18 files changed, 3 insertions(+), 2086 deletions(-)
M gnu-system.am
M gnu/packages/gnuzilla.scm
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch
D gnu/packages/patches/icecat-CVE-2014-1590.patch
D gnu/packages/patches/icecat-CVE-2014-1592.patch
D gnu/packages/patches/icecat-CVE-2014-1593.patch
D gnu/packages/patches/icecat-CVE-2014-1594.patch
D gnu/packages/patches/icecat-CVE-2014-8634-pt1.patch
D gnu/packages/patches/icecat-CVE-2014-8634-pt2.patch
D gnu/packages/patches/icecat-CVE-2014-8638-pt1.patch
D gnu/packages/patches/icecat-CVE-2014-8638-pt2.patch
D gnu/packages/patches/icecat-CVE-2014-8639.patch
D gnu/packages/patches/icecat-CVE-2014-8641.patch
D gnu/packages/patches/icecat-armhf-xpcom.patch
M gnu-system.am => gnu-system.am +0 -16
@@ 405,22 405,6 @@ dist_patch_DATA = \
gnu/packages/patches/guix-test-networking.patch \
gnu/packages/patches/gtkglext-disable-disable-deprecated.patch \
gnu/packages/patches/hop-bigloo-4.0b.patch \
- gnu/packages/patches/icecat-armhf-xpcom.patch \
- gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch \
- gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch \
- gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch \
- gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch \
- gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch \
- gnu/packages/patches/icecat-CVE-2014-1590.patch \
- gnu/packages/patches/icecat-CVE-2014-1592.patch \
- gnu/packages/patches/icecat-CVE-2014-1593.patch \
- gnu/packages/patches/icecat-CVE-2014-1594.patch \
- gnu/packages/patches/icecat-CVE-2014-8634-pt1.patch \
- gnu/packages/patches/icecat-CVE-2014-8634-pt2.patch \
- gnu/packages/patches/icecat-CVE-2014-8638-pt1.patch \
- gnu/packages/patches/icecat-CVE-2014-8638-pt2.patch \
- gnu/packages/patches/icecat-CVE-2014-8639.patch \
- gnu/packages/patches/icecat-CVE-2014-8641.patch \
gnu/packages/patches/irrlicht-mesa-10.patch \
gnu/packages/patches/jbig2dec-ignore-testtest.patch \
gnu/packages/patches/kmod-module-directory.patch \
M gnu/packages/gnuzilla.scm => gnu/packages/gnuzilla.scm +3 -20
@@ 213,32 213,15 @@ standards.")
(define-public icecat
(package
(name "icecat")
- (version "31.2.0")
+ (version "31.4.0")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://gnu/gnuzilla/"
- version "/" name "-" version ".tar.xz"))
+ version "/" name "-" version ".tar.bz2"))
(sha256
(base32
- "02r9klfc0z26w270inq652249hq0wfzvwhzvwmk0n8v8nzkk5idh"))
- (patches (map search-patch
- '("icecat-CVE-2014-1587-bug-1042567.patch"
- "icecat-CVE-2014-1587-bug-1072847.patch"
- "icecat-CVE-2014-1587-bug-1079729.patch"
- "icecat-CVE-2014-1587-bug-1080312.patch"
- "icecat-CVE-2014-1587-bug-1089207.patch"
- "icecat-CVE-2014-1590.patch"
- "icecat-CVE-2014-1592.patch"
- "icecat-CVE-2014-1593.patch"
- "icecat-CVE-2014-1594.patch"
- "icecat-armhf-xpcom.patch"
- "icecat-CVE-2014-8639.patch"
- "icecat-CVE-2014-8634-pt1.patch"
- "icecat-CVE-2014-8634-pt2.patch"
- "icecat-CVE-2014-8641.patch"
- "icecat-CVE-2014-8638-pt1.patch"
- "icecat-CVE-2014-8638-pt2.patch")))))
+ "0q5ilgfybcrbwf9hq9zc1cpnlhq1pddnnjmdrxrcrrg8lgx5kkc2"))))
(build-system gnu-build-system)
(inputs
`(("alsa-lib" ,alsa-lib)
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch => gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch +0 -30
@@ 1,30 0,0 @@
-commit 60529fc02cf10482d8fecd699eea271ddc22bcb9
-Author: Jason Orendorff <jorendorff@mozilla.com>
-Date: Thu Aug 28 15:43:57 2014 -0500
-
- Bug 1042567 - Reflect JSPropertyOp properties more consistently as data properties. r=efaust, a=lmandel
-
- Modified js/src/jsobj.cpp
-diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
-index 2745509..ad336f3 100644
---- a/js/src/jsobj.cpp
-+++ b/js/src/jsobj.cpp
-@@ -235,11 +235,18 @@ js::GetOwnPropertyDescriptor(JSContext *cx, HandleObject obj, HandleId id,
- if (pobj->isNative()) {
- desc.setAttributes(GetShapeAttributes(pobj, shape));
- if (desc.hasGetterOrSetterObject()) {
-+ MOZ_ASSERT(desc.isShared());
- doGet = false;
- if (desc.hasGetterObject())
- desc.setGetterObject(shape->getterObject());
- if (desc.hasSetterObject())
- desc.setSetterObject(shape->setterObject());
-+ } else {
-+ // This is either a straight-up data property or (rarely) a
-+ // property with a JSPropertyOp getter/setter. The latter must be
-+ // reported to the caller as a plain data property, so don't
-+ // populate desc.getter/setter, and mask away the SHARED bit.
-+ desc.attributesRef() &= ~JSPROP_SHARED;
- }
- } else {
- if (!JSObject::getGenericAttributes(cx, pobj, id, &desc.attributesRef()))
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch => gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch +0 -19
@@ 1,19 0,0 @@
-commit 5d91f3b10f999e852e0392470198bd6aefc87e1e
-Author: Jeff Muizelaar <jmuizelaar@mozilla.com>
-Date: Tue Oct 28 10:08:25 2014 -0400
-
- Bug 1072847 - Initialize mSurface. r=BenWa, a=bkerensa
-
- Modified gfx/2d/DrawTargetCairo.cpp
-diff --git a/gfx/2d/DrawTargetCairo.cpp b/gfx/2d/DrawTargetCairo.cpp
-index 48c2c73..78d9e4f 100644
---- a/gfx/2d/DrawTargetCairo.cpp
-+++ b/gfx/2d/DrawTargetCairo.cpp
-@@ -353,6 +353,7 @@ NeedIntermediateSurface(const Pattern& aPattern, const DrawOptions& aOptions)
-
- DrawTargetCairo::DrawTargetCairo()
- : mContext(nullptr)
-+ , mSurface(nullptr)
- , mLockedBits(nullptr)
- {
- }
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch => gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch +0 -191
@@ 1,191 0,0 @@
-commit 5de6730cc26744b9efcf4d4adb4a4c45023ef8a0
-Author: Randell Jesup <rjesup@jesup.org>
-Date: Tue Oct 28 11:06:00 2014 -0400
-
- Bug 1079729: Fix handling of increasing number of SCTP channels used by DataChannels r=tuexen a=lsblakk
-
- Modified media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h
-diff --git a/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h b/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h
-index ba8e1ff..8d964f1 100755
---- a/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h
-+++ b/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h
-@@ -225,7 +225,7 @@ typedef struct fsmdef_media_t_ {
- /*
- * Data Channel properties
- */
--#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 16
-+#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 256
- uint32 datachannel_streams;
- char datachannel_protocol[SDP_MAX_STRING_LEN + 1];
-
- Modified netwerk/sctp/datachannel/DataChannel.cpp
-diff --git a/netwerk/sctp/datachannel/DataChannel.cpp b/netwerk/sctp/datachannel/DataChannel.cpp
-index 414e3db..a00d938 100644
---- a/netwerk/sctp/datachannel/DataChannel.cpp
-+++ b/netwerk/sctp/datachannel/DataChannel.cpp
-@@ -910,10 +910,12 @@ DataChannelConnection::RequestMoreStreams(int32_t aNeeded)
- uint32_t outStreamsNeeded;
- socklen_t len;
-
-- if (aNeeded + mStreams.Length() > MAX_NUM_STREAMS)
-+ if (aNeeded + mStreams.Length() > MAX_NUM_STREAMS) {
- aNeeded = MAX_NUM_STREAMS - mStreams.Length();
-- if (aNeeded <= 0)
-+ }
-+ if (aNeeded <= 0) {
- return false;
-+ }
-
- len = (socklen_t)sizeof(struct sctp_status);
- if (usrsctp_getsockopt(mMasterSocket, IPPROTO_SCTP, SCTP_STATUS, &status, &len) < 0) {
-@@ -922,19 +924,25 @@ DataChannelConnection::RequestMoreStreams(int32_t aNeeded)
- }
- outStreamsNeeded = aNeeded; // number to add
-
-- memset(&sas, 0, sizeof(struct sctp_add_streams));
-+ // Note: if multiple channel opens happen when we don't have enough space,
-+ // we'll call RequestMoreStreams() multiple times
-+ memset(&sas, 0, sizeof(sas));
- sas.sas_instrms = 0;
- sas.sas_outstrms = (uint16_t)outStreamsNeeded; /* XXX error handling */
- // Doesn't block, we get an event when it succeeds or fails
- if (usrsctp_setsockopt(mMasterSocket, IPPROTO_SCTP, SCTP_ADD_STREAMS, &sas,
- (socklen_t) sizeof(struct sctp_add_streams)) < 0) {
-- if (errno == EALREADY)
-+ if (errno == EALREADY) {
-+ LOG(("Already have %u output streams", outStreamsNeeded));
- return true;
-+ }
-
- LOG(("***failed: setsockopt ADD errno=%d", errno));
- return false;
- }
- LOG(("Requested %u more streams", outStreamsNeeded));
-+ // We add to mStreams when we get a SCTP_STREAM_CHANGE_EVENT and the
-+ // values are larger than mStreams.Length()
- return true;
- }
-
-@@ -1050,6 +1058,13 @@ DataChannelConnection::SendDeferredMessages()
- channel->mFlags & DATA_CHANNEL_FLAGS_OUT_OF_ORDER_ALLOWED,
- channel->mPrPolicy, channel->mPrValue)) {
- channel->mFlags &= ~DATA_CHANNEL_FLAGS_SEND_REQ;
-+
-+ channel->mState = OPEN;
-+ channel->mReady = true;
-+ LOG(("%s: sending ON_CHANNEL_OPEN for %p", __FUNCTION__, channel.get()));
-+ NS_DispatchToMainThread(new DataChannelOnMessageAvailable(
-+ DataChannelOnMessageAvailable::ON_CHANNEL_OPEN, this,
-+ channel));
- sent = true;
- } else {
- if (errno == EAGAIN || errno == EWOULDBLOCK) {
-@@ -1177,6 +1192,7 @@ DataChannelConnection::HandleOpenRequestMessage(const struct rtcweb_datachannel_
- prPolicy = SCTP_PR_SCTP_TTL;
- break;
- default:
-+ LOG(("Unknown channel type", req->channel_type));
- /* XXX error handling */
- return;
- }
-@@ -1203,6 +1219,10 @@ DataChannelConnection::HandleOpenRequestMessage(const struct rtcweb_datachannel_
- }
- return;
- }
-+ if (stream >= mStreams.Length()) {
-+ LOG(("%s: stream %u out of bounds (%u)", __FUNCTION__, stream, mStreams.Length()));
-+ return;
-+ }
-
- nsCString label(nsDependentCSubstring(&req->label[0], ntohs(req->label_length)));
- nsCString protocol(nsDependentCSubstring(&req->label[ntohs(req->label_length)],
-@@ -1220,8 +1240,8 @@ DataChannelConnection::HandleOpenRequestMessage(const struct rtcweb_datachannel_
-
- channel->mState = DataChannel::WAITING_TO_OPEN;
-
-- LOG(("%s: sending ON_CHANNEL_CREATED for %s/%s: %u", __FUNCTION__,
-- channel->mLabel.get(), channel->mProtocol.get(), stream));
-+ LOG(("%s: sending ON_CHANNEL_CREATED for %s/%s: %u (state %u)", __FUNCTION__,
-+ channel->mLabel.get(), channel->mProtocol.get(), stream, channel->mState));
- NS_DispatchToMainThread(new DataChannelOnMessageAvailable(
- DataChannelOnMessageAvailable::ON_CHANNEL_CREATED,
- this, channel));
-@@ -1739,13 +1759,14 @@ DataChannelConnection::HandleStreamResetEvent(const struct sctp_stream_reset_eve
- // 2. We sent our own reset (CLOSING); either they crossed on the
- // wire, or this is a response to our Reset.
- // Go to CLOSED
-- // 3. We've sent a open but haven't gotten a response yet (OPENING)
-+ // 3. We've sent a open but haven't gotten a response yet (CONNECTING)
- // I believe this is impossible, as we don't have an input stream yet.
-
- LOG(("Incoming: Channel %u closed, state %d",
- channel->mStream, channel->mState));
- ASSERT_WEBRTC(channel->mState == DataChannel::OPEN ||
- channel->mState == DataChannel::CLOSING ||
-+ channel->mState == DataChannel::CONNECTING ||
- channel->mState == DataChannel::WAITING_TO_OPEN);
- if (channel->mState == DataChannel::OPEN ||
- channel->mState == DataChannel::WAITING_TO_OPEN) {
-@@ -1791,20 +1812,21 @@ DataChannelConnection::HandleStreamChangeEvent(const struct sctp_stream_change_e
- return;
- } else {
- if (strchg->strchange_instrms > mStreams.Length()) {
-- LOG(("Other side increased streamds from %u to %u",
-+ LOG(("Other side increased streams from %u to %u",
- mStreams.Length(), strchg->strchange_instrms));
- }
-- if (strchg->strchange_outstrms > mStreams.Length()) {
-+ if (strchg->strchange_outstrms > mStreams.Length() ||
-+ strchg->strchange_instrms > mStreams.Length()) {
- uint16_t old_len = mStreams.Length();
-+ uint16_t new_len = std::max(strchg->strchange_outstrms,
-+ strchg->strchange_instrms);
- LOG(("Increasing number of streams from %u to %u - adding %u (in: %u)",
-- old_len,
-- strchg->strchange_outstrms,
-- strchg->strchange_outstrms - old_len,
-+ old_len, new_len, new_len - old_len,
- strchg->strchange_instrms));
- // make sure both are the same length
-- mStreams.AppendElements(strchg->strchange_outstrms - old_len);
-+ mStreams.AppendElements(new_len - old_len);
- LOG(("New length = %d (was %d)", mStreams.Length(), old_len));
-- for (uint32_t i = old_len; i < mStreams.Length(); ++i) {
-+ for (size_t i = old_len; i < mStreams.Length(); ++i) {
- mStreams[i] = nullptr;
- }
- // Re-process any channels waiting for streams.
-@@ -1815,13 +1837,17 @@ DataChannelConnection::HandleStreamChangeEvent(const struct sctp_stream_change_e
- // Could make a more complex API for OpenXxxFinish() and avoid this loop
- int32_t num_needed = mPending.GetSize();
- LOG(("%d of %d new streams already needed", num_needed,
-- strchg->strchange_outstrms - old_len));
-- num_needed -= (strchg->strchange_outstrms - old_len); // number we added
-+ new_len - old_len));
-+ num_needed -= (new_len - old_len); // number we added
- if (num_needed > 0) {
- if (num_needed < 16)
- num_needed = 16;
- LOG(("Not enough new streams, asking for %d more", num_needed));
- RequestMoreStreams(num_needed);
-+ } else if (strchg->strchange_outstrms < strchg->strchange_instrms) {
-+ LOG(("Requesting %d output streams to match partner",
-+ strchg->strchange_instrms - strchg->strchange_outstrms));
-+ RequestMoreStreams(strchg->strchange_instrms - strchg->strchange_outstrms);
- }
-
- ProcessQueuedOpens();
- Modified netwerk/sctp/datachannel/DataChannelProtocol.h
-diff --git a/netwerk/sctp/datachannel/DataChannelProtocol.h b/netwerk/sctp/datachannel/DataChannelProtocol.h
-index 549f74b..74fbe58 100644
---- a/netwerk/sctp/datachannel/DataChannelProtocol.h
-+++ b/netwerk/sctp/datachannel/DataChannelProtocol.h
-@@ -17,7 +17,7 @@
- #endif
-
- // Duplicated in fsm.def
--#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 16
-+#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 256
-
- #define DATA_CHANNEL_PPID_CONTROL 50
- #define DATA_CHANNEL_PPID_BINARY 52
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch => gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch +0 -308
@@ 1,308 0,0 @@
-commit d74bdb4589ad714e2a45e282974db075de2be673
-Author: Randell Jesup <rjesup@jesup.org>
-Date: Wed Nov 12 22:59:53 2014 -0500
-
- Bug 1080312 - Update iteration code from upstream. r=jesup, a=abillings
-
- Modified netwerk/sctp/src/moz.build
-diff --git a/netwerk/sctp/src/moz.build b/netwerk/sctp/src/moz.build
-index 1901a41..82103b9 100644
---- a/netwerk/sctp/src/moz.build
-+++ b/netwerk/sctp/src/moz.build
-@@ -31,7 +31,6 @@ SOURCES += [
- 'user_environment.c',
- 'user_mbuf.c',
- 'user_recv_thread.c',
-- 'user_sctp_timer_iterate.c',
- 'user_socket.c',
- ]
-
- Modified netwerk/sctp/src/netinet/sctp_callout.c
-diff --git a/netwerk/sctp/src/netinet/sctp_callout.c b/netwerk/sctp/src/netinet/sctp_callout.c
-index 67b7566..e8ac77f 100755
---- a/netwerk/sctp/src/netinet/sctp_callout.c
-+++ b/netwerk/sctp/src/netinet/sctp_callout.c
-@@ -30,9 +30,27 @@
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-+#if defined(__Userspace__)
-+#include <sys/types.h>
-+#if !defined (__Userspace_os_Windows)
-+#include <sys/wait.h>
-+#include <unistd.h>
-+#include <pthread.h>
-+#endif
-+#if defined(__Userspace_os_NaCl)
-+#include <sys/select.h>
-+#endif
-+#include <stdlib.h>
-+#include <string.h>
-+#include <stdio.h>
-+#include <errno.h>
-+#include <netinet/sctp_sysctl.h>
-+#include <netinet/sctp_pcb.h>
-+#else
- #include <netinet/sctp_os.h>
- #include <netinet/sctp_callout.h>
- #include <netinet/sctp_pcb.h>
-+#endif
-
- /*
- * Callout/Timer routines for OS that doesn't have them
-@@ -117,24 +135,16 @@ sctp_os_timer_stop(sctp_os_timer_t *c)
- return (1);
- }
-
--#if defined(__APPLE__)
--/*
-- * For __APPLE__, use a single main timer at a faster resolution than
-- * fastim. The timer just calls this existing callout infrastructure.
-- */
--#endif
--void
--sctp_timeout(void *arg SCTP_UNUSED)
-+static void
-+sctp_handle_tick(int delta)
- {
- sctp_os_timer_t *c;
- void (*c_func)(void *);
- void *c_arg;
-
- SCTP_TIMERQ_LOCK();
--#if defined(__APPLE__)
- /* update our tick count */
-- ticks += SCTP_BASE_VAR(sctp_main_timer_ticks);
--#endif
-+ ticks += delta;
- c = TAILQ_FIRST(&SCTP_BASE_INFO(callqueue));
- while (c) {
- if (c->c_time <= ticks) {
-@@ -155,9 +165,60 @@ sctp_timeout(void *arg SCTP_UNUSED)
- }
- sctp_os_timer_next = NULL;
- SCTP_TIMERQ_UNLOCK();
-+}
-
- #if defined(__APPLE__)
-- /* restart the main timer */
-+void
-+sctp_timeout(void *arg SCTP_UNUSED)
-+{
-+ sctp_handle_tick(SCTP_BASE_VAR(sctp_main_timer_ticks));
- sctp_start_main_timer();
-+}
- #endif
-+
-+#if defined(__Userspace__)
-+#define TIMEOUT_INTERVAL 10
-+
-+void *
-+user_sctp_timer_iterate(void *arg)
-+{
-+ for (;;) {
-+#if defined (__Userspace_os_Windows)
-+ Sleep(TIMEOUT_INTERVAL);
-+#else
-+ struct timeval timeout;
-+
-+ timeout.tv_sec = 0;
-+ timeout.tv_usec = 1000 * TIMEOUT_INTERVAL;
-+ select(0, NULL, NULL, NULL, &timeout);
-+#endif
-+ if (SCTP_BASE_VAR(timer_thread_should_exit)) {
-+ break;
-+ }
-+ sctp_handle_tick(MSEC_TO_TICKS(TIMEOUT_INTERVAL));
-+ }
-+ return (NULL);
- }
-+
-+void
-+sctp_start_timer(void)
-+{
-+ /*
-+ * No need to do SCTP_TIMERQ_LOCK_INIT();
-+ * here, it is being done in sctp_pcb_init()
-+ */
-+#if defined (__Userspace_os_Windows)
-+ if ((SCTP_BASE_VAR(timer_thread) = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)user_sctp_timer_iterate, NULL, 0, NULL)) == NULL) {
-+ SCTP_PRINTF("ERROR; Creating ithread failed\n");
-+ }
-+#else
-+ int rc;
-+
-+ rc = pthread_create(&SCTP_BASE_VAR(timer_thread), NULL, user_sctp_timer_iterate, NULL);
-+ if (rc) {
-+ SCTP_PRINTF("ERROR; return code from pthread_create() is %d\n", rc);
-+ }
-+#endif
-+}
-+
-+#endif
- Modified netwerk/sctp/src/netinet/sctp_callout.h
-diff --git a/netwerk/sctp/src/netinet/sctp_callout.h b/netwerk/sctp/src/netinet/sctp_callout.h
-index 2782945..c53c5a4 100755
---- a/netwerk/sctp/src/netinet/sctp_callout.h
-+++ b/netwerk/sctp/src/netinet/sctp_callout.h
-@@ -64,7 +64,6 @@ __FBSDID("$FreeBSD$");
- #endif
-
- extern int ticks;
--extern void sctp_start_timer();
- #endif
-
- TAILQ_HEAD(calloutlist, sctp_callout);
-@@ -94,6 +93,11 @@ int sctp_os_timer_stop(sctp_os_timer_t *);
- #define SCTP_OS_TIMER_ACTIVE(tmr) ((tmr)->c_flags & SCTP_CALLOUT_ACTIVE)
- #define SCTP_OS_TIMER_DEACTIVATE(tmr) ((tmr)->c_flags &= ~SCTP_CALLOUT_ACTIVE)
-
-+#if defined(__Userspace__)
-+void sctp_start_timer(void);
-+#endif
-+#if defined(__APPLE__)
- void sctp_timeout(void *);
-+#endif
-
- #endif
- Modified netwerk/sctp/src/netinet/sctp_usrreq.c
-diff --git a/netwerk/sctp/src/netinet/sctp_usrreq.c b/netwerk/sctp/src/netinet/sctp_usrreq.c
-index d4115ad..c17ea04 100755
---- a/netwerk/sctp/src/netinet/sctp_usrreq.c
-+++ b/netwerk/sctp/src/netinet/sctp_usrreq.c
-@@ -56,6 +56,9 @@ __FBSDID("$FreeBSD: head/sys/netinet/sctp_usrreq.c 259943 2013-12-27 13:07:00Z t
- #include <netinet/sctp_timer.h>
- #include <netinet/sctp_auth.h>
- #include <netinet/sctp_bsd_addr.h>
-+#if defined(__Userspace__)
-+#include <netinet/sctp_callout.h>
-+#endif
- #if !defined(__Userspace_os_Windows)
- #include <netinet/udp.h>
- #endif
- Deleted netwerk/sctp/src/user_sctp_timer_iterate.c
-diff --git a/netwerk/sctp/src/user_sctp_timer_iterate.c b/netwerk/sctp/src/user_sctp_timer_iterate.c
-deleted file mode 100755
-index 0a9dbce..0000000
---- a/netwerk/sctp/src/user_sctp_timer_iterate.c
-+++ /dev/null
-@@ -1,119 +0,0 @@
--/*-
-- * Copyright (c) 2012 Michael Tuexen
-- * All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- */
--
--#include <sys/types.h>
--#if !defined (__Userspace_os_Windows)
--#include <sys/wait.h>
--#include <unistd.h>
--#include <pthread.h>
--#endif
--#include <stdlib.h>
--#include <string.h>
--#include <stdio.h>
--#include <errno.h>
--#include <netinet/sctp_pcb.h>
--#include <netinet/sctp_sysctl.h>
--#include "netinet/sctp_callout.h"
--
--/* This is the polling time of callqueue in milliseconds
-- * 10ms seems to work well. 1ms was giving erratic behavior
-- */
--#define TIMEOUT_INTERVAL 10
--
--extern int ticks;
--
--void *
--user_sctp_timer_iterate(void *arg)
--{
-- sctp_os_timer_t *c;
-- void (*c_func)(void *);
-- void *c_arg;
-- sctp_os_timer_t *sctp_os_timer_next;
-- /*
-- * The MSEC_TO_TICKS conversion depends on hz. The to_ticks in
-- * sctp_os_timer_start also depends on hz. E.g. if hz=1000 then
-- * for multiple INIT the to_ticks is 2000, 4000, 8000, 16000, 32000, 60000
-- * and further to_ticks level off at 60000 i.e. 60 seconds.
-- * If hz=100 then for multiple INIT the to_ticks are 200, 400, 800 and so-on.
-- */
-- for (;;) {
--#if defined (__Userspace_os_Windows)
-- Sleep(TIMEOUT_INTERVAL);
--#else
-- struct timeval timeout;
--
-- timeout.tv_sec = 0;
-- timeout.tv_usec = 1000 * TIMEOUT_INTERVAL;
-- select(0, NULL, NULL, NULL, &timeout);
--#endif
-- if (SCTP_BASE_VAR(timer_thread_should_exit)) {
-- break;
-- }
-- SCTP_TIMERQ_LOCK();
-- /* update our tick count */
-- ticks += MSEC_TO_TICKS(TIMEOUT_INTERVAL);
-- c = TAILQ_FIRST(&SCTP_BASE_INFO(callqueue));
-- while (c) {
-- if (c->c_time <= ticks) {
-- sctp_os_timer_next = TAILQ_NEXT(c, tqe);
-- TAILQ_REMOVE(&SCTP_BASE_INFO(callqueue), c, tqe);
-- c_func = c->c_func;
-- c_arg = c->c_arg;
-- c->c_flags &= ~SCTP_CALLOUT_PENDING;
-- SCTP_TIMERQ_UNLOCK();
-- c_func(c_arg);
-- SCTP_TIMERQ_LOCK();
-- c = sctp_os_timer_next;
-- } else {
-- c = TAILQ_NEXT(c, tqe);
-- }
-- }
-- SCTP_TIMERQ_UNLOCK();
-- }
-- return (NULL);
--}
--
--void
--sctp_start_timer(void)
--{
-- /*
-- * No need to do SCTP_TIMERQ_LOCK_INIT();
-- * here, it is being done in sctp_pcb_init()
-- */
--#if defined (__Userspace_os_Windows)
-- if ((SCTP_BASE_VAR(timer_thread) = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)user_sctp_timer_iterate, NULL, 0, NULL)) == NULL) {
-- SCTP_PRINTF("ERROR; Creating ithread failed\n");
-- }
--#else
-- int rc;
--
-- rc = pthread_create(&SCTP_BASE_VAR(timer_thread), NULL, user_sctp_timer_iterate, NULL);
-- if (rc) {
-- SCTP_PRINTF("ERROR; return code from pthread_create() is %d\n", rc);
-- }
--#endif
--}
D gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch => gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch +0 -119
@@ 1,119 0,0 @@
-commit 9df10fea93b483af6646ef2f7aab35598fbaab2f
-Author: Nils Ohlmeier [:drno] <drno@ohlmeier.org>
-Date: Thu Nov 6 12:21:57 2014 -0500
-
- Bug 1089207: fix parsing of invalid fmtp att r=drno,jesup a=lmandel
-
- Modified media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c
-diff --git a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c
-index fa5ca2e..33d26c0 100644
---- a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c
-+++ b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c
-@@ -458,7 +458,6 @@ sdp_result_e sdp_parse_attr_fmtp (sdp_t *sdp_p, sdp_attr_t *attr_p,
- char tmp[SDP_MAX_STRING_LEN];
- char *src_ptr;
- char *temp_ptr = NULL;
-- tinybool flag=FALSE;
- char *tok=NULL;
- char *temp=NULL;
- u16 custom_x=0;
-@@ -495,29 +494,11 @@ sdp_result_e sdp_parse_attr_fmtp (sdp_t *sdp_p, sdp_attr_t *attr_p,
- fmtp_p->packetization_mode = 0;
- fmtp_p->level_asymmetry_allowed = SDP_DEFAULT_LEVEL_ASYMMETRY_ALLOWED_VALUE;
-
-- /* BEGIN - a typical macro fn to replace '/' with ';' from fmtp line*/
-- /* This ugly replacement of '/' with ';' is only done because
-- * econf/MS client sends in this wierd /illegal format.
-- * fmtp parameters MUST be separated by ';'
-- */
- temp_ptr = cpr_strdup(ptr);
- if (temp_ptr == NULL) {
- return (SDP_FAILURE);
- }
- fmtp_ptr = src_ptr = temp_ptr;
-- while (flag == FALSE) {
-- if (*src_ptr == '\n') {
-- flag = TRUE;
-- break;
-- }
-- if (*src_ptr == '/') {
-- *src_ptr =';' ;
-- }
-- src_ptr++;
-- }
-- /* END */
-- /* Once we move to RFC compliant video codec implementations, the above
-- * patch should be removed */
-
- src_ptr = temp_ptr;
- while (!done) {
- Modified media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c
-diff --git a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c
-index 0be02aa..9760d4e 100644
---- a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c
-+++ b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c
-@@ -1002,7 +1002,12 @@ sdp_result_e sdp_parse (sdp_t *sdp_p, char **bufp, u16 len)
- */
- ptr = next_ptr;
- line_end = sdp_findchar(ptr, "\n");
-- if (line_end >= (*bufp + len)) {
-+ if ((line_end >= (*bufp + len)) ||
-+ (*line_end == '\0')) {
-+ /* As this does not update the result value the SDP up to this point
-+ * is still accept as valid. So encountering this is not treated as
-+ * an error.
-+ */
- sdp_parse_error(sdp_p->peerconnection,
- "%s End of line beyond end of buffer.",
- sdp_p->debug_str);
- Modified media/webrtc/signaling/test/sdp_unittests.cpp
-diff --git a/media/webrtc/signaling/test/sdp_unittests.cpp b/media/webrtc/signaling/test/sdp_unittests.cpp
-index 51df09b..9f98eed 100644
---- a/media/webrtc/signaling/test/sdp_unittests.cpp
-+++ b/media/webrtc/signaling/test/sdp_unittests.cpp
-@@ -755,13 +755,13 @@ TEST_F(SdpTest, parseFmtpMaxFs) {
- u32 val = 0;
- ParseSdp(kVideoSdp + "a=fmtp:120 max-fs=300;max-fr=30\r\n");
- ASSERT_EQ(sdp_attr_get_fmtp_max_fs(sdp_ptr_, 1, 0, 1, &val), SDP_SUCCESS);
-- ASSERT_EQ(val, 300);
-+ ASSERT_EQ(val, 300U);
- }
- TEST_F(SdpTest, parseFmtpMaxFr) {
- u32 val = 0;
- ParseSdp(kVideoSdp + "a=fmtp:120 max-fs=300;max-fr=30\r\n");
- ASSERT_EQ(sdp_attr_get_fmtp_max_fr(sdp_ptr_, 1, 0, 1, &val), SDP_SUCCESS);
-- ASSERT_EQ(val, 30);
-+ ASSERT_EQ(val, 30U);
- }
-
- TEST_F(SdpTest, addFmtpMaxFs) {
-@@ -789,6 +789,29 @@ TEST_F(SdpTest, addFmtpMaxFsFr) {
- std::string::npos);
- }
-
-+static const std::string kBrokenFmtp =
-+ "v=0\r\n"
-+ "o=- 137331303 2 IN IP4 127.0.0.1\r\n"
-+ "s=SIP Call\r\n"
-+ "t=0 0\r\n"
-+ "m=video 56436 RTP/SAVPF 120\r\n"
-+ "c=IN IP4 198.51.100.7\r\n"
-+ "a=rtpmap:120 VP8/90000\r\n"
-+ /* Note: the \0 in this string triggered bz://1089207
-+ */
-+ "a=fmtp:120 max-fs=300;max\0fr=30";
-+
-+TEST_F(SdpTest, parseBrokenFmtp) {
-+ u32 val = 0;
-+ char *buf = const_cast<char *>(kBrokenFmtp.data());
-+ ResetSdp();
-+ /* We need to manually invoke the parser here to be able to specify the length
-+ * of the string beyond the \0 in last line of the string.
-+ */
-+ ASSERT_EQ(sdp_parse(sdp_ptr_, &buf, 165), SDP_SUCCESS);
-+ ASSERT_EQ(sdp_attr_get_fmtp_max_fs(sdp_ptr_, 1, 0, 1, &val), SDP_INVALID_PARAMETER);
-+}
-+
- } // End namespace test.
-
- int main(int argc, char **argv) {
D gnu/packages/patches/icecat-CVE-2014-1590.patch => gnu/packages/patches/icecat-CVE-2014-1590.patch +0 -33
@@ 1,33 0,0 @@
-commit 50c5ca4bacf7cda77c3a7ab1b8d82ded18fb3355
-Author: Olli Pettay <Olli.Pettay@helsinki.fi>
-Date: Sun Nov 2 22:01:55 2014 +0200
-
- Bug 1087633 - Filter out XPConnect wrapped input streams. r=bz, a=lmandel
-
- Modified content/base/src/nsXMLHttpRequest.h
-diff --git a/content/base/src/nsXMLHttpRequest.h b/content/base/src/nsXMLHttpRequest.h
-index b1fc4e3..4ab4f29 100644
---- a/content/base/src/nsXMLHttpRequest.h
-+++ b/content/base/src/nsXMLHttpRequest.h
-@@ -28,7 +28,8 @@
- #include "nsIPrincipal.h"
- #include "nsIScriptObjectPrincipal.h"
- #include "nsISizeOfEventTarget.h"
--
-+#include "nsIXPConnect.h"
-+#include "nsIInputStream.h"
- #include "mozilla/Assertions.h"
- #include "mozilla/DOMEventTargetHelper.h"
- #include "mozilla/MemoryReporting.h"
-@@ -446,6 +447,11 @@ public:
- void Send(nsIInputStream* aStream, ErrorResult& aRv)
- {
- NS_ASSERTION(aStream, "Null should go to string version");
-+ nsCOMPtr<nsIXPConnectWrappedJS> wjs = do_QueryInterface(aStream);
-+ if (wjs) {
-+ aRv.Throw(NS_ERROR_DOM_TYPE_ERR);
-+ return;
-+ }
- aRv = Send(RequestBody(aStream));
- }
- void SendAsBinary(const nsAString& aBody, ErrorResult& aRv);
D gnu/packages/patches/icecat-CVE-2014-1592.patch => gnu/packages/patches/icecat-CVE-2014-1592.patch +0 -400
@@ 1,400 0,0 @@
-commit 7efadbb03cdffa11ebfc2da3113377d2f33b893b
-Author: Henri Sivonen <hsivonen@hsivonen.fi>
-Date: Mon Nov 3 15:23:26 2014 +0200
-
- Bug 1088635. r=smaug, a=bkerensa
-
- Modified content/base/src/nsDocument.cpp
-diff --git a/content/base/src/nsDocument.cpp b/content/base/src/nsDocument.cpp
-index cbed38d..3493bce 100644
---- a/content/base/src/nsDocument.cpp
-+++ b/content/base/src/nsDocument.cpp
-@@ -3916,7 +3916,7 @@ nsDocument::InsertChildAt(nsIContent* aKid, uint32_t aIndex,
- bool aNotify)
- {
- if (aKid->IsElement() && GetRootElement()) {
-- NS_ERROR("Inserting element child when we already have one");
-+ NS_WARNING("Inserting root element when we already have one");
- return NS_ERROR_DOM_HIERARCHY_REQUEST_ERR;
- }
-
- Modified parser/html/nsHtml5Parser.cpp
-diff --git a/parser/html/nsHtml5Parser.cpp b/parser/html/nsHtml5Parser.cpp
-index a485be4..f28adb4 100644
---- a/parser/html/nsHtml5Parser.cpp
-+++ b/parser/html/nsHtml5Parser.cpp
-@@ -237,7 +237,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer,
- * WillBuildModel to be called before the document has had its
- * script global object set.
- */
-- mExecutor->WillBuildModel(eDTDMode_unknown);
-+ rv = mExecutor->WillBuildModel(eDTDMode_unknown);
-+ NS_ENSURE_SUCCESS(rv, rv);
- }
-
- // Return early if the parser has processed EOF
-@@ -255,7 +256,7 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer,
- }
- mDocumentClosed = true;
- if (!mBlocked && !mInDocumentWrite) {
-- ParseUntilBlocked();
-+ return ParseUntilBlocked();
- }
- return NS_OK;
- }
-@@ -378,7 +379,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer,
-
- if (mTreeBuilder->HasScript()) {
- mTreeBuilder->Flush(); // Move ops to the executor
-- mExecutor->FlushDocumentWrite(); // run the ops
-+ rv = mExecutor->FlushDocumentWrite(); // run the ops
-+ NS_ENSURE_SUCCESS(rv, rv);
- // Flushing tree ops can cause all sorts of things.
- // Return early if the parser got terminated.
- if (mExecutor->IsComplete()) {
-@@ -437,7 +439,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer,
- "Buffer wasn't tokenized to completion?");
- // Scripting semantics require a forced tree builder flush here
- mTreeBuilder->Flush(); // Move ops to the executor
-- mExecutor->FlushDocumentWrite(); // run the ops
-+ rv = mExecutor->FlushDocumentWrite(); // run the ops
-+ NS_ENSURE_SUCCESS(rv, rv);
- } else if (stackBuffer.hasMore()) {
- // The buffer wasn't tokenized to completion. Tokenize the untokenized
- // content in order to preload stuff. This content will be retokenized
-@@ -594,11 +597,13 @@ nsHtml5Parser::IsScriptCreated()
- /* End nsIParser */
-
- // not from interface
--void
-+nsresult
- nsHtml5Parser::ParseUntilBlocked()
- {
-- if (mBlocked || mExecutor->IsComplete() || NS_FAILED(mExecutor->IsBroken())) {
-- return;
-+ nsresult rv = mExecutor->IsBroken();
-+ NS_ENSURE_SUCCESS(rv, rv);
-+ if (mBlocked || mExecutor->IsComplete()) {
-+ return NS_OK;
- }
- NS_ASSERTION(mExecutor->HasStarted(), "Bad life cycle.");
- NS_ASSERTION(!mInDocumentWrite,
-@@ -611,7 +616,7 @@ nsHtml5Parser::ParseUntilBlocked()
- if (mFirstBuffer == mLastBuffer) {
- if (mExecutor->IsComplete()) {
- // something like cache manisfests stopped the parse in mid-flight
-- return;
-+ return NS_OK;
- }
- if (mDocumentClosed) {
- NS_ASSERTION(!GetStreamParser(),
-@@ -620,8 +625,10 @@ nsHtml5Parser::ParseUntilBlocked()
- mTreeBuilder->StreamEnded();
- mTreeBuilder->Flush();
- mExecutor->FlushDocumentWrite();
-+ // The below call does memory cleanup, so call it even if the
-+ // parser has been marked as broken.
- mTokenizer->end();
-- return;
-+ return NS_OK;
- }
- // never release the last buffer.
- NS_ASSERTION(!mLastBuffer->getStart() && !mLastBuffer->getEnd(),
-@@ -643,14 +650,14 @@ nsHtml5Parser::ParseUntilBlocked()
- NS_ASSERTION(mExecutor->IsInFlushLoop(),
- "How did we come here without being in the flush loop?");
- }
-- return; // no more data for now but expecting more
-+ return NS_OK; // no more data for now but expecting more
- }
- mFirstBuffer = mFirstBuffer->next;
- continue;
- }
-
- if (mBlocked || mExecutor->IsComplete()) {
-- return;
-+ return NS_OK;
- }
-
- // now we have a non-empty buffer
-@@ -667,10 +674,11 @@ nsHtml5Parser::ParseUntilBlocked()
- }
- if (mTreeBuilder->HasScript()) {
- mTreeBuilder->Flush();
-- mExecutor->FlushDocumentWrite();
-+ nsresult rv = mExecutor->FlushDocumentWrite();
-+ NS_ENSURE_SUCCESS(rv, rv);
- }
- if (mBlocked) {
-- return;
-+ return NS_OK;
- }
- }
- continue;
- Modified parser/html/nsHtml5Parser.h
-diff --git a/parser/html/nsHtml5Parser.h b/parser/html/nsHtml5Parser.h
-index aff79c7..e2ef2f8 100644
---- a/parser/html/nsHtml5Parser.h
-+++ b/parser/html/nsHtml5Parser.h
-@@ -262,7 +262,7 @@ class nsHtml5Parser : public nsIParser,
- /**
- * Parse until pending data is exhausted or a script blocks the parser
- */
-- void ParseUntilBlocked();
-+ nsresult ParseUntilBlocked();
-
- private:
-
- Modified parser/html/nsHtml5StreamParser.cpp
-diff --git a/parser/html/nsHtml5StreamParser.cpp b/parser/html/nsHtml5StreamParser.cpp
-index 4790568..7e3917b 100644
---- a/parser/html/nsHtml5StreamParser.cpp
-+++ b/parser/html/nsHtml5StreamParser.cpp
-@@ -796,7 +796,7 @@ nsHtml5StreamParser::WriteStreamBytes(const uint8_t* aFromSegment,
- // NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE.
- if (!mLastBuffer) {
- NS_WARNING("mLastBuffer should not be null!");
-- MarkAsBroken();
-+ MarkAsBroken(NS_ERROR_NULL_POINTER);
- return NS_ERROR_NULL_POINTER;
- }
- if (mLastBuffer->getEnd() == NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE) {
-@@ -902,7 +902,8 @@ nsHtml5StreamParser::OnStartRequest(nsIRequest* aRequest, nsISupports* aContext)
- * WillBuildModel to be called before the document has had its
- * script global object set.
- */
-- mExecutor->WillBuildModel(eDTDMode_unknown);
-+ rv = mExecutor->WillBuildModel(eDTDMode_unknown);
-+ NS_ENSURE_SUCCESS(rv, rv);
-
- nsRefPtr<nsHtml5OwningUTF16Buffer> newBuf =
- nsHtml5OwningUTF16Buffer::FalliblyCreate(
-@@ -1003,8 +1004,9 @@ nsHtml5StreamParser::DoStopRequest()
-
- if (!mUnicodeDecoder) {
- uint32_t writeCount;
-- if (NS_FAILED(FinalizeSniffing(nullptr, 0, &writeCount, 0))) {
-- MarkAsBroken();
-+ nsresult rv;
-+ if (NS_FAILED(rv = FinalizeSniffing(nullptr, 0, &writeCount, 0))) {
-+ MarkAsBroken(rv);
- return;
- }
- } else if (mFeedChardet) {
-@@ -1076,7 +1078,7 @@ nsHtml5StreamParser::DoDataAvailable(const uint8_t* aBuffer, uint32_t aLength)
- rv = SniffStreamBytes(aBuffer, aLength, &writeCount);
- }
- if (NS_FAILED(rv)) {
-- MarkAsBroken();
-+ MarkAsBroken(rv);
- return;
- }
- NS_ASSERTION(writeCount == aLength, "Wrong number of stream bytes written/sniffed.");
-@@ -1662,13 +1664,13 @@ nsHtml5StreamParser::TimerFlush()
- }
-
- void
--nsHtml5StreamParser::MarkAsBroken()
-+nsHtml5StreamParser::MarkAsBroken(nsresult aRv)
- {
- NS_ASSERTION(IsParserThread(), "Wrong thread!");
- mTokenizerMutex.AssertCurrentThreadOwns();
-
- Terminate();
-- mTreeBuilder->MarkAsBroken();
-+ mTreeBuilder->MarkAsBroken(aRv);
- mozilla::DebugOnly<bool> hadOps = mTreeBuilder->Flush(false);
- NS_ASSERTION(hadOps, "Should have had the markAsBroken op!");
- if (NS_FAILED(NS_DispatchToMainThread(mExecutorFlusher))) {
- Modified parser/html/nsHtml5StreamParser.h
-diff --git a/parser/html/nsHtml5StreamParser.h b/parser/html/nsHtml5StreamParser.h
-index c7dcbbe..476ef16 100644
---- a/parser/html/nsHtml5StreamParser.h
-+++ b/parser/html/nsHtml5StreamParser.h
-@@ -218,7 +218,7 @@ class nsHtml5StreamParser : public nsICharsetDetectionObserver {
- }
- #endif
-
-- void MarkAsBroken();
-+ void MarkAsBroken(nsresult aRv);
-
- /**
- * Marks the stream parser as interrupted. If you ever add calls to this
- Modified parser/html/nsHtml5TreeBuilderCppSupplement.h
-diff --git a/parser/html/nsHtml5TreeBuilderCppSupplement.h b/parser/html/nsHtml5TreeBuilderCppSupplement.h
-index 4cd5c7c..1e65394 100644
---- a/parser/html/nsHtml5TreeBuilderCppSupplement.h
-+++ b/parser/html/nsHtml5TreeBuilderCppSupplement.h
-@@ -949,14 +949,14 @@ nsHtml5TreeBuilder::DropHandles()
- }
-
- void
--nsHtml5TreeBuilder::MarkAsBroken()
-+nsHtml5TreeBuilder::MarkAsBroken(nsresult aRv)
- {
- if (MOZ_UNLIKELY(mBuilder)) {
- MOZ_ASSUME_UNREACHABLE("Must not call this with builder.");
- return;
- }
- mOpQueue.Clear(); // Previous ops don't matter anymore
-- mOpQueue.AppendElement()->Init(eTreeOpMarkAsBroken);
-+ mOpQueue.AppendElement()->Init(aRv);
- }
-
- void
- Modified parser/html/nsHtml5TreeBuilderHSupplement.h
-diff --git a/parser/html/nsHtml5TreeBuilderHSupplement.h b/parser/html/nsHtml5TreeBuilderHSupplement.h
-index a321e80..8d380eb 100644
---- a/parser/html/nsHtml5TreeBuilderHSupplement.h
-+++ b/parser/html/nsHtml5TreeBuilderHSupplement.h
-@@ -223,4 +223,4 @@
-
- void errEndWithUnclosedElements(nsIAtom* aName);
-
-- void MarkAsBroken();
-+ void MarkAsBroken(nsresult aRv);
- Modified parser/html/nsHtml5TreeOpExecutor.cpp
-diff --git a/parser/html/nsHtml5TreeOpExecutor.cpp b/parser/html/nsHtml5TreeOpExecutor.cpp
-index ebcafca..6c52e5f 100644
---- a/parser/html/nsHtml5TreeOpExecutor.cpp
-+++ b/parser/html/nsHtml5TreeOpExecutor.cpp
-@@ -411,7 +411,11 @@ nsHtml5TreeOpExecutor::RunFlushLoop()
- GetParser()->GetStreamParser();
- // Now parse content left in the document.write() buffer queue if any.
- // This may generate tree ops on its own or dequeue a speculation.
-- GetParser()->ParseUntilBlocked();
-+ nsresult rv = GetParser()->ParseUntilBlocked();
-+ if (NS_FAILED(rv)) {
-+ MarkAsBroken(rv);
-+ return;
-+ }
- }
-
- if (mOpQueue.IsEmpty()) {
-@@ -496,21 +500,24 @@ nsHtml5TreeOpExecutor::RunFlushLoop()
- }
- }
-
--void
-+nsresult
- nsHtml5TreeOpExecutor::FlushDocumentWrite()
- {
-+ nsresult rv = IsBroken();
-+ NS_ENSURE_SUCCESS(rv, rv);
-+
- FlushSpeculativeLoads(); // Make sure speculative loads never start after the
- // corresponding normal loads for the same URLs.
-
- if (MOZ_UNLIKELY(!mParser)) {
- // The parse has ended.
- mOpQueue.Clear(); // clear in order to be able to assert in destructor
-- return;
-+ return rv;
- }
-
- if (mFlushState != eNotFlushing) {
- // XXX Can this happen? In case it can, let's avoid crashing.
-- return;
-+ return rv;
- }
-
- mFlushState = eInFlush;
-@@ -545,7 +552,7 @@ nsHtml5TreeOpExecutor::FlushDocumentWrite()
- }
- NS_ASSERTION(mFlushState == eInDocUpdate,
- "Tried to perform tree op outside update batch.");
-- nsresult rv = iter->Perform(this, &scriptElement);
-+ rv = iter->Perform(this, &scriptElement);
- if (NS_FAILED(rv)) {
- MarkAsBroken(rv);
- break;
-@@ -560,13 +567,14 @@ nsHtml5TreeOpExecutor::FlushDocumentWrite()
-
- if (MOZ_UNLIKELY(!mParser)) {
- // Ending the doc update caused a call to nsIParser::Terminate().
-- return;
-+ return rv;
- }
-
- if (scriptElement) {
- // must be tail call when mFlushState is eNotFlushing
- RunScript(scriptElement);
- }
-+ return rv;
- }
-
- // copied from HTML content sink
- Modified parser/html/nsHtml5TreeOpExecutor.h
-diff --git a/parser/html/nsHtml5TreeOpExecutor.h b/parser/html/nsHtml5TreeOpExecutor.h
-index 9617dcb..1f81448 100644
---- a/parser/html/nsHtml5TreeOpExecutor.h
-+++ b/parser/html/nsHtml5TreeOpExecutor.h
-@@ -173,7 +173,7 @@ class nsHtml5TreeOpExecutor : public nsHtml5DocumentBuilder,
-
- void RunFlushLoop();
-
-- void FlushDocumentWrite();
-+ nsresult FlushDocumentWrite();
-
- void MaybeSuspend();
-
- Modified parser/html/nsHtml5TreeOperation.cpp
-diff --git a/parser/html/nsHtml5TreeOperation.cpp b/parser/html/nsHtml5TreeOperation.cpp
-index 48b71dc..7ad65247 100644
---- a/parser/html/nsHtml5TreeOperation.cpp
-+++ b/parser/html/nsHtml5TreeOperation.cpp
-@@ -214,6 +214,9 @@ nsHtml5TreeOperation::AppendToDocument(nsIContent* aNode,
- nsIDocument* doc = aBuilder->GetDocument();
- uint32_t childCount = doc->GetChildCount();
- rv = doc->AppendChildTo(aNode, false);
-+ if (rv == NS_ERROR_DOM_HIERARCHY_REQUEST_ERR) {
-+ return NS_OK;
-+ }
- NS_ENSURE_SUCCESS(rv, rv);
- nsNodeUtils::ContentInserted(doc, aNode, childCount);
-
-@@ -739,8 +742,7 @@ nsHtml5TreeOperation::Perform(nsHtml5TreeOpExecutor* aBuilder,
- return NS_OK;
- }
- case eTreeOpMarkAsBroken: {
-- aBuilder->MarkAsBroken(NS_ERROR_OUT_OF_MEMORY);
-- return NS_OK;
-+ return mOne.result;
- }
- case eTreeOpRunScript: {
- nsIContent* node = *(mOne.node);
- Modified parser/html/nsHtml5TreeOperation.h
-diff --git a/parser/html/nsHtml5TreeOperation.h b/parser/html/nsHtml5TreeOperation.h
-index 2727733..06d0274 100644
---- a/parser/html/nsHtml5TreeOperation.h
-+++ b/parser/html/nsHtml5TreeOperation.h
-@@ -435,6 +435,15 @@ class nsHtml5TreeOperation {
- mFour.integer = aInt;
- }
-
-+ inline void Init(nsresult aRv)
-+ {
-+ NS_PRECONDITION(mOpCode == eTreeOpUninitialized,
-+ "Op code must be uninitialized when initializing.");
-+ NS_PRECONDITION(NS_FAILED(aRv), "Initialized tree op with non-failure.");
-+ mOpCode = eTreeOpMarkAsBroken;
-+ mOne.result = aRv;
-+ }
-+
- inline void InitAddClass(nsIContentHandle* aNode, const char16_t* aClass)
- {
- NS_PRECONDITION(mOpCode == eTreeOpUninitialized,
-@@ -487,11 +496,12 @@ class nsHtml5TreeOperation {
- nsIAtom* atom;
- nsHtml5HtmlAttributes* attributes;
- nsHtml5DocumentMode mode;
-- char16_t* unicharPtr;
-+ char16_t* unicharPtr;
- char* charPtr;
- nsHtml5TreeOperationStringPair* stringPair;
- nsAHtml5TreeBuilderState* state;
- int32_t integer;
-+ nsresult result;
- } mOne, mTwo, mThree, mFour;
- };
-
D gnu/packages/patches/icecat-CVE-2014-1593.patch => gnu/packages/patches/icecat-CVE-2014-1593.patch +0 -154
@@ 1,154 0,0 @@
-commit a58cea744ac5b93b99a66554e1029b2c7aa3255d
-Author: Matthew Gregan <kinetik@flim.org>
-Date: Tue Nov 11 08:58:52 2014 +1300
-
- Bug 1085175. r=roc, a=dveditz
-
- Modified content/media/MediaCache.cpp
-diff --git a/content/media/MediaCache.cpp b/content/media/MediaCache.cpp
-index 598d905..c99f724 100644
---- a/content/media/MediaCache.cpp
-+++ b/content/media/MediaCache.cpp
-@@ -1174,6 +1174,7 @@ MediaCache::Update()
- // Figure out where we should be reading from. It's the first
- // uncached byte after the current mStreamOffset.
- int64_t dataOffset = stream->GetCachedDataEndInternal(stream->mStreamOffset);
-+ MOZ_ASSERT(dataOffset >= 0);
-
- // Compute where we'd actually seek to to read at readOffset
- int64_t desiredOffset = dataOffset;
-@@ -1702,6 +1703,7 @@ MediaCacheStream::NotifyDataStarted(int64_t aOffset)
- ReentrantMonitorAutoEnter mon(gMediaCache->GetReentrantMonitor());
- NS_WARN_IF_FALSE(aOffset == mChannelOffset,
- "Server is giving us unexpected offset");
-+ MOZ_ASSERT(aOffset >= 0);
- mChannelOffset = aOffset;
- if (mStreamLength >= 0) {
- // If we started reading at a certain offset, then for sure
-@@ -2118,23 +2120,28 @@ MediaCacheStream::Seek(int32_t aWhence, int64_t aOffset)
- return NS_ERROR_FAILURE;
-
- int64_t oldOffset = mStreamOffset;
-+ int64_t newOffset = mStreamOffset;
- switch (aWhence) {
- case PR_SEEK_END:
- if (mStreamLength < 0)
- return NS_ERROR_FAILURE;
-- mStreamOffset = mStreamLength + aOffset;
-+ newOffset = mStreamLength + aOffset;
- break;
- case PR_SEEK_CUR:
-- mStreamOffset += aOffset;
-+ newOffset += aOffset;
- break;
- case PR_SEEK_SET:
-- mStreamOffset = aOffset;
-+ newOffset = aOffset;
- break;
- default:
- NS_ERROR("Unknown whence");
- return NS_ERROR_FAILURE;
- }
-
-+ if (newOffset < 0)
-+ return NS_ERROR_FAILURE;
-+ mStreamOffset = newOffset;
-+
- CACHE_LOG(PR_LOG_DEBUG, ("Stream %p Seek to %lld", this, (long long)mStreamOffset));
- gMediaCache->NoteSeek(this, oldOffset);
-
-@@ -2176,11 +2183,10 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes)
- break;
- }
- size = std::min(size, bytesRemaining);
-- // Clamp size until 64-bit file size issues (bug 500784) are fixed.
-+ // Clamp size until 64-bit file size issues are fixed.
- size = std::min(size, int64_t(INT32_MAX));
- }
-
-- int32_t bytes;
- int32_t cacheBlock = streamBlock < mBlocks.Length() ? mBlocks[streamBlock] : -1;
- if (cacheBlock < 0) {
- // We don't have a complete cached block here.
-@@ -2208,7 +2214,10 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes)
- // We can just use the data in mPartialBlockBuffer. In fact we should
- // use it rather than waiting for the block to fill and land in
- // the cache.
-- bytes = std::min<int64_t>(size, streamWithPartialBlock->mChannelOffset - mStreamOffset);
-+ int64_t bytes = std::min<int64_t>(size, streamWithPartialBlock->mChannelOffset - mStreamOffset);
-+ // Clamp bytes until 64-bit file size issues are fixed.
-+ bytes = std::min(bytes, int64_t(INT32_MAX));
-+ NS_ABORT_IF_FALSE(bytes >= 0 && bytes <= aCount, "Bytes out of range.");
- memcpy(aBuffer,
- reinterpret_cast<char*>(streamWithPartialBlock->mPartialBlockBuffer.get()) + offsetInStreamBlock, bytes);
- if (mCurrentMode == MODE_METADATA) {
-@@ -2232,6 +2241,7 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes)
- gMediaCache->NoteBlockUsage(this, cacheBlock, mCurrentMode, TimeStamp::Now());
-
- int64_t offset = cacheBlock*BLOCK_SIZE + offsetInStreamBlock;
-+ int32_t bytes;
- NS_ABORT_IF_FALSE(size >= 0 && size <= INT32_MAX, "Size out of range.");
- nsresult rv = gMediaCache->ReadCacheFile(offset, aBuffer + count, int32_t(size), &bytes);
- if (NS_FAILED(rv)) {
-@@ -2268,9 +2278,7 @@ MediaCacheStream::ReadAt(int64_t aOffset, char* aBuffer,
- }
-
- nsresult
--MediaCacheStream::ReadFromCache(char* aBuffer,
-- int64_t aOffset,
-- int64_t aCount)
-+MediaCacheStream::ReadFromCache(char* aBuffer, int64_t aOffset, int64_t aCount)
- {
- ReentrantMonitorAutoEnter mon(gMediaCache->GetReentrantMonitor());
- if (mClosed)
-@@ -2292,7 +2300,7 @@ MediaCacheStream::ReadFromCache(char* aBuffer,
- return NS_ERROR_FAILURE;
- }
- size = std::min(size, bytesRemaining);
-- // Clamp size until 64-bit file size issues (bug 500784) are fixed.
-+ // Clamp size until 64-bit file size issues are fixed.
- size = std::min(size, int64_t(INT32_MAX));
- }
-
-@@ -2303,7 +2311,10 @@ MediaCacheStream::ReadFromCache(char* aBuffer,
- // We can just use the data in mPartialBlockBuffer. In fact we should
- // use it rather than waiting for the block to fill and land in
- // the cache.
-- bytes = std::min<int64_t>(size, mChannelOffset - streamOffset);
-+ // Clamp bytes until 64-bit file size issues are fixed.
-+ int64_t toCopy = std::min<int64_t>(size, mChannelOffset - streamOffset);
-+ bytes = std::min(toCopy, int64_t(INT32_MAX));
-+ NS_ABORT_IF_FALSE(bytes >= 0 && bytes <= toCopy, "Bytes out of range.");
- memcpy(aBuffer + count,
- reinterpret_cast<char*>(mPartialBlockBuffer.get()) + offsetInStreamBlock, bytes);
- } else {
- Modified media/libnestegg/include/nestegg-stdint.h
-diff --git a/media/libnestegg/include/nestegg-stdint.h b/media/libnestegg/include/nestegg-stdint.h
-index 599a7a5..c315991 100644
---- a/media/libnestegg/include/nestegg-stdint.h
-+++ b/media/libnestegg/include/nestegg-stdint.h
-@@ -1,6 +1,9 @@
- #ifdef _WIN32
- typedef __int64 int64_t;
- typedef unsigned __int64 uint64_t;
-+#if !defined(INT64_MAX)
-+#define INT64_MAX 9223372036854775807LL
-+#endif
- #else
- #include <stdint.h>
- #endif
- Modified media/libnestegg/src/nestegg.c
-diff --git a/media/libnestegg/src/nestegg.c b/media/libnestegg/src/nestegg.c
-index 8813cf2..56884d7 100644
---- a/media/libnestegg/src/nestegg.c
-+++ b/media/libnestegg/src/nestegg.c
-@@ -1950,6 +1950,9 @@ nestegg_offset_seek(nestegg * ctx, uint64_t offset)
- {
- int r;
-
-+ if (offset > INT64_MAX)
-+ return -1;
-+
- /* Seek and set up parser state for segment-level element (Cluster). */
- r = ne_io_seek(ctx->io, offset, NESTEGG_SEEK_SET);
- if (r != 0)
D gnu/packages/patches/icecat-CVE-2014-1594.patch => gnu/packages/patches/icecat-CVE-2014-1594.patch +0 -34
@@ 1,34 0,0 @@
-commit 7a8497c0df722b1ed145b99a82c71ed1f7b1d6ce
-Author: Markus Stange <mstange@themasta.com>
-Date: Thu Oct 9 21:26:27 2014 -0400
-
- Bug 1074280 - Use AsContainerLayer() in order to avoid a bad cast. r=roc, a=bkerensa
-
- Modified gfx/layers/basic/BasicLayerManager.cpp
-diff --git a/gfx/layers/basic/BasicLayerManager.cpp b/gfx/layers/basic/BasicLayerManager.cpp
-index 5a3a1f6..ff42bc0 100644
---- a/gfx/layers/basic/BasicLayerManager.cpp
-+++ b/gfx/layers/basic/BasicLayerManager.cpp
-@@ -901,18 +901,17 @@ BasicLayerManager::PaintLayer(gfxContext* aTarget,
- RenderTraceScope trace("BasicLayerManager::PaintLayer", "707070");
-
- const nsIntRect* clipRect = aLayer->GetEffectiveClipRect();
-- // aLayer might not be a container layer, but if so we take care not to use
-- // the container variable
-- BasicContainerLayer* container = static_cast<BasicContainerLayer*>(aLayer);
-- bool needsGroup = aLayer->GetFirstChild() &&
-+ BasicContainerLayer* container =
-+ static_cast<BasicContainerLayer*>(aLayer->AsContainerLayer());
-+ bool needsGroup = container &&
- container->UseIntermediateSurface();
- BasicImplData* data = ToData(aLayer);
- bool needsClipToVisibleRegion =
- data->GetClipToVisibleRegion() && !aLayer->AsThebesLayer();
-- NS_ASSERTION(needsGroup || !aLayer->GetFirstChild() ||
-+ NS_ASSERTION(needsGroup || !container ||
- container->GetOperator() == CompositionOp::OP_OVER,
- "non-OVER operator should have forced UseIntermediateSurface");
-- NS_ASSERTION(!aLayer->GetFirstChild() || !aLayer->GetMaskLayer() ||
-+ NS_ASSERTION(!container || !aLayer->GetMaskLayer() ||
- container->UseIntermediateSurface(),
- "ContainerLayer with mask layer should force UseIntermediateSurface");
D gnu/packages/patches/icecat-CVE-2014-8634-pt1.patch => gnu/packages/patches/icecat-CVE-2014-8634-pt1.patch +0 -410
@@ 1,410 0,0 @@
-From 4f447768a2ff6bf37d462e033c11e20c733129ba Mon Sep 17 00:00:00 2001
-From: Jan de Mooij <jdemooij@mozilla.com>
-Date: Tue, 16 Dec 2014 22:52:51 +0100
-Subject: [PATCH] Bug 1109889 - Share more exception handling code. r=nbp,
- a=abillings
-
----
- js/src/jit/Ion.cpp | 11 ++++++++++-
- js/src/jit/IonMacroAssembler.cpp | 8 ++++----
- js/src/jit/JitCompartment.h | 8 ++++++--
- js/src/jit/arm/MacroAssembler-arm.cpp | 11 ++---------
- js/src/jit/arm/MacroAssembler-arm.h | 6 ++++--
- js/src/jit/arm/Trampoline-arm.cpp | 4 ++--
- js/src/jit/mips/MacroAssembler-mips.cpp | 11 ++---------
- js/src/jit/mips/MacroAssembler-mips.h | 7 +++++--
- js/src/jit/mips/Trampoline-mips.cpp | 4 ++--
- js/src/jit/shared/MacroAssembler-x86-shared.h | 3 +++
- js/src/jit/x64/MacroAssembler-x64.cpp | 11 ++---------
- js/src/jit/x64/MacroAssembler-x64.h | 3 +--
- js/src/jit/x64/Trampoline-x64.cpp | 4 ++--
- js/src/jit/x86/MacroAssembler-x86.cpp | 11 ++---------
- js/src/jit/x86/MacroAssembler-x86.h | 3 +--
- js/src/jit/x86/Trampoline-x86.cpp | 4 ++--
- 16 files changed, 50 insertions(+), 59 deletions(-)
-
-diff --git a/js/src/jit/Ion.cpp b/js/src/jit/Ion.cpp
-index 9635742..a77f9b4 100644
---- a/js/src/jit/Ion.cpp
-+++ b/js/src/jit/Ion.cpp
-@@ -150,6 +150,7 @@ JitRuntime::JitRuntime()
- : execAlloc_(nullptr),
- ionAlloc_(nullptr),
- exceptionTail_(nullptr),
-+ exceptionTailParallel_(nullptr),
- bailoutTail_(nullptr),
- enterJIT_(nullptr),
- bailoutHandler_(nullptr),
-@@ -198,10 +199,18 @@ JitRuntime::initialize(JSContext *cx)
- return false;
-
- IonSpew(IonSpew_Codegen, "# Emitting exception tail stub");
-- exceptionTail_ = generateExceptionTailStub(cx);
-+
-+ void *handler = JS_FUNC_TO_DATA_PTR(void *, jit::HandleException);
-+ void *handlerParallel = JS_FUNC_TO_DATA_PTR(void *, jit::HandleParallelFailure);
-+
-+ exceptionTail_ = generateExceptionTailStub(cx, handler);
- if (!exceptionTail_)
- return false;
-
-+ exceptionTailParallel_ = generateExceptionTailStub(cx, handlerParallel);
-+ if (!exceptionTailParallel_)
-+ return false;
-+
- IonSpew(IonSpew_Codegen, "# Emitting bailout tail stub");
- bailoutTail_ = generateBailoutTailStub(cx);
- if (!bailoutTail_)
-diff --git a/js/src/jit/IonMacroAssembler.cpp b/js/src/jit/IonMacroAssembler.cpp
-index 2326fe1..9f7cc8f 100644
---- a/js/src/jit/IonMacroAssembler.cpp
-+++ b/js/src/jit/IonMacroAssembler.cpp
-@@ -1030,18 +1030,18 @@ MacroAssembler::handleFailure(ExecutionMode executionMode)
- sps_->skipNextReenter();
- leaveSPSFrame();
-
-- void *handler;
-+ JitCode *excTail;
- switch (executionMode) {
- case SequentialExecution:
-- handler = JS_FUNC_TO_DATA_PTR(void *, jit::HandleException);
-+ excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
- break;
- case ParallelExecution:
-- handler = JS_FUNC_TO_DATA_PTR(void *, jit::HandleParallelFailure);
-+ excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTailParallel();
- break;
- default:
- MOZ_ASSUME_UNREACHABLE("No such execution mode");
- }
-- MacroAssemblerSpecific::handleFailureWithHandler(handler);
-+ jump(excTail);
-
- // Doesn't actually emit code, but balances the leave()
- if (sps_)
-diff --git a/js/src/jit/JitCompartment.h b/js/src/jit/JitCompartment.h
-index 486a29d..475a685 100644
---- a/js/src/jit/JitCompartment.h
-+++ b/js/src/jit/JitCompartment.h
-@@ -153,8 +153,9 @@ class JitRuntime
- // need for explicit interrupt checks.
- JSC::ExecutableAllocator *ionAlloc_;
-
-- // Shared post-exception-handler tail
-+ // Shared exception-handler tail.
- JitCode *exceptionTail_;
-+ JitCode *exceptionTailParallel_;
-
- // Shared post-bailout-handler tail.
- JitCode *bailoutTail_;
-@@ -214,7 +215,7 @@ class JitRuntime
- InlineList<PatchableBackedge> backedgeList_;
-
- private:
-- JitCode *generateExceptionTailStub(JSContext *cx);
-+ JitCode *generateExceptionTailStub(JSContext *cx, void *handler);
- JitCode *generateBailoutTailStub(JSContext *cx);
- JitCode *generateEnterJIT(JSContext *cx, EnterJitType type);
- JitCode *generateArgumentsRectifier(JSContext *cx, ExecutionMode mode, void **returnAddrOut);
-@@ -287,6 +288,9 @@ class JitRuntime
- JitCode *getExceptionTail() const {
- return exceptionTail_;
- }
-+ JitCode *getExceptionTailParallel() const {
-+ return exceptionTailParallel_;
-+ }
-
- JitCode *getBailoutTail() const {
- return bailoutTail_;
-diff --git a/js/src/jit/arm/MacroAssembler-arm.cpp b/js/src/jit/arm/MacroAssembler-arm.cpp
-index b34483c..63b3ff2 100644
---- a/js/src/jit/arm/MacroAssembler-arm.cpp
-+++ b/js/src/jit/arm/MacroAssembler-arm.cpp
-@@ -3984,25 +3984,18 @@ MacroAssemblerARMCompat::callWithABI(const Address &fun, MoveOp::Type result)
- }
-
- void
--MacroAssemblerARMCompat::handleFailureWithHandler(void *handler)
-+MacroAssemblerARMCompat::handleFailureWithHandlerTail(void *handler)
- {
- // Reserve space for exception information.
- int size = (sizeof(ResumeFromException) + 7) & ~7;
- ma_sub(Imm32(size), sp);
- ma_mov(sp, r0);
-
-- // Ask for an exception handler.
-+ // Call the handler.
- setupUnalignedABICall(1, r1);
- passABIArg(r0);
- callWithABI(handler);
-
-- JitCode *excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
-- branch(excTail);
--}
--
--void
--MacroAssemblerARMCompat::handleFailureWithHandlerTail()
--{
- Label entryFrame;
- Label catch_;
- Label finally;
-diff --git a/js/src/jit/arm/MacroAssembler-arm.h b/js/src/jit/arm/MacroAssembler-arm.h
-index 00e8a03..6ccc0be 100644
---- a/js/src/jit/arm/MacroAssembler-arm.h
-+++ b/js/src/jit/arm/MacroAssembler-arm.h
-@@ -711,6 +711,9 @@ class MacroAssemblerARMCompat : public MacroAssemblerARM
- void jump(Label *label) {
- as_b(label);
- }
-+ void jump(JitCode *code) {
-+ branch(code);
-+ }
- void jump(Register reg) {
- ma_bx(reg);
- }
-@@ -1202,8 +1205,7 @@ class MacroAssemblerARMCompat : public MacroAssemblerARM
-
- void linkExitFrame();
- void linkParallelExitFrame(const Register &pt);
-- void handleFailureWithHandler(void *handler);
-- void handleFailureWithHandlerTail();
-+ void handleFailureWithHandlerTail(void *handler);
-
- /////////////////////////////////////////////////////////////////
- // Common interface.
-diff --git a/js/src/jit/arm/Trampoline-arm.cpp b/js/src/jit/arm/Trampoline-arm.cpp
-index e539c00..693dad8 100644
---- a/js/src/jit/arm/Trampoline-arm.cpp
-+++ b/js/src/jit/arm/Trampoline-arm.cpp
-@@ -928,11 +928,11 @@ JitRuntime::generateDebugTrapHandler(JSContext *cx)
- }
-
- JitCode *
--JitRuntime::generateExceptionTailStub(JSContext *cx)
-+JitRuntime::generateExceptionTailStub(JSContext *cx, void *handler)
- {
- MacroAssembler masm;
-
-- masm.handleFailureWithHandlerTail();
-+ masm.handleFailureWithHandlerTail(handler);
-
- Linker linker(masm);
- AutoFlushICache afc("ExceptionTailStub");
-diff --git a/js/src/jit/mips/MacroAssembler-mips.cpp b/js/src/jit/mips/MacroAssembler-mips.cpp
-index cee93a5..256434d 100644
---- a/js/src/jit/mips/MacroAssembler-mips.cpp
-+++ b/js/src/jit/mips/MacroAssembler-mips.cpp
-@@ -3139,25 +3139,18 @@ MacroAssemblerMIPSCompat::callWithABI(const Address &fun, MoveOp::Type result)
- }
-
- void
--MacroAssemblerMIPSCompat::handleFailureWithHandler(void *handler)
-+MacroAssemblerMIPSCompat::handleFailureWithHandlerTail(void *handler)
- {
- // Reserve space for exception information.
- int size = (sizeof(ResumeFromException) + StackAlignment) & ~(StackAlignment - 1);
- ma_subu(StackPointer, StackPointer, Imm32(size));
- ma_move(a0, StackPointer); // Use a0 since it is a first function argument
-
-- // Ask for an exception handler.
-+ // Call the handler.
- setupUnalignedABICall(1, a1);
- passABIArg(a0);
- callWithABI(handler);
-
-- JitCode *excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
-- branch(excTail);
--}
--
--void
--MacroAssemblerMIPSCompat::handleFailureWithHandlerTail()
--{
- Label entryFrame;
- Label catch_;
- Label finally;
-diff --git a/js/src/jit/mips/MacroAssembler-mips.h b/js/src/jit/mips/MacroAssembler-mips.h
-index ed1f566..899a50e 100644
---- a/js/src/jit/mips/MacroAssembler-mips.h
-+++ b/js/src/jit/mips/MacroAssembler-mips.h
-@@ -481,6 +481,10 @@ class MacroAssemblerMIPSCompat : public MacroAssemblerMIPS
- as_nop();
- }
-
-+ void jump(JitCode *code) {
-+ branch(code);
-+ }
-+
- void neg32(Register reg) {
- ma_negu(reg, reg);
- }
-@@ -842,8 +846,7 @@ public:
-
- void linkExitFrame();
- void linkParallelExitFrame(const Register &pt);
-- void handleFailureWithHandler(void *handler);
-- void handleFailureWithHandlerTail();
-+ void handleFailureWithHandlerTail(void *handler);
-
- /////////////////////////////////////////////////////////////////
- // Common interface.
-diff --git a/js/src/jit/mips/Trampoline-mips.cpp b/js/src/jit/mips/Trampoline-mips.cpp
-index b456845..64c2385 100644
---- a/js/src/jit/mips/Trampoline-mips.cpp
-+++ b/js/src/jit/mips/Trampoline-mips.cpp
-@@ -960,11 +960,11 @@ JitRuntime::generateDebugTrapHandler(JSContext *cx)
-
-
- JitCode *
--JitRuntime::generateExceptionTailStub(JSContext *cx)
-+JitRuntime::generateExceptionTailStub(JSContext *cx, void *handler)
- {
- MacroAssembler masm;
-
-- masm.handleFailureWithHandlerTail();
-+ masm.handleFailureWithHandlerTail(handler);
-
- Linker linker(masm);
- AutoFlushICache afc("ExceptionTailStub");
-diff --git a/js/src/jit/shared/MacroAssembler-x86-shared.h b/js/src/jit/shared/MacroAssembler-x86-shared.h
-index 01d1a4b..779cf83 100644
---- a/js/src/jit/shared/MacroAssembler-x86-shared.h
-+++ b/js/src/jit/shared/MacroAssembler-x86-shared.h
-@@ -287,6 +287,9 @@ class MacroAssemblerX86Shared : public Assembler
- void jump(Label *label) {
- jmp(label);
- }
-+ void jump(JitCode *code) {
-+ jmp(code);
-+ }
- void jump(RepatchLabel *label) {
- jmp(label);
- }
-diff --git a/js/src/jit/x64/MacroAssembler-x64.cpp b/js/src/jit/x64/MacroAssembler-x64.cpp
-index 9a9f995..0db799c 100644
---- a/js/src/jit/x64/MacroAssembler-x64.cpp
-+++ b/js/src/jit/x64/MacroAssembler-x64.cpp
-@@ -287,24 +287,17 @@ MacroAssemblerX64::callWithABI(Address fun, MoveOp::Type result)
- }
-
- void
--MacroAssemblerX64::handleFailureWithHandler(void *handler)
-+MacroAssemblerX64::handleFailureWithHandlerTail(void *handler)
- {
- // Reserve space for exception information.
- subq(Imm32(sizeof(ResumeFromException)), rsp);
- movq(rsp, rax);
-
-- // Ask for an exception handler.
-+ // Call the handler.
- setupUnalignedABICall(1, rcx);
- passABIArg(rax);
- callWithABI(handler);
-
-- JitCode *excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
-- jmp(excTail);
--}
--
--void
--MacroAssemblerX64::handleFailureWithHandlerTail()
--{
- Label entryFrame;
- Label catch_;
- Label finally;
-diff --git a/js/src/jit/x64/MacroAssembler-x64.h b/js/src/jit/x64/MacroAssembler-x64.h
-index 2c11e9a..5010549 100644
---- a/js/src/jit/x64/MacroAssembler-x64.h
-+++ b/js/src/jit/x64/MacroAssembler-x64.h
-@@ -1288,8 +1288,7 @@ class MacroAssemblerX64 : public MacroAssemblerX86Shared
- void callWithABI(AsmJSImmPtr imm, MoveOp::Type result = MoveOp::GENERAL);
- void callWithABI(Address fun, MoveOp::Type result = MoveOp::GENERAL);
-
-- void handleFailureWithHandler(void *handler);
-- void handleFailureWithHandlerTail();
-+ void handleFailureWithHandlerTail(void *handler);
-
- void makeFrameDescriptor(Register frameSizeReg, FrameType type) {
- shlq(Imm32(FRAMESIZE_SHIFT), frameSizeReg);
-diff --git a/js/src/jit/x64/Trampoline-x64.cpp b/js/src/jit/x64/Trampoline-x64.cpp
-index 72f4592..3b83850 100644
---- a/js/src/jit/x64/Trampoline-x64.cpp
-+++ b/js/src/jit/x64/Trampoline-x64.cpp
-@@ -785,11 +785,11 @@ JitRuntime::generateDebugTrapHandler(JSContext *cx)
- }
-
- JitCode *
--JitRuntime::generateExceptionTailStub(JSContext *cx)
-+JitRuntime::generateExceptionTailStub(JSContext *cx, void *handler)
- {
- MacroAssembler masm;
-
-- masm.handleFailureWithHandlerTail();
-+ masm.handleFailureWithHandlerTail(handler);
-
- Linker linker(masm);
- JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
-diff --git a/js/src/jit/x86/MacroAssembler-x86.cpp b/js/src/jit/x86/MacroAssembler-x86.cpp
-index d36f4d3..57a0f85 100644
---- a/js/src/jit/x86/MacroAssembler-x86.cpp
-+++ b/js/src/jit/x86/MacroAssembler-x86.cpp
-@@ -281,24 +281,17 @@ MacroAssemblerX86::callWithABI(const Address &fun, MoveOp::Type result)
- }
-
- void
--MacroAssemblerX86::handleFailureWithHandler(void *handler)
-+MacroAssemblerX86::handleFailureWithHandlerTail(void *handler)
- {
- // Reserve space for exception information.
- subl(Imm32(sizeof(ResumeFromException)), esp);
- movl(esp, eax);
-
-- // Ask for an exception handler.
-+ // Call the handler.
- setupUnalignedABICall(1, ecx);
- passABIArg(eax);
- callWithABI(handler);
-
-- JitCode *excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
-- jmp(excTail);
--}
--
--void
--MacroAssemblerX86::handleFailureWithHandlerTail()
--{
- Label entryFrame;
- Label catch_;
- Label finally;
-diff --git a/js/src/jit/x86/MacroAssembler-x86.h b/js/src/jit/x86/MacroAssembler-x86.h
-index 17de7a7..7e578c8 100644
---- a/js/src/jit/x86/MacroAssembler-x86.h
-+++ b/js/src/jit/x86/MacroAssembler-x86.h
-@@ -1086,8 +1086,7 @@ class MacroAssemblerX86 : public MacroAssemblerX86Shared
- void callWithABI(const Address &fun, MoveOp::Type result = MoveOp::GENERAL);
-
- // Used from within an Exit frame to handle a pending exception.
-- void handleFailureWithHandler(void *handler);
-- void handleFailureWithHandlerTail();
-+ void handleFailureWithHandlerTail(void *handler);
-
- void makeFrameDescriptor(Register frameSizeReg, FrameType type) {
- shll(Imm32(FRAMESIZE_SHIFT), frameSizeReg);
-diff --git a/js/src/jit/x86/Trampoline-x86.cpp b/js/src/jit/x86/Trampoline-x86.cpp
-index 0a2f0de..9fd2c00 100644
---- a/js/src/jit/x86/Trampoline-x86.cpp
-+++ b/js/src/jit/x86/Trampoline-x86.cpp
-@@ -827,11 +827,11 @@ JitRuntime::generateDebugTrapHandler(JSContext *cx)
- }
-
- JitCode *
--JitRuntime::generateExceptionTailStub(JSContext *cx)
-+JitRuntime::generateExceptionTailStub(JSContext *cx, void *handler)
- {
- MacroAssembler masm;
-
-- masm.handleFailureWithHandlerTail();
-+ masm.handleFailureWithHandlerTail(handler);
-
- Linker linker(masm);
- JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
---
-2.1.2
-
D gnu/packages/patches/icecat-CVE-2014-8634-pt2.patch => gnu/packages/patches/icecat-CVE-2014-8634-pt2.patch +0 -30
@@ 1,30 0,0 @@
-From e5de31c8f927b1aa06dde02c356cda33beb463d9 Mon Sep 17 00:00:00 2001
-From: Kyle Huey <khuey@kylehuey.com>
-Date: Fri, 19 Dec 2014 18:16:17 -0800
-Subject: [PATCH] Bug 1111737. r=smaug, a=bkerensa
-
----
- content/base/src/nsScriptLoader.cpp | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/content/base/src/nsScriptLoader.cpp b/content/base/src/nsScriptLoader.cpp
-index a6a4c34..7f3a76e 100644
---- a/content/base/src/nsScriptLoader.cpp
-+++ b/content/base/src/nsScriptLoader.cpp
-@@ -812,7 +812,12 @@ NotifyOffThreadScriptLoadCompletedRunnable::Run()
- {
- MOZ_ASSERT(NS_IsMainThread());
-
-- nsresult rv = mLoader->ProcessOffThreadRequest(mRequest, &mToken);
-+ // We want these to be dropped on the main thread, once we return from this
-+ // function.
-+ nsRefPtr<nsScriptLoadRequest> request = mRequest.forget();
-+ nsRefPtr<nsScriptLoader> loader = mLoader.forget();
-+
-+ nsresult rv = loader->ProcessOffThreadRequest(request, &mToken);
-
- if (mToken) {
- // The result of the off thread parse was not actually needed to process
---
-2.1.2
-
D gnu/packages/patches/icecat-CVE-2014-8638-pt1.patch => gnu/packages/patches/icecat-CVE-2014-8638-pt1.patch +0 -27
@@ 1,27 0,0 @@
-From 0c4a326295bdb37742fe23f0395916d2ba8ade53 Mon Sep 17 00:00:00 2001
-From: Christoph Kerschbaumer <mozilla@christophkerschbaumer.com>
-Date: Wed, 19 Nov 2014 16:03:39 -0800
-Subject: [PATCH 1/2] Bug 1080987 - navigator.sendBeacon() needs to sent origin
- header. r=sicking, a=bkerensa
-
----
- dom/base/Navigator.cpp | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/dom/base/Navigator.cpp b/dom/base/Navigator.cpp
-index 0f03ad3..020e370 100644
---- a/dom/base/Navigator.cpp
-+++ b/dom/base/Navigator.cpp
-@@ -1265,6 +1265,9 @@ Navigator::SendBeacon(const nsAString& aUrl,
- principal,
- true);
-
-+ rv = cors->Init(channel, true);
-+ NS_ENSURE_SUCCESS(rv, false);
-+
- // Start a preflight if cross-origin and content type is not whitelisted
- rv = secMan->CheckSameOriginURI(documentURI, uri, false);
- bool crossOrigin = NS_FAILED(rv);
---
-2.1.2
-
D gnu/packages/patches/icecat-CVE-2014-8638-pt2.patch => gnu/packages/patches/icecat-CVE-2014-8638-pt2.patch +0 -149
@@ 1,149 0,0 @@
-From 0d47e593c685313571aaa00cb7341b458123c82f Mon Sep 17 00:00:00 2001
-From: Christoph Kerschbaumer <mozilla@christophkerschbaumer.com>
-Date: Wed, 19 Nov 2014 16:03:30 -0800
-Subject: [PATCH 2/2] Bug 1080987 - navigator.sendBeacon() needs to sent origin
- header - test. r=sicking, a=bkerensa
-
----
- .../beacon/beacon-originheader-handler.sjs | 41 ++++++++++++++
- dom/tests/mochitest/beacon/mochitest.ini | 2 +
- .../mochitest/beacon/test_beaconOriginHeader.html | 64 ++++++++++++++++++++++
- 3 files changed, 107 insertions(+)
- create mode 100644 dom/tests/mochitest/beacon/beacon-originheader-handler.sjs
- create mode 100644 dom/tests/mochitest/beacon/test_beaconOriginHeader.html
-
-diff --git a/dom/tests/mochitest/beacon/beacon-originheader-handler.sjs b/dom/tests/mochitest/beacon/beacon-originheader-handler.sjs
-new file mode 100644
-index 0000000..baed22c
---- /dev/null
-+++ b/dom/tests/mochitest/beacon/beacon-originheader-handler.sjs
-@@ -0,0 +1,41 @@
-+/*
-+ * TestSever customized specifically for the needs of:
-+ * Bug 1080987 - navigator.sendBeacon() needs to sent origin header
-+ */
-+
-+function handleRequest(request, response)
-+{
-+ response.setHeader("Cache-Control", "no-cache", false);
-+ response.setHeader("Content-Type", "text/plain", false);
-+
-+ // case XHR-REQUEST: the xhr-request tries to query the
-+ // stored header from the beacon request.
-+ if (request.queryString == "queryheader") {
-+ var header = getState("originHeader");
-+ // if the beacon already stored the header - return.
-+ if (header) {
-+ response.write(header);
-+ setState("originHeader", "");
-+ return;
-+ }
-+ // otherwise wait for the beacon request
-+ response.processAsync();
-+ setObjectState("xhr-response", response);
-+ return;
-+ }
-+
-+ // case BEACON-REQUEST: get the beacon header and
-+ // store the header on the server.
-+ var header = request.getHeader("origin");
-+ setState("originHeader", header);
-+
-+ // if there is an xhr-request waiting, return the header now.
-+ getObjectState("xhr-response", function(xhrResponse) {
-+ if (!xhrResponse) {
-+ return;
-+ }
-+ setState("originHeader", "");
-+ xhrResponse.write(header);
-+ xhrResponse.finish();
-+ });
-+}
-diff --git a/dom/tests/mochitest/beacon/mochitest.ini b/dom/tests/mochitest/beacon/mochitest.ini
-index f65276e..6681fa4 100644
---- a/dom/tests/mochitest/beacon/mochitest.ini
-+++ b/dom/tests/mochitest/beacon/mochitest.ini
-@@ -2,8 +2,10 @@
- skip-if = buildapp == 'b2g' || e10s
- support-files = beacon-frame.html
- beacon-handler.sjs
-+ beacon-originheader-handler.sjs
-
- [test_beacon.html]
- [test_beaconFrame.html]
- [test_beaconPreflight.html]
- [test_beaconContentPolicy.html]
-+[test_beaconOriginHeader.html]
-diff --git a/dom/tests/mochitest/beacon/test_beaconOriginHeader.html b/dom/tests/mochitest/beacon/test_beaconOriginHeader.html
-new file mode 100644
-index 0000000..b5684a9
---- /dev/null
-+++ b/dom/tests/mochitest/beacon/test_beaconOriginHeader.html
-@@ -0,0 +1,64 @@
-+<!DOCTYPE HTML>
-+<html>
-+<head>
-+ <title>Bug 1080987 - navigator.sendBeacon() needs to sent origin header</title>
-+ <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
-+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-+</head>
-+<body>
-+ <p id="display"></p>
-+ <div id="content" style="visibility: hidden">
-+ <iframe style="width:100%;" id="testframe"></iframe>
-+ </div>
-+
-+<script class="testbody" type="text/javascript">
-+
-+SimpleTest.waitForExplicitFinish();
-+
-+const BEACON_URL = "http://example.com/tests/dom/tests/mochitest/beacon/beacon-originheader-handler.sjs";
-+const ORIGIN_HEADER = "http://mochi.test:8888";
-+
-+/* Description of the test:
-+ * We call sendBeacon() cross origin and make sure that the
-+ * origin header is actually set in the request.
-+ *
-+ * Since sendBeacon() does not expect any response, we are storing the
-+ * header on the server (*.sjs) and use an XMLHttpRequest to actually
-+ * retrieve the header back from the server. We assert that the header
-+ * is indeed correct. Since sendBeacon() and also the XMLHttpRequest()
-+ * are performed in an asynchronous fashion, there is no guarantee that
-+ * the sendBeacon() is actually executed before the XMLHttpRequest().
-+ * Hence the xhr-response might be processed asynchronously.
-+ */
-+
-+SpecialPowers.pushPrefEnv({'set': [["beacon.enabled", true]]}, runTest);
-+
-+function queryHeaderFromServer() {
-+ var xhr = new XMLHttpRequest();
-+ xhr.open("GET", "beacon-originheader-handler.sjs?queryheader", true);
-+ xhr.onload = function() {
-+ is(xhr.responseText, ORIGIN_HEADER, "SendBeacon sends right origin header");
-+ SimpleTest.finish();
-+ };
-+ xhr.onerror = function() {
-+ ok(false, "xhr request returned error");
-+ SimpleTest.finish();
-+ };
-+ xhr.send();
-+}
-+
-+function runTest() {
-+ // generate data and send beacon
-+ var formData = new FormData();
-+ formData.append('name', 'value');
-+ navigator.sendBeacon(BEACON_URL, formData);
-+
-+ // start quering the result from the server
-+ queryHeaderFromServer();
-+}
-+
-+</script>
-+</pre>
-+</body>
-+</html>
---
-2.1.2
-
D gnu/packages/patches/icecat-CVE-2014-8639.patch => gnu/packages/patches/icecat-CVE-2014-8639.patch +0 -92
@@ 1,92 0,0 @@
-From f80b2eefd451b8ed0fd783d9b9ed0412c8d46efd Mon Sep 17 00:00:00 2001
-From: Patrick McManus <mcmanus@ducksong.com>
-Date: Thu, 11 Dec 2014 13:55:16 -0500
-Subject: [PATCH] bug 1095859 - proxy tweak r=valentin.gosu a=bkerensa
-
----
- netwerk/protocol/http/nsHttpChannel.cpp | 7 ++++++-
- netwerk/test/unit/test_auth_proxy.js | 29 +++++++++++++++++++++++++++++
- 2 files changed, 35 insertions(+), 1 deletion(-)
-
-diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
-index f20e033..35e71c7 100644
---- a/netwerk/protocol/http/nsHttpChannel.cpp
-+++ b/netwerk/protocol/http/nsHttpChannel.cpp
-@@ -1237,7 +1237,12 @@ nsHttpChannel::ProcessResponse()
- // notify "http-on-examine-response" observers
- gHttpHandler->OnExamineResponse(this);
-
-- SetCookie(mResponseHead->PeekHeader(nsHttp::Set_Cookie));
-+ // Cookies should not be handled on proxy failure either.
-+ // This would be consolidated with ProcessSecurityHeaders but it should
-+ // happen after OnExamineResponse.
-+ if (!mTransaction->ProxyConnectFailed() && (httpStatus != 407)) {
-+ SetCookie(mResponseHead->PeekHeader(nsHttp::Set_Cookie));
-+ }
-
- // handle unused username and password in url (see bug 232567)
- if (httpStatus != 401 && httpStatus != 407) {
-diff --git a/netwerk/test/unit/test_auth_proxy.js b/netwerk/test/unit/test_auth_proxy.js
-index 6af4e98..9275d6d 100644
---- a/netwerk/test/unit/test_auth_proxy.js
-+++ b/netwerk/test/unit/test_auth_proxy.js
-@@ -172,6 +172,12 @@ var listener = {
- // If we expect 200, the request should have succeeded
- do_check_eq(this.expectedCode == 200, request.requestSucceeded);
-
-+ var cookie = "";
-+ try {
-+ cookie = request.getRequestHeader("Cookie");
-+ } catch (e) { }
-+ do_check_eq(cookie, "");
-+
- } catch (e) {
- do_throw("Unexpected exception: " + e);
- }
-@@ -261,6 +267,25 @@ function test_all_ok() {
- do_test_pending();
- }
-
-+function test_proxy_407_cookie() {
-+ var chan = makeChan();
-+ chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 0);
-+ chan.setRequestHeader("X-Set-407-Cookie", "1", false);
-+ listener.expectedCode = 407; // Proxy Unauthorized
-+ chan.asyncOpen(listener, null);
-+
-+ do_test_pending();
-+}
-+
-+function test_proxy_200_cookie() {
-+ var chan = makeChan();
-+ chan.notificationCallbacks = new Requestor(0, 0);
-+ chan.setRequestHeader("X-Set-407-Cookie", "1", false);
-+ listener.expectedCode = 200; // OK
-+ chan.asyncOpen(listener, null);
-+ do_test_pending();
-+}
-+
- function test_host_returnfalse() {
- dump("\ntest: host returnfalse\n");
- var chan = makeChan();
-@@ -301,6 +326,7 @@ function test_proxy_wrongpw_host_returnfalse() {
- }
-
- var tests = [test_proxy_returnfalse, test_proxy_wrongpw, test_all_ok,
-+ test_proxy_407_cookie, test_proxy_200_cookie,
- test_host_returnfalse, test_host_wrongpw,
- test_proxy_wrongpw_host_wrongpw, test_proxy_wrongpw_host_returnfalse];
-
-@@ -331,6 +357,9 @@ function proxyAuthHandler(metadata, response) {
- "Unauthorized by HTTP proxy");
- response.setHeader("Proxy-Authenticate",
- 'Basic realm="' + realm + '"', false);
-+ if (metadata.hasHeader("X-Set-407-Cookie")) {
-+ response.setHeader("Set-Cookie", "chewy", false);
-+ }
- body = "failed";
- response.bodyOutputStream.write(body, body.length);
- }
---
-2.1.2
-
D gnu/packages/patches/icecat-CVE-2014-8641.patch => gnu/packages/patches/icecat-CVE-2014-8641.patch +0 -29
@@ 1,29 0,0 @@
-From e36a3dd359ff0ac9c8796d41bedc884218d479e7 Mon Sep 17 00:00:00 2001
-From: Paul Adenot <paul@paul.cx>
-Date: Tue, 16 Dec 2014 18:45:40 +0100
-Subject: [PATCH] Bug 1108455. r=kinetik, a=sledru
-
----
- media/libcubeb/src/cubeb_wasapi.cpp | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/media/libcubeb/src/cubeb_wasapi.cpp b/media/libcubeb/src/cubeb_wasapi.cpp
-index 135aa86..5387a4f 100644
---- a/media/libcubeb/src/cubeb_wasapi.cpp
-+++ b/media/libcubeb/src/cubeb_wasapi.cpp
-@@ -365,10 +365,8 @@ wasapi_stream_render_loop(LPVOID stream)
- assert(padding <= stm->buffer_frame_count);
-
- if (stm->draining) {
-- if (padding == 0) {
-- stm->state_callback(stm, stm->user_ptr, CUBEB_STATE_DRAINED);
-- is_playing = false;
-- }
-+ stm->state_callback(stm, stm->user_ptr, CUBEB_STATE_DRAINED);
-+ is_playing = false;
- continue;
- }
-
---
-2.1.2
-
D gnu/packages/patches/icecat-armhf-xpcom.patch => gnu/packages/patches/icecat-armhf-xpcom.patch +0 -25
@@ 1,25 0,0 @@
-From 06198585dae1e4079b4b52b49827fd5b826030b7 Mon Sep 17 00:00:00 2001
-From: Douglas Crosher <dtc-moz@scieneer.com>
-Date: Sun, 16 Nov 2014 00:29:23 +1100
-Subject: [PATCH] Bug 1050258 - ARM hard-float XPCOM: correct argument passing.
- r=mjrosenb, a=bkerensa
-
----
- xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp b/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp
-index 946b7e3..c1c536b 100644
---- a/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp
-+++ b/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp
-@@ -224,6 +224,7 @@ static inline void copy_dword(uint32_t* &ireg_args,
- *(uint64_t *)ireg_args = data;
- ireg_args += 2;
- } else {
-+ ireg_args = end;
- if ((uint32_t)stack_args & 4) {
- stack_args++;
- }
---
-2.1.2
-