@@ -4456,8 +4473,11 @@ SVGTextFrame::ResolvePositions(nsIContent* aContent,
- for (nsIContent* child = aContent->GetFirstChild();
- child;
- child = child->GetNextSibling()) {
-- aIndex = ResolvePositions(child, aIndex, inTextPath, aForceStartOfChunk,
-- aDeltas);
-+ bool ok = ResolvePositionsForNode(child, aIndex, inTextPath,
-+ aForceStartOfChunk, aDeltas);
-+ if (!ok) {
-+ return false;
-+ }
- }
-
- if (aContent->Tag() == nsGkAtoms::textPath) {
-@@ -4465,7 +4485,7 @@ SVGTextFrame::ResolvePositions(nsIContent* aContent,
- aForceStartOfChunk = true;
- }
-
-- return aIndex;
-+ return true;
- }
-
- bool
-@@ -4501,8 +4521,10 @@ SVGTextFrame::ResolvePositions(nsTArray<gfxPoint>& aDeltas,
-
- // Recurse over the content and fill in character positions as we go.
- bool forceStartOfChunk = false;
-- return ResolvePositions(mContent, 0, aRunPerGlyph,
-- forceStartOfChunk, aDeltas) != 0;
-+ index = 0;
-+ bool ok = ResolvePositionsForNode(mContent, index, aRunPerGlyph,
-+ forceStartOfChunk, aDeltas);
-+ return ok && index > 0;
- }
-
- void
-@@ -4958,9 +4980,10 @@ SVGTextFrame::DoGlyphPositioning()
- // Get the x, y, dx, dy, rotate values for the subtree.
- nsTArray<gfxPoint> deltas;
- if (!ResolvePositions(deltas, adjustingTextLength)) {
-- // If ResolvePositions returned false, it means that there were some
-- // characters in the DOM but none of them are displayed. Clear out
-- // mPositions so that we don't attempt to do any painting later.
-+ // If ResolvePositions returned false, it means either there were some
-+ // characters in the DOM but none of them are displayed, or there was
-+ // an error in processing mPositions. Clear out mPositions so that we don't
-+ // attempt to do any painting later.
- mPositions.Clear();
- return;
- }
-diff --git a/layout/svg/SVGTextFrame.h b/layout/svg/SVGTextFrame.h
-index 48951f7..912af8b 100644
---- a/layout/svg/SVGTextFrame.h
-+++ b/layout/svg/SVGTextFrame.h
-@@ -505,15 +505,18 @@ private:
- * Recursive helper for ResolvePositions below.
- *
- * @param aContent The current node.
-- * @param aIndex The current character index.
-+ * @param aIndex (in/out) The current character index.
- * @param aInTextPath Whether we are currently under a <textPath> element.
-- * @param aForceStartOfChunk Whether the next character we find should start a
-- * new anchored chunk.
-- * @return The character index we got up to.
-+ * @param aForceStartOfChunk (in/out) Whether the next character we find
-+ * should start a new anchored chunk.
-+ * @param aDeltas (in/out) Receives the resolved dx/dy values for each
-+ * character.
-+ * @return false if we discover that mPositions did not have enough
-+ * elements; true otherwise.
- */
-- uint32_t ResolvePositions(nsIContent* aContent, uint32_t aIndex,
-- bool aInTextPath, bool& aForceStartOfChunk,
-- nsTArray<gfxPoint>& aDeltas);
-+ bool ResolvePositionsForNode(nsIContent* aContent, uint32_t& aIndex,
-+ bool aInTextPath, bool& aForceStartOfChunk,
-+ nsTArray<gfxPoint>& aDeltas);
-
- /**
- * Initializes mPositions with character position information based on
-@@ -521,9 +524,13 @@ private:
- * was not given for that character. Also fills aDeltas with values based on
- * dx/dy attributes.
- *
-+ * @param aDeltas (in/out) Receives the resolved dx/dy values for each
-+ * character.
- * @param aRunPerGlyph Whether mPositions should record that a new run begins
- * at each glyph.
-- * @return True if we recorded any positions.
-+ * @return false if we did not record any positions (due to having no
-+ * displayed characters) or if we discover that mPositions did not have
-+ * enough elements; true otherwise.
- */
- bool ResolvePositions(nsTArray<gfxPoint>& aDeltas, bool aRunPerGlyph);
-
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2710-pt2.patch b/gnu/packages/patches/icecat-CVE-2015-2710-pt2.patch
deleted file mode 100644
index 26a10ca2e4..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2710-pt2.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From f7c0070831e72735c43beb426ac0c2ce33403f4f Mon Sep 17 00:00:00 2001
-From: Cameron McCormack <cam@mcc.id.au>
-Date: Mon, 6 Apr 2015 09:12:06 -0400
-Subject: [PATCH] Bug 1149542 - Part 2: Track undisplayed characters before
- empty text frames properly. r=dholbert, a=sledru
-
----
- layout/svg/SVGTextFrame.cpp | 29 ++++++++++++++++-------------
- 1 file changed, 16 insertions(+), 13 deletions(-)
-
-diff --git a/layout/svg/SVGTextFrame.cpp b/layout/svg/SVGTextFrame.cpp
-index 45327881..9d331b8 100644
---- a/layout/svg/SVGTextFrame.cpp
-+++ b/layout/svg/SVGTextFrame.cpp
-@@ -290,22 +290,25 @@ GetNonEmptyTextFrameAndNode(nsIFrame* aFrame,
- nsTextNode*& aTextNode)
- {
- nsTextFrame* text = do_QueryFrame(aFrame);
-- if (!text) {
-- return false;
-- }
-+ bool isNonEmptyTextFrame = text && text->GetContentLength() != 0;
-
-- nsIContent* content = text->GetContent();
-- NS_ASSERTION(content && content->IsNodeOfType(nsINode::eTEXT),
-- "unexpected content type for nsTextFrame");
-+ if (isNonEmptyTextFrame) {
-+ nsIContent* content = text->GetContent();
-+ NS_ASSERTION(content && content->IsNodeOfType(nsINode::eTEXT),
-+ "unexpected content type for nsTextFrame");
-
-- nsTextNode* node = static_cast<nsTextNode*>(content);
-- if (node->TextLength() == 0) {
-- return false;
-+ nsTextNode* node = static_cast<nsTextNode*>(content);
-+ MOZ_ASSERT(node->TextLength() != 0,
-+ "frame's GetContentLength() should be 0 if the text node "
-+ "has no content");
-+
-+ aTextFrame = text;
-+ aTextNode = node;
- }
-
-- aTextFrame = text;
-- aTextNode = node;
-- return true;
-+ MOZ_ASSERT(IsNonEmptyTextFrame(aFrame) == isNonEmptyTextFrame,
-+ "our logic should agree with IsNonEmptyTextFrame");
-+ return isNonEmptyTextFrame;
- }
-
- /**
-@@ -1298,7 +1301,7 @@ GetUndisplayedCharactersBeforeFrame(nsTextFrame* aFrame)
- /**
- * Traverses the nsTextFrames for an SVGTextFrame and records a
- * TextNodeCorrespondenceProperty on each for the number of undisplayed DOM
-- * characters between each frame. This is done by iterating simultaenously
-+ * characters between each frame. This is done by iterating simultaneously
- * over the nsTextNodes and nsTextFrames and noting when nsTextNodes (or
- * parts of them) are skipped when finding the next nsTextFrame.
- */
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2710-pt3.patch b/gnu/packages/patches/icecat-CVE-2015-2710-pt3.patch
deleted file mode 100644
index 6759506213..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2710-pt3.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 2cda46e6158a459b56b392c8e389b055fdf740ca Mon Sep 17 00:00:00 2001
-From: Ryan VanderMeulen <ryanvm@gmail.com>
-Date: Mon, 6 Apr 2015 22:59:41 -0400
-Subject: [PATCH] Bug 1149542 - Replace MOZ_ASSERT_UNREACHABLE with MOZ_ASSERT.
- r=dholbert, a=bustage
-
----
- layout/svg/SVGTextFrame.cpp | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/layout/svg/SVGTextFrame.cpp b/layout/svg/SVGTextFrame.cpp
-index 9d331b8..e7b7275 100644
---- a/layout/svg/SVGTextFrame.cpp
-+++ b/layout/svg/SVGTextFrame.cpp
-@@ -4333,8 +4333,8 @@ SVGTextFrame::ResolvePositionsForNode(nsIContent* aContent,
- if (length) {
- uint32_t end = aIndex + length;
- if (MOZ_UNLIKELY(end > mPositions.Length())) {
-- MOZ_ASSERT_UNREACHABLE("length of mPositions does not match characters "
-- "found by iterating content");
-+ MOZ_ASSERT(false, "length of mPositions does not match characters "
-+ "found by iterating content");
- return false;
- }
- if (aForceStartOfChunk) {
-@@ -4367,8 +4367,8 @@ SVGTextFrame::ResolvePositionsForNode(nsIContent* aContent,
- // only if they actually have some text content.
- if (HasTextContent(aContent)) {
- if (MOZ_UNLIKELY(aIndex >= mPositions.Length())) {
-- MOZ_ASSERT_UNREACHABLE("length of mPositions does not match characters "
-- "found by iterating content");
-+ MOZ_ASSERT(false, "length of mPositions does not match characters "
-+ "found by iterating content");
- return false;
- }
- mPositions[aIndex].mPosition = gfxPoint();
-@@ -4394,8 +4394,8 @@ SVGTextFrame::ResolvePositionsForNode(nsIContent* aContent,
- uint32_t count = GetTextContentLength(aContent);
-
- if (MOZ_UNLIKELY(aIndex + count > mPositions.Length())) {
-- MOZ_ASSERT_UNREACHABLE("length of mPositions does not match characters "
-- "found by iterating content");
-+ MOZ_ASSERT(false, "length of mPositions does not match characters "
-+ "found by iterating content");
- return false;
- }
-
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2713-pt1.patch b/gnu/packages/patches/icecat-CVE-2015-2713-pt1.patch
deleted file mode 100644
index 9e52759ae8..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2713-pt1.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From 2b1c90da3e849e1c9d7457658290aa8eb01d0fa9 Mon Sep 17 00:00:00 2001
-From: Mats Palmgren <mats@mozilla.com>
-Date: Thu, 16 Apr 2015 09:04:19 +0000
-Subject: [PATCH] Bug 1153478 - Part 1: Add nsInlineFrame::StealFrame and make
- it deal with being called on the wrong parent for aChild (due to lazy
- reparenting). r=roc, a=sledru
-
----
- layout/generic/nsContainerFrame.cpp | 7 +++----
- layout/generic/nsInlineFrame.cpp | 39 +++++++++++++++++++++++++++++++++++++
- layout/generic/nsInlineFrame.h | 4 +++-
- 3 files changed, 45 insertions(+), 5 deletions(-)
-
-diff --git a/layout/generic/nsContainerFrame.cpp b/layout/generic/nsContainerFrame.cpp
-index 3ffcba7..34878af 100644
---- a/layout/generic/nsContainerFrame.cpp
-+++ b/layout/generic/nsContainerFrame.cpp
-@@ -172,13 +172,12 @@ nsContainerFrame::RemoveFrame(ChildListID aListID,
- nsIPresShell* shell = PresContext()->PresShell();
- nsContainerFrame* lastParent = nullptr;
- while (aOldFrame) {
-- //XXXfr probably should use StealFrame here. I'm not sure if we need to
-- // check the overflow lists atm, but we'll need a prescontext lookup
-- // for overflow containers once we can split abspos elements with
-- // inline containing blocks.
- nsIFrame* oldFrameNextContinuation = aOldFrame->GetNextContinuation();
- nsContainerFrame* parent =
- static_cast<nsContainerFrame*>(aOldFrame->GetParent());
-+ // Please note that 'parent' may not actually be where 'aOldFrame' lives.
-+ // We really MUST use StealFrame() and nothing else here.
-+ // @see nsInlineFrame::StealFrame for details.
- parent->StealFrame(aOldFrame, true);
- aOldFrame->Destroy();
- aOldFrame = oldFrameNextContinuation;
-diff --git a/layout/generic/nsInlineFrame.cpp b/layout/generic/nsInlineFrame.cpp
-index 526041e..a392a15 100644
---- a/layout/generic/nsInlineFrame.cpp
-+++ b/layout/generic/nsInlineFrame.cpp
-@@ -172,6 +172,45 @@ nsInlineFrame::PeekOffsetCharacter(bool aForward, int32_t* aOffset,
- return CONTINUE;
- }
-
-+nsresult
-+nsInlineFrame::StealFrame(nsIFrame* aChild,
-+ bool aForceNormal)
-+{
-+ if (aChild->HasAnyStateBits(NS_FRAME_IS_OVERFLOW_CONTAINER) &&
-+ !aForceNormal) {
-+ return nsContainerFrame::StealFrame(aChild, aForceNormal);
-+ }
-+
-+ nsInlineFrame* parent = this;
-+ bool removed = false;
-+ do {
-+ removed = parent->mFrames.StartRemoveFrame(aChild);
-+ if (removed) {
-+ break;
-+ }
-+
-+ // We didn't find the child in our principal child list.
-+ // Maybe it's on the overflow list?
-+ nsFrameList* frameList = parent->GetOverflowFrames();
-+ if (frameList) {
-+ removed = frameList->ContinueRemoveFrame(aChild);
-+ if (frameList->IsEmpty()) {
-+ parent->DestroyOverflowList();
-+ }
-+ if (removed) {
-+ break;
-+ }
-+ }
-+
-+ // Due to our "lazy reparenting" optimization 'aChild' might not actually
-+ // be on any of our child lists, but instead in one of our next-in-flows.
-+ parent = static_cast<nsInlineFrame*>(parent->GetNextInFlow());
-+ } while (parent);
-+
-+ MOZ_ASSERT(removed, "nsInlineFrame::StealFrame: can't find aChild");
-+ return removed ? NS_OK : NS_ERROR_UNEXPECTED;
-+}
-+
- void
- nsInlineFrame::BuildDisplayList(nsDisplayListBuilder* aBuilder,
- const nsRect& aDirtyRect,
-diff --git a/layout/generic/nsInlineFrame.h b/layout/generic/nsInlineFrame.h
-index 1a9899e..3e49241 100644
---- a/layout/generic/nsInlineFrame.h
-+++ b/layout/generic/nsInlineFrame.h
-@@ -61,7 +61,9 @@ public:
-
- virtual FrameSearchResult PeekOffsetCharacter(bool aForward, int32_t* aOffset,
- bool aRespectClusters = true) MOZ_OVERRIDE;
--
-+
-+ virtual nsresult StealFrame(nsIFrame* aChild, bool aForceNormal) MOZ_OVERRIDE;
-+
- // nsIHTMLReflow overrides
- virtual void AddInlineMinWidth(nsRenderingContext *aRenderingContext,
- InlineMinWidthData *aData) MOZ_OVERRIDE;
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2713-pt2.patch b/gnu/packages/patches/icecat-CVE-2015-2713-pt2.patch
deleted file mode 100644
index b1f2adde47..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2713-pt2.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From d84ed2990dd2304fef752213f1908280ff24d77c Mon Sep 17 00:00:00 2001
-From: Mats Palmgren <mats@mozilla.com>
-Date: Thu, 16 Apr 2015 09:04:19 +0000
-Subject: [PATCH] Bug 1153478 - Part 2: Remove useless assertions. r=roc,
- a=sledru
-
----
- layout/generic/nsContainerFrame.cpp | 1 -
- layout/generic/nsInlineFrame.cpp | 3 ---
- 2 files changed, 4 deletions(-)
-
-diff --git a/layout/generic/nsContainerFrame.cpp b/layout/generic/nsContainerFrame.cpp
-index 34878af..b95bddd 100644
---- a/layout/generic/nsContainerFrame.cpp
-+++ b/layout/generic/nsContainerFrame.cpp
-@@ -1516,7 +1516,6 @@ nsContainerFrame::DrainSelfOverflowList()
- {
- AutoFrameListPtr overflowFrames(PresContext(), StealOverflowFrames());
- if (overflowFrames) {
-- NS_ASSERTION(mFrames.NotEmpty(), "overflow list w/o frames");
- mFrames.AppendFrames(nullptr, *overflowFrames);
- return true;
- }
-diff --git a/layout/generic/nsInlineFrame.cpp b/layout/generic/nsInlineFrame.cpp
-index a392a15..e0922bb 100644
---- a/layout/generic/nsInlineFrame.cpp
-+++ b/layout/generic/nsInlineFrame.cpp
-@@ -449,7 +449,6 @@ nsInlineFrame::DrainSelfOverflowListInternal(DrainFlags aFlags,
- {
- AutoFrameListPtr overflowFrames(PresContext(), StealOverflowFrames());
- if (overflowFrames) {
-- NS_ASSERTION(mFrames.NotEmpty(), "overflow list w/o frames");
- // The frames on our own overflowlist may have been pushed by a
- // previous lazilySetParentPointer Reflow so we need to ensure the
- // correct parent pointer. This is sometimes skipped by Reflow.
-@@ -1157,8 +1156,6 @@ nsFirstLineFrame::DrainSelfOverflowList()
- {
- AutoFrameListPtr overflowFrames(PresContext(), StealOverflowFrames());
- if (overflowFrames) {
-- NS_ASSERTION(mFrames.NotEmpty(), "overflow list w/o frames");
--
- bool result = !overflowFrames->IsEmpty();
- const nsFrameList::Slice& newFrames =
- mFrames.AppendFrames(nullptr, *overflowFrames);
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-2716.patch b/gnu/packages/patches/icecat-CVE-2015-2716.patch
deleted file mode 100644
index ce036a0921..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-2716.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 9dcb4563847cb6e2a8112dca03d2684907f96313 Mon Sep 17 00:00:00 2001
-From: Eric Rahm <erahm@mozilla.com>
-Date: Fri, 10 Apr 2015 15:50:23 -0700
-Subject: [PATCH] Bug 1140537 - Sanity check size calculations. r=peterv,
- a=abillings
-
----
- parser/expat/lib/xmlparse.c | 23 +++++++++++++++++++++--
- 1 file changed, 21 insertions(+), 2 deletions(-)
-
-diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c
-index 70acf1a..436b735 100644
---- a/parser/expat/lib/xmlparse.c
-+++ b/parser/expat/lib/xmlparse.c
-@@ -1651,6 +1651,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal)
- void * XMLCALL
- XML_GetBuffer(XML_Parser parser, int len)
- {
-+/* BEGIN MOZILLA CHANGE (sanity check len) */
-+ if (len < 0) {
-+ errorCode = XML_ERROR_NO_MEMORY;
-+ return NULL;
-+ }
-+/* END MOZILLA CHANGE */
- switch (ps_parsing) {
- case XML_SUSPENDED:
- errorCode = XML_ERROR_SUSPENDED;
-@@ -1662,8 +1668,13 @@ XML_GetBuffer(XML_Parser parser, int len)
- }
-
- if (len > bufferLim - bufferEnd) {
-- /* FIXME avoid integer overflow */
- int neededSize = len + (int)(bufferEnd - bufferPtr);
-+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
-+ if (neededSize < 0) {
-+ errorCode = XML_ERROR_NO_MEMORY;
-+ return NULL;
-+ }
-+/* END MOZILLA CHANGE */
- #ifdef XML_CONTEXT_BYTES
- int keep = (int)(bufferPtr - buffer);
-
-@@ -1692,7 +1703,15 @@ XML_GetBuffer(XML_Parser parser, int len)
- bufferSize = INIT_BUFFER_SIZE;
- do {
- bufferSize *= 2;
-- } while (bufferSize < neededSize);
-+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
-+ } while (bufferSize < neededSize && bufferSize > 0);
-+/* END MOZILLA CHANGE */
-+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
-+ if (bufferSize <= 0) {
-+ errorCode = XML_ERROR_NO_MEMORY;
-+ return NULL;
-+ }
-+/* END MOZILLA CHANGE */
- newBuf = (char *)MALLOC(bufferSize);
- if (newBuf == 0) {
- errorCode = XML_ERROR_NO_MEMORY;
---
-2.2.1
-