# HG changeset patch # User Wolfgang Rosenauer # Date 1329296151 -3600 # Node ID 7784e72b1a3aab3f7f17315e8447fe735fd42116 # Parent 67f876aafae88ebcb2ff451144182e415e19796b 11.0b2 diff -r 67f876aafae8 -r 7784e72b1a3a MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Wed Feb 08 08:34:20 2012 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Feb 15 09:55:51 2012 +0100 @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Feb 13 07:00:14 UTC 2012 - wr@rosenauer.org + +- update to Firefox 11.0b2 (20120212) + +------------------------------------------------------------------- +Thu Feb 9 09:26:11 UTC 2012 - wr@rosenauer.org + +- update to Firefox 10.0.1 (bnc#746616) + * MFSA 2012-10/CVE-2012-0452 (bmo#724284) + use after free in nsXBLDocumentInfo::ReadPrototypeBindings + ------------------------------------------------------------------- Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com diff -r 67f876aafae8 -r 7784e72b1a3a MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Wed Feb 08 08:34:20 2012 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Wed Feb 15 09:55:51 2012 +0100 @@ -47,7 +47,7 @@ BuildRequires: nss-shared-helper-devel Version: %{mainver} Release: 0 -%define releasedate 2012020300 +%define releasedate 2012021200 Provides: web_browser Provides: firefox = %{version}-%{release} Provides: firefox = %{mainver} @@ -215,7 +215,7 @@ %endif %patch12 -p1 %patch14 -p1 -%patch15 -p1 +#%patch15 -p1 # %patch31 -p1 %patch32 -p1 diff -r 67f876aafae8 -r 7784e72b1a3a MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Wed Feb 08 08:34:20 2012 +0100 +++ b/MozillaFirefox/create-tar.sh Wed Feb 15 09:55:51 2012 +0100 @@ -2,7 +2,7 @@ CHANNEL="beta" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_11_0b1_RELEASE" +RELEASE_TAG="FIREFOX_11_0b2_RELEASE" VERSION="10.99" # mozilla diff -r 67f876aafae8 -r 7784e72b1a3a mozilla-yarr-pcre.patch --- a/mozilla-yarr-pcre.patch Wed Feb 08 08:34:20 2012 +0100 +++ b/mozilla-yarr-pcre.patch Wed Feb 15 09:55:51 2012 +0100 @@ -12,10 +12,14 @@ 5 files changed, 25 insertions(+), 89 deletions(-) diff --git a/js/src/Makefile.in b/js/src/Makefile.in -index fc48cbd..49f0bdc 100644 --- a/js/src/Makefile.in +++ b/js/src/Makefile.in -@@ -416,15 +416,20 @@ CPPSRCS += checks.cc \ +@@ -356,25 +356,30 @@ CPPSRCS += checks.cc \ + # END enclude sources for V8 dtoa + ############################################# + + # For architectures without YARR JIT, PCRE is faster than the YARR + # interpreter (bug 684559). ifeq (,$(filter arm% sparc %86 x86_64,$(TARGET_CPU))) @@ -42,62 +46,103 @@ $(NULL) else -@@ -1015,10 +1020,10 @@ endif + ############################################### + # BEGIN include sources for the Nitro assembler + # + + ENABLE_YARR_JIT = 1 +@@ -916,20 +921,20 @@ endif + + ############################################### + # BEGIN kludges for the Nitro assembler + # + # Needed to "configure" it correctly. Unfortunately these # flags wind up being applied to all code in js/src, not just # the code in js/src/assembler. -CXXFLAGS += -DUSE_SYSTEM_MALLOC=1 -DENABLE_ASSEMBLER=1 +CXXFLAGS += -DUSE_SYSTEM_MALLOC=1 - ifneq (,$(ENABLE_YARR_JIT)$(ENABLE_TRACEJIT)$(ENABLE_METHODJIT)) + ifneq (,$(ENABLE_YARR_JIT)$(ENABLE_METHODJIT)) -CXXFLAGS += -DENABLE_JIT=1 +CXXFLAGS += -DENABLE_JIT=1 -DENABLE_ASSEMBLER=1 endif INCLUDES += -I$(srcdir)/assembler -I$(srcdir)/yarr + + ifdef ENABLE_METHODJIT + # Build a standalone test program that exercises the assembler + # sources a bit. + TESTMAIN_OBJS = \ diff --git a/js/src/vm/RegExpObject-inl.h b/js/src/vm/RegExpObject-inl.h -index 5f7817d..91108a7 100644 --- a/js/src/vm/RegExpObject-inl.h +++ b/js/src/vm/RegExpObject-inl.h -@@ -327,6 +327,7 @@ RegExpPrivate::create(JSContext *cx, JSString *source, RegExpFlag flags, TokenSt - return RetType(self); +@@ -362,49 +362,50 @@ detail::RegExpPrivate::create(JSContext + return RetType(NULL); + + if (!cacheInsert(cx, sourceAtom, RegExpPrivateCache_ExecCapable, priv)) + return RetType(NULL); + + return RetType(priv); } +#if ENABLE_YARR_JIT /* This function should be deleted once bad Android platforms phase out. See bug 604774. */ inline bool - RegExpPrivateCode::isJITRuntimeEnabled(JSContext *cx) -@@ -337,12 +338,12 @@ RegExpPrivateCode::isJITRuntimeEnabled(JSContext *cx) + detail::RegExpPrivateCode::isJITRuntimeEnabled(JSContext *cx) + { + #if defined(ANDROID) && defined(JS_METHODJIT) + return cx->methodJitEnabled; + #else return true; #endif } +#endif inline bool - RegExpPrivateCode::compile(JSContext *cx, JSLinearString &pattern, TokenStream *ts, - uintN *parenCount, RegExpFlag flags) + detail::RegExpPrivateCode::compile(JSContext *cx, JSLinearString &pattern, TokenStream *ts, + uintN *parenCount, RegExpFlag flags) { -#if ENABLE_YARR_JIT /* Parse the pattern. */ ErrorCode yarrError; YarrPattern yarrPattern(pattern, bool(flags & IgnoreCaseFlag), bool(flags & MultilineFlag), -@@ -359,7 +360,7 @@ RegExpPrivateCode::compile(JSContext *cx, JSLinearString &pattern, TokenStream * + &yarrError); + if (yarrError) { + reportYarrError(cx, ts, yarrError); + return false; + } + *parenCount = yarrPattern.m_numSubpatterns; + + /* + * The YARR JIT compiler attempts to compile the parsed pattern. If + * it cannot, it informs us via |codeBlock.isFallBack()|, in which * case we have to bytecode compile it. */ -#ifdef JS_METHODJIT +#if ENABLE_YARR_JIT && defined(JS_METHODJIT) if (isJITRuntimeEnabled(cx) && !yarrPattern.m_containsBackreferences) { - if (!cx->compartment->ensureJaegerCompartmentExists(cx)) + JSC::ExecutableAllocator *execAlloc = cx->threadData()->getOrCreateExecutableAllocator(cx); + if (!execAlloc) { + js_ReportOutOfMemory(cx); return false; -@@ -371,21 +372,11 @@ RegExpPrivateCode::compile(JSContext *cx, JSLinearString &pattern, TokenStream * + } + + JSGlobalData globalData(execAlloc); +@@ -415,31 +416,21 @@ detail::RegExpPrivateCode::compile(JSCon + #endif + + WTF::BumpPointerAllocator *bumpAlloc = cx->threadData()->getOrCreateBumpPointerAllocator(cx); + if (!bumpAlloc) { + js_ReportOutOfMemory(cx); + return false; } - #endif +#if ENABLE_YARR_JIT codeBlock.setFallBack(true); +#endif - byteCode = byteCompile(yarrPattern, cx->compartment->regExpAllocator).get(); + byteCode = byteCompile(yarrPattern, bumpAlloc).get(); return true; -#else /* !defined(ENABLE_YARR_JIT) */ - int error = 0; @@ -114,7 +159,17 @@ } inline bool -@@ -431,19 +422,12 @@ RegExpPrivateCode::execute(JSContext *cx, const jschar *chars, size_t start, siz + detail::RegExpPrivate::compile(JSContext *cx, TokenStream *ts) + { + if (!sticky()) + return code.compile(cx, *source, ts, &parenCount, getFlags()); + +@@ -471,29 +462,22 @@ detail::RegExpPrivateCode::execute(JSCon + int result; + #if ENABLE_YARR_JIT + (void) cx; /* Unused. */ + if (codeBlock.isFallBack()) + result = JSC::Yarr::interpret(byteCode, chars, start, length, output); else result = JSC::Yarr::execute(codeBlock, chars, start, length, output); #else @@ -123,31 +178,50 @@ #endif if (result == -1) - return Success_NotFound; + return RegExpRunStatus_Success_NotFound; -#if !ENABLE_YARR_JIT - if (result < 0) { - reportPCREError(cx, result); -- return Error; +- return RegExpRunStatus_Error; - } -#endif - JS_ASSERT(result >= 0); - return Success; + return RegExpRunStatus_Success; } + + inline void + detail::RegExpPrivate::incref(JSContext *cx) + { + ++refCount; diff --git a/js/src/vm/RegExpObject.cpp b/js/src/vm/RegExpObject.cpp -index f75c6a5..7631dd5 100644 --- a/js/src/vm/RegExpObject.cpp +++ b/js/src/vm/RegExpObject.cpp -@@ -251,7 +251,6 @@ Class js::RegExpClass = { - NULL /* trace */ +@@ -387,17 +387,16 @@ Class js::RegExpClass = { + NULL, /* checkAccess */ + NULL, /* call */ + NULL, /* construct */ + js_XDRRegExpObject, + NULL, /* hasInstance */ + regexp_trace }; -#if ENABLE_YARR_JIT void RegExpPrivateCode::reportYarrError(JSContext *cx, TokenStream *ts, ErrorCode error) { -@@ -283,41 +282,6 @@ RegExpPrivateCode::reportYarrError(JSContext *cx, TokenStream *ts, ErrorCode err + switch (error) { + case JSC::Yarr::NoError: + JS_NOT_REACHED("Called reportYarrError with value for no error"); + return; + #define COMPILE_EMSG(__code, __msg) \ +@@ -419,52 +418,16 @@ RegExpPrivateCode::reportYarrError(JSCon + COMPILE_EMSG(QuantifierTooLarge, JSMSG_BAD_QUANTIFIER); + COMPILE_EMSG(EscapeUnterminated, JSMSG_TRAILING_SLASH); + #undef COMPILE_EMSG + default: + JS_NOT_REACHED("Unknown Yarr error code"); } } @@ -161,9 +235,9 @@ - return - switch (error) { - case -2: REPORT(JSMSG_REGEXP_TOO_COMPLEX); -- case 0: JS_NOT_REACHED("Precondition violation: an error must have occurred."); +- case 0: JS_NOT_REACHED("Precondition violation: an error must have occurred."); - case 1: REPORT(JSMSG_TRAILING_SLASH); -- case 2: REPORT(JSMSG_TRAILING_SLASH); +- case 2: REPORT(JSMSG_TRAILING_SLASH); - case 3: REPORT(JSMSG_REGEXP_TOO_COMPLEX); - case 4: REPORT(JSMSG_BAD_QUANTIFIER); - case 5: REPORT(JSMSG_BAD_QUANTIFIER); @@ -184,25 +258,45 @@ - } -#undef REPORT -} +- -#endif /* ENABLE_YARR_JIT */ - bool js::ParseRegExpFlags(JSContext *cx, JSString *flagStr, RegExpFlag *flagsOut) { + size_t n = flagStr->length(); + const jschar *s = flagStr->getChars(cx); + if (!s) + return false; + diff --git a/js/src/vm/RegExpObject.h b/js/src/vm/RegExpObject.h -index 1449d56..279f3c0 100644 --- a/js/src/vm/RegExpObject.h +++ b/js/src/vm/RegExpObject.h -@@ -49,8 +49,6 @@ +@@ -45,18 +45,16 @@ + #include "jsobj.h" + + #include "js/TemplateLib.h" + #include "yarr/Yarr.h" #if ENABLE_YARR_JIT #include "yarr/YarrJIT.h" + #include "yarr/YarrSyntaxChecker.h" -#else -#include "yarr/pcre/pcre.h" #endif namespace js { -@@ -153,48 +151,39 @@ ResetRegExpObject(JSContext *cx, AlreadyIncRefed rep); + + enum RegExpRunStatus + { + RegExpRunStatus_Error, + RegExpRunStatus_Success, +@@ -235,50 +233,43 @@ class RegExpObjectBuilder + + namespace detail { + + static const jschar GreedyStarChars[] = {'.', '*'}; + /* Abstracts away the gross |RegExpPrivate| backend details. */ class RegExpPrivateCode { @@ -217,22 +311,22 @@ /* Note: Native code is valid only if |codeBlock.isFallBack() == false|. */ YarrCodeBlock codeBlock; -- BytecodePattern *byteCode; ++#endif + BytecodePattern *byteCode; -#else - JSRegExp *compiled; - #endif -+ BytecodePattern *byteCode; +-#endif public: RegExpPrivateCode() : #if ENABLE_YARR_JIT codeBlock(), -- byteCode(NULL) ++#endif + byteCode(NULL) -#else - compiled(NULL) - #endif -+ byteCode(NULL) +-#endif { } ~RegExpPrivateCode() { @@ -247,19 +341,27 @@ -#endif } + static bool checkSyntax(JSContext *cx, TokenStream *tokenStream, JSLinearString *source) { + #if ENABLE_YARR_JIT + ErrorCode error = JSC::Yarr::checkSyntax(*source); + if (error == JSC::Yarr::NoError) + return true; + +@@ -286,27 +277,21 @@ class RegExpPrivateCode + return false; + #else + # error "Syntax checking not implemented for !ENABLE_YARR_JIT" + #endif + } + #if ENABLE_YARR_JIT static inline bool isJITRuntimeEnabled(JSContext *cx); -- void reportYarrError(JSContext *cx, TokenStream *ts, JSC::Yarr::ErrorCode error); +- static void reportYarrError(JSContext *cx, TokenStream *ts, JSC::Yarr::ErrorCode error); -#else -- void reportPCREError(JSContext *cx, int error); +- static void reportPCREError(JSContext *cx, int error); #endif + void reportYarrError(JSContext *cx, TokenStream *ts, JSC::Yarr::ErrorCode error); - inline bool compile(JSContext *cx, JSLinearString &pattern, TokenStream *ts, uintN *parenCount, - RegExpFlag flags); -@@ -205,11 +194,7 @@ class RegExpPrivateCode - int *output, size_t outputCount); - static size_t getOutputSize(size_t pairCount) { -#if ENABLE_YARR_JIT return pairCount * 2; @@ -267,13 +369,22 @@ - return pairCount * 3; /* Should be x2, but PCRE has... needs. */ -#endif } - }; + + inline bool compile(JSContext *cx, JSLinearString &pattern, TokenStream *ts, uintN *parenCount, + RegExpFlag flags); + + inline RegExpRunStatus execute(JSContext *cx, const jschar *chars, size_t length, size_t start, + int *output, size_t outputCount); diff --git a/js/src/yarr/wtfbridge.h b/js/src/yarr/wtfbridge.h -index ac41d08..fb8eb86 100644 --- a/js/src/yarr/wtfbridge.h +++ b/js/src/yarr/wtfbridge.h -@@ -49,9 +49,7 @@ +@@ -44,19 +44,17 @@ + * WTF compatibility layer. This file provides various type and data + * definitions for use by Yarr. + */ + + #include "jsstr.h" #include "jsprvtd.h" #include "vm/String.h" #include "assembler/wtf/Platform.h" @@ -283,3 +394,8 @@ namespace JSC { namespace Yarr { + /* + * Basic type definitions. + */ + + typedef jschar UChar; diff -r 67f876aafae8 -r 7784e72b1a3a series --- a/series Wed Feb 08 08:34:20 2012 +0100 +++ b/series Wed Feb 15 09:55:51 2012 +0100 @@ -17,7 +17,7 @@ mozilla-sle11.patch mozilla-linux3.patch mozilla-disable-neon-option.patch -mozilla-yarr-pcre.patch +#mozilla-yarr-pcre.patch # Firefox patches firefox-browser-css.patch