diff options
author | Mark H Weaver <mhw@netris.org> | 2016-02-05 12:17:00 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-02-05 16:00:25 -0500 |
commit | a7d8c466db633bbdf10c0aebce7128c627c28342 (patch) | |
tree | 0c3b0d8023c548a36c1b3476c039e2e5908d9fb5 | |
parent | 95b754a17ad3192086a9e8ce514e25d980039d50 (diff) | |
download | patches-a7d8c466db633bbdf10c0aebce7128c627c28342.tar patches-a7d8c466db633bbdf10c0aebce7128c627c28342.tar.gz |
gnu: icecat: Update to 38.6.0-gnu1.
* gnu/packages/patches/icecat-bug-1146335-pt1.patch,
gnu/packages/patches/icecat-bug-1146335-pt2.patch,
gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch,
gnu/packages/patches/icecat-CVE-2016-1935.patch: Delete files.
* gnu-system.am (dist_patch_DATA): Remove them.
* gnu/packages/gnuzilla.scm (icecat): Update to 38.6.0-gnu1.
[source]: Remove patches.
21 files changed, 3 insertions, 1770 deletions
diff --git a/gnu-system.am b/gnu-system.am index 04bd519055..749814d287 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -520,26 +520,7 @@ dist_patch_DATA = \ gnu/packages/patches/hop-linker-flags.patch \ gnu/packages/patches/hydra-automake-1.15.patch \ gnu/packages/patches/hydra-disable-darcs-test.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch \ - gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch \ - gnu/packages/patches/icecat-CVE-2016-1935.patch \ gnu/packages/patches/icecat-avoid-bundled-includes.patch \ - gnu/packages/patches/icecat-bug-1146335-pt1.patch \ - gnu/packages/patches/icecat-bug-1146335-pt2.patch \ - gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch \ gnu/packages/patches/icu4c-CVE-2014-6585.patch \ gnu/packages/patches/icu4c-CVE-2015-1270.patch \ gnu/packages/patches/icu4c-CVE-2015-4760.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 62010dbf6b..7978ca6abe 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -277,7 +277,7 @@ standards.") (define-public icecat (package (name "icecat") - (version "38.5.2-gnu1") + (version "38.6.0-gnu1") (source (origin (method url-fetch) @@ -286,28 +286,9 @@ standards.") name "-" version ".tar.bz2")) (sha256 (base32 - "0m18xyb0rd02yaw9xd5z4bab1wr2599iszzqhm86c134jv5vk6cg")) + "0bd4k5cwr8ynscaxffvj2x3kgky3dmjq0qhpcb931l98bh0103lx")) (patches (map search-patch - '("icecat-avoid-bundled-includes.patch" - "icecat-CVE-2016-1930-pt01.patch" - "icecat-CVE-2016-1930-pt02.patch" - "icecat-CVE-2016-1930-pt03.patch" - "icecat-CVE-2016-1930-pt04.patch" - "icecat-CVE-2016-1930-pt05.patch" - "icecat-CVE-2016-1930-pt06.patch" - "icecat-CVE-2016-1930-pt07.patch" - "icecat-CVE-2016-1930-pt08.patch" - "icecat-CVE-2016-1930-pt09.patch" - "icecat-CVE-2016-1930-pt10.patch" - "icecat-CVE-2016-1930-pt11.patch" - "icecat-CVE-2016-1930-pt12.patch" - "icecat-CVE-2016-1930-pt13.patch" - "icecat-bug-1146335-pt1.patch" - "icecat-bug-1146335-pt2.patch" - "icecat-CVE-2016-1935.patch" - "icecat-CVE-2016-1930-pt14.patch" - "icecat-CVE-2016-1930-pt15.patch" - "icecat-limit-max-buffers-size-for-ANGLE.patch"))) + '("icecat-avoid-bundled-includes.patch"))) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch deleted file mode 100644 index 27768fa1ac..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch +++ /dev/null @@ -1,34 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/925215cae26f -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233346 - -# HG changeset patch -# User Nils Ohlmeier <drno@ohlmeier.org> -# Date 1451439902 18000 -# Node ID 925215cae26f9c0ccff07ef403a5b3194a4c45c4 -# Parent ff8e52467d793e935b80bf22a722a71a96fe2d63 -Bug 1233346 - r=ekr a=abillings - -diff --git a/media/mtransport/third_party/nICEr/src/stun/addrs.c b/media/mtransport/third_party/nICEr/src/stun/addrs.c ---- a/media/mtransport/third_party/nICEr/src/stun/addrs.c -+++ b/media/mtransport/third_party/nICEr/src/stun/addrs.c -@@ -530,16 +530,18 @@ stun_get_win32_addrs(nr_local_addr addrs - - for (tmpAddress = AdapterAddresses; tmpAddress != NULL; tmpAddress = tmpAddress->Next) { - char *c; - - if (tmpAddress->OperStatus != IfOperStatusUp) - continue; - - snprintf(munged_ifname, IFNAMSIZ, "%S%c", tmpAddress->FriendlyName, 0); -+ munged_ifname[IFNAMSIZ-1] = '\0'; -+ - /* replace spaces with underscores */ - c = strchr(munged_ifname, ' '); - while (c != NULL) { - *c = '_'; - c = strchr(munged_ifname, ' '); - } - c = strchr(munged_ifname, '.'); - while (c != NULL) { - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch deleted file mode 100644 index fa1804eb82..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch +++ /dev/null @@ -1,33 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/fc78180165a8 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670 - -# HG changeset patch -# User Karl Tomlinson <karlt+@karlt.net> -# Date 1449117514 -46800 -# Node ID fc78180165a8262c80bbb722ed99b2e0c27b02d0 -# Parent 925215cae26f9c0ccff07ef403a5b3194a4c45c4 -bug 1223670 assert that connected streams have the same graph r=padenot a=abillings - -diff --git a/dom/media/MediaStreamGraph.cpp b/dom/media/MediaStreamGraph.cpp ---- a/dom/media/MediaStreamGraph.cpp -+++ b/dom/media/MediaStreamGraph.cpp -@@ -2696,16 +2696,17 @@ ProcessedMediaStream::AllocateInputPort( - unused << mPort.forget(); - } - virtual void RunDuringShutdown() - { - Run(); - } - nsRefPtr<MediaInputPort> mPort; - }; -+ MOZ_ASSERT(aStream->GraphImpl() == GraphImpl()); - nsRefPtr<MediaInputPort> port = new MediaInputPort(aStream, this, aFlags, - aInputNumber, aOutputNumber); - port->SetGraphImpl(GraphImpl()); - GraphImpl()->AppendMessage(new Message(port)); - return port.forget(); - } - - void - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch deleted file mode 100644 index cf0843b8b3..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch +++ /dev/null @@ -1,308 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f746c38d160e -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670 - -# HG changeset patch -# User Karl Tomlinson <karlt+@karlt.net> -# Date 1449764754 18000 -# Node ID f746c38d160ea29088c15cacae44f3662befaec5 -# Parent fc78180165a8262c80bbb722ed99b2e0c27b02d0 -bug 1223670 replace public constructors with fallible factory methods r=baku a=abillings - -diff --git a/dom/media/webaudio/AudioContext.cpp b/dom/media/webaudio/AudioContext.cpp ---- a/dom/media/webaudio/AudioContext.cpp -+++ b/dom/media/webaudio/AudioContext.cpp -@@ -299,32 +299,29 @@ AudioContext::CreateMediaElementSource(H - aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); - return nullptr; - } - #endif - nsRefPtr<DOMMediaStream> stream = aMediaElement.MozCaptureStream(aRv); - if (aRv.Failed()) { - return nullptr; - } -- nsRefPtr<MediaElementAudioSourceNode> mediaElementAudioSourceNode = -- new MediaElementAudioSourceNode(this, stream); -- return mediaElementAudioSourceNode.forget(); -+ return MediaElementAudioSourceNode::Create(this, stream, aRv); - } - - already_AddRefed<MediaStreamAudioSourceNode> - AudioContext::CreateMediaStreamSource(DOMMediaStream& aMediaStream, - ErrorResult& aRv) - { - if (mIsOffline) { - aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); - return nullptr; - } -- nsRefPtr<MediaStreamAudioSourceNode> mediaStreamAudioSourceNode = -- new MediaStreamAudioSourceNode(this, &aMediaStream); -- return mediaStreamAudioSourceNode.forget(); -+ -+ return MediaStreamAudioSourceNode::Create(this, &aMediaStream, aRv); - } - - already_AddRefed<GainNode> - AudioContext::CreateGain() - { - nsRefPtr<GainNode> gainNode = new GainNode(this); - return gainNode.forget(); - } -diff --git a/dom/media/webaudio/AudioNode.cpp b/dom/media/webaudio/AudioNode.cpp ---- a/dom/media/webaudio/AudioNode.cpp -+++ b/dom/media/webaudio/AudioNode.cpp -@@ -61,34 +61,29 @@ AudioNode::AudioNode(AudioContext* aCont - ChannelInterpretation aChannelInterpretation) - : DOMEventTargetHelper(aContext->GetParentObject()) - , mContext(aContext) - , mChannelCount(aChannelCount) - , mChannelCountMode(aChannelCountMode) - , mChannelInterpretation(aChannelInterpretation) - , mId(gId++) - , mPassThrough(false) --#ifdef DEBUG -- , mDemiseNotified(false) --#endif - { - MOZ_ASSERT(aContext); - DOMEventTargetHelper::BindToOwner(aContext->GetParentObject()); - aContext->UpdateNodeCount(1); - } - - AudioNode::~AudioNode() - { - MOZ_ASSERT(mInputNodes.IsEmpty()); - MOZ_ASSERT(mOutputNodes.IsEmpty()); - MOZ_ASSERT(mOutputParams.IsEmpty()); --#ifdef DEBUG -- MOZ_ASSERT(mDemiseNotified, -+ MOZ_ASSERT(!mStream, - "The webaudio-node-demise notification must have been sent"); --#endif - if (mContext) { - mContext->UpdateNodeCount(-1); - } - } - - size_t - AudioNode::SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const - { -@@ -399,19 +394,16 @@ AudioNode::DestroyMediaStream() - mStream = nullptr; - - nsCOMPtr<nsIObserverService> obs = services::GetObserverService(); - if (obs) { - nsAutoString id; - id.AppendPrintf("%u", mId); - obs->NotifyObservers(nullptr, "webaudio-node-demise", id.get()); - } --#ifdef DEBUG -- mDemiseNotified = true; --#endif - } - } - - void - AudioNode::RemoveOutputParam(AudioParam* aParam) - { - mOutputParams.RemoveElement(aParam); - } -diff --git a/dom/media/webaudio/AudioNode.h b/dom/media/webaudio/AudioNode.h ---- a/dom/media/webaudio/AudioNode.h -+++ b/dom/media/webaudio/AudioNode.h -@@ -239,19 +239,14 @@ private: - nsTArray<nsRefPtr<AudioParam> > mOutputParams; - uint32_t mChannelCount; - ChannelCountMode mChannelCountMode; - ChannelInterpretation mChannelInterpretation; - const uint32_t mId; - // Whether the node just passes through its input. This is a devtools API that - // only works for some node types. - bool mPassThrough; --#ifdef DEBUG -- // In debug builds, check to make sure that the node demise notification has -- // been properly sent before the node is destroyed. -- bool mDemiseNotified; --#endif - }; - - } - } - - #endif -diff --git a/dom/media/webaudio/MediaElementAudioSourceNode.cpp b/dom/media/webaudio/MediaElementAudioSourceNode.cpp ---- a/dom/media/webaudio/MediaElementAudioSourceNode.cpp -+++ b/dom/media/webaudio/MediaElementAudioSourceNode.cpp -@@ -5,22 +5,36 @@ - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - - #include "MediaElementAudioSourceNode.h" - #include "mozilla/dom/MediaElementAudioSourceNodeBinding.h" - - namespace mozilla { - namespace dom { - --MediaElementAudioSourceNode::MediaElementAudioSourceNode(AudioContext* aContext, -- DOMMediaStream* aStream) -- : MediaStreamAudioSourceNode(aContext, aStream) -+MediaElementAudioSourceNode::MediaElementAudioSourceNode(AudioContext* aContext) -+ : MediaStreamAudioSourceNode(aContext) - { - } - -+/* static */ already_AddRefed<MediaElementAudioSourceNode> -+MediaElementAudioSourceNode::Create(AudioContext* aContext, -+ DOMMediaStream* aStream, ErrorResult& aRv) -+{ -+ nsRefPtr<MediaElementAudioSourceNode> node = -+ new MediaElementAudioSourceNode(aContext); -+ -+ node->Init(aStream, aRv); -+ if (aRv.Failed()) { -+ return nullptr; -+ } -+ -+ return node.forget(); -+} -+ - JSObject* - MediaElementAudioSourceNode::WrapObject(JSContext* aCx) - { - return MediaElementAudioSourceNodeBinding::Wrap(aCx, this); - } - - } - } -diff --git a/dom/media/webaudio/MediaElementAudioSourceNode.h b/dom/media/webaudio/MediaElementAudioSourceNode.h ---- a/dom/media/webaudio/MediaElementAudioSourceNode.h -+++ b/dom/media/webaudio/MediaElementAudioSourceNode.h -@@ -10,28 +10,30 @@ - #include "MediaStreamAudioSourceNode.h" - - namespace mozilla { - namespace dom { - - class MediaElementAudioSourceNode : public MediaStreamAudioSourceNode - { - public: -- MediaElementAudioSourceNode(AudioContext* aContext, -- DOMMediaStream* aStream); -+ static already_AddRefed<MediaElementAudioSourceNode> -+ Create(AudioContext* aContext, DOMMediaStream* aStream, ErrorResult& aRv); - - virtual JSObject* WrapObject(JSContext* aCx) override; - - virtual const char* NodeType() const override - { - return "MediaElementAudioSourceNode"; - } - - virtual size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const override - { - return aMallocSizeOf(this) + SizeOfExcludingThis(aMallocSizeOf); - } -+private: -+ explicit MediaElementAudioSourceNode(AudioContext* aContext); - }; - - } - } - - #endif -diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp ---- a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp -+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp -@@ -25,26 +25,45 @@ NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_ - NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END - - NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(MediaStreamAudioSourceNode) - NS_INTERFACE_MAP_END_INHERITING(AudioNode) - - NS_IMPL_ADDREF_INHERITED(MediaStreamAudioSourceNode, AudioNode) - NS_IMPL_RELEASE_INHERITED(MediaStreamAudioSourceNode, AudioNode) - --MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* aContext, -- DOMMediaStream* aMediaStream) -+MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* aContext) - : AudioNode(aContext, - 2, - ChannelCountMode::Max, -- ChannelInterpretation::Speakers), -- mInputStream(aMediaStream) -+ ChannelInterpretation::Speakers) - { -+} -+ -+/* static */ already_AddRefed<MediaStreamAudioSourceNode> -+MediaStreamAudioSourceNode::Create(AudioContext* aContext, -+ DOMMediaStream* aStream, ErrorResult& aRv) -+{ -+ nsRefPtr<MediaStreamAudioSourceNode> node = -+ new MediaStreamAudioSourceNode(aContext); -+ -+ node->Init(aStream, aRv); -+ if (aRv.Failed()) { -+ return nullptr; -+ } -+ -+ return node.forget(); -+} -+ -+void -+MediaStreamAudioSourceNode::Init(DOMMediaStream* aMediaStream, ErrorResult& aRv) -+{ -+ mInputStream = aMediaStream; - AudioNodeEngine* engine = new MediaStreamAudioSourceNodeEngine(this); -- mStream = aContext->Graph()->CreateAudioNodeExternalInputStream(engine); -+ mStream = Context()->Graph()->CreateAudioNodeExternalInputStream(engine); - ProcessedMediaStream* outputStream = static_cast<ProcessedMediaStream*>(mStream.get()); - mInputPort = outputStream->AllocateInputPort(aMediaStream->GetStream(), - MediaInputPort::FLAG_BLOCK_INPUT); - mInputStream->AddConsumerToKeepAlive(static_cast<nsIDOMEventTarget*>(this)); - - PrincipalChanged(mInputStream); // trigger enabling/disabling of the connector - mInputStream->AddPrincipalChangeObserver(this); - } -diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.h b/dom/media/webaudio/MediaStreamAudioSourceNode.h ---- a/dom/media/webaudio/MediaStreamAudioSourceNode.h -+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.h -@@ -38,17 +38,18 @@ public: - private: - bool mEnabled; - }; - - class MediaStreamAudioSourceNode : public AudioNode, - public DOMMediaStream::PrincipalChangeObserver - { - public: -- MediaStreamAudioSourceNode(AudioContext* aContext, DOMMediaStream* aMediaStream); -+ static already_AddRefed<MediaStreamAudioSourceNode> -+ Create(AudioContext* aContext, DOMMediaStream* aStream, ErrorResult& aRv); - - NS_DECL_ISUPPORTS_INHERITED - NS_DECL_CYCLE_COLLECTION_CLASS_INHERITED(MediaStreamAudioSourceNode, AudioNode) - - virtual JSObject* WrapObject(JSContext* aCx) override; - - virtual void DestroyMediaStream() override; - -@@ -60,16 +61,18 @@ public: - } - - virtual size_t SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const override; - virtual size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const override; - - virtual void PrincipalChanged(DOMMediaStream* aMediaStream) override; - - protected: -+ explicit MediaStreamAudioSourceNode(AudioContext* aContext); -+ void Init(DOMMediaStream* aMediaStream, ErrorResult& aRv); - virtual ~MediaStreamAudioSourceNode(); - - private: - nsRefPtr<MediaInputPort> mInputPort; - nsRefPtr<DOMMediaStream> mInputStream; - }; - - } - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch deleted file mode 100644 index b212a70d4a..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch +++ /dev/null @@ -1,47 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/6d43ff33bd55 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670 - -# HG changeset patch -# User Karl Tomlinson <karlt+@karlt.net> -# Date 1451362442 -46800 -# Node ID 6d43ff33bd552b8f7a34e4105cf5bcc0a8c8ea8c -# Parent f746c38d160ea29088c15cacae44f3662befaec5 -bug 1223670 throw not supported when creating a node from a stream with different channel r=baku a=abillings - -diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp ---- a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp -+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp -@@ -51,21 +51,29 @@ MediaStreamAudioSourceNode::Create(Audio - } - - return node.forget(); - } - - void - MediaStreamAudioSourceNode::Init(DOMMediaStream* aMediaStream, ErrorResult& aRv) - { -+ MOZ_ASSERT(aMediaStream); -+ MediaStream* inputStream = aMediaStream->GetStream(); -+ MediaStreamGraph* graph = Context()->Graph(); -+ if (NS_WARN_IF(graph != inputStream->Graph())) { -+ aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); -+ return; -+ } -+ - mInputStream = aMediaStream; - AudioNodeEngine* engine = new MediaStreamAudioSourceNodeEngine(this); -- mStream = Context()->Graph()->CreateAudioNodeExternalInputStream(engine); -+ mStream = graph->CreateAudioNodeExternalInputStream(engine); - ProcessedMediaStream* outputStream = static_cast<ProcessedMediaStream*>(mStream.get()); -- mInputPort = outputStream->AllocateInputPort(aMediaStream->GetStream(), -+ mInputPort = outputStream->AllocateInputPort(inputStream, - MediaInputPort::FLAG_BLOCK_INPUT); - mInputStream->AddConsumerToKeepAlive(static_cast<nsIDOMEventTarget*>(this)); - - PrincipalChanged(mInputStream); // trigger enabling/disabling of the connector - mInputStream->AddPrincipalChangeObserver(this); - } - - MediaStreamAudioSourceNode::~MediaStreamAudioSourceNode() - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch deleted file mode 100644 index 3e62c9c5f1..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch +++ /dev/null @@ -1,51 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4f6e81673f69 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670 - -# HG changeset patch -# User Karl Tomlinson <karlt+@karlt.net> -# Date 1449145091 -46800 -# Node ID 4f6e81673f6938719c86516606f2fda493e8c23c -# Parent 6d43ff33bd552b8f7a34e4105cf5bcc0a8c8ea8c -bug 1223670 make SetMozAudioChannelType() private because the type will not change after construction r=baku a=abillings - -diff --git a/dom/media/webaudio/AudioDestinationNode.h b/dom/media/webaudio/AudioDestinationNode.h ---- a/dom/media/webaudio/AudioDestinationNode.h -+++ b/dom/media/webaudio/AudioDestinationNode.h -@@ -57,17 +57,16 @@ public: - void StartRendering(Promise* aPromise); - - void OfflineShutdown(); - - // nsIDOMEventListener - by proxy - NS_IMETHOD HandleEvent(nsIDOMEvent* aEvent) override; - - AudioChannel MozAudioChannelType() const; -- void SetMozAudioChannelType(AudioChannel aValue, ErrorResult& aRv); - - virtual void NotifyMainThreadStateChanged() override; - void FireOfflineCompletionEvent(); - - // An amount that should be added to the MediaStream's current time to - // get the AudioContext.currentTime. - double ExtraCurrentTime(); - -@@ -86,16 +85,17 @@ public: - - void InputMuted(bool aInputMuted); - void ResolvePromise(AudioBuffer* aRenderedBuffer); - - protected: - virtual ~AudioDestinationNode(); - - private: -+ void SetMozAudioChannelType(AudioChannel aValue, ErrorResult& aRv); - bool CheckAudioChannelPermissions(AudioChannel aValue); - - void SetCanPlay(bool aCanPlay); - - void NotifyStableState(); - void ScheduleStableStateNotification(); - - SelfReference<AudioDestinationNode> mOfflineRenderingRef; - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch deleted file mode 100644 index ec1f479ee4..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch +++ /dev/null @@ -1,170 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/93617c30c0df -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230686 - -# HG changeset patch -# User Lee Salzman <lsalzman@mozilla.com> -# Date 1451932822 18000 -# Node ID 93617c30c0df35f719dead526b78649d564f5ac3 -# Parent 4f6e81673f6938719c86516606f2fda493e8c23c -Bug 1230686 - use RefPtr<DrawTarget>& instead of DrawTarget* to track changes in SurfaceFromElement a=ritu - -diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp ---- a/layout/base/nsLayoutUtils.cpp -+++ b/layout/base/nsLayoutUtils.cpp -@@ -6494,17 +6494,17 @@ nsLayoutUtils::IsReallyFixedPos(nsIFrame - nsIAtom *parentType = aFrame->GetParent()->GetType(); - return parentType == nsGkAtoms::viewportFrame || - parentType == nsGkAtoms::pageContentFrame; - } - - nsLayoutUtils::SurfaceFromElementResult - nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement, - uint32_t aSurfaceFlags, -- DrawTarget* aTarget) -+ RefPtr<DrawTarget>& aTarget) - { - SurfaceFromElementResult result; - nsresult rv; - - nsCOMPtr<imgIRequest> imgRequest; - rv = aElement->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST, - getter_AddRefs(imgRequest)); - if (NS_FAILED(rv) || !imgRequest) -@@ -6586,41 +6586,41 @@ nsLayoutUtils::SurfaceFromElement(nsIIma - result.mImageRequest = imgRequest.forget(); - - return result; - } - - nsLayoutUtils::SurfaceFromElementResult - nsLayoutUtils::SurfaceFromElement(HTMLImageElement *aElement, - uint32_t aSurfaceFlags, -- DrawTarget* aTarget) -+ RefPtr<DrawTarget>& aTarget) - { - return SurfaceFromElement(static_cast<nsIImageLoadingContent*>(aElement), - aSurfaceFlags, aTarget); - } - - nsLayoutUtils::SurfaceFromElementResult - nsLayoutUtils::SurfaceFromElement(HTMLCanvasElement* aElement, - uint32_t aSurfaceFlags, -- DrawTarget* aTarget) -+ RefPtr<DrawTarget>& aTarget) - { - SurfaceFromElementResult result; - - bool* isPremultiplied = nullptr; - if (aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) { - isPremultiplied = &result.mIsPremultiplied; - } - - gfxIntSize size = aElement->GetSize(); - - result.mSourceSurface = aElement->GetSurfaceSnapshot(isPremultiplied); - if (!result.mSourceSurface) { - // If the element doesn't have a context then we won't get a snapshot. The canvas spec wants us to not error and just - // draw nothing, so return an empty surface. -- DrawTarget *ref = aTarget ? aTarget : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget(); -+ DrawTarget *ref = aTarget ? aTarget.get() : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget(); - RefPtr<DrawTarget> dt = ref->CreateSimilarDrawTarget(IntSize(size.width, size.height), - SurfaceFormat::B8G8R8A8); - if (dt) { - result.mSourceSurface = dt->Snapshot(); - } - } else if (aTarget) { - RefPtr<SourceSurface> opt = aTarget->OptimizeSourceSurface(result.mSourceSurface); - if (opt) { -@@ -6637,17 +6637,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLCa - result.mIsWriteOnly = aElement->IsWriteOnly(); - - return result; - } - - nsLayoutUtils::SurfaceFromElementResult - nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement, - uint32_t aSurfaceFlags, -- DrawTarget* aTarget) -+ RefPtr<DrawTarget>& aTarget) - { - SurfaceFromElementResult result; - - NS_WARN_IF_FALSE((aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) == 0, "We can't support non-premultiplied alpha for video!"); - - #ifdef MOZ_EME - if (aElement->ContainsRestrictedContent()) { - return result; -@@ -6689,17 +6689,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLVi - result.mIsWriteOnly = false; - - return result; - } - - nsLayoutUtils::SurfaceFromElementResult - nsLayoutUtils::SurfaceFromElement(dom::Element* aElement, - uint32_t aSurfaceFlags, -- DrawTarget* aTarget) -+ RefPtr<DrawTarget>& aTarget) - { - // If it's a <canvas>, we may be able to just grab its internal surface - if (HTMLCanvasElement* canvas = - HTMLCanvasElement::FromContentOrNull(aElement)) { - return SurfaceFromElement(canvas, aSurfaceFlags, aTarget); - } - - // Maybe it's <video>? -diff --git a/layout/base/nsLayoutUtils.h b/layout/base/nsLayoutUtils.h ---- a/layout/base/nsLayoutUtils.h -+++ b/layout/base/nsLayoutUtils.h -@@ -2018,33 +2018,39 @@ public: - bool mIsStillLoading; - /* Whether the element used CORS when loading. */ - bool mCORSUsed; - /* Whether the returned image contains premultiplied pixel data */ - bool mIsPremultiplied; - }; - - static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement, -- uint32_t aSurfaceFlags = 0, -- DrawTarget *aTarget = nullptr); -+ uint32_t aSurfaceFlags, -+ mozilla::RefPtr<DrawTarget>& aTarget); -+ static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement, -+ uint32_t aSurfaceFlags = 0) { -+ mozilla::RefPtr<DrawTarget> target = nullptr; -+ return SurfaceFromElement(aElement, aSurfaceFlags, target); -+ } -+ - static SurfaceFromElementResult SurfaceFromElement(nsIImageLoadingContent *aElement, -- uint32_t aSurfaceFlags = 0, -- DrawTarget *aTarget = nullptr); -+ uint32_t aSurfaceFlags, -+ mozilla::RefPtr<DrawTarget>& aTarget); - // Need an HTMLImageElement overload, because otherwise the - // nsIImageLoadingContent and mozilla::dom::Element overloads are ambiguous - // for HTMLImageElement. - static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLImageElement *aElement, -- uint32_t aSurfaceFlags = 0, -- DrawTarget *aTarget = nullptr); -+ uint32_t aSurfaceFlags, -+ mozilla::RefPtr<DrawTarget>& aTarget); - static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLCanvasElement *aElement, -- uint32_t aSurfaceFlags = 0, -- DrawTarget *aTarget = nullptr); -+ uint32_t aSurfaceFlags, -+ mozilla::RefPtr<DrawTarget>& aTarget); - static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLVideoElement *aElement, -- uint32_t aSurfaceFlags = 0, -- DrawTarget *aTarget = nullptr); -+ uint32_t aSurfaceFlags, -+ mozilla::RefPtr<DrawTarget>& aTarget); - - /** - * When the document is editable by contenteditable attribute of its root - * content or body content. - * - * Be aware, this returns nullptr if it's in designMode. - * - * For example: - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch deleted file mode 100644 index 4f349747c0..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch +++ /dev/null @@ -1,56 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/750e4cfc90f8 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233152 - -# HG changeset patch -# User Jan de Mooij <jdemooij@mozilla.com> -# Date 1451478493 -3600 -# Node ID 750e4cfc90f80df657e44c9c63b1865023d88682 -# Parent 93617c30c0df35f719dead526b78649d564f5ac3 -Bug 1233152 - Use PersistentRooted for ParseTask script and sourceObject. r=terrence a=abillings - -diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp ---- a/js/src/vm/HelperThreads.cpp -+++ b/js/src/vm/HelperThreads.cpp -@@ -198,17 +198,17 @@ static const JSClass parseTaskGlobalClas - - ParseTask::ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, JSContext* initCx, - const char16_t* chars, size_t length, - JS::OffThreadCompileCallback callback, void* callbackData) - : cx(cx), options(initCx), chars(chars), length(length), - alloc(JSRuntime::TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE), - exclusiveContextGlobal(initCx, exclusiveContextGlobal), - callback(callback), callbackData(callbackData), -- script(nullptr), errors(cx), overRecursed(false) -+ script(initCx->runtime(), nullptr), errors(cx), overRecursed(false) - { - } - - bool - ParseTask::init(JSContext* cx, const ReadOnlyCompileOptions& options) - { - if (!this->options.copy(cx, options)) - return false; -diff --git a/js/src/vm/HelperThreads.h b/js/src/vm/HelperThreads.h ---- a/js/src/vm/HelperThreads.h -+++ b/js/src/vm/HelperThreads.h -@@ -472,17 +472,17 @@ struct ParseTask - - // Callback invoked off the main thread when the parse finishes. - JS::OffThreadCompileCallback callback; - void* callbackData; - - // Holds the final script between the invocation of the callback and the - // point where FinishOffThreadScript is called, which will destroy the - // ParseTask. -- JSScript* script; -+ PersistentRootedScript script; - - // Any errors or warnings produced during compilation. These are reported - // when finishing the script. - Vector<frontend::CompileError*> errors; - bool overRecursed; - - ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, - JSContext* initCx, const char16_t* chars, size_t length, - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch deleted file mode 100644 index 406ce1bf2b..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch +++ /dev/null @@ -1,48 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4444e94a99cb -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1221385 - -# HG changeset patch -# User Jan de Mooij <jdemooij@mozilla.com> -# Date 1451478429 -3600 -# Node ID 4444e94a99cb9b00c0351cc8bf5459739cc036a5 -# Parent 750e4cfc90f80df657e44c9c63b1865023d88682 -Bug 1221385 - Handle OOM during JitRuntime initialization a bit better. r=bhackett a=abillings - -diff --git a/js/src/jscompartment.cpp b/js/src/jscompartment.cpp ---- a/js/src/jscompartment.cpp -+++ b/js/src/jscompartment.cpp -@@ -138,28 +138,20 @@ JSRuntime::createJitRuntime(JSContext* c - - // Protect jitRuntime_ from being observed (by InterruptRunningJitCode) - // while it is being initialized. Unfortunately, initialization depends on - // jitRuntime_ being non-null, so we can't just wait to assign jitRuntime_. - JitRuntime::AutoMutateBackedges amb(jrt); - jitRuntime_ = jrt; - - if (!jitRuntime_->initialize(cx)) { -- js_ReportOutOfMemory(cx); -- -- js_delete(jitRuntime_); -- jitRuntime_ = nullptr; -- -- JSCompartment* comp = cx->runtime()->atomsCompartment(); -- if (comp->jitCompartment_) { -- js_delete(comp->jitCompartment_); -- comp->jitCompartment_ = nullptr; -- } -- -- return nullptr; -+ // Handling OOM here is complicated: if we delete jitRuntime_ now, we -+ // will destroy the ExecutableAllocator, even though there may still be -+ // JitCode instances holding references to ExecutablePools. -+ CrashAtUnhandlableOOM("OOM in createJitRuntime"); - } - - return jitRuntime_; - } - - bool - JSCompartment::ensureJitCompartmentExists(JSContext* cx) - { - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch deleted file mode 100644 index e87b95f729..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch +++ /dev/null @@ -1,189 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f31d643afd41 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233925 - -# HG changeset patch -# User Jan de Mooij <jdemooij@mozilla.com> -# Date 1452110721 -3600 -# Node ID f31d643afd4159b5422ae5aebcbbea0a088e018e -# Parent 4444e94a99cb9b00c0351cc8bf5459739cc036a5 -Bug 1233925 - Treat functions with rest more like functions with lazy arguments. r=nbp a=ritu - -diff --git a/js/src/jit/BacktrackingAllocator.cpp b/js/src/jit/BacktrackingAllocator.cpp ---- a/js/src/jit/BacktrackingAllocator.cpp -+++ b/js/src/jit/BacktrackingAllocator.cpp -@@ -201,20 +201,19 @@ BacktrackingAllocator::tryGroupRegisters - // constructor calling convention. - if (IsThisSlotDefinition(reg0->def()) || IsThisSlotDefinition(reg1->def())) { - if (*reg0->def()->output() != *reg1->def()->output()) - return true; - } - - // Registers which might spill to the frame's argument slots can only be - // grouped with other such registers if the frame might access those -- // arguments through a lazy arguments object. -+ // arguments through a lazy arguments object or rest parameter. - if (IsArgumentSlotDefinition(reg0->def()) || IsArgumentSlotDefinition(reg1->def())) { -- JSScript* script = graph.mir().entryBlock()->info().script(); -- if (script && script->argumentsAliasesFormals()) { -+ if (graph.mir().entryBlock()->info().mayReadFrameArgsDirectly()) { - if (*reg0->def()->output() != *reg1->def()->output()) - return true; - } - } - - VirtualRegisterGroup* group0 = reg0->group(), *group1 = reg1->group(); - - if (!group0 && group1) -diff --git a/js/src/jit/CompileInfo.h b/js/src/jit/CompileInfo.h ---- a/js/src/jit/CompileInfo.h -+++ b/js/src/jit/CompileInfo.h -@@ -194,16 +194,17 @@ enum AnalysisMode { - class CompileInfo - { - public: - CompileInfo(JSScript* script, JSFunction* fun, jsbytecode* osrPc, bool constructing, - AnalysisMode analysisMode, bool scriptNeedsArgsObj, - InlineScriptTree* inlineScriptTree) - : script_(script), fun_(fun), osrPc_(osrPc), constructing_(constructing), - analysisMode_(analysisMode), scriptNeedsArgsObj_(scriptNeedsArgsObj), -+ mayReadFrameArgsDirectly_(script->mayReadFrameArgsDirectly()), - inlineScriptTree_(inlineScriptTree) - { - MOZ_ASSERT_IF(osrPc, JSOp(*osrPc) == JSOP_LOOPENTRY); - - // The function here can flow in from anywhere so look up the canonical - // function to ensure that we do not try to embed a nursery pointer in - // jit-code. Precisely because it can flow in from anywhere, it's not - // guaranteed to be non-lazy. Hence, don't access its script! -@@ -222,17 +223,17 @@ class CompileInfo - fixedLexicalBegin_ = script->fixedLexicalBegin(); - nstack_ = script->nslots() - script->nfixed(); - nslots_ = nimplicit_ + nargs_ + nlocals_ + nstack_; - } - - explicit CompileInfo(unsigned nlocals) - : script_(nullptr), fun_(nullptr), osrPc_(nullptr), osrStaticScope_(nullptr), - constructing_(false), analysisMode_(Analysis_None), scriptNeedsArgsObj_(false), -- inlineScriptTree_(nullptr) -+ mayReadFrameArgsDirectly_(false), inlineScriptTree_(nullptr) - { - nimplicit_ = 0; - nargs_ = 0; - nbodyfixed_ = 0; - nlocals_ = nlocals; - nstack_ = 1; /* For FunctionCompiler::pushPhiInput/popPhiOutput */ - nslots_ = nlocals_ + nstack_; - fixedLexicalBegin_ = nlocals; -@@ -539,16 +540,20 @@ class CompileInfo - return false; - - if (needsArgsObj() && isObservableArgumentSlot(slot)) - return false; - - return true; - } - -+ bool mayReadFrameArgsDirectly() const { -+ return mayReadFrameArgsDirectly_; -+ } -+ - private: - unsigned nimplicit_; - unsigned nargs_; - unsigned nbodyfixed_; - unsigned nlocals_; - unsigned nstack_; - unsigned nslots_; - unsigned fixedLexicalBegin_; -@@ -559,15 +564,17 @@ class CompileInfo - bool constructing_; - AnalysisMode analysisMode_; - - // Whether a script needs an arguments object is unstable over compilation - // since the arguments optimization could be marked as failed on the main - // thread, so cache a value here and use it throughout for consistency. - bool scriptNeedsArgsObj_; - -+ bool mayReadFrameArgsDirectly_; -+ - InlineScriptTree* inlineScriptTree_; - }; - - } // namespace jit - } // namespace js - - #endif /* jit_CompileInfo_h */ -diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp ---- a/js/src/jit/JitFrames.cpp -+++ b/js/src/jit/JitFrames.cpp -@@ -1002,17 +1002,17 @@ MarkThisAndArguments(JSTracer* trc, JitF - // formal arguments is taken care of by the frame's safepoint/snapshot, - // except when the script's lazy arguments object aliases those formals, - // in which case we mark them as well. - - size_t nargs = layout->numActualArgs(); - size_t nformals = 0; - if (CalleeTokenIsFunction(layout->calleeToken())) { - JSFunction* fun = CalleeTokenToFunction(layout->calleeToken()); -- nformals = fun->nonLazyScript()->argumentsAliasesFormals() ? 0 : fun->nargs(); -+ nformals = fun->nonLazyScript()->mayReadFrameArgsDirectly() ? 0 : fun->nargs(); - } - - Value* argv = layout->argv(); - - // Trace |this|. - gc::MarkValueRoot(trc, argv, "ion-thisv"); - - // Trace actual arguments beyond the formals. Note + 1 for thisv. -diff --git a/js/src/jsscript.cpp b/js/src/jsscript.cpp ---- a/js/src/jsscript.cpp -+++ b/js/src/jsscript.cpp -@@ -3894,16 +3894,22 @@ JSScript::hasLoops() - JSTryNote* tnlimit = tn + trynotes()->length; - for (; tn < tnlimit; tn++) { - if (tn->kind == JSTRY_FOR_IN || tn->kind == JSTRY_LOOP) - return true; - } - return false; - } - -+bool -+JSScript::mayReadFrameArgsDirectly() -+{ -+ return argumentsHasVarBinding() || (function_ && function_->hasRest()); -+} -+ - static inline void - LazyScriptHash(uint32_t lineno, uint32_t column, uint32_t begin, uint32_t end, - HashNumber hashes[3]) - { - HashNumber hash = lineno; - hash = RotateLeft(hash, 4) ^ column; - hash = RotateLeft(hash, 4) ^ begin; - hash = RotateLeft(hash, 4) ^ end; -diff --git a/js/src/jsscript.h b/js/src/jsscript.h ---- a/js/src/jsscript.h -+++ b/js/src/jsscript.h -@@ -1397,16 +1397,20 @@ class JSScript : public js::gc::TenuredC - } - inline void setFunction(JSFunction* fun); - /* - * De-lazifies the canonical function. Must be called before entering code - * that expects the function to be non-lazy. - */ - inline void ensureNonLazyCanonicalFunction(JSContext* cx); - -+ // Returns true if the script may read formal arguments on the stack -+ // directly, via lazy arguments or a rest parameter. -+ bool mayReadFrameArgsDirectly(); -+ - JSFlatString* sourceData(JSContext* cx); - - static bool loadSource(JSContext* cx, js::ScriptSource* ss, bool* worked); - - void setSourceObject(JSObject* object); - JSObject* sourceObject() const { - return sourceObject_; - } - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch deleted file mode 100644 index b92bfa4f4e..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch +++ /dev/null @@ -1,33 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/debff255c08e -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1234571 - -# HG changeset patch -# User Randell Jesup <rjesup@jesup.org> -# Date 1451928471 18000 -# Node ID debff255c08e898be370e307e1e014f5601c20c6 -# Parent f31d643afd4159b5422ae5aebcbbea0a088e018e -Bug 1234571 - unregister encoded-frame callback when releasing codec databases. r=pkerr, a=al - -diff --git a/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc b/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc ---- a/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc -+++ b/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc -@@ -71,16 +71,17 @@ VCMGenericEncoder::VCMGenericEncoder(Vid - VCMGenericEncoder::~VCMGenericEncoder() - { - } - - int32_t VCMGenericEncoder::Release() - { - _bitRate = 0; - _frameRate = 0; -+ _encoder.RegisterEncodeCompleteCallback(NULL); - _VCMencodedFrameCallback = NULL; - return _encoder.Release(); - } - - int32_t - VCMGenericEncoder::InitEncode(const VideoCodec* settings, - int32_t numberOfCores, - uint32_t maxPayloadSize) - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch deleted file mode 100644 index 2e409d961c..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch +++ /dev/null @@ -1,183 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/0f7224441f20 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1234280 - -# HG changeset patch -# User Benjamin Bouvier <benj@benj.me> -# Date 1450947090 -3600 -# Node ID 0f7224441f2089001f7934b46ac10cb72d267606 -# Parent debff255c08e898be370e307e1e014f5601c20c6 -Bug 1234280: Handle oom in CodeGeneratorShared::allocateData; r=jandem, a=sledru - -diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp ---- a/js/src/jit/CodeGenerator.cpp -+++ b/js/src/jit/CodeGenerator.cpp -@@ -7902,17 +7902,19 @@ const VMFunction GetPropertyIC::UpdateIn - void - CodeGenerator::visitGetPropertyIC(OutOfLineUpdateCache* ool, DataPtr<GetPropertyIC>& ic) - { - LInstruction* lir = ool->lir(); - - if (ic->idempotent()) { - size_t numLocs; - CacheLocationList& cacheLocs = lir->mirRaw()->toGetPropertyCache()->location(); -- size_t locationBase = addCacheLocations(cacheLocs, &numLocs); -+ size_t locationBase; -+ if (!addCacheLocations(cacheLocs, &numLocs, &locationBase)) -+ return; - ic->setLocationInfo(locationBase, numLocs); - } - - saveLive(lir); - - pushArg(ic->object()); - pushArg(Imm32(ool->getCacheIndex())); - pushArg(ImmGCPtr(gen->info().script())); -diff --git a/js/src/jit/shared/CodeGenerator-shared.cpp b/js/src/jit/shared/CodeGenerator-shared.cpp ---- a/js/src/jit/shared/CodeGenerator-shared.cpp -+++ b/js/src/jit/shared/CodeGenerator-shared.cpp -@@ -1527,31 +1527,34 @@ CodeGeneratorShared::jumpToBlock(MBasicB - - masm.propagateOOM(patchableBackedges_.append(PatchableBackedgeInfo(backedge, mir->lir()->label(), oolEntry))); - } else { - masm.j(cond, mir->lir()->label()); - } - } - #endif - --size_t --CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs) -+MOZ_WARN_UNUSED_RESULT bool -+CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs, -+ size_t* curIndex) - { - size_t firstIndex = runtimeData_.length(); - size_t numLocations = 0; - for (CacheLocationList::iterator iter = locs.begin(); iter != locs.end(); iter++) { - // allocateData() ensures that sizeof(CacheLocation) is word-aligned. - // If this changes, we will need to pad to ensure alignment. -- size_t curIndex = allocateData(sizeof(CacheLocation)); -- new (&runtimeData_[curIndex]) CacheLocation(iter->pc, iter->script); -+ if (!allocateData(sizeof(CacheLocation), curIndex)) -+ return false; -+ new (&runtimeData_[*curIndex]) CacheLocation(iter->pc, iter->script); - numLocations++; - } - MOZ_ASSERT(numLocations != 0); - *numLocs = numLocations; -- return firstIndex; -+ *curIndex = firstIndex; -+ return true; - } - - ReciprocalMulConstants - CodeGeneratorShared::computeDivisionConstants(int d) { - // In what follows, d is positive and is not a power of 2. - MOZ_ASSERT(d > 0 && (d & (d - 1)) != 0); - - // Speeding up division by non power-of-2 constants is possible by -diff --git a/js/src/jit/shared/CodeGenerator-shared.h b/js/src/jit/shared/CodeGenerator-shared.h ---- a/js/src/jit/shared/CodeGenerator-shared.h -+++ b/js/src/jit/shared/CodeGenerator-shared.h -@@ -3,16 +3,17 @@ - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - - #ifndef jit_shared_CodeGenerator_shared_h - #define jit_shared_CodeGenerator_shared_h - - #include "mozilla/Alignment.h" -+#include "mozilla/TypeTraits.h" - - #include "jit/JitFrames.h" - #include "jit/LIR.h" - #include "jit/MacroAssembler.h" - #include "jit/MIRGenerator.h" - #include "jit/MIRGraph.h" - #include "jit/OptimizationTracking.h" - #include "jit/Safepoints.h" -@@ -242,24 +243,16 @@ class CodeGeneratorShared : public LElem - return SlotToStackOffset(a->toStackSlot()->slot()); - } - - uint32_t frameSize() const { - return frameClass_ == FrameSizeClass::None() ? frameDepth_ : frameClass_.frameSize(); - } - - protected: -- // Ensure the cache is an IonCache while expecting the size of the derived -- // class. We only need the cache list at GC time. Everyone else can just take -- // runtimeData offsets. -- size_t allocateCache(const IonCache&, size_t size) { -- size_t dataOffset = allocateData(size); -- masm.propagateOOM(cacheList_.append(dataOffset)); -- return dataOffset; -- } - - #ifdef CHECK_OSIPOINT_REGISTERS - void resetOsiPointRegs(LSafepoint* safepoint); - bool shouldVerifyOsiPointRegs(LSafepoint* safepoint); - void verifyOsiPointRegs(LSafepoint* safepoint); - #endif - - bool addNativeToBytecodeEntry(const BytecodeSite* site); -@@ -295,27 +288,33 @@ class CodeGeneratorShared : public LElem - return lookup(); - } - T * operator*() { - return lookup(); - } - }; - - protected: -- -- size_t allocateData(size_t size) { -+ MOZ_WARN_UNUSED_RESULT -+ bool allocateData(size_t size, size_t* offset) { - MOZ_ASSERT(size % sizeof(void*) == 0); -- size_t dataOffset = runtimeData_.length(); -+ *offset = runtimeData_.length(); - masm.propagateOOM(runtimeData_.appendN(0, size)); -- return dataOffset; -+ return !masm.oom(); - } - -+ // Ensure the cache is an IonCache while expecting the size of the derived -+ // class. We only need the cache list at GC time. Everyone else can just take -+ // runtimeData offsets. - template <typename T> - inline size_t allocateCache(const T& cache) { -- size_t index = allocateCache(cache, sizeof(mozilla::AlignedStorage2<T>)); -+ static_assert(mozilla::IsBaseOf<IonCache, T>::value, "T must inherit from IonCache"); -+ size_t index; -+ masm.propagateOOM(allocateData(sizeof(mozilla::AlignedStorage2<T>), &index)); -+ masm.propagateOOM(cacheList_.append(index)); - if (masm.oom()) - return SIZE_MAX; - // Use the copy constructor on the allocated space. - MOZ_ASSERT(index == cacheList_.back()); - new (&runtimeData_[index]) T(cache); - return index; - } - -@@ -475,17 +474,17 @@ class CodeGeneratorShared : public LElem - - void callVM(const VMFunction& f, LInstruction* ins, const Register* dynStack = nullptr); - - template <class ArgSeq, class StoreOutputTo> - inline OutOfLineCode* oolCallVM(const VMFunction& fun, LInstruction* ins, const ArgSeq& args, - const StoreOutputTo& out); - - void addCache(LInstruction* lir, size_t cacheIndex); -- size_t addCacheLocations(const CacheLocationList& locs, size_t* numLocs); -+ bool addCacheLocations(const CacheLocationList& locs, size_t* numLocs, size_t* offset); - ReciprocalMulConstants computeDivisionConstants(int d); - - protected: - void addOutOfLineCode(OutOfLineCode* code, const MInstruction* mir); - void addOutOfLineCode(OutOfLineCode* code, const BytecodeSite* site); - bool hasOutOfLineCode() { return !outOfLineCode_.empty(); } - bool generateOutOfLineCode(); - - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch deleted file mode 100644 index 7861e24c89..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch +++ /dev/null @@ -1,91 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8c184c30caa6 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668 - -# HG changeset patch -# User L. David Baron <dbaron@dbaron.org> -# Date 1452248144 -39600 -# Node ID 8c184c30caa6d16f5ec63cce9a77d16f25d2e57e -# Parent 0f7224441f2089001f7934b46ac10cb72d267606 -Bug 1230668 - Don't use frame when not in composed document. r=heycam a=sylvestre - -diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp ---- a/layout/style/nsComputedDOMStyle.cpp -+++ b/layout/style/nsComputedDOMStyle.cpp -@@ -421,26 +421,31 @@ nsComputedDOMStyle::GetStyleContextForEl - { - MOZ_ASSERT(aElement, "NULL element"); - // If the content has a pres shell, we must use it. Otherwise we'd - // potentially mix rule trees by using the wrong pres shell's style - // set. Using the pres shell from the content also means that any - // content that's actually *in* a document will get the style from the - // correct document. - nsIPresShell *presShell = GetPresShellForContent(aElement); -+ bool inDocWithShell = true; - if (!presShell) { -+ inDocWithShell = false; - presShell = aPresShell; - if (!presShell) - return nullptr; - } - -- // XXX the !aElement->IsHTML(nsGkAtoms::area)
-- // check is needed due to bug 135040 (to avoid using
-+ // XXX the !aElement->IsHTML(nsGkAtoms::area) -+ // check is needed due to bug 135040 (to avoid using - // mPrimaryFrame). Remove it once that's fixed. -- if (!aPseudo && aStyleType == eAll && !aElement->IsHTML(nsGkAtoms::area)) { -+ if (!aPseudo && aStyleType == eAll && inDocWithShell && -+ !aElement->IsHTML(nsGkAtoms::area)) { -+ if (!aPseudo && aStyleType == eAll && inDocWithShell && -+ !aElement->IsHTMLElement(nsGkAtoms::area)) { - nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement); - if (frame) { - nsStyleContext* result = frame->StyleContext(); - // Don't use the style context if it was influenced by - // pseudo-elements, since then it's not the primary style - // for this element. - if (!result->HasPseudoElementData()) { - // this function returns an addrefed style context -@@ -468,17 +473,18 @@ nsComputedDOMStyle::GetStyleContextForEl - - nsRefPtr<nsStyleContext> sc; - if (aPseudo) { - nsCSSPseudoElements::Type type = nsCSSPseudoElements::GetPseudoType(aPseudo); - if (type >= nsCSSPseudoElements::ePseudo_PseudoElementCount) { - return nullptr; - } - nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement); -- Element* pseudoElement = frame ? frame->GetPseudoElement(type) : nullptr; -+ Element* pseudoElement = -+ frame && inDocWithShell ? frame->GetPseudoElement(type) : nullptr; - sc = styleSet->ResolvePseudoElementStyle(aElement, type, parentContext, - pseudoElement); - } else { - sc = styleSet->ResolveStyleFor(aElement, parentContext); - } - - if (aStyleType == eDefaultOnly) { - // We really only want the user and UA rules. Filter out the other ones. -@@ -592,18 +598,18 @@ nsComputedDOMStyle::UpdateCurrentStyleSo - mFlushedPendingReflows = aNeedsLayoutFlush; - #endif - - mPresShell = document->GetShell(); - if (!mPresShell || !mPresShell->GetPresContext()) { - return; - } - -- // XXX the !mContent->IsHTML(nsGkAtoms::area)
-- // check is needed due to bug 135040 (to avoid using
-+ // XXX the !mContent->IsHTML(nsGkAtoms::area) -+ // check is needed due to bug 135040 (to avoid using - // mPrimaryFrame). Remove it once that's fixed. - if (!mPseudo && mStyleType == eAll && !mContent->IsHTML(nsGkAtoms::area)) { - mOuterFrame = mContent->GetPrimaryFrame(); - mInnerFrame = mOuterFrame; - if (mOuterFrame) { - nsIAtom* type = mOuterFrame->GetType(); - if (type == nsGkAtoms::tableOuterFrame) { - // If the frame is an outer table frame then we should get the style - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch deleted file mode 100644 index 0e5825becf..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch +++ /dev/null @@ -1,34 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/fceff80a84a3 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668 - -# HG changeset patch -# User Wes Kocher <wkocher@mozilla.com> -# Date 1452542163 28800 -# Node ID fceff80a84a32b68d02abc00486fe6c7b86d545b -# Parent 8c184c30caa6d16f5ec63cce9a77d16f25d2e57e -Fix up some rebase errors in bug 1230668 r=me a=bustage - -diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp ---- a/layout/style/nsComputedDOMStyle.cpp -+++ b/layout/style/nsComputedDOMStyle.cpp -@@ -434,18 +434,16 @@ nsComputedDOMStyle::GetStyleContextForEl - return nullptr; - } - - // XXX the !aElement->IsHTML(nsGkAtoms::area) - // check is needed due to bug 135040 (to avoid using - // mPrimaryFrame). Remove it once that's fixed. - if (!aPseudo && aStyleType == eAll && inDocWithShell && - !aElement->IsHTML(nsGkAtoms::area)) { -- if (!aPseudo && aStyleType == eAll && inDocWithShell && -- !aElement->IsHTMLElement(nsGkAtoms::area)) { - nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement); - if (frame) { - nsStyleContext* result = frame->StyleContext(); - // Don't use the style context if it was influenced by - // pseudo-elements, since then it's not the primary style - // for this element. - if (!result->HasPseudoElementData()) { - // this function returns an addrefed style context - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch deleted file mode 100644 index 02c1af1775..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch +++ /dev/null @@ -1,83 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/94a95291d095 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1224200 - -# HG changeset patch -# User Timothy Nikkel <tnikkel@gmail.com> -# Date 1453303652 -3600 -# Node ID 94a95291d0958439dbed5b7dc99fae59e1318592 -# Parent 999c13acb40e1113306c65925a7d96688339d945 -Bug 1224200 - Allow downscaler to get (and ignore) new input lines after it has finished producing all output lines. r=seth, a=lizzard - -diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp ---- a/image/src/Downscaler.cpp -+++ b/image/src/Downscaler.cpp -@@ -145,43 +145,44 @@ GetFilterOffsetAndLength(UniquePtr<skia: - aFilterLengthOut); - } - - void - Downscaler::CommitRow() - { - MOZ_ASSERT(mOutputBuffer, "Should have a current frame"); - MOZ_ASSERT(mCurrentInLine < mOriginalSize.height, "Past end of input"); -- MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Past end of output"); - -- int32_t filterOffset = 0; -- int32_t filterLength = 0; -- GetFilterOffsetAndLength(mYFilter, mCurrentOutLine, -- &filterOffset, &filterLength); -+ if (mCurrentOutLine < mTargetSize.height) { -+ int32_t filterOffset = 0; -+ int32_t filterLength = 0; -+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine, -+ &filterOffset, &filterLength); - -- int32_t inLineToRead = filterOffset + mLinesInBuffer; -- MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input"); -- if (mCurrentInLine == inLineToRead) { -- skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter, -- mWindow[mLinesInBuffer++], mHasAlpha, -- /* use_sse2 = */ true); -- } -- -- MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, -- "Writing past end of output"); -- -- while (mLinesInBuffer == filterLength) { -- DownscaleInputLine(); -- -- if (mCurrentOutLine == mTargetSize.height) { -- break; // We're done. -+ int32_t inLineToRead = filterOffset + mLinesInBuffer; -+ MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input"); -+ if (mCurrentInLine == inLineToRead) { -+ skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter, -+ mWindow[mLinesInBuffer++], mHasAlpha, -+ /* use_sse2 = */ true); - } - -- GetFilterOffsetAndLength(mYFilter, mCurrentOutLine, -- &filterOffset, &filterLength); -+ MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, -+ "Writing past end of output"); -+ -+ while (mLinesInBuffer == filterLength) { -+ DownscaleInputLine(); -+ -+ if (mCurrentOutLine == mTargetSize.height) { -+ break; // We're done. -+ } -+ -+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine, -+ &filterOffset, &filterLength); -+ } - } - - mCurrentInLine += 1; - } - - bool - Downscaler::HasInvalidation() const - { - diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch deleted file mode 100644 index 9ebf18a5d3..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch +++ /dev/null @@ -1,35 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/ee68c3dae5f6 -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230483 - -# HG changeset patch -# User JW Wang <jwwang@mozilla.com> -# Date 1450698943 -28800 -# Node ID ee68c3dae5f639fdd439f69ef2f724067fce0ea6 -# Parent 762d015e1854c28c213293ac1e9b2ab51cf201f9 -Bug 1230483 - Part 2 - LoadFromSourceChildren() should be queued at most once in an event cycle. r=roc, a=lizzard - -diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp ---- a/dom/html/HTMLMediaElement.cpp -+++ b/dom/html/HTMLMediaElement.cpp -@@ -4033,16 +4033,19 @@ void HTMLMediaElement::NotifyAddedSource - mNetworkState == nsIDOMHTMLMediaElement::NETWORK_EMPTY) - { - QueueSelectResourceTask(); - } - - // A load was paused in the resource selection algorithm, waiting for - // a new source child to be added, resume the resource selection algorithm. - if (mLoadWaitStatus == WAITING_FOR_SOURCE) { -+ // Rest the flag so we don't queue multiple LoadFromSourceTask() when -+ // multiple <source> are attached in an event loop. -+ mLoadWaitStatus = NOT_WAITING; - QueueLoadFromSourceTask(); - } - } - - nsIContent* HTMLMediaElement::GetNextSource() - { - nsCOMPtr<nsIDOMNode> thisDomNode = do_QueryObject(this); - - diff --git a/gnu/packages/patches/icecat-CVE-2016-1935.patch b/gnu/packages/patches/icecat-CVE-2016-1935.patch deleted file mode 100644 index a6db4b9b6a..0000000000 --- a/gnu/packages/patches/icecat-CVE-2016-1935.patch +++ /dev/null @@ -1,77 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f9aad6c0253a -Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/ -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1220450 - -# HG changeset patch -# User Jeff Gilbert <jgilbert@mozilla.com> -# Date 1452570660 28800 -# Node ID f9aad6c0253a3b81699a3d7a05e78615dd814ea3 -# Parent c47640f24251b48c0bba9d2f0f6ee059eca58362 -Bug 1220450 - Clear length on cache OOM. r=kamidphish, a=ritu - -diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp ---- a/dom/canvas/WebGLContextBuffers.cpp -+++ b/dom/canvas/WebGLContextBuffers.cpp -@@ -185,16 +185,17 @@ WebGLContext::BufferData(GLenum target, - - if (error) { - GenerateWarning("bufferData generated error %s", ErrorName(error)); - return; - } - - boundBuffer->SetByteLength(size); - if (!boundBuffer->ElementArrayCacheBufferData(nullptr, size)) { -+ boundBuffer->SetByteLength(0); - return ErrorOutOfMemory("bufferData: out of memory"); - } - } - - void - WebGLContext::BufferData(GLenum target, - const dom::Nullable<dom::ArrayBuffer>& maybeData, - GLenum usage) -@@ -234,18 +235,20 @@ WebGLContext::BufferData(GLenum target, - GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage); - - if (error) { - GenerateWarning("bufferData generated error %s", ErrorName(error)); - return; - } - - boundBuffer->SetByteLength(data.Length()); -- if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) -+ if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) { -+ boundBuffer->SetByteLength(0); - return ErrorOutOfMemory("bufferData: out of memory"); -+ } - } - - void - WebGLContext::BufferData(GLenum target, const dom::ArrayBufferView& data, - GLenum usage) - { - if (IsContextLost()) - return; -@@ -274,18 +277,20 @@ WebGLContext::BufferData(GLenum target, - - GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage); - if (error) { - GenerateWarning("bufferData generated error %s", ErrorName(error)); - return; - } - - boundBuffer->SetByteLength(data.Length()); -- if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) -+ if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) { -+ boundBuffer->SetByteLength(0); - return ErrorOutOfMemory("bufferData: out of memory"); -+ } - } - - void - WebGLContext::BufferSubData(GLenum target, WebGLsizeiptr byteOffset, - const dom::Nullable<dom::ArrayBuffer>& maybeData) - { - if (IsContextLost()) - return; - diff --git a/gnu/packages/patches/icecat-bug-1146335-pt1.patch b/gnu/packages/patches/icecat-bug-1146335-pt1.patch deleted file mode 100644 index a41e638b2f..0000000000 --- a/gnu/packages/patches/icecat-bug-1146335-pt1.patch +++ /dev/null @@ -1,141 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9d14787bd10e -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1146335 - -# HG changeset patch -# User Seth Fowler <mark.seth.fowler@gmail.com> -# Date 1428627143 25200 -# Node ID 9d14787bd10e6f3013263a2cae0bcc78bebde1db -# Parent aaf922ae679685acb5d2b8ffa5f0bf22f1e6987a -Bug 1146335 (Part 1) - Add assertions and fix style issues in image::Downscaler. r=tn a=lizzard - -diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp ---- a/image/src/Downscaler.cpp -+++ b/image/src/Downscaler.cpp -@@ -72,23 +72,25 @@ Downscaler::BeginFrame(const nsIntSize& - mOutputBuffer = aOutputBuffer; - mHasAlpha = aHasAlpha; - - ResetForNextProgressivePass(); - ReleaseWindow(); - - auto resizeMethod = skia::ImageOperations::RESIZE_LANCZOS3; - -- skia::resize::ComputeFilters(resizeMethod, mOriginalSize.width, -- mTargetSize.width, 0, -- mTargetSize.width, mXFilter.get()); -+ skia::resize::ComputeFilters(resizeMethod, -+ mOriginalSize.width, mTargetSize.width, -+ 0, mTargetSize.width, -+ mXFilter.get()); - -- skia::resize::ComputeFilters(resizeMethod, mOriginalSize.height, -- mTargetSize.height, 0, -- mTargetSize.height, mYFilter.get()); -+ skia::resize::ComputeFilters(resizeMethod, -+ mOriginalSize.height, mTargetSize.height, -+ 0, mTargetSize.height, -+ mYFilter.get()); - - // Allocate the buffer, which contains scanlines of the original image. - size_t bufferLen = mOriginalSize.width * sizeof(uint32_t); - mRowBuffer = MakeUnique<uint8_t[]>(bufferLen); - if (MOZ_UNLIKELY(!mRowBuffer)) { - return NS_ERROR_OUT_OF_MEMORY; - } - -@@ -126,39 +128,54 @@ void - Downscaler::ResetForNextProgressivePass() - { - mPrevInvalidatedLine = 0; - mCurrentOutLine = 0; - mCurrentInLine = 0; - mLinesInBuffer = 0; - } - -+static void -+GetFilterOffsetAndLength(UniquePtr<skia::ConvolutionFilter1D>& aFilter, -+ int32_t aOutputImagePosition, -+ int32_t* aFilterOffsetOut, -+ int32_t* aFilterLengthOut) -+{ -+ MOZ_ASSERT(aOutputImagePosition < aFilter->num_values()); -+ aFilter->FilterForValue(aOutputImagePosition, -+ aFilterOffsetOut, -+ aFilterLengthOut); -+} -+ - void - Downscaler::CommitRow() - { - MOZ_ASSERT(mOutputBuffer, "Should have a current frame"); - MOZ_ASSERT(mCurrentInLine < mOriginalSize.height, "Past end of input"); - MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Past end of output"); - - int32_t filterOffset = 0; - int32_t filterLength = 0; -- mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength); -+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine, -+ &filterOffset, &filterLength); - - int32_t inLineToRead = filterOffset + mLinesInBuffer; - MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input"); - if (mCurrentInLine == inLineToRead) { - skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter, - mWindow[mLinesInBuffer++], mHasAlpha, - /* use_sse2 = */ true); - } - - while (mLinesInBuffer == filterLength && - mCurrentOutLine < mTargetSize.height) { - DownscaleInputLine(); -- mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength); -+ -+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine, -+ &filterOffset, &filterLength); - } - - mCurrentInLine += 1; - } - - bool - Downscaler::HasInvalidation() const - { -@@ -184,16 +201,17 @@ Downscaler::DownscaleInputLine() - { - typedef skia::ConvolutionFilter1D::Fixed FilterValue; - - MOZ_ASSERT(mOutputBuffer); - MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Writing past end of output"); - - int32_t filterOffset = 0; - int32_t filterLength = 0; -+ MOZ_ASSERT(mCurrentOutLine < mYFilter->num_values()); - auto filterValues = - mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength); - - uint8_t* outputLine = - &mOutputBuffer[mCurrentOutLine * mTargetSize.width * sizeof(uint32_t)]; - skia::ConvolveVertically(static_cast<const FilterValue*>(filterValues), - filterLength, mWindow.get(), mXFilter->num_values(), - outputLine, mHasAlpha, /* use_sse2 = */ true); -@@ -202,17 +220,18 @@ Downscaler::DownscaleInputLine() - - if (mCurrentOutLine == mTargetSize.height) { - // We're done. - return; - } - - int32_t newFilterOffset = 0; - int32_t newFilterLength = 0; -- mYFilter->FilterForValue(mCurrentOutLine, &newFilterOffset, &newFilterLength); -+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine, -+ &newFilterOffset, &newFilterLength); - - int diff = newFilterOffset - filterOffset; - MOZ_ASSERT(diff >= 0, "Moving backwards in the filter?"); - - // Shift the buffer. We're just moving pointers here, so this is cheap. - mLinesInBuffer -= diff; - mLinesInBuffer = max(mLinesInBuffer, 0); - for (int32_t i = 0; i < mLinesInBuffer; ++i) { - diff --git a/gnu/packages/patches/icecat-bug-1146335-pt2.patch b/gnu/packages/patches/icecat-bug-1146335-pt2.patch deleted file mode 100644 index 240e0cfc66..0000000000 --- a/gnu/packages/patches/icecat-bug-1146335-pt2.patch +++ /dev/null @@ -1,43 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8bfaa27698ca -Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1146335 - -# HG changeset patch -# User Seth Fowler <mark.seth.fowler@gmail.com> -# Date 1428627143 25200 -# Node ID 8bfaa27698ca0720d5c9f3910ab7148b38db0625 -# Parent 9d14787bd10e6f3013263a2cae0bcc78bebde1db -Bug 1146335 (Part 2) - Fix an off-by-one error in image::Downscaler. r=tn a=lizzard - -diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp ---- a/image/src/Downscaler.cpp -+++ b/image/src/Downscaler.cpp -@@ -160,20 +160,26 @@ Downscaler::CommitRow() - int32_t inLineToRead = filterOffset + mLinesInBuffer; - MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input"); - if (mCurrentInLine == inLineToRead) { - skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter, - mWindow[mLinesInBuffer++], mHasAlpha, - /* use_sse2 = */ true); - } - -- while (mLinesInBuffer == filterLength && -- mCurrentOutLine < mTargetSize.height) { -+ MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, -+ "Writing past end of output"); -+ -+ while (mLinesInBuffer == filterLength) { - DownscaleInputLine(); - -+ if (mCurrentOutLine == mTargetSize.height) { -+ break; // We're done. -+ } -+ - GetFilterOffsetAndLength(mYFilter, mCurrentOutLine, - &filterOffset, &filterLength); - } - - mCurrentInLine += 1; - } - - bool - diff --git a/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch b/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch deleted file mode 100644 index 5a3a934dba..0000000000 --- a/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch +++ /dev/null @@ -1,73 +0,0 @@ -Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9632375c6aac - -# HG changeset patch -# User Jeff Gilbert <jdashg@gmail.com> -# Date 1453320785 28800 -# Node ID 9632375c6aacbf673b996b53231d70b91e480fb5 -# Parent ee68c3dae5f639fdd439f69ef2f724067fce0ea6 -Limit max buffers size for ANGLE. r=jrmuizel a=lizzard - -diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp ---- a/dom/canvas/WebGLContextBuffers.cpp -+++ b/dom/canvas/WebGLContextBuffers.cpp -@@ -164,16 +164,19 @@ WebGLContext::BufferData(GLenum target, - - if (!ValidateBufferUsageEnum(usage, "bufferData: usage")) - return; - - // careful: WebGLsizeiptr is always 64-bit, but GLsizeiptr is like intptr_t. - if (!CheckedInt<GLsizeiptr>(size).isValid()) - return ErrorOutOfMemory("bufferData: bad size"); - -+ if (gl->IsANGLE() && size > UINT32_MAX) -+ return ErrorOutOfMemory("bufferData: size too large"); -+ - WebGLBuffer* boundBuffer = bufferSlot.get(); - - if (!boundBuffer) - return ErrorInvalidOperation("bufferData: no buffer bound!"); - - UniquePtr<uint8_t> zeroBuffer((uint8_t*)moz_calloc(size, 1)); - if (!zeroBuffer) - return ErrorOutOfMemory("bufferData: out of memory"); -@@ -216,16 +219,19 @@ WebGLContext::BufferData(GLenum target, - const dom::ArrayBuffer& data = maybeData.Value(); - data.ComputeLengthAndData(); - - // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr - // is like intptr_t. - if (!CheckedInt<GLsizeiptr>(data.Length()).isValid()) - return ErrorOutOfMemory("bufferData: bad size"); - -+ if (gl->IsANGLE() && data.Length() > UINT32_MAX) -+ return ErrorOutOfMemory("bufferData: size too large"); -+ - if (!ValidateBufferUsageEnum(usage, "bufferData: usage")) - return; - - WebGLBuffer* boundBuffer = bufferSlot.get(); - - if (!boundBuffer) - return ErrorInvalidOperation("bufferData: no buffer bound!"); - -@@ -267,16 +273,19 @@ WebGLContext::BufferData(GLenum target, - - data.ComputeLengthAndData(); - - // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr - // is like intptr_t. - if (!CheckedInt<GLsizeiptr>(data.Length()).isValid()) - return ErrorOutOfMemory("bufferData: bad size"); - -+ if (gl->IsANGLE() && data.Length() > UINT32_MAX) -+ return ErrorOutOfMemory("bufferData: size too large"); -+ - InvalidateBufferFetching(); - MakeContextCurrent(); - - GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage); - if (error) { - GenerateWarning("bufferData generated error %s", ErrorName(error)); - return; - } - |