aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-01-28 00:22:49 -0500
committerMark H Weaver <mhw@netris.org>2016-01-28 00:34:20 -0500
commit29a780147d066d5ce218d1fa2678a0a36a1145e3 (patch)
tree447a0dd62011ec61c4fb5b39a72612e24ae3bdf6 /gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
parenta394c60aa381d2284e382b48af990b6bdc5f33b4 (diff)
downloadguix-29a780147d066d5ce218d1fa2678a0a36a1145e3.tar.gz
guix-29a780147d066d5ce218d1fa2678a0a36a1145e3.zip
gnu: icecat: Add fixes for CVE-2016-{1930,1935} and other bugs.
* gnu/packages/patches/icecat-CVE-2016-1930-pt01.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt02.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt03.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt04.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt05.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt07.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt08.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt09.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt10.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt11.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt12.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt13.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt14.patch, gnu/packages/patches/icecat-CVE-2016-1930-pt15.patch, gnu/packages/patches/icecat-CVE-2016-1935.patch, gnu/packages/patches/icecat-bug-1146335-pt1.patch, gnu/packages/patches/icecat-bug-1146335-pt2.patch, gnu/packages/patches/icecat-limit-max-buffers-size-for-ANGLE.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch170
1 files changed, 170 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch b/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
new file mode 100644
index 0000000000..ec1f479ee4
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2016-1930-pt06.patch
@@ -0,0 +1,170 @@
+Copied from: https://hg.mozilla.org/releases/mozilla-esr38/rev/93617c30c0df
+Security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
+Mozilla Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1230686
+
+# HG changeset patch
+# User Lee Salzman <lsalzman@mozilla.com>
+# Date 1451932822 18000
+# Node ID 93617c30c0df35f719dead526b78649d564f5ac3
+# Parent 4f6e81673f6938719c86516606f2fda493e8c23c
+Bug 1230686 - use RefPtr<DrawTarget>& instead of DrawTarget* to track changes in SurfaceFromElement a=ritu
+
+diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp
+--- a/layout/base/nsLayoutUtils.cpp
++++ b/layout/base/nsLayoutUtils.cpp
+@@ -6494,17 +6494,17 @@ nsLayoutUtils::IsReallyFixedPos(nsIFrame
+ nsIAtom *parentType = aFrame->GetParent()->GetType();
+ return parentType == nsGkAtoms::viewportFrame ||
+ parentType == nsGkAtoms::pageContentFrame;
+ }
+
+ nsLayoutUtils::SurfaceFromElementResult
+ nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement,
+ uint32_t aSurfaceFlags,
+- DrawTarget* aTarget)
++ RefPtr<DrawTarget>& aTarget)
+ {
+ SurfaceFromElementResult result;
+ nsresult rv;
+
+ nsCOMPtr<imgIRequest> imgRequest;
+ rv = aElement->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST,
+ getter_AddRefs(imgRequest));
+ if (NS_FAILED(rv) || !imgRequest)
+@@ -6586,41 +6586,41 @@ nsLayoutUtils::SurfaceFromElement(nsIIma
+ result.mImageRequest = imgRequest.forget();
+
+ return result;
+ }
+
+ nsLayoutUtils::SurfaceFromElementResult
+ nsLayoutUtils::SurfaceFromElement(HTMLImageElement *aElement,
+ uint32_t aSurfaceFlags,
+- DrawTarget* aTarget)
++ RefPtr<DrawTarget>& aTarget)
+ {
+ return SurfaceFromElement(static_cast<nsIImageLoadingContent*>(aElement),
+ aSurfaceFlags, aTarget);
+ }
+
+ nsLayoutUtils::SurfaceFromElementResult
+ nsLayoutUtils::SurfaceFromElement(HTMLCanvasElement* aElement,
+ uint32_t aSurfaceFlags,
+- DrawTarget* aTarget)
++ RefPtr<DrawTarget>& aTarget)
+ {
+ SurfaceFromElementResult result;
+
+ bool* isPremultiplied = nullptr;
+ if (aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) {
+ isPremultiplied = &result.mIsPremultiplied;
+ }
+
+ gfxIntSize size = aElement->GetSize();
+
+ result.mSourceSurface = aElement->GetSurfaceSnapshot(isPremultiplied);
+ if (!result.mSourceSurface) {
+ // If the element doesn't have a context then we won't get a snapshot. The canvas spec wants us to not error and just
+ // draw nothing, so return an empty surface.
+- DrawTarget *ref = aTarget ? aTarget : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget();
++ DrawTarget *ref = aTarget ? aTarget.get() : gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget();
+ RefPtr<DrawTarget> dt = ref->CreateSimilarDrawTarget(IntSize(size.width, size.height),
+ SurfaceFormat::B8G8R8A8);
+ if (dt) {
+ result.mSourceSurface = dt->Snapshot();
+ }
+ } else if (aTarget) {
+ RefPtr<SourceSurface> opt = aTarget->OptimizeSourceSurface(result.mSourceSurface);
+ if (opt) {
+@@ -6637,17 +6637,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLCa
+ result.mIsWriteOnly = aElement->IsWriteOnly();
+
+ return result;
+ }
+
+ nsLayoutUtils::SurfaceFromElementResult
+ nsLayoutUtils::SurfaceFromElement(HTMLVideoElement* aElement,
+ uint32_t aSurfaceFlags,
+- DrawTarget* aTarget)
++ RefPtr<DrawTarget>& aTarget)
+ {
+ SurfaceFromElementResult result;
+
+ NS_WARN_IF_FALSE((aSurfaceFlags & SFE_PREFER_NO_PREMULTIPLY_ALPHA) == 0, "We can't support non-premultiplied alpha for video!");
+
+ #ifdef MOZ_EME
+ if (aElement->ContainsRestrictedContent()) {
+ return result;
+@@ -6689,17 +6689,17 @@ nsLayoutUtils::SurfaceFromElement(HTMLVi
+ result.mIsWriteOnly = false;
+
+ return result;
+ }
+
+ nsLayoutUtils::SurfaceFromElementResult
+ nsLayoutUtils::SurfaceFromElement(dom::Element* aElement,
+ uint32_t aSurfaceFlags,
+- DrawTarget* aTarget)
++ RefPtr<DrawTarget>& aTarget)
+ {
+ // If it's a <canvas>, we may be able to just grab its internal surface
+ if (HTMLCanvasElement* canvas =
+ HTMLCanvasElement::FromContentOrNull(aElement)) {
+ return SurfaceFromElement(canvas, aSurfaceFlags, aTarget);
+ }
+
+ // Maybe it's <video>?
+diff --git a/layout/base/nsLayoutUtils.h b/layout/base/nsLayoutUtils.h
+--- a/layout/base/nsLayoutUtils.h
++++ b/layout/base/nsLayoutUtils.h
+@@ -2018,33 +2018,39 @@ public:
+ bool mIsStillLoading;
+ /* Whether the element used CORS when loading. */
+ bool mCORSUsed;
+ /* Whether the returned image contains premultiplied pixel data */
+ bool mIsPremultiplied;
+ };
+
+ static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement,
+- uint32_t aSurfaceFlags = 0,
+- DrawTarget *aTarget = nullptr);
++ uint32_t aSurfaceFlags,
++ mozilla::RefPtr<DrawTarget>& aTarget);
++ static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::Element *aElement,
++ uint32_t aSurfaceFlags = 0) {
++ mozilla::RefPtr<DrawTarget> target = nullptr;
++ return SurfaceFromElement(aElement, aSurfaceFlags, target);
++ }
++
+ static SurfaceFromElementResult SurfaceFromElement(nsIImageLoadingContent *aElement,
+- uint32_t aSurfaceFlags = 0,
+- DrawTarget *aTarget = nullptr);
++ uint32_t aSurfaceFlags,
++ mozilla::RefPtr<DrawTarget>& aTarget);
+ // Need an HTMLImageElement overload, because otherwise the
+ // nsIImageLoadingContent and mozilla::dom::Element overloads are ambiguous
+ // for HTMLImageElement.
+ static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLImageElement *aElement,
+- uint32_t aSurfaceFlags = 0,
+- DrawTarget *aTarget = nullptr);
++ uint32_t aSurfaceFlags,
++ mozilla::RefPtr<DrawTarget>& aTarget);
+ static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLCanvasElement *aElement,
+- uint32_t aSurfaceFlags = 0,
+- DrawTarget *aTarget = nullptr);
++ uint32_t aSurfaceFlags,
++ mozilla::RefPtr<DrawTarget>& aTarget);
+ static SurfaceFromElementResult SurfaceFromElement(mozilla::dom::HTMLVideoElement *aElement,
+- uint32_t aSurfaceFlags = 0,
+- DrawTarget *aTarget = nullptr);
++ uint32_t aSurfaceFlags,
++ mozilla::RefPtr<DrawTarget>& aTarget);
+
+ /**
+ * When the document is editable by contenteditable attribute of its root
+ * content or body content.
+ *
+ * Be aware, this returns nullptr if it's in designMode.
+ *
+ * For example:
+