svn commit: r462554 - in head/www/waterfox: . files

Jan Beich jbeich at FreeBSD.org
Thu Feb 22 00:59:44 UTC 2018


Author: jbeich
Date: Thu Feb 22 00:59:42 2018
New Revision: 462554
URL: https://svnweb.freebsd.org/changeset/ports/462554

Log:
  www/waterfox: apply some FF59 fixes

Added:
  head/www/waterfox/files/patch-bug1388020   (contents, props changed)
  head/www/waterfox/files/patch-bug1435566   (contents, props changed)
  head/www/waterfox/files/patch-bug1436768   (contents, props changed)
  head/www/waterfox/files/patch-bug1437214   (contents, props changed)
  head/www/waterfox/files/patch-bug1438645   (contents, props changed)
Modified:
  head/www/waterfox/Makefile   (contents, props changed)

Modified: head/www/waterfox/Makefile
==============================================================================
--- head/www/waterfox/Makefile	Thu Feb 22 00:59:19 2018	(r462553)
+++ head/www/waterfox/Makefile	Thu Feb 22 00:59:42 2018	(r462554)
@@ -2,7 +2,7 @@
 
 PORTNAME=	waterfox
 DISTVERSION=	56.0.4
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	www ipv6
 
 MAINTAINER=	jbeich at FreeBSD.org

Added: head/www/waterfox/files/patch-bug1388020
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/waterfox/files/patch-bug1388020	Thu Feb 22 00:59:42 2018	(r462554)
@@ -0,0 +1,439 @@
+commit 56cb3a82e6f1
+Author: Andrew Osmond <aosmond at mozilla.com>
+Date:   Wed Feb 7 09:33:12 2018 -0500
+
+    Bug 1388020. r=nical a=RyanVM
+    
+    --HG--
+    extra : source : fd15c14e5efb1874591f4e113c1ae1c49154804f
+---
+ gfx/layers/client/TextureClient.h                |  2 +-
+ gfx/layers/composite/TextureHost.cpp             | 65 +++++++++++++++++++-----
+ gfx/layers/composite/X11TextureHost.cpp          | 13 +++--
+ gfx/layers/d3d11/TextureD3D11.cpp                |  6 +--
+ gfx/layers/opengl/MacIOSurfaceTextureHostOGL.cpp |  8 +++
+ gfx/layers/opengl/TextureHostOGL.cpp             | 25 ++-------
+ gfx/tests/gtest/TestLayers.h                     | 16 ++++++
+ gfx/tests/gtest/TestTextureCompatibility.cpp     | 12 +++--
+ gfx/tests/gtest/TestTextures.cpp                 |  7 ++-
+ gfx/tests/gtest/TextureHelper.h                  |  3 +-
+ 10 files changed, 108 insertions(+), 49 deletions(-)
+
+diff --git gfx/layers/client/TextureClient.h gfx/layers/client/TextureClient.h
+index e56ea21841ad..81be2867ca7a 100644
+--- gfx/layers/client/TextureClient.h
++++ gfx/layers/client/TextureClient.h
+@@ -761,7 +761,7 @@ protected:
+   friend void TestTextureClientSurface(TextureClient*, gfxImageSurface*);
+   friend void TestTextureClientYCbCr(TextureClient*, PlanarYCbCrData&);
+   friend already_AddRefed<TextureHost> CreateTextureHostWithBackend(
+-    TextureClient*, LayersBackend&);
++    TextureClient*, ISurfaceAllocator*, LayersBackend&);
+ 
+ #ifdef GFX_DEBUG_TRACK_CLIENTS_IN_POOL
+ public:
+diff --git gfx/layers/composite/TextureHost.cpp gfx/layers/composite/TextureHost.cpp
+index a48a9081e155..e0a74920fbe5 100644
+--- gfx/layers/composite/TextureHost.cpp
++++ gfx/layers/composite/TextureHost.cpp
+@@ -116,15 +116,9 @@ TextureHost::CreateIPDLActor(HostIPCAllocator* aAllocator,
+                              uint64_t aSerial,
+                              const wr::MaybeExternalImageId& aExternalImageId)
+ {
+-  if (aSharedData.type() == SurfaceDescriptor::TSurfaceDescriptorBuffer &&
+-      aSharedData.get_SurfaceDescriptorBuffer().data().type() == MemoryOrShmem::Tuintptr_t &&
+-      !aAllocator->IsSameProcess())
+-  {
+-    NS_ERROR("A client process is trying to peek at our address space using a MemoryTexture!");
+-    return nullptr;
+-  }
+   TextureParent* actor = new TextureParent(aAllocator, aSerial, aExternalImageId);
+   if (!actor->Init(aSharedData, aLayersBackend, aFlags)) {
++    actor->ActorDestroy(ipc::IProtocol::ActorDestroyReason::FailedConstructor);
+     delete actor;
+     return nullptr;
+   }
+@@ -232,6 +226,11 @@ TextureHost::Create(const SurfaceDescriptor& aDesc,
+ 
+ #ifdef MOZ_X11
+     case SurfaceDescriptor::TSurfaceDescriptorX11: {
++      if (!aDeallocator->IsSameProcess()) {
++        NS_ERROR("A client process is trying to peek at our address space using a X11Texture!");
++        return nullptr;
++      }
++
+       const SurfaceDescriptorX11& desc = aDesc.get_SurfaceDescriptorX11();
+       result = MakeAndAddRef<X11TextureHost>(aFlags, desc);
+       break;
+@@ -248,7 +247,7 @@ TextureHost::Create(const SurfaceDescriptor& aDesc,
+       MOZ_CRASH("GFX: Unsupported Surface type host");
+   }
+ 
+-  if (WrapWithWebRenderTextureHost(aDeallocator, aBackend, aFlags)) {
++  if (result && WrapWithWebRenderTextureHost(aDeallocator, aBackend, aFlags)) {
+     MOZ_ASSERT(aExternalImageId.isSome());
+     result = new WebRenderTextureHost(aDesc, aFlags, result, aExternalImageId.ref());
+   }
+@@ -269,13 +268,50 @@ CreateBackendIndependentTextureHost(const SurfaceDescriptor& aDesc,
+       const MemoryOrShmem& data = bufferDesc.data();
+       switch (data.type()) {
+         case MemoryOrShmem::TShmem: {
+-          result = new ShmemTextureHost(data.get_Shmem(),
+-                                        bufferDesc.desc(),
+-                                        aDeallocator,
+-                                        aFlags);
++          const ipc::Shmem& shmem = data.get_Shmem();
++          const BufferDescriptor& desc = bufferDesc.desc();
++          if (!shmem.IsReadable()) {
++            // We failed to map the shmem so we can't verify its size. This
++            // should not be a fatal error, so just create the texture with
++            // nothing backing it.
++            result = new ShmemTextureHost(shmem, desc, aDeallocator, aFlags);
++            break;
++          }
++
++          size_t bufSize = shmem.Size<char>();
++          size_t reqSize = SIZE_MAX;
++          switch (desc.type()) {
++            case BufferDescriptor::TYCbCrDescriptor: {
++              const YCbCrDescriptor& ycbcr = desc.get_YCbCrDescriptor();
++              reqSize =
++                ImageDataSerializer::ComputeYCbCrBufferSize(ycbcr.ySize(), ycbcr.yStride(),
++                                                            ycbcr.cbCrSize(), ycbcr.cbCrStride());
++              break;
++            }
++            case BufferDescriptor::TRGBDescriptor: {
++              const RGBDescriptor& rgb = desc.get_RGBDescriptor();
++              reqSize = ImageDataSerializer::ComputeRGBBufferSize(rgb.size(), rgb.format());
++              break;
++            }
++            default:
++              gfxCriticalError() << "Bad buffer host descriptor " << (int)desc.type();
++              MOZ_CRASH("GFX: Bad descriptor");
++          }
++
++          if (bufSize < reqSize) {
++            NS_ERROR("A client process gave a shmem too small to fit for its descriptor!");
++            return nullptr;
++          }
++
++          result = new ShmemTextureHost(shmem, desc, aDeallocator, aFlags);
+           break;
+         }
+         case MemoryOrShmem::Tuintptr_t: {
++          if (!aDeallocator->IsSameProcess()) {
++            NS_ERROR("A client process is trying to peek at our address space using a MemoryTexture!");
++            return nullptr;
++          }
++
+           result = new MemoryTextureHost(reinterpret_cast<uint8_t*>(data.get_uintptr_t()),
+                                          bufferDesc.desc(),
+                                          aFlags);
+@@ -293,6 +329,11 @@ CreateBackendIndependentTextureHost(const SurfaceDescriptor& aDesc,
+     }
+ #ifdef XP_WIN
+     case SurfaceDescriptor::TSurfaceDescriptorDIB: {
++      if (!aDeallocator->IsSameProcess()) {
++        NS_ERROR("A client process is trying to peek at our address space using a DIBTexture!");
++        return nullptr;
++      }
++
+       result = new DIBTextureHost(aFlags, aDesc);
+       break;
+     }
+diff --git gfx/layers/composite/X11TextureHost.cpp gfx/layers/composite/X11TextureHost.cpp
+index e2251f0c531a..94cb3f2f9594 100644
+--- gfx/layers/composite/X11TextureHost.cpp
++++ gfx/layers/composite/X11TextureHost.cpp
+@@ -23,10 +23,9 @@ X11TextureHost::X11TextureHost(TextureFlags aFlags,
+                                const SurfaceDescriptorX11& aDescriptor)
+  : TextureHost(aFlags)
+ {
+-  RefPtr<gfxXlibSurface> surface = aDescriptor.OpenForeign();
+-  mSurface = surface.get();
++  mSurface = aDescriptor.OpenForeign();
+ 
+-  if (!(aFlags & TextureFlags::DEALLOCATE_CLIENT)) {
++  if (mSurface && !(aFlags & TextureFlags::DEALLOCATE_CLIENT)) {
+     mSurface->TakePixmap();
+   }
+ }
+@@ -34,7 +33,7 @@ X11TextureHost::X11TextureHost(TextureFlags aFlags,
+ bool
+ X11TextureHost::Lock()
+ {
+-  if (!mCompositor) {
++  if (!mCompositor || !mSurface) {
+     return false;
+   }
+ 
+@@ -75,6 +74,9 @@ X11TextureHost::SetTextureSourceProvider(TextureSourceProvider* aProvider)
+ SurfaceFormat
+ X11TextureHost::GetFormat() const
+ {
++  if (!mSurface) {
++    return SurfaceFormat::UNKNOWN;
++  }
+   gfxContentType type = mSurface->GetContentType();
+ #ifdef GL_PROVIDER_GLX
+   if (mCompositor->GetBackendType() == LayersBackend::LAYERS_OPENGL) {
+@@ -87,6 +89,9 @@ X11TextureHost::GetFormat() const
+ IntSize
+ X11TextureHost::GetSize() const
+ {
++  if (!mSurface) {
++    return IntSize();
++  }
+   return mSurface->GetSize();
+ }
+ 
+diff --git gfx/layers/d3d11/TextureD3D11.cpp gfx/layers/d3d11/TextureD3D11.cpp
+index 379686418ef0..4ad758849b93 100644
+--- gfx/layers/d3d11/TextureD3D11.cpp
++++ gfx/layers/d3d11/TextureD3D11.cpp
+@@ -763,10 +763,6 @@ CreateTextureHostD3D11(const SurfaceDescriptor& aDesc,
+ {
+   RefPtr<TextureHost> result;
+   switch (aDesc.type()) {
+-    case SurfaceDescriptor::TSurfaceDescriptorBuffer: {
+-      result = CreateBackendIndependentTextureHost(aDesc, aDeallocator, aBackend, aFlags);
+-      break;
+-    }
+     case SurfaceDescriptor::TSurfaceDescriptorD3D10: {
+       result = new DXGITextureHostD3D11(aFlags,
+                                         aDesc.get_SurfaceDescriptorD3D10());
+@@ -778,7 +774,7 @@ CreateTextureHostD3D11(const SurfaceDescriptor& aDesc,
+       break;
+     }
+     default: {
+-      NS_WARNING("Unsupported SurfaceDescriptor type");
++      MOZ_ASSERT_UNREACHABLE("Unsupported SurfaceDescriptor type");
+     }
+   }
+   return result.forget();
+diff --git gfx/layers/opengl/MacIOSurfaceTextureHostOGL.cpp gfx/layers/opengl/MacIOSurfaceTextureHostOGL.cpp
+index 291b0eb3d0dc..f363bb5a7cf7 100644
+--- gfx/layers/opengl/MacIOSurfaceTextureHostOGL.cpp
++++ gfx/layers/opengl/MacIOSurfaceTextureHostOGL.cpp
+@@ -32,6 +32,8 @@ MacIOSurfaceTextureHostOGL::~MacIOSurfaceTextureHostOGL()
+ GLTextureSource*
+ MacIOSurfaceTextureHostOGL::CreateTextureSourceForPlane(size_t aPlane)
+ {
++  MOZ_ASSERT(mSurface);
++
+   GLuint textureHandle;
+   gl::GLContext* gl = mProvider->GetGLContext();
+   gl->fGenTextures(1, &textureHandle);
+@@ -94,11 +96,17 @@ MacIOSurfaceTextureHostOGL::SetTextureSourceProvider(TextureSourceProvider* aPro
+ 
+ gfx::SurfaceFormat
+ MacIOSurfaceTextureHostOGL::GetFormat() const {
++  if (!mSurface) {
++    return gfx::SurfaceFormat::UNKNOWN;
++  }
+   return mSurface->GetFormat();
+ }
+ 
+ gfx::SurfaceFormat
+ MacIOSurfaceTextureHostOGL::GetReadFormat() const {
++  if (!mSurface) {
++    return gfx::SurfaceFormat::UNKNOWN;
++  }
+   return mSurface->GetReadFormat();
+ }
+ 
+diff --git gfx/layers/opengl/TextureHostOGL.cpp gfx/layers/opengl/TextureHostOGL.cpp
+index bdcd8778c10d..2b28c19a126d 100644
+--- gfx/layers/opengl/TextureHostOGL.cpp
++++ gfx/layers/opengl/TextureHostOGL.cpp
+@@ -26,10 +26,6 @@
+ #include "mozilla/layers/MacIOSurfaceTextureHostOGL.h"
+ #endif
+ 
+-#ifdef GL_PROVIDER_GLX
+-#include "mozilla/layers/X11TextureHost.h"
+-#endif
+-
+ using namespace mozilla::gl;
+ using namespace mozilla::gfx;
+ 
+@@ -46,14 +42,6 @@ CreateTextureHostOGL(const SurfaceDescriptor& aDesc,
+ {
+   RefPtr<TextureHost> result;
+   switch (aDesc.type()) {
+-    case SurfaceDescriptor::TSurfaceDescriptorBuffer: {
+-      result = CreateBackendIndependentTextureHost(aDesc,
+-                                                   aDeallocator,
+-                                                   aBackend,
+-                                                   aFlags);
+-      break;
+-    }
+-
+ #ifdef MOZ_WIDGET_ANDROID
+     case SurfaceDescriptor::TSurfaceTextureDescriptor: {
+       const SurfaceTextureDescriptor& desc = aDesc.get_SurfaceTextureDescriptor();
+@@ -88,14 +76,6 @@ CreateTextureHostOGL(const SurfaceDescriptor& aDesc,
+     }
+ #endif
+ 
+-#ifdef GL_PROVIDER_GLX
+-    case SurfaceDescriptor::TSurfaceDescriptorX11: {
+-      const auto& desc = aDesc.get_SurfaceDescriptorX11();
+-      result = new X11TextureHost(aFlags, desc);
+-      break;
+-    }
+-#endif
+-
+     case SurfaceDescriptor::TSurfaceDescriptorSharedGLTexture: {
+       const auto& desc = aDesc.get_SurfaceDescriptorSharedGLTexture();
+       result = new GLTextureHost(aFlags, desc.texture(),
+@@ -105,7 +85,10 @@ CreateTextureHostOGL(const SurfaceDescriptor& aDesc,
+                                  desc.hasAlpha());
+       break;
+     }
+-    default: return nullptr;
++    default: {
++      MOZ_ASSERT_UNREACHABLE("Unsupported SurfaceDescriptor type");
++      break;
++    }
+   }
+   return result.forget();
+ }
+diff --git gfx/tests/gtest/TestLayers.h gfx/tests/gtest/TestLayers.h
+index 18e351f7718c..fc6b750f1c62 100644
+--- gfx/tests/gtest/TestLayers.h
++++ gfx/tests/gtest/TestLayers.h
+@@ -8,6 +8,22 @@
+ 
+ #include "Layers.h"
+ #include "nsTArray.h"
++#include "mozilla/layers/ISurfaceAllocator.h"
++
++namespace mozilla {
++namespace layers {
++
++class TestSurfaceAllocator final : public ISurfaceAllocator
++{
++public:
++  TestSurfaceAllocator() {}
++  ~TestSurfaceAllocator() override {}
++
++  bool IsSameProcess() const override { return true; }
++};
++
++} // layers
++} // mozilla
+ 
+ /* Create layer tree from a simple layer tree description syntax.
+  * Each index is either the first letter of the layer type or
+diff --git gfx/tests/gtest/TestTextureCompatibility.cpp gfx/tests/gtest/TestTextureCompatibility.cpp
+index 45db4943ed1c..0815823b81ce 100644
+--- gfx/tests/gtest/TestTextureCompatibility.cpp
++++ gfx/tests/gtest/TestTextureCompatibility.cpp
+@@ -14,6 +14,7 @@
+ #include "mozilla/layers/TextureClient.h"
+ #include "mozilla/layers/TextureHost.h"
+ #include "mozilla/RefPtr.h"
++#include "TestLayers.h"
+ #include "TextureHelper.h"
+ 
+ using mozilla::gfx::Feature;
+@@ -22,6 +23,7 @@ using mozilla::layers::BasicCompositor;
+ using mozilla::layers::Compositor;
+ using mozilla::layers::CompositorOptions;
+ using mozilla::layers::LayersBackend;
++using mozilla::layers::TestSurfaceAllocator;
+ using mozilla::layers::TextureClient;
+ using mozilla::layers::TextureHost;
+ using mozilla::widget::CompositorWidget;
+@@ -31,8 +33,9 @@ using mozilla::widget::InProcessCompositorWidget;
+  * This function will create the possible TextureClient and TextureHost pairs
+  * according to the given backend.
+  */
+-void
++static void
+ CreateTextureWithBackend(LayersBackend& aLayersBackend,
++                         ISurfaceAllocator* aDeallocator,
+                          nsTArray<RefPtr<TextureClient>>& aTextureClients,
+                          nsTArray<RefPtr<TextureHost>>& aTextureHosts)
+ {
+@@ -43,7 +46,8 @@ CreateTextureWithBackend(LayersBackend& aLayersBackend,
+ 
+   for (uint32_t i = 0; i < aTextureClients.Length(); i++) {
+     aTextureHosts.AppendElement(
+-      CreateTextureHostWithBackend(aTextureClients[i], aLayersBackend));
++      CreateTextureHostWithBackend(aTextureClients[i], aDeallocator,
++                                   aLayersBackend));
+   }
+ }
+ 
+@@ -115,13 +119,15 @@ CheckCompatibilityWithBasicCompositor(LayersBackend aBackends,
+ TEST(Gfx, TestTextureCompatibility)
+ {
+   nsTArray<LayersBackend> backendHints;
++  RefPtr<TestSurfaceAllocator> deallocator = new TestSurfaceAllocator();
+ 
+   GetPlatformBackends(backendHints);
+   for (uint32_t i = 0; i < backendHints.Length(); i++) {
+     nsTArray<RefPtr<TextureClient>> textureClients;
+     nsTArray<RefPtr<TextureHost>> textureHosts;
+ 
+-    CreateTextureWithBackend(backendHints[i], textureClients, textureHosts);
++    CreateTextureWithBackend(backendHints[i], deallocator,
++                             textureClients, textureHosts);
+     CheckCompatibilityWithBasicCompositor(backendHints[i], textureHosts);
+   }
+ }
+diff --git gfx/tests/gtest/TestTextures.cpp gfx/tests/gtest/TestTextures.cpp
+index 19b94b867117..291eb55ca7e5 100644
+--- gfx/tests/gtest/TestTextures.cpp
++++ gfx/tests/gtest/TestTextures.cpp
+@@ -5,6 +5,7 @@
+ 
+ #include "gtest/gtest.h"
+ #include "gmock/gmock.h"
++#include "TestLayers.h"
+ 
+ #include "mozilla/gfx/2D.h"
+ #include "mozilla/gfx/Tools.h"
+@@ -147,7 +148,8 @@ void TestTextureClientSurface(TextureClient* texture, gfxImageSurface* surface)
+   ASSERT_NE(descriptor.type(), SurfaceDescriptor::Tnull_t);
+ 
+   // host deserialization
+-  RefPtr<TextureHost> host = CreateBackendIndependentTextureHost(descriptor, nullptr,
++  RefPtr<TestSurfaceAllocator> deallocator = new TestSurfaceAllocator();
++  RefPtr<TextureHost> host = CreateBackendIndependentTextureHost(descriptor, deallocator,
+                                                                  LayersBackend::LAYERS_NONE,
+                                                                  texture->GetFlags());
+ 
+@@ -193,7 +195,8 @@ void TestTextureClientYCbCr(TextureClient* client, PlanarYCbCrData& ycbcrData) {
+   ASSERT_EQ(ycbcrDesc.stereoMode(), ycbcrData.mStereoMode);
+ 
+   // host deserialization
+-  RefPtr<TextureHost> textureHost = CreateBackendIndependentTextureHost(descriptor, nullptr,
++  RefPtr<TestSurfaceAllocator> deallocator = new TestSurfaceAllocator();
++  RefPtr<TextureHost> textureHost = CreateBackendIndependentTextureHost(descriptor, deallocator,
+                                                                         LayersBackend::LAYERS_NONE,
+                                                                         client->GetFlags());
+ 
+diff --git gfx/tests/gtest/TextureHelper.h gfx/tests/gtest/TextureHelper.h
+index 144a237b17d4..770f7464f829 100644
+--- gfx/tests/gtest/TextureHelper.h
++++ gfx/tests/gtest/TextureHelper.h
+@@ -140,6 +140,7 @@ CreateTextureClientWithBackend(LayersBackend aLayersBackend)
+  */
+ already_AddRefed<TextureHost>
+ CreateTextureHostWithBackend(TextureClient* aClient,
++                             ISurfaceAllocator* aDeallocator,
+                              LayersBackend& aLayersBackend)
+ {
+   if (!aClient) {
+@@ -153,7 +154,7 @@ CreateTextureHostWithBackend(TextureClient* aClient,
+   aClient->ToSurfaceDescriptor(descriptor);
+ 
+   wr::MaybeExternalImageId id = Nothing();
+-  return TextureHost::Create(descriptor, nullptr, aLayersBackend,
++  return TextureHost::Create(descriptor, aDeallocator, aLayersBackend,
+                              aClient->GetFlags(), id);
+ }
+ 

Added: head/www/waterfox/files/patch-bug1435566
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/waterfox/files/patch-bug1435566	Thu Feb 22 00:59:42 2018	(r462554)
@@ -0,0 +1,27 @@
+commit 2d6648d9388d
+Author: Emilio Cobos Álvarez <emilio at crisal.io>
+Date:   Thu Feb 15 11:21:55 2018 +0100
+
+    Bug 1435566: Make sure to drop frames for manual NAC from display: contents nodes. r=bz a=RyanVM
+    
+    MozReview-Commit-ID: 9CQIueSPwCV
+    
+    --HG--
+    extra : source : 3219cd61e87b4f3003079154c437efa87080a917
+---
+ layout/base/nsCSSFrameConstructor.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git layout/base/nsCSSFrameConstructor.cpp layout/base/nsCSSFrameConstructor.cpp
+index 4a45072cbca5..7b6be5f222e8 100644
+--- layout/base/nsCSSFrameConstructor.cpp
++++ layout/base/nsCSSFrameConstructor.cpp
+@@ -8533,7 +8533,7 @@ nsCSSFrameConstructor::ContentRemoved(nsIContent* aContainer,
+       return true;
+     }
+ 
+-    FlattenedChildIterator iter(aChild);
++    StyleChildrenIterator iter(aChild);
+     for (nsIContent* c = iter.GetNextChild(); c; c = iter.GetNextChild()) {
+       if (c->GetPrimaryFrame() || GetDisplayContentsStyleFor(c)) {
+         LAYOUT_PHASE_TEMP_EXIT();

Added: head/www/waterfox/files/patch-bug1436768
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/waterfox/files/patch-bug1436768	Thu Feb 22 00:59:42 2018	(r462554)
@@ -0,0 +1,106 @@
+commit 885fcfb6c9fe
+Author: Eric Rahm <erahm at mozilla.com>
+Date:   Thu Feb 8 16:25:07 2018 -0800
+
+    Bug 1436768 - Avoid initializing LogModuleManager more than once. r=froydnj a=RyanVM
+    
+    This adds some assertions to make the intended usage of LogModuleManager::Init
+    more clear.
+    
+    --HG--
+    extra : source : ec9f62910277ae252c3fb32166358419afb96b34
+---
+ xpcom/base/Logging.cpp | 27 +++++++++++++++++++++++----
+ 1 file changed, 23 insertions(+), 4 deletions(-)
+
+diff --git xpcom/base/Logging.cpp xpcom/base/Logging.cpp
+index 9d6a6d9ea861..eca3e97ee61e 100644
+--- xpcom/base/Logging.cpp
++++ xpcom/base/Logging.cpp
+@@ -16,6 +16,7 @@
+ #include "mozilla/Atomics.h"
+ #include "mozilla/Sprintf.h"
+ #include "mozilla/UniquePtrExtensions.h"
++#include "MainThreadUtils.h"
+ #include "nsClassHashtable.h"
+ #include "nsDebug.h"
+ #include "NSPRLogModulesParser.h"
+@@ -179,6 +180,7 @@ public:
+     , mAddTimestamp(false)
+     , mIsSync(false)
+     , mRotate(0)
++    , mInitialized(false)
+   {
+   }
+ 
+@@ -190,9 +192,17 @@ public:
+ 
+   /**
+    * Loads config from env vars if present.
++   *
++   * Notes:
++   *
++   * 1) This function is only intended to be called once per session.
++   * 2) None of the functions used in Init should rely on logging.
+    */
+   void Init()
+   {
++    MOZ_DIAGNOSTIC_ASSERT(!mInitialized);
++    mInitialized = true;
++
+     bool shouldAppend = false;
+     bool addTimestamp = false;
+     bool isSync = false;
+@@ -213,8 +223,10 @@ public:
+       }
+     }
+ 
++    // Need to capture `this` since `sLogModuleManager` is not set until after
++    // initialization is complete.
+     NSPRLogModulesParser(modules,
+-        [&shouldAppend, &addTimestamp, &isSync, &rotate]
++        [this, &shouldAppend, &addTimestamp, &isSync, &rotate]
+             (const char* aName, LogLevel aLevel, int32_t aValue) mutable {
+           if (strcmp(aName, "append") == 0) {
+             shouldAppend = true;
+@@ -225,7 +237,7 @@ public:
+           } else if (strcmp(aName, "rotate") == 0) {
+             rotate = (aValue << 20) / kRotateFilesNumber;
+           } else {
+-            LogModule::Get(aName)->SetLevel(aLevel);
++            this->CreateOrGetModule(aName)->SetLevel(aLevel);
+           }
+     });
+ 
+@@ -513,6 +525,7 @@ private:
+   Atomic<bool, Relaxed> mAddTimestamp;
+   Atomic<bool, Relaxed> mIsSync;
+   int32_t mRotate;
++  bool mInitialized;
+ };
+ 
+ StaticAutoPtr<LogModuleManager> sLogModuleManager;
+@@ -557,6 +570,8 @@ LogModule::Init()
+ {
+   // NB: This method is not threadsafe; it is expected to be called very early
+   //     in startup prior to any other threads being run.
++  MOZ_DIAGNOSTIC_ASSERT(NS_IsMainThread());
++
+   if (sLogModuleManager) {
+     // Already initialized.
+     return;
+@@ -565,8 +580,12 @@ LogModule::Init()
+   // NB: We intentionally do not register for ClearOnShutdown as that happens
+   //     before all logging is complete. And, yes, that means we leak, but
+   //     we're doing that intentionally.
+-  sLogModuleManager = new LogModuleManager();
+-  sLogModuleManager->Init();
++
++  // Don't assign the pointer until after Init is called. This should help us
++  // detect if any of the functions called by Init somehow rely on logging.
++  auto mgr = new LogModuleManager();
++  mgr->Init();
++  sLogModuleManager = mgr;
+ }
+ 
+ void

Added: head/www/waterfox/files/patch-bug1437214
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/waterfox/files/patch-bug1437214	Thu Feb 22 00:59:42 2018	(r462554)
@@ -0,0 +1,217 @@
+commit 8fdc2449bfe2
+Author: David Keeler <dkeeler at mozilla.com>
+Date:   Fri Feb 9 16:35:54 2018 -0800
+
+    bug 1437214 - if PathBuildingStep::Check fails due to a problem with the subject certificate rather than the potential issuer, set keepGoing to false r=jcj a=RyanVM
+    
+    MozReview-Commit-ID: DEr4YgXfkOL
+    
+    --HG--
+    extra : source : f2669a2b5934ac8e5637c3b96ab1f1dcdf502c00
+---
+ security/pkix/lib/pkixbuild.cpp              |  13 ++-
+ security/pkix/test/gtest/pkixbuild_tests.cpp | 163 +++++++++++++++++++++++++++
+ 2 files changed, 174 insertions(+), 2 deletions(-)
+
+diff --git security/pkix/lib/pkixbuild.cpp security/pkix/lib/pkixbuild.cpp
+index fd6a9d5115d4..0b33e3d5ae71 100644
+--- security/pkix/lib/pkixbuild.cpp
++++ security/pkix/lib/pkixbuild.cpp
+@@ -241,7 +241,12 @@ PathBuildingStep::Check(Input potentialIssuerDER,
+                                      validityDuration, stapledOCSPResponse,
+                                      subject.GetAuthorityInfoAccess());
+     if (rv != Success) {
+-      return RecordResult(rv, keepGoing);
++      // Since this is actually a problem with the current subject certificate
++      // (rather than the issuer), it doesn't make sense to keep going; all
++      // paths through this certificate will fail.
++      Result savedRv = RecordResult(rv, keepGoing);
++      keepGoing = false;
++      return savedRv;
+     }
+ 
+     if (subject.endEntityOrCA == EndEntityOrCA::MustBeEndEntity) {
+@@ -251,7 +256,11 @@ PathBuildingStep::Check(Input potentialIssuerDER,
+         rv = ExtractSignedCertificateTimestampListFromExtension(*sctExtension,
+                                                                 sctList);
+         if (rv != Success) {
+-          return RecordResult(rv, keepGoing);
++          // Again, the problem is with this certificate, and all paths through
++          // it will fail.
++          Result savedRv = RecordResult(rv, keepGoing);
++          keepGoing = false;
++          return savedRv;
+         }
+         trustDomain.NoteAuxiliaryExtension(AuxiliaryExtension::EmbeddedSCTList,
+                                            sctList);
+diff --git security/pkix/test/gtest/pkixbuild_tests.cpp security/pkix/test/gtest/pkixbuild_tests.cpp
+index 64fa4c307c76..5948df7037a8 100644
+--- security/pkix/test/gtest/pkixbuild_tests.cpp
++++ security/pkix/test/gtest/pkixbuild_tests.cpp
+@@ -582,3 +582,166 @@ TEST_F(pkixbuild, CertificateTransparencyExtension)
+   ASSERT_EQ(BytesToByteString(dummySctList),
+             extTrustDomain.signedCertificateTimestamps);
+ }
++
++// This TrustDomain implements a hierarchy like so:
++//
++// A   B
++// |   |
++// C   D
++//  \ /
++//   E
++//
++// where A is a trust anchor, B is not a trust anchor and has no known issuer, C
++// and D are intermediates with the same subject and subject public key, and E
++// is an end-entity (in practice, the end-entity will be generated by the test
++// functions using this trust domain).
++class MultiplePathTrustDomain: public DefaultCryptoTrustDomain
++{
++public:
++  void SetUpCerts()
++  {
++    ASSERT_FALSE(ENCODING_FAILED(CreateCert("UntrustedRoot", "UntrustedRoot",
++                                            EndEntityOrCA::MustBeCA,
++                                            &subjectDERToCertDER)));
++    // The subject DER -> cert DER mapping would be overwritten for subject
++    // "Intermediate" when we create the second "Intermediate" certificate, so
++    // we keep a copy of this "Intermediate".
++    intermediateSignedByUntrustedRootCertDER =
++      CreateCert("UntrustedRoot", "Intermediate", EndEntityOrCA::MustBeCA);
++    ASSERT_FALSE(ENCODING_FAILED(intermediateSignedByUntrustedRootCertDER));
++    rootCACertDER = CreateCert("TrustedRoot", "TrustedRoot",
++                               EndEntityOrCA::MustBeCA, &subjectDERToCertDER);
++    ASSERT_FALSE(ENCODING_FAILED(rootCACertDER));
++    ASSERT_FALSE(ENCODING_FAILED(CreateCert("TrustedRoot", "Intermediate",
++                                            EndEntityOrCA::MustBeCA,
++                                            &subjectDERToCertDER)));
++  }
++
++private:
++  Result GetCertTrust(EndEntityOrCA, const CertPolicyId&, Input candidateCert,
++                      /*out*/ TrustLevel& trustLevel) override
++  {
++    trustLevel = InputEqualsByteString(candidateCert, rootCACertDER)
++               ? TrustLevel::TrustAnchor
++               : TrustLevel::InheritsTrust;
++    return Success;
++  }
++
++  Result CheckCert(ByteString& certDER, IssuerChecker& checker, bool& keepGoing)
++  {
++    Input derCert;
++    Result rv = derCert.Init(certDER.data(), certDER.length());
++    if (rv != Success) {
++      return rv;
++    }
++    return checker.Check(derCert, nullptr/*additionalNameConstraints*/,
++                         keepGoing);
++  }
++
++  Result FindIssuer(Input encodedIssuerName, IssuerChecker& checker, Time)
++                    override
++  {
++    ByteString subjectDER(InputToByteString(encodedIssuerName));
++    ByteString certDER(subjectDERToCertDER[subjectDER]);
++    assert(!ENCODING_FAILED(certDER));
++    bool keepGoing;
++    Result rv = CheckCert(certDER, checker, keepGoing);
++    if (rv != Success) {
++      return rv;
++    }
++    // Also try the other intermediate.
++    if (keepGoing) {
++      rv = CheckCert(intermediateSignedByUntrustedRootCertDER, checker,
++                     keepGoing);
++      if (rv != Success) {
++        return rv;
++      }
++    }
++    return Success;
++  }
++
++  Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
++                         /*optional*/ const Input*,
++                         /*optional*/ const Input*) override
++  {
++    return Success;
++  }
++
++  Result IsChainValid(const DERArray&, Time, const CertPolicyId&) override
++  {
++    return Success;
++  }
++
++  std::map<ByteString, ByteString> subjectDERToCertDER;
++  ByteString rootCACertDER;
++  ByteString intermediateSignedByUntrustedRootCertDER;
++};
++
++TEST_F(pkixbuild, BadEmbeddedSCTWithMultiplePaths)
++{
++  MultiplePathTrustDomain trustDomain;
++  trustDomain.SetUpCerts();
++
++  // python security/pkix/tools/DottedOIDToCode.py --tlv
++  //   id-embeddedSctList 1.3.6.1.4.1.11129.2.4.2
++  static const uint8_t tlv_id_embeddedSctList[] = {
++    0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x04, 0x02
++  };
++  static const uint8_t dummySctList[] = {
++    0x01, 0x02, 0x03, 0x04, 0x05
++  };
++  ByteString ctExtension = TLV(der::SEQUENCE,
++    BytesToByteString(tlv_id_embeddedSctList) +
++    Boolean(false) +
++    // The contents of the OCTET STRING are supposed to consist of an OCTET
++    // STRING of useful data. We're testing what happens if it isn't, so shove
++    // some bogus (non-OCTET STRING) data in there.
++    TLV(der::OCTET_STRING, BytesToByteString(dummySctList)));
++  ByteString certDER(CreateCert("Intermediate", "Cert with bogus SCT list",
++                                EndEntityOrCA::MustBeEndEntity,
++                                nullptr, /*subjectDERToCertDER*/
++                                &ctExtension));
++  ASSERT_FALSE(ENCODING_FAILED(certDER));
++  Input certDERInput;
++  ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length()));
++  ASSERT_EQ(Result::ERROR_BAD_DER,
++            BuildCertChain(trustDomain, certDERInput, Now(),
++                           EndEntityOrCA::MustBeEndEntity,
++                           KeyUsage::noParticularKeyUsageRequired,
++                           KeyPurposeId::id_kp_serverAuth,
++                           CertPolicyId::anyPolicy,
++                           nullptr/*stapledOCSPResponse*/));
++}
++
++// Same as a MultiplePathTrustDomain, but the end-entity is revoked.
++class RevokedEndEntityTrustDomain final : public MultiplePathTrustDomain
++{
++public:
++  Result CheckRevocation(EndEntityOrCA endEntityOrCA, const CertID&, Time,
++                         Duration, /*optional*/ const Input*,
++                         /*optional*/ const Input*) override
++  {
++    if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) {
++      return Result::ERROR_REVOKED_CERTIFICATE;
++    }
++    return Success;
++  }
++};
++
++TEST_F(pkixbuild, RevokedEndEntityWithMultiplePaths)
++{
++  RevokedEndEntityTrustDomain trustDomain;
++  trustDomain.SetUpCerts();
++  ByteString certDER(CreateCert("Intermediate", "RevokedEndEntity",
++                                EndEntityOrCA::MustBeEndEntity));
++  ASSERT_FALSE(ENCODING_FAILED(certDER));
++  Input certDERInput;
++  ASSERT_EQ(Success, certDERInput.Init(certDER.data(), certDER.length()));
++  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE,
++            BuildCertChain(trustDomain, certDERInput, Now(),
++                           EndEntityOrCA::MustBeEndEntity,
++                           KeyUsage::noParticularKeyUsageRequired,
++                           KeyPurposeId::id_kp_serverAuth,
++                           CertPolicyId::anyPolicy,
++                           nullptr/*stapledOCSPResponse*/));
++}

Added: head/www/waterfox/files/patch-bug1438645
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/www/waterfox/files/patch-bug1438645	Thu Feb 22 00:59:42 2018	(r462554)
@@ -0,0 +1,210 @@
+commit dc9f32108582
+Author: Ted Campbell <tcampbell at mozilla.com>
+Date:   Thu Feb 15 14:58:00 2018 +0200
+
+    Bug 1438645 - Prevent XDR from reading past its buffer. r=nbp a=lizzard
+    While XDR data is supposed to be trusted, we currently run into a
+    corruption for some users/use-cases and so make more XDR operations
+    fallible instead of crashing.
+    
+    MozReview-Commit-ID: 9FSLNWh9RxG
+    
+    --HG--
+    extra : source : fb0c12a38e03ad49c40eb64df23885037d26053d
+---
+ js/src/jsatom.cpp | 18 ++++++++++++----
+ js/src/vm/Xdr.cpp |  2 ++
+ js/src/vm/Xdr.h   | 62 ++++++++++++++++++++++++++++++++++++-------------------
+ 3 files changed, 57 insertions(+), 25 deletions(-)
+
+diff --git js/src/jsatom.cpp js/src/jsatom.cpp
+index 5d3ed0040dc1..f1d975f6f03d 100644
+--- js/src/jsatom.cpp
++++ js/src/jsatom.cpp
+@@ -644,15 +644,25 @@ js::XDRAtom(XDRState<mode>* xdr, MutableHandleAtom atomp)
+     JSAtom* atom;
+     if (latin1) {
+         const Latin1Char* chars = nullptr;
+-        if (length)
+-            chars = reinterpret_cast<const Latin1Char*>(xdr->buf.read(length));
++        if (length) {
++            const uint8_t *ptr;
++            size_t nbyte = length * sizeof(Latin1Char);
++            if (!xdr->peekData(&ptr, nbyte))
++                return false;
++            chars = reinterpret_cast<const Latin1Char*>(ptr);
++        }
+         atom = AtomizeChars(cx, chars, length);
+     } else {
+ #if MOZ_LITTLE_ENDIAN
+         /* Directly access the little endian chars in the XDR buffer. */
+         const char16_t* chars = nullptr;
+-        if (length)
+-            chars = reinterpret_cast<const char16_t*>(xdr->buf.read(length * sizeof(char16_t)));
++        if (length) {
++            const uint8_t *ptr;
++            size_t nbyte = length * sizeof(char16_t);
++            if (!xdr->peekData(&ptr, nbyte))
++                return false;
++            chars = reinterpret_cast<const char16_t*>(ptr);
++        }
+         atom = AtomizeChars(cx, chars, length);
+ #else
+         /*
+diff --git js/src/vm/Xdr.cpp js/src/vm/Xdr.cpp
+index ec184f31e0c7..5847dbbe3453 100644
+--- js/src/vm/Xdr.cpp
++++ js/src/vm/Xdr.cpp
+@@ -73,6 +73,8 @@ XDRState<mode>::codeChars(char16_t* chars, size_t nchars)
+         mozilla::NativeEndian::copyAndSwapToLittleEndian(ptr, chars, nchars);
+     } else {
+         const uint8_t* ptr = buf.read(nbytes);
++        if (!ptr)
++            return fail(JS::TranscodeResult_Failure_BadDecode);
+         mozilla::NativeEndian::copyAndSwapFromLittleEndian(chars, ptr, nchars);
+     }
+     return true;
+diff --git js/src/vm/Xdr.h js/src/vm/Xdr.h
+index 0a6cbf01b50f..a60f43c6b531 100644
+--- js/src/vm/Xdr.h
++++ js/src/vm/Xdr.h
+@@ -61,11 +61,6 @@ class XDRBuffer<XDR_ENCODE> : public XDRBufferBase
+         return ptr;
+     }
+ 
+-    const char* readCString() {
+-        MOZ_CRASH("Should never read in encode mode");
+-        return nullptr;
+-    }
+-
+     const uint8_t* read(size_t n) {
+         MOZ_CRASH("Should never read in encode mode");
+         return nullptr;
+@@ -87,19 +82,15 @@ class XDRBuffer<XDR_DECODE> : public XDRBufferBase
+       : XDRBufferBase(cx, cursor),
+         buffer_(buffer.begin(), buffer.length()) { }
+ 
+-    const char* readCString() {
+-        char* ptr = reinterpret_cast<char*>(&buffer_[cursor_]);
+-        uint8_t* end = reinterpret_cast<uint8_t*>(strchr(ptr, '\0')) + 1;
+-        MOZ_ASSERT(buffer_.begin().get() < end);
+-        MOZ_ASSERT(end <= buffer_.end().get());
+-        cursor_ = end - buffer_.begin().get();
+-        return ptr;
+-    }
+-
+     const uint8_t* read(size_t n) {
+         MOZ_ASSERT(cursor_ < buffer_.length());
+         uint8_t* ptr = &buffer_[cursor_];
+         cursor_ += n;
++
++        // Don't let buggy code read past our buffer
++        if (cursor_ > buffer_.length())
++            return nullptr;
++
+         return ptr;
+     }
+ 
+@@ -174,7 +165,7 @@ class XDRCoderBase
+ template <XDRMode mode>
+ class XDRState : public XDRCoderBase
+ {
+-  public:
++  protected:
+     XDRBuffer<mode> buf;
+   private:
+     JS::TranscodeResult resultCode_;
+@@ -220,6 +211,14 @@ class XDRState : public XDRCoderBase
+         return false;
+     }
+ 
++    bool peekData(const uint8_t** pptr, size_t length) {
++        const uint8_t* ptr = buf.read(length);
++        if (!ptr)
++            return fail(JS::TranscodeResult_Failure_BadDecode);
++        *pptr = ptr;
++        return true;
++    }
++
+     bool codeUint8(uint8_t* n) {
+         if (mode == XDR_ENCODE) {
+             uint8_t* ptr = buf.write(sizeof(*n));
+@@ -227,7 +226,10 @@ class XDRState : public XDRCoderBase
+                 return fail(JS::TranscodeResult_Throw);
+             *ptr = *n;
+         } else {
+-            *n = *buf.read(sizeof(*n));
++            const uint8_t* ptr = buf.read(sizeof(*n));
++            if (!ptr)
++                return fail(JS::TranscodeResult_Failure_BadDecode);
++            *n = *ptr;
+         }
+         return true;
+     }
+@@ -240,6 +242,8 @@ class XDRState : public XDRCoderBase
+             mozilla::LittleEndian::writeUint16(ptr, *n);
+         } else {
+             const uint8_t* ptr = buf.read(sizeof(*n));
++            if (!ptr)
++                return fail(JS::TranscodeResult_Failure_BadDecode);
+             *n = mozilla::LittleEndian::readUint16(ptr);
+         }
+         return true;
+@@ -253,6 +257,8 @@ class XDRState : public XDRCoderBase
+             mozilla::LittleEndian::writeUint32(ptr, *n);
+         } else {
+             const uint8_t* ptr = buf.read(sizeof(*n));
++            if (!ptr)
++                return fail(JS::TranscodeResult_Failure_BadDecode);
+             *n = mozilla::LittleEndian::readUint32(ptr);
+         }
+         return true;
+@@ -266,6 +272,8 @@ class XDRState : public XDRCoderBase
+             mozilla::LittleEndian::writeUint64(ptr, *n);
+         } else {
+             const uint8_t* ptr = buf.read(sizeof(*n));
++            if (!ptr)
++                return fail(JS::TranscodeResult_Failure_BadDecode);
+             *n = mozilla::LittleEndian::readUint64(ptr);
+         }
+         return true;
+@@ -328,7 +336,10 @@ class XDRState : public XDRCoderBase
+                 return fail(JS::TranscodeResult_Throw);
+             memcpy(ptr, bytes, len);
+         } else {
+-            memcpy(bytes, buf.read(len), len);
++            const uint8_t* ptr = buf.read(len);
++            if (!ptr)
++                return fail(JS::TranscodeResult_Failure_BadDecode);
++            memcpy(bytes, ptr, len);
+         }
+         return true;
+     }
+@@ -340,14 +351,23 @@ class XDRState : public XDRCoderBase
+      * the decoding buffer.
+      */

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***


More information about the svn-ports-all mailing list