summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2015-03-09 20:50:12 -0400
committerMark H Weaver <mhw@netris.org>2015-03-10 10:13:38 -0400
commit5b17fabca63296e04d35679b92150c1c73d1df53 (patch)
treed1b2e08bd30f380603a8e34ae035952c231f2497 /gnu/packages/patches
parenta24175ac8d772e714a7cb5796e2da8799d9cf055 (diff)
gnu: icecat: Update to 31.5.0.
* gnu/packages/patches/icecat-CVE-2015-0822.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch, gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch, gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch: Remove files. * gnu-system.am (dist_patch_DATA): Remove them. * gnu/packages/gnuzilla.scm (icecat): Update to 31.5.0. Remove patches. Add 'nspr', 'nss', and 'cairo' to inputs. Add configure flags to use those system libraries.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0822.patch154
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch33
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch35
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch56
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch32
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch26
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch26
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch27
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch220
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch89
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch25
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch41
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch54
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch53
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch52
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch219
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch104
17 files changed, 0 insertions, 1246 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0822.patch b/gnu/packages/patches/icecat-CVE-2015-0822.patch
deleted file mode 100644
index 2625151453..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0822.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From 0922145c255bf2503d3b2dd5f8f1e813338ba990 Mon Sep 17 00:00:00 2001
-From: Mats Palmgren <mats@mozilla.com>
-Date: Sat, 24 Jan 2015 12:37:47 -0500
-Subject: [PATCH] Bug 1110557. r=mak, r=gavin, a=bkerensa
-
----
- .../components/satchel/nsFormFillController.cpp | 67 +++++++++++++++-------
- toolkit/components/satchel/nsFormFillController.h | 5 ++
- 2 files changed, 52 insertions(+), 20 deletions(-)
-
-diff --git a/toolkit/components/satchel/nsFormFillController.cpp b/toolkit/components/satchel/nsFormFillController.cpp
-index 315fc68..676ad84 100644
---- a/toolkit/components/satchel/nsFormFillController.cpp
-+++ b/toolkit/components/satchel/nsFormFillController.cpp
-@@ -61,6 +61,7 @@ nsFormFillController::nsFormFillController() :
- mSuppressOnInput(false)
- {
- mController = do_GetService("@mozilla.org/autocomplete/controller;1");
-+ MOZ_ASSERT(mController);
- }
-
- struct PwmgrInputsEnumData
-@@ -104,6 +105,21 @@ nsFormFillController::AttributeChanged(nsIDocument* aDocument,
- int32_t aNameSpaceID,
- nsIAtom* aAttribute, int32_t aModType)
- {
-+ if ((aAttribute == nsGkAtoms::type || aAttribute == nsGkAtoms::readonly ||
-+ aAttribute == nsGkAtoms::autocomplete) &&
-+ aNameSpaceID == kNameSpaceID_None) {
-+ nsCOMPtr<nsIDOMHTMLInputElement> focusedInput(mFocusedInput);
-+ // Reset the current state of the controller, unconditionally.
-+ StopControllingInput();
-+ // Then restart based on the new values. We have to delay this
-+ // to avoid ending up in an endless loop due to re-registering our
-+ // mutation observer (which would notify us again for *this* event).
-+ nsCOMPtr<nsIRunnable> event =
-+ NS_NewRunnableMethodWithArg<nsCOMPtr<nsIDOMHTMLInputElement>>
-+ (this, &nsFormFillController::MaybeStartControllingInput, focusedInput);
-+ NS_DispatchToCurrentThread(event);
-+ }
-+
- if (mListNode && mListNode->Contains(aElement)) {
- RevalidateDataList();
- }
-@@ -841,28 +857,26 @@ nsFormFillController::RemoveForDocumentEnumerator(const nsINode* aKey,
- return PL_DHASH_NEXT;
- }
-
--nsresult
--nsFormFillController::Focus(nsIDOMEvent* aEvent)
-+void
-+nsFormFillController::MaybeStartControllingInput(nsIDOMHTMLInputElement* aInput)
- {
-- nsCOMPtr<nsIDOMHTMLInputElement> input = do_QueryInterface(
-- aEvent->InternalDOMEvent()->GetTarget());
-- nsCOMPtr<nsINode> inputNode = do_QueryInterface(input);
-+ nsCOMPtr<nsINode> inputNode = do_QueryInterface(aInput);
- if (!inputNode)
-- return NS_OK;
-+ return;
-
-- nsCOMPtr<nsIFormControl> formControl = do_QueryInterface(input);
-+ nsCOMPtr<nsIFormControl> formControl = do_QueryInterface(aInput);
- if (!formControl || !formControl->IsSingleLineTextControl(true))
-- return NS_OK;
-+ return;
-
- bool isReadOnly = false;
-- input->GetReadOnly(&isReadOnly);
-+ aInput->GetReadOnly(&isReadOnly);
- if (isReadOnly)
-- return NS_OK;
-+ return;
-
-- bool autocomplete = nsContentUtils::IsAutocompleteEnabled(input);
-+ bool autocomplete = nsContentUtils::IsAutocompleteEnabled(aInput);
-
- nsCOMPtr<nsIDOMHTMLElement> datalist;
-- input->GetList(getter_AddRefs(datalist));
-+ aInput->GetList(getter_AddRefs(datalist));
- bool hasList = datalist != nullptr;
-
- bool dummy;
-@@ -871,9 +885,16 @@ nsFormFillController::Focus(nsIDOMEvent* aEvent)
- isPwmgrInput = true;
-
- if (isPwmgrInput || hasList || autocomplete) {
-- StartControllingInput(input);
-+ StartControllingInput(aInput);
- }
-+}
-
-+nsresult
-+nsFormFillController::Focus(nsIDOMEvent* aEvent)
-+{
-+ nsCOMPtr<nsIDOMHTMLInputElement> input = do_QueryInterface(
-+ aEvent->InternalDOMEvent()->GetTarget());
-+ MaybeStartControllingInput(input);
- return NS_OK;
- }
-
-@@ -1087,6 +1108,10 @@ nsFormFillController::StartControllingInput(nsIDOMHTMLInputElement *aInput)
- // Make sure we're not still attached to an input
- StopControllingInput();
-
-+ if (!mController) {
-+ return;
-+ }
-+
- // Find the currently focused docShell
- nsCOMPtr<nsIDocShell> docShell = GetDocShellForInput(aInput);
- int32_t index = GetIndexOfDocShell(docShell);
-@@ -1129,13 +1154,15 @@ nsFormFillController::StopControllingInput()
- mListNode = nullptr;
- }
-
-- // Reset the controller's input, but not if it has been switched
-- // to another input already, which might happen if the user switches
-- // focus by clicking another autocomplete textbox
-- nsCOMPtr<nsIAutoCompleteInput> input;
-- mController->GetInput(getter_AddRefs(input));
-- if (input == this)
-- mController->SetInput(nullptr);
-+ if (mController) {
-+ // Reset the controller's input, but not if it has been switched
-+ // to another input already, which might happen if the user switches
-+ // focus by clicking another autocomplete textbox
-+ nsCOMPtr<nsIAutoCompleteInput> input;
-+ mController->GetInput(getter_AddRefs(input));
-+ if (input == this)
-+ mController->SetInput(nullptr);
-+ }
-
- if (mFocusedInputNode) {
- MaybeRemoveMutationObserver(mFocusedInputNode);
-diff --git a/toolkit/components/satchel/nsFormFillController.h b/toolkit/components/satchel/nsFormFillController.h
-index b60d28d..8c3ba26 100644
---- a/toolkit/components/satchel/nsFormFillController.h
-+++ b/toolkit/components/satchel/nsFormFillController.h
-@@ -62,6 +62,11 @@ protected:
-
- void StartControllingInput(nsIDOMHTMLInputElement *aInput);
- void StopControllingInput();
-+ /**
-+ * Checks that aElement is a type of element we want to fill, then calls
-+ * StartControllingInput on it.
-+ */
-+ void MaybeStartControllingInput(nsIDOMHTMLInputElement* aElement);
-
- nsresult PerformInputListAutoComplete(nsIAutoCompleteResult* aPreviousResult);
-
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch
deleted file mode 100644
index c57da755d1..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 28b6204b1421aa57b3c10c43d90cb516910bc80f Mon Sep 17 00:00:00 2001
-From: Markus Stange <mstange@themasta.com>
-Date: Tue, 6 Jan 2015 12:08:39 +0100
-Subject: [PATCH] Bug 1117304 - Also do the checks at the start of CopyRect in
- release builds. r=Bas, a=sledru
-
----
- gfx/2d/FilterNodeSoftware.cpp | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp
-index 00d790f..396d0da 100644
---- a/gfx/2d/FilterNodeSoftware.cpp
-+++ b/gfx/2d/FilterNodeSoftware.cpp
-@@ -253,9 +253,12 @@ CopyRect(DataSourceSurface* aSrc, DataSourceSurface* aDest,
- MOZ_CRASH("we should never be getting invalid rects at this point");
- }
-
-- MOZ_ASSERT(aSrc->GetFormat() == aDest->GetFormat(), "different surface formats");
-- MOZ_ASSERT(IntRect(IntPoint(), aSrc->GetSize()).Contains(aSrcRect), "source rect too big for source surface");
-- MOZ_ASSERT(IntRect(IntPoint(), aDest->GetSize()).Contains(aSrcRect - aSrcRect.TopLeft() + aDestPoint), "dest surface too small");
-+ MOZ_RELEASE_ASSERT(aSrc->GetFormat() == aDest->GetFormat(),
-+ "different surface formats");
-+ MOZ_RELEASE_ASSERT(IntRect(IntPoint(), aSrc->GetSize()).Contains(aSrcRect),
-+ "source rect too big for source surface");
-+ MOZ_RELEASE_ASSERT(IntRect(IntPoint(), aDest->GetSize()).Contains(IntRect(aDestPoint, aSrcRect.Size())),
-+ "dest surface too small");
-
- if (aSrcRect.IsEmpty()) {
- return;
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch
deleted file mode 100644
index 1ff68f4b4c..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 5ff75fbe51d5760a96b4e614617c9cbf35f1fbaa Mon Sep 17 00:00:00 2001
-From: Markus Stange <mstange@themasta.com>
-Date: Mon, 5 Jan 2015 18:40:27 +0100
-Subject: [PATCH] Bug 1117304 - Make sure the tile filter doesn't call CopyRect
- on surfaces with different formats. r=Bas, a=sledru
-
----
- gfx/2d/FilterNodeSoftware.cpp | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp
-index 396d0da..10d92c6 100644
---- a/gfx/2d/FilterNodeSoftware.cpp
-+++ b/gfx/2d/FilterNodeSoftware.cpp
-@@ -1568,7 +1568,16 @@ FilterNodeTileSoftware::Render(const IntRect& aRect)
- return nullptr;
- }
- }
-- MOZ_ASSERT(input->GetFormat() == target->GetFormat(), "different surface formats from the same input?");
-+
-+ if (input->GetFormat() != target->GetFormat()) {
-+ // Different rectangles of the input can have different formats. If
-+ // that happens, just convert everything to B8G8R8A8.
-+ target = FilterProcessing::ConvertToB8G8R8A8(target);
-+ input = FilterProcessing::ConvertToB8G8R8A8(input);
-+ if (MOZ2D_WARN_IF(!target) || MOZ2D_WARN_IF(!input)) {
-+ return nullptr;
-+ }
-+ }
-
- CopyRect(input, target, srcRect - srcRect.TopLeft(), destRect.TopLeft() - aRect.TopLeft());
- }
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch b/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch
deleted file mode 100644
index 8d40126849..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From c91087708686ae1c47abee65e19536688e5ec8f2 Mon Sep 17 00:00:00 2001
-From: Ryan VanderMeulen <ryanvm@gmail.com>
-Date: Mon, 26 Jan 2015 17:24:46 -0500
-Subject: [PATCH] Bug 1117304 - Add missing MOZ2D_WARN_IF definition to fix
- bustage. r=milan, a=bustage
-
----
- gfx/2d/FilterNodeSoftware.cpp | 1 +
- gfx/2d/Logging.h | 19 +++++++++++++++++++
- 2 files changed, 20 insertions(+)
-
-diff --git a/gfx/2d/FilterNodeSoftware.cpp b/gfx/2d/FilterNodeSoftware.cpp
-index 10d92c6..48bf162 100644
---- a/gfx/2d/FilterNodeSoftware.cpp
-+++ b/gfx/2d/FilterNodeSoftware.cpp
-@@ -12,6 +12,7 @@
- #include "Blur.h"
- #include <map>
- #include "FilterProcessing.h"
-+#include "Logging.h"
- #include "mozilla/PodOperations.h"
- #include "mozilla/DebugOnly.h"
-
-diff --git a/gfx/2d/Logging.h b/gfx/2d/Logging.h
-index 85e788c..d7728bb 100644
---- a/gfx/2d/Logging.h
-+++ b/gfx/2d/Logging.h
-@@ -155,6 +155,25 @@ typedef Log<LOG_WARNING> WarningLog;
- #define gfxWarning if (1) ; else NoLog
- #endif
-
-+// See nsDebug.h and the NS_WARN_IF macro
-+
-+#ifdef __cplusplus
-+#ifdef DEBUG
-+inline bool MOZ2D_warn_if_impl(bool aCondition, const char* aExpr,
-+ const char* aFile, int32_t aLine)
-+{
-+ if (MOZ_UNLIKELY(aCondition)) {
-+ gfxWarning() << aExpr << " at " << aFile << ":" << aLine;
-+ }
-+ return aCondition;
-+}
-+#define MOZ2D_WARN_IF(condition) \
-+ MOZ2D_warn_if_impl(condition, #condition, __FILE__, __LINE__)
-+#else
-+#define MOZ2D_WARN_IF(condition) (bool)(condition)
-+#endif
-+#endif
-+
- const int INDENT_PER_LEVEL = 2;
-
- class TreeLog
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch b/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch
deleted file mode 100644
index c04d604923..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c8437505a63fc2b2552b8af217d60d79abb92ba3 Mon Sep 17 00:00:00 2001
-From: Ben Turner <bent.mozilla@gmail.com>
-Date: Fri, 6 Feb 2015 15:25:33 -0800
-Subject: [PATCH] Bug 1130541. r=janv, a=sledru
-
----
- dom/indexedDB/IDBDatabase.cpp | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dom/indexedDB/IDBDatabase.cpp b/dom/indexedDB/IDBDatabase.cpp
-index 7329cec..c9c7e4f 100644
---- a/dom/indexedDB/IDBDatabase.cpp
-+++ b/dom/indexedDB/IDBDatabase.cpp
-@@ -536,6 +536,7 @@ IDBDatabase::CreateObjectStore(
- IDBTransaction* transaction = AsyncConnectionHelper::GetCurrentTransaction();
-
- if (!transaction ||
-+ transaction->Database() != this ||
- transaction->GetMode() != IDBTransaction::VERSION_CHANGE) {
- aRv.Throw(NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR);
- return nullptr;
-@@ -577,6 +578,7 @@ IDBDatabase::DeleteObjectStore(const nsAString& aName, ErrorResult& aRv)
- IDBTransaction* transaction = AsyncConnectionHelper::GetCurrentTransaction();
-
- if (!transaction ||
-+ transaction->Database() != this ||
- transaction->GetMode() != IDBTransaction::VERSION_CHANGE) {
- aRv.Throw(NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR);
- return;
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch b/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch
deleted file mode 100644
index 9510cd611f..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 4e799e44288c951f8d9acd17e7d8c56c9ee6a7d3 Mon Sep 17 00:00:00 2001
-From: Ben Turner <bent.mozilla@gmail.com>
-Date: Mon, 9 Feb 2015 14:38:26 -0800
-Subject: [PATCH] Bug 1130541 followup a=test-only
-
---HG--
-extra : amend_source : 23d80353f87897fdac9c99048d12ebe4ed390f76
----
- dom/indexedDB/test/browser_quotaPrompt.html | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/dom/indexedDB/test/browser_quotaPrompt.html b/dom/indexedDB/test/browser_quotaPrompt.html
-index c139970..dbeea68 100644
---- a/dom/indexedDB/test/browser_quotaPrompt.html
-+++ b/dom/indexedDB/test/browser_quotaPrompt.html
-@@ -38,6 +38,7 @@
- let request = indexedDB.open(window.location.pathname, version++);
- request.onerror = errorHandler;
- request.onupgradeneeded = function(event) {
-+ let db = event.target.result;
- db.deleteObjectStore("foo");
- db.onversionchange = function () { db.close(); };
- request.transaction.oncomplete = function(event) {
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch
deleted file mode 100644
index f6e2756054..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 4106ffa6ee83b814428bb07948b3595e3fa3847e Mon Sep 17 00:00:00 2001
-From: Jan de Mooij <jdemooij@mozilla.com>
-Date: Tue, 10 Feb 2015 09:40:46 +0100
-Subject: [PATCH] Bug 1128196 - Don't relazify scripts with a TypeScript.
- r=till, a=lmandel
-
----
- js/src/jsscript.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/js/src/jsscript.h b/js/src/jsscript.h
-index 4d548ef..9a0cfbb 100644
---- a/js/src/jsscript.h
-+++ b/js/src/jsscript.h
-@@ -1251,7 +1251,7 @@ class JSScript : public js::gc::BarrieredCell<JSScript>
- }
-
- bool isRelazifiable() const {
-- return (selfHosted() || lazyScript) &&
-+ return (selfHosted() || lazyScript) && !types &&
- !isGenerator() && !hasBaselineScript() && !hasAnyIonScript() && !hasBeenInlined();
- }
- void setLazyScript(js::LazyScript *lazy) {
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch
deleted file mode 100644
index c95cf23a29..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 83c4bfeea2d2203f726e3bfcb7ee6fe56b4d9703 Mon Sep 17 00:00:00 2001
-From: Ryan VanderMeulen <ryanvm@gmail.com>
-Date: Thu, 29 Jan 2015 10:31:25 -0500
-Subject: [PATCH] Bug 1111248. r=Waldo, a=sledru
-
----
- js/src/jsbool.cpp | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/js/src/jsbool.cpp b/js/src/jsbool.cpp
-index 5d88bd5..8d5d672 100644
---- a/js/src/jsbool.cpp
-+++ b/js/src/jsbool.cpp
-@@ -198,7 +198,8 @@ js::ToBooleanSlow(HandleValue v)
- bool
- js::BooleanGetPrimitiveValueSlow(HandleObject wrappedBool)
- {
-- JSObject *obj = wrappedBool->as<ProxyObject>().target();
-- JS_ASSERT(obj);
-+ JSObject *obj = CheckedUnwrap(wrappedBool);
-+ if (!obj || !obj->is<BooleanObject>())
-+ return false;
- return obj->as<BooleanObject>().unbox();
- }
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch
deleted file mode 100644
index 115cd76201..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch
+++ /dev/null
@@ -1,220 +0,0 @@
-From 4e4e34238e5bb5af83a645a5f4d2097e3b30e9dd Mon Sep 17 00:00:00 2001
-From: Tom Schuster <evilpies@gmail.com>
-Date: Sun, 25 Jan 2015 21:42:10 +0100
-Subject: [PATCH] Bug 1111243 - Implement ES6 proxy behavior for IsArray.
- r=efaust, a=abillings
-
----
- browser/devtools/app-manager/app-projects.js | 2 ++
- js/public/Class.h | 5 +++-
- js/src/jsarray.cpp | 9 ++++--
- js/src/jsobjinlines.h | 15 +++++++++-
- js/src/json.cpp | 11 +++----
- js/src/jsproxy.cpp | 45 ++++++++++++++++++++++++++++
- 6 files changed, 78 insertions(+), 9 deletions(-)
-
-diff --git a/browser/devtools/app-manager/app-projects.js b/browser/devtools/app-manager/app-projects.js
-index d09f72f..77ca67b 100644
---- a/browser/devtools/app-manager/app-projects.js
-+++ b/browser/devtools/app-manager/app-projects.js
-@@ -61,6 +61,8 @@ const IDB = {
- add: function(project) {
- let deferred = promise.defer();
-
-+ project = JSON.parse(JSON.stringify(project));
-+
- if (!project.location) {
- // We need to make sure this object has a `.location` property.
- deferred.reject("Missing location property on project object.");
-diff --git a/js/public/Class.h b/js/public/Class.h
-index ff864b1..46f7d39 100644
---- a/js/public/Class.h
-+++ b/js/public/Class.h
-@@ -521,7 +521,10 @@ Valueify(const JSClass *c)
- */
- enum ESClassValue {
- ESClass_Array, ESClass_Number, ESClass_String, ESClass_Boolean,
-- ESClass_RegExp, ESClass_ArrayBuffer, ESClass_Date
-+ ESClass_RegExp, ESClass_ArrayBuffer, ESClass_Date,
-+ // Special snowflake for the ES6 IsArray method.
-+ // Please don't use it without calling that function.
-+ ESClass_IsArray
- };
-
- /*
-diff --git a/js/src/jsarray.cpp b/js/src/jsarray.cpp
-index 24da176..46f1c20 100644
---- a/js/src/jsarray.cpp
-+++ b/js/src/jsarray.cpp
-@@ -2645,7 +2645,8 @@ js::array_concat(JSContext *cx, unsigned argc, Value *vp)
- HandleValue v = HandleValue::fromMarkedLocation(&p[i]);
- if (v.isObject()) {
- RootedObject obj(cx, &v.toObject());
-- if (ObjectClassIs(obj, ESClass_Array, cx)) {
-+ // This should be IsConcatSpreadable
-+ if (IsArray(obj, cx)) {
- uint32_t alength;
- if (!GetLengthProperty(cx, obj, &alength))
- return false;
-@@ -2870,7 +2871,11 @@ static bool
- array_isArray(JSContext *cx, unsigned argc, Value *vp)
- {
- CallArgs args = CallArgsFromVp(argc, vp);
-- bool isArray = args.length() > 0 && IsObjectWithClass(args[0], ESClass_Array, cx);
-+ bool isArray = false;
-+ if (args.get(0).isObject()) {
-+ RootedObject obj(cx, &args[0].toObject());
-+ isArray = IsArray(obj, cx);
-+ }
- args.rval().setBoolean(isArray);
- return true;
- }
-diff --git a/js/src/jsobjinlines.h b/js/src/jsobjinlines.h
-index e848ba7..557dd26 100644
---- a/js/src/jsobjinlines.h
-+++ b/js/src/jsobjinlines.h
-@@ -1032,7 +1032,10 @@ ObjectClassIs(HandleObject obj, ESClassValue classValue, JSContext *cx)
- return Proxy::objectClassIs(obj, classValue, cx);
-
- switch (classValue) {
-- case ESClass_Array: return obj->is<ArrayObject>();
-+ case ESClass_Array:
-+ case ESClass_IsArray:
-+ // There difference between those is only relevant for proxies.
-+ return obj->is<ArrayObject>();
- case ESClass_Number: return obj->is<NumberObject>();
- case ESClass_String: return obj->is<StringObject>();
- case ESClass_Boolean: return obj->is<BooleanObject>();
-@@ -1053,6 +1056,16 @@ IsObjectWithClass(const Value &v, ESClassValue classValue, JSContext *cx)
- return ObjectClassIs(obj, classValue, cx);
- }
-
-+// ES6 7.2.2
-+inline bool
-+IsArray(HandleObject obj, JSContext *cx)
-+{
-+ if (obj->is<ArrayObject>())
-+ return true;
-+
-+ return ObjectClassIs(obj, ESClass_IsArray, cx);
-+}
-+
- static MOZ_ALWAYS_INLINE bool
- NewObjectMetadata(ExclusiveContext *cxArg, JSObject **pmetadata)
- {
-diff --git a/js/src/json.cpp b/js/src/json.cpp
-index 6e45bfd..81a99a6 100644
---- a/js/src/json.cpp
-+++ b/js/src/json.cpp
-@@ -300,7 +300,7 @@ JO(JSContext *cx, HandleObject obj, StringifyContext *scx)
- Maybe<AutoIdVector> ids;
- const AutoIdVector *props;
- if (scx->replacer && !scx->replacer->isCallable()) {
-- JS_ASSERT(JS_IsArrayObject(cx, scx->replacer));
-+ JS_ASSERT(IsArray(scx->replacer, cx));
- props = &scx->propertyList;
- } else {
- JS_ASSERT_IF(scx->replacer, scx->propertyList.length() == 0);
-@@ -488,7 +488,7 @@ Str(JSContext *cx, const Value &v, StringifyContext *scx)
-
- scx->depth++;
- bool ok;
-- if (ObjectClassIs(obj, ESClass_Array, cx))
-+ if (IsArray(obj, cx))
- ok = JA(cx, obj, scx);
- else
- ok = JO(cx, obj, scx);
-@@ -510,7 +510,7 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp
- if (replacer) {
- if (replacer->isCallable()) {
- /* Step 4a(i): use replacer to transform values. */
-- } else if (ObjectClassIs(replacer, ESClass_Array, cx)) {
-+ } else if (IsArray(replacer, cx)) {
- /*
- * Step 4b: The spec algorithm is unhelpfully vague about the exact
- * steps taken when the replacer is an array, regarding the exact
-@@ -541,7 +541,8 @@ js_Stringify(JSContext *cx, MutableHandleValue vp, JSObject *replacer_, Value sp
-
- /* Step 4b(ii). */
- uint32_t len;
-- JS_ALWAYS_TRUE(GetLengthProperty(cx, replacer, &len));
-+ if (!GetLengthProperty(cx, replacer, &len))
-+ return false;
- if (replacer->is<ArrayObject>() && !replacer->isIndexed())
- len = Min(len, replacer->getDenseInitializedLength());
-
-@@ -678,7 +679,7 @@ Walk(JSContext *cx, HandleObject holder, HandleId name, HandleValue reviver, Mut
- if (val.isObject()) {
- RootedObject obj(cx, &val.toObject());
-
-- if (ObjectClassIs(obj, ESClass_Array, cx)) {
-+ if (IsArray(obj, cx)) {
- /* Step 2a(ii). */
- uint32_t length;
- if (!GetLengthProperty(cx, obj, &length))
-diff --git a/js/src/jsproxy.cpp b/js/src/jsproxy.cpp
-index 7644da1..7453103 100644
---- a/js/src/jsproxy.cpp
-+++ b/js/src/jsproxy.cpp
-@@ -1108,6 +1108,14 @@ class ScriptedDirectProxyHandler : public DirectProxyHandler {
- virtual bool isExtensible(JSContext *cx, HandleObject proxy, bool *extensible) MOZ_OVERRIDE;
-
- /* Spidermonkey extensions. */
-+ // A scripted proxy should not be treated as generic in most contexts.
-+ virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
-+ CallArgs args) MOZ_OVERRIDE;
-+ virtual bool objectClassIs(HandleObject obj, ESClassValue classValue,
-+ JSContext *cx) MOZ_OVERRIDE;
-+ virtual bool regexp_toShared(JSContext *cx, HandleObject proxy,
-+ RegExpGuard *g) MOZ_OVERRIDE;
-+
- virtual bool call(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE;
- virtual bool construct(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE;
- virtual bool isScripted() MOZ_OVERRIDE { return true; }
-@@ -2350,6 +2358,43 @@ ScriptedDirectProxyHandler::construct(JSContext *cx, HandleObject proxy, const C
- return true;
- }
-
-+bool
-+ScriptedDirectProxyHandler::nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
-+ CallArgs args)
-+{
-+ ReportIncompatible(cx, args);
-+ return false;
-+}
-+
-+bool
-+ScriptedDirectProxyHandler::objectClassIs(HandleObject proxy, ESClassValue classValue,
-+ JSContext *cx)
-+{
-+ // Special case IsArray. In every other instance ES wants to have exactly
-+ // one object type and not a proxy around it, so return false.
-+ if (classValue != ESClass_IsArray)
-+ return false;
-+
-+ // In ES6 IsArray is supposed to poke at the Proxy target, instead we do this here.
-+ // The reason for this is that we have proxies for which looking at the target might
-+ // be impossible. So instead we use our little objectClassIs function that just works
-+ // already across different wrappers.
-+ RootedObject target(cx, proxy->as<ProxyObject>().target());
-+ if (!target)
-+ return false;
-+
-+ return IsArray(target, cx);
-+}
-+
-+bool
-+ScriptedDirectProxyHandler::regexp_toShared(JSContext *cx, HandleObject proxy,
-+ RegExpGuard *g)
-+{
-+ MOZ_CRASH("Should not end up in ScriptedDirectProxyHandler::regexp_toShared");
-+ return false;
-+}
-+
-+
- ScriptedDirectProxyHandler ScriptedDirectProxyHandler::singleton;
-
- #define INVOKE_ON_PROTOTYPE(cx, handler, proxy, protoCall) \
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch
deleted file mode 100644
index 58e61d080c..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 97ba04bf95606b409b1b3035504a41c274ecffe2 Mon Sep 17 00:00:00 2001
-From: Shu-yu Guo <shu@rfrn.org>
-Date: Mon, 26 Jan 2015 18:26:25 -0800
-Subject: [PATCH] Bug 1119579 - Don't GC while iterating compartments in
- findAllGlobals. r=sfink, a=abillings
-
----
- js/src/vm/Debugger.cpp | 56 ++++++++++++++++++++++++++++++--------------------
- 1 file changed, 34 insertions(+), 22 deletions(-)
-
-diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp
-index 27e993d..a8decef 100644
---- a/js/src/vm/Debugger.cpp
-+++ b/js/src/vm/Debugger.cpp
-@@ -2825,37 +2825,49 @@ Debugger::findAllGlobals(JSContext *cx, unsigned argc, Value *vp)
- {
- THIS_DEBUGGER(cx, argc, vp, "findAllGlobals", args, dbg);
-
-- RootedObject result(cx, NewDenseEmptyArray(cx));
-- if (!result)
-- return false;
-+ AutoObjectVector globals(cx);
-
-- for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) {
-- if (c->options().invisibleToDebugger())
-- continue;
-+ {
-+ // Accumulate the list of globals before wrapping them, because
-+ // wrapping can GC and collect compartments from under us, while
-+ // iterating.
-
-- c->zone()->scheduledForDestruction = false;
-+ for (CompartmentsIter c(cx->runtime(), SkipAtoms); !c.done(); c.next()) {
-+ if (c->options().invisibleToDebugger())
-+ continue;
-
-- GlobalObject *global = c->maybeGlobal();
-+ c->zone()->scheduledForDestruction = false;
-
-- if (cx->runtime()->isSelfHostingGlobal(global))
-- continue;
-+ GlobalObject *global = c->maybeGlobal();
-
-- if (global) {
-- /*
-- * We pulled |global| out of nowhere, so it's possible that it was
-- * marked gray by XPConnect. Since we're now exposing it to JS code,
-- * we need to mark it black.
-- */
-- JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT);
-+ if (cx->runtime()->isSelfHostingGlobal(global))
-+ continue;
-
-- RootedValue globalValue(cx, ObjectValue(*global));
-- if (!dbg->wrapDebuggeeValue(cx, &globalValue))
-- return false;
-- if (!NewbornArrayPush(cx, result, globalValue))
-- return false;
-+ if (global) {
-+ /*
-+ * We pulled |global| out of nowhere, so it's possible that it was
-+ * marked gray by XPConnect. Since we're now exposing it to JS code,
-+ * we need to mark it black.
-+ */
-+ JS::ExposeGCThingToActiveJS(global, JSTRACE_OBJECT);
-+ if (!globals.append(global))
-+ return false;
-+ }
- }
- }
-
-+ RootedObject result(cx, NewDenseEmptyArray(cx));
-+ if (!result)
-+ return false;
-+
-+ for (size_t i = 0; i < globals.length(); i++) {
-+ RootedValue globalValue(cx, ObjectValue(*globals[i]));
-+ if (!dbg->wrapDebuggeeValue(cx, &globalValue))
-+ return false;
-+ if (!NewbornArrayPush(cx, result, globalValue))
-+ return false;
-+ }
-+
- args.rval().setObject(*result);
- return true;
- }
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch
deleted file mode 100644
index 3e4ed17598..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 746ddf19ff532b8abc90d3a91322a04b462ebfa8 Mon Sep 17 00:00:00 2001
-From: Brian Hackett <bhackett1024@gmail.com>
-Date: Mon, 26 Jan 2015 13:14:34 -0500
-Subject: [PATCH] Bug 1124018 - Null the allocation site table if
- initialization fails. r=jonco, a=bkerensa
-
----
- js/src/jsinfer.cpp | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/js/src/jsinfer.cpp b/js/src/jsinfer.cpp
-index b62ad1f..4019b16 100644
---- a/js/src/jsinfer.cpp
-+++ b/js/src/jsinfer.cpp
-@@ -2035,6 +2035,7 @@ TypeCompartment::addAllocationSiteTypeObject(JSContext *cx, AllocationSiteKey ke
- allocationSiteTable = cx->new_<AllocationSiteTable>();
- if (!allocationSiteTable || !allocationSiteTable->init()) {
- js_delete(allocationSiteTable);
-+ allocationSiteTable = nullptr;
- return nullptr;
- }
- }
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch
deleted file mode 100644
index 181f9243e3..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0758363d982b0b3e6cf021c164715a028a345b9e Mon Sep 17 00:00:00 2001
-From: "Byron Campen [:bwc]" <docfaraday@gmail.com>
-Date: Wed, 21 Jan 2015 08:56:36 -0800
-Subject: [PATCH] Bug 1123882 - Fix case where offset != 0. r=derf, a=bkerensa
-
----
- content/media/MediaDecoderStateMachine.cpp | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/content/media/MediaDecoderStateMachine.cpp b/content/media/MediaDecoderStateMachine.cpp
-index ce5870f..4ed496c 100644
---- a/content/media/MediaDecoderStateMachine.cpp
-+++ b/content/media/MediaDecoderStateMachine.cpp
-@@ -328,6 +328,8 @@ void MediaDecoderStateMachine::SendStreamAudio(AudioData* aAudio,
- if (offset >= aAudio->mFrames)
- return;
-
-+ size_t framesToWrite = aAudio->mFrames - offset;
-+
- aAudio->EnsureAudioBuffer();
- nsRefPtr<SharedBuffer> buffer = aAudio->mAudioBuffer;
- AudioDataValue* bufferData = static_cast<AudioDataValue*>(buffer->Data());
-@@ -335,10 +337,11 @@ void MediaDecoderStateMachine::SendStreamAudio(AudioData* aAudio,
- for (uint32_t i = 0; i < aAudio->mChannels; ++i) {
- channels.AppendElement(bufferData + i*aAudio->mFrames + offset);
- }
-- aOutput->AppendFrames(buffer.forget(), channels, aAudio->mFrames);
-- VERBOSE_LOG("writing %d frames of data to MediaStream for AudioData at %lld",
-- aAudio->mFrames - int32_t(offset), aAudio->mTime);
-- aStream->mAudioFramesWritten += aAudio->mFrames - int32_t(offset);
-+ aOutput->AppendFrames(buffer.forget(), channels, framesToWrite);
-+ VERBOSE_LOG("writing %u frames of data to MediaStream for AudioData at %lld",
-+ static_cast<unsigned>(framesToWrite),
-+ aAudio->mTime);
-+ aStream->mAudioFramesWritten += framesToWrite;
- }
-
- static void WriteVideoToMediaStream(layers::Image* aImage,
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch
deleted file mode 100644
index 818d369b26..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 94899f849e50a765bb26420f5c70d49002d6673f Mon Sep 17 00:00:00 2001
-From: Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
-Date: Mon, 26 Jan 2015 16:07:00 -0500
-Subject: [PATCH] Bug 1117406 - Fix handling of out-of-range PNG tRNS values.
- r=jmuizelaar, a=abillings
-
----
- image/decoders/nsPNGDecoder.cpp | 22 ++++++++++++----------
- 1 file changed, 12 insertions(+), 10 deletions(-)
-
-diff --git a/image/decoders/nsPNGDecoder.cpp b/image/decoders/nsPNGDecoder.cpp
-index acaa835..8e6bc2d 100644
---- a/image/decoders/nsPNGDecoder.cpp
-+++ b/image/decoders/nsPNGDecoder.cpp
-@@ -528,24 +528,26 @@ nsPNGDecoder::info_callback(png_structp png_ptr, png_infop info_ptr)
- png_set_expand(png_ptr);
-
- if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS)) {
-- int sample_max = (1 << bit_depth);
- png_color_16p trans_values;
- png_get_tRNS(png_ptr, info_ptr, &trans, &num_trans, &trans_values);
- /* libpng doesn't reject a tRNS chunk with out-of-range samples
- so we check it here to avoid setting up a useless opacity
-- channel or producing unexpected transparent pixels when using
-- libpng-1.2.19 through 1.2.26 (bug #428045) */
-- if ((color_type == PNG_COLOR_TYPE_GRAY &&
-- (int)trans_values->gray > sample_max) ||
-- (color_type == PNG_COLOR_TYPE_RGB &&
-- ((int)trans_values->red > sample_max ||
-- (int)trans_values->green > sample_max ||
-- (int)trans_values->blue > sample_max)))
-+ channel or producing unexpected transparent pixels (bug #428045) */
-+ if (bit_depth < 16) {
-+ png_uint_16 sample_max = (1 << bit_depth) - 1;
-+ if ((color_type == PNG_COLOR_TYPE_GRAY &&
-+ trans_values->gray > sample_max) ||
-+ (color_type == PNG_COLOR_TYPE_RGB &&
-+ (trans_values->red > sample_max ||
-+ trans_values->green > sample_max ||
-+ trans_values->blue > sample_max)))
- {
- /* clear the tRNS valid flag and release tRNS memory */
- png_free_data(png_ptr, info_ptr, PNG_FREE_TRNS, 0);
-+ num_trans = 0;
- }
-- else
-+ }
-+ if (num_trans != 0)
- png_set_expand(png_ptr);
- }
-
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch
deleted file mode 100644
index 685e3a6d43..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 4920c5c447d1153dffa623dd70d8b535b9ca6795 Mon Sep 17 00:00:00 2001
-From: Jan de Mooij <jdemooij@mozilla.com>
-Date: Mon, 26 Jan 2015 12:59:47 +0100
-Subject: [PATCH] Bug 1115776 - Fix LApplyArgsGeneric to always emit the
- has-script check. r=shu, a=sledru
-
----
- js/src/jit/CodeGenerator.cpp | 24 ++++++++----------------
- 1 file changed, 8 insertions(+), 16 deletions(-)
-
-diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
-index ba14f86..0669692 100644
---- a/js/src/jit/CodeGenerator.cpp
-+++ b/js/src/jit/CodeGenerator.cpp
-@@ -2448,27 +2448,19 @@ CodeGenerator::visitApplyArgsGeneric(LApplyArgsGeneric *apply)
-
- masm.checkStackAlignment();
-
-- // If the function is known to be uncompilable, only emit the call to InvokeFunction.
-+ // If the function is native, only emit the call to InvokeFunction.
- ExecutionMode executionMode = gen->info().executionMode();
-- if (apply->hasSingleTarget()) {
-- JSFunction *target = apply->getSingleTarget();
-- if (target->isNative()) {
-- if (!emitCallInvokeFunction(apply, copyreg))
-- return false;
-- emitPopArguments(apply, copyreg);
-- return true;
-- }
-+ if (apply->hasSingleTarget() && apply->getSingleTarget()->isNative()) {
-+ if (!emitCallInvokeFunction(apply, copyreg))
-+ return false;
-+ emitPopArguments(apply, copyreg);
-+ return true;
- }
-
- Label end, invoke;
-
-- // Guard that calleereg is an interpreted function with a JSScript:
-- if (!apply->hasSingleTarget()) {
-- masm.branchIfFunctionHasNoScript(calleereg, &invoke);
-- } else {
-- // Native single targets are handled by LCallNative.
-- JS_ASSERT(!apply->getSingleTarget()->isNative());
-- }
-+ // Guard that calleereg is an interpreted function with a JSScript.
-+ masm.branchIfFunctionHasNoScript(calleereg, &invoke);
-
- // Knowing that calleereg is a non-native function, load the JSScript.
- masm.loadPtr(Address(calleereg, JSFunction::offsetOfNativeOrScript()), objreg);
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch
deleted file mode 100644
index d067d8133d..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From f7d24f37425d3d9054a7e5657815440a07166d3f Mon Sep 17 00:00:00 2001
-From: Kartikaya Gupta <kgupta@mozilla.com>
-Date: Tue, 20 Jan 2015 10:33:27 -0500
-Subject: [PATCH] Bug 1107009 - Additional locking needed for esr31 backport.
- r=BenWa a=sledru
-
----
- gfx/layers/ipc/CompositorParent.cpp | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/gfx/layers/ipc/CompositorParent.cpp b/gfx/layers/ipc/CompositorParent.cpp
-index 97c8693..cb03e71 100644
---- a/gfx/layers/ipc/CompositorParent.cpp
-+++ b/gfx/layers/ipc/CompositorParent.cpp
-@@ -1286,13 +1286,19 @@ CrossProcessCompositorParent::ShadowLayersUpdated(
- {
- uint64_t id = aLayerTree->GetId();
- MOZ_ASSERT(id != 0);
-+ const CompositorParent::LayerTreeState* state = CompositorParent::GetIndirectShadowTree(id);
-+ if (!state) {
-+ return;
-+ }
-+ MOZ_ASSERT(state->mParent);
-+
- Layer* shadowRoot = aLayerTree->GetRoot();
- if (shadowRoot) {
- SetShadowProperties(shadowRoot);
- }
- UpdateIndirectTree(id, shadowRoot, aTargetConfig);
-
-- sIndirectLayerTrees[id].mParent->NotifyShadowTreeTransaction(id, aIsFirstPaint, aScheduleComposite);
-+ state->mParent->NotifyShadowTreeTransaction(id, aIsFirstPaint, aScheduleComposite);
- }
-
- void
-@@ -1329,7 +1335,12 @@ AsyncCompositionManager*
- CrossProcessCompositorParent::GetCompositionManager(LayerTransactionParent* aLayerTree)
- {
- uint64_t id = aLayerTree->GetId();
-- return sIndirectLayerTrees[id].mParent->GetCompositionManager(aLayerTree);
-+ const CompositorParent::LayerTreeState* state = CompositorParent::GetIndirectShadowTree(id);
-+ if (!state) {
-+ return nullptr;
-+ }
-+ MOZ_ASSERT(state->mParent);
-+ return state->mParent->GetCompositionManager(aLayerTree);
- }
-
- void
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch
deleted file mode 100644
index 9a4668b2dc..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-From 66e65b2138c6db20288ef4cf78d15995f382a7e2 Mon Sep 17 00:00:00 2001
-From: Kartikaya Gupta <kgupta@mozilla.com>
-Date: Tue, 13 Jan 2015 13:26:26 -0500
-Subject: [PATCH] Bug 1107009. r=BenWa, a=sledru
-
----
- gfx/layers/ipc/CompositorParent.cpp | 57 ++++++++++++++++++++++++++++++-------
- 1 file changed, 46 insertions(+), 11 deletions(-)
-
-diff --git a/gfx/layers/ipc/CompositorParent.cpp b/gfx/layers/ipc/CompositorParent.cpp
-index ce50277..cbbb2ef 100644
---- a/gfx/layers/ipc/CompositorParent.cpp
-+++ b/gfx/layers/ipc/CompositorParent.cpp
-@@ -22,6 +22,7 @@
- #include "gfxPrefs.h" // for gfxPrefs
- #include "ipc/ShadowLayersManager.h" // for ShadowLayersManager
- #include "mozilla/AutoRestore.h" // for AutoRestore
-+#include "mozilla/ClearOnShutdown.h" // for ClearOnShutdown
- #include "mozilla/DebugOnly.h" // for DebugOnly
- #include "mozilla/gfx/2D.h" // for DrawTarget
- #include "mozilla/gfx/Point.h" // for IntSize
-@@ -70,6 +71,16 @@ CompositorParent::LayerTreeState::LayerTreeState()
-
- typedef map<uint64_t, CompositorParent::LayerTreeState> LayerTreeMap;
- static LayerTreeMap sIndirectLayerTrees;
-+static StaticAutoPtr<mozilla::Monitor> sIndirectLayerTreesLock;
-+
-+static void EnsureLayerTreeMapReady()
-+{
-+ MOZ_ASSERT(NS_IsMainThread());
-+ if (!sIndirectLayerTreesLock) {
-+ sIndirectLayerTreesLock = new Monitor("IndirectLayerTree");
-+ mozilla::ClearOnShutdown(&sIndirectLayerTreesLock);
-+ }
-+}
-
- // FIXME/bug 774386: we're assuming that there's only one
- // CompositorParent, but that's not always true. This assumption only
-@@ -132,6 +143,7 @@ void CompositorParent::StartUp()
- return;
- }
- MOZ_ASSERT(!sCompositorLoop);
-+ EnsureLayerTreeMapReady();
- CreateCompositorMap();
- CreateThread();
- sMainLoop = MessageLoop::current();
-@@ -206,7 +218,11 @@ CompositorParent::CompositorParent(nsIWidget* aWidget,
- this, &mCompositorID));
-
- mRootLayerTreeID = AllocateLayerTreeId();
-- sIndirectLayerTrees[mRootLayerTreeID].mParent = this;
-+
-+ { // scope lock
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+ sIndirectLayerTrees[mRootLayerTreeID].mParent = this;
-+ }
-
- mApzcTreeManager = new APZCTreeManager();
- ++sCompositorThreadRefCount;
-@@ -249,7 +265,10 @@ CompositorParent::Destroy()
- mCompositionManager = nullptr;
- mApzcTreeManager->ClearTree();
- mApzcTreeManager = nullptr;
-- sIndirectLayerTrees.erase(mRootLayerTreeID);
-+ { // scope lock
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+ sIndirectLayerTrees.erase(mRootLayerTreeID);
-+ }
- }
-
- void
-@@ -266,6 +285,7 @@ CompositorParent::RecvWillStop()
-
- // Ensure that the layer manager is destroyed before CompositorChild.
- if (mLayerManager) {
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin();
- it != sIndirectLayerTrees.end(); it++)
- {
-@@ -380,7 +400,10 @@ CompositorParent::ActorDestroy(ActorDestroyReason why)
- if (mLayerManager) {
- mLayerManager->Destroy();
- mLayerManager = nullptr;
-- sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr;
-+ { // scope lock
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+ sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = nullptr;
-+ }
- mCompositionManager = nullptr;
- mCompositor = nullptr;
- }
-@@ -696,6 +719,7 @@ CompositorParent::DidComposite()
- {
- unused << SendDidComposite(0);
-
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- for (LayerTreeMap::iterator it = sIndirectLayerTrees.begin();
- it != sIndirectLayerTrees.end(); it++) {
- LayerTreeState* lts = &it->second;
-@@ -867,6 +891,7 @@ CompositorParent::InitializeLayerManager(const nsTArray<LayersBackend>& aBackend
- mLayerManager = layerManager;
- MOZ_ASSERT(compositor);
- mCompositor = compositor;
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- sIndirectLayerTrees[mRootLayerTreeID].mLayerManager = layerManager;
- return;
- }
-@@ -969,6 +994,7 @@ CompositorParent::RecvNotifyChildCreated(const uint64_t& child)
- void
- CompositorParent::NotifyChildCreated(uint64_t aChild)
- {
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- sIndirectLayerTrees[aChild].mParent = this;
- sIndirectLayerTrees[aChild].mLayerManager = mLayerManager;
- }
-@@ -985,6 +1011,7 @@ CompositorParent::AllocateLayerTreeId()
- static void
- EraseLayerState(uint64_t aId)
- {
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- sIndirectLayerTrees.erase(aId);
- }
-
-@@ -1001,6 +1028,7 @@ UpdateControllerForLayersId(uint64_t aLayersId,
- GeckoContentController* aController)
- {
- // Adopt ref given to us by SetControllerForLayerTree()
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- sIndirectLayerTrees[aLayersId].mController =
- already_AddRefed<GeckoContentController>(aController);
- }
-@@ -1010,12 +1038,15 @@ ScopedLayerTreeRegistration::ScopedLayerTreeRegistration(uint64_t aLayersId,
- GeckoContentController* aController)
- : mLayersId(aLayersId)
- {
-+ EnsureLayerTreeMapReady();
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- sIndirectLayerTrees[aLayersId].mRoot = aRoot;
- sIndirectLayerTrees[aLayersId].mController = aController;
- }
-
- ScopedLayerTreeRegistration::~ScopedLayerTreeRegistration()
- {
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- sIndirectLayerTrees.erase(mLayersId);
- }
-
-@@ -1175,6 +1206,7 @@ CompositorParent::CloneToplevel(const InfallibleTArray<mozilla::ipc::ProtocolFdM
- static void
- UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig)
- {
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- sIndirectLayerTrees[aId].mRoot = aRoot;
- sIndirectLayerTrees[aId].mTargetConfig = aTargetConfig;
- }
-@@ -1182,6 +1214,7 @@ UpdateIndirectTree(uint64_t aId, Layer* aRoot, const TargetConfig& aTargetConfig
- /* static */ const CompositorParent::LayerTreeState*
- CompositorParent::GetIndirectShadowTree(uint64_t aId)
- {
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- LayerTreeMap::const_iterator cit = sIndirectLayerTrees.find(aId);
- if (sIndirectLayerTrees.end() == cit) {
- return nullptr;
-@@ -1189,12 +1222,6 @@ CompositorParent::GetIndirectShadowTree(uint64_t aId)
- return &cit->second;
- }
-
--static void
--RemoveIndirectTree(uint64_t aId)
--{
-- sIndirectLayerTrees.erase(aId);
--}
--
- void
- CrossProcessCompositorParent::ActorDestroy(ActorDestroyReason aWhy)
- {
-@@ -1211,6 +1238,8 @@ CrossProcessCompositorParent::AllocPLayerTransactionParent(const nsTArray<Layers
- {
- MOZ_ASSERT(aId != 0);
-
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+
- if (sIndirectLayerTrees[aId].mLayerManager) {
- sIndirectLayerTrees[aId].mCrossProcessParent = this;
- LayerManagerComposite* lm = sIndirectLayerTrees[aId].mLayerManager;
-@@ -1234,7 +1263,7 @@ bool
- CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionParent* aLayers)
- {
- LayerTransactionParent* slp = static_cast<LayerTransactionParent*>(aLayers);
-- RemoveIndirectTree(slp->GetId());
-+ EraseLayerState(slp->GetId());
- static_cast<LayerTransactionParent*>(aLayers)->ReleaseIPDLReference();
- return true;
- }
-@@ -1242,6 +1271,7 @@ CrossProcessCompositorParent::DeallocPLayerTransactionParent(PLayerTransactionPa
- bool
- CrossProcessCompositorParent::RecvNotifyChildCreated(const uint64_t& child)
- {
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
- sIndirectLayerTrees[child].mParent->NotifyChildCreated(child);
- return true;
- }
-@@ -1269,7 +1299,12 @@ CrossProcessCompositorParent::ForceComposite(LayerTransactionParent* aLayerTree)
- {
- uint64_t id = aLayerTree->GetId();
- MOZ_ASSERT(id != 0);
-- sIndirectLayerTrees[id].mParent->ForceComposite(aLayerTree);
-+ CompositorParent* parent;
-+ { // scope lock
-+ MonitorAutoLock lock(*sIndirectLayerTreesLock);
-+ parent = sIndirectLayerTrees[id].mParent;
-+ }
-+ parent->ForceComposite(aLayerTree);
- }
-
- bool
---
-2.2.1
-
diff --git a/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch b/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch
deleted file mode 100644
index 869feaf7c6..0000000000
--- a/gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 3f0f685829445ae82974d61f6017fdb67349c32b Mon Sep 17 00:00:00 2001
-From: Dan Gohman <sunfish@mozilla.com>
-Date: Fri, 9 Jan 2015 09:04:12 -0500
-Subject: [PATCH] Bug 1096138 - IonMonkey: Augment Nops with Mops to avoid
- collisions with fixed live ranges. r=jandem, a=sledru
-
----
- js/src/jit/CodeGenerator.cpp | 6 ++++++
- js/src/jit/CodeGenerator.h | 1 +
- js/src/jit/LIR-Common.h | 6 ++++++
- js/src/jit/LOpcodes.h | 1 +
- js/src/jit/Lowering.cpp | 12 ++++++++++++
- 5 files changed, 26 insertions(+)
-
-diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
-index 4f07524..ba14f86 100644
---- a/js/src/jit/CodeGenerator.cpp
-+++ b/js/src/jit/CodeGenerator.cpp
-@@ -1077,6 +1077,12 @@ CodeGenerator::visitNop(LNop *lir)
- }
-
- bool
-+CodeGenerator::visitMop(LMop *lir)
-+{
-+ return true;
-+}
-+
-+bool
- CodeGenerator::visitOsiPoint(LOsiPoint *lir)
- {
- // Note: markOsiPoint ensures enough space exists between the last
-diff --git a/js/src/jit/CodeGenerator.h b/js/src/jit/CodeGenerator.h
-index 03677a5..dce095d 100644
---- a/js/src/jit/CodeGenerator.h
-+++ b/js/src/jit/CodeGenerator.h
-@@ -58,6 +58,7 @@ class CodeGenerator : public CodeGeneratorSpecific
-
- bool visitLabel(LLabel *lir);
- bool visitNop(LNop *lir);
-+ bool visitMop(LMop *lir);
- bool visitOsiPoint(LOsiPoint *lir);
- bool visitGoto(LGoto *lir);
- bool visitTableSwitch(LTableSwitch *ins);
-diff --git a/js/src/jit/LIR-Common.h b/js/src/jit/LIR-Common.h
-index c90aef9..e7a0e4c 100644
---- a/js/src/jit/LIR-Common.h
-+++ b/js/src/jit/LIR-Common.h
-@@ -42,6 +42,12 @@ class LNop : public LInstructionHelper<0, 0, 0>
- LIR_HEADER(Nop)
- };
-
-+class LMop : public LInstructionHelper<0, 0, 0>
-+{
-+ public:
-+ LIR_HEADER(Mop)
-+};
-+
- // An LOsiPoint captures a snapshot after a call and ensures enough space to
- // patch in a call to the invalidation mechanism.
- //
-diff --git a/js/src/jit/LOpcodes.h b/js/src/jit/LOpcodes.h
-index a32d64f..cd7eef8 100644
---- a/js/src/jit/LOpcodes.h
-+++ b/js/src/jit/LOpcodes.h
-@@ -10,6 +10,7 @@
- #define LIR_COMMON_OPCODE_LIST(_) \
- _(Label) \
- _(Nop) \
-+ _(Mop) \
- _(OsiPoint) \
- _(MoveGroup) \
- _(Integer) \
-diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp
-index d5f8227..48b7fa9 100644
---- a/js/src/jit/Lowering.cpp
-+++ b/js/src/jit/Lowering.cpp
-@@ -3616,12 +3616,24 @@ LIRGenerator::visitInstruction(MInstruction *ins)
- ins->setInWorklistUnchecked();
- #endif
-
-+ // If we added a Nop for this instruction, we'll also add a Mop, so that
-+ // that live-ranges for fixed register defs, which with LSRA extend through
-+ // the Nop so that they can extend through the OsiPoint don't, with their
-+ // one-extra extension, extend into a position where they use the input
-+ // move group for the following instruction.
-+ bool needsMop = !current->instructions().empty() && current->rbegin()->isNop();
-+
- // If no safepoint was created, there's no need for an OSI point.
- if (LOsiPoint *osiPoint = popOsiPoint()) {
- if (!add(osiPoint))
- return false;
- }
-
-+ if (needsMop) {
-+ if (!add(new(alloc()) LMop))
-+ return false;
-+ }
-+
- return true;
- }
-
---
-2.2.1
-