diff options
author | Mark H Weaver <mhw@netris.org> | 2016-01-28 00:22:49 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-01-28 00:34:20 -0500 |
commit | 29a780147d066d5ce218d1fa2678a0a36a1145e3 (patch) | |
tree | 447a0dd62011ec61c4fb5b39a72612e24ae3bdf6 /gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch | |
parent | a394c60aa381d2284e382b48af990b6bdc5f33b4 (diff) | |
download | guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.tar.gz guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.zip |
gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch,
gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch,
gnu/packages/patches/icecat-CVE-2016-1935.patch,
gnu/packages/patches/icecat-bug-1146335-pt1.patch,
gnu/packages/patches/icecat-bug-1146335-pt2.patch,
gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New
files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch')
-rw-r--r-- | gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch new file mode 100644 index 0000000000..ec1f479ee4 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch @@ -0,0 +1,170 @@ +Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/93617c30c0df +Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/ +Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230686 + +# HG changeset patch +# User Lee Salzman <lsalzman@mozilla.com> +# Date 1451932822 18000 +# Node ID 93617c30c0df35f719dead526b78649d564f5ac3 +# Parent 4f6e81673f6938719c86516606f2fda493e8c23c +Bug 1230686 - use RefPtr<DrawTarget>& instead of DrawTarget* to track changes in SurfaceFromElement a=ritu + +diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp +--- a/layout/base/nsLayoutUtils.cpp ++++ b/layout/base/nsLayoutUtils.cpp +@@ -6494,17 +6494,17 @@ nsLayoutUtils::IsReallyFixedPos(nsIFrame + nsIAtom *parentType = aFrame->GetParent()->GetType(); + return parentType == nsGkAtoms::viewportFrame || + parentType == nsGkAtoms::pageContentFrame; + } + + nsLayoutUtils::SurfaceFromElementResult + nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement, + uint32_t aSurfaceFlags, +- DrawTarget* aTarget) ++ RefPtr<DrawTarget>& aTarget) + { + SurfaceFromElementResult result; + nsresult rv; + + nsCOMPtr<imgIRequest> imgRequest; + rv = aElement->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST, + getter_AddRefs(imgRequest)); + if (NS_FAILED(rv) || !imgRequest) +@@ -6586,41 +6586,41 @@ nsLayoutUtils::SurfaceFromElement(nsIIma + result.mImageRequest = imgRequest.forget(); + + return result; + } + + nsLayoutUtils::SurfaceFromElementResult + nsLayoutUtils::SurfaceFromElement(HTMLImageElement *aElement, + uint32_t aSurfaceFlags, +- DrawTarget* aTarget) ++ RefPtr<DrawTarget>& aTarget) + { + return SurfaceFromElement(static_cast<nsIImageLoadingContent*>(aElement), + aSurfaceFlags, aTarget); + } + + nsLayoutUtils::SurfaceFromElementResult + nsLayoutUtils::SurfaceFromElement(HTMLCanvasElement* aElement, + uint32_t aSurfaceFlags, +- DrawTarget* aTarget) ++ RefPtr<DrawTarget>& aTarget) + { + SurfaceFromElementResult result; + + bool* isPremultiplied = nullptr; + if (aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) { + isPremultiplied = &result.mIsPremultiplied; + } + + gfxIntSize size = aElement->GetSize(); + + result.mSourceSurface = aElement->GetSurfaceSnapshot(isPremultiplied); + if (!result.mSourceSurface) { + // If the element doesn't have a context then we won't get a snapshot. The canvas spec wants us to not error and just + // draw nothing, so return an empty surface. +- DrawTarget *ref = aTarget ? aTarget : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget(); ++ DrawTarget *ref = aTarget ? aTarget.get() : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget(); + RefPtr<DrawTarget> dt = ref->CreateSimilarDrawTarget(IntSize(size.width, size.height), + SurfaceFormat::B8G8R8A8); + if (dt) { + result.mSourceSurface = dt->Snapshot(); + } + } else if (aTarget) { + RefPtr<SourceSurface> opt = aTarget->OptimizeSourceSurface(result.mSourceSurface); + if (opt) { +@@ -6637,17 +6637,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLCa + result.mIsWriteOnly = aElement->IsWriteOnly(); + + return result; + } + + nsLayoutUtils::SurfaceFromElementResult + nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement, + uint32_t aSurfaceFlags, +- DrawTarget* aTarget) ++ RefPtr<DrawTarget>& aTarget) + { + SurfaceFromElementResult result; + + NS_WARN_IF_FALSE((aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) == 0, "We can't support non-premultiplied alpha for video!"); + + #ifdef MOZ_EME + if (aElement->ContainsRestrictedContent()) { + return result; +@@ -6689,17 +6689,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLVi + result.mIsWriteOnly = false; + + return result; + } + + nsLayoutUtils::SurfaceFromElementResult + nsLayoutUtils::SurfaceFromElement(dom::Element* aElement, + uint32_t aSurfaceFlags, +- DrawTarget* aTarget) ++ RefPtr<DrawTarget>& aTarget) + { + // If it's a <canvas>, we may be able to just grab its internal surface + if (HTMLCanvasElement* canvas = + HTMLCanvasElement::FromContentOrNull(aElement)) { + return SurfaceFromElement(canvas, aSurfaceFlags, aTarget); + } + + // Maybe it's <video>? +diff --git a/layout/base/nsLayoutUtils.h b/layout/base/nsLayoutUtils.h +--- a/layout/base/nsLayoutUtils.h ++++ b/layout/base/nsLayoutUtils.h +@@ -2018,33 +2018,39 @@ public: + bool mIsStillLoading; + /* Whether the element used CORS when loading. */ + bool mCORSUsed; + /* Whether the returned image contains premultiplied pixel data */ + bool mIsPremultiplied; + }; + + static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement, +- uint32_t aSurfaceFlags = 0, +- DrawTarget *aTarget = nullptr); ++ uint32_t aSurfaceFlags, ++ mozilla::RefPtr<DrawTarget>& aTarget); ++ static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement, ++ uint32_t aSurfaceFlags = 0) { ++ mozilla::RefPtr<DrawTarget> target = nullptr; ++ return SurfaceFromElement(aElement, aSurfaceFlags, target); ++ } ++ + static SurfaceFromElementResult SurfaceFromElement(nsIImageLoadingContent *aElement, +- uint32_t aSurfaceFlags = 0, +- DrawTarget *aTarget = nullptr); ++ uint32_t aSurfaceFlags, ++ mozilla::RefPtr<DrawTarget>& aTarget); + // Need an HTMLImageElement overload, because otherwise the + // nsIImageLoadingContent and mozilla::dom::Element overloads are ambiguous + // for HTMLImageElement. + static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLImageElement *aElement, +- uint32_t aSurfaceFlags = 0, +- DrawTarget *aTarget = nullptr); ++ uint32_t aSurfaceFlags, ++ mozilla::RefPtr<DrawTarget>& aTarget); + static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLCanvasElement *aElement, +- uint32_t aSurfaceFlags = 0, +- DrawTarget *aTarget = nullptr); ++ uint32_t aSurfaceFlags, ++ mozilla::RefPtr<DrawTarget>& aTarget); + static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLVideoElement *aElement, +- uint32_t aSurfaceFlags = 0, +- DrawTarget *aTarget = nullptr); ++ uint32_t aSurfaceFlags, ++ mozilla::RefPtr<DrawTarget>& aTarget); + + /** + * When the document is editable by contenteditable attribute of its root + * content or body content. + * + * Be aware, this returns nullptr if it's in designMode. + * + * For example: + |