aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-02-05 12:17:00 -0500
committerMark H Weaver <mhw@netris.org>2016-02-05 16:00:25 -0500
commita7d8c466db633bbdf10c0aebce7128c627c28342 (patch)
tree0c3b0d8023c548a36c1b3476c039e2e5908d9fb5
parent95b754a17ad3192086a9e8ce514e25d980039d50 (diff)
downloadpatches-a7d8c466db633bbdf10c0aebce7128c627c28342.tar
patches-a7d8c466db633bbdf10c0aebce7128c627c28342.tar.gz
gnu: icecat: Update to 38.6.0-gnu1.
* gnu/packages/patches/icecat-bug-1146335-pt1.patch, gnu/packages/patches/icecat-bug-1146335-pt2.patch, gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch, gnu/packages/patches/icecat-CVE-2016-1935.patch: Delete files. * gnu-system.am (dist_patch_DATA): Remove them. * gnu/packages/gnuzilla.scm (icecat): Update to 38.6.0-gnu1. [source]: Remove patches.
-rw-r--r--gnu-system.am19
-rw-r--r--gnu/packages/gnuzilla.scm25
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch34
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch33
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch308
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch47
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch51
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch170
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch56
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch48
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch189
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch33
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch183
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch91
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch34
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch83
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch35
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1935.patch77
-rw-r--r--gnu/packages/patches/icecat-bug-1146335-pt1.patch141
-rw-r--r--gnu/packages/patches/icecat-bug-1146335-pt2.patch43
-rw-r--r--gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch73
21 files changed, 3 insertions, 1770 deletions
diff --git a/gnu-system.am b/gnu-system.am
index 04bd519055..749814d287 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -520,26 +520,7 @@ dist_patch_DATA = \
gnu/packages/patches/hop-linker-flags.patch \
gnu/packages/patches/hydra-automake-1.15.patch \
gnu/packages/patches/hydra-disable-darcs-test.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch \
- gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch \
- gnu/packages/patches/icecat-CVE-2016-1935.patch \
gnu/packages/patches/icecat-avoid-bundled-includes.patch \
- gnu/packages/patches/icecat-bug-1146335-pt1.patch \
- gnu/packages/patches/icecat-bug-1146335-pt2.patch \
- gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch \
gnu/packages/patches/icu4c-CVE-2014-6585.patch \
gnu/packages/patches/icu4c-CVE-2015-1270.patch \
gnu/packages/patches/icu4c-CVE-2015-4760.patch \
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 62010dbf6b..7978ca6abe 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -277,7 +277,7 @@ standards.")
(define-public icecat
(package
(name "icecat")
- (version "38.5.2-gnu1")
+ (version "38.6.0-gnu1")
(source
(origin
(method url-fetch)
@@ -286,28 +286,9 @@ standards.")
name "-" version ".tar.bz2"))
(sha256
(base32
- "0m18xyb0rd02yaw9xd5z4bab1wr2599iszzqhm86c134jv5vk6cg"))
+ "0bd4k5cwr8ynscaxffvj2x3kgky3dmjq0qhpcb931l98bh0103lx"))
(patches (map search-patch
- '("icecat-avoid-bundled-includes.patch"
- "icecat-CVE-2016-1930-pt01.patch"
- "icecat-CVE-2016-1930-pt02.patch"
- "icecat-CVE-2016-1930-pt03.patch"
- "icecat-CVE-2016-1930-pt04.patch"
- "icecat-CVE-2016-1930-pt05.patch"
- "icecat-CVE-2016-1930-pt06.patch"
- "icecat-CVE-2016-1930-pt07.patch"
- "icecat-CVE-2016-1930-pt08.patch"
- "icecat-CVE-2016-1930-pt09.patch"
- "icecat-CVE-2016-1930-pt10.patch"
- "icecat-CVE-2016-1930-pt11.patch"
- "icecat-CVE-2016-1930-pt12.patch"
- "icecat-CVE-2016-1930-pt13.patch"
- "icecat-bug-1146335-pt1.patch"
- "icecat-bug-1146335-pt2.patch"
- "icecat-CVE-2016-1935.patch"
- "icecat-CVE-2016-1930-pt14.patch"
- "icecat-CVE-2016-1930-pt15.patch"
- "icecat-limit-max-buffers-size-for-ANGLE.patch")))
+ '("icecat-avoid-bundled-includes.patch")))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch
deleted file mode 100644
index 27768fa1ac..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/925215cae26f
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233346
-
-# HG changeset patch
-# User Nils Ohlmeier <drno@ohlmeier.org>
-# Date 1451439902 18000
-# Node ID 925215cae26f9c0ccff07ef403a5b3194a4c45c4
-# Parent ff8e52467d793e935b80bf22a722a71a96fe2d63
-Bug 1233346 - r=ekr a=abillings
-
-diff --git a/media/mtransport/third_party/nICEr/src/stun/addrs.c b/media/mtransport/third_party/nICEr/src/stun/addrs.c
---- a/media/mtransport/third_party/nICEr/src/stun/addrs.c
-+++ b/media/mtransport/third_party/nICEr/src/stun/addrs.c
-@@ -530,16 +530,18 @@ stun_get_win32_addrs(nr_local_addr addrs
-
- for (tmpAddress = AdapterAddresses; tmpAddress != NULL; tmpAddress = tmpAddress->Next) {
- char *c;
-
- if (tmpAddress->OperStatus != IfOperStatusUp)
- continue;
-
- snprintf(munged_ifname, IFNAMSIZ, "%S%c", tmpAddress->FriendlyName, 0);
-+ munged_ifname[IFNAMSIZ-1] = '\0';
-+
- /* replace spaces with underscores */
- c = strchr(munged_ifname, ' ');
- while (c != NULL) {
- *c = '_';
- c = strchr(munged_ifname, ' ');
- }
- c = strchr(munged_ifname, '.');
- while (c != NULL) {
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch
deleted file mode 100644
index fa1804eb82..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/fc78180165a8
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
-
-# HG changeset patch
-# User Karl Tomlinson <karlt+@karlt.net>
-# Date 1449117514 -46800
-# Node ID fc78180165a8262c80bbb722ed99b2e0c27b02d0
-# Parent 925215cae26f9c0ccff07ef403a5b3194a4c45c4
-bug 1223670 assert that connected streams have the same graph r=padenot a=abillings
-
-diff --git a/dom/media/MediaStreamGraph.cpp b/dom/media/MediaStreamGraph.cpp
---- a/dom/media/MediaStreamGraph.cpp
-+++ b/dom/media/MediaStreamGraph.cpp
-@@ -2696,16 +2696,17 @@ ProcessedMediaStream::AllocateInputPort(
- unused << mPort.forget();
- }
- virtual void RunDuringShutdown()
- {
- Run();
- }
- nsRefPtr<MediaInputPort> mPort;
- };
-+ MOZ_ASSERT(aStream->GraphImpl() == GraphImpl());
- nsRefPtr<MediaInputPort> port = new MediaInputPort(aStream, this, aFlags,
- aInputNumber, aOutputNumber);
- port->SetGraphImpl(GraphImpl());
- GraphImpl()->AppendMessage(new Message(port));
- return port.forget();
- }
-
- void
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch
deleted file mode 100644
index cf0843b8b3..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch
+++ /dev/null
@@ -1,308 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f746c38d160e
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
-
-# HG changeset patch
-# User Karl Tomlinson <karlt+@karlt.net>
-# Date 1449764754 18000
-# Node ID f746c38d160ea29088c15cacae44f3662befaec5
-# Parent fc78180165a8262c80bbb722ed99b2e0c27b02d0
-bug 1223670 replace public constructors with fallible factory methods r=baku a=abillings
-
-diff --git a/dom/media/webaudio/AudioContext.cpp b/dom/media/webaudio/AudioContext.cpp
---- a/dom/media/webaudio/AudioContext.cpp
-+++ b/dom/media/webaudio/AudioContext.cpp
-@@ -299,32 +299,29 @@ AudioContext::CreateMediaElementSource(H
- aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
- return nullptr;
- }
- #endif
- nsRefPtr<DOMMediaStream> stream = aMediaElement.MozCaptureStream(aRv);
- if (aRv.Failed()) {
- return nullptr;
- }
-- nsRefPtr<MediaElementAudioSourceNode> mediaElementAudioSourceNode =
-- new MediaElementAudioSourceNode(this, stream);
-- return mediaElementAudioSourceNode.forget();
-+ return MediaElementAudioSourceNode::Create(this, stream, aRv);
- }
-
- already_AddRefed<MediaStreamAudioSourceNode>
- AudioContext::CreateMediaStreamSource(DOMMediaStream& aMediaStream,
- ErrorResult& aRv)
- {
- if (mIsOffline) {
- aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
- return nullptr;
- }
-- nsRefPtr<MediaStreamAudioSourceNode> mediaStreamAudioSourceNode =
-- new MediaStreamAudioSourceNode(this, &aMediaStream);
-- return mediaStreamAudioSourceNode.forget();
-+
-+ return MediaStreamAudioSourceNode::Create(this, &aMediaStream, aRv);
- }
-
- already_AddRefed<GainNode>
- AudioContext::CreateGain()
- {
- nsRefPtr<GainNode> gainNode = new GainNode(this);
- return gainNode.forget();
- }
-diff --git a/dom/media/webaudio/AudioNode.cpp b/dom/media/webaudio/AudioNode.cpp
---- a/dom/media/webaudio/AudioNode.cpp
-+++ b/dom/media/webaudio/AudioNode.cpp
-@@ -61,34 +61,29 @@ AudioNode::AudioNode(AudioContext* aCont
- ChannelInterpretation aChannelInterpretation)
- : DOMEventTargetHelper(aContext->GetParentObject())
- , mContext(aContext)
- , mChannelCount(aChannelCount)
- , mChannelCountMode(aChannelCountMode)
- , mChannelInterpretation(aChannelInterpretation)
- , mId(gId++)
- , mPassThrough(false)
--#ifdef DEBUG
-- , mDemiseNotified(false)
--#endif
- {
- MOZ_ASSERT(aContext);
- DOMEventTargetHelper::BindToOwner(aContext->GetParentObject());
- aContext->UpdateNodeCount(1);
- }
-
- AudioNode::~AudioNode()
- {
- MOZ_ASSERT(mInputNodes.IsEmpty());
- MOZ_ASSERT(mOutputNodes.IsEmpty());
- MOZ_ASSERT(mOutputParams.IsEmpty());
--#ifdef DEBUG
-- MOZ_ASSERT(mDemiseNotified,
-+ MOZ_ASSERT(!mStream,
- "The webaudio-node-demise notification must have been sent");
--#endif
- if (mContext) {
- mContext->UpdateNodeCount(-1);
- }
- }
-
- size_t
- AudioNode::SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const
- {
-@@ -399,19 +394,16 @@ AudioNode::DestroyMediaStream()
- mStream = nullptr;
-
- nsCOMPtr<nsIObserverService> obs = services::GetObserverService();
- if (obs) {
- nsAutoString id;
- id.AppendPrintf("%u", mId);
- obs->NotifyObservers(nullptr, "webaudio-node-demise", id.get());
- }
--#ifdef DEBUG
-- mDemiseNotified = true;
--#endif
- }
- }
-
- void
- AudioNode::RemoveOutputParam(AudioParam* aParam)
- {
- mOutputParams.RemoveElement(aParam);
- }
-diff --git a/dom/media/webaudio/AudioNode.h b/dom/media/webaudio/AudioNode.h
---- a/dom/media/webaudio/AudioNode.h
-+++ b/dom/media/webaudio/AudioNode.h
-@@ -239,19 +239,14 @@ private:
- nsTArray<nsRefPtr<AudioParam> > mOutputParams;
- uint32_t mChannelCount;
- ChannelCountMode mChannelCountMode;
- ChannelInterpretation mChannelInterpretation;
- const uint32_t mId;
- // Whether the node just passes through its input. This is a devtools API that
- // only works for some node types.
- bool mPassThrough;
--#ifdef DEBUG
-- // In debug builds, check to make sure that the node demise notification has
-- // been properly sent before the node is destroyed.
-- bool mDemiseNotified;
--#endif
- };
-
- }
- }
-
- #endif
-diff --git a/dom/media/webaudio/MediaElementAudioSourceNode.cpp b/dom/media/webaudio/MediaElementAudioSourceNode.cpp
---- a/dom/media/webaudio/MediaElementAudioSourceNode.cpp
-+++ b/dom/media/webaudio/MediaElementAudioSourceNode.cpp
-@@ -5,22 +5,36 @@
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
- #include "MediaElementAudioSourceNode.h"
- #include "mozilla/dom/MediaElementAudioSourceNodeBinding.h"
-
- namespace mozilla {
- namespace dom {
-
--MediaElementAudioSourceNode::MediaElementAudioSourceNode(AudioContext* aContext,
-- DOMMediaStream* aStream)
-- : MediaStreamAudioSourceNode(aContext, aStream)
-+MediaElementAudioSourceNode::MediaElementAudioSourceNode(AudioContext* aContext)
-+ : MediaStreamAudioSourceNode(aContext)
- {
- }
-
-+/* static */ already_AddRefed<MediaElementAudioSourceNode>
-+MediaElementAudioSourceNode::Create(AudioContext* aContext,
-+ DOMMediaStream* aStream, ErrorResult& aRv)
-+{
-+ nsRefPtr<MediaElementAudioSourceNode> node =
-+ new MediaElementAudioSourceNode(aContext);
-+
-+ node->Init(aStream, aRv);
-+ if (aRv.Failed()) {
-+ return nullptr;
-+ }
-+
-+ return node.forget();
-+}
-+
- JSObject*
- MediaElementAudioSourceNode::WrapObject(JSContext* aCx)
- {
- return MediaElementAudioSourceNodeBinding::Wrap(aCx, this);
- }
-
- }
- }
-diff --git a/dom/media/webaudio/MediaElementAudioSourceNode.h b/dom/media/webaudio/MediaElementAudioSourceNode.h
---- a/dom/media/webaudio/MediaElementAudioSourceNode.h
-+++ b/dom/media/webaudio/MediaElementAudioSourceNode.h
-@@ -10,28 +10,30 @@
- #include "MediaStreamAudioSourceNode.h"
-
- namespace mozilla {
- namespace dom {
-
- class MediaElementAudioSourceNode : public MediaStreamAudioSourceNode
- {
- public:
-- MediaElementAudioSourceNode(AudioContext* aContext,
-- DOMMediaStream* aStream);
-+ static already_AddRefed<MediaElementAudioSourceNode>
-+ Create(AudioContext* aContext, DOMMediaStream* aStream, ErrorResult& aRv);
-
- virtual JSObject* WrapObject(JSContext* aCx) override;
-
- virtual const char* NodeType() const override
- {
- return "MediaElementAudioSourceNode";
- }
-
- virtual size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const override
- {
- return aMallocSizeOf(this) + SizeOfExcludingThis(aMallocSizeOf);
- }
-+private:
-+ explicit MediaElementAudioSourceNode(AudioContext* aContext);
- };
-
- }
- }
-
- #endif
-diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
---- a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
-+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
-@@ -25,26 +25,45 @@ NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_
- NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
-
- NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION_INHERITED(MediaStreamAudioSourceNode)
- NS_INTERFACE_MAP_END_INHERITING(AudioNode)
-
- NS_IMPL_ADDREF_INHERITED(MediaStreamAudioSourceNode, AudioNode)
- NS_IMPL_RELEASE_INHERITED(MediaStreamAudioSourceNode, AudioNode)
-
--MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* aContext,
-- DOMMediaStream* aMediaStream)
-+MediaStreamAudioSourceNode::MediaStreamAudioSourceNode(AudioContext* aContext)
- : AudioNode(aContext,
- 2,
- ChannelCountMode::Max,
-- ChannelInterpretation::Speakers),
-- mInputStream(aMediaStream)
-+ ChannelInterpretation::Speakers)
- {
-+}
-+
-+/* static */ already_AddRefed<MediaStreamAudioSourceNode>
-+MediaStreamAudioSourceNode::Create(AudioContext* aContext,
-+ DOMMediaStream* aStream, ErrorResult& aRv)
-+{
-+ nsRefPtr<MediaStreamAudioSourceNode> node =
-+ new MediaStreamAudioSourceNode(aContext);
-+
-+ node->Init(aStream, aRv);
-+ if (aRv.Failed()) {
-+ return nullptr;
-+ }
-+
-+ return node.forget();
-+}
-+
-+void
-+MediaStreamAudioSourceNode::Init(DOMMediaStream* aMediaStream, ErrorResult& aRv)
-+{
-+ mInputStream = aMediaStream;
- AudioNodeEngine* engine = new MediaStreamAudioSourceNodeEngine(this);
-- mStream = aContext->Graph()->CreateAudioNodeExternalInputStream(engine);
-+ mStream = Context()->Graph()->CreateAudioNodeExternalInputStream(engine);
- ProcessedMediaStream* outputStream = static_cast<ProcessedMediaStream*>(mStream.get());
- mInputPort = outputStream->AllocateInputPort(aMediaStream->GetStream(),
- MediaInputPort::FLAG_BLOCK_INPUT);
- mInputStream->AddConsumerToKeepAlive(static_cast<nsIDOMEventTarget*>(this));
-
- PrincipalChanged(mInputStream); // trigger enabling/disabling of the connector
- mInputStream->AddPrincipalChangeObserver(this);
- }
-diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.h b/dom/media/webaudio/MediaStreamAudioSourceNode.h
---- a/dom/media/webaudio/MediaStreamAudioSourceNode.h
-+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.h
-@@ -38,17 +38,18 @@ public:
- private:
- bool mEnabled;
- };
-
- class MediaStreamAudioSourceNode : public AudioNode,
- public DOMMediaStream::PrincipalChangeObserver
- {
- public:
-- MediaStreamAudioSourceNode(AudioContext* aContext, DOMMediaStream* aMediaStream);
-+ static already_AddRefed<MediaStreamAudioSourceNode>
-+ Create(AudioContext* aContext, DOMMediaStream* aStream, ErrorResult& aRv);
-
- NS_DECL_ISUPPORTS_INHERITED
- NS_DECL_CYCLE_COLLECTION_CLASS_INHERITED(MediaStreamAudioSourceNode, AudioNode)
-
- virtual JSObject* WrapObject(JSContext* aCx) override;
-
- virtual void DestroyMediaStream() override;
-
-@@ -60,16 +61,18 @@ public:
- }
-
- virtual size_t SizeOfExcludingThis(MallocSizeOf aMallocSizeOf) const override;
- virtual size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const override;
-
- virtual void PrincipalChanged(DOMMediaStream* aMediaStream) override;
-
- protected:
-+ explicit MediaStreamAudioSourceNode(AudioContext* aContext);
-+ void Init(DOMMediaStream* aMediaStream, ErrorResult& aRv);
- virtual ~MediaStreamAudioSourceNode();
-
- private:
- nsRefPtr<MediaInputPort> mInputPort;
- nsRefPtr<DOMMediaStream> mInputStream;
- };
-
- }
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch
deleted file mode 100644
index b212a70d4a..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/6d43ff33bd55
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
-
-# HG changeset patch
-# User Karl Tomlinson <karlt+@karlt.net>
-# Date 1451362442 -46800
-# Node ID 6d43ff33bd552b8f7a34e4105cf5bcc0a8c8ea8c
-# Parent f746c38d160ea29088c15cacae44f3662befaec5
-bug 1223670 throw not supported when creating a node from a stream with different channel r=baku a=abillings
-
-diff --git a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
---- a/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
-+++ b/dom/media/webaudio/MediaStreamAudioSourceNode.cpp
-@@ -51,21 +51,29 @@ MediaStreamAudioSourceNode::Create(Audio
- }
-
- return node.forget();
- }
-
- void
- MediaStreamAudioSourceNode::Init(DOMMediaStream* aMediaStream, ErrorResult& aRv)
- {
-+ MOZ_ASSERT(aMediaStream);
-+ MediaStream* inputStream = aMediaStream->GetStream();
-+ MediaStreamGraph* graph = Context()->Graph();
-+ if (NS_WARN_IF(graph != inputStream->Graph())) {
-+ aRv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
-+ return;
-+ }
-+
- mInputStream = aMediaStream;
- AudioNodeEngine* engine = new MediaStreamAudioSourceNodeEngine(this);
-- mStream = Context()->Graph()->CreateAudioNodeExternalInputStream(engine);
-+ mStream = graph->CreateAudioNodeExternalInputStream(engine);
- ProcessedMediaStream* outputStream = static_cast<ProcessedMediaStream*>(mStream.get());
-- mInputPort = outputStream->AllocateInputPort(aMediaStream->GetStream(),
-+ mInputPort = outputStream->AllocateInputPort(inputStream,
- MediaInputPort::FLAG_BLOCK_INPUT);
- mInputStream->AddConsumerToKeepAlive(static_cast<nsIDOMEventTarget*>(this));
-
- PrincipalChanged(mInputStream); // trigger enabling/disabling of the connector
- mInputStream->AddPrincipalChangeObserver(this);
- }
-
- MediaStreamAudioSourceNode::~MediaStreamAudioSourceNode()
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch
deleted file mode 100644
index 3e62c9c5f1..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4f6e81673f69
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1223670
-
-# HG changeset patch
-# User Karl Tomlinson <karlt+@karlt.net>
-# Date 1449145091 -46800
-# Node ID 4f6e81673f6938719c86516606f2fda493e8c23c
-# Parent 6d43ff33bd552b8f7a34e4105cf5bcc0a8c8ea8c
-bug 1223670 make SetMozAudioChannelType() private because the type will not change after construction r=baku a=abillings
-
-diff --git a/dom/media/webaudio/AudioDestinationNode.h b/dom/media/webaudio/AudioDestinationNode.h
---- a/dom/media/webaudio/AudioDestinationNode.h
-+++ b/dom/media/webaudio/AudioDestinationNode.h
-@@ -57,17 +57,16 @@ public:
- void StartRendering(Promise* aPromise);
-
- void OfflineShutdown();
-
- // nsIDOMEventListener - by proxy
- NS_IMETHOD HandleEvent(nsIDOMEvent* aEvent) override;
-
- AudioChannel MozAudioChannelType() const;
-- void SetMozAudioChannelType(AudioChannel aValue, ErrorResult& aRv);
-
- virtual void NotifyMainThreadStateChanged() override;
- void FireOfflineCompletionEvent();
-
- // An amount that should be added to the MediaStream's current time to
- // get the AudioContext.currentTime.
- double ExtraCurrentTime();
-
-@@ -86,16 +85,17 @@ public:
-
- void InputMuted(bool aInputMuted);
- void ResolvePromise(AudioBuffer* aRenderedBuffer);
-
- protected:
- virtual ~AudioDestinationNode();
-
- private:
-+ void SetMozAudioChannelType(AudioChannel aValue, ErrorResult& aRv);
- bool CheckAudioChannelPermissions(AudioChannel aValue);
-
- void SetCanPlay(bool aCanPlay);
-
- void NotifyStableState();
- void ScheduleStableStateNotification();
-
- SelfReference<AudioDestinationNode> mOfflineRenderingRef;
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
deleted file mode 100644
index ec1f479ee4..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/93617c30c0df
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230686
-
-# HG changeset patch
-# User Lee Salzman <lsalzman@mozilla.com>
-# Date 1451932822 18000
-# Node ID 93617c30c0df35f719dead526b78649d564f5ac3
-# Parent 4f6e81673f6938719c86516606f2fda493e8c23c
-Bug 1230686 - use RefPtr<DrawTarget>& instead of DrawTarget* to track changes in SurfaceFromElement a=ritu
-
-diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp
---- a/layout/base/nsLayoutUtils.cpp
-+++ b/layout/base/nsLayoutUtils.cpp
-@@ -6494,17 +6494,17 @@ nsLayoutUtils::IsReallyFixedPos(nsIFrame
- nsIAtom *parentType = aFrame->GetParent()->GetType();
- return parentType == nsGkAtoms::viewportFrame ||
- parentType == nsGkAtoms::pageContentFrame;
- }
-
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement,
- uint32_t aSurfaceFlags,
-- DrawTarget* aTarget)
-+ RefPtr<DrawTarget>& aTarget)
- {
- SurfaceFromElementResult result;
- nsresult rv;
-
- nsCOMPtr<imgIRequest> imgRequest;
- rv = aElement->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST,
- getter_AddRefs(imgRequest));
- if (NS_FAILED(rv) || !imgRequest)
-@@ -6586,41 +6586,41 @@ nsLayoutUtils::SurfaceFromElement(nsIIma
- result.mImageRequest = imgRequest.forget();
-
- return result;
- }
-
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(HTMLImageElement *aElement,
- uint32_t aSurfaceFlags,
-- DrawTarget* aTarget)
-+ RefPtr<DrawTarget>& aTarget)
- {
- return SurfaceFromElement(static_cast<nsIImageLoadingContent*>(aElement),
- aSurfaceFlags, aTarget);
- }
-
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(HTMLCanvasElement* aElement,
- uint32_t aSurfaceFlags,
-- DrawTarget* aTarget)
-+ RefPtr<DrawTarget>& aTarget)
- {
- SurfaceFromElementResult result;
-
- bool* isPremultiplied = nullptr;
- if (aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) {
- isPremultiplied = &result.mIsPremultiplied;
- }
-
- gfxIntSize size = aElement->GetSize();
-
- result.mSourceSurface = aElement->GetSurfaceSnapshot(isPremultiplied);
- if (!result.mSourceSurface) {
- // If the element doesn't have a context then we won't get a snapshot. The canvas spec wants us to not error and just
- // draw nothing, so return an empty surface.
-- DrawTarget *ref = aTarget ? aTarget : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget();
-+ DrawTarget *ref = aTarget ? aTarget.get() : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget();
- RefPtr<DrawTarget> dt = ref->CreateSimilarDrawTarget(IntSize(size.width, size.height),
- SurfaceFormat::B8G8R8A8);
- if (dt) {
- result.mSourceSurface = dt->Snapshot();
- }
- } else if (aTarget) {
- RefPtr<SourceSurface> opt = aTarget->OptimizeSourceSurface(result.mSourceSurface);
- if (opt) {
-@@ -6637,17 +6637,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLCa
- result.mIsWriteOnly = aElement->IsWriteOnly();
-
- return result;
- }
-
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement,
- uint32_t aSurfaceFlags,
-- DrawTarget* aTarget)
-+ RefPtr<DrawTarget>& aTarget)
- {
- SurfaceFromElementResult result;
-
- NS_WARN_IF_FALSE((aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) == 0, "We can't support non-premultiplied alpha for video!");
-
- #ifdef MOZ_EME
- if (aElement->ContainsRestrictedContent()) {
- return result;
-@@ -6689,17 +6689,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLVi
- result.mIsWriteOnly = false;
-
- return result;
- }
-
- nsLayoutUtils::SurfaceFromElementResult
- nsLayoutUtils::SurfaceFromElement(dom::Element* aElement,
- uint32_t aSurfaceFlags,
-- DrawTarget* aTarget)
-+ RefPtr<DrawTarget>& aTarget)
- {
- // If it's a <canvas>, we may be able to just grab its internal surface
- if (HTMLCanvasElement* canvas =
- HTMLCanvasElement::FromContentOrNull(aElement)) {
- return SurfaceFromElement(canvas, aSurfaceFlags, aTarget);
- }
-
- // Maybe it's <video>?
-diff --git a/layout/base/nsLayoutUtils.h b/layout/base/nsLayoutUtils.h
---- a/layout/base/nsLayoutUtils.h
-+++ b/layout/base/nsLayoutUtils.h
-@@ -2018,33 +2018,39 @@ public:
- bool mIsStillLoading;
- /* Whether the element used CORS when loading. */
- bool mCORSUsed;
- /* Whether the returned image contains premultiplied pixel data */
- bool mIsPremultiplied;
- };
-
- static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement,
-- uint32_t aSurfaceFlags = 0,
-- DrawTarget *aTarget = nullptr);
-+ uint32_t aSurfaceFlags,
-+ mozilla::RefPtr<DrawTarget>& aTarget);
-+ static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement,
-+ uint32_t aSurfaceFlags = 0) {
-+ mozilla::RefPtr<DrawTarget> target = nullptr;
-+ return SurfaceFromElement(aElement, aSurfaceFlags, target);
-+ }
-+
- static SurfaceFromElementResult SurfaceFromElement(nsIImageLoadingContent *aElement,
-- uint32_t aSurfaceFlags = 0,
-- DrawTarget *aTarget = nullptr);
-+ uint32_t aSurfaceFlags,
-+ mozilla::RefPtr<DrawTarget>& aTarget);
- // Need an HTMLImageElement overload, because otherwise the
- // nsIImageLoadingContent and mozilla::dom::Element overloads are ambiguous
- // for HTMLImageElement.
- static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLImageElement *aElement,
-- uint32_t aSurfaceFlags = 0,
-- DrawTarget *aTarget = nullptr);
-+ uint32_t aSurfaceFlags,
-+ mozilla::RefPtr<DrawTarget>& aTarget);
- static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLCanvasElement *aElement,
-- uint32_t aSurfaceFlags = 0,
-- DrawTarget *aTarget = nullptr);
-+ uint32_t aSurfaceFlags,
-+ mozilla::RefPtr<DrawTarget>& aTarget);
- static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLVideoElement *aElement,
-- uint32_t aSurfaceFlags = 0,
-- DrawTarget *aTarget = nullptr);
-+ uint32_t aSurfaceFlags,
-+ mozilla::RefPtr<DrawTarget>& aTarget);
-
- /**
- * When the document is editable by contenteditable attribute of its root
- * content or body content.
- *
- * Be aware, this returns nullptr if it's in designMode.
- *
- * For example:
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
deleted file mode 100644
index 4f349747c0..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/750e4cfc90f8
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233152
-
-# HG changeset patch
-# User Jan de Mooij <jdemooij@mozilla.com>
-# Date 1451478493 -3600
-# Node ID 750e4cfc90f80df657e44c9c63b1865023d88682
-# Parent 93617c30c0df35f719dead526b78649d564f5ac3
-Bug 1233152 - Use PersistentRooted for ParseTask script and sourceObject. r=terrence a=abillings
-
-diff --git a/js/src/vm/HelperThreads.cpp b/js/src/vm/HelperThreads.cpp
---- a/js/src/vm/HelperThreads.cpp
-+++ b/js/src/vm/HelperThreads.cpp
-@@ -198,17 +198,17 @@ static const JSClass parseTaskGlobalClas
-
- ParseTask::ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal, JSContext* initCx,
- const char16_t* chars, size_t length,
- JS::OffThreadCompileCallback callback, void* callbackData)
- : cx(cx), options(initCx), chars(chars), length(length),
- alloc(JSRuntime::TEMP_LIFO_ALLOC_PRIMARY_CHUNK_SIZE),
- exclusiveContextGlobal(initCx, exclusiveContextGlobal),
- callback(callback), callbackData(callbackData),
-- script(nullptr), errors(cx), overRecursed(false)
-+ script(initCx->runtime(), nullptr), errors(cx), overRecursed(false)
- {
- }
-
- bool
- ParseTask::init(JSContext* cx, const ReadOnlyCompileOptions& options)
- {
- if (!this->options.copy(cx, options))
- return false;
-diff --git a/js/src/vm/HelperThreads.h b/js/src/vm/HelperThreads.h
---- a/js/src/vm/HelperThreads.h
-+++ b/js/src/vm/HelperThreads.h
-@@ -472,17 +472,17 @@ struct ParseTask
-
- // Callback invoked off the main thread when the parse finishes.
- JS::OffThreadCompileCallback callback;
- void* callbackData;
-
- // Holds the final script between the invocation of the callback and the
- // point where FinishOffThreadScript is called, which will destroy the
- // ParseTask.
-- JSScript* script;
-+ PersistentRootedScript script;
-
- // Any errors or warnings produced during compilation. These are reported
- // when finishing the script.
- Vector<frontend::CompileError*> errors;
- bool overRecursed;
-
- ParseTask(ExclusiveContext* cx, JSObject* exclusiveContextGlobal,
- JSContext* initCx, const char16_t* chars, size_t length,
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch
deleted file mode 100644
index 406ce1bf2b..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/4444e94a99cb
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1221385
-
-# HG changeset patch
-# User Jan de Mooij <jdemooij@mozilla.com>
-# Date 1451478429 -3600
-# Node ID 4444e94a99cb9b00c0351cc8bf5459739cc036a5
-# Parent 750e4cfc90f80df657e44c9c63b1865023d88682
-Bug 1221385 - Handle OOM during JitRuntime initialization a bit better. r=bhackett a=abillings
-
-diff --git a/js/src/jscompartment.cpp b/js/src/jscompartment.cpp
---- a/js/src/jscompartment.cpp
-+++ b/js/src/jscompartment.cpp
-@@ -138,28 +138,20 @@ JSRuntime::createJitRuntime(JSContext* c
-
- // Protect jitRuntime_ from being observed (by InterruptRunningJitCode)
- // while it is being initialized. Unfortunately, initialization depends on
- // jitRuntime_ being non-null, so we can't just wait to assign jitRuntime_.
- JitRuntime::AutoMutateBackedges amb(jrt);
- jitRuntime_ = jrt;
-
- if (!jitRuntime_->initialize(cx)) {
-- js_ReportOutOfMemory(cx);
--
-- js_delete(jitRuntime_);
-- jitRuntime_ = nullptr;
--
-- JSCompartment* comp = cx->runtime()->atomsCompartment();
-- if (comp->jitCompartment_) {
-- js_delete(comp->jitCompartment_);
-- comp->jitCompartment_ = nullptr;
-- }
--
-- return nullptr;
-+ // Handling OOM here is complicated: if we delete jitRuntime_ now, we
-+ // will destroy the ExecutableAllocator, even though there may still be
-+ // JitCode instances holding references to ExecutablePools.
-+ CrashAtUnhandlableOOM("OOM in createJitRuntime");
- }
-
- return jitRuntime_;
- }
-
- bool
- JSCompartment::ensureJitCompartmentExists(JSContext* cx)
- {
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch
deleted file mode 100644
index e87b95f729..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch
+++ /dev/null
@@ -1,189 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f31d643afd41
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1233925
-
-# HG changeset patch
-# User Jan de Mooij <jdemooij@mozilla.com>
-# Date 1452110721 -3600
-# Node ID f31d643afd4159b5422ae5aebcbbea0a088e018e
-# Parent 4444e94a99cb9b00c0351cc8bf5459739cc036a5
-Bug 1233925 - Treat functions with rest more like functions with lazy arguments. r=nbp a=ritu
-
-diff --git a/js/src/jit/BacktrackingAllocator.cpp b/js/src/jit/BacktrackingAllocator.cpp
---- a/js/src/jit/BacktrackingAllocator.cpp
-+++ b/js/src/jit/BacktrackingAllocator.cpp
-@@ -201,20 +201,19 @@ BacktrackingAllocator::tryGroupRegisters
- // constructor calling convention.
- if (IsThisSlotDefinition(reg0->def()) || IsThisSlotDefinition(reg1->def())) {
- if (*reg0->def()->output() != *reg1->def()->output())
- return true;
- }
-
- // Registers which might spill to the frame's argument slots can only be
- // grouped with other such registers if the frame might access those
-- // arguments through a lazy arguments object.
-+ // arguments through a lazy arguments object or rest parameter.
- if (IsArgumentSlotDefinition(reg0->def()) || IsArgumentSlotDefinition(reg1->def())) {
-- JSScript* script = graph.mir().entryBlock()->info().script();
-- if (script && script->argumentsAliasesFormals()) {
-+ if (graph.mir().entryBlock()->info().mayReadFrameArgsDirectly()) {
- if (*reg0->def()->output() != *reg1->def()->output())
- return true;
- }
- }
-
- VirtualRegisterGroup* group0 = reg0->group(), *group1 = reg1->group();
-
- if (!group0 && group1)
-diff --git a/js/src/jit/CompileInfo.h b/js/src/jit/CompileInfo.h
---- a/js/src/jit/CompileInfo.h
-+++ b/js/src/jit/CompileInfo.h
-@@ -194,16 +194,17 @@ enum AnalysisMode {
- class CompileInfo
- {
- public:
- CompileInfo(JSScript* script, JSFunction* fun, jsbytecode* osrPc, bool constructing,
- AnalysisMode analysisMode, bool scriptNeedsArgsObj,
- InlineScriptTree* inlineScriptTree)
- : script_(script), fun_(fun), osrPc_(osrPc), constructing_(constructing),
- analysisMode_(analysisMode), scriptNeedsArgsObj_(scriptNeedsArgsObj),
-+ mayReadFrameArgsDirectly_(script->mayReadFrameArgsDirectly()),
- inlineScriptTree_(inlineScriptTree)
- {
- MOZ_ASSERT_IF(osrPc, JSOp(*osrPc) == JSOP_LOOPENTRY);
-
- // The function here can flow in from anywhere so look up the canonical
- // function to ensure that we do not try to embed a nursery pointer in
- // jit-code. Precisely because it can flow in from anywhere, it's not
- // guaranteed to be non-lazy. Hence, don't access its script!
-@@ -222,17 +223,17 @@ class CompileInfo
- fixedLexicalBegin_ = script->fixedLexicalBegin();
- nstack_ = script->nslots() - script->nfixed();
- nslots_ = nimplicit_ + nargs_ + nlocals_ + nstack_;
- }
-
- explicit CompileInfo(unsigned nlocals)
- : script_(nullptr), fun_(nullptr), osrPc_(nullptr), osrStaticScope_(nullptr),
- constructing_(false), analysisMode_(Analysis_None), scriptNeedsArgsObj_(false),
-- inlineScriptTree_(nullptr)
-+ mayReadFrameArgsDirectly_(false), inlineScriptTree_(nullptr)
- {
- nimplicit_ = 0;
- nargs_ = 0;
- nbodyfixed_ = 0;
- nlocals_ = nlocals;
- nstack_ = 1; /* For FunctionCompiler::pushPhiInput/popPhiOutput */
- nslots_ = nlocals_ + nstack_;
- fixedLexicalBegin_ = nlocals;
-@@ -539,16 +540,20 @@ class CompileInfo
- return false;
-
- if (needsArgsObj() && isObservableArgumentSlot(slot))
- return false;
-
- return true;
- }
-
-+ bool mayReadFrameArgsDirectly() const {
-+ return mayReadFrameArgsDirectly_;
-+ }
-+
- private:
- unsigned nimplicit_;
- unsigned nargs_;
- unsigned nbodyfixed_;
- unsigned nlocals_;
- unsigned nstack_;
- unsigned nslots_;
- unsigned fixedLexicalBegin_;
-@@ -559,15 +564,17 @@ class CompileInfo
- bool constructing_;
- AnalysisMode analysisMode_;
-
- // Whether a script needs an arguments object is unstable over compilation
- // since the arguments optimization could be marked as failed on the main
- // thread, so cache a value here and use it throughout for consistency.
- bool scriptNeedsArgsObj_;
-
-+ bool mayReadFrameArgsDirectly_;
-+
- InlineScriptTree* inlineScriptTree_;
- };
-
- } // namespace jit
- } // namespace js
-
- #endif /* jit_CompileInfo_h */
-diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp
---- a/js/src/jit/JitFrames.cpp
-+++ b/js/src/jit/JitFrames.cpp
-@@ -1002,17 +1002,17 @@ MarkThisAndArguments(JSTracer* trc, JitF
- // formal arguments is taken care of by the frame's safepoint/snapshot,
- // except when the script's lazy arguments object aliases those formals,
- // in which case we mark them as well.
-
- size_t nargs = layout->numActualArgs();
- size_t nformals = 0;
- if (CalleeTokenIsFunction(layout->calleeToken())) {
- JSFunction* fun = CalleeTokenToFunction(layout->calleeToken());
-- nformals = fun->nonLazyScript()->argumentsAliasesFormals() ? 0 : fun->nargs();
-+ nformals = fun->nonLazyScript()->mayReadFrameArgsDirectly() ? 0 : fun->nargs();
- }
-
- Value* argv = layout->argv();
-
- // Trace |this|.
- gc::MarkValueRoot(trc, argv, "ion-thisv");
-
- // Trace actual arguments beyond the formals. Note + 1 for thisv.
-diff --git a/js/src/jsscript.cpp b/js/src/jsscript.cpp
---- a/js/src/jsscript.cpp
-+++ b/js/src/jsscript.cpp
-@@ -3894,16 +3894,22 @@ JSScript::hasLoops()
- JSTryNote* tnlimit = tn + trynotes()->length;
- for (; tn < tnlimit; tn++) {
- if (tn->kind == JSTRY_FOR_IN || tn->kind == JSTRY_LOOP)
- return true;
- }
- return false;
- }
-
-+bool
-+JSScript::mayReadFrameArgsDirectly()
-+{
-+ return argumentsHasVarBinding() || (function_ && function_->hasRest());
-+}
-+
- static inline void
- LazyScriptHash(uint32_t lineno, uint32_t column, uint32_t begin, uint32_t end,
- HashNumber hashes[3])
- {
- HashNumber hash = lineno;
- hash = RotateLeft(hash, 4) ^ column;
- hash = RotateLeft(hash, 4) ^ begin;
- hash = RotateLeft(hash, 4) ^ end;
-diff --git a/js/src/jsscript.h b/js/src/jsscript.h
---- a/js/src/jsscript.h
-+++ b/js/src/jsscript.h
-@@ -1397,16 +1397,20 @@ class JSScript : public js::gc::TenuredC
- }
- inline void setFunction(JSFunction* fun);
- /*
- * De-lazifies the canonical function. Must be called before entering code
- * that expects the function to be non-lazy.
- */
- inline void ensureNonLazyCanonicalFunction(JSContext* cx);
-
-+ // Returns true if the script may read formal arguments on the stack
-+ // directly, via lazy arguments or a rest parameter.
-+ bool mayReadFrameArgsDirectly();
-+
- JSFlatString* sourceData(JSContext* cx);
-
- static bool loadSource(JSContext* cx, js::ScriptSource* ss, bool* worked);
-
- void setSourceObject(JSObject* object);
- JSObject* sourceObject() const {
- return sourceObject_;
- }
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch
deleted file mode 100644
index b92bfa4f4e..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/debff255c08e
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1234571
-
-# HG changeset patch
-# User Randell Jesup <rjesup@jesup.org>
-# Date 1451928471 18000
-# Node ID debff255c08e898be370e307e1e014f5601c20c6
-# Parent f31d643afd4159b5422ae5aebcbbea0a088e018e
-Bug 1234571 - unregister encoded-frame callback when releasing codec databases. r=pkerr, a=al
-
-diff --git a/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc b/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc
---- a/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc
-+++ b/media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc
-@@ -71,16 +71,17 @@ VCMGenericEncoder::VCMGenericEncoder(Vid
- VCMGenericEncoder::~VCMGenericEncoder()
- {
- }
-
- int32_t VCMGenericEncoder::Release()
- {
- _bitRate = 0;
- _frameRate = 0;
-+ _encoder.RegisterEncodeCompleteCallback(NULL);
- _VCMencodedFrameCallback = NULL;
- return _encoder.Release();
- }
-
- int32_t
- VCMGenericEncoder::InitEncode(const VideoCodec* settings,
- int32_t numberOfCores,
- uint32_t maxPayloadSize)
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch
deleted file mode 100644
index 2e409d961c..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/0f7224441f20
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1234280
-
-# HG changeset patch
-# User Benjamin Bouvier <benj@benj.me>
-# Date 1450947090 -3600
-# Node ID 0f7224441f2089001f7934b46ac10cb72d267606
-# Parent debff255c08e898be370e307e1e014f5601c20c6
-Bug 1234280: Handle oom in CodeGeneratorShared::allocateData; r=jandem, a=sledru
-
-diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
---- a/js/src/jit/CodeGenerator.cpp
-+++ b/js/src/jit/CodeGenerator.cpp
-@@ -7902,17 +7902,19 @@ const VMFunction GetPropertyIC::UpdateIn
- void
- CodeGenerator::visitGetPropertyIC(OutOfLineUpdateCache* ool, DataPtr<GetPropertyIC>& ic)
- {
- LInstruction* lir = ool->lir();
-
- if (ic->idempotent()) {
- size_t numLocs;
- CacheLocationList& cacheLocs = lir->mirRaw()->toGetPropertyCache()->location();
-- size_t locationBase = addCacheLocations(cacheLocs, &numLocs);
-+ size_t locationBase;
-+ if (!addCacheLocations(cacheLocs, &numLocs, &locationBase))
-+ return;
- ic->setLocationInfo(locationBase, numLocs);
- }
-
- saveLive(lir);
-
- pushArg(ic->object());
- pushArg(Imm32(ool->getCacheIndex()));
- pushArg(ImmGCPtr(gen->info().script()));
-diff --git a/js/src/jit/shared/CodeGenerator-shared.cpp b/js/src/jit/shared/CodeGenerator-shared.cpp
---- a/js/src/jit/shared/CodeGenerator-shared.cpp
-+++ b/js/src/jit/shared/CodeGenerator-shared.cpp
-@@ -1527,31 +1527,34 @@ CodeGeneratorShared::jumpToBlock(MBasicB
-
- masm.propagateOOM(patchableBackedges_.append(PatchableBackedgeInfo(backedge, mir->lir()->label(), oolEntry)));
- } else {
- masm.j(cond, mir->lir()->label());
- }
- }
- #endif
-
--size_t
--CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs)
-+MOZ_WARN_UNUSED_RESULT bool
-+CodeGeneratorShared::addCacheLocations(const CacheLocationList& locs, size_t* numLocs,
-+ size_t* curIndex)
- {
- size_t firstIndex = runtimeData_.length();
- size_t numLocations = 0;
- for (CacheLocationList::iterator iter = locs.begin(); iter != locs.end(); iter++) {
- // allocateData() ensures that sizeof(CacheLocation) is word-aligned.
- // If this changes, we will need to pad to ensure alignment.
-- size_t curIndex = allocateData(sizeof(CacheLocation));
-- new (&runtimeData_[curIndex]) CacheLocation(iter->pc, iter->script);
-+ if (!allocateData(sizeof(CacheLocation), curIndex))
-+ return false;
-+ new (&runtimeData_[*curIndex]) CacheLocation(iter->pc, iter->script);
- numLocations++;
- }
- MOZ_ASSERT(numLocations != 0);
- *numLocs = numLocations;
-- return firstIndex;
-+ *curIndex = firstIndex;
-+ return true;
- }
-
- ReciprocalMulConstants
- CodeGeneratorShared::computeDivisionConstants(int d) {
- // In what follows, d is positive and is not a power of 2.
- MOZ_ASSERT(d > 0 && (d & (d - 1)) != 0);
-
- // Speeding up division by non power-of-2 constants is possible by
-diff --git a/js/src/jit/shared/CodeGenerator-shared.h b/js/src/jit/shared/CodeGenerator-shared.h
---- a/js/src/jit/shared/CodeGenerator-shared.h
-+++ b/js/src/jit/shared/CodeGenerator-shared.h
-@@ -3,16 +3,17 @@
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
- #ifndef jit_shared_CodeGenerator_shared_h
- #define jit_shared_CodeGenerator_shared_h
-
- #include "mozilla/Alignment.h"
-+#include "mozilla/TypeTraits.h"
-
- #include "jit/JitFrames.h"
- #include "jit/LIR.h"
- #include "jit/MacroAssembler.h"
- #include "jit/MIRGenerator.h"
- #include "jit/MIRGraph.h"
- #include "jit/OptimizationTracking.h"
- #include "jit/Safepoints.h"
-@@ -242,24 +243,16 @@ class CodeGeneratorShared : public LElem
- return SlotToStackOffset(a->toStackSlot()->slot());
- }
-
- uint32_t frameSize() const {
- return frameClass_ == FrameSizeClass::None() ? frameDepth_ : frameClass_.frameSize();
- }
-
- protected:
-- // Ensure the cache is an IonCache while expecting the size of the derived
-- // class. We only need the cache list at GC time. Everyone else can just take
-- // runtimeData offsets.
-- size_t allocateCache(const IonCache&, size_t size) {
-- size_t dataOffset = allocateData(size);
-- masm.propagateOOM(cacheList_.append(dataOffset));
-- return dataOffset;
-- }
-
- #ifdef CHECK_OSIPOINT_REGISTERS
- void resetOsiPointRegs(LSafepoint* safepoint);
- bool shouldVerifyOsiPointRegs(LSafepoint* safepoint);
- void verifyOsiPointRegs(LSafepoint* safepoint);
- #endif
-
- bool addNativeToBytecodeEntry(const BytecodeSite* site);
-@@ -295,27 +288,33 @@ class CodeGeneratorShared : public LElem
- return lookup();
- }
- T * operator*() {
- return lookup();
- }
- };
-
- protected:
--
-- size_t allocateData(size_t size) {
-+ MOZ_WARN_UNUSED_RESULT
-+ bool allocateData(size_t size, size_t* offset) {
- MOZ_ASSERT(size % sizeof(void*) == 0);
-- size_t dataOffset = runtimeData_.length();
-+ *offset = runtimeData_.length();
- masm.propagateOOM(runtimeData_.appendN(0, size));
-- return dataOffset;
-+ return !masm.oom();
- }
-
-+ // Ensure the cache is an IonCache while expecting the size of the derived
-+ // class. We only need the cache list at GC time. Everyone else can just take
-+ // runtimeData offsets.
- template <typename T>
- inline size_t allocateCache(const T& cache) {
-- size_t index = allocateCache(cache, sizeof(mozilla::AlignedStorage2<T>));
-+ static_assert(mozilla::IsBaseOf<IonCache, T>::value, "T must inherit from IonCache");
-+ size_t index;
-+ masm.propagateOOM(allocateData(sizeof(mozilla::AlignedStorage2<T>), &index));
-+ masm.propagateOOM(cacheList_.append(index));
- if (masm.oom())
- return SIZE_MAX;
- // Use the copy constructor on the allocated space.
- MOZ_ASSERT(index == cacheList_.back());
- new (&runtimeData_[index]) T(cache);
- return index;
- }
-
-@@ -475,17 +474,17 @@ class CodeGeneratorShared : public LElem
-
- void callVM(const VMFunction& f, LInstruction* ins, const Register* dynStack = nullptr);
-
- template <class ArgSeq, class StoreOutputTo>
- inline OutOfLineCode* oolCallVM(const VMFunction& fun, LInstruction* ins, const ArgSeq& args,
- const StoreOutputTo& out);
-
- void addCache(LInstruction* lir, size_t cacheIndex);
-- size_t addCacheLocations(const CacheLocationList& locs, size_t* numLocs);
-+ bool addCacheLocations(const CacheLocationList& locs, size_t* numLocs, size_t* offset);
- ReciprocalMulConstants computeDivisionConstants(int d);
-
- protected:
- void addOutOfLineCode(OutOfLineCode* code, const MInstruction* mir);
- void addOutOfLineCode(OutOfLineCode* code, const BytecodeSite* site);
- bool hasOutOfLineCode() { return !outOfLineCode_.empty(); }
- bool generateOutOfLineCode();
-
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch
deleted file mode 100644
index 7861e24c89..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8c184c30caa6
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668
-
-# HG changeset patch
-# User L. David Baron <dbaron@dbaron.org>
-# Date 1452248144 -39600
-# Node ID 8c184c30caa6d16f5ec63cce9a77d16f25d2e57e
-# Parent 0f7224441f2089001f7934b46ac10cb72d267606
-Bug 1230668 - Don't use frame when not in composed document. r=heycam a=sylvestre
-
-diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp
---- a/layout/style/nsComputedDOMStyle.cpp
-+++ b/layout/style/nsComputedDOMStyle.cpp
-@@ -421,26 +421,31 @@ nsComputedDOMStyle::GetStyleContextForEl
- {
- MOZ_ASSERT(aElement, "NULL element");
- // If the content has a pres shell, we must use it. Otherwise we'd
- // potentially mix rule trees by using the wrong pres shell's style
- // set. Using the pres shell from the content also means that any
- // content that's actually *in* a document will get the style from the
- // correct document.
- nsIPresShell *presShell = GetPresShellForContent(aElement);
-+ bool inDocWithShell = true;
- if (!presShell) {
-+ inDocWithShell = false;
- presShell = aPresShell;
- if (!presShell)
- return nullptr;
- }
-
-- // XXX the !aElement->IsHTML(nsGkAtoms::area)
-- // check is needed due to bug 135040 (to avoid using
-+ // XXX the !aElement->IsHTML(nsGkAtoms::area)
-+ // check is needed due to bug 135040 (to avoid using
- // mPrimaryFrame). Remove it once that's fixed.
-- if (!aPseudo && aStyleType == eAll && !aElement->IsHTML(nsGkAtoms::area)) {
-+ if (!aPseudo && aStyleType == eAll && inDocWithShell &&
-+ !aElement->IsHTML(nsGkAtoms::area)) {
-+ if (!aPseudo && aStyleType == eAll && inDocWithShell &&
-+ !aElement->IsHTMLElement(nsGkAtoms::area)) {
- nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
- if (frame) {
- nsStyleContext* result = frame->StyleContext();
- // Don't use the style context if it was influenced by
- // pseudo-elements, since then it's not the primary style
- // for this element.
- if (!result->HasPseudoElementData()) {
- // this function returns an addrefed style context
-@@ -468,17 +473,18 @@ nsComputedDOMStyle::GetStyleContextForEl
-
- nsRefPtr<nsStyleContext> sc;
- if (aPseudo) {
- nsCSSPseudoElements::Type type = nsCSSPseudoElements::GetPseudoType(aPseudo);
- if (type >= nsCSSPseudoElements::ePseudo_PseudoElementCount) {
- return nullptr;
- }
- nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
-- Element* pseudoElement = frame ? frame->GetPseudoElement(type) : nullptr;
-+ Element* pseudoElement =
-+ frame && inDocWithShell ? frame->GetPseudoElement(type) : nullptr;
- sc = styleSet->ResolvePseudoElementStyle(aElement, type, parentContext,
- pseudoElement);
- } else {
- sc = styleSet->ResolveStyleFor(aElement, parentContext);
- }
-
- if (aStyleType == eDefaultOnly) {
- // We really only want the user and UA rules. Filter out the other ones.
-@@ -592,18 +598,18 @@ nsComputedDOMStyle::UpdateCurrentStyleSo
- mFlushedPendingReflows = aNeedsLayoutFlush;
- #endif
-
- mPresShell = document->GetShell();
- if (!mPresShell || !mPresShell->GetPresContext()) {
- return;
- }
-
-- // XXX the !mContent->IsHTML(nsGkAtoms::area)
-- // check is needed due to bug 135040 (to avoid using
-+ // XXX the !mContent->IsHTML(nsGkAtoms::area)
-+ // check is needed due to bug 135040 (to avoid using
- // mPrimaryFrame). Remove it once that's fixed.
- if (!mPseudo && mStyleType == eAll && !mContent->IsHTML(nsGkAtoms::area)) {
- mOuterFrame = mContent->GetPrimaryFrame();
- mInnerFrame = mOuterFrame;
- if (mOuterFrame) {
- nsIAtom* type = mOuterFrame->GetType();
- if (type == nsGkAtoms::tableOuterFrame) {
- // If the frame is an outer table frame then we should get the style
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch
deleted file mode 100644
index 0e5825becf..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/fceff80a84a3
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230668
-
-# HG changeset patch
-# User Wes Kocher <wkocher@mozilla.com>
-# Date 1452542163 28800
-# Node ID fceff80a84a32b68d02abc00486fe6c7b86d545b
-# Parent 8c184c30caa6d16f5ec63cce9a77d16f25d2e57e
-Fix up some rebase errors in bug 1230668 r=me a=bustage
-
-diff --git a/layout/style/nsComputedDOMStyle.cpp b/layout/style/nsComputedDOMStyle.cpp
---- a/layout/style/nsComputedDOMStyle.cpp
-+++ b/layout/style/nsComputedDOMStyle.cpp
-@@ -434,18 +434,16 @@ nsComputedDOMStyle::GetStyleContextForEl
- return nullptr;
- }
-
- // XXX the !aElement->IsHTML(nsGkAtoms::area)
- // check is needed due to bug 135040 (to avoid using
- // mPrimaryFrame). Remove it once that's fixed.
- if (!aPseudo && aStyleType == eAll && inDocWithShell &&
- !aElement->IsHTML(nsGkAtoms::area)) {
-- if (!aPseudo && aStyleType == eAll && inDocWithShell &&
-- !aElement->IsHTMLElement(nsGkAtoms::area)) {
- nsIFrame* frame = nsLayoutUtils::GetStyleFrame(aElement);
- if (frame) {
- nsStyleContext* result = frame->StyleContext();
- // Don't use the style context if it was influenced by
- // pseudo-elements, since then it's not the primary style
- // for this element.
- if (!result->HasPseudoElementData()) {
- // this function returns an addrefed style context
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch
deleted file mode 100644
index 02c1af1775..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/94a95291d095
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1224200
-
-# HG changeset patch
-# User Timothy Nikkel <tnikkel@gmail.com>
-# Date 1453303652 -3600
-# Node ID 94a95291d0958439dbed5b7dc99fae59e1318592
-# Parent 999c13acb40e1113306c65925a7d96688339d945
-Bug 1224200 - Allow downscaler to get (and ignore) new input lines after it has finished producing all output lines. r=seth, a=lizzard
-
-diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
---- a/image/src/Downscaler.cpp
-+++ b/image/src/Downscaler.cpp
-@@ -145,43 +145,44 @@ GetFilterOffsetAndLength(UniquePtr<skia:
- aFilterLengthOut);
- }
-
- void
- Downscaler::CommitRow()
- {
- MOZ_ASSERT(mOutputBuffer, "Should have a current frame");
- MOZ_ASSERT(mCurrentInLine < mOriginalSize.height, "Past end of input");
-- MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Past end of output");
-
-- int32_t filterOffset = 0;
-- int32_t filterLength = 0;
-- GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-- &filterOffset, &filterLength);
-+ if (mCurrentOutLine < mTargetSize.height) {
-+ int32_t filterOffset = 0;
-+ int32_t filterLength = 0;
-+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+ &filterOffset, &filterLength);
-
-- int32_t inLineToRead = filterOffset + mLinesInBuffer;
-- MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
-- if (mCurrentInLine == inLineToRead) {
-- skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
-- mWindow[mLinesInBuffer++], mHasAlpha,
-- /* use_sse2 = */ true);
-- }
--
-- MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
-- "Writing past end of output");
--
-- while (mLinesInBuffer == filterLength) {
-- DownscaleInputLine();
--
-- if (mCurrentOutLine == mTargetSize.height) {
-- break; // We're done.
-+ int32_t inLineToRead = filterOffset + mLinesInBuffer;
-+ MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
-+ if (mCurrentInLine == inLineToRead) {
-+ skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
-+ mWindow[mLinesInBuffer++], mHasAlpha,
-+ /* use_sse2 = */ true);
- }
-
-- GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-- &filterOffset, &filterLength);
-+ MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
-+ "Writing past end of output");
-+
-+ while (mLinesInBuffer == filterLength) {
-+ DownscaleInputLine();
-+
-+ if (mCurrentOutLine == mTargetSize.height) {
-+ break; // We're done.
-+ }
-+
-+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+ &filterOffset, &filterLength);
-+ }
- }
-
- mCurrentInLine += 1;
- }
-
- bool
- Downscaler::HasInvalidation() const
- {
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch
deleted file mode 100644
index 9ebf18a5d3..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/ee68c3dae5f6
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230483
-
-# HG changeset patch
-# User JW Wang <jwwang@mozilla.com>
-# Date 1450698943 -28800
-# Node ID ee68c3dae5f639fdd439f69ef2f724067fce0ea6
-# Parent 762d015e1854c28c213293ac1e9b2ab51cf201f9
-Bug 1230483 - Part 2 - LoadFromSourceChildren() should be queued at most once in an event cycle. r=roc, a=lizzard
-
-diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp
---- a/dom/html/HTMLMediaElement.cpp
-+++ b/dom/html/HTMLMediaElement.cpp
-@@ -4033,16 +4033,19 @@ void HTMLMediaElement::NotifyAddedSource
- mNetworkState == nsIDOMHTMLMediaElement::NETWORK_EMPTY)
- {
- QueueSelectResourceTask();
- }
-
- // A load was paused in the resource selection algorithm, waiting for
- // a new source child to be added, resume the resource selection algorithm.
- if (mLoadWaitStatus == WAITING_FOR_SOURCE) {
-+ // Rest the flag so we don't queue multiple LoadFromSourceTask() when
-+ // multiple <source> are attached in an event loop.
-+ mLoadWaitStatus = NOT_WAITING;
- QueueLoadFromSourceTask();
- }
- }
-
- nsIContent* HTMLMediaElement::GetNextSource()
- {
- nsCOMPtr<nsIDOMNode> thisDomNode = do_QueryObject(this);
-
-
diff --git a/gnu/packages/patches/icecat-CVE-2016-1935.patch b/gnu/packages/patches/icecat-CVE-2016-1935.patch
deleted file mode 100644
index a6db4b9b6a..0000000000
--- a/gnu/packages/patches/icecat-CVE-2016-1935.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/f9aad6c0253a
-Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1220450
-
-# HG changeset patch
-# User Jeff Gilbert <jgilbert@mozilla.com>
-# Date 1452570660 28800
-# Node ID f9aad6c0253a3b81699a3d7a05e78615dd814ea3
-# Parent c47640f24251b48c0bba9d2f0f6ee059eca58362
-Bug 1220450 - Clear length on cache OOM. r=kamidphish, a=ritu
-
-diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp
---- a/dom/canvas/WebGLContextBuffers.cpp
-+++ b/dom/canvas/WebGLContextBuffers.cpp
-@@ -185,16 +185,17 @@ WebGLContext::BufferData(GLenum target,
-
- if (error) {
- GenerateWarning("bufferData generated error %s", ErrorName(error));
- return;
- }
-
- boundBuffer->SetByteLength(size);
- if (!boundBuffer->ElementArrayCacheBufferData(nullptr, size)) {
-+ boundBuffer->SetByteLength(0);
- return ErrorOutOfMemory("bufferData: out of memory");
- }
- }
-
- void
- WebGLContext::BufferData(GLenum target,
- const dom::Nullable<dom::ArrayBuffer>& maybeData,
- GLenum usage)
-@@ -234,18 +235,20 @@ WebGLContext::BufferData(GLenum target,
- GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
-
- if (error) {
- GenerateWarning("bufferData generated error %s", ErrorName(error));
- return;
- }
-
- boundBuffer->SetByteLength(data.Length());
-- if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length()))
-+ if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) {
-+ boundBuffer->SetByteLength(0);
- return ErrorOutOfMemory("bufferData: out of memory");
-+ }
- }
-
- void
- WebGLContext::BufferData(GLenum target, const dom::ArrayBufferView& data,
- GLenum usage)
- {
- if (IsContextLost())
- return;
-@@ -274,18 +277,20 @@ WebGLContext::BufferData(GLenum target,
-
- GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
- if (error) {
- GenerateWarning("bufferData generated error %s", ErrorName(error));
- return;
- }
-
- boundBuffer->SetByteLength(data.Length());
-- if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length()))
-+ if (!boundBuffer->ElementArrayCacheBufferData(data.Data(), data.Length())) {
-+ boundBuffer->SetByteLength(0);
- return ErrorOutOfMemory("bufferData: out of memory");
-+ }
- }
-
- void
- WebGLContext::BufferSubData(GLenum target, WebGLsizeiptr byteOffset,
- const dom::Nullable<dom::ArrayBuffer>& maybeData)
- {
- if (IsContextLost())
- return;
-
diff --git a/gnu/packages/patches/icecat-bug-1146335-pt1.patch b/gnu/packages/patches/icecat-bug-1146335-pt1.patch
deleted file mode 100644
index a41e638b2f..0000000000
--- a/gnu/packages/patches/icecat-bug-1146335-pt1.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9d14787bd10e
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1146335
-
-# HG changeset patch
-# User Seth Fowler <mark.seth.fowler@gmail.com>
-# Date 1428627143 25200
-# Node ID 9d14787bd10e6f3013263a2cae0bcc78bebde1db
-# Parent aaf922ae679685acb5d2b8ffa5f0bf22f1e6987a
-Bug 1146335 (Part 1) - Add assertions and fix style issues in image::Downscaler. r=tn a=lizzard
-
-diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
---- a/image/src/Downscaler.cpp
-+++ b/image/src/Downscaler.cpp
-@@ -72,23 +72,25 @@ Downscaler::BeginFrame(const nsIntSize&
- mOutputBuffer = aOutputBuffer;
- mHasAlpha = aHasAlpha;
-
- ResetForNextProgressivePass();
- ReleaseWindow();
-
- auto resizeMethod = skia::ImageOperations::RESIZE_LANCZOS3;
-
-- skia::resize::ComputeFilters(resizeMethod, mOriginalSize.width,
-- mTargetSize.width, 0,
-- mTargetSize.width, mXFilter.get());
-+ skia::resize::ComputeFilters(resizeMethod,
-+ mOriginalSize.width, mTargetSize.width,
-+ 0, mTargetSize.width,
-+ mXFilter.get());
-
-- skia::resize::ComputeFilters(resizeMethod, mOriginalSize.height,
-- mTargetSize.height, 0,
-- mTargetSize.height, mYFilter.get());
-+ skia::resize::ComputeFilters(resizeMethod,
-+ mOriginalSize.height, mTargetSize.height,
-+ 0, mTargetSize.height,
-+ mYFilter.get());
-
- // Allocate the buffer, which contains scanlines of the original image.
- size_t bufferLen = mOriginalSize.width * sizeof(uint32_t);
- mRowBuffer = MakeUnique<uint8_t[]>(bufferLen);
- if (MOZ_UNLIKELY(!mRowBuffer)) {
- return NS_ERROR_OUT_OF_MEMORY;
- }
-
-@@ -126,39 +128,54 @@ void
- Downscaler::ResetForNextProgressivePass()
- {
- mPrevInvalidatedLine = 0;
- mCurrentOutLine = 0;
- mCurrentInLine = 0;
- mLinesInBuffer = 0;
- }
-
-+static void
-+GetFilterOffsetAndLength(UniquePtr<skia::ConvolutionFilter1D>& aFilter,
-+ int32_t aOutputImagePosition,
-+ int32_t* aFilterOffsetOut,
-+ int32_t* aFilterLengthOut)
-+{
-+ MOZ_ASSERT(aOutputImagePosition < aFilter->num_values());
-+ aFilter->FilterForValue(aOutputImagePosition,
-+ aFilterOffsetOut,
-+ aFilterLengthOut);
-+}
-+
- void
- Downscaler::CommitRow()
- {
- MOZ_ASSERT(mOutputBuffer, "Should have a current frame");
- MOZ_ASSERT(mCurrentInLine < mOriginalSize.height, "Past end of input");
- MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Past end of output");
-
- int32_t filterOffset = 0;
- int32_t filterLength = 0;
-- mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
-+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+ &filterOffset, &filterLength);
-
- int32_t inLineToRead = filterOffset + mLinesInBuffer;
- MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
- if (mCurrentInLine == inLineToRead) {
- skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
- mWindow[mLinesInBuffer++], mHasAlpha,
- /* use_sse2 = */ true);
- }
-
- while (mLinesInBuffer == filterLength &&
- mCurrentOutLine < mTargetSize.height) {
- DownscaleInputLine();
-- mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
-+
-+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+ &filterOffset, &filterLength);
- }
-
- mCurrentInLine += 1;
- }
-
- bool
- Downscaler::HasInvalidation() const
- {
-@@ -184,16 +201,17 @@ Downscaler::DownscaleInputLine()
- {
- typedef skia::ConvolutionFilter1D::Fixed FilterValue;
-
- MOZ_ASSERT(mOutputBuffer);
- MOZ_ASSERT(mCurrentOutLine < mTargetSize.height, "Writing past end of output");
-
- int32_t filterOffset = 0;
- int32_t filterLength = 0;
-+ MOZ_ASSERT(mCurrentOutLine < mYFilter->num_values());
- auto filterValues =
- mYFilter->FilterForValue(mCurrentOutLine, &filterOffset, &filterLength);
-
- uint8_t* outputLine =
- &mOutputBuffer[mCurrentOutLine * mTargetSize.width * sizeof(uint32_t)];
- skia::ConvolveVertically(static_cast<const FilterValue*>(filterValues),
- filterLength, mWindow.get(), mXFilter->num_values(),
- outputLine, mHasAlpha, /* use_sse2 = */ true);
-@@ -202,17 +220,18 @@ Downscaler::DownscaleInputLine()
-
- if (mCurrentOutLine == mTargetSize.height) {
- // We're done.
- return;
- }
-
- int32_t newFilterOffset = 0;
- int32_t newFilterLength = 0;
-- mYFilter->FilterForValue(mCurrentOutLine, &newFilterOffset, &newFilterLength);
-+ GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
-+ &newFilterOffset, &newFilterLength);
-
- int diff = newFilterOffset - filterOffset;
- MOZ_ASSERT(diff >= 0, "Moving backwards in the filter?");
-
- // Shift the buffer. We're just moving pointers here, so this is cheap.
- mLinesInBuffer -= diff;
- mLinesInBuffer = max(mLinesInBuffer, 0);
- for (int32_t i = 0; i < mLinesInBuffer; ++i) {
-
diff --git a/gnu/packages/patches/icecat-bug-1146335-pt2.patch b/gnu/packages/patches/icecat-bug-1146335-pt2.patch
deleted file mode 100644
index 240e0cfc66..0000000000
--- a/gnu/packages/patches/icecat-bug-1146335-pt2.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/8bfaa27698ca
-Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1146335
-
-# HG changeset patch
-# User Seth Fowler <mark.seth.fowler@gmail.com>
-# Date 1428627143 25200
-# Node ID 8bfaa27698ca0720d5c9f3910ab7148b38db0625
-# Parent 9d14787bd10e6f3013263a2cae0bcc78bebde1db
-Bug 1146335 (Part 2) - Fix an off-by-one error in image::Downscaler. r=tn a=lizzard
-
-diff --git a/image/src/Downscaler.cpp b/image/src/Downscaler.cpp
---- a/image/src/Downscaler.cpp
-+++ b/image/src/Downscaler.cpp
-@@ -160,20 +160,26 @@ Downscaler::CommitRow()
- int32_t inLineToRead = filterOffset + mLinesInBuffer;
- MOZ_ASSERT(mCurrentInLine <= inLineToRead, "Reading past end of input");
- if (mCurrentInLine == inLineToRead) {
- skia::ConvolveHorizontally(mRowBuffer.get(), *mXFilter,
- mWindow[mLinesInBuffer++], mHasAlpha,
- /* use_sse2 = */ true);
- }
-
-- while (mLinesInBuffer == filterLength &&
-- mCurrentOutLine < mTargetSize.height) {
-+ MOZ_ASSERT(mCurrentOutLine < mTargetSize.height,
-+ "Writing past end of output");
-+
-+ while (mLinesInBuffer == filterLength) {
- DownscaleInputLine();
-
-+ if (mCurrentOutLine == mTargetSize.height) {
-+ break; // We're done.
-+ }
-+
- GetFilterOffsetAndLength(mYFilter, mCurrentOutLine,
- &filterOffset, &filterLength);
- }
-
- mCurrentInLine += 1;
- }
-
- bool
-
diff --git a/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch b/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch
deleted file mode 100644
index 5a3a934dba..0000000000
--- a/gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/9632375c6aac
-
-# HG changeset patch
-# User Jeff Gilbert <jdashg@gmail.com>
-# Date 1453320785 28800
-# Node ID 9632375c6aacbf673b996b53231d70b91e480fb5
-# Parent ee68c3dae5f639fdd439f69ef2f724067fce0ea6
-Limit max buffers size for ANGLE. r=jrmuizel a=lizzard
-
-diff --git a/dom/canvas/WebGLContextBuffers.cpp b/dom/canvas/WebGLContextBuffers.cpp
---- a/dom/canvas/WebGLContextBuffers.cpp
-+++ b/dom/canvas/WebGLContextBuffers.cpp
-@@ -164,16 +164,19 @@ WebGLContext::BufferData(GLenum target,
-
- if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
- return;
-
- // careful: WebGLsizeiptr is always 64-bit, but GLsizeiptr is like intptr_t.
- if (!CheckedInt<GLsizeiptr>(size).isValid())
- return ErrorOutOfMemory("bufferData: bad size");
-
-+ if (gl->IsANGLE() && size > UINT32_MAX)
-+ return ErrorOutOfMemory("bufferData: size too large");
-+
- WebGLBuffer* boundBuffer = bufferSlot.get();
-
- if (!boundBuffer)
- return ErrorInvalidOperation("bufferData: no buffer bound!");
-
- UniquePtr<uint8_t> zeroBuffer((uint8_t*)moz_calloc(size, 1));
- if (!zeroBuffer)
- return ErrorOutOfMemory("bufferData: out of memory");
-@@ -216,16 +219,19 @@ WebGLContext::BufferData(GLenum target,
- const dom::ArrayBuffer& data = maybeData.Value();
- data.ComputeLengthAndData();
-
- // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
- // is like intptr_t.
- if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
- return ErrorOutOfMemory("bufferData: bad size");
-
-+ if (gl->IsANGLE() && data.Length() > UINT32_MAX)
-+ return ErrorOutOfMemory("bufferData: size too large");
-+
- if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
- return;
-
- WebGLBuffer* boundBuffer = bufferSlot.get();
-
- if (!boundBuffer)
- return ErrorInvalidOperation("bufferData: no buffer bound!");
-
-@@ -267,16 +273,19 @@ WebGLContext::BufferData(GLenum target,
-
- data.ComputeLengthAndData();
-
- // Careful: data.Length() could conceivably be any uint32_t, but GLsizeiptr
- // is like intptr_t.
- if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
- return ErrorOutOfMemory("bufferData: bad size");
-
-+ if (gl->IsANGLE() && data.Length() > UINT32_MAX)
-+ return ErrorOutOfMemory("bufferData: size too large");
-+
- InvalidateBufferFetching();
- MakeContextCurrent();
-
- GLenum error = CheckedBufferData(target, data.Length(), data.Data(), usage);
- if (error) {
- GenerateWarning("bufferData generated error %s", ErrorName(error));
- return;
- }
-