Implementors of memoryCost() need to be thread-safe.
[WebKit-https.git] / Source / WebCore / ChangeLog
index b5ea6f8..3deb6d4 100644 (file)
+2017-07-13  Mark Lam  <mark.lam@apple.com>
+
+        Implementors of memoryCost() need to be thread-safe.
+        https://bugs.webkit.org/show_bug.cgi?id=172738
+        <rdar://problem/32474881>
+
+        Reviewed by Keith Miller.
+
+        No new tests. This patch fixes a race condition bug that can result in random
+        crashes (and other unpredictable behavior), and is very difficult to test for.
+
+        * Modules/webaudio/AudioBuffer.cpp:
+        (WebCore::AudioBuffer::releaseMemory):
+        (WebCore::AudioBuffer::memoryCost):
+        * Modules/webaudio/AudioBuffer.h:
+        * dom/ChildNodeList.h:
+        * dom/CollectionIndexCache.h:
+        (WebCore::CollectionIndexCache::memoryCost):
+        * dom/LiveNodeList.h:
+        * html/CachedHTMLCollection.h:
+        * html/HTMLCanvasElement.cpp:
+        (WebCore::HTMLCanvasElement::memoryCost):
+        (WebCore::HTMLCanvasElement::externalMemoryCost):
+        (WebCore::HTMLCanvasElement::setImageBuffer):
+        * html/HTMLCanvasElement.h:
+        * html/HTMLCollection.cpp:
+        (WebCore::HTMLCollection::invalidateNamedElementCache):
+        * html/HTMLCollection.h:
+        (WebCore::CollectionNamedElementCache::memoryCost):
+        (WebCore::HTMLCollection::memoryCost):
+        (WebCore::HTMLCollection::setNamedItemCache):
+        * platform/graphics/ImageBuffer.cpp:
+        (WebCore::ImageBuffer::memoryCost):
+        * platform/graphics/cg/ImageBufferCG.cpp:
+        (WebCore::ImageBuffer::memoryCost):
+        (WebCore::ImageBuffer::externalMemoryCost):
+
+2017-07-13  Jeremy Jones  <jeremyj@apple.com>
+
+        Fix style. Use #pragma once in VideoFullscreen and PlaybackSession headers.
+        https://bugs.webkit.org/show_bug.cgi?id=174448
+
+        Reviewed by Eric Carlson.
+
+        No behavior change.
+
+        * platform/cocoa/WebPlaybackSessionInterface.h:
+        * platform/cocoa/WebVideoFullscreenChangeObserver.h:
+        * platform/cocoa/WebVideoFullscreenModel.h:
+        * platform/cocoa/WebVideoFullscreenModelVideoElement.h:
+        * platform/ios/WebPlaybackSessionInterfaceAVKit.h:
+        * platform/ios/WebVideoFullscreenControllerAVKit.h:
+        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
+        * platform/mac/WebVideoFullscreenInterfaceMac.h:
+
+2017-07-13  Alex Christensen  <achristensen@webkit.org>
+
+        Deleting last URLSearchParams key should remove trailing ? in associated URL
+        https://bugs.webkit.org/show_bug.cgi?id=174465
+
+        Reviewed by Chris Dumez.
+
+        This makes us match the behavior of Chrome and Firefox, and the spec after https://github.com/whatwg/url/issues/332 is approved.
+        This will be covered by an upcoming web platform test, and I updated fast/dom/DOMURL/searchparams.html to cover it now.
+
+        * platform/URLParser.cpp:
+        (WebCore::URLParser::serialize):
+        If there are no tuples, serialize to the null string instead of a non-null empty string.
+        This makes it so URL::setQuery removes the ?
+
+2017-07-13  Jeremy Jones  <jeremyj@apple.com>
+
+        Style fix. Replace strongThis with protectedThis.
+        https://bugs.webkit.org/show_bug.cgi?id=174444
+
+        Reviewed by Eric Carlson.
+
+        Rename, no behavior change.
+
+        * Modules/webaudio/AudioScheduledSourceNode.cpp:
+        (WebCore::AudioScheduledSourceNode::finish):
+        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
+        (WebCore::WebCoreDecompressionSession::maybeBecomeReadyForMoreMediaData):
+        (WebCore::WebCoreDecompressionSession::enqueueSample):
+        (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
+        (WebCore::WebCoreDecompressionSession::enqueueDecodedSample):
+        (WebCore::WebCoreDecompressionSession::requestMediaDataWhenReady):
+        (WebCore::WebCoreDecompressionSession::flush):
+
+2017-07-13  Jeremy Jones  <jeremyj@apple.com>
+
+        Fix block style in WebVideoFullscreen classes.
+        https://bugs.webkit.org/show_bug.cgi?id=174446
+
+        Reviewed by Eric Carlson.
+
+        No behavior change.
+
+        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
+        (WebVideoFullscreenControllerContext::setVideoLayerFrame):
+        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
+        (-[WebAVPlayerLayer layoutSublayers]):
+        (getWebAVPictureInPicturePlayerLayerViewClass):
+        (getWebAVPlayerLayerViewClass):
+
+2017-07-13  Joseph Pecoraro  <pecoraro@apple.com>
+
+        Web Inspector: Remove unused and untested Page domain commands
+        https://bugs.webkit.org/show_bug.cgi?id=174429
+
+        Reviewed by Timothy Hatcher.
+
+        * inspector/InspectorPageAgent.cpp:
+        (WebCore::InspectorPageAgent::disable):
+        (WebCore::InspectorPageAgent::didClearWindowObjectInWorld):
+        (WebCore::InspectorPageAgent::addScriptToEvaluateOnLoad): Deleted.
+        (WebCore::InspectorPageAgent::removeScriptToEvaluateOnLoad): Deleted.
+        * inspector/InspectorPageAgent.h:
+
+2017-07-13  Zan Dobersek  <zdobersek@igalia.com>
+
+        [GCrypt] Implement CryptoKeyRSA SPKI exports
+        https://bugs.webkit.org/show_bug.cgi?id=173695
+
+        Reviewed by Jiewen Tan.
+
+        Implement the SPKI export operation for RSA keys for platforms that use
+        libgcrypt.
+
+        In CryptoKeyRSA::exportSpki(), we bail early with an invalid access exception if
+        this export is not being done for a public key. Otherwise, we start with creating
+        the `RSAPublicKey` ASN.1 structure, filling in the modulus and public exponent
+        data that's retrieved from the `public-key` s-expression in the signed MPI format.
+
+        We then create the `SubjectPublicKeyInfo` ASN.1 structure and fill it out with
+        the necessary data. The id-rsaEncryption object identifier is written out under
+        the `algorithm.algorithm` element, and a null value is written out under the
+        `algorithm.parameters` element. This doesn't follow the specification at the
+        moment, since id-RSASSA-PSS would have to be written for the RSA-PSS algorithm,
+        and id-RSAES-OAEP for the RSA-OAEP algorithm, along with specific parameter
+        structures. But no test in WebKit or the web-platform-tests suite covers this,
+        so this deviation should be addressed later.
+
+        Data of the previously-constructed `RSAPublicKey` structure is retrieved and
+        written out under the `subjectPublicKey` element, before finally retrieving
+        data of the `SubjectPublicKeyInfo` structure and returning that to the caller.
+
+        A helper mpiSignedData() function is added, providing overloads for gcry_mpi_t
+        and gcry_sexp_t parameters. MPI data for that parameter is retrieved and the
+        first byte of that data is tested, inserting an additional 0x00 byte at the
+        beginning of the Vector if that first byte has the first bit set, avoiding this
+        data accidentally being interpreted as a signed integer.
+
+        No new tests -- related tests are now passing and are unskipped.
+
+        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
+        (WebCore::CryptoKeyRSA::exportSpki):
+        * crypto/gcrypt/GCryptUtilities.h:
+        (WebCore::mpiSignedData):
+
+2017-07-13  Zan Dobersek  <zdobersek@igalia.com>
+
+        [GCrypt] Implement CryptoKeyRSA SPKI imports
+        https://bugs.webkit.org/show_bug.cgi?id=173694
+
+        Reviewed by Jiewen Tan.
+
+        Implement the SPKI import operation for RSA keys for platforms that use
+        libgcrypt.
+
+        The passed-in key data is decoded against the `SubjectPublicKeyInfo` ASN.1
+        structure. We then validate the `algorithm.algorithm` element, ensuring that
+        the value under that represents a supported object identifier. This check is
+        for now mostly superficial, only ensuring that the object identifier is either
+        id-rsaEncryption, id-RSAES-OAEP or id-RSASSA-PSS. This has to be further extended
+        to also check the id-sha{1,256,384,512}WithRSAEncryption identifiers as well as
+        decoding the `algorithm.parameters` element against a specific ASN.1 structure,
+        if necessary (RSASSA-PSS-params or RSAES-OAEP-params), and cross-checking the
+        specified digest algorithm with the algorithm that's specified through the main
+        object identifier or the structure contained in `algorithm.parameters`. This is
+        avoided for now because no test in WebKit or the web-platform-tests suite covers
+        this detail of the specification.
+
+        After the algorithm is identified as supported, we proceed with decoding the
+        `subjectPublicKey` data against the `RSAPublicKey` ASN.1 structure. From there,
+        we retrieve the `modulus` and `publicExponent` data from which we can construct
+        an RSA `public-key` s-expression that can be used through libgcrypt. A new
+        CryptoKeyRSA object is then created, taking over ownership of the `public-key`
+        s-expression, and returned.
+
+        No new tests -- related tests are now passing and are unskipped.
+
+        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
+        (WebCore::supportedAlgorithmIdentifier):
+        (WebCore::CryptoKeyRSA::importSpki):
+
+2017-07-12  Carlos Alberto Lopez Perez  <clopez@igalia.com>
+
+        REGRESSION(r219332): [GTK] 9 new failures on fast/forms spinbutton related tests
+        https://bugs.webkit.org/show_bug.cgi?id=174395
+
+        Reviewed by Carlos Garcia Campos.
+
+        Covered by existing tests.
+
+        Before r219332 the height of the spin button widget was
+        calculated as the maximum value between the individual button
+        ( the [+] or [-] ) width (33 pixels) and height (16 pixels).
+        And r219332 caused the height of the widget to be calculated as
+        the height of the button (16 pixels), which was incorrect as
+        each button should be first expanded vertically to fit the
+        preferred size of the widget.
+
+        Fix this by making the calculations about the spin button widget
+        on a new function spinButtonSize() that takes this into account,
+        and use this values both for adjusting the style of the input
+        field and the spin button widget itself.
+
+        * rendering/RenderThemeGtk.cpp:
+        (WebCore::spinButtonSize):
+        (WebCore::RenderThemeGtk::adjustTextFieldStyle):
+        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
+
+2017-07-13  Miguel Gomez  <magomez@igalia.com>
+
+        [GTK][WPE] border-radius with non visible border doesn't work on images that have their own RenderLayer
+        https://bugs.webkit.org/show_bug.cgi?id=174157
+
+        Reviewed by Carlos Garcia Campos.
+
+        Do not allow direct compositing of images when they have a border-radius property on WebKitGTK+ and WPE.
+        These platforms don't support clipping using rounded rectangles during composition, which is required
+        when using border-radius and the border is not visible. Due to this, they need to perform the clippping
+        with cairo.
+
+        This is a temporal fix, until appropriate clipping is implemented in the TextureMapper.
+
+        No new tests.
+
+        * rendering/RenderLayerBacking.cpp:
+        (WebCore::RenderLayerBacking::isDirectlyCompositedImage):
+
+2017-07-13  Chris Fleizach  <cfleizach@apple.com>
+
+        AX: WebView crashes app after opening VoiceOver context box menu from modal dialog
+        https://bugs.webkit.org/show_bug.cgi?id=163999
+        <rdar://problem/28949013>
+
+        Reviewed by Joanmarie Diggs.
+
+        Protect when m_object goes away.
+
+        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
+        (-[WebAccessibilityObjectWrapper accessibilityShowContextMenu]):
+
+2017-07-12  Said Abou-Hallawa  <sabouhallawa@apple.com>
+
+        Async image decoding for large images should be disabled by default
+        https://bugs.webkit.org/show_bug.cgi?id=174432
+
+        Reviewed by Simon Fraser.
+
+        -- Rename GraphicsLayerPaintFlags::Snapshotting to AllowAsyncImageDecoding.
+        -- Replace every reference to GraphicsLayerPaintFlags::Snapshotting by
+           GraphicsLayerPaintFlags::None and every GraphicsLayerPaintFlags::None
+           by AllowAsyncImageDecoding.
+        -- Rename PaintBehaviorSnapshotting to PaintBehaviorAllowAsyncImageDecoding.
+        -- Propagate PaintBehaviorAllowAsyncImageDecoding from a parent view to 
+           a child view instead of propagating PaintBehaviorSnapshotting.
+        -- Remove setting the bit PaintBehaviorSnapshotting in any new PaintBehavoir.
+        -- Replace setting the bit PaintBehaviorSnapshotting in an existing PaintBehavoir
+           by resetting the bit PaintBehaviorAllowAsyncImageDecoding.
+
+        * html/shadow/MediaControlElements.cpp:
+        (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
+        * page/FrameView.cpp:
+        (WebCore::FrameView::willPaintContents):
+        (WebCore::FrameView::paintContentsForSnapshot):
+        * platform/graphics/GraphicsLayer.h:
+        * platform/graphics/GraphicsLayerClient.h:
+        * platform/graphics/mac/WebLayer.mm:
+        (-[WebLayer drawInContext:]):
+        (-[WebSimpleLayer drawInContext:]):
+        * rendering/PaintPhase.h:
+        * rendering/RenderBoxModelObject.cpp:
+        (WebCore::RenderBoxModelObject::decodingModeForImageDraw):
+        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
+        * rendering/RenderBoxModelObject.h:
+        * rendering/RenderImage.cpp:
+        (WebCore::RenderImage::paintIntoRect):
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::paintLayerContents):
+        (WebCore::RenderLayer::paintForegroundForFragments):
+        * rendering/RenderLayerBacking.cpp:
+        (WebCore::RenderLayerBacking::paintContents):
+        * rendering/RenderWidget.cpp:
+        (WebCore::RenderWidget::paintContents): We need to propagate the 
+        PaintBehaviorAllowAsyncImageDecoding from RenderWidget to the FrameView.
+        We did not need to do that for PaintBehaviorSnapshotting because 
+        FrameView was setting it in its m_paintBehavior if (document->printing())
+        in FrameView::willPaintContents().
+
+2017-07-12  Timothy Hatcher  <timothy@hatcher.name>
+
+        REGRESSION(r219391): Broke the USE(OPENGL_ES_2) build
+        https://bugs.webkit.org/show_bug.cgi?id=174442
+
+        Unreviewed build fix.
+
+        * platform/graphics/egl/GLContextEGL.cpp: Fix typo of OPENGL_ES2.
+
+2017-07-12  Youenn Fablet  <youenn@apple.com>
+
+        Recreate the AudioUnit when restarting capture
+        https://bugs.webkit.org/show_bug.cgi?id=174439
+
+        Reviewed by Jer Noble.
+
+        Sometimes other applications in the system like FaceTime may make the audio unit not functional.
+        Reloading the tab capturing audio will trigger a call to stop the audio shared unit.
+        When the tab requests again audio, the shared unit will restart.
+        At that time, the AudioUnit shared unit will be fully recreated.
+
+        Manually tested by doing a webrtc call and then doing a FaceTime call.
+        Remote WebRTC endpoints may not receive any audio.
+        With the patch, reloading the web page will get back the audio.
+        Previously, restarting the UIProcess was the only way.
+
+        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
+        (WebCore::CoreAudioSharedUnit::startProducingData): Cleaning the audio unit when starting to produce data if there is a preexisting audio unit.
+
+2017-07-12  Youenn Fablet  <youenn@apple.com>
+
+        Accessing localDescription, remoteDescription, etc. after setTimeout raises EXC_BAD_ACCESS
+        https://bugs.webkit.org/show_bug.cgi?id=174323
+        <rdar://problem/33267876>
+
+        Reviewed by Eric Carlson.
+
+        Test: webrtc/calling-peerconnection-once-closed.html
+
+        In case the libwebrtc backend is null, we should not use it to get description from it.
+        Return null in that case.
+
+        Adding ASSERT to other calls where the layer above LibWebRTCMediaEndpoint should protect
+        from calling a function on a null libwebrtc backend.
+
+        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
+        (WebCore::LibWebRTCMediaEndpoint::currentLocalDescription):
+        (WebCore::LibWebRTCMediaEndpoint::currentRemoteDescription):
+        (WebCore::LibWebRTCMediaEndpoint::pendingLocalDescription):
+        (WebCore::LibWebRTCMediaEndpoint::pendingRemoteDescription):
+        (WebCore::LibWebRTCMediaEndpoint::localDescription):
+        (WebCore::LibWebRTCMediaEndpoint::remoteDescription):
+        (WebCore::LibWebRTCMediaEndpoint::doSetLocalDescription):
+        (WebCore::LibWebRTCMediaEndpoint::doSetRemoteDescription):
+        (WebCore::LibWebRTCMediaEndpoint::addTrack):
+        (WebCore::LibWebRTCMediaEndpoint::removeTrack):
+        (WebCore::LibWebRTCMediaEndpoint::doCreateOffer):
+        (WebCore::LibWebRTCMediaEndpoint::doCreateAnswer):
+        (WebCore::LibWebRTCMediaEndpoint::createDataChannel):
+
+2017-07-12  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r219176.
+        https://bugs.webkit.org/show_bug.cgi?id=174436
+
+        "Can cause infinite recursion on iOS" (Requested by mlam on
+        #webkit).
+
+        Reverted changeset:
+
+        "WTF::Thread should have the threads stack bounds."
+        https://bugs.webkit.org/show_bug.cgi?id=173975
+        http://trac.webkit.org/changeset/219176
+
+2017-07-12  Nan Wang  <n_wang@apple.com>
+
+        AX: [iOS] Implement a way to retrieve a text marker range with desired text that is closest to a position
+        https://bugs.webkit.org/show_bug.cgi?id=174393
+        <rdar://problem/33248006>
+
+        Reviewed by Chris Fleizach.
+
+        Used the existing findClosestPlainText function to search the range on iOS.
+        Also exposed a function on the iOS wrapper to return the selection rects of
+        the result range from the searching. 
+
+        Test: accessibility/ios-simulator/text-marker-range-matches-text.html
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::visiblePositionForPositionWithOffset):
+        (WebCore::AXObjectCache::rangeMatchesTextNearRange):
+        * accessibility/AXObjectCache.h:
+        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
+        (-[WebAccessibilityObjectWrapper rangeFromMarkers:withText:]):
+        (-[WebAccessibilityObjectWrapper textMarkerRangeFromMarkers:withText:]):
+        (-[WebAccessibilityObjectWrapper textRectsFromMarkers:withText:]):
+        (-[WebAccessibilityObjectWrapper rectsForSelectionRects:]):
+
+2017-07-12  Matt Lewis  <jlewis3@apple.com>
+
+        Unreviewed, rolling out r219409.
+
+        The revision caused the Windows builds to fail.
+
+        Reverted changeset:
+
+        "AX: [iOS] Implement a way to retrieve a text marker range
+        with desired text that is closest to a position"
+        https://bugs.webkit.org/show_bug.cgi?id=174393
+        http://trac.webkit.org/changeset/219409
+
+2017-07-12  Alicia Boya GarcĂ­a  <aboya@igalia.com>
+
+        [FreeType] Enable BCI on webfonts
+        https://bugs.webkit.org/show_bug.cgi?id=174403
+
+        Reviewed by Michael Catanzaro.
+
+        The FreeType BCI hinter used to be disabled on webfonts in favor of
+        the autohinter.
+
+        FreeType BCI hinter has improved considerably in the past and now most
+        other browsers enable it too. Given the old reasons no longer apply,
+        the BCI has now been enabled in order to get better text rendering when
+        embedded hints are available.
+
+        * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
+        (WebCore::FontCustomPlatformData::FontCustomPlatformData):
+
+2017-07-12  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r219361.
+        https://bugs.webkit.org/show_bug.cgi?id=174434
+
+        Huge PLUM memory regression on iOS (Requested by kling on
+        #webkit).
+
+        Reverted changeset:
+
+        "[WebIDL] Convert MutationCallback to be a normal generate
+        callback"
+        https://bugs.webkit.org/show_bug.cgi?id=174140
+        http://trac.webkit.org/changeset/219361
+
+2017-07-12  Eric Carlson  <eric.carlson@apple.com>
+
+        [MediaStream] a capture source failure should end the MediaStreamTrack
+        https://bugs.webkit.org/show_bug.cgi?id=174375
+
+        Reviewed by Youenn Fablet.
+
+        Test: fast/mediastream/media-stream-track-source-failure.html
+
+        * platform/mediastream/RealtimeMediaSource.cpp:
+        (WebCore::RealtimeMediaSource::captureFailed): New, signal observers that the source has ended.
+        * platform/mediastream/RealtimeMediaSource.h:
+
+        * platform/mediastream/mac/AVMediaCaptureSource.h:
+        * platform/mediastream/mac/AVMediaCaptureSource.mm:
+        (WebCore::AVMediaCaptureSource::setupSession): Call captureFailed if setupCaptureSession fails.
+
+        * platform/mediastream/mac/AVVideoCaptureSource.h:
+        * platform/mediastream/mac/AVVideoCaptureSource.mm:
+        (WebCore::AVVideoCaptureSource::setupCaptureSession): Return false on failure.
+        (WebCore::AVVideoCaptureSource::shutdownCaptureSession): Delete unused instance variable.
+        (WebCore::AVVideoCaptureSource::processNewFrame): Ditto.
+
+        * testing/Internals.cpp:
+        (WebCore::Internals::endMediaStreamTrackCaptureSource): Call track.source.captureFailed().
+        * testing/Internals.h:
+        * testing/Internals.idl:
+
+2017-07-12  Timothy Hatcher  <timothy@hatcher.name>
+
+        Improve font matching with FontConfig and FreeType
+        https://bugs.webkit.org/show_bug.cgi?id=174374
+
+        Reviewed by Michael Catanzaro.
+
+        * platform/graphics/freetype/FontCacheFreeType.cpp:
+        (WebCore::FontCache::createFontPlatformData): Loop through all family name matches from FcFontMatch.
+
+2017-07-12  Youenn Fablet  <youenn@apple.com>
+
+        Reactivate audio ducking when restarting the shared unit
+        https://bugs.webkit.org/show_bug.cgi?id=174428
+
+        Reviewed by Eric Carlson.
+
+        Currently, when another application ducks WebKit, there is no other way than to quit the UIProcess and restart it.
+        By again audio ducking when starting the audio unit, reloading the page will be enough.
+        Testing by launching a tab with audio capture and audio playing.
+        Then make a FaceTime call and hear the tab volume go down.
+        End the call to FaceTime and the tab volume remains low.
+        Reload the tab and the volume has a normal level.
+
+        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
+        (WebCore::CoreAudioSharedUnit::setupAudioUnit):
+        (WebCore::CoreAudioSharedUnit::startInternal):
+
+2017-07-12  Antoine Quint  <graouts@apple.com>
+
+        Playback controls should not hide while AirPlay is active
+        https://bugs.webkit.org/show_bug.cgi?id=174422
+        <rdar://problem/33011477>
+
+        Reviewed by Eric Carlson.
+
+        We now also track changes in AirPlay playback status and account for it when identifying whether we
+        ought to let media controls automatically hide, which should only happen if the media is playing and
+        not playing back through AirPlay.
+
+        * Modules/modern-media-controls/media/controls-visibility-support.js:
+        (ControlsVisibilitySupport.prototype.get mediaEvents):
+        (ControlsVisibilitySupport.prototype._updateControls):
+        (ControlsVisibilitySupport):
+
+2017-07-12  Daniel Bates  <dabates@apple.com>
+
+        Attempt to fix the build following <https://trac.webkit.org/changeset/219407>
+        (https://bugs.webkit.org/show_bug.cgi?id=174386)
+
+        Fix bad merge after <https://trac.webkit.org/changeset/219404>.
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadURL):
+        (WebCore::FrameLoader::loadWithNavigationAction):
+        (WebCore::FrameLoader::loadPostRequest):
+        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
+        (WebCore::FrameLoader::loadDifferentDocumentItem):
+        * loader/FrameLoader.h:
+
+2017-07-12  Nan Wang  <n_wang@apple.com>
+
+        AX: [iOS] Implement a way to retrieve a text marker range with desired text that is closest to a position
+        https://bugs.webkit.org/show_bug.cgi?id=174393
+        <rdar://problem/33248006>
+
+        Reviewed by Chris Fleizach.
+
+        Used the existing findClosestPlainText function to search the range on iOS.
+        Also exposed a function on the iOS wrapper to return the selection rects of
+        the result range from the searching. 
+
+        Test: accessibility/ios-simulator/text-marker-range-matches-text.html
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::visiblePositionForPositionWithOffset):
+        (WebCore::AXObjectCache::rangeMatchesTextNearRange):
+        * accessibility/AXObjectCache.h:
+        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
+        (-[WebAccessibilityObjectWrapper rangeFromMarkers:withText:]):
+        (-[WebAccessibilityObjectWrapper textMarkerRangeFromMarkers:withText:]):
+        (-[WebAccessibilityObjectWrapper textRectsFromMarkers:withText:]):
+        (-[WebAccessibilityObjectWrapper rectsForSelectionRects:]):
+
+2017-07-12  Daniel Bates  <dabates@apple.com>
+
+        NavigationAction should track whether the navigation was initiated by the main frame
+        https://bugs.webkit.org/show_bug.cgi?id=174386
+        <rdar://problem/33245267>
+
+        Reviewed by Brady Eidson.
+
+        Although we added state to NavigationAction to track whether the navigation was
+        initiated by the main frame in r219170 it is not possible to initialize this state
+        when instantiating a NavigationAction. Having NavigationAction track this state
+        will be useful to ensure that we can always compute the source frame information
+        when asking the embedding client whether to allow a navigation. We will make use
+        of it in the fix for <https://bugs.webkit.org/show_bug.cgi?id=174385>.
+
+        No behavior changed. So, no new tests.
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadURL): Pass whether the load was initiated by the main frame
+        when instantiating the NavigationAction.
+        (WebCore::FrameLoader::load): For now, pass InitiatedByMainFrame::Unknown when instantiating
+        the NavigationAction as we do not know if the load was initiated by the main frame.
+        (WebCore::FrameLoader::loadWithDocumentLoader): Ditto.
+        (WebCore::FrameLoader::reload): Ditto
+        (WebCore::FrameLoader::loadDifferentDocumentItem): Ditto.
+        (WebCore::createWindow): Pass whether the load was initiated by the main frame when
+        instantiating the NavigationAction.
+        * loader/NavigationAction.cpp:
+        (WebCore::NavigationAction::NavigationAction): Modified to take argument of type InitiatedByMainFrame
+        that indicates whether the navigation was initiated by the main frame.
+        * loader/NavigationAction.h:
+        * loader/PolicyChecker.cpp:
+        (WebCore::PolicyChecker::checkNavigationPolicy): For now, pass InitiatedByMainFrame::Unknown
+        when instantiating the NavigationAction as we do not know if the load was initiated by the
+        main frame.
+        * page/ContextMenuController.cpp:
+        (WebCore::openNewWindow): Pass whether the load was initiated by the main frame when
+        instantiating the NavigationAction.
+
+2017-07-12  Daniel Bates  <dabates@apple.com>
+
+        Rename NavigationInitiatedByMainFrame to InitiatedByMainFrame
+        https://bugs.webkit.org/show_bug.cgi?id=174427
+
+        Rubber-stamped by Brady Eidson.
+
+        * inspector/InspectorFrontendClientLocal.cpp:
+        (WebCore::InspectorFrontendClientLocal::openInNewTab):
+        * inspector/InspectorPageAgent.cpp:
+        (WebCore::InspectorPageAgent::navigate):
+        * loader/FrameLoadRequest.cpp:
+        (WebCore::FrameLoadRequest::FrameLoadRequest):
+        * loader/FrameLoadRequest.h:
+        (WebCore::FrameLoadRequest::FrameLoadRequest):
+        (WebCore::FrameLoadRequest::initiatedByMainFrame):
+        (WebCore::FrameLoadRequest::navigationInitiatedByMainFrame): Deleted.
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::urlSelected):
+        (WebCore::FrameLoader::loadURLIntoChildFrame):
+        (WebCore::shouldOpenExternalURLsPolicyToApply):
+        (WebCore::applyShouldOpenExternalURLsPolicyToNewDocumentLoader):
+        (WebCore::FrameLoader::loadURL):
+        (WebCore::FrameLoader::loadWithNavigationAction):
+        (WebCore::FrameLoader::reloadWithOverrideEncoding):
+        (WebCore::FrameLoader::reload):
+        (WebCore::FrameLoader::loadPostRequest):
+        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
+        (WebCore::FrameLoader::loadDifferentDocumentItem):
+        * loader/FrameLoader.h:
+        * loader/FrameLoaderTypes.h:
+        * loader/NavigationAction.h:
+        (WebCore::NavigationAction::initiatedByMainFrame):
+        (WebCore::NavigationAction::navigationInitiatedByMainFrame): Deleted.
+        * loader/NavigationScheduler.cpp:
+        (WebCore::ScheduledNavigation::ScheduledNavigation):
+        (WebCore::ScheduledNavigation::initiatedByMainFrame):
+        (WebCore::NavigationScheduler::scheduleLocationChange):
+        (WebCore::ScheduledNavigation::navigationInitiatedByMainFrame): Deleted.
+        * page/ContextMenuController.cpp:
+        (WebCore::openNewWindow):
+        (WebCore::ContextMenuController::contextMenuItemSelected):
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::createWindow):
+
+2017-07-12  Matt Lewis  <jlewis3@apple.com>
+
+        Unreviewed, rolling out r219401.
+
+        This revision rolled out the previous patch, but after talking
+        with reviewer, a rebaseline is what was needed.Rolling back in
+        before rebaseline.
+
+        Reverted changeset:
+
+        "Unreviewed, rolling out r219379."
+        https://bugs.webkit.org/show_bug.cgi?id=174400
+        http://trac.webkit.org/changeset/219401
+
+2017-07-12  Matt Lewis  <jlewis3@apple.com>
+
+        Unreviewed, rolling out r219379.
+
+        This revision caused a consistent failure in the test
+        fast/dom/Window/property-access-on-cached-window-after-frame-
+        removed.html.
+
+        Reverted changeset:
+
+        "Remove NAVIGATOR_HWCONCURRENCY"
+        https://bugs.webkit.org/show_bug.cgi?id=174400
+        http://trac.webkit.org/changeset/219379
+
+2017-07-12  Zalan Bujtas  <zalan@apple.com>
+
+        Paginated mode: Infinite recursion in RenderTable::layout
+        https://bugs.webkit.org/show_bug.cgi?id=174413
+
+        Reviewed by Simon Fraser.
+
+        This patch is a workaround for avoiding infinite recursion when the table layout does not stabilize.
+        Apparently we leak some context (computed padding in this case) from the current to the subsequent layout.
+        The subsequent layouts always end up producing different line heights for some of the cells in the <thead>.
+        In paginated mode, when the section moves (<thead>, <tbody> etc) we call layout again recursively.
+        This could lead to infinite recursion for unstable table layout.
+
+        Unable to come up with a reduction yet.
+
+        * rendering/RenderTable.cpp:
+        (WebCore::RenderTable::layout):
+        * rendering/RenderTable.h:
+
+2017-07-12  Youenn Fablet  <youenn@apple.com>
+
+        WebRTC: Incorrect sdpMLineIndex for video breaks Firefox interop
+        https://bugs.webkit.org/show_bug.cgi?id=173530
+
+        Reviewed by Alex Christensen.
+
+        Test: webrtc/ice-candidate-sdpMLineIndex.html
+
+        Reading missing parameter from libwebrtc backend and setting it when firing the RTCIceCandidate event.
+
+        * Modules/mediastream/PeerConnectionBackend.cpp:
+        (WebCore::PeerConnectionBackend::disableICECandidateFiltering):
+        (WebCore::PeerConnectionBackend::newICECandidate):
+        * Modules/mediastream/PeerConnectionBackend.h:
+        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
+        (WebCore::LibWebRTCMediaEndpoint::OnIceCandidate):
+
+2017-07-12  Zan Dobersek  <zdobersek@igalia.com>
+
+        [GCrypt] Implement CryptoKeyEC PKCS#8 exports
+        https://bugs.webkit.org/show_bug.cgi?id=173648
+
+        Reviewed by Jiewen Tan.
+
+        Implement the PKCS#8 export operation for EC keys for platforms that use
+        libgcrypt.
+
+        First, the `ECParameters` and the `ECPrivateKey` ASN.1 structures are created
+        and filled out accordingly. For the former, the appropriate object identifier
+        is written under the `namedCurve` element of the structure. For the latter, we
+        write out '1' under `version`, and eliminate the optional `parameters` element.
+        An libgcrypt EC context is then used to retrieve the private and public key
+        MPIs that are then written out under the `privateKey` and `publicKey` elements,
+        respectively.
+
+        After that, we can proceed to create and fill out the `PrivateKeyInfo` structure.
+        0 is written out under the `version` element, and the id-ecPublicKey object
+        identifier is written out under the `privateKeyAlgorithm.algorithm` element. This
+        doesn't strictly follow the specification, since the id-ecDH identifier should be
+        used for ECDH keys, but no test in WebKit or the web-platform-tests suite covers
+        this, so this specific detail should be revisited later.
+
+        Data of the previously-constructed `ECParameters` structure is retrieved and
+        written out under the `privateKeyAlgorithm.parameters` element. Similarly is done
+        for the `ECPrivateKey` structure, writing out its data under the `privateKey`
+        element. Finally, the optional `attributes` element of the `PrivateKeyInfo`
+        structure is eliminated, and the encoded data of this structure is retrieved and
+        returned.
+
+        No new tests -- relevant tests are now passing and are unskipped.
+
+        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
+        (WebCore::CryptoKeyEC::platformExportPkcs8):
+
+2017-07-12  Zan Dobersek  <zdobersek@igalia.com>
+
+        [WPE] Use libepoxy
+        https://bugs.webkit.org/show_bug.cgi?id=172104
+
+        Reviewed by Michael Catanzaro.
+
+        No new tests -- no changes in behavior.
+
+        Implement the proper libepoxy header inclusion for ports that enable it.
+
+        The library acts as a loading facility working on top of the system-provided
+        OpenGL and EGL libraries, with the headers providing a complete collection of
+        specification-defined OpenGL and EGL types, constants and entrypoints.
+
+        Support is added through the USE(LIBEPOXY) build guard. Note that this guard
+        isn't exclusive with USE(OPENGL), USE(OPENGL_ES_2) or USE(EGL), so the
+        USE(LIBEPOXY) condition is tested before those.
+
+        In case of OpenGL headers, the <epoxy/gl.h> header is included, and in
+        case of EGL headers, the <epoxy/egl.h> header. <epoxy/egl.h> includes
+        <epoxy/gl.h> on its own, so in some cases the inclusion of the latter is
+        omitted.
+
+        EpoxyShims.h header is added, doing a job similar to OpenGLESShims.h. The
+        EXT-suffixed GL entrypoints are redefined to the non-suffixed versions.
+        No suffixed constants are defined because those are defined by the libepoxy
+        headers to the well-known values.
+
+        * CMakeLists.txt:
+        * PlatformWPE.cmake:
+        * platform/graphics/ANGLEWebKitBridge.h:
+        * platform/graphics/EpoxyShims.h: Added.
+        * platform/graphics/GLContext.cpp:
+        (WebCore::initializeOpenGLShimsIfNeeded):
+        * platform/graphics/GraphicsContext3DPrivate.cpp:
+        * platform/graphics/PlatformDisplay.cpp:
+        * platform/graphics/cairo/CairoUtilities.cpp:
+        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
+        (WebCore::GraphicsContext3D::create):
+        * platform/graphics/cairo/ImageBufferCairo.cpp:
+        * platform/graphics/egl/GLContextEGL.cpp:
+        * platform/graphics/egl/GLContextEGLWPE.cpp:
+        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
+        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
+        * platform/graphics/opengl/Extensions3DOpenGLES.cpp:
+        * platform/graphics/opengl/Extensions3DOpenGLES.h:
+        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
+        * platform/graphics/opengl/TemporaryOpenGLSetting.cpp:
+        * platform/graphics/texmap/TextureMapperGC3DPlatformLayer.cpp:
+        * platform/graphics/wpe/PlatformDisplayWPE.cpp:
+
+2017-07-12  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        ImageDecoder: Gifs with infinite animation only play once very often
+        https://bugs.webkit.org/show_bug.cgi?id=173403
+
+        Reviewed by Michael Catanzaro.
+
+        It doesn't always happen, it's easier to reproduce when loading big files from the network, but it also depends
+        on every file. The problem is that ImageFrameCache is caching the repetition count value always when the size is
+        already available. In the case of gif files, the loop count value can be at any point of the image stream, so
+        having the size available doesn't mean we also have the loop count. So, if the value is queried before it's
+        available, the default value is cached (repeat once) and then always used. We should clear the cached value when
+        new data is added to the decoder, like we do with other cached values that can change when more data is decoded.
+
+        * platform/graphics/ImageFrameCache.cpp:
+        (WebCore::ImageFrameCache::clearMetadata): Clear m_repetitionCount.
+
+2017-07-12  Adrian Perez de Castro  <aperez@igalia.com>
+
+        [SOUP] Do not use C linkage for functions using C++ features
+        https://bugs.webkit.org/show_bug.cgi?id=174392
+
+        Reviewed by Michael Catanzaro.
+
+        No new tests because there is no behavior change.
+
+        * platform/network/soup/WebKitSoupRequestGeneric.h: Move G_END_DECLS
+        to leave functions which use C++ features outside of the block it
+        delimits.
+
+2017-07-12  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK] Crashes in WebCore::PasteboardHelper::fillSelectionData when source file of drag is unavailable
+        https://bugs.webkit.org/show_bug.cgi?id=174161
+
+        Reviewed by Michael Catanzaro.
+
+        It seems selection data could contain an empty string, in which case gtk_selection_data_get_data() returns a
+        valid pointer, but gtk_selection_data_get_length() returns 0. When this happens we end up trying to split an
+        empty string resulting in an empty vector, but we unconditionally access the first element of the vector.
+
+        * platform/gtk/PasteboardHelper.cpp:
+        (WebCore::selectionDataToUTF8String): Return a null string in case selection data length is 0.
+        (WebCore::PasteboardHelper::fillSelectionData): Return early if selection data length is 0, instead of checking
+        the selection data pointer.
+
+2017-07-11  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK][WPE] Enable FILE_LOCK and implement lockFile and unlockFile
+        https://bugs.webkit.org/show_bug.cgi?id=174357
+
+        Reviewed by Michael Catanzaro.
+
+        Implement lockFile and unlockFile using flock().
+
+        * PlatformWPE.cmake:
+        * platform/glib/FileSystemGlib.cpp:
+        (WebCore::lockFile):
+        (WebCore::unlockFile):
+
+2017-07-11  Yusuke Suzuki  <utatane.tea@gmail.com>
+
+        Use FastAllocator in STL containers
+        https://bugs.webkit.org/show_bug.cgi?id=174366
+
+        Rubber stamped by Sam Weinig.
+
+        This patch uses FastAllocator for STL containers including std::set and std::map.
+        STL can take a template parameter to be used as allocator for containers.
+        We prepare FastAllocator, which uses fastMalloc for allocation.
+        This allows us to use bmalloc (if supported) for STL containers which offers
+        functionalities that is not supported in WTF containers.
+
+        * Modules/indexeddb/IDBKeyData.h:
+        * Modules/indexeddb/server/IndexValueEntry.cpp:
+        (WebCore::IDBServer::IndexValueEntry::IndexValueEntry):
+        (WebCore::IDBServer::IndexValueEntry::Iterator::Iterator):
+        (WebCore::IDBServer::IndexValueEntry::reverseFind):
+        * Modules/indexeddb/server/IndexValueEntry.h:
+        * Modules/indexeddb/server/IndexValueStore.cpp:
+        (WebCore::IDBServer::IndexValueStore::lowestIteratorInRange):
+        (WebCore::IDBServer::IndexValueStore::highestReverseIteratorInRange):
+        (WebCore::IDBServer::IndexValueStore::Iterator::Iterator):
+        * Modules/indexeddb/server/IndexValueStore.h:
+        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
+        (WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreCleared):
+        * Modules/indexeddb/server/MemoryBackingStoreTransaction.h:
+        * Modules/indexeddb/server/MemoryObjectStore.cpp:
+        (WebCore::IDBServer::MemoryObjectStore::replaceKeyValueStore):
+        (WebCore::IDBServer::MemoryObjectStore::addRecord):
+        (WebCore::IDBServer::MemoryObjectStore::updateCursorsForPutRecord):
+        * Modules/indexeddb/server/MemoryObjectStore.h:
+        (WebCore::IDBServer::MemoryObjectStore::orderedKeys):
+        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
+        (WebCore::IDBServer::MemoryObjectStoreCursor::keyAdded):
+        (WebCore::IDBServer::MemoryObjectStoreCursor::setFirstInRemainingRange):
+        (WebCore::IDBServer::MemoryObjectStoreCursor::setForwardIteratorFromRemainingRange):
+        (WebCore::IDBServer::MemoryObjectStoreCursor::setReverseIteratorFromRemainingRange):
+        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementForwardIterator):
+        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator):
+        * Modules/indexeddb/server/MemoryObjectStoreCursor.h:
+        * Modules/mediasource/SampleMap.h:
+        * page/WheelEventTestTrigger.cpp:
+        (WebCore::WheelEventTestTrigger::deferTestsForReason):
+        (WebCore::dumpState):
+        * page/WheelEventTestTrigger.h:
+        * platform/graphics/cv/VideoTextureCopierCV.cpp:
+        (WebCore::enumToStringMap):
+        * rendering/OrderIterator.h:
+
+2017-07-11  Per Arne Vollan  <pvollan@apple.com>
+
+        [Win] Build error when building WebKit.dll from WebKit.proj project file.
+        https://bugs.webkit.org/show_bug.cgi?id=174410
+
+        Reviewed by Brent Fulgham.
+
+        Copy required header files to forwarding headers folder.
+
+        * PlatformWin.cmake:
+
+2017-07-11  Dean Jackson  <dino@apple.com>
+
+        Remove NAVIGATOR_HWCONCURRENCY
+        https://bugs.webkit.org/show_bug.cgi?id=174400
+
+        Reviewed by Sam Weinig.
+
+        * Configurations/FeatureDefines.xcconfig:
+        * WebCore.xcodeproj/project.pbxproj:
+        * page/NavigatorBase.cpp:
+        (WebCore::NavigatorBase::hardwareConcurrency): Deleted.
+        * page/NavigatorBase.h:
+        * page/NavigatorConcurrentHardware.idl: Removed.
+
+2017-07-11  Youenn Fablet  <youenn@apple.com>
+
+        RealtimeOutgoingAudioSource should not push more audio data if the WebRTC thread is not able to process it
+        https://bugs.webkit.org/show_bug.cgi?id=174383
+
+        Reviewed by Eric Carlson.
+
+        This patch adds support to check for pending-processing audio data.
+        If the amount of audio data is bigger than a high water mark of 0.5 seconds,
+        we stop pushing new audio data until buffered audio data is lower than a low water mark of 0.1 seconds.
+        Patch is tested by adding breakpoints to trigger the high water mark, verifying that low water mark is triggered
+        and receiving audio is fine on the other connection endpoint.
+
+        * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
+        (WebCore::RealtimeOutgoingAudioSource::isReachingBufferedAudioDataHighLimit):
+        (WebCore::RealtimeOutgoingAudioSource::isReachingBufferedAudioDataLowLimit):
+        (WebCore::RealtimeOutgoingAudioSource::audioSamplesAvailable):
+        * platform/mediastream/mac/RealtimeOutgoingAudioSource.h:
+
+2017-07-11  Dean Jackson  <dino@apple.com>
+
+        Rolling out r219372.
+
+        * Configurations/FeatureDefines.xcconfig:
+        * WebCore.xcodeproj/project.pbxproj:
+        * page/NavigatorBase.cpp:
+        (WebCore::NavigatorBase::hardwareConcurrency):
+        * page/NavigatorBase.h:
+        * page/NavigatorConcurrentHardware.idl: Added.
+
+2017-07-11  Dean Jackson  <dino@apple.com>
+
+        Remove NAVIGATOR_HWCONCURRENCY
+        https://bugs.webkit.org/show_bug.cgi?id=174400
+
+        Reviewed by Sam Weinig.
+
+        * Configurations/FeatureDefines.xcconfig:
+        * WebCore.xcodeproj/project.pbxproj:
+        * page/NavigatorBase.cpp:
+        (WebCore::NavigatorBase::hardwareConcurrency): Deleted.
+        * page/NavigatorBase.h:
+        * page/NavigatorConcurrentHardware.idl: Removed.
+
+2017-07-11  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebCrypto] CryptoKeyECMac::Custom OpenSSL tag is actually tagged type [1]
+        https://bugs.webkit.org/show_bug.cgi?id=174382
+        <rdar://problem/33244871>
+
+        Reviewed by Brent Fulgham.
+
+        No change of behaviour.
+
+        * crypto/mac/CryptoKeyECMac.cpp:
+        (WebCore::CryptoKeyEC::platformImportPkcs8):
+        (WebCore::CryptoKeyEC::platformExportPkcs8):
+        Replace CustomECParameters with TaggedType1 according to X.690(08/2015) section 8.14:
+        https://www.itu.int/rec/T-REC-X.690-201508-I/en
+        and RFC 5915 Appendix A:
+        http://www.ietf.org/rfc/rfc5915.txt.
+
+2017-07-11  Said Abou-Hallawa  <sabouhallawa@apple.com>
+
+        REGRESSION(r219045): The <body> element does not get repainted when its background image finishes decoding
+        https://bugs.webkit.org/show_bug.cgi?id=174376
+
+        Reviewed by Simon Fraser.
+
+        When adding a CachedImageClient to CachedImage::m_pendingImageDrawingClients
+        and the CachedImageClient is not one of the CachedImage::m_clients, we
+        should cancel the repaint optimization in CachedImage::imageFrameAvailable().
+        This can be done by adding all the CachedImage::m_clients to CachedImage::
+        m_pendingImageDrawingClients.
+
+        Test: fast/images/async-image-body-background-image.html
+
+        * loader/cache/CachedImage.cpp:
+        (WebCore::CachedImage::addPendingImageDrawingClient):
+
+2017-07-11  Chris Dumez  <cdumez@apple.com>
+
+        Unreviewed, fix Windows build after r219355.
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::addCrossOriginWindowPropertyNames):
+        (WebCore::addCrossOriginWindowOwnPropertyNames):
+        (WebCore::JSDOMWindow::getOwnPropertyNames):
+        (WebCore::addCrossOriginPropertyNames): Deleted.
+        (WebCore::addCrossOriginOwnPropertyNames): Deleted.
+        * bindings/js/JSLocationCustom.cpp:
+        (WebCore::addCrossOriginLocationPropertyNames):
+        (WebCore::addCrossOriginLocationOwnPropertyNames):
+        (WebCore::JSLocation::getOwnPropertyNames):
+        (WebCore::addCrossOriginPropertyNames): Deleted.
+        (WebCore::addCrossOriginOwnPropertyNames): Deleted.
+
+2017-07-10  Sam Weinig  <sam@webkit.org>
+
+        [WebIDL] Convert MutationCallback to be a normal generate callback
+        https://bugs.webkit.org/show_bug.cgi?id=174140
+
+        Reviewed by Chris Dumez.
+
+        To make this work more nicely, I:
+        - Added the ability to for non-nullable interfaces in sequences to be passed
+          via a Ref<> rather than a RefPtr<> as a parameter to a callback function.
+          (e.g. callback MyCallback = void (sequence<Foo> foos) will now have the 
+          signature, CallbackResult<void> handleEvent(const Vector<Ref<Foo>>&) rather
+          than CallbackResult<void> handleEvent(const Vector<RefPtr<Foo>>&).
+        - Added a new extended attribute for callback functions called [CallbackNeedsCanInvoke]
+          that adds a virtual function called canInvoke() to the generated callback.
+          All it does is forward to ActiveDOMCallback's canInvokeCallback, but it
+          allows the implementation to get to it. We may one day want to move the 
+          inheritance of ActiveDOMCallback from the generated source to the base class.
+        - Added a new extended attribute for callback functions called [CallbackThisObject=Type]
+          which allows you to specify that the callback needs a this object in addition
+          to its arguments. When specified, the first argument of the C++ implementation
+          function will now correspond to the this object, with the remaining arguments
+          shifted over one.
+
+        * DerivedSources.make:
+        Add MutationCallback.
+
+        * WebCore.xcodeproj/project.pbxproj:
+        Remove non-generated JSMutationCallback.cpp, and add generated JSMutationCallback.cpp.
+
+        * Modules/mediastream/MediaDevicesRequest.cpp:
+        (WebCore::MediaDevicesRequest::filterDeviceList):
+        (WebCore::MediaDevicesRequest::start):
+        * Modules/mediastream/MediaDevicesRequest.h:
+        Switch to using Ref.
+
+        * bindings/IDLTypes.h:
+        Add InnerParameterType and NullableInnerParameterType type hooks
+        and specialize wrappers to use Ref for InnerParameterType, and RefPtr
+        for NullableInnerParameterType.
+
+        * bindings/js/JSCallbackData.cpp:
+        * bindings/js/JSCallbackData.h:
+        Add support for passing a this object.
+
+        * bindings/js/JSMutationCallback.cpp: Removed.
+        * bindings/js/JSMutationCallback.h: Removed.
+        Remove custom callback code.
+
+        * bindings/js/JSMutationObserverCustom.cpp:
+        (WebCore::constructJSMutationObserver): Deleted.
+        Remove no longer needed custom constructor.
+
+        * bindings/scripts/CodeGenerator.pm:
+        (ParseType):
+        Add helper to parse a type and cache the result.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateCallbackHeaderContent):
+        (GenerateCallbackImplementationContent):
+        Add support for [CallbackNeedsCanInvoke] and [CallbackThisObject]. When [CallbackThisObject]
+        is not specified, use jsUndefined() as the this object as specified by WebIDL.
+
+        * bindings/scripts/IDLAttributes.json:
+        Add [CallbackNeedsCanInvoke] and [CallbackThisObject].
+
+        * bindings/scripts/IDLParser.pm:
+        (ParseType):
+        Add entry point to parse a single type.
+
+        * css/FontFaceSet.h:
+        Switch to using Ref.
+
+        * dom/MutationCallback.h:
+        Update signatures.
+
+        * dom/MutationCallback.idl: Added.
+    
+        * dom/MutationObserver.cpp:
+        (WebCore::MutationObserver::canDeliver):
+        (WebCore::MutationObserver::deliver):
+        Switch to new signatures.
+
+        * dom/MutationObserver.idl:
+        Remove CustomConstructor.
+
+        * page/IntersectionObserverCallback.h:
+        Switch to using Ref.
+
+        * bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
+        * bindings/scripts/test/JS/JSTestCallbackFunctionRethrow.cpp:
+        * bindings/scripts/test/JS/JSTestCallbackFunctionWithThisObject.cpp: Added.
+        * bindings/scripts/test/JS/JSTestCallbackFunctionWithThisObject.h: Added.
+        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.cpp:
+        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
+        * bindings/scripts/test/JS/JSTestCallbackInterface.h:
+        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.cpp:
+        Add / update bindings tests.
+
+2017-07-11  Said Abou-Hallawa  <sabouhallawa@apple.com>
+
+        RenderImage should not add itself as a RelevantRepaintedObject if its image frame is being decoded
+        https://bugs.webkit.org/show_bug.cgi?id=174336
+
+        Reviewed by Simon Fraser.
+
+        Since nothing will be drawn till the image frame finishes decoding we should
+        treat returning ImageDrawResult::DidRequestDecoding from BitmapImage::draw
+        the same as we do when the image is still loading.
+
+        * rendering/RenderImage.cpp:
+        (WebCore::RenderImage::paintReplaced):
+        (WebCore::RenderImage::paintIntoRect):
+        * rendering/RenderImage.h:
+
+2017-07-11  Youenn Fablet  <youenn@apple.com>
+
+        [WebRTC] Hanging under LibWebRTCMediaEndpoint::getStats
+        https://bugs.webkit.org/show_bug.cgi?id=174377
+
+        Reviewed by Eric Carlson.
+
+        No change of behavior.
+        Moving calls to libwebrtc getStats in the signalling thread since doing it in the main thread
+        would block the main thread until the signalling thread is ready to handle getStats.
+        Reducing stat logging since this may be too much for some devices.
+
+        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
+        (WebCore::LibWebRTCMediaEndpoint::getStats):
+        (WebCore::LibWebRTCMediaEndpoint::gatherStatsForLogging):
+        (WebCore::LibWebRTCMediaEndpoint::OnStatsDelivered):
+        (WebCore::LibWebRTCMediaEndpoint::startLoggingStats):
+
+2017-07-11  Michael Catanzaro  <mcatanzaro@igalia.com>
+
+        Remove unused OpenGL files
+        https://bugs.webkit.org/show_bug.cgi?id=174371
+
+        Reviewed by Timothy Hatcher.
+
+        * platform/graphics/opengl/GLPlatformContext.cpp: Removed.
+        * platform/graphics/opengl/GLPlatformContext.h: Removed.
+        * platform/graphics/opengl/GLPlatformSurface.h: Removed.
+
+2017-07-11  Chris Dumez  <cdumez@apple.com>
+
+        Window's [[OwnPropertyKeys]] is wrong for cross origin windows
+        https://bugs.webkit.org/show_bug.cgi?id=174364
+        <rdar://problem/33238056>
+
+        Reviewed by Brent Fulgham.
+
+        Window's [[OwnPropertyKeys]] should not list descendant frame names
+        when the window is cross-origin:
+        - https://github.com/whatwg/html/pull/2777
+
+        This aligns our behavior with Firefox and Chrome.
+
+        No new tests, updated existing test.
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::addCrossOriginPropertyNames):
+        (WebCore::addCrossOriginOwnPropertyNames):
+        (WebCore::JSDOMWindow::getOwnPropertyNames):
+
+2017-07-11  Timothy Hatcher  <timothy@hatcher.name>
+
+        Fix broken build when ENABLE_VIDEO is disabled.
+        https://bugs.webkit.org/show_bug.cgi?id=174368
+
+        Reviewed by Alex Christensen.
+
+        * dom/Document.cpp:
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::WebGLRenderingContextBase::texSubImage2D):
+        (WebCore::WebGLRenderingContextBase::texImage2D):
+        * html/canvas/WebGLRenderingContextBase.h:
+        * html/canvas/WebGLRenderingContextBase.idl:
+        * testing/Internals.cpp:
+        (WebCore::Internals::mediaResponseSources):
+        (WebCore::Internals::mediaResponseContentRanges):
+        * testing/Internals.h:
+        * testing/Internals.idl:
+
+2017-07-11  Ali Juma  <ajuma@chromium.org>
+
+        elementFromPoint() should consider x and y to be in client (layout viewport) coordinates
+        https://bugs.webkit.org/show_bug.cgi?id=172019
+
+        Reviewed by Simon Fraser.
+
+        When visual viewports are enabled, this makes TreeScope::nodeFromPoint consider its
+        input to be in client coordinates, and clips this input to the layout viewport. This change
+        affects the behavior of document.elementFromPoint() and document.caretRangeFromPoint.
+
+        No new tests. Modified an existing test, and made a previously-failing test pass on ios.
+
+        * dom/TreeScope.cpp:
+        (WebCore::TreeScope::nodeFromPoint):
+        * page/FrameView.cpp:
+        (WebCore::FrameView::layoutViewportToAbsoluteRect):
+        (WebCore::FrameView::layoutViewportToAbsolutePoint):
+        (WebCore::FrameView::clientToLayoutViewportPoint):
+        * page/FrameView.h:
+        * rendering/RenderLayer.cpp:
+        (WebCore::RenderLayer::hitTest):
+
+2017-07-11  Timothy Hatcher  <timothy@hatcher.name>
+
+        Broken build when !USE(REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR)
+        https://bugs.webkit.org/show_bug.cgi?id=174369
+
+        Reviewed by Alex Christensen.
+
+        * dom/ScriptedAnimationController.h: Include PlatformScreen.h.
+
+2017-07-11  Wenson Hsieh  <wenson_hsieh@apple.com>
+
+        Address post-review feedback after http://trac.webkit.org/r219310
+        https://bugs.webkit.org/show_bug.cgi?id=174300
+        <rdar://problem/33030639>
+
+        Reviewed by Simon Fraser.
+
+        Removes pan-gesture-related plumbing introduced in r219310 that is no longer necessary.
+
+        * page/scrolling/ScrollingTree.h:
+        (WebCore::ScrollingTree::scrollingTreeNodeWillStartPanGesture):
+        (WebCore::ScrollingTree::scrollingTreeNodeDidEndPanGesture): Deleted.
+
+2017-07-11  Alex Christensen  <achristensen@webkit.org>
+
+        Reduce URL size
+        https://bugs.webkit.org/show_bug.cgi?id=174319
+
+        Reviewed by Andreas Kling.
+
+        m_fragmentEnd is redundant information. If a URL is valid, then it is always m_string.length().
+        If a URL is not valid, then it is always 0. Rather than storing additional information,
+        deduce the fragment end from the validity of the URL and the String's length.
+
+        No change in behavior.  This reduces sizeof(URL) from 56 to 48 and reduces operations when parsing.
+
+        * platform/URL.cpp:
+        (WebCore::URL::invalidate):
+        (WebCore::URL::fragmentIdentifier):
+        (WebCore::URL::hasFragmentIdentifier):
+        (WebCore::URL::removeFragmentIdentifier):
+        * platform/URL.h:
+        (WebCore::URL::encode):
+        (WebCore::URL::decode):
+        (WebCore::URL::hasFragment):
+        * platform/URLParser.cpp:
+        (WebCore::URLParser::urlLengthUntilPart):
+        (WebCore::URLParser::copyURLPartsUntil):
+        (WebCore::URLParser::parse):
+        (WebCore::URLParser::allValuesEqual):
+        (WebCore::URLParser::internalValuesConsistent):
+
+2017-07-11  Alex Christensen  <achristensen@webkit.org>
+
+        SharedBuffer::size should return a size_t
+        https://bugs.webkit.org/show_bug.cgi?id=174328
+
+        Reviewed by Andreas Kling.
+
+        No change in behaviour.
+
+        * html/FTPDirectoryDocument.cpp:
+        (WebCore::createTemplateDocumentData):
+        * loader/ContentFilter.cpp:
+        (WebCore::ContentFilter::handleProvisionalLoadFailure):
+        * loader/ResourceLoader.cpp:
+        (WebCore::ResourceLoader::loadDataURL):
+        * loader/ResourceLoader.h:
+        * loader/appcache/ApplicationCacheStorage.cpp:
+        (WebCore::ApplicationCacheStorage::store):
+        * loader/cache/CachedScript.cpp:
+        (WebCore::CachedScript::script):
+        * platform/SharedBuffer.cpp:
+        (WebCore::SharedBuffer::tryCreateArrayBuffer):
+        * platform/SharedBuffer.h:
+
+2017-07-11  Per Arne Vollan  <pvollan@apple.com>
+
+        [Win] Build error when building WebCore from WebCore.proj project file.
+        https://bugs.webkit.org/show_bug.cgi?id=174330
+
+        Reviewed by Brent Fulgham.
+
+        The CMake variable PAL_DIR should be set in the project file.
+
+        * WebCore.vcxproj/WebCore.proj:
+
+2017-05-24  Sergio Villar Senin  <svillar@igalia.com>
+
+        [SVG] Leak in SVGAnimatedListPropertyTearOff
+        https://bugs.webkit.org/show_bug.cgi?id=172545
+
+        Reviewed by Said Abou-Hallawa.
+
+        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
+        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
+        reference to SVGAnimatedProperty.
+
+        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
+        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
+        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
+        is going to be added to. This effectively creates a reference cycle between the
+        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.
+
+        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.
+
+        * svg/properties/SVGAnimatedListPropertyTearOff.h:
+
+2017-07-11  Carlos Alberto Lopez Perez  <clopez@igalia.com>
+
+        [GTK] Spin buttons on input type number appear over the value itself for small widths
+        https://bugs.webkit.org/show_bug.cgi?id=173572
+
+        Reviewed by Carlos Garcia Campos.
+
+        When drawing the spin buttons, override the width of the input
+        element to increment it with the width of the spin button.
+        This ensures that we don't end up covering the input values with
+        the spin buttons.
+
+        Do this also for user controlled styles, because most web authors
+        won't test how their site renders on WebKitGTK+, and they will
+        assume spin buttons in the order of 13 pixels wide (that is what
+        most browsers use), but the GTK+ spin button is much wider (66 pixels).
+
+        Test: platform/gtk/fast/forms/number/number-size-spinbutton-nocover.html
+
+        * rendering/RenderTheme.cpp:
+        (WebCore::RenderTheme::adjustStyle):
+        * rendering/RenderThemeGtk.cpp:
+        (WebCore::RenderThemeGtk::adjustTextFieldStyle): Call the theme's adjustTextFieldStyle() also for user controlled styles.
+        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
+
+2017-07-11  Youenn Fablet  <youenn@apple.com>
+
+        We should do ICE candidate filtering at the Document level
+        https://bugs.webkit.org/show_bug.cgi?id=173861
+        <rdar://problem/33122058>
+
+        Reviewed by Eric Carlson.
+
+        Tests: http/tests/webrtc/filtering-ice-candidate-cross-origin-frame.html
+               http/tests/webrtc/filtering-ice-candidate-same-origin-frame.html
+               http/tests/webrtc/filtering-ice-candidate-same-origin-frame2.html
+               webrtc/filtering-ice-candidate-after-reload.html
+
+        Making UserMediaRequest disable the ICE candidate filtering for the page RTCController.
+        All RTCPeerConnection of the page that are created on a document that are same-origin as the top document
+        are now registered to the RTCController.
+        This allows disabling filtering to only these RTCPeerConnection.
+
+        The page keeps the default ICE candidate filtering policy.
+        This policy allows disabling ICE candidate filtering for all RTCPeerConnection.
+
+        When the top document is changing, the RTCController filtering policy is reset
+        and its list of RTCPeerConnection is emptied.
+
+        Internals no longer disables ICE candidate filtering by default.
+        This allows finer grained testing.
+        ICE candidate filtering is disabled for tests including testharnessreport.js
+        to enable web-platform-tests to run without modifications.
+
+        * Modules/mediastream/RTCController.cpp:
+        (WebCore::RTCController::reset):
+        * Modules/mediastream/RTCController.h:
+        * Modules/mediastream/UserMediaRequest.cpp:
+        (WebCore::UserMediaRequest::allow):
+        * page/Frame.cpp:
+        (WebCore::Frame::setDocument):
+        * page/Page.cpp:
+        (WebCore::Page::disableICECandidateFiltering):
+        * page/Page.h:
+        (WebCore::Page::shouldEnableICECandidateFilteringByDefault):
+        (WebCore::Page::disableICECandidateFiltering): Deleted.
+        (WebCore::Page::enableICECandidateFiltering): Deleted.
+        (WebCore::Page::isICECandidateFilteringEnabled): Deleted.
+        * testing/Internals.cpp:
+        (WebCore::Internals::Internals):
+        (WebCore::Internals::setICECandidateFiltering):
+        (WebCore::Internals::setEnumeratingAllNetworkInterfacesEnabled):
+        (WebCore::Internals::isICECandidateFilteringEnabled): Deleted.
+        * testing/Internals.h:
+        * testing/Internals.idl:
+
+2017-07-11  Sergio Villar Senin  <svillar@igalia.com>
+
+        Unreviewed, rolling out r219325.
+
+        The test is still flaky
+
+        Reverted changeset:
+
+        "[SVG] Leak in SVGAnimatedListPropertyTearOff"
+        https://bugs.webkit.org/show_bug.cgi?id=172545
+        http://trac.webkit.org/changeset/219325
+
+2017-05-24  Sergio Villar Senin  <svillar@igalia.com>
+
+        [SVG] Leak in SVGAnimatedListPropertyTearOff
+        https://bugs.webkit.org/show_bug.cgi?id=172545
+
+        Reviewed by Said Abou-Hallawa.
+
+        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
+        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
+        reference to SVGAnimatedProperty.
+
+        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
+        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
+        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
+        is going to be added to. This effectively creates a reference cycle between the
+        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.
+
+        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.
+
+        * svg/properties/SVGAnimatedListPropertyTearOff.h:
+
+2017-07-10  Simon Fraser  <simon.fraser@apple.com>
+
+        [WK2 iOS] REGRESSION (r216803) During momentum scroll, getBoundingClientRect returns wrong coordinates (missing images on pinterest, elle.com and many other sites)
+        https://bugs.webkit.org/show_bug.cgi?id=174286
+        rdar://problem/32864180
+
+        Reviewed by Dean Jackson.
+
+        r216803 made getBoundingClientRects relative to the layout viewport, but when scrolling we
+        only update that on stable viewport updates (at the end of the scroll). This meant that during
+        unstable updates, getBoundingClientRects() used a "frozen" viewport origin so things on-screen
+        would appear to be off-screen, causing sites to fail to dynamically load images etc. when
+        scrolling.
+
+        Fix by pushing an optional "unstable" layout viewport rect onto FrameView, which gets used by
+        FrameView::documentToClientOffset(). This is cleared when we do a stable update.
+
+        This is a short-term solution. Longer term, I would prefer to always call setLayoutViewportOverrideRect(),
+        but fix the scrolling tree logic to work correctly in this case.
+
+        Add a bit more scrolling logging.
+
+        Test: fast/visual-viewport/ios/get-bounding-client-rect-unstable.html
+
+        * page/FrameView.cpp:
+        (WebCore::FrameView::setUnstableLayoutViewportRect):
+        (WebCore::FrameView::documentToClientOffset):
+        * page/FrameView.h:
+        * page/scrolling/AsyncScrollingCoordinator.cpp:
+        (WebCore::AsyncScrollingCoordinator::reconcileScrollingState):
+        * page/scrolling/ScrollingStateFixedNode.cpp:
+        (WebCore::ScrollingStateFixedNode::updateConstraints):
+        (WebCore::ScrollingStateFixedNode::reconcileLayerPositionForViewportRect):
+
+2017-07-10  John Wilander  <wilander@apple.com>
+
+        Resource Load Statistics: Prune statistics in orders of importance
+        https://bugs.webkit.org/show_bug.cgi?id=174215
+        <rdar://problem/33164403>
+
+        Reviewed by Chris Dumez.
+
+        Test: http/tests/loading/resourceLoadStatistics/prune-statistics.html
+
+        * loader/ResourceLoadObserver.cpp:
+        (WebCore::reduceTimeResolution):
+        (WebCore::ResourceLoadObserver::logFrameNavigation):
+        (WebCore::ResourceLoadObserver::logSubresourceLoading):
+        (WebCore::ResourceLoadObserver::logWebSocketLoading):
+        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
+            Now all set the new statistics field lastSeen.
+        * loader/ResourceLoadStatistics.cpp:
+        (WebCore::ResourceLoadStatistics::encode):
+        (WebCore::ResourceLoadStatistics::decode):
+        (WebCore::ResourceLoadStatistics::toString):
+        (WebCore::ResourceLoadStatistics::merge):
+            Handling of the new statistics field lastSeen.
+        * loader/ResourceLoadStatistics.h:
+
+2017-07-10  Devin Rousso  <drousso@apple.com>
+
+        Web Inspector: Highlight matching CSS canvas clients when hovering contexts in the Resources tab
+        https://bugs.webkit.org/show_bug.cgi?id=174279
+
+        Reviewed by Matt Baker.
+
+        Test: inspector/dom/highlightNodeList.html
+
+        * inspector/InspectorDOMAgent.h:
+        * inspector/InspectorDOMAgent.cpp:
+        (WebCore::InspectorDOMAgent::highlightNodeList):
+
+2017-07-10  Javier Fernandez  <jfernandez@igalia.com>
+
+        [css-align][css-flex][css-grid] 'auto' values of align-self and justify-self must not be resolved
+        https://bugs.webkit.org/show_bug.cgi?id=172707
+
+        Reviewed by Antti Koivisto.
+
+        The CSS Box Alignment specification has been changed recently so that
+        now all the propeties have the specificed value as computed value. The
+        rationale of this change are at the associated W3C github issue [1].
+
+        This change implies that we don't need to execute the StyleAdjuter
+        logic we implemented specifically for supporting 'auto' values
+        resolution for computed style. We can live now with resolution at
+        layout time only.
+
+        [1] https://github.com/w3c/csswg-drafts/issues/440
+
+        No new tests, just updating the already defined tests.
+
+        * css/CSSComputedStyleDeclaration.cpp:
+        (WebCore::ComputedStyleExtractor::propertyValue):
+        * css/StyleResolver.cpp:
+        (WebCore::StyleResolver::adjustRenderStyle): Removed
+        * css/StyleResolver.h:
+        * html/shadow/TextControlInnerElements.cpp:
+        (WebCore::TextControlInnerElement::resolveCustomStyle):
+        * rendering/RenderBox.cpp:
+        (WebCore::RenderBox::columnFlexItemHasStretchAlignment):
+        (WebCore::RenderBox::hasStretchedLogicalWidth):
+        * rendering/RenderFlexibleBox.cpp:
+        (WebCore::RenderFlexibleBox::styleDidChange): Added
+        (WebCore::RenderFlexibleBox::alignmentForChild):
+        * rendering/RenderFlexibleBox.h:
+
+2017-07-10  Wenson Hsieh  <wenson_hsieh@apple.com>
+
+        [WK2] Ignore touch events that interrupt platform-driven momentum scrolling
+        https://bugs.webkit.org/show_bug.cgi?id=174300
+        <rdar://problem/33030639>
+
+        Reviewed by Simon Fraser.
+
+        See Source/WebKit2/ChangeLog for more detail.
+
+        Tests: fast/events/ios/no-touch-events-when-stopping-momentum-scroll-in-mainframe.html
+               fast/events/ios/no-touch-events-when-stopping-momentum-scroll-in-overflow.html
+               fast/events/ios/touch-events-during-scroll-deceleration-in-overflow.html
+
+        * page/scrolling/ScrollingTree.h:
+        (WebCore::ScrollingTree::scrollingTreeNodeDidEndPanGesture):
+
+2017-07-10  Jeremy Jones  <jeremyj@apple.com>
+
+        Captions and subtitles not showing up in picture-in-picture for MSE content
+        https://bugs.webkit.org/show_bug.cgi?id=174317
+        rdar://problem/33188591
+
+        Reviewed by Eric Carlson.
+
+        Reverts a regression created by r218403.
+
+        * html/shadow/MediaControlElements.cpp:
+        (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation):
+
 2017-07-10  Per Arne Vollan  <pvollan@apple.com>
 
         [Win] Link error when building WTF from WTF.proj project file.