Index: head/www/firefox/Makefile =================================================================== --- head/www/firefox/Makefile (revision 454191) +++ head/www/firefox/Makefile (revision 454192) @@ -1,74 +1,74 @@ # Created by: Alan Eldridge # $FreeBSD$ PORTNAME= firefox DISTVERSION= 56.0.2 DISTVERSIONSUFFIX=.source -PORTREVISION= 9 +PORTREVISION= 10 PORTEPOCH= 1 CATEGORIES= www ipv6 MASTER_SITES= MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \ MOZILLA/${PORTNAME}/candidates/${DISTVERSION}-candidates/build1/source MAINTAINER= gecko@FreeBSD.org COMMENT= Web browser based on the browser portion of Mozilla BUILD_DEPENDS= nspr>=4.16:devel/nspr \ nss>=3.32.1:security/nss \ icu>=59.1,1:devel/icu \ libevent>=2.1.8:devel/libevent \ harfbuzz>=1.4.7:print/harfbuzz \ graphite2>=1.3.10:graphics/graphite2 \ png>=1.6.31:graphics/png \ libvorbis>=1.3.5,3:audio/libvorbis \ libvpx>=1.5.0:multimedia/libvpx \ sqlite3>=3.19.3:databases/sqlite3 \ ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3 \ v4l_compat>0:multimedia/v4l_compat \ autoconf-2.13:devel/autoconf213 \ yasm:devel/yasm \ zip:archivers/zip # soundtouch>=1.9.0:audio/soundtouch \ LIB_DEPENDS= libv4l2.so:multimedia/libv4l USE_GECKO= gecko CONFLICTS_INSTALL= firefox-esr-45.* firefox-esr-3[18].* firefox-esr-24.* MOZ_PKGCONFIG_FILES= # empty USE_MOZILLA= -soundtouch MOZILLA_NAME= Firefox USE_GL= gl USES= tar:xz FIREFOX_ICON= ${MOZILLA}.png FIREFOX_ICON_SRC= ${PREFIX}/lib/${MOZILLA}/browser/chrome/icons/default/default48.png MOZ_OPTIONS= --enable-application=browser \ --enable-official-branding OPTIONS_DEFAULT= BUNDLED_CAIRO OPTIONS_EXCLUDE= GNOMEUI .include "${.CURDIR}/../../www/firefox/Makefile.options" WRKSRC:= ${WRKDIR}/${PORTNAME}-${DISTVERSION} post-extract: @${SED} -e 's|@FIREFOX_ICON@|${FIREFOX_ICON}|' -e 's|@MOZILLA@|${MOZILLA}|' \ -e 's|@MOZILLA_NAME@|${MOZILLA_NAME}|' \ <${FILESDIR}/firefox.desktop.in >${WRKDIR}/${MOZILLA}.desktop post-patch: @${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \ ${WRKSRC}/browser/app/nsBrowserApp.cpp pre-configure: (cd ${WRKSRC} && ${LOCALBASE}/bin/autoconf-2.13) (cd ${WRKSRC}/js/src/ && ${LOCALBASE}/bin/autoconf-2.13) post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/share/pixmaps ${INSTALL_DATA} ${WRKDIR}/${MOZILLA}.desktop ${STAGEDIR}${PREFIX}/share/applications/ ${LN} -sf ${FIREFOX_ICON_SRC} ${STAGEDIR}${PREFIX}/share/pixmaps/${FIREFOX_ICON} .include Index: head/www/firefox/files/patch-a-bug1399540 =================================================================== --- head/www/firefox/files/patch-a-bug1399540 (nonexistent) +++ head/www/firefox/files/patch-a-bug1399540 (revision 454192) @@ -0,0 +1,148 @@ +commit 99ad73e4743d +Author: Jonathan Kew +Date: Sat Sep 16 11:49:47 2017 +0100 + + Bug 1399540 - patch 1 - Failure to decode an individual label within the IDN should not block decoding of other valid punycode labels. r=valentin +--- + netwerk/dns/nsIDNService.cpp | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +diff --git netwerk/dns/nsIDNService.cpp netwerk/dns/nsIDNService.cpp +index 9cc8fdcf6fa1..3adcddf654e1 100644 +--- netwerk/dns/nsIDNService.cpp ++++ netwerk/dns/nsIDNService.cpp +@@ -300,6 +300,10 @@ nsresult nsIDNService::ACEtoUTF8(const nsACString & input, nsACString & _retval, + // RFC 3490 - 4.2 ToUnicode + // ToUnicode never fails. If any step fails, then the original input + // sequence is returned immediately in that step. ++ // ++ // Note that this refers to the decoding of a single label. ++ // ACEtoUTF8 may be called with a sequence of labels separated by dots; ++ // this test applies individually to each label. + + uint32_t len = 0, offset = 0; + nsAutoCString decodedBuf; +@@ -313,13 +317,15 @@ nsresult nsIDNService::ACEtoUTF8(const nsACString & input, nsACString & _retval, + while (start != end) { + len++; + if (*start++ == '.') { +- if (NS_FAILED(decodeACE(Substring(input, offset, len - 1), decodedBuf, +- flag))) { +- _retval.Assign(input); +- return NS_OK; ++ nsDependentCSubstring origLabel(input, offset, len - 1); ++ if (NS_FAILED(decodeACE(origLabel, decodedBuf, flag))) { ++ // If decoding failed, use the original input sequence ++ // for this label. ++ _retval.Append(origLabel); ++ } else { ++ _retval.Append(decodedBuf); + } + +- _retval.Append(decodedBuf); + _retval.Append('.'); + offset += len; + len = 0; +@@ -327,11 +333,12 @@ nsresult nsIDNService::ACEtoUTF8(const nsACString & input, nsACString & _retval, + } + // decode the last node + if (len) { +- if (NS_FAILED(decodeACE(Substring(input, offset, len), decodedBuf, +- flag))) +- _retval.Assign(input); +- else ++ nsDependentCSubstring origLabel(input, offset, len); ++ if (NS_FAILED(decodeACE(origLabel, decodedBuf, flag))) { ++ _retval.Append(origLabel); ++ } else { + _retval.Append(decodedBuf); ++ } + } + + return NS_OK; + +commit eddd7a4f4eae +Author: Jonathan Kew +Date: Sat Sep 16 11:49:56 2017 +0100 + + Bug 1399540 - patch 2 - Handle invalid punycode better in stringPrep to avoid mangling display of fake-punycode labels. r=valentin +--- + netwerk/dns/nsIDNService.cpp | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git netwerk/dns/nsIDNService.cpp netwerk/dns/nsIDNService.cpp +index 3adcddf654e1..4c45a2d52e45 100644 +--- netwerk/dns/nsIDNService.cpp ++++ netwerk/dns/nsIDNService.cpp +@@ -222,7 +222,15 @@ nsIDNService::IDNA2008StringPrep(const nsAString& input, + } + NS_ENSURE_SUCCESS(rv, rv); + +- // Output the result of nameToUnicode even if there were errors ++ // Output the result of nameToUnicode even if there were errors. ++ // But in the case of invalid punycode, the uidna_labelToUnicode result ++ // appears to get an appended U+FFFD REPLACEMENT CHARACTER, which will ++ // confuse our subsequent processing, so we drop that. ++ // (https://bugzilla.mozilla.org/show_bug.cgi?id=1399540#c9) ++ if ((info.errors & UIDNA_ERROR_PUNYCODE) && ++ outLen > 0 && outputBuffer[outLen - 1] == 0xfffd) { ++ --outLen; ++ } + ICUUtils::AssignUCharArrayToString(outputBuffer, outLen, output); + + if (flag == eStringPrepIgnoreErrors) { + +commit 2a3883ef55d2 +Author: Jonathan Kew +Date: Sat Sep 16 11:50:08 2017 +0100 + + Bug 1399540 - Add some IDN testcases with mixed punycode and non-punycode labels. r=valentin +--- + netwerk/test/unit/test_idn_urls.js | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +diff --git netwerk/test/unit/test_idn_urls.js netwerk/test/unit/test_idn_urls.js +index 358854093f65..0d8cf3216293 100644 +--- netwerk/test/unit/test_idn_urls.js ++++ netwerk/test/unit/test_idn_urls.js +@@ -286,10 +286,17 @@ const testcases = [ + // Thai (also tests that node with over 63 UTF-8 octets doesn't fail) + ["เครื่องทําน้ําทําน้ําแข็ง", + "xn--22cdjb2fanb9fyepcbbb9dwh4a3igze4fdcd", +- false, true, true] ++ false, true, true], ++ ++ // Effect of adding valid or invalid subdomains (bug 1399540) ++ ["䕮䕵䕶䕱.ascii", "xn--google.ascii", false, true, true], ++ ["ascii.䕮䕵䕶䕱", "ascii.xn--google", false, true, true], ++ ["中国123.䕮䕵䕶䕱", "xn--123-u68dy61b.xn--google", false, true, true], ++ ["䕮䕵䕶䕱.中国123", "xn--google.xn--123-u68dy61b", false, true, true], ++ ["xn--accountlogin.䕮䕵䕶䕱", "xn--accountlogin.xn--google", false, true, true], ++ ["䕮䕵䕶䕱.xn--accountlogin", "xn--google.xn--accountlogin", false, true, true], + ]; + +- + const profiles = ["ASCII", "high", "moderate"]; + + function run_test() { +@@ -311,13 +318,13 @@ function run_test() { + var expectedUnicode = test[2 + i]; + var isASCII = {}; + +- var result; +- try { +- result = idnService.convertToDisplayIDN(URL, isASCII); +- } catch(e) { +- result = ".com"; +- } +- if (punycodeURL.substr(0, 4) == "xn--") { ++ var result; ++ try { ++ result = idnService.convertToDisplayIDN(URL, isASCII); ++ } catch(e) { ++ result = ".com"; ++ } ++ if (punycodeURL.substr(0, 4) == "xn--" || punycodeURL.indexOf(".xn--") > 0) { + // test convertToDisplayIDN with a Unicode URL and with a + // Punycode URL if we have one + do_check_eq(escape(result), Property changes on: head/www/firefox/files/patch-a-bug1399540 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1325923 =================================================================== --- head/www/firefox/files/patch-bug1325923 (nonexistent) +++ head/www/firefox/files/patch-bug1325923 (revision 454192) @@ -0,0 +1,121 @@ +commit d9ad239a35bf +Author: Blake Kaplan +Date: Wed Aug 16 16:39:32 2017 -0700 + + Bug 1325923 - Implement the "cookie averse document" concept. r=Ehsan + + See https://html.spec.whatwg.org/multipage/dom.html#resource-metadata-management:cookie-averse-document-object + + MozReview-Commit-ID: GndxqhU77cS +--- + dom/base/nsIDocument.h | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git dom/base/nsIDocument.h dom/base/nsIDocument.h +index e834f5785cad..921e03e107d1 100644 +--- dom/base/nsIDocument.h ++++ dom/base/nsIDocument.h +@@ -2073,6 +2073,34 @@ public: + return mMarkedCCGeneration; + } + ++ /** ++ * Returns whether this document is cookie averse. See ++ * https://html.spec.whatwg.org/multipage/dom.html#cookie-averse-document-object ++ */ ++ bool IsCookieAverse() const ++ { ++ // If we are a document that "has no browsing context." ++ if (!GetInnerWindow()) { ++ return true; ++ } ++ ++ // If we are a document "whose URL's scheme is not a network scheme." ++ // NB: Explicitly allow file: URIs to store cookies. ++ nsCOMPtr codebaseURI; ++ NodePrincipal()->GetURI(getter_AddRefs(codebaseURI)); ++ ++ if (!codebaseURI) { ++ return true; ++ } ++ ++ nsAutoCString scheme; ++ codebaseURI->GetScheme(scheme); ++ return !scheme.EqualsLiteral("http") && ++ !scheme.EqualsLiteral("https") && ++ !scheme.EqualsLiteral("ftp") && ++ !scheme.EqualsLiteral("file"); ++ } ++ + bool IsLoadedAsData() + { + return mLoadedAsData; + +commit 10775852824c +Author: Blake Kaplan +Date: Wed Aug 16 16:58:19 2017 -0700 + + Bug 1325923 - Use this new API. r=Ehsan + + MozReview-Commit-ID: 6tuaEqQA551 +--- + dom/base/nsContentSink.cpp | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git dom/base/nsContentSink.cpp dom/base/nsContentSink.cpp +index c52761c8521f..c3e9f43846d4 100644 +--- dom/base/nsContentSink.cpp ++++ dom/base/nsContentSink.cpp +@@ -843,6 +843,12 @@ nsContentSink::ProcessMETATag(nsIContent* aContent) + return NS_OK; + } + ++ // Don't allow setting cookies in in cookie averse ++ // documents. ++ if (nsGkAtoms::setcookie->Equals(header) && mDocument->IsCookieAverse()) { ++ return NS_OK; ++ } ++ + nsAutoString result; + aContent->GetAttr(kNameSpaceID_None, nsGkAtoms::content, result); + if (!result.IsEmpty()) { + +commit f48bc2cbf262 +Author: Blake Kaplan +Date: Wed Aug 16 17:22:31 2017 -0700 + + Bug 1325923 - Use this API where we're supposed to. r=Ehsan + + MozReview-Commit-ID: HGU5YtUzv9U +--- + dom/html/nsHTMLDocument.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git dom/html/nsHTMLDocument.cpp dom/html/nsHTMLDocument.cpp +index fa3d614854d9..b146698b6494 100644 +--- dom/html/nsHTMLDocument.cpp ++++ dom/html/nsHTMLDocument.cpp +@@ -1347,6 +1347,11 @@ nsHTMLDocument::GetCookie(nsAString& aCookie, ErrorResult& rv) + return; + } + ++ // If the document is a cookie-averse Document... return the empty string. ++ if (IsCookieAverse()) { ++ return; ++ } ++ + // not having a cookie service isn't an error + nsCOMPtr service = do_GetService(NS_COOKIESERVICE_CONTRACTID); + if (service) { +@@ -1400,6 +1405,11 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie, ErrorResult& rv) + return; + } + ++ // If the document is a cookie-averse Document... do nothing. ++ if (IsCookieAverse()) { ++ return; ++ } ++ + // not having a cookie service isn't an error + nsCOMPtr service = do_GetService(NS_COOKIESERVICE_CONTRACTID); + if (service && mDocumentURI) { Property changes on: head/www/firefox/files/patch-bug1325923 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1365894 =================================================================== --- head/www/firefox/files/patch-bug1365894 (nonexistent) +++ head/www/firefox/files/patch-bug1365894 (revision 454192) @@ -0,0 +1,60 @@ +commit 97515a9302ed +Author: James Cheng +Date: Mon Oct 9 13:40:12 2017 -0400 + + Bug 1365894 - Make SystemGroupImpl be a normal ref-counted object. r=ehsan, a=ritu + + MozReview-Commit-ID: LUcoBhNx2M5 + + --HG-- + extra : source : 3959033a31666770047dd460979032464a48ba66 +--- + xpcom/threads/SystemGroup.cpp | 18 +++++------------- + 1 file changed, 5 insertions(+), 13 deletions(-) + +diff --git xpcom/threads/SystemGroup.cpp xpcom/threads/SystemGroup.cpp +index a95ecc6cdd77..04bf3bd248ef 100644 +--- xpcom/threads/SystemGroup.cpp ++++ xpcom/threads/SystemGroup.cpp +@@ -16,7 +16,7 @@ class SystemGroupImpl final : public SchedulerGroup + { + public: + SystemGroupImpl(); +- ~SystemGroupImpl() {} ++ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SystemGroupImpl) + + static void InitStatic(); + static void ShutdownStatic(); +@@ -24,20 +24,12 @@ public: + + static bool Initialized() { return !!sSingleton; } + +- NS_METHOD_(MozExternalRefCountType) AddRef(void) +- { +- return 2; +- } +- NS_METHOD_(MozExternalRefCountType) Release(void) +- { +- return 1; +- } +- + private: +- static UniquePtr sSingleton; ++ ~SystemGroupImpl() = default; ++ static StaticRefPtr sSingleton; + }; + +-UniquePtr SystemGroupImpl::sSingleton; ++StaticRefPtr SystemGroupImpl::sSingleton; + + SystemGroupImpl::SystemGroupImpl() + { +@@ -49,7 +41,7 @@ SystemGroupImpl::InitStatic() + { + MOZ_ASSERT(!sSingleton); + MOZ_ASSERT(NS_IsMainThread()); +- sSingleton = MakeUnique(); ++ sSingleton = new SystemGroupImpl(); + } + + /* static */ void Property changes on: head/www/firefox/files/patch-bug1365894 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1366420 =================================================================== --- head/www/firefox/files/patch-bug1366420 (nonexistent) +++ head/www/firefox/files/patch-bug1366420 (revision 454192) @@ -0,0 +1,128 @@ +commit dfe9efffb57b +Author: Marco Bonardo +Date: Wed Oct 4 11:13:19 2017 +0200 + + Bug 1366420. r=standard8, a=ritu + + MozReview-Commit-ID: FOIqr5RdRjz + + --HG-- + extra : source : 08312cdfb2304264e6871357fe2e6e7831272d21 +--- + toolkit/components/places/BookmarkHTMLUtils.jsm | 2 +- + .../unit/test_bookmarks_html_escape_entities.js | 81 ++++++++++++++++++++++ + toolkit/components/places/tests/unit/xpcshell.ini | 1 + + 3 files changed, 83 insertions(+), 1 deletion(-) + +diff --git toolkit/components/places/BookmarkHTMLUtils.jsm toolkit/components/places/BookmarkHTMLUtils.jsm +index 653e29fc5875..f4c1e7495d32 100644 +--- toolkit/components/places/BookmarkHTMLUtils.jsm ++++ toolkit/components/places/BookmarkHTMLUtils.jsm +@@ -1143,7 +1143,7 @@ BookmarkExporter.prototype = { + if (aItem.charset) + this._writeAttribute("LAST_CHARSET", escapeHtmlEntities(aItem.charset)); + if (aItem.tags) +- this._writeAttribute("TAGS", aItem.tags); ++ this._writeAttribute("TAGS", escapeHtmlEntities(aItem.tags)); + this._writeLine(">" + escapeHtmlEntities(aItem.title) + ""); + this._writeDescription(aItem, aIndent); + }, +diff --git toolkit/components/places/tests/unit/test_bookmarks_html_escape_entities.js toolkit/components/places/tests/unit/test_bookmarks_html_escape_entities.js +new file mode 100644 +index 000000000000..73c5e0e0744d +--- /dev/null ++++ toolkit/components/places/tests/unit/test_bookmarks_html_escape_entities.js +@@ -0,0 +1,81 @@ ++/* Any copyright is dedicated to the Public Domain. ++ * http://creativecommons.org/publicdomain/zero/1.0/ */ ++ ++"use strict"; ++ ++// Checks that html entities are escaped in bookmarks.html files. ++ ++const DESCRIPTION_ANNO = "bookmarkProperties/description"; ++ ++add_task(async function() { ++ // Removes bookmarks.html if the file already exists. ++ let HTMLFile = OS.Path.join(OS.Constants.Path.profileDir, "bookmarks.html"); ++ if ((await OS.File.exists(HTMLFile))) { ++ await OS.File.remove(HTMLFile); ++ } ++ ++ let unescaped = ''; ++ // Adds bookmarks and tags to the database. ++ const url = 'http://www.google.it/"/'; ++ let bm = await PlacesUtils.bookmarks.insert({ ++ parentGuid: PlacesUtils.bookmarks.unfiledGuid, ++ url, ++ title: unescaped ++ }); ++ await PlacesUtils.keywords.insert({ url, keyword: unescaped, postData: unescaped }) ++ let uri = Services.io.newURI(url); ++ PlacesUtils.tagging.tagURI(uri, [unescaped]); ++ await PlacesUtils.setCharsetForURI(uri, unescaped); ++ PlacesUtils.annotations.setItemAnnotation( ++ await PlacesUtils.promiseItemId(bm.guid), ++ DESCRIPTION_ANNO, unescaped, 0, PlacesUtils.annotations.EXPIRE_NEVER); ++ ++ // Exports the bookmarks as a HTML file. ++ await BookmarkHTMLUtils.exportToFile(HTMLFile); ++ await PlacesUtils.bookmarks.remove(bm); ++ ++ // Check there are no unescaped entities in the html file. ++ let xml = await new Promise((resolve, reject) => { ++ let xhr = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"] ++ .createInstance(Ci.nsIXMLHttpRequest); ++ xhr.onload = () => { ++ try { ++ resolve(xhr.responseXML); ++ } catch (e) { ++ reject(e); ++ } ++ }; ++ xhr.onabort = xhr.onerror = xhr.ontimeout = () => { ++ reject(new Error("xmlhttprequest failed")); ++ }; ++ xhr.open("GET", OS.Path.toFileURI(HTMLFile)); ++ xhr.responseType = "document"; ++ xhr.overrideMimeType("text/html"); ++ xhr.send(); ++ }); ++ ++ let checksCount = 6; ++ for (let current = xml; current; ++ current = current.firstChild || current.nextSibling || current.parentNode.nextSibling) { ++ switch (current.nodeType) { ++ case Ci.nsIDOMNode.ELEMENT_NODE: ++ for (let {name, value} of current.attributes) { ++ do_print("Found attribute: " + name); ++ // Check tags, keyword, postData and charSet. ++ if (["tags", "last_charset", "shortcuturl", "post_data"].includes(name)) { ++ Assert.equal(value, unescaped, `Attribute ${name} should be complete`); ++ checksCount--; ++ } ++ } ++ break; ++ case Ci.nsIDOMNode.TEXT_NODE: ++ // Check Title and description. ++ if (!current.data.startsWith("\n") && !current.data.includes("Bookmarks")) { ++ Assert.equal(current.data.trim(), unescaped, "Text node should be complete"); ++ checksCount--; ++ } ++ break; ++ } ++ } ++ Assert.equal(checksCount, 0, "All the checks ran") ++}); +diff --git toolkit/components/places/tests/unit/xpcshell.ini toolkit/components/places/tests/unit/xpcshell.ini +index 6952e4158753..776e7e548f92 100644 +--- toolkit/components/places/tests/unit/xpcshell.ini ++++ toolkit/components/places/tests/unit/xpcshell.ini +@@ -67,6 +67,7 @@ skip-if = (os == "win" && os_version == "5.1") # Bug 1158887 + [test_bookmarks_json.js] + [test_bookmarks_html.js] + [test_bookmarks_html_corrupt.js] ++[test_bookmarks_html_escape_entities.js] + [test_bookmarks_html_import_tags.js] + [test_bookmarks_html_singleframe.js] + [test_bookmarks_restore_notification.js] Property changes on: head/www/firefox/files/patch-bug1366420 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1370497 =================================================================== --- head/www/firefox/files/patch-bug1370497 (nonexistent) +++ head/www/firefox/files/patch-bug1370497 (revision 454192) @@ -0,0 +1,100 @@ +commit c79086d4c25c +Author: Jonathan Kew +Date: Wed Sep 27 11:16:35 2017 +0100 + + Bug 1370497 - Check ScriptExtensions property of combining marks when available. r=valentin, a=ritu + + --HG-- + extra : source : 6bd2d96c0c3d952b205e1bb2f6915cbc820a61a1 + extra : amend_source : b0c6b6fbea0bf77c8d1527e131d3773b4d959ea0 +--- + netwerk/dns/nsIDNService.cpp | 45 ++++++++++++++++++++++++++++++++------ + netwerk/test/unit/test_idn_urls.js | 5 +++++ + 2 files changed, 43 insertions(+), 7 deletions(-) + +diff --git netwerk/dns/nsIDNService.cpp netwerk/dns/nsIDNService.cpp +index 4c45a2d52e45..e07910a7e70d 100644 +--- netwerk/dns/nsIDNService.cpp ++++ netwerk/dns/nsIDNService.cpp +@@ -26,6 +26,7 @@ + const bool kIDNA2008_TransitionalProcessing = false; + + #include "ICUUtils.h" ++#include "unicode/uscript.h" + #endif + + using namespace mozilla::unicode; +@@ -900,8 +901,8 @@ bool nsIDNService::isLabelSafe(const nsAString &label) + } + + // Check for mixed numbering systems +- if (GetGeneralCategory(ch) == +- HB_UNICODE_GENERAL_CATEGORY_DECIMAL_NUMBER) { ++ auto genCat = GetGeneralCategory(ch); ++ if (genCat == HB_UNICODE_GENERAL_CATEGORY_DECIMAL_NUMBER) { + uint32_t zeroCharacter = ch - GetNumericValue(ch); + if (savedNumberingSystem == 0) { + // If we encounter a decimal number, save the zero character from that +@@ -912,11 +913,41 @@ bool nsIDNService::isLabelSafe(const nsAString &label) + } + } + +- // Check for consecutive non-spacing marks +- if (previousChar != 0 && +- previousChar == ch && +- GetGeneralCategory(ch) == HB_UNICODE_GENERAL_CATEGORY_NON_SPACING_MARK) { +- return false; ++ if (genCat == HB_UNICODE_GENERAL_CATEGORY_NON_SPACING_MARK) { ++ // Check for consecutive non-spacing marks. ++ if (previousChar != 0 && previousChar == ch) { ++ return false; ++ } ++ // Check for marks whose expected script doesn't match the base script. ++ if (lastScript != Script::INVALID) { ++ const size_t kMaxScripts = 32; // more than ample for current values ++ // of ScriptExtensions property ++ UScriptCode scripts[kMaxScripts]; ++ UErrorCode errorCode = U_ZERO_ERROR; ++ int nScripts = uscript_getScriptExtensions(ch, scripts, kMaxScripts, ++ &errorCode); ++ MOZ_ASSERT(U_SUCCESS(errorCode), "uscript_getScriptExtensions failed"); ++ if (U_FAILURE(errorCode)) { ++ return false; ++ } ++ // nScripts will always be >= 1, because even for undefined characters ++ // uscript_getScriptExtensions will return Script::INVALID. ++ // If the mark just has script=COMMON or INHERITED, we can't check any ++ // more carefully, but if it has specific scriptExtension codes, then ++ // assume those are the only valid scripts to use it with. ++ if (nScripts > 1 || ++ (Script(scripts[0]) != Script::COMMON && ++ Script(scripts[0]) != Script::INHERITED)) { ++ while (--nScripts >= 0) { ++ if (Script(scripts[nScripts]) == lastScript) { ++ break; ++ } ++ } ++ if (nScripts == -1) { ++ return false; ++ } ++ } ++ } + } + + // Simplified/Traditional Chinese check temporarily disabled -- bug 857481 +diff --git netwerk/test/unit/test_idn_urls.js netwerk/test/unit/test_idn_urls.js +index 0d8cf3216293..f39a9650a13b 100644 +--- netwerk/test/unit/test_idn_urls.js ++++ netwerk/test/unit/test_idn_urls.js +@@ -295,6 +295,11 @@ const testcases = [ + ["䕮䕵䕶䕱.中国123", "xn--google.xn--123-u68dy61b", false, true, true], + ["xn--accountlogin.䕮䕵䕶䕱", "xn--accountlogin.xn--google", false, true, true], + ["䕮䕵䕶䕱.xn--accountlogin", "xn--google.xn--accountlogin", false, true, true], ++ ++ // Arabic diacritic not allowed in Latin text (bug 1370497) ++ ["goo\u0650gle", "xn--google-yri", false, false, false], ++ // ...but Arabic diacritics are allowed on Arabic text ++ ["العَرَبِي", "xn--mgbc0a5a6cxbzabt", false, true, true], + ]; + + const profiles = ["ASCII", "high", "moderate"]; Property changes on: head/www/firefox/files/patch-bug1370497 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1377587 =================================================================== --- head/www/firefox/files/patch-bug1377587 (nonexistent) +++ head/www/firefox/files/patch-bug1377587 (revision 454192) @@ -0,0 +1,929 @@ +commit 2b68b38709b1 +Author: Andrew McCreight +Date: Tue Aug 22 14:24:11 2017 -0700 + + Bug 1377587, part 1 - Always act like __exposedProps__ is missing. r=krizsa + + This patch gently removes support for __exposedProps__ by changing + ExposedPropertiesOnly::check() to always return false, while still + failing silently in deny for some kinds of access. + + The tests that I changed all involve testing the behavior with + __exposedProps__. I adjusted them to expect it to fail, or to adjust + the error message they get when they fail. That seemed better than + deleting them entirely. + + Note that test_bug1065185.html had a bug, so that it never executed + the first case. I fixed that, and then fixed up the test to work when + __exposedProps__ is not supported. + + This also removes various bits of the test framework that use + __exposedProps__, but don't actually need to. + + MozReview-Commit-ID: 8fvkAmITmXY + + --HG-- + extra : rebase_source : ef7e2c55adc12511f17f3865ebb46c343875f0b3 +--- + addon-sdk/source/lib/sdk/console/plain-text.js | 10 -- + addon-sdk/source/lib/sdk/test/loader.js | 5 - + .../addons/e10s-content/lib/test-content-script.js | 6 +- + addon-sdk/source/test/test-content-script.js | 6 +- + devtools/server/tests/unit/test_objectgrips-17.js | 4 - + dom/base/nsDeprecatedOperationList.h | 1 - + dom/base/test/chrome/cpows_child.js | 12 +- + dom/locales/en-US/chrome/dom/dom.properties | 2 - + js/xpconnect/src/XPCJSRuntime.cpp | 1 - + js/xpconnect/src/xpcprivate.h | 1 - + js/xpconnect/tests/chrome/test_bug1065185.html | 6 +- + js/xpconnect/tests/chrome/test_cows.xul | 80 +++------ + js/xpconnect/tests/chrome/test_exposeInDerived.xul | 13 +- + js/xpconnect/tests/unit/test_bug1082450.js | 20 +-- + js/xpconnect/tests/unit/test_bug780370.js | 7 +- + js/xpconnect/tests/unit/test_bug813901.js | 2 +- + js/xpconnect/tests/unit/test_bug853709.js | 4 +- + js/xpconnect/tests/unit/test_bug854558.js | 2 +- + js/xpconnect/tests/unit/test_bug930091.js | 2 +- + js/xpconnect/wrappers/AccessCheck.cpp | 179 --------------------- + js/xpconnect/wrappers/AccessCheck.h | 11 +- + js/xpconnect/wrappers/ChromeObjectWrapper.h | 6 +- + js/xpconnect/wrappers/WrapperFactory.cpp | 4 +- + js/xpconnect/wrappers/XrayWrapper.cpp | 2 +- + testing/mochitest/tests/SimpleTest/ChromePowers.js | 9 -- + .../specialpowers/content/MockPermissionPrompt.jsm | 12 -- + .../components/addoncompat/RemoteAddonsParent.jsm | 2 +- + 27 files changed, 74 insertions(+), 335 deletions(-) + +diff --git addon-sdk/source/lib/sdk/console/plain-text.js addon-sdk/source/lib/sdk/console/plain-text.js +index 0e44cf106d52..07b8eb629e12 100644 +--- addon-sdk/source/lib/sdk/console/plain-text.js ++++ addon-sdk/source/lib/sdk/console/plain-text.js +@@ -62,16 +62,6 @@ function PlainTextConsole(print, innerID) { + } + }); + +- // We defined the `__exposedProps__` in our console chrome object. +- // +- // Meanwhile we're investigating with the platform team if `__exposedProps__` +- // are needed, or are just a left-over. +- +- console.__exposedProps__ = Object.keys(ConsoleAPI.prototype).reduce(function(exposed, prop) { +- exposed[prop] = "r"; +- return exposed; +- }, {}); +- + Object.freeze(console); + return console; + }; +diff --git addon-sdk/source/lib/sdk/test/loader.js addon-sdk/source/lib/sdk/test/loader.js +index 33ba2ca5a029..b555de63f02a 100644 +--- addon-sdk/source/lib/sdk/test/loader.js ++++ addon-sdk/source/lib/sdk/test/loader.js +@@ -53,11 +53,6 @@ function HookedPlainTextConsole(hook, print, innerID) { + this.exception = hook.bind(null, "exception", innerID); + this.time = hook.bind(null, "time", innerID); + this.timeEnd = hook.bind(null, "timeEnd", innerID); +- +- this.__exposedProps__ = { +- log: "rw", info: "rw", warn: "rw", error: "rw", debug: "rw", +- exception: "rw", time: "rw", timeEnd: "rw" +- }; + } + + // Creates a custom loader instance whose console module is hooked in order +diff --git addon-sdk/source/test/addons/e10s-content/lib/test-content-script.js addon-sdk/source/test/addons/e10s-content/lib/test-content-script.js +index 477895e40481..3dccfec618d3 100644 +--- addon-sdk/source/test/addons/e10s-content/lib/test-content-script.js ++++ addon-sdk/source/test/addons/e10s-content/lib/test-content-script.js +@@ -444,7 +444,7 @@ exports["test Highlight toString Behavior"] = createProxyTest("", function (help + let strToString = helper.rawWindow.Object.prototype.toString.call(""); + assert.ok(/\[object String.*\]/.test(strToString), "strings are strings"); + +- let o = {__exposedProps__:{}}; ++ let o = {}; + let objToString = helper.rawWindow.Object.prototype.toString.call(o); + assert.ok(/\[object Object.*\]/.test(objToString), "objects are objects"); + +@@ -622,10 +622,6 @@ exports["test Functions"] = createProxyTest("", function (helper) { + helper.rawWindow.isEqual = function isEqual(a, b) { + return a == b; + }; +- // bug 784116: workaround in order to allow proxy code to cache proxies on +- // these functions: +- helper.rawWindow.callFunction.__exposedProps__ = {__proxy: 'rw'}; +- helper.rawWindow.isEqual.__exposedProps__ = {__proxy: 'rw'}; + + helper.createWorker( + 'new ' + function ContentScriptScope() { +diff --git addon-sdk/source/test/test-content-script.js addon-sdk/source/test/test-content-script.js +index 709fb5a3aa91..a02e66f65eea 100644 +--- addon-sdk/source/test/test-content-script.js ++++ addon-sdk/source/test/test-content-script.js +@@ -444,7 +444,7 @@ exports["test Highlight toString Behavior"] = createProxyTest("", function (help + let strToString = helper.rawWindow.Object.prototype.toString.call(""); + assert.ok(/\[object String.*\]/.test(strToString), "strings are strings"); + +- let o = {__exposedProps__:{}}; ++ let o = {}; + let objToString = helper.rawWindow.Object.prototype.toString.call(o); + assert.ok(/\[object Object.*\]/.test(objToString), "objects are objects"); + +@@ -622,10 +622,6 @@ exports["test Functions"] = createProxyTest("", function (helper) { + helper.rawWindow.isEqual = function isEqual(a, b) { + return a == b; + }; +- // bug 784116: workaround in order to allow proxy code to cache proxies on +- // these functions: +- helper.rawWindow.callFunction.__exposedProps__ = {__proxy: 'rw'}; +- helper.rawWindow.isEqual.__exposedProps__ = {__proxy: 'rw'}; + + helper.createWorker( + 'new ' + function ContentScriptScope() { +diff --git dom/base/nsDeprecatedOperationList.h dom/base/nsDeprecatedOperationList.h +index 2523187c63a7..adcf4d9d8202 100644 +--- dom/base/nsDeprecatedOperationList.h ++++ dom/base/nsDeprecatedOperationList.h +@@ -21,7 +21,6 @@ DEPRECATED_OPERATION(NodeValue) + DEPRECATED_OPERATION(TextContent) + DEPRECATED_OPERATION(EnablePrivilege) + DEPRECATED_OPERATION(DOMExceptionCode) +-DEPRECATED_OPERATION(NoExposedProps) + DEPRECATED_OPERATION(MutationEvent) + DEPRECATED_OPERATION(Components) + DEPRECATED_OPERATION(PrefixedVisibilityAPI) +diff --git dom/base/test/chrome/cpows_child.js dom/base/test/chrome/cpows_child.js +index 6d240a7eaa51..fc7e3f2c9d0f 100644 +--- dom/base/test/chrome/cpows_child.js ++++ dom/base/test/chrome/cpows_child.js +@@ -105,7 +105,13 @@ function parent_test(finish) + + addMessageListener("cpows:from_parent", (msg) => { + let obj = msg.objects.obj; +- ok(obj.a == 1, "correct value from parent"); ++ if (is_remote) { ++ ok(obj.a == undefined, "__exposedProps__ should not work"); ++ } else { ++ // The same process test is not run as content, so the field can ++ // be accessed even though __exposedProps__ has been removed. ++ ok(obj.a == 1, "correct value from parent"); ++ } + + // Test that a CPOW reference to a function in the chrome process + // is callable from unprivileged content. Greasemonkey uses this +@@ -260,11 +266,11 @@ function lifetime_test(finish) + var obj = {"will_die": {"f": 1}}; + let [result] = sendRpcMessage("cpows:lifetime_test_1", {}, {obj: obj}); + ok(result == 10, "got sync result"); +- ok(obj.wont_die.f == 2, "got reverse CPOW"); ++ ok(obj.wont_die.f == undefined, "got reverse CPOW"); + obj.will_die = null; + Components.utils.schedulePreciseGC(function() { + addMessageListener("cpows:lifetime_test_3", (msg) => { +- ok(obj.wont_die.f == 2, "reverse CPOW still works"); ++ ok(obj.wont_die.f == undefined, "reverse CPOW still works"); + finish(); + }); + sendRpcMessage("cpows:lifetime_test_2"); +diff --git dom/locales/en-US/chrome/dom/dom.properties dom/locales/en-US/chrome/dom/dom.properties +index 5c94a580287a..ac9dbed58e08 100644 +--- dom/locales/en-US/chrome/dom/dom.properties ++++ dom/locales/en-US/chrome/dom/dom.properties +@@ -154,8 +154,6 @@ MediaEMENoCapabilitiesDeprecatedWarning=Calling navigator.requestMediaKeySystemA + MediaEMENoCodecsDeprecatedWarning=Calling navigator.requestMediaKeySystemAccess() (at %S) passing a candidate MediaKeySystemConfiguration containing audioCapabilities or videoCapabilities without a contentType with a “codecs” string is deprecated and will soon become unsupported. + # LOCALIZATION NOTE: Do not translate "DOMException", "code" and "name" + DOMExceptionCodeWarning=Use of DOMException’s code attribute is deprecated. Use name instead. +-# LOCALIZATION NOTE: Do not translate "__exposedProps__" +-NoExposedPropsWarning=Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated. See https://developer.mozilla.org/en/XPConnect_wrappers for more information. + # LOCALIZATION NOTE: Do not translate "Mutation Event" and "MutationObserver" + MutationEventWarning=Use of Mutation Events is deprecated. Use MutationObserver instead. + # LOCALIZATION NOTE: Do not translate "Components" +diff --git js/xpconnect/src/XPCJSRuntime.cpp js/xpconnect/src/XPCJSRuntime.cpp +index 455b9f8e963f..ff9aea0a41eb 100644 +--- js/xpconnect/src/XPCJSRuntime.cpp ++++ js/xpconnect/src/XPCJSRuntime.cpp +@@ -93,7 +93,6 @@ const char* const XPCJSRuntime::mStrings[] = { + "item", // IDX_ITEM + "__proto__", // IDX_PROTO + "__iterator__", // IDX_ITERATOR +- "__exposedProps__", // IDX_EXPOSEDPROPS + "eval", // IDX_EVAL + "controllers", // IDX_CONTROLLERS + "Controllers", // IDX_CONTROLLERS_CLASS +diff --git js/xpconnect/src/xpcprivate.h js/xpconnect/src/xpcprivate.h +index fb7e43c22cd0..5d877f09d301 100644 +--- js/xpconnect/src/xpcprivate.h ++++ js/xpconnect/src/xpcprivate.h +@@ -460,7 +460,6 @@ public: + IDX_ITEM , + IDX_PROTO , + IDX_ITERATOR , +- IDX_EXPOSEDPROPS , + IDX_EVAL , + IDX_CONTROLLERS , + IDX_CONTROLLERS_CLASS , +diff --git js/xpconnect/tests/chrome/test_bug1065185.html js/xpconnect/tests/chrome/test_bug1065185.html +index cdd65326f9c8..7ea81fc8aa6f 100644 +--- js/xpconnect/tests/chrome/test_bug1065185.html ++++ js/xpconnect/tests/chrome/test_bug1065185.html +@@ -25,11 +25,11 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1065185 + + var gLoadCount = 0; + function loaded() { +- switch(++gLoadCount) { ++ switch(gLoadCount++) { + case 0: +- doMonitor([]); ++ doMonitor([/access to property "a"/i]); + window[0].wrappedJSObject.probe = { a: 2, __exposedProps__: { 'a': 'r' } }; +- is(window[0].eval('probe.a'), 2, "Accessed exposed prop"); ++ is(window[0].eval('probe.a'), undefined, "Accessed exposed prop"); + endMonitor(); + break; + case 1: +diff --git js/xpconnect/tests/chrome/test_cows.xul js/xpconnect/tests/chrome/test_cows.xul +index 75c5250dd150..adfdd686540b 100644 +--- js/xpconnect/tests/chrome/test_cows.xul ++++ js/xpconnect/tests/chrome/test_cows.xul +@@ -49,13 +49,6 @@ sandbox.getCOW = getCOW; + const TEST_API = ['is', 'isnot', 'ok', 'todo_is', 'todo_isnot', 'todo']; + TEST_API.forEach(function(name) { sandbox[name] = window[name]; }); + +-sandbox.alienObject = { +- __exposedProps__: {funProp: 'r'}, +- funProp: function foo(x) { +- return x + 1; +- } +-}; +- + sandbox.chromeGet = function (obj, prop) { return obj[prop]; }; + + function COWTests() { +@@ -74,17 +67,6 @@ function COWTests() { + // functions like assertIsWritable(myObj, 'someproperty') might + // be useful. + +- function isProp(obj, propName, value, desc) { +- try { +- is(obj[propName], value, "getting " + propName + " on " + desc); +- ok(propName in obj, +- propName + " on " + desc + " should exist"); +- ok(Object.hasOwnProperty.call(obj, propName), +- propName + " on " + desc + " should exist"); +- } catch (e) { +- ok(false, "getting " + propName + " on " + desc + " threw " + e); +- } +- } + function isPropHidden(obj, propName, desc) { + try { + is(obj[propName], undefined, +@@ -103,7 +85,7 @@ function COWTests() { + var empty = {}; + var nonempty = {foo: 42, bar: 33}; + is(getCOW(empty).foo, undefined, +- "shouldn't throw when accessing exposed properties that doesn't exist"); ++ "shouldn't throw when accessing exposed properties that don't exist"); + + PROPS_TO_TEST.forEach(function(name) { + isPropHidden(getCOW(nonempty), name, "object without exposedProps"); +@@ -135,18 +117,12 @@ function COWTests() { + var strict = { __exposedProps__: { foo: "r" }, foo: "foo property" }; + var strictCOWr = getCOW(strict); + PROPS_TO_TEST.forEach(function(name) { +- if (name == "foo") { +- isProp(strictCOWr, name, "foo property", +- "object with exposed 'foo'"); +- } +- else { +- isPropHidden(strictCOW, name, "object with exposed 'foo'"); +- } ++ isPropHidden(strictCOW, name, "object with exposed 'foo'"); + }); +- is(getNames(strictCOWr).length, 1, +- "object with exposedProps only enumerate exposed props"); +- is(getNames(strictCOWr)[0], "foo", +- "object with exposedProps only enumerate exposed props"); ++ is(getNames(strictCOWr).length, 0, ++ "exposed props does not enumerate anything"); ++ is(getNames(strictCOWr)[0], undefined, ++ "exposed props does not enumerate anything"); + + // Test writable property + var writable = getCOW({ __exposedProps__: {foo: 'w'}}); +@@ -154,25 +130,18 @@ function COWTests() { + ok(!("foo" in writable), + "non-existing write-only property shouldn't exist"); + writable.foo = 5; +- is(chromeGet(writable, "foo"), 5, "writing to a write-only exposed prop works"); +- todo("foo" in writable, +- "existing write-only property should exist"); +- } catch (e) { +- ok(false, "writing to a write-only exposed prop shouldn't throw " + e); +- } +- try { +- writable.foo; +- todo(false, "reading from a write-only exposed prop should throw"); ++ ok(false, "writing to a write-only exposed prop should throw"); + } catch (e) { +- todo(/Permission denied/.test(e), +- "reading from a write-only exposed prop should throw"); ++ ok(/Permission denied/.test(e), ++ "writing to a write-only exposed prop should throw the right error"); + } ++ is(writable.foo, undefined, ++ "reading from a write-only exposed prop should return undefined"); + try { + delete writable.foo; +- is(chromeGet(writable, "foo"), undefined, +- "deleting a write-only exposed prop works"); ++ ok(false, "deleting a write-only exposed prop should throw"); + } catch (e) { +- ok(false, "deleting a write-only exposed prop shouldn't throw " + e); ++ ok(true, "deleting a write-only exposed prop should throw " + e); + } + + // Test readable property +@@ -180,8 +149,8 @@ function COWTests() { + foo: 5, + bar: 6 }; + try { +- isProp(getCOW(readable), "foo", 5, +- "reading from a readable exposed prop works"); ++ isPropHidden(getCOW(readable), "foo", undefined, ++ "reading from a readable exposed prop shouldn't work"); + } catch (e) { + ok(false, "reading from a readable exposed prop shouldn't throw " + e); + } +@@ -202,8 +171,7 @@ function COWTests() { + + try { + var props = getNames(getCOW(readable)); +- is(props.length, 1, "COW w/ one exposed prop should enumerate once"); +- is(props[0], 'foo', "COW w/ one exposed prop should enumerate it"); ++ is(props.length, 0, "COW w/ one exposed prop should not enumerate"); + } catch (e) { + ok(false, "COW w/ a readable prop should not raise exc " + + "on enumeration: " + e); +@@ -215,21 +183,17 @@ function COWTests() { + ok(!("foo" in readwrite), + "non-existing readwrite property shouldn't exist"); + readwrite.foo = 5; +- is(readwrite.foo, 5, "writing to a readwrite exposed prop looks like it worked"); +- is(chromeGet(readwrite, "foo"), 5, "writing to a readwrite exposed prop works"); +- ok("foo" in readwrite, +- "existing readwrite property should exist"); ++ ok(false, "writing to a readwrite exposed prop should throw"); + } catch (e) { +- ok(false, "writing to a readwrite exposed prop shouldn't throw " + e); ++ ok(/Permission denied/.test(e), ++ "writing to a readwrite exposed prop should throw the right error"); + } + try { + delete readwrite.foo; +- is(readwrite.foo, undefined, "deleting readwrite prop looks like it worked"); +- ok(!("foo" in readwrite), "deleting readwrite prop looks like it really worked"); +- is(chromeGet(readwrite, "foo"), undefined, +- "deleting a readwrite exposed prop works"); ++ ok(false, "deleting a readwrite prop should throw"); + } catch (e) { +- ok(false, "deleting a readwrite exposed prop shouldn't throw " + e); ++ ok(/Permission denied/.test(e), ++ "deleting a readwrite exposed prop should throw the right error"); + } + + // Readables and functions +diff --git js/xpconnect/tests/chrome/test_exposeInDerived.xul js/xpconnect/tests/chrome/test_exposeInDerived.xul +index 2ed3bb91e7fd..7e6c24e56db1 100644 +--- js/xpconnect/tests/chrome/test_exposeInDerived.xul ++++ js/xpconnect/tests/chrome/test_exposeInDerived.xul +@@ -17,7 +17,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=804630 + + +diff --git js/xpconnect/tests/unit/test_bug1082450.js js/xpconnect/tests/unit/test_bug1082450.js +index 07f45f06beef..5880fcbcd4e6 100644 +--- js/xpconnect/tests/unit/test_bug1082450.js ++++ js/xpconnect/tests/unit/test_bug1082450.js +@@ -5,9 +5,9 @@ function run_test() { + function checkThrows(str, rgxp) { + try { + sb.eval(str); +- do_check_true(false); ++ do_check_true(false, "eval should have thrown"); + } catch (e) { +- do_check_true(rgxp.test(e)); ++ do_check_true(rgxp.test(e), "error message should match"); + } + } + +@@ -29,12 +29,12 @@ function run_test() { + chromeCallableValueProp: 'r' } + }; + +- do_check_eq(sb.eval('exposed.simpleValueProp'), 42); +- do_check_eq(sb.eval('exposed.objectValueProp.val'), 42); +- checkThrows('exposed.getterProp;', /privileged accessor/i); +- checkThrows('exposed.setterProp = 42;', /privileged accessor/i); +- checkThrows('exposed.getterSetterProp;', /privileged accessor/i); +- checkThrows('exposed.getterSetterProp = 42;', /privileged accessor/i); +- do_check_eq(sb.eval('exposed.contentCallableValueProp()'), 42); +- checkThrows('exposed.chromeCallableValueProp();', /privileged or cross-origin callable/i); ++ do_check_eq(sb.eval('exposed.simpleValueProp'), undefined); ++ do_check_eq(sb.eval('exposed.objectValueProp'), undefined); ++ do_check_eq(sb.eval('exposed.getterProp;'), undefined); ++ do_check_eq(sb.eval('exposed.getterSetterProp;'), undefined); ++ checkThrows('exposed.setterProp = 42;', /Permission denied/i); ++ checkThrows('exposed.getterSetterProp = 42;', /Permission denied/i); ++ do_check_eq(sb.eval('exposed.contentCallableValueProp'), undefined); ++ checkThrows('exposed.chromeCallableValueProp();', /is not a function/i); + } +diff --git js/xpconnect/tests/unit/test_bug780370.js js/xpconnect/tests/unit/test_bug780370.js +index 40d6f9748015..7ae757f0cd01 100644 +--- js/xpconnect/tests/unit/test_bug780370.js ++++ js/xpconnect/tests/unit/test_bug780370.js +@@ -14,10 +14,5 @@ function run_test() + var sb = Cu.Sandbox("http://www.example.com"); + sb.obj = { foo: 42, __exposedProps__: { hasOwnProperty: 'r' } }; + do_check_eq(Cu.evalInSandbox('typeof obj.foo', sb), 'undefined', "COW works as expected"); +- try { +- Cu.evalInSandbox('obj.hasOwnProperty', sb); +- do_check_true(false); +- } catch (e) { +- do_check_true(/privileged or cross-origin callable/i.test(e)); +- } ++ do_check_eq(Cu.evalInSandbox('obj.hasOwnProperty', sb), undefined); + } +diff --git js/xpconnect/tests/unit/test_bug813901.js js/xpconnect/tests/unit/test_bug813901.js +index 42f981581b51..2efc6539e879 100644 +--- js/xpconnect/tests/unit/test_bug813901.js ++++ js/xpconnect/tests/unit/test_bug813901.js +@@ -21,5 +21,5 @@ function run_test() { + checkThrows('obj.foo = 3;', sb, /denied/); + Cu.evalInSandbox("var p = {__exposedProps__: {foo: 'rw'}};", sb); + sb.obj.__proto__ = sb.p; +- checkThrows('obj.foo = 4;', sb, /__exposedProps__/); ++ checkThrows('obj.foo = 4;', sb, /denied/); + } +diff --git js/xpconnect/tests/unit/test_bug853709.js js/xpconnect/tests/unit/test_bug853709.js +index c7e51757dc63..1667d2241f93 100644 +--- js/xpconnect/tests/unit/test_bug853709.js ++++ js/xpconnect/tests/unit/test_bug853709.js +@@ -8,7 +8,7 @@ function setupChromeSandbox() { + function checkDefineThrows(sb, obj, prop, desc) { + var result = Cu.evalInSandbox('(function() { try { Object.defineProperty(' + obj + ', "' + prop + '", ' + desc.toSource() + '); return "nothrow"; } catch (e) { return e.toString(); }})();', sb); + do_check_neq(result, 'nothrow'); +- do_check_true(!!/denied/.exec(result)); ++ do_check_true(!!/denied|prohibited/.exec(result)); + do_check_true(result.indexOf(prop) != -1); // Make sure the prop name is in the error message. + } + +@@ -19,7 +19,7 @@ function run_test() { + contentSB.chromeObj = chromeSB.chromeObj; + contentSB.chromeArr = chromeSB.chromeArr; + +- do_check_eq(Cu.evalInSandbox('chromeObj.a', contentSB), 2); ++ do_check_eq(Cu.evalInSandbox('chromeObj.a', contentSB), undefined); + try { + Cu.evalInSandbox('chromeArr[1]', contentSB); + do_check_true(false); +diff --git js/xpconnect/tests/unit/test_bug854558.js js/xpconnect/tests/unit/test_bug854558.js +index d60d23a5baf8..574194dc3f52 100644 +--- js/xpconnect/tests/unit/test_bug854558.js ++++ js/xpconnect/tests/unit/test_bug854558.js +@@ -7,5 +7,5 @@ function run_test() { + contentSB.foo = chromeSB.foo; + do_check_eq(Cu.evalInSandbox('foo.a', contentSB), undefined, "Default deny with no __exposedProps__"); + Cu.evalInSandbox('this.foo.__exposedProps__ = {a: "r"}', chromeSB); +- do_check_eq(Cu.evalInSandbox('foo.a', contentSB), 2, "works with __exposedProps__"); ++ do_check_eq(Cu.evalInSandbox('foo.a', contentSB), undefined, "Still not allowed with __exposedProps__"); + } +diff --git js/xpconnect/tests/unit/test_bug930091.js js/xpconnect/tests/unit/test_bug930091.js +index aa11d5db2640..ecb2a60aed11 100644 +--- js/xpconnect/tests/unit/test_bug930091.js ++++ js/xpconnect/tests/unit/test_bug930091.js +@@ -5,7 +5,7 @@ function checkThrows(fn) { + fn(); + ok(false, "Should have thrown"); + } catch (e) { +- do_check_true(/denied|insecure/.test(e)); ++ do_check_true(/denied|insecure|prohibited/.test(e)); + } + } + +diff --git js/xpconnect/wrappers/AccessCheck.cpp js/xpconnect/wrappers/AccessCheck.cpp +index 07599ce7906a..b730310731e2 100644 +--- js/xpconnect/wrappers/AccessCheck.cpp ++++ js/xpconnect/wrappers/AccessCheck.cpp +@@ -252,20 +252,6 @@ AccessCheck::checkPassToPrivilegedCode(JSContext* cx, HandleObject wrapper, Hand + return true; + } + +- // COWs are fine to pass to chrome if and only if they have __exposedProps__, +- // since presumably content should never have a reason to pass an opaque +- // object back to chrome. +- if (AccessCheck::isChrome(js::UncheckedUnwrap(wrapper)) && WrapperFactory::IsCOW(obj)) { +- RootedObject target(cx, js::UncheckedUnwrap(obj)); +- JSAutoCompartment ac(cx, target); +- RootedId id(cx, GetJSIDByIndex(cx, XPCJSContext::IDX_EXPOSEDPROPS)); +- bool found = false; +- if (!JS_HasPropertyById(cx, target, id, &found)) +- return false; +- if (found) +- return true; +- } +- + // Same-origin wrappers are fine. + if (AccessCheck::wrapperSubsumes(obj)) + return true; +@@ -323,171 +309,6 @@ AccessCheck::reportCrossOriginDenial(JSContext* cx, JS::HandleId id, + MOZ_ALWAYS_TRUE(rv.MaybeSetPendingException(cx)); + } + +-enum Access { READ = (1<<0), WRITE = (1<<1), NO_ACCESS = 0 }; +- +-static void +-EnterAndThrowASCII(JSContext* cx, JSObject* wrapper, const char* msg) +-{ +- JSAutoCompartment ac(cx, wrapper); +- JS_ReportErrorASCII(cx, "%s", msg); +-} +- +-bool +-ExposedPropertiesOnly::check(JSContext* cx, HandleObject wrapper, HandleId id, Wrapper::Action act) +-{ +- RootedObject wrappedObject(cx, Wrapper::wrappedObject(wrapper)); +- +- if (act == Wrapper::CALL) +- return false; +- +- // For the case of getting a property descriptor, we allow if either GET or SET +- // is allowed, and rely on FilteringWrapper to filter out any disallowed accessors. +- if (act == Wrapper::GET_PROPERTY_DESCRIPTOR) { +- return check(cx, wrapper, id, Wrapper::GET) || +- check(cx, wrapper, id, Wrapper::SET); +- } +- +- RootedId exposedPropsId(cx, GetJSIDByIndex(cx, XPCJSContext::IDX_EXPOSEDPROPS)); +- +- // We need to enter the wrappee's compartment to look at __exposedProps__, +- // but we want to be in the wrapper's compartment if we call Deny(). +- // +- // Unfortunately, |cx| can be in either compartment when we call ::check. :-( +- JSAutoCompartment ac(cx, wrappedObject); +- +- bool found = false; +- if (!JS_HasPropertyById(cx, wrappedObject, exposedPropsId, &found)) +- return false; +- +- // If no __exposedProps__ existed, deny access. +- if (!found) { +- // Previously we automatically granted access to indexed properties and +- // .length for Array COWs. We're not doing that anymore, so make sure to +- // let people know what's going on. +- bool isArray; +- if (!JS_IsArrayObject(cx, wrappedObject, &isArray)) +- return false; +- if (!isArray) +- isArray = JS_IsTypedArrayObject(wrappedObject); +- bool isIndexedAccessOnArray = isArray && JSID_IS_INT(id) && JSID_TO_INT(id) >= 0; +- bool isLengthAccessOnArray = isArray && JSID_IS_STRING(id) && +- JS_FlatStringEqualsAscii(JSID_TO_FLAT_STRING(id), "length"); +- if (isIndexedAccessOnArray || isLengthAccessOnArray) { +- JSAutoCompartment ac2(cx, wrapper); +- ReportWrapperDenial(cx, id, WrapperDenialForCOW, +- "Access to elements and length of privileged Array not permitted"); +- } +- +- return false; +- } +- +- if (id == JSID_VOID) +- return true; +- +- Rooted desc(cx); +- if (!JS_GetPropertyDescriptorById(cx, wrappedObject, exposedPropsId, &desc)) +- return false; +- +- if (!desc.object()) +- return false; +- +- if (desc.hasGetterOrSetter()) { +- EnterAndThrowASCII(cx, wrapper, "__exposedProps__ must be a value property"); +- return false; +- } +- +- RootedValue exposedProps(cx, desc.value()); +- if (exposedProps.isNullOrUndefined()) +- return false; +- +- if (!exposedProps.isObject()) { +- EnterAndThrowASCII(cx, wrapper, "__exposedProps__ must be undefined, null, or an Object"); +- return false; +- } +- +- RootedObject hallpass(cx, &exposedProps.toObject()); +- +- if (!AccessCheck::subsumes(js::UncheckedUnwrap(hallpass), wrappedObject)) { +- EnterAndThrowASCII(cx, wrapper, "Invalid __exposedProps__"); +- return false; +- } +- +- Access access = NO_ACCESS; +- +- if (!JS_GetPropertyDescriptorById(cx, hallpass, id, &desc)) { +- return false; // Error +- } +- if (!desc.object() || !desc.enumerable()) +- return false; +- +- if (!desc.value().isString()) { +- EnterAndThrowASCII(cx, wrapper, "property must be a string"); +- return false; +- } +- +- JSFlatString* flat = JS_FlattenString(cx, desc.value().toString()); +- if (!flat) +- return false; +- +- size_t length = JS_GetStringLength(JS_FORGET_STRING_FLATNESS(flat)); +- +- for (size_t i = 0; i < length; ++i) { +- char16_t ch = JS_GetFlatStringCharAt(flat, i); +- switch (ch) { +- case 'r': +- if (access & READ) { +- EnterAndThrowASCII(cx, wrapper, "duplicate 'readable' property flag"); +- return false; +- } +- access = Access(access | READ); +- break; +- +- case 'w': +- if (access & WRITE) { +- EnterAndThrowASCII(cx, wrapper, "duplicate 'writable' property flag"); +- return false; +- } +- access = Access(access | WRITE); +- break; +- +- default: +- EnterAndThrowASCII(cx, wrapper, "properties can only be readable or read and writable"); +- return false; +- } +- } +- +- if (access == NO_ACCESS) { +- EnterAndThrowASCII(cx, wrapper, "specified properties must have a permission bit set"); +- return false; +- } +- +- if ((act == Wrapper::SET && !(access & WRITE)) || +- (act != Wrapper::SET && !(access & READ))) { +- return false; +- } +- +- // Inspect the property on the underlying object to check for red flags. +- if (!JS_GetPropertyDescriptorById(cx, wrappedObject, id, &desc)) +- return false; +- +- // Reject accessor properties. +- if (desc.hasGetterOrSetter()) { +- EnterAndThrowASCII(cx, wrapper, "Exposing privileged accessor properties is prohibited"); +- return false; +- } +- +- // Reject privileged or cross-origin callables. +- if (desc.value().isObject()) { +- RootedObject maybeCallable(cx, js::UncheckedUnwrap(&desc.value().toObject())); +- if (JS::IsCallable(maybeCallable) && !AccessCheck::subsumes(wrapper, maybeCallable)) { +- EnterAndThrowASCII(cx, wrapper, "Exposing privileged or cross-origin callable is prohibited"); +- return false; +- } +- } +- +- return true; +-} +- + bool + ExposedPropertiesOnly::deny(JSContext* cx, js::Wrapper::Action act, HandleId id, + bool mayThrow) +diff --git js/xpconnect/wrappers/AccessCheck.h js/xpconnect/wrappers/AccessCheck.h +index 678dce3e0b81..c4873760ab7a 100644 +--- js/xpconnect/wrappers/AccessCheck.h ++++ js/xpconnect/wrappers/AccessCheck.h +@@ -104,10 +104,15 @@ struct CrossOriginAccessiblePropertiesOnly : public Policy { + } + }; + +-// This policy only permits access to properties if they appear in the +-// objects exposed properties list. ++// This class used to support permitting access to properties if they ++// appeared in an access list on the object, but now it acts like an ++// Opaque wrapper, with the exception that it fails silently for GET, ++// ENUMERATE, and GET_PROPERTY_DESCRIPTOR. This is done for backwards ++// compatibility. See bug 1397513. + struct ExposedPropertiesOnly : public Policy { +- static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act); ++ static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act) { ++ return false; ++ } + + static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id, + bool mayThrow); +diff --git js/xpconnect/wrappers/ChromeObjectWrapper.h js/xpconnect/wrappers/ChromeObjectWrapper.h +index 8b273e470814..c17feed10b9a 100644 +--- js/xpconnect/wrappers/ChromeObjectWrapper.h ++++ js/xpconnect/wrappers/ChromeObjectWrapper.h +@@ -16,9 +16,9 @@ namespace xpc { + struct ExposedPropertiesOnly; + + // When a vanilla chrome JS object is exposed to content, we use a wrapper that +-// supports __exposedProps__ for legacy reasons. For extra security, we override +-// the traps that allow content to pass an object to chrome, and perform extra +-// security checks on them. ++// fails silently on GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR for legacy ++// reasons. For extra security, we override the traps that allow content to pass ++// an object to chrome, and perform extra security checks on them. + #define ChromeObjectWrapperBase \ + FilteringWrapper + +diff --git js/xpconnect/wrappers/WrapperFactory.cpp js/xpconnect/wrappers/WrapperFactory.cpp +index 6296f69fbea4..760d2c9afda8 100644 +--- js/xpconnect/wrappers/WrapperFactory.cpp ++++ js/xpconnect/wrappers/WrapperFactory.cpp +@@ -514,8 +514,8 @@ WrapperFactory::Rewrap(JSContext* cx, HandleObject existing, HandleObject obj) + wrapper = &FilteringWrapper::singleton; + } + +- // For Vanilla JSObjects exposed from chrome to content, we use a wrapper +- // that supports __exposedProps__. We'd like to get rid of these eventually, ++ // For vanilla JSObjects exposed from chrome to content, we use a wrapper ++ // that fails silently in a few cases. We'd like to get rid of this eventually, + // but in their current form they don't cause much trouble. + else if (IdentifyStandardInstance(obj) == JSProto_Object) { + wrapper = &ChromeObjectWrapper::singleton; +diff --git js/xpconnect/wrappers/XrayWrapper.cpp js/xpconnect/wrappers/XrayWrapper.cpp +index 44dd7cb47146..28e29ea13d93 100644 +--- js/xpconnect/wrappers/XrayWrapper.cpp ++++ js/xpconnect/wrappers/XrayWrapper.cpp +@@ -291,7 +291,7 @@ ReportWrapperDenial(JSContext* cx, HandleId id, WrapperDenialType type, const ch + MOZ_ASSERT(type == WrapperDenialForCOW); + errorMessage.emplace("Security wrapper denied access to property %s on privileged " + "Javascript object. Support for exposing privileged objects " +- "to untrusted content via __exposedProps__ is being gradually " ++ "to untrusted content via __exposedProps__ has been " + "removed - use WebIDL bindings or Components.utils.cloneInto " + "instead. Note that only the first denied property access from a " + "given global object will be reported.", +diff --git testing/mochitest/tests/SimpleTest/ChromePowers.js testing/mochitest/tests/SimpleTest/ChromePowers.js +index 97de578157c0..7fbf66e2fd00 100644 +--- testing/mochitest/tests/SimpleTest/ChromePowers.js ++++ testing/mochitest/tests/SimpleTest/ChromePowers.js +@@ -104,15 +104,6 @@ ChromePowers.prototype.executeAfterFlushingMessageQueue = function(aCallback) { + aCallback(); + }; + +-// Expose everything but internal APIs (starting with underscores) to +-// web content. We cannot use Object.keys to view SpecialPowers.prototype since +-// we are using the functions from SpecialPowersAPI.prototype +-ChromePowers.prototype.__exposedProps__ = {}; +-for (var i in ChromePowers.prototype) { +- if (i.charAt(0) != "_") +- ChromePowers.prototype.__exposedProps__[i] = "r"; +-} +- + if ((window.parent !== null) && + (window.parent !== undefined) && + (window.parent.wrappedJSObject.SpecialPowers) && +diff --git testing/specialpowers/content/MockPermissionPrompt.jsm testing/specialpowers/content/MockPermissionPrompt.jsm +index 71d0f5d2768a..1d86cc00e360 100644 +--- testing/specialpowers/content/MockPermissionPrompt.jsm ++++ testing/specialpowers/content/MockPermissionPrompt.jsm +@@ -83,15 +83,3 @@ MockPermissionPromptInstance.prototype = { + request.allow(); + } + }; +- +-// Expose everything to content. We call reset() here so that all of the relevant +-// lazy expandos get added. +-MockPermissionPrompt.reset(); +-function exposeAll(obj) { +- var props = {}; +- for (var prop in obj) +- props[prop] = "rw"; +- obj.__exposedProps__ = props; +-} +-exposeAll(MockPermissionPrompt); +-exposeAll(MockPermissionPromptInstance.prototype); +diff --git toolkit/components/addoncompat/RemoteAddonsParent.jsm toolkit/components/addoncompat/RemoteAddonsParent.jsm +index 1adbc0397729..d640c47d31f8 100644 +--- toolkit/components/addoncompat/RemoteAddonsParent.jsm ++++ toolkit/components/addoncompat/RemoteAddonsParent.jsm +@@ -735,7 +735,7 @@ var SandboxParent = { + if (rest.length) { + // Do a shallow copy of the options object into the child + // process. This way we don't have to access it through a Chrome +- // object wrapper, which would require __exposedProps__. ++ // object wrapper, which would not let us access any properties. + // + // The only object property here is sandboxPrototype. We assume + // it's a child process object (since that's what Greasemonkey +commit f89c72edb79e +Author: Andrew McCreight +Date: Thu Sep 7 11:17:16 2017 -0700 + + Bug 1377587, part 2 - Rename ExposedPropertiesOnly to OpaqueWithSilentFailing. r=krizsa + + This class doesn't have anything to do with __exposedProps__ any more, + so give it a more descriptive name. We'd still like to remove it + entirely eventually. + + MozReview-Commit-ID: 87KCpG6f8rI + + --HG-- + extra : rebase_source : 98a51a6af0fc8446dbcd8efa083d6c79286279d3 +--- + js/xpconnect/wrappers/AccessCheck.cpp | 4 ++-- + js/xpconnect/wrappers/AccessCheck.h | 2 +- + js/xpconnect/wrappers/ChromeObjectWrapper.h | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git js/xpconnect/wrappers/AccessCheck.cpp js/xpconnect/wrappers/AccessCheck.cpp +index b730310731e2..620f1f678f51 100644 +--- js/xpconnect/wrappers/AccessCheck.cpp ++++ js/xpconnect/wrappers/AccessCheck.cpp +@@ -310,8 +310,8 @@ AccessCheck::reportCrossOriginDenial(JSContext* cx, JS::HandleId id, + } + + bool +-ExposedPropertiesOnly::deny(JSContext* cx, js::Wrapper::Action act, HandleId id, +- bool mayThrow) ++OpaqueWithSilentFailing::deny(JSContext* cx, js::Wrapper::Action act, HandleId id, ++ bool mayThrow) + { + // Fail silently for GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR. + if (act == js::Wrapper::GET || act == js::Wrapper::ENUMERATE || +diff --git js/xpconnect/wrappers/AccessCheck.h js/xpconnect/wrappers/AccessCheck.h +index c4873760ab7a..6783258f8d94 100644 +--- js/xpconnect/wrappers/AccessCheck.h ++++ js/xpconnect/wrappers/AccessCheck.h +@@ -109,7 +109,7 @@ struct CrossOriginAccessiblePropertiesOnly : public Policy { + // Opaque wrapper, with the exception that it fails silently for GET, + // ENUMERATE, and GET_PROPERTY_DESCRIPTOR. This is done for backwards + // compatibility. See bug 1397513. +-struct ExposedPropertiesOnly : public Policy { ++struct OpaqueWithSilentFailing : public Policy { + static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act) { + return false; + } +diff --git js/xpconnect/wrappers/ChromeObjectWrapper.h js/xpconnect/wrappers/ChromeObjectWrapper.h +index c17feed10b9a..da4870237501 100644 +--- js/xpconnect/wrappers/ChromeObjectWrapper.h ++++ js/xpconnect/wrappers/ChromeObjectWrapper.h +@@ -13,14 +13,14 @@ + + namespace xpc { + +-struct ExposedPropertiesOnly; ++struct OpaqueWithSilentFailing; + + // When a vanilla chrome JS object is exposed to content, we use a wrapper that + // fails silently on GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR for legacy + // reasons. For extra security, we override the traps that allow content to pass + // an object to chrome, and perform extra security checks on them. + #define ChromeObjectWrapperBase \ +- FilteringWrapper ++ FilteringWrapper + + class ChromeObjectWrapper : public ChromeObjectWrapperBase + { + Property changes on: head/www/firefox/files/patch-bug1377587 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1381761 =================================================================== --- head/www/firefox/files/patch-bug1381761 (nonexistent) +++ head/www/firefox/files/patch-bug1381761 (revision 454192) @@ -0,0 +1,362 @@ +commit 256e249566d8 +Author: Christoph Kerschbaumer +Date: Fri Aug 4 14:11:17 2017 +0200 + + Bug 1381761 - Treating 'data:' documents as unique, opaque origins should still inherit the CSP. r=smaug,dveditz +--- + caps/moz.build | 1 + + caps/nsScriptSecurityManager.cpp | 96 +++++++++++++++++++++++++--------------- + 2 files changed, 62 insertions(+), 35 deletions(-) + +diff --git caps/moz.build caps/moz.build +index 46331e93f097..af369e3268e0 100644 +--- caps/moz.build ++++ caps/moz.build +@@ -56,6 +56,7 @@ LOCAL_INCLUDES += [ + '/docshell/base', + '/dom/base', + '/js/xpconnect/src', ++ '/netwerk/base', + ] + + if CONFIG['ENABLE_TESTS']: +diff --git caps/nsScriptSecurityManager.cpp caps/nsScriptSecurityManager.cpp +index a930b324a6a2..90695ebd126f 100644 +--- caps/nsScriptSecurityManager.cpp ++++ caps/nsScriptSecurityManager.cpp +@@ -45,6 +45,7 @@ + #include "nsIWindowWatcher.h" + #include "nsIConsoleService.h" + #include "nsIObserverService.h" ++#include "nsIOService.h" + #include "nsIContent.h" + #include "nsDOMJSUtils.h" + #include "nsAboutProtocolUtils.h" +@@ -265,6 +266,61 @@ nsScriptSecurityManager::GetChannelResultPrincipalIfNotSandboxed(nsIChannel* aCh + /*aIgnoreSandboxing*/ true); + } + ++static void ++InheritAndSetCSPOnPrincipalIfNeeded(nsIChannel* aChannel, nsIPrincipal* aPrincipal) ++{ ++ // loading a data: URI into an iframe, or loading frame[srcdoc] need ++ // to inherit the CSP (see Bug 1073952, 1381761). ++ MOZ_ASSERT(aChannel && aPrincipal, "need a valid channel and principal"); ++ if (!aChannel) { ++ return; ++ } ++ ++ nsCOMPtr loadInfo = aChannel->GetLoadInfo(); ++ if (!loadInfo || ++ loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_SUBDOCUMENT) { ++ return; ++ } ++ ++ nsCOMPtr uri; ++ nsresult rv = aChannel->GetURI(getter_AddRefs(uri)); ++ NS_ENSURE_SUCCESS_VOID(rv); ++ nsAutoCString URISpec; ++ rv = uri->GetSpec(URISpec); ++ NS_ENSURE_SUCCESS_VOID(rv); ++ ++ bool isSrcDoc = URISpec.EqualsLiteral("about:srcdoc"); ++ bool isData = (NS_SUCCEEDED(uri->SchemeIs("data", &isData)) && isData); ++ ++ if (!isSrcDoc && !isData) { ++ return; ++ } ++ ++ nsCOMPtr principalToInherit = loadInfo->PrincipalToInherit(); ++ if (!principalToInherit) { ++ principalToInherit = loadInfo->TriggeringPrincipal(); ++ } ++ nsCOMPtr originalCSP; ++ principalToInherit->GetCsp(getter_AddRefs(originalCSP)); ++ if (!originalCSP) { ++ return; ++ } ++ ++ // if the principalToInherit had a CSP, add it to the before ++ // created NullPrincipal (unless it already has one) ++ MOZ_ASSERT(aPrincipal->GetIsNullPrincipal(), ++ "inheriting the CSP only valid for NullPrincipal"); ++ nsCOMPtr nullPrincipalCSP; ++ aPrincipal->GetCsp(getter_AddRefs(nullPrincipalCSP)); ++ if (nullPrincipalCSP) { ++ MOZ_ASSERT(nullPrincipalCSP == originalCSP, ++ "There should be no other CSP here."); ++ // CSPs are equal, no need to set it again. ++ return; ++ } ++ aPrincipal->SetCsp(originalCSP); ++} ++ + nsresult + nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel, + nsIPrincipal** aPrincipal, +@@ -295,40 +351,7 @@ nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel, + if (!aIgnoreSandboxing && loadInfo->GetLoadingSandboxed()) { + MOZ_ALWAYS_TRUE(NS_SUCCEEDED(loadInfo->GetSandboxedLoadingPrincipal(aPrincipal))); + MOZ_ASSERT(*aPrincipal); +- // if the new NullPrincipal (above) loads an iframe[srcdoc], we +- // need to inherit an existing CSP to avoid bypasses (bug 1073952). +- // We continue inheriting for nested frames with e.g., data: URLs. +- if (loadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_SUBDOCUMENT) { +- nsCOMPtr uri; +- aChannel->GetURI(getter_AddRefs(uri)); +- nsAutoCString URISpec; +- uri->GetSpec(URISpec); +- bool isData = (NS_SUCCEEDED(uri->SchemeIs("data", &isData)) && isData); +- if (URISpec.EqualsLiteral("about:srcdoc") || isData) { +- nsCOMPtr principalToInherit = loadInfo->PrincipalToInherit(); +- if (!principalToInherit) { +- principalToInherit = loadInfo->TriggeringPrincipal(); +- } +- nsCOMPtr originalCSP; +- principalToInherit->GetCsp(getter_AddRefs(originalCSP)); +- if (originalCSP) { +- // if the principalToInherit had a CSP, +- // add it to the newly created NullPrincipal +- // (unless it already has one) +- nsCOMPtr nullPrincipalCSP; +- (*aPrincipal)->GetCsp(getter_AddRefs(nullPrincipalCSP)); +- if (nullPrincipalCSP) { +- MOZ_ASSERT(nullPrincipalCSP == originalCSP, +- "There should be no other CSP here."); +- // CSPs are equal, no need to set it again. +- return NS_OK; +- } else { +- nsresult rv = (*aPrincipal)->SetCsp(originalCSP); +- NS_ENSURE_SUCCESS(rv, rv); +- } +- } +- } +- } ++ InheritAndSetCSPOnPrincipalIfNeeded(aChannel, *aPrincipal); + return NS_OK; + } + +@@ -376,7 +399,10 @@ nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel, + } + } + } +- return GetChannelURIPrincipal(aChannel, aPrincipal); ++ nsresult rv = GetChannelURIPrincipal(aChannel, aPrincipal); ++ NS_ENSURE_SUCCESS(rv, rv); ++ InheritAndSetCSPOnPrincipalIfNeeded(aChannel, *aPrincipal); ++ return NS_OK; + } + + /* The principal of the URI that this channel is loading. This is never + +commit 9427f1bbd826 +Author: Christoph Kerschbaumer +Date: Fri Aug 4 14:10:21 2017 +0200 + + Bug 1381761 - Convert test browser_911547.js to comply with new data: URI inheritance model. r=dveditz +--- + .../components/sessionstore/test/browser_911547.js | 47 ++++++++++++++++------ + .../sessionstore/test/browser_911547_sample.html | 6 +-- + 2 files changed, 37 insertions(+), 16 deletions(-) + +diff --git browser/components/sessionstore/test/browser_911547.js browser/components/sessionstore/test/browser_911547.js +index f0da70ed8f8c..cb95ddad7f2a 100644 +--- browser/components/sessionstore/test/browser_911547.js ++++ browser/components/sessionstore/test/browser_911547.js +@@ -1,11 +1,17 @@ + /* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +-// This tests that session restore component does restore the right content +-// security policy with the document. +-// The policy being tested disallows inline scripts ++// This test is two fold: ++// a) if security.data_uri.unique_opaque_origin == false, then ++// this tests that session restore component does restore the right ++// content security policy with the document. (The policy being ++// tested disallows inline scripts). ++// b) if security.data_uri.unique_opaque_origin == true, then ++// this tests that data: URIs do not inherit the CSP from ++// it's enclosing context. + + add_task(async function test() { ++ let dataURIPref = Services.prefs.getBoolPref("security.data_uri.unique_opaque_origin"); + // create a tab that has a CSP + let testURL = "http://mochi.test:8888/browser/browser/components/sessionstore/test/browser_911547_sample.html"; + let tab = gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, testURL); +@@ -16,23 +22,33 @@ add_task(async function test() { + + // this is a baseline to ensure CSP is active + // attempt to inject and run a script via inline (pre-restore, allowed) +- await injectInlineScript(browser, `document.getElementById("test_id").value = "fail";`); ++ await injectInlineScript(browser, `document.getElementById("test_id1").value = "id1_modified";`); + + let loadedPromise = promiseBrowserLoaded(browser); + await ContentTask.spawn(browser, null, function() { +- is(content.document.getElementById("test_id").value, "ok", ++ is(content.document.getElementById("test_id1").value, "id1_initial", + "CSP should block the inline script that modifies test_id"); + +- // attempt to click a link to a data: URI (will inherit the CSP of the +- // origin document) and navigate to the data URI in the link. ++ ++ // (a) if security.data_uri.unique_opaque_origin == false: ++ // attempt to click a link to a data: URI (will inherit the CSP of ++ // the origin document) and navigate to the data URI in the link. ++ // (b) if security.data_uri.unique_opaque_origin == true: ++ // attempt to click a link to a data: URI (will *not* inherit the CSP of ++ // the origin document) and navigate to the data URI in the link. + content.document.getElementById("test_data_link").click(); + }); + + await loadedPromise; + +- await ContentTask.spawn(browser, null, function() { +- is(content.document.getElementById("test_id2").value, "ok", +- "CSP should block the script loaded by the clicked data URI"); ++ await ContentTask.spawn(browser, {dataURIPref}, function( {dataURIPref}) { // eslint-disable-line ++ if (dataURIPref) { ++ is(content.document.getElementById("test_id2").value, "id2_modified", ++ "data: URI should *not* inherit the CSP of the enclosing context"); ++ } else { ++ is(content.document.getElementById("test_id2").value, "id2_initial", ++ "CSP should block the script loaded by the clicked data URI"); ++ } + }); + + // close the tab +@@ -43,9 +59,14 @@ add_task(async function test() { + await promiseTabRestored(tab); + browser = tab.linkedBrowser; + +- await ContentTask.spawn(browser, null, function() { +- is(content.document.getElementById("test_id2").value, "ok", +- "CSP should block the script loaded by the clicked data URI after restore"); ++ await ContentTask.spawn(browser, {dataURIPref}, function({dataURIPref}) { // eslint-disable-line ++ if (dataURIPref) { ++ is(content.document.getElementById("test_id2").value, "id2_modified", ++ "data: URI should *not* inherit the CSP of the enclosing context"); ++ } else { ++ is(content.document.getElementById("test_id2").value, "id2_initial", ++ "CSP should block the script loaded by the clicked data URI after restore"); ++ } + }); + + // clean up +diff --git browser/components/sessionstore/test/browser_911547_sample.html browser/components/sessionstore/test/browser_911547_sample.html +index ccc2011593d4..73cb99ee41f1 100644 +--- browser/components/sessionstore/test/browser_911547_sample.html ++++ browser/components/sessionstore/test/browser_911547_sample.html +@@ -8,12 +8,12 @@ + + +- ++ + +- Test Link ++ Test Link + + + + +commit 8b999864f0bb +Author: Christoph Kerschbaumer +Date: Fri Aug 4 14:10:38 2017 +0200 + + Bug 1381761 - Test data: URIs inherit the CSP even if treated as unique, opaque origins. r=dveditz +--- + .../test/csp/file_data_csp_inheritance.html | 21 +++++++++++++ + dom/security/test/csp/mochitest.ini | 2 ++ + .../test/csp/test_data_csp_inheritance.html | 34 ++++++++++++++++++++++ + 3 files changed, 57 insertions(+) + +diff --git dom/security/test/csp/file_data_csp_inheritance.html dom/security/test/csp/file_data_csp_inheritance.html +new file mode 100644 +index 000000000000..299c30255aa6 +--- /dev/null ++++ dom/security/test/csp/file_data_csp_inheritance.html +@@ -0,0 +1,21 @@ ++ ++ ++ ++ Bug 1381761 - Treating 'data:' documents as unique, opaque origins should still inherit the CSP ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git dom/security/test/csp/mochitest.ini dom/security/test/csp/mochitest.ini +index ba391ad59799..09f80b2969d7 100644 +--- dom/security/test/csp/mochitest.ini ++++ dom/security/test/csp/mochitest.ini +@@ -217,6 +217,7 @@ support-files = + file_ignore_xfo.html^headers^ + file_ro_ignore_xfo.html + file_ro_ignore_xfo.html^headers^ ++ file_data_csp_inheritance.html + file_report_font_cache-1.html + file_report_font_cache-2.html + file_report_font_cache-2.html^headers^ +@@ -308,4 +309,5 @@ tags = mcb + [test_websocket_self.html] + skip-if = toolkit == 'android' + [test_ignore_xfo.html] ++[test_data_csp_inheritance.html] + [test_data_csp_merge.html] +diff --git dom/security/test/csp/test_data_csp_inheritance.html dom/security/test/csp/test_data_csp_inheritance.html +new file mode 100644 +index 000000000000..3afc4f7c02bc +--- /dev/null ++++ dom/security/test/csp/test_data_csp_inheritance.html +@@ -0,0 +1,34 @@ ++ ++ ++ ++ Bug 1381761 - Treating 'data:' documents as unique, opaque origins should still inherit the CSP ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Property changes on: head/www/firefox/files/patch-bug1381761 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1383019 =================================================================== --- head/www/firefox/files/patch-bug1383019 (nonexistent) +++ head/www/firefox/files/patch-bug1383019 (revision 454192) @@ -0,0 +1,200 @@ +commit 6b3da0609f95 +Author: Byron Campen [:bwc] +Date: Thu Sep 14 12:19:24 2017 -0500 + + Bug 1383019: Move more logic under the protection of nsTimerImpl::mMutex, and simplify. r=froydnj, a=abillings + + MozReview-Commit-ID: JjYScKwyika + + --HG-- + extra : rebase_source : a5a8a17f86459ace51d9250454bd4cf1433130b0 +--- + xpcom/threads/TimerThread.cpp | 12 ++++++---- + xpcom/threads/TimerThread.h | 32 ------------------------- + xpcom/threads/nsTimerImpl.cpp | 56 +++++++++++++++++++++---------------------- + xpcom/threads/nsTimerImpl.h | 5 ++-- + 4 files changed, 36 insertions(+), 69 deletions(-) + +diff --git xpcom/threads/TimerThread.cpp xpcom/threads/TimerThread.cpp +index b91b27b2073a..99a40d91b3c0 100644 +--- xpcom/threads/TimerThread.cpp ++++ xpcom/threads/TimerThread.cpp +@@ -331,7 +331,7 @@ TimerThread::Shutdown() + return NS_ERROR_NOT_INITIALIZED; + } + +- nsTArray> timers; ++ nsTArray> timers; + { + // lock scope + MonitorAutoLock lock(mMonitor); +@@ -350,12 +350,14 @@ TimerThread::Shutdown() + // might potentially call some code reentering the same lock + // that leads to unexpected behavior or deadlock. + // See bug 422472. +- mTimers.SwapElements(timers); ++ for (const UniquePtr& entry : mTimers) { ++ timers.AppendElement(entry->Take()); ++ } ++ ++ mTimers.Clear(); + } + +- uint32_t timersCount = timers.Length(); +- for (uint32_t i = 0; i < timersCount; i++) { +- RefPtr timer = timers[i]->Take(); ++ for (const RefPtr& timer : timers) { + if (timer) { + timer->Cancel(); + } +diff --git xpcom/threads/TimerThread.h xpcom/threads/TimerThread.h +index f65c501c50e8..6610f5bf387b 100644 +--- xpcom/threads/TimerThread.h ++++ xpcom/threads/TimerThread.h +@@ -129,36 +129,4 @@ private: + uint32_t mAllowedEarlyFiringMicroseconds; + }; + +-struct TimerAdditionComparator +-{ +- TimerAdditionComparator(const mozilla::TimeStamp& aNow, +- nsTimerImpl* aTimerToInsert) : +- now(aNow) +-#ifdef DEBUG +- , timerToInsert(aTimerToInsert) +-#endif +- { +- } +- +- bool LessThan(nsTimerImpl* aFromArray, nsTimerImpl* aNewTimer) const +- { +- MOZ_ASSERT(aNewTimer == timerToInsert, "Unexpected timer ordering"); +- +- // Skip any overdue timers. +- return aFromArray->mTimeout <= now || +- aFromArray->mTimeout <= aNewTimer->mTimeout; +- } +- +- bool Equals(nsTimerImpl* aFromArray, nsTimerImpl* aNewTimer) const +- { +- return false; +- } +- +-private: +- const mozilla::TimeStamp& now; +-#ifdef DEBUG +- const nsTimerImpl* const timerToInsert; +-#endif +-}; +- + #endif /* TimerThread_h___ */ +diff --git xpcom/threads/nsTimerImpl.cpp xpcom/threads/nsTimerImpl.cpp +index f6803791fe45..735271af089a 100644 +--- xpcom/threads/nsTimerImpl.cpp ++++ xpcom/threads/nsTimerImpl.cpp +@@ -133,16 +133,8 @@ nsTimer::Release(void) + NS_LOG_RELEASE(this, count, "nsTimer"); + + if (count == 1) { +- if (!mImpl->CancelCheckIfFiring()) { +- // Last ref, in nsTimerImpl::mITimer. Make sure the cycle is broken. +- // (when Cancel fails, nsTimerImpl::Fire is in progress, which has grabbed +- // another ref to the nsITimer since we checked the value of mRefCnt +- // above) +- // If there is a nsTimerEvent in a queue for this timer, the nsTimer will +- // live until that event pops, otherwise the nsTimerImpl will go away and +- // the nsTimer along with it. +- mImpl = nullptr; +- } ++ // Last ref, in nsTimerImpl::mITimer. Make sure the cycle is broken. ++ mImpl->CancelImpl(true); + } else if (count == 0) { + delete this; + } +@@ -322,31 +314,37 @@ nsTimerImpl::Init(nsIObserver* aObserver, uint32_t aDelay, uint32_t aType) + return InitCommon(aDelay, aType, mozilla::Move(cb)); + } + +-bool +-nsTimerImpl::CancelCheckIfFiring() ++nsresult ++nsTimerImpl::Cancel() + { +- Callback cb; ++ CancelImpl(false); ++ return NS_OK; ++} + +- MutexAutoLock lock(mMutex); ++void ++nsTimerImpl::CancelImpl(bool aClearITimer) ++{ ++ Callback cbTrash; ++ RefPtr timerTrash; + +- if (gThread) { +- gThread->RemoveTimer(this); +- } ++ { ++ MutexAutoLock lock(mMutex); ++ if (gThread) { ++ gThread->RemoveTimer(this); ++ } + +- cb.swap(mCallback); +- ++mGeneration; ++ cbTrash.swap(mCallback); ++ ++mGeneration; + +- if (mCallbackDuringFire.mType != Callback::Type::Unknown) { +- return true; ++ // Don't clear this if we're firing; once Fire returns, we'll get this call ++ // again. ++ if (aClearITimer && ++ (mCallbackDuringFire.mType == Callback::Type::Unknown)) { ++ MOZ_RELEASE_ASSERT(mITimer, "mITimer was nulled already! " ++ "This indicates that someone has messed up the refcount on nsTimer!"); ++ timerTrash.swap(mITimer); ++ } + } +- return false; +-} +- +-nsresult +-nsTimerImpl::Cancel() +-{ +- (void)CancelCheckIfFiring(); +- return NS_OK; + } + + nsresult +diff --git xpcom/threads/nsTimerImpl.h xpcom/threads/nsTimerImpl.h +index 4b26cd21d80a..1cb530c0be3d 100644 +--- xpcom/threads/nsTimerImpl.h ++++ xpcom/threads/nsTimerImpl.h +@@ -56,7 +56,7 @@ public: + static void Shutdown(); + + void SetDelayInternal(uint32_t aDelay, TimeStamp aBase = TimeStamp::Now()); +- bool CancelCheckIfFiring(); ++ void CancelImpl(bool aClearITimer); + + void Fire(int32_t aGeneration); + +@@ -211,7 +211,7 @@ public: + static double sDeltaSum; + static double sDeltaSumSquared; + static double sDeltaNum; +- const RefPtr mITimer; ++ RefPtr mITimer; + mozilla::Mutex mMutex; + Callback mCallback; + Callback mCallbackDuringFire; +@@ -225,7 +225,6 @@ public: + + friend class TimerThread; + friend class nsTimerEvent; +- friend struct TimerAdditionComparator; + + NS_DECL_THREADSAFE_ISUPPORTS + NS_FORWARD_SAFE_NSITIMER(mImpl); Property changes on: head/www/firefox/files/patch-bug1383019 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1384121 =================================================================== --- head/www/firefox/files/patch-bug1384121 (nonexistent) +++ head/www/firefox/files/patch-bug1384121 (revision 454192) @@ -0,0 +1,218 @@ +commit 485ed2f2b015 +Author: Jan de Mooij +Date: Mon Sep 18 15:08:44 2017 +0200 + + Bug 1384121 part 1 - Don't sweep ObjectGroups under IC helper functions. r=bhackett +--- + js/src/jit/IonCacheIRCompiler.cpp | 4 ++-- + js/src/vm/ObjectGroup.h | 2 ++ + js/src/vm/TypeInference-inl.h | 29 ++++++++++++++++++++++------- + js/src/vm/UnboxedObject.cpp | 2 +- + 4 files changed, 27 insertions(+), 10 deletions(-) + +diff --git js/src/jit/IonCacheIRCompiler.cpp js/src/jit/IonCacheIRCompiler.cpp +index b11aed7966b6..bbfbdae57b12 100644 +--- js/src/jit/IonCacheIRCompiler.cpp ++++ js/src/jit/IonCacheIRCompiler.cpp +@@ -1324,9 +1324,9 @@ IonCacheIRCompiler::emitCallStringSplitResult() + static bool + GroupHasPropertyTypes(ObjectGroup* group, jsid* id, Value* v) + { +- if (group->unknownProperties()) ++ if (group->unknownPropertiesDontCheckGeneration()) + return true; +- HeapTypeSet* propTypes = group->maybeGetProperty(*id); ++ HeapTypeSet* propTypes = group->maybeGetPropertyDontCheckGeneration(*id); + if (!propTypes) + return true; + if (!propTypes->nonConstantProperty()) +diff --git js/src/vm/ObjectGroup.h js/src/vm/ObjectGroup.h +index 237b5a152576..0eba71ee084f 100644 +--- js/src/vm/ObjectGroup.h ++++ js/src/vm/ObjectGroup.h +@@ -390,6 +390,7 @@ class ObjectGroup : public gc::TenuredCell + + /* Get a property only if it already exists. */ + MOZ_ALWAYS_INLINE HeapTypeSet* maybeGetProperty(jsid id); ++ MOZ_ALWAYS_INLINE HeapTypeSet* maybeGetPropertyDontCheckGeneration(jsid id); + + /* + * Iterate through the group's properties. getPropertyCount overapproximates +@@ -471,6 +472,7 @@ class ObjectGroup : public gc::TenuredCell + } + + inline uint32_t basePropertyCount(); ++ inline uint32_t basePropertyCountDontCheckGeneration(); + + private: + inline void setBasePropertyCount(uint32_t count); +diff --git js/src/vm/TypeInference-inl.h js/src/vm/TypeInference-inl.h +index f7cd3459ef19..f2b0b9a52fbc 100644 +--- js/src/vm/TypeInference-inl.h ++++ js/src/vm/TypeInference-inl.h +@@ -369,10 +369,10 @@ TypeMonitorCall(JSContext* cx, const js::CallArgs& args, bool constructing) + MOZ_ALWAYS_INLINE bool + TrackPropertyTypes(JSObject* obj, jsid id) + { +- if (obj->hasLazyGroup() || obj->group()->unknownProperties()) ++ if (obj->hasLazyGroup() || obj->group()->unknownPropertiesDontCheckGeneration()) + return false; + +- if (obj->isSingleton() && !obj->group()->maybeGetProperty(id)) ++ if (obj->isSingleton() && !obj->group()->maybeGetPropertyDontCheckGeneration(id)) + return false; + + return true; +@@ -410,7 +410,7 @@ HasTrackedPropertyType(JSObject* obj, jsid id, TypeSet::Type type) + MOZ_ASSERT(id == IdToTypeId(id)); + MOZ_ASSERT(TrackPropertyTypes(obj, id)); + +- if (HeapTypeSet* types = obj->group()->maybeGetProperty(id)) { ++ if (HeapTypeSet* types = obj->group()->maybeGetPropertyDontCheckGeneration(id)) { + if (!types->hasType(type)) + return false; + // Non-constant properties are only relevant for singleton objects. +@@ -1074,10 +1074,18 @@ TypeSet::getObjectClass(unsigned i) const + // ObjectGroup + ///////////////////////////////////////////////////////////////////// + ++inline uint32_t ++ObjectGroup::basePropertyCountDontCheckGeneration() ++{ ++ uint32_t flags = flagsDontCheckGeneration(); ++ return (flags & OBJECT_FLAG_PROPERTY_COUNT_MASK) >> OBJECT_FLAG_PROPERTY_COUNT_SHIFT; ++} ++ + inline uint32_t + ObjectGroup::basePropertyCount() + { +- return (flags() & OBJECT_FLAG_PROPERTY_COUNT_MASK) >> OBJECT_FLAG_PROPERTY_COUNT_SHIFT; ++ maybeSweep(nullptr); ++ return basePropertyCountDontCheckGeneration(); + } + + inline void +@@ -1134,14 +1142,14 @@ ObjectGroup::getProperty(JSContext* cx, JSObject* obj, jsid id) + } + + MOZ_ALWAYS_INLINE HeapTypeSet* +-ObjectGroup::maybeGetProperty(jsid id) ++ObjectGroup::maybeGetPropertyDontCheckGeneration(jsid id) + { + MOZ_ASSERT(JSID_IS_VOID(id) || JSID_IS_EMPTY(id) || JSID_IS_STRING(id) || JSID_IS_SYMBOL(id)); + MOZ_ASSERT_IF(!JSID_IS_EMPTY(id), id == IdToTypeId(id)); +- MOZ_ASSERT(!unknownProperties()); ++ MOZ_ASSERT(!unknownPropertiesDontCheckGeneration()); + + Property* prop = TypeHashSet::Lookup +- (propertySet, basePropertyCount(), id); ++ (propertySet, basePropertyCountDontCheckGeneration(), id); + + if (!prop) + return nullptr; +@@ -1150,6 +1158,13 @@ ObjectGroup::maybeGetProperty(jsid id) + return &prop->types; + } + ++MOZ_ALWAYS_INLINE HeapTypeSet* ++ObjectGroup::maybeGetProperty(jsid id) ++{ ++ maybeSweep(nullptr); ++ return maybeGetPropertyDontCheckGeneration(id); ++} ++ + inline unsigned + ObjectGroup::getPropertyCount() + { +diff --git js/src/vm/UnboxedObject.cpp js/src/vm/UnboxedObject.cpp +index c155b7dc47c9..4e007489a67e 100644 +--- js/src/vm/UnboxedObject.cpp ++++ js/src/vm/UnboxedObject.cpp +@@ -363,7 +363,7 @@ UnboxedPlainObject::ensureExpando(JSContext* cx, Handle obj + bool + UnboxedPlainObject::containsUnboxedOrExpandoProperty(JSContext* cx, jsid id) const + { +- if (layout().lookup(id)) ++ if (layoutDontCheckGeneration().lookup(id)) + return true; + + if (maybeExpando() && maybeExpando()->containsShapeOrElement(cx, id)) +commit e240cf665f74 +Author: Jan de Mooij +Date: Wed Sep 20 12:13:54 2017 +0200 + + Bug 1384121 part 2 - Add asserts to catch similar bugs and fix some false positives. r=nbp +--- + js/src/jit/Bailouts.cpp | 4 ---- + js/src/jit/JSJitFrameIter.cpp | 2 ++ + js/src/jit/VMFunctions.cpp | 1 - + js/src/jit/arm/Trampoline-arm.cpp | 9 ++++++--- + js/src/jit/arm64/Trampoline-arm64.cpp | 9 ++++++--- + js/src/jit/mips32/Trampoline-mips32.cpp | 9 ++++++--- + js/src/jit/mips64/Trampoline-mips64.cpp | 9 ++++++--- + js/src/jit/x64/Trampoline-x64.cpp | 9 ++++++--- + js/src/jit/x86/Trampoline-x86.cpp | 9 ++++++--- + js/src/vm/ObjectGroup-inl.h | 1 + + js/src/vm/Stack.cpp | 2 ++ + js/src/vm/TypeInference.cpp | 3 +++ + 12 files changed, 44 insertions(+), 23 deletions(-) + +diff --git js/src/jit/JSJitFrameIter.cpp js/src/jit/JSJitFrameIter.cpp +index 3774b327d21c..ae76bc2abaf0 100644 +--- js/src/jit/JitFrameIterator.cpp ++++ js/src/jit/JitFrameIterator.cpp +@@ -25,6 +25,8 @@ JSJitFrameIter::JSJitFrameIter(const JitActivation* activation) + current_ = activation_->bailoutData()->fp(); + frameSize_ = activation_->bailoutData()->topFrameSize(); + type_ = JitFrame_Bailout; ++ } else { ++ MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); + } + } + +diff --git js/src/vm/ObjectGroup-inl.h js/src/vm/ObjectGroup-inl.h +index 7e023ecbad8e..d7caa63d8725 100644 +--- js/src/vm/ObjectGroup-inl.h ++++ js/src/vm/ObjectGroup-inl.h +@@ -16,6 +16,7 @@ ObjectGroup::needsSweep() + { + // Note: this can be called off thread during compacting GCs, in which case + // nothing will be running on the active thread. ++ MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); + return generation() != zoneFromAnyThread()->types.generation; + } + +diff --git js/src/vm/Stack.cpp js/src/vm/Stack.cpp +index d3c0038db5ca..0406195abd56 100644 +--- js/src/vm/Stack.cpp ++++ js/src/vm/Stack.cpp +@@ -605,6 +605,8 @@ FrameIter::popInterpreterFrame() + void + FrameIter::settleOnActivation() + { ++ MOZ_ASSERT(!data_.cx_->inUnsafeCallWithABI); ++ + while (true) { + if (data_.activations_.done()) { + data_.state_ = DONE; +diff --git js/src/vm/TypeInference.cpp js/src/vm/TypeInference.cpp +index f0562a4355f8..eba18e34397e 100644 +--- js/src/vm/TypeInference.cpp ++++ js/src/vm/TypeInference.cpp +@@ -4428,6 +4428,8 @@ ObjectGroup::sweep(AutoClearTypeInferenceStateOnOOM* oom) + /* static */ void + JSScript::maybeSweepTypes(AutoClearTypeInferenceStateOnOOM* oom) + { ++ MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); ++ + if (!types_ || typesGeneration() == zone()->types.generation) + return; + +@@ -4611,6 +4613,7 @@ AutoClearTypeInferenceStateOnOOM::AutoClearTypeInferenceStateOnOOM(Zone* zone) + : zone(zone), oom(false) + { + MOZ_RELEASE_ASSERT(CurrentThreadCanAccessZone(zone)); ++ MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); + zone->types.setSweepingTypes(true); + } + Property changes on: head/www/firefox/files/patch-bug1384121 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1387811 =================================================================== --- head/www/firefox/files/patch-bug1387811 (nonexistent) +++ head/www/firefox/files/patch-bug1387811 (revision 454192) @@ -0,0 +1,42 @@ +commit a1341ccf6d63 +Author: Christoph Kerschbaumer +Date: Sun Aug 6 11:37:09 2017 +0200 + + Bug 1387811 - Follow up for Test within Bug 1381761: CSP JSON is never null, hence it's better to check actual contents of JSON for testing. r=dveditz +--- + dom/security/test/csp/file_data_csp_inheritance.html | 6 ++++-- + dom/security/test/csp/test_data_csp_inheritance.html | 4 +++- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git dom/security/test/csp/file_data_csp_inheritance.html dom/security/test/csp/file_data_csp_inheritance.html +index 299c30255aa6..cbb4865343db 100644 +--- dom/security/test/csp/file_data_csp_inheritance.html ++++ dom/security/test/csp/file_data_csp_inheritance.html +@@ -13,8 +13,10 @@ + var frame = document.getElementById("dataFrame"); + var principal = SpecialPowers.wrap(frame.contentDocument).nodePrincipal; + var cspJSON = principal.cspJSON; +- var result = principal.cspJSON ? "dataInheritsCSP" : "dataDoesNotInheritCSP"; +- window.parent.postMessage({result}, "*"); ++ var cspOBJ = JSON.parse(principal.cspJSON); ++ // make sure we got >>one<< policy ++ var policies = cspOBJ["csp-policies"]; ++ window.parent.postMessage({result: policies.length}, "*"); + + + +diff --git dom/security/test/csp/test_data_csp_inheritance.html dom/security/test/csp/test_data_csp_inheritance.html +index 3afc4f7c02bc..bde2f5617e65 100644 +--- dom/security/test/csp/test_data_csp_inheritance.html ++++ dom/security/test/csp/test_data_csp_inheritance.html +@@ -22,7 +22,9 @@ SimpleTest.waitForExplicitFinish(); + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); +- is(event.data.result, "dataInheritsCSP", ++ // toplevel CSP should apply to data: URI iframe hence resulting ++ // in 1 applied policy. ++ is(event.data.result, 1, + "data: URI iframe inherits CSP from including context"); + SimpleTest.finish(); + } Property changes on: head/www/firefox/files/patch-bug1387811 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1387845 =================================================================== --- head/www/firefox/files/patch-bug1387845 (nonexistent) +++ head/www/firefox/files/patch-bug1387845 (revision 454192) @@ -0,0 +1,38 @@ +commit 8687f49efa88 +Author: sotaro +Date: Wed Aug 23 13:49:29 2017 +0900 + + Bug 1387845 - Add more NS_BUILD_REFCNT_LOGGING in AtomicRefCountedWithFinalize r=nical +--- + gfx/layers/AtomicRefCountedWithFinalize.h | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git gfx/layers/AtomicRefCountedWithFinalize.h gfx/layers/AtomicRefCountedWithFinalize.h +index 37f0a9f592a1..9941ccb13f2d 100644 +--- gfx/layers/AtomicRefCountedWithFinalize.h ++++ gfx/layers/AtomicRefCountedWithFinalize.h +@@ -101,8 +101,12 @@ public: + private: + void AddRef() { + MOZ_ASSERT(mRefCount >= 0, "AddRef() during/after Finalize()/dtor."); +- mRefCount++; +- NS_LOG_ADDREF(this, mRefCount, mName, sizeof(*this)); ++#ifdef NS_BUILD_REFCNT_LOGGING ++ int currCount = ++mRefCount; ++ NS_LOG_ADDREF(this, currCount, mName, sizeof(*this)); ++#else ++ ++mRefCount; ++#endif + } + + void Release() { +@@ -118,7 +122,9 @@ private: + ++mRefCount; + return; + } ++#ifdef NS_BUILD_REFCNT_LOGGING + NS_LOG_RELEASE(this, currCount, mName); ++#endif + + if (0 == currCount) { + mRefCount = detail::DEAD; Property changes on: head/www/firefox/files/patch-bug1387845 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1394031 =================================================================== --- head/www/firefox/files/patch-bug1394031 (nonexistent) +++ head/www/firefox/files/patch-bug1394031 (revision 454192) @@ -0,0 +1,387 @@ +commit e70d76485c22 +Author: Thomas Nguyen +Date: Tue Sep 5 17:14:54 2017 +0800 + + Bug 1394031 - Remove mCryptoHash members of nsUrlClassifierDBServiceWorker and ProtocolParser + + The usage of cryptoHash consists of a complete set of Init, Update, and Finish, there's + no reason to keep it around + + MozReview-Commit-ID: 7bT9IsWEM5m +--- + toolkit/components/url-classifier/Classifier.cpp | 5 +--- + toolkit/components/url-classifier/Classifier.h | 2 -- + toolkit/components/url-classifier/Entries.h | 12 ++++++---- + .../components/url-classifier/ProtocolParser.cpp | 15 ++++-------- + toolkit/components/url-classifier/ProtocolParser.h | 4 ---- + .../url-classifier/nsUrlClassifierDBService.cpp | 8 ------- + .../url-classifier/nsUrlClassifierDBService.h | 3 --- + .../url-classifier/tests/gtest/Common.cpp | 3 +-- + .../url-classifier/tests/gtest/TestCaching.cpp | 28 ++++++++-------------- + .../url-classifier/tests/gtest/TestClassifier.cpp | 3 +-- + .../tests/gtest/TestLookupCacheV4.cpp | 3 +-- + .../tests/unit/head_urlclassifier.js | 3 +++ + 12 files changed, 29 insertions(+), 60 deletions(-) + +diff --git toolkit/components/url-classifier/Classifier.cpp toolkit/components/url-classifier/Classifier.cpp +index 68169925d2d0..404e31e2421e 100644 +--- toolkit/components/url-classifier/Classifier.cpp ++++ toolkit/components/url-classifier/Classifier.cpp +@@ -257,9 +257,6 @@ Classifier::Open(nsIFile& aCacheDirectory) + rv = CreateStoreDirectory(); + NS_ENSURE_SUCCESS(rv, rv); + +- mCryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv); +- NS_ENSURE_SUCCESS(rv, rv); +- + // Build the list of know urlclassifier lists + // XXX: Disk IO potentially on the main thread during startup + RegenActiveTables(); +@@ -470,7 +467,7 @@ Classifier::Check(const nsACString& aSpec, + // Now check each lookup fragment against the entries in the DB. + for (uint32_t i = 0; i < fragments.Length(); i++) { + Completion lookupHash; +- lookupHash.FromPlaintext(fragments[i], mCryptoHash); ++ lookupHash.FromPlaintext(fragments[i]); + + if (LOG_ENABLED()) { + nsAutoCString checking; +diff --git toolkit/components/url-classifier/Classifier.h toolkit/components/url-classifier/Classifier.h +index 83cbcecf5ee8..e8bf890dc95a 100644 +--- toolkit/components/url-classifier/Classifier.h ++++ toolkit/components/url-classifier/Classifier.h +@@ -13,7 +13,6 @@ + #include "nsCOMPtr.h" + #include "nsString.h" + #include "nsIFile.h" +-#include "nsICryptoHash.h" + #include "nsDataHashtable.h" + + class nsIThread; +@@ -207,7 +206,6 @@ private: + nsCOMPtr mBackupDirectory; + nsCOMPtr mUpdatingDirectory; // For update only. + nsCOMPtr mToDeleteDirectory; +- nsCOMPtr mCryptoHash; + nsTArray mLookupCaches; // For query only. + nsTArray mActiveTablesCache; + uint32_t mHashKey; +diff --git toolkit/components/url-classifier/Entries.h toolkit/components/url-classifier/Entries.h +index bb32204db0f3..d664b57f1d27 100644 +--- toolkit/components/url-classifier/Entries.h ++++ toolkit/components/url-classifier/Entries.h +@@ -35,21 +35,25 @@ struct SafebrowsingHash + typedef SafebrowsingHash self_type; + uint8_t buf[S]; + +- nsresult FromPlaintext(const nsACString& aPlainText, nsICryptoHash* aHash) { ++ nsresult FromPlaintext(const nsACString& aPlainText) { + // From the protocol doc: + // Each entry in the chunk is composed + // of the SHA 256 hash of a suffix/prefix expression. ++ nsresult rv; ++ nsCOMPtr hash = ++ do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv); ++ NS_ENSURE_SUCCESS(rv, rv); + +- nsresult rv = aHash->Init(nsICryptoHash::SHA256); ++ rv = hash->Init(nsICryptoHash::SHA256); + NS_ENSURE_SUCCESS(rv, rv); + +- rv = aHash->Update ++ rv = hash->Update + (reinterpret_cast(aPlainText.BeginReading()), + aPlainText.Length()); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString hashed; +- rv = aHash->Finish(false, hashed); ++ rv = hash->Finish(false, hashed); + NS_ENSURE_SUCCESS(rv, rv); + + NS_ASSERTION(hashed.Length() >= sHashSize, +diff --git toolkit/components/url-classifier/ProtocolParser.cpp toolkit/components/url-classifier/ProtocolParser.cpp +index 5f61c7bbcf6b..d4fce581e394 100644 +--- toolkit/components/url-classifier/ProtocolParser.cpp ++++ toolkit/components/url-classifier/ProtocolParser.cpp +@@ -80,13 +80,6 @@ ProtocolParser::~ProtocolParser() + CleanupUpdates(); + } + +-nsresult +-ProtocolParser::Init(nsICryptoHash* aHasher) +-{ +- mCryptoHash = aHasher; +- return NS_OK; +-} +- + void + ProtocolParser::CleanupUpdates() + { +@@ -404,7 +397,7 @@ ProtocolParserV2::ProcessPlaintextChunk(const nsACString& aChunk) + if (mChunkState.type == CHUNK_ADD) { + if (mChunkState.hashSize == COMPLETE_SIZE) { + Completion hash; +- hash.FromPlaintext(line, mCryptoHash); ++ hash.FromPlaintext(line); + nsresult rv = mTableUpdate->NewAddComplete(mChunkState.num, hash); + if (NS_FAILED(rv)) { + return rv; +@@ -412,7 +405,7 @@ ProtocolParserV2::ProcessPlaintextChunk(const nsACString& aChunk) + } else { + NS_ASSERTION(mChunkState.hashSize == 4, "Only 32- or 4-byte hashes can be used for add chunks."); + Prefix hash; +- hash.FromPlaintext(line, mCryptoHash); ++ hash.FromPlaintext(line); + nsresult rv = mTableUpdate->NewAddPrefix(mChunkState.num, hash); + if (NS_FAILED(rv)) { + return rv; +@@ -433,7 +426,7 @@ ProtocolParserV2::ProcessPlaintextChunk(const nsACString& aChunk) + + if (mChunkState.hashSize == COMPLETE_SIZE) { + Completion hash; +- hash.FromPlaintext(Substring(iter, end), mCryptoHash); ++ hash.FromPlaintext(Substring(iter, end)); + nsresult rv = mTableUpdate->NewSubComplete(addChunk, hash, mChunkState.num); + if (NS_FAILED(rv)) { + return rv; +@@ -441,7 +434,7 @@ ProtocolParserV2::ProcessPlaintextChunk(const nsACString& aChunk) + } else { + NS_ASSERTION(mChunkState.hashSize == 4, "Only 32- or 4-byte hashes can be used for add chunks."); + Prefix hash; +- hash.FromPlaintext(Substring(iter, end), mCryptoHash); ++ hash.FromPlaintext(Substring(iter, end)); + nsresult rv = mTableUpdate->NewSubPrefix(addChunk, hash, mChunkState.num); + if (NS_FAILED(rv)) { + return rv; +diff --git toolkit/components/url-classifier/ProtocolParser.h toolkit/components/url-classifier/ProtocolParser.h +index 329911621f18..066e8892df7b 100644 +--- toolkit/components/url-classifier/ProtocolParser.h ++++ toolkit/components/url-classifier/ProtocolParser.h +@@ -7,7 +7,6 @@ + #define ProtocolParser_h__ + + #include "HashStore.h" +-#include "nsICryptoHMAC.h" + #include "safebrowsing.pb.h" + + namespace mozilla { +@@ -28,8 +27,6 @@ public: + + nsresult Status() const { return mUpdateStatus; } + +- nsresult Init(nsICryptoHash* aHasher); +- + #ifdef MOZ_SAFEBROWSING_DUMP_FAILED_UPDATES + virtual nsCString GetRawTableUpdates() const { return mPending; } + #endif +@@ -73,7 +70,6 @@ protected: + nsTArray mTableUpdates; + + nsTArray mForwards; +- nsCOMPtr mCryptoHash; + + // The table names that were requested from the client. + nsTArray mRequestedTables; +diff --git toolkit/components/url-classifier/nsUrlClassifierDBService.cpp toolkit/components/url-classifier/nsUrlClassifierDBService.cpp +index 6d82c25de7cf..40de1b4130b0 100644 +--- toolkit/components/url-classifier/nsUrlClassifierDBService.cpp ++++ toolkit/components/url-classifier/nsUrlClassifierDBService.cpp +@@ -8,8 +8,6 @@ + #include "nsAppDirectoryServiceDefs.h" + #include "nsArrayUtils.h" + #include "nsCRT.h" +-#include "nsICryptoHash.h" +-#include "nsICryptoHMAC.h" + #include "nsIDirectoryService.h" + #include "nsIKeyModule.h" + #include "nsIObserverService.h" +@@ -467,8 +465,6 @@ nsUrlClassifierDBServiceWorker::BeginStream(const nsACString &table) + return NS_ERROR_OUT_OF_MEMORY; + } + +- mProtocolParser->Init(mCryptoHash); +- + if (!table.IsEmpty()) { + mProtocolParser->SetCurrentTable(table); + } +@@ -809,7 +805,6 @@ nsUrlClassifierDBServiceWorker::CloseDb() + mClassifier = nullptr; + } + +- mCryptoHash = nullptr; + LOG(("urlclassifier db closed\n")); + + return NS_OK; +@@ -944,9 +939,6 @@ nsUrlClassifierDBServiceWorker::OpenDb() + } + + nsresult rv; +- mCryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv); +- NS_ENSURE_SUCCESS(rv, rv); +- + nsAutoPtr classifier(new (fallible) Classifier()); + if (!classifier) { + return NS_ERROR_OUT_OF_MEMORY; +diff --git toolkit/components/url-classifier/nsUrlClassifierDBService.h toolkit/components/url-classifier/nsUrlClassifierDBService.h +index 8d284f5b0842..a4c5952e91bb 100644 +--- toolkit/components/url-classifier/nsUrlClassifierDBService.h ++++ toolkit/components/url-classifier/nsUrlClassifierDBService.h +@@ -270,9 +270,6 @@ private: + + bool IsSameAsLastResults(CacheResultArray& aResult); + +- // Can only be used on the background thread +- nsCOMPtr mCryptoHash; +- + nsAutoPtr mClassifier; + // The class that actually parses the update chunks. + nsAutoPtr mProtocolParser; +diff --git toolkit/components/url-classifier/tests/gtest/Common.cpp toolkit/components/url-classifier/tests/gtest/Common.cpp +index 2d11cf87ccca..812151f569a4 100644 +--- toolkit/components/url-classifier/tests/gtest/Common.cpp ++++ toolkit/components/url-classifier/tests/gtest/Common.cpp +@@ -152,8 +152,7 @@ nsCString + GeneratePrefix(const nsCString& aFragment, uint8_t aLength) + { + Completion complete; +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- complete.FromPlaintext(aFragment, cryptoHash); ++ complete.FromPlaintext(aFragment); + + nsCString hash; + hash.Assign((const char *)complete.buf, aLength); +diff --git toolkit/components/url-classifier/tests/gtest/TestCaching.cpp toolkit/components/url-classifier/tests/gtest/TestCaching.cpp +index b280f7c61af6..7a9f5cdbb0e7 100644 +--- toolkit/components/url-classifier/tests/gtest/TestCaching.cpp ++++ toolkit/components/url-classifier/tests/gtest/TestCaching.cpp +@@ -18,14 +18,11 @@ SetupCacheEntry(LookupCacheV2* aLookupCache, + MissPrefixArray misses; + MissPrefixArray emptyMisses; + +- nsCOMPtr cryptoHash = +- do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- + AddComplete* add = completes.AppendElement(fallible); +- add->complete.FromPlaintext(aCompletion, cryptoHash); ++ add->complete.FromPlaintext(aCompletion); + + Prefix* prefix = misses.AppendElement(fallible); +- prefix->FromPlaintext(aCompletion, cryptoHash); ++ prefix->FromPlaintext(aCompletion); + + // Setup positive cache first otherwise negative cache expiry will be + // overwritten. +@@ -45,9 +42,7 @@ SetupCacheEntry(LookupCacheV4* aLookupCache, + FullHashResponseMap map; + + Prefix prefix; +- nsCOMPtr cryptoHash = +- do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- prefix.FromPlaintext(aCompletion, cryptoHash); ++ prefix.FromPlaintext(aCompletion); + + CachedFullHashResponse* response = map.LookupOrAdd(prefix.ToUint32()); + +@@ -104,8 +99,7 @@ TestCache(const _Fragment& aFragment, + T* aCache = nullptr) + { + Completion lookupHash; +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- lookupHash.FromPlaintext(aFragment, cryptoHash); ++ lookupHash.FromPlaintext(aFragment); + + TestCache(lookupHash, aExpectedHas, aExpectedConfirmed, aExpectedInCache, aCache); + } +@@ -148,13 +142,12 @@ TEST(UrlClassifierCaching, InNegativeCacheNotExpired) + { + // Create a fullhash whose prefix matches the prefix in negative cache + // but completion doesn't match any fullhash in positive cache. +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); + + Completion prefix; +- prefix.FromPlaintext(_Fragment("cache.notexpired.com/"), cryptoHash); ++ prefix.FromPlaintext(_Fragment("cache.notexpired.com/")); + + Completion fullhash; +- fullhash.FromPlaintext(_Fragment("firefox.com/"), cryptoHash); ++ fullhash.FromPlaintext(_Fragment("firefox.com/")); + + // Overwrite the 4-byte prefix of `fullhash` so that it conflicts with `prefix`. + // Since "cache.notexpired.com" is added to database in TestCache as a +@@ -171,13 +164,12 @@ TEST(UrlClassifierCaching, InNegativeCacheNotExpired) + TEST(UrlClassifierCaching, InNegativeCacheExpired) + { + // Create a fullhash whose prefix is in the cache. +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); + + Completion prefix; +- prefix.FromPlaintext(_Fragment("cache.expired.com/"), cryptoHash); ++ prefix.FromPlaintext(_Fragment("cache.expired.com/")); + + Completion fullhash; +- fullhash.FromPlaintext(_Fragment("firefox.com/"), cryptoHash); ++ fullhash.FromPlaintext(_Fragment("firefox.com/")); + + memcpy(fullhash.buf, prefix.buf, 10); + +@@ -255,7 +247,7 @@ TEST(UrlClassifierCaching, NegativeCacheExpireV2) + + MissPrefixArray misses; + Prefix* prefix = misses.AppendElement(fallible); +- prefix->FromPlaintext(NEG_CACHE_EXPIRED_URL, cryptoHash); ++ prefix->FromPlaintext(NEG_CACHE_EXPIRED_URL); + + AddCompleteArray dummy; + cache->AddGethashResultToCache(dummy, misses, EXPIRED_TIME_SEC); +@@ -275,7 +267,7 @@ TEST(UrlClassifierCaching, NegativeCacheExpireV4) + FullHashResponseMap map; + Prefix prefix; + nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- prefix.FromPlaintext(NEG_CACHE_EXPIRED_URL, cryptoHash); ++ prefix.FromPlaintext(NEG_CACHE_EXPIRED_URL); + CachedFullHashResponse* response = map.LookupOrAdd(prefix.ToUint32()); + + response->negativeCacheExpirySec = EXPIRED_TIME_SEC; +diff --git toolkit/components/url-classifier/tests/gtest/TestClassifier.cpp toolkit/components/url-classifier/tests/gtest/TestClassifier.cpp +index a4d21581315e..23b7e9ef59d1 100644 +--- toolkit/components/url-classifier/tests/gtest/TestClassifier.cpp ++++ toolkit/components/url-classifier/tests/gtest/TestClassifier.cpp +@@ -71,8 +71,7 @@ TestReadNoiseEntries(Classifier* classifier, + const nsCString& aFragment) + { + Completion lookupHash; +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- lookupHash.FromPlaintext(aFragment, cryptoHash); ++ lookupHash.FromPlaintext(aFragment); + LookupResult result; + result.hash.complete = lookupHash; + +diff --git toolkit/components/url-classifier/tests/gtest/TestLookupCacheV4.cpp toolkit/components/url-classifier/tests/gtest/TestLookupCacheV4.cpp +index b2ed091ae308..3fbea2d9d475 100644 +--- toolkit/components/url-classifier/tests/gtest/TestLookupCacheV4.cpp ++++ toolkit/components/url-classifier/tests/gtest/TestLookupCacheV4.cpp +@@ -17,8 +17,7 @@ TestHasPrefix(const _Fragment& aFragment, bool aExpectedHas, bool aExpectedCompl + UniquePtr cache = SetupLookupCache(array); + + Completion lookupHash; +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- lookupHash.FromPlaintext(aFragment, cryptoHash); ++ lookupHash.FromPlaintext(aFragment); + + bool has, confirmed; + uint32_t matchLength; +diff --git toolkit/components/url-classifier/tests/unit/head_urlclassifier.js toolkit/components/url-classifier/tests/unit/head_urlclassifier.js +index f52ded37c2e9..61b0c170d457 100644 +--- toolkit/components/url-classifier/tests/unit/head_urlclassifier.js ++++ toolkit/components/url-classifier/tests/unit/head_urlclassifier.js +@@ -17,6 +17,9 @@ do_get_profile(); + + var dirSvc = Cc["@mozilla.org/file/directory_service;1"].getService(Ci.nsIProperties); + ++// Ensure PSM is initialized before the test ++Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); ++ + var iosvc = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService); + + var secMan = Cc["@mozilla.org/scriptsecuritymanager;1"] Property changes on: head/www/firefox/files/patch-bug1394031 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1399922 =================================================================== --- head/www/firefox/files/patch-bug1399922 (nonexistent) +++ head/www/firefox/files/patch-bug1399922 (revision 454192) @@ -0,0 +1,104 @@ +commit aec4b24e060f +Author: Jan-Ivar Bruaroey +Date: Thu Sep 21 10:45:56 2017 -0400 + + Bug 1399922 - Use a static mutex for getting deviceId keys in MediaParent. r=jesup, a=sledru + + MozReview-Commit-ID: E6pzyAM4jOQ + + --HG-- + extra : source : b030607a3ddbc015d30dbffc5eba0789cae6db62 +--- + dom/media/systemservices/MediaParent.cpp | 32 +++++++++++++++++++++----------- + 1 file changed, 21 insertions(+), 11 deletions(-) + +diff --git dom/media/systemservices/MediaParent.cpp dom/media/systemservices/MediaParent.cpp +index c7798dd73dc6..485f9bdee808 100644 +--- dom/media/systemservices/MediaParent.cpp ++++ dom/media/systemservices/MediaParent.cpp +@@ -37,6 +37,7 @@ mozilla::LazyLogModule gMediaParentLog("MediaParent"); + namespace mozilla { + namespace media { + ++StaticMutex sOriginKeyStoreMutex; + static OriginKeyStore* sOriginKeyStore = nullptr; + + class OriginKeyStore : public nsISupports +@@ -396,6 +397,7 @@ class OriginKeyStore : public nsISupports + private: + virtual ~OriginKeyStore() + { ++ StaticMutexAutoLock lock(sOriginKeyStoreMutex); + sOriginKeyStore = nullptr; + LOG((__FUNCTION__)); + } +@@ -404,6 +406,7 @@ public: + static OriginKeyStore* Get() + { + MOZ_ASSERT(NS_IsMainThread()); ++ StaticMutexAutoLock lock(sOriginKeyStoreMutex); + if (!sOriginKeyStore) { + sOriginKeyStore = new OriginKeyStore(); + } +@@ -447,8 +450,8 @@ Parent::RecvGetPrincipalKey(const uint32_t& aRequestId, + return IPCResult(this, false); + } + +- // Then over to stream-transport thread to do the actual file io. +- // Stash a pledge to hold the answer and get an id for this request. ++ // Then over to stream-transport thread (a thread pool) to do the actual ++ // file io. Stash a pledge to hold the answer and get an id for this request. + + RefPtr> p = new Pledge(); + uint32_t id = mOutstandingPledges.Append(*p); +@@ -460,14 +463,18 @@ Parent::RecvGetPrincipalKey(const uint32_t& aRequestId, + rv = sts->Dispatch(NewRunnableFrom([this, that, id, profileDir, + aPrincipalInfo, aPersist]() -> nsresult { + MOZ_ASSERT(!NS_IsMainThread()); +- mOriginKeyStore->mOriginKeys.SetProfileDir(profileDir); ++ StaticMutexAutoLock lock(sOriginKeyStoreMutex); ++ if (!sOriginKeyStore) { ++ return NS_ERROR_FAILURE; ++ } ++ sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir); + + nsresult rv; + nsAutoCString result; + if (IsPincipalInfoPrivate(aPrincipalInfo)) { +- rv = mOriginKeyStore->mPrivateBrowsingOriginKeys.GetPrincipalKey(aPrincipalInfo, result); ++ rv = sOriginKeyStore->mPrivateBrowsingOriginKeys.GetPrincipalKey(aPrincipalInfo, result); + } else { +- rv = mOriginKeyStore->mOriginKeys.GetPrincipalKey(aPrincipalInfo, result, aPersist); ++ rv = sOriginKeyStore->mOriginKeys.GetPrincipalKey(aPrincipalInfo, result, aPersist); + } + + if (NS_WARN_IF(NS_FAILED(rv))) { +@@ -518,19 +525,22 @@ Parent::RecvSanitizeOriginKeys(const uint64_t& aSinceWhen, + if (NS_WARN_IF(NS_FAILED(rv))) { + return IPCResult(this, false); + } +- // Over to stream-transport thread to do the file io. ++ // Over to stream-transport thread (a thread pool) to do the file io. + + nsCOMPtr sts = do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID); + MOZ_ASSERT(sts); +- RefPtr store(mOriginKeyStore); + +- rv = sts->Dispatch(NewRunnableFrom([profileDir, store, aSinceWhen, ++ rv = sts->Dispatch(NewRunnableFrom([profileDir, aSinceWhen, + aOnlyPrivateBrowsing]() -> nsresult { + MOZ_ASSERT(!NS_IsMainThread()); +- store->mPrivateBrowsingOriginKeys.Clear(aSinceWhen); ++ StaticMutexAutoLock lock(sOriginKeyStoreMutex); ++ if (!sOriginKeyStore) { ++ return NS_ERROR_FAILURE; ++ } ++ sOriginKeyStore->mPrivateBrowsingOriginKeys.Clear(aSinceWhen); + if (!aOnlyPrivateBrowsing) { +- store->mOriginKeys.SetProfileDir(profileDir); +- store->mOriginKeys.Clear(aSinceWhen); ++ sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir); ++ sOriginKeyStore->mOriginKeys.Clear(aSinceWhen); + } + return NS_OK; + }), NS_DISPATCH_NORMAL); Property changes on: head/www/firefox/files/patch-bug1399922 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1401339 =================================================================== --- head/www/firefox/files/patch-bug1401339 (nonexistent) +++ head/www/firefox/files/patch-bug1401339 (revision 454192) @@ -0,0 +1,76 @@ +commit 5d3c733f43dd +Author: Gabriele Svelto +Date: Fri Sep 22 15:06:22 2017 +0200 + + Bug 1401339 - Look for libcurl under platform-specific paths; r=Dexter a=sylvestre + + MozReview-Commit-ID: 6wijqLsar56 + + --HG-- + extra : source : ebd3c3b2d64442c2b5eb7ab3e87c4b423311f3f4 +--- + .../pingsender/pingsender_unix_common.cpp | 40 +++++++++++++++------- + 1 file changed, 28 insertions(+), 12 deletions(-) + +diff --git toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp +index b1cea81f6288..ae20f4114193 100644 +--- toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp ++++ toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp +@@ -80,29 +80,45 @@ CurlWrapper::~CurlWrapper() + bool + CurlWrapper::Init() + { +- // libcurl might show up under different names, try them all until we find it ++ const char* libcurlPaths[] = { ++ "/usr/lib", ++#ifdef XP_LINUX ++ "/usr/lib32", ++ "/usr/lib64", ++ "/usr/lib/i386-linux-gnu", // Debian 32-bit x86 ++ "/usr/lib/x86_64-linux-gnu", // Debian 64-bit x86 ++#endif // XP_LINUX ++ }; ++ + const char* libcurlNames[] = { ++#ifdef XP_LINUX + "libcurl.so", + "libcurl.so.4", + // Debian gives libcurl a different name when it is built against GnuTLS ++ "libcurl-gnutls.so", + "libcurl-gnutls.so.4", +- // Older libcurl if we can't find anything better ++ // Older versions in case we find nothing better + "libcurl.so.3", +-#ifndef HAVE_64BIT_BUILD +- // 32-bit versions on 64-bit hosts +- "/usr/lib32/libcurl.so", +- "/usr/lib32/libcurl.so.4", +- "/usr/lib32/libcurl-gnutls.so.4", +- "/usr/lib32/libcurl.so.3", +-#endif ++ "libcurl-gnutls.so.3", // See above for Debian ++#elif defined(XP_MACOSX) + // macOS + "libcurl.dylib", + "libcurl.4.dylib", +- "libcurl.3.dylib" ++ "libcurl.3.dylib", ++#endif + }; + +- for (const char* libname : libcurlNames) { +- mLib = dlopen(libname, RTLD_NOW); ++ // libcurl might show up under different names, try them all until we find it ++ ++ for (const char* libpath : libcurlPaths) { ++ for (const char* libname : libcurlNames) { ++ string fullpath = string(libpath) + "/" + libname; ++ mLib = dlopen(fullpath.c_str(), RTLD_NOW); ++ ++ if (mLib) { ++ break; ++ } ++ } + + if (mLib) { + break; Property changes on: head/www/firefox/files/patch-bug1401339 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1402363 =================================================================== --- head/www/firefox/files/patch-bug1402363 (nonexistent) +++ head/www/firefox/files/patch-bug1402363 (revision 454192) @@ -0,0 +1,199 @@ +commit 3b1474dc71b8 +Author: Christoph Kerschbaumer +Date: Mon Oct 2 09:11:57 2017 +0200 + + Bug 1402363 - Explicitly cancel channel after mixed content redirect. r=honza, r=kate, a=ritu + + --HG-- + extra : source : 2773796df8a337e5de31811acb4662ce67955f93 +--- + dom/security/nsMixedContentBlocker.cpp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git dom/security/nsMixedContentBlocker.cpp dom/security/nsMixedContentBlocker.cpp +index 46760e69cb91..28740da9efca 100644 +--- dom/security/nsMixedContentBlocker.cpp ++++ dom/security/nsMixedContentBlocker.cpp +@@ -394,7 +394,11 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel, + nullptr, // aExtra + requestingPrincipal, + &decision); +- NS_ENSURE_SUCCESS(rv, rv); ++ if (NS_FAILED(rv)) { ++ autoCallback.DontCallback(); ++ aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI); ++ return NS_BINDING_FAILED; ++ } + + if (nsMixedContentBlocker::sSendHSTSPriming) { + // The LoadInfo passed in is for the original channel, HSTS priming needs to +@@ -419,6 +423,7 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel, + // If the channel is about to load mixed content, abort the channel + if (!NS_CP_ACCEPTED(decision)) { + autoCallback.DontCallback(); ++ aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI); + return NS_BINDING_FAILED; + } + + +commit a709f413ebbd (tag: FIREFOX_57_0b5_RELEASE, tag: FIREFOX_57_0b5_BUILD1) +Author: Christoph Kerschbaumer +Date: Mon Oct 2 09:12:12 2017 +0200 + + Bug 1402363 - Test Mixed Content Redirect Blocking. r=tanvi, r=kate, a=ritu + + --HG-- + extra : source : fcefba24074f60e2d3296996e20a8dd8bc6bebe0 +--- + .../test/mixedcontentblocker/file_redirect.html | 31 ++++++++++++++ + .../mixedcontentblocker/file_redirect_handler.sjs | 29 +++++++++++++ + .../test/mixedcontentblocker/mochitest.ini | 3 ++ + .../test/mixedcontentblocker/test_redirect.html | 50 ++++++++++++++++++++++ + 4 files changed, 113 insertions(+) + +diff --git dom/security/test/mixedcontentblocker/file_redirect.html dom/security/test/mixedcontentblocker/file_redirect.html +new file mode 100644 +index 000000000000..99e187379139 +--- /dev/null ++++ dom/security/test/mixedcontentblocker/file_redirect.html +@@ -0,0 +1,31 @@ ++ ++ ++ ++ Bug1402363: Test mixed content redirects ++ ++ ++ ++ ++ ++ +diff --git dom/security/test/mixedcontentblocker/file_redirect_handler.sjs dom/security/test/mixedcontentblocker/file_redirect_handler.sjs +new file mode 100644 +index 000000000000..88dc849fe9a7 +--- /dev/null ++++ dom/security/test/mixedcontentblocker/file_redirect_handler.sjs +@@ -0,0 +1,29 @@ ++// custom *.sjs file for ++// Bug 1402363: Test Mixed Content Redirect Blocking. ++ ++const URL_PATH = "example.com/tests/dom/security/test/mixedcontentblocker/"; ++ ++function handleRequest(request, response) { ++ response.setHeader("Cache-Control", "no-cache", false); ++ let queryStr = request.queryString; ++ ++ if (queryStr === "https-to-https-redirect") { ++ response.setStatusLine("1.1", 302, "Found"); ++ response.setHeader("Location", ++ "https://" + URL_PATH + "file_redirect_handler.sjs?load", false); ++ return; ++ } ++ ++ if (queryStr === "https-to-http-redirect") { ++ response.setStatusLine("1.1", 302, "Found"); ++ response.setHeader("Location", ++ "http://" + URL_PATH + "file_redirect_handler.sjs?load", false); ++ return; ++ } ++ ++ if (queryStr === "load") { ++ response.setHeader("Content-Type", "text/html", false); ++ response.write("foo"); ++ return; ++ } ++} +diff --git dom/security/test/mixedcontentblocker/mochitest.ini dom/security/test/mixedcontentblocker/mochitest.ini +index 7eed89effbce..9daf1f0ae73b 100644 +--- dom/security/test/mixedcontentblocker/mochitest.ini ++++ dom/security/test/mixedcontentblocker/mochitest.ini +@@ -14,6 +14,8 @@ support-files = + file_server.sjs + !/dom/media/test/320x240.ogv + !/image/test/mochitest/blue.png ++ file_redirect.html ++ file_redirect_handler.sjs + + [test_main.html] + skip-if = toolkit == 'android' #TIMED_OUT +@@ -21,3 +23,4 @@ skip-if = toolkit == 'android' #TIMED_OUT + skip-if = toolkit == 'android' || (os=='linux' && bits==32) #Android: TIMED_OUT; Linux32:bug 1324870 + [test_frameNavigation.html] + skip-if = toolkit == 'android' #TIMED_OUT ++[test_redirect.html] +diff --git dom/security/test/mixedcontentblocker/test_redirect.html dom/security/test/mixedcontentblocker/test_redirect.html +new file mode 100644 +index 000000000000..f4aeef3d9895 +--- /dev/null ++++ dom/security/test/mixedcontentblocker/test_redirect.html +@@ -0,0 +1,50 @@ ++ ++ ++ ++ Bug1402363: Test mixed content redirects ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Property changes on: head/www/firefox/files/patch-bug1402363 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1402876 =================================================================== --- head/www/firefox/files/patch-bug1402876 (nonexistent) +++ head/www/firefox/files/patch-bug1402876 (revision 454192) @@ -0,0 +1,66 @@ +commit 434da479b6e1 +Author: Jan de Mooij +Date: Wed Sep 27 14:43:36 2017 +0200 + + Bug 1402876 - Remove unnecessary InvalidateCompilerOutputsForScript call. r=nbp, a=sledru + + --HG-- + extra : source : c1a158ca2b1cfc009cd1545538cacbc4feabc48b +--- + js/src/jit/Ion.cpp | 3 --- + js/src/vm/TypeInference.cpp | 12 ------------ + js/src/vm/TypeInference.h | 4 ---- + 3 files changed, 19 deletions(-) + +diff --git js/src/jit/Ion.cpp js/src/jit/Ion.cpp +index ba583fe12297..f205b83d2893 100644 +--- js/src/jit/Ion.cpp ++++ js/src/jit/Ion.cpp +@@ -574,9 +574,6 @@ jit::LinkIonScript(JSContext* cx, HandleScript calleeScript) + // doesn't has code to handle it after linking happened. So it's + // not OK to throw a catchable exception from there. + cx->clearPendingException(); +- +- // Reset the TypeZone's compiler output for this script, if any. +- InvalidateCompilerOutputsForScript(cx, calleeScript); + } + } + +diff --git js/src/vm/TypeInference.cpp js/src/vm/TypeInference.cpp +index de98bb654fa8..70d6dfc19d20 100644 +--- js/src/vm/TypeInference.cpp ++++ js/src/vm/TypeInference.cpp +@@ -1511,18 +1511,6 @@ js::FinishCompilation(JSContext* cx, HandleScript script, CompilerConstraintList + return true; + } + +-void +-js::InvalidateCompilerOutputsForScript(JSContext* cx, HandleScript script) +-{ +- TypeZone& types = cx->zone()->types; +- if (types.compilerOutputs) { +- for (auto& co : *types.compilerOutputs) { +- if (co.script() == script) +- co.invalidate(); +- } +- } +-} +- + static void + CheckDefinitePropertiesTypeSet(JSContext* cx, TemporaryTypeSet* frozen, StackTypeSet* actual) + { +diff --git js/src/vm/TypeInference.h js/src/vm/TypeInference.h +index df2d496ca879..318c3e813b1a 100644 +--- js/src/vm/TypeInference.h ++++ js/src/vm/TypeInference.h +@@ -1299,10 +1299,6 @@ bool + FinishCompilation(JSContext* cx, HandleScript script, CompilerConstraintList* constraints, + RecompileInfo* precompileInfo, bool* isValidOut); + +-// Reset any CompilerOutput present for a script. +-void +-InvalidateCompilerOutputsForScript(JSContext* cx, HandleScript script); +- + // Update the actual types in any scripts queried by constraints with any + // speculative types added during the definite properties analysis. + void Property changes on: head/www/firefox/files/patch-bug1402876 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1402896 =================================================================== --- head/www/firefox/files/patch-bug1402896 (nonexistent) +++ head/www/firefox/files/patch-bug1402896 (revision 454192) @@ -0,0 +1,40 @@ +commit 6bf098b436b0 +Author: Gijs Kruitbosch +Date: Mon Sep 25 17:24:26 2017 +0100 + + Bug 1402896 - Make the url bar strip javascript even when preceded by control characters. r=mak, a=sledru + + MozReview-Commit-ID: 5ZO8n5lfvnl + + --HG-- + extra : source : 638e145f6bba437642d55f7b2baf5458df61419a +--- + browser/base/content/browser.js | 2 +- + .../content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git browser/base/content/browser.js browser/base/content/browser.js +index 8b0fb0276d19..b73ab2a3dd7e 100755 +--- browser/base/content/browser.js ++++ browser/base/content/browser.js +@@ -6128,7 +6128,7 @@ function stripUnsafeProtocolOnPaste(pasteData) { + // LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those. + let changed = false; + let pasteDataNoJS = pasteData.replace(/\r?\n/g, "") +- .replace(/^(?:\s*javascript:)+/i, ++ .replace(/^(?:\W*javascript:)+/i, + () => { + changed = true; + return ""; +diff --git browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js +index 6f6682d51688..27129297b0a3 100644 +--- browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js ++++ browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js +@@ -7,6 +7,7 @@ var pairs = [ + ["javascript:", ""], + ["javascript:1+1", "1+1"], + ["javascript:document.domain", "document.domain"], ++ [" \u0001\u0002\u0003\u0004\u0005\u0006\u0007\u0008\u0009javascript:document.domain", "document.domain"], + ["java\nscript:foo", "foo"], + ["http://\nexample.com", "http://example.com"], + ["http://\nexample.com\n", "http://example.com"], Property changes on: head/www/firefox/files/patch-bug1402896 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1402966 =================================================================== --- head/www/firefox/files/patch-bug1402966 (nonexistent) +++ head/www/firefox/files/patch-bug1402966 (revision 454192) @@ -0,0 +1,51 @@ +commit 6149574dc0f9 +Author: Gabriele Svelto +Date: Tue Sep 26 09:35:03 2017 +0200 + + Bug 1402966 - Search for libcurl in more paths to support various *BSDs. r=Dexter, a=sledru + + MozReview-Commit-ID: J4ykuSVEa0y + + --HG-- + extra : source : 4741b93cfdf29517ff8eae863825fdc2ab5bd7bd +--- + .../telemetry/pingsender/pingsender_unix_common.cpp | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp +index ae20f4114193..7817e93e3d1f 100644 +--- toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp ++++ toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp +@@ -88,10 +88,19 @@ CurlWrapper::Init() + "/usr/lib/i386-linux-gnu", // Debian 32-bit x86 + "/usr/lib/x86_64-linux-gnu", // Debian 64-bit x86 + #endif // XP_LINUX ++#if !defined(XP_MACOSX) && !defined(XP_LINUX) // Various BSDs ++ "/usr/local/lib", // FreeBSD, OpenBSD ++ "/usr/pkg/lib", // NetBSD ++#endif // !defined(XP_MACOSX) && !defined(XP_LINUX) + }; + + const char* libcurlNames[] = { +-#ifdef XP_LINUX ++#if defined(XP_MACOSX) ++ // macOS ++ "libcurl.dylib", ++ "libcurl.4.dylib", ++ "libcurl.3.dylib", ++#else // Linux, *BSD, ... + "libcurl.so", + "libcurl.so.4", + // Debian gives libcurl a different name when it is built against GnuTLS +@@ -100,11 +109,6 @@ CurlWrapper::Init() + // Older versions in case we find nothing better + "libcurl.so.3", + "libcurl-gnutls.so.3", // See above for Debian +-#elif defined(XP_MACOSX) +- // macOS +- "libcurl.dylib", +- "libcurl.4.dylib", +- "libcurl.3.dylib", + #endif + }; + Property changes on: head/www/firefox/files/patch-bug1402966 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1403646 =================================================================== --- head/www/firefox/files/patch-bug1403646 (nonexistent) +++ head/www/firefox/files/patch-bug1403646 (revision 454192) @@ -0,0 +1,392 @@ +commit 474ae0592f23 +Author: Boris Zbarsky +Date: Thu Sep 28 22:05:43 2017 -0400 + + Bug 1403646 - Make sure dead object proxies have the same background-finalization status as the wrapper they replace. r=jonco, a=sledru + + MozReview-Commit-ID: GTKbR0azcRy + + --HG-- + extra : source : 296e1b4704deb1c6b3f9a6f5fc56688e89c01117 +--- + js/src/proxy/DeadObjectProxy.cpp | 204 +++++++++++++++++++++++++++------------ + js/src/proxy/DeadObjectProxy.h | 13 ++- + 2 files changed, 156 insertions(+), 61 deletions(-) + +diff --git js/src/proxy/DeadObjectProxy.cpp js/src/proxy/DeadObjectProxy.cpp +index 3bd7a405c002..658880a07616 100644 +--- js/src/proxy/DeadObjectProxy.cpp ++++ js/src/proxy/DeadObjectProxy.cpp +@@ -20,73 +20,81 @@ ReportDead(JSContext *cx) + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_DEAD_OBJECT); + } + +-template ++template + bool +-DeadObjectProxy::getOwnPropertyDescriptor(JSContext* cx, HandleObject wrapper, HandleId id, +- MutableHandle desc) const ++DeadObjectProxy::getOwnPropertyDescriptor(JSContext* cx, HandleObject wrapper, HandleId id, ++ MutableHandle desc) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::defineProperty(JSContext* cx, HandleObject wrapper, HandleId id, +- Handle desc, +- ObjectOpResult& result) const ++DeadObjectProxy::defineProperty(JSContext* cx, HandleObject wrapper, HandleId id, ++ Handle desc, ++ ObjectOpResult& result) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::ownPropertyKeys(JSContext* cx, HandleObject wrapper, +- AutoIdVector& props) const ++DeadObjectProxy::ownPropertyKeys(JSContext* cx, HandleObject wrapper, ++ AutoIdVector& props) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::delete_(JSContext* cx, HandleObject wrapper, HandleId id, +- ObjectOpResult& result) const ++DeadObjectProxy::delete_(JSContext* cx, HandleObject wrapper, HandleId id, ++ ObjectOpResult& result) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::getPrototype(JSContext* cx, HandleObject proxy, +- MutableHandleObject protop) const ++DeadObjectProxy::getPrototype(JSContext* cx, HandleObject proxy, ++ MutableHandleObject protop) const + { + protop.set(nullptr); + return true; + } + +-template ++template + bool +-DeadObjectProxy::getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, bool* isOrdinary, +- MutableHandleObject protop) const ++DeadObjectProxy::getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, bool* isOrdinary, ++ MutableHandleObject protop) const + { + *isOrdinary = false; + return true; + } + +-template ++template + bool +-DeadObjectProxy::preventExtensions(JSContext* cx, HandleObject proxy, +- ObjectOpResult& result) const ++DeadObjectProxy::preventExtensions(JSContext* cx, HandleObject proxy, ++ ObjectOpResult& result) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::isExtensible(JSContext* cx, HandleObject proxy, bool* extensible) const ++DeadObjectProxy::isExtensible(JSContext* cx, HandleObject proxy, bool* extensible) const + { + // This is kind of meaningless, but dead-object semantics aside, + // [[Extensible]] always being true is consistent with other proxy types. +@@ -94,95 +102,141 @@ DeadObjectProxy::isExtensible(JSContext* cx, HandleObject proxy, bool* exten + return true; + } + +-template ++template + bool +-DeadObjectProxy::call(JSContext* cx, HandleObject wrapper, const CallArgs& args) const ++DeadObjectProxy::call(JSContext* cx, HandleObject wrapper, const CallArgs& args) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::construct(JSContext* cx, HandleObject wrapper, const CallArgs& args) const ++DeadObjectProxy::construct(JSContext* cx, HandleObject wrapper, const CallArgs& args) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl, +- const CallArgs& args) const ++DeadObjectProxy::nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl, ++ const CallArgs& args) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::hasInstance(JSContext* cx, HandleObject proxy, MutableHandleValue v, +- bool* bp) const ++DeadObjectProxy::hasInstance(JSContext* cx, HandleObject proxy, MutableHandleValue v, ++ bool* bp) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::getBuiltinClass(JSContext* cx, HandleObject proxy, ESClass* cls) const ++DeadObjectProxy::getBuiltinClass(JSContext* cx, HandleObject proxy, ESClass* cls) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::isArray(JSContext* cx, HandleObject obj, JS::IsArrayAnswer* answer) const ++DeadObjectProxy::isArray(JSContext* cx, HandleObject obj, JS::IsArrayAnswer* answer) const + { + ReportDead(cx); + return false; + } + +-template ++template + const char* +-DeadObjectProxy::className(JSContext* cx, HandleObject wrapper) const ++DeadObjectProxy::className(JSContext* cx, HandleObject wrapper) const + { + return "DeadObject"; + } + +-template ++template + JSString* +-DeadObjectProxy::fun_toString(JSContext* cx, HandleObject proxy, bool isToSource) const ++DeadObjectProxy::fun_toString(JSContext* cx, HandleObject proxy, bool isToSource) const + { + ReportDead(cx); + return nullptr; + } + +-template ++template + RegExpShared* +-DeadObjectProxy::regexp_toShared(JSContext* cx, HandleObject proxy) const ++DeadObjectProxy::regexp_toShared(JSContext* cx, HandleObject proxy) const + { + ReportDead(cx); + return nullptr; + } + + template <> +-const char DeadObjectProxy::family = 0; ++const char DeadObjectProxy::family = 0; + template <> +-const char DeadObjectProxy::family = 0; ++const char DeadObjectProxy::family = 0; + template <> +-const char DeadObjectProxy::family = 0; ++const char DeadObjectProxy::family = 0; + template <> +-const char DeadObjectProxy::family = 0; ++const char DeadObjectProxy::family = 0; ++template <> ++const char DeadObjectProxy::family = 0; ++template <> ++const char DeadObjectProxy::family = 0; ++template <> ++const char DeadObjectProxy::family = 0; ++template <> ++const char DeadObjectProxy::family = 0; + + bool + js::IsDeadProxyObject(JSObject* obj) + { +- return IsDerivedProxyObject(obj, DeadObjectProxy::singleton()) || +- IsDerivedProxyObject(obj, DeadObjectProxy::singleton()) || +- IsDerivedProxyObject(obj, DeadObjectProxy::singleton()) || +- IsDerivedProxyObject(obj, DeadObjectProxy::singleton()); ++ return ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()); + } + + +@@ -190,19 +244,48 @@ const BaseProxyHandler* + js::SelectDeadProxyHandler(ProxyObject* obj) + { + // When nuking scripted proxies, isCallable and isConstructor values for +- // the proxy needs to be preserved. ++ // the proxy needs to be preserved. So does background-finalization status. + uint32_t callable = obj->handler()->isCallable(obj); + uint32_t constructor = obj->handler()->isConstructor(obj); ++ bool finalizeInBackground = obj->handler()->finalizeInBackground(obj->private_()); + + if (callable) { +- if (constructor) +- return DeadObjectProxy::singleton(); +- return DeadObjectProxy::singleton(); ++ if (constructor) { ++ if (finalizeInBackground) { ++ return DeadObjectProxy::singleton(); ++ } else { ++ return DeadObjectProxy::singleton(); ++ } ++ } ++ ++ if (finalizeInBackground) { ++ return DeadObjectProxy::singleton(); ++ } ++ ++ return DeadObjectProxy::singleton(); ++ } ++ ++ if (constructor) { ++ if (finalizeInBackground) { ++ return DeadObjectProxy::singleton(); ++ } ++ ++ return DeadObjectProxy::singleton(); ++ } ++ ++ if (finalizeInBackground) { ++ return DeadObjectProxy::singleton(); + } + +- if (constructor) +- return DeadObjectProxy::singleton(); +- return DeadObjectProxy::singleton(); ++ return DeadObjectProxy::singleton(); + } + + JSObject* +@@ -214,7 +297,8 @@ js::NewDeadProxyObject(JSContext* cx, JSObject* origObj) + if (origObj && origObj->is()) + handler = SelectDeadProxyHandler(&origObj->as()); + else +- handler = DeadObjectProxy::singleton(); ++ handler = DeadObjectProxy::singleton(); + + return NewProxyObject(cx, handler, NullHandleValue, nullptr, ProxyOptions()); + } +diff --git js/src/proxy/DeadObjectProxy.h js/src/proxy/DeadObjectProxy.h +index 42f21288d0e3..f29c972cf10a 100644 +--- js/src/proxy/DeadObjectProxy.h ++++ js/src/proxy/DeadObjectProxy.h +@@ -21,7 +21,14 @@ enum DeadProxyIsCallableIsConstructorOption + DeadProxyIsCallableIsConstructor + }; + +-template ++enum class DeadProxyBackgroundFinalized ++{ ++ Yes, ++ No ++}; ++ ++template + class DeadObjectProxy : public BaseProxyHandler + { + public: +@@ -70,6 +77,10 @@ class DeadObjectProxy : public BaseProxyHandler + return CC == DeadProxyIsCallableIsConstructor || CC == DeadProxyNotCallableIsConstructor; + } + ++ virtual bool finalizeInBackground(const JS::Value& priv) const override { ++ return BackgroundFinalized == DeadProxyBackgroundFinalized::Yes; ++ } ++ + static const DeadObjectProxy* singleton() { + static DeadObjectProxy singleton; + return &singleton; Property changes on: head/www/firefox/files/patch-bug1403646 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1406154 =================================================================== --- head/www/firefox/files/patch-bug1406154 (nonexistent) +++ head/www/firefox/files/patch-bug1406154 (revision 454192) @@ -0,0 +1,53 @@ +commit 3708901c15ba +Author: Byron Campen [:bwc] +Date: Thu Oct 12 12:12:40 2017 -0500 + + Bug 1406154 - Ensure that we avoid truncating the interface description strings in a couple of corner cases. r=drno, a=sledru + + MozReview-Commit-ID: KMTpbkvA4N + + --HG-- + extra : source : 5c8d4905c2bdbb3cfa0db5e07a3cd6ba4eb23fdd +--- + media/mtransport/nrinterfaceprioritizer.cpp | 2 +- + media/mtransport/third_party/nICEr/src/net/transport_addr.c | 6 +++++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git media/mtransport/nrinterfaceprioritizer.cpp media/mtransport/nrinterfaceprioritizer.cpp +index 37756991239c..34b941c53a45 100644 +--- media/mtransport/nrinterfaceprioritizer.cpp ++++ media/mtransport/nrinterfaceprioritizer.cpp +@@ -28,7 +28,7 @@ public: + bool Init(const nr_local_addr& local_addr) { + ifname_ = local_addr.addr.ifname; + +- char buf[MAXIFNAME + 41]; ++ char buf[MAXIFNAME + 47]; + int r = nr_transport_addr_fmt_ifname_addr_string(&local_addr.addr, buf, sizeof(buf)); + if (r) { + MOZ_MTLOG(ML_ERROR, "Error formatting interface key."); +diff --git media/mtransport/third_party/nICEr/src/net/transport_addr.c media/mtransport/third_party/nICEr/src/net/transport_addr.c +index 99564a08e8b9..ae849f43387e 100644 +--- media/mtransport/third_party/nICEr/src/net/transport_addr.c ++++ media/mtransport/third_party/nICEr/src/net/transport_addr.c +@@ -98,7 +98,8 @@ int nr_transport_addr_fmt_addr_string(nr_transport_addr *addr) + int nr_transport_addr_fmt_ifname_addr_string(const nr_transport_addr *addr, char *buf, int len) + { + int _status; +- char buffer[40]; ++ /* leave room for a fully-expanded IPV4-mapped IPV6 address */ ++ char buffer[46]; + + switch(addr->ip_version){ + case NR_IPV4: +@@ -114,7 +115,10 @@ int nr_transport_addr_fmt_ifname_addr_string(const nr_transport_addr *addr, char + default: + ABORT(R_INTERNAL); + } ++ buffer[sizeof(buffer) - 1] = '\0'; ++ + snprintf(buf,len,"%s:%s",addr->ifname,buffer); ++ buf[len - 1] = '\0'; + + _status=0; + abort: Property changes on: head/www/firefox/files/patch-bug1406154 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1407032 =================================================================== --- head/www/firefox/files/patch-bug1407032 (nonexistent) +++ head/www/firefox/files/patch-bug1407032 (revision 454192) @@ -0,0 +1,48 @@ +commit 5666a545d8a1 +Author: David Anderson +Date: Mon Oct 23 16:18:24 2017 -0400 + + Bug 1407032 - Reorder when GPUProcessHosts are destroyed. r=rhunt, a=ritu + + --HG-- + extra : source : 2fb069813d832de4338028cf84c8dab483ba0fda +--- + gfx/ipc/GPUProcessHost.cpp | 19 ++++++------------- + 1 file changed, 6 insertions(+), 13 deletions(-) + +diff --git gfx/ipc/GPUProcessHost.cpp gfx/ipc/GPUProcessHost.cpp +index 544baea242cf..249decc52a95 100644 +--- gfx/ipc/GPUProcessHost.cpp ++++ gfx/ipc/GPUProcessHost.cpp +@@ -190,25 +190,18 @@ GPUProcessHost::Shutdown() + void + GPUProcessHost::OnChannelClosed() + { +- if (!mShutdownRequested) { ++ mChannelClosed = true; ++ ++ if (!mShutdownRequested && mListener) { + // This is an unclean shutdown. Notify our listener that we're going away. +- mChannelClosed = true; +- if (mListener) { +- mListener->OnProcessUnexpectedShutdown(this); +- } ++ mListener->OnProcessUnexpectedShutdown(this); ++ } else { ++ DestroyProcess(); + } + + // Release the actor. + GPUChild::Destroy(Move(mGPUChild)); + MOZ_ASSERT(!mGPUChild); +- +- // If the owner of GPUProcessHost already requested shutdown, we can now +- // schedule destruction. Otherwise we must wait for someone to call +- // Shutdown. Note that GPUProcessManager calls Shutdown within +- // OnProcessUnexpectedShutdown. +- if (mShutdownRequested) { +- DestroyProcess(); +- } + } + + void Property changes on: head/www/firefox/files/patch-bug1407032 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/www/firefox/files/patch-bug1408782 =================================================================== --- head/www/firefox/files/patch-bug1408782 (nonexistent) +++ head/www/firefox/files/patch-bug1408782 (revision 454192) @@ -0,0 +1,55 @@ +commit 5b8d4bd1ffaa +Author: Jonathan Kew +Date: Wed Oct 18 10:24:03 2017 +0100 + + Bug 1408782 - Force punycode display for IDNs with a sequence. r=valentin a=ritu +--- + netwerk/dns/nsIDNService.cpp | 9 +++++++++ + netwerk/test/unit/test_idn_urls.js | 7 +++++++ + 2 files changed, 16 insertions(+) + +diff --git netwerk/dns/nsIDNService.cpp netwerk/dns/nsIDNService.cpp +index e07910a7e70d..a89b4301ea07 100644 +--- netwerk/dns/nsIDNService.cpp ++++ netwerk/dns/nsIDNService.cpp +@@ -867,6 +867,7 @@ bool nsIDNService::isLabelSafe(const nsAString &label) + + Script lastScript = Script::INVALID; + uint32_t previousChar = 0; ++ uint32_t baseChar = 0; // last non-diacritic seen (base char for marks) + uint32_t savedNumberingSystem = 0; + // Simplified/Traditional Chinese check temporarily disabled -- bug 857481 + #if 0 +@@ -948,6 +949,14 @@ bool nsIDNService::isLabelSafe(const nsAString &label) + } + } + } ++ // Check for diacritics on dotless-i, which would be indistinguishable ++ // from normal accented letter i. ++ if (baseChar == 0x0131 && ++ ((ch >= 0x0300 && ch <= 0x0314) || ch == 0x031a)) { ++ return false; ++ } ++ } else { ++ baseChar = ch; + } + + // Simplified/Traditional Chinese check temporarily disabled -- bug 857481 +diff --git netwerk/test/unit/test_idn_urls.js netwerk/test/unit/test_idn_urls.js +index f39a9650a13b..e0d73ca512ee 100644 +--- netwerk/test/unit/test_idn_urls.js ++++ netwerk/test/unit/test_idn_urls.js +@@ -300,6 +300,13 @@ const testcases = [ + ["goo\u0650gle", "xn--google-yri", false, false, false], + // ...but Arabic diacritics are allowed on Arabic text + ["العَرَبِي", "xn--mgbc0a5a6cxbzabt", false, true, true], ++ ++ // Accents above dotless-i are not allowed ++ ["na\u0131\u0308ve", "xn--nave-mza04z", false, false, false], ++ ["d\u0131\u0302ner", "xn--dner-lza40z", false, false, false], ++ // but the corresponding accented-i (based on dotted i) is OK ++ ["na\u00efve.com", "xn--nave-6pa.com", false, true, true], ++ ["d\u00eener.com", "xn--dner-0pa.com", false, true, true], + ]; + + const profiles = ["ASCII", "high", "moderate"]; Property changes on: head/www/firefox/files/patch-bug1408782 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property