diff -Nru webkit2gtk-2.14.3/debian/changelog webkit2gtk-2.14.5/debian/changelog --- webkit2gtk-2.14.3/debian/changelog 2017-02-08 23:42:14.000000000 +0000 +++ webkit2gtk-2.14.5/debian/changelog 2017-02-17 01:32:07.000000000 +0000 @@ -1,8 +1,14 @@ -webkit2gtk (2.14.3-0ubuntu0.16.04.1+ppa1) xenial; urgency=medium +webkit2gtk (2.14.5-0ubuntu0.16.04.2+gtk320~ppa1) xenial; urgency=medium * No-change rebuild against GTK 3.20 - -- Jeremy Bicha Wed, 08 Feb 2017 18:42:14 -0500 + -- Jeremy Bicha Thu, 16 Feb 2017 20:32:07 -0500 + +webkit2gtk (2.14.5-0ubuntu0.16.04.1) xenial-security; urgency=medium + + * Updated to 2.14.5 to fix multiple security issues. + + -- Marc Deslauriers Wed, 15 Feb 2017 07:08:10 -0500 webkit2gtk (2.14.3-0ubuntu0.16.04.1) xenial-security; urgency=medium diff -Nru webkit2gtk-2.14.3/Documentation/webkit2gtk-4.0/html/index.html webkit2gtk-2.14.5/Documentation/webkit2gtk-4.0/html/index.html --- webkit2gtk-2.14.3/Documentation/webkit2gtk-4.0/html/index.html 2017-01-17 14:39:39.000000000 +0000 +++ webkit2gtk-2.14.5/Documentation/webkit2gtk-4.0/html/index.html 2017-02-15 07:42:43.000000000 +0000 @@ -14,7 +14,7 @@
-

for WebKit2GTK+ 2.14.3

+

for WebKit2GTK+ 2.14.5

diff -Nru webkit2gtk-2.14.3/Documentation/webkit2gtk-4.0/html/webkit2gtk-4.0-WebKitVersion.html webkit2gtk-2.14.5/Documentation/webkit2gtk-4.0/html/webkit2gtk-4.0-WebKitVersion.html --- webkit2gtk-2.14.3/Documentation/webkit2gtk-4.0/html/webkit2gtk-4.0-WebKitVersion.html 2017-01-17 14:39:29.000000000 +0000 +++ webkit2gtk-2.14.5/Documentation/webkit2gtk-4.0/html/webkit2gtk-4.0-WebKitVersion.html 2017-02-15 07:42:34.000000000 +0000 @@ -177,7 +177,7 @@

WEBKIT_MICRO_VERSION

-
#define WEBKIT_MICRO_VERSION (3)
+
#define WEBKIT_MICRO_VERSION (5)
 

 
Like webkit_get_micro_version(), but from the headers used at
 application compile time, rather than from the library linked
diff -Nru webkit2gtk-2.14.3/Documentation/webkitdomgtk-4.0/html/index.html webkit2gtk-2.14.5/Documentation/webkitdomgtk-4.0/html/index.html
--- webkit2gtk-2.14.3/Documentation/webkitdomgtk-4.0/html/index.html	2017-01-17 14:39:10.000000000 +0000
+++ webkit2gtk-2.14.5/Documentation/webkitdomgtk-4.0/html/index.html	2017-02-15 07:42:15.000000000 +0000
@@ -14,7 +14,7 @@
 

 

 

-
for WebKitDOMGTK+ 2.14.3

+
for WebKitDOMGTK+ 2.14.5

 

 

 

diff -Nru webkit2gtk-2.14.3/NEWS webkit2gtk-2.14.5/NEWS
--- webkit2gtk-2.14.3/NEWS	2017-01-17 14:08:07.000000000 +0000
+++ webkit2gtk-2.14.5/NEWS	2017-02-15 07:41:06.000000000 +0000
@@ -1,4 +1,35 @@
 ==================
+WebKitGTK+  2.14.5
+==================
+
+What's new in WebKitGTK+ 2.14.5?
+
+  - Fix rendering of non-accelerated contents with HiDPI.
+  - Revert the fix for rendering issues in long documents with transparent background because it caused
+    issues in HiDPI.
+
+==================
+WebKitGTK+  2.14.4
+==================
+
+What's new in WebKitGTK+ 2.14.4?
+
+  - Make accelerating compositing mode on-demand again. By default it will only be used for websites
+    that require it, saving a lot of memory on websites that don't need it.
+  - Fix rendering issues in long documents with transparent background.
+  - Release unused UpdateAtlas and reduce the tile coverage on memory pressure.
+  - The media backend now stores preloaded media in /var/tmp instead of user cache dir.
+  - Make inspector work again when accelerated compositing support is disabled.
+  - Fix a deadlock when the media player is destroyed.
+  - Fix network process crashes when loading custom URI schemes.
+  - Fix overlay scrollbars that are over a subframe.
+  - Fix a crash in GraphicsContext3D::drawArrays when using OpenGL 3.2 core profile.
+  - Fix BadDamage X errors happening when resizing the WebView.
+  - Fix several crashes and rendering issues.
+  - Security fixes: CVE-2017-2365, CVE-2017-2366, CVE-2017-2373, CVE-2017-2363, CVE-2017-2362, CVE-2017-2350,
+    CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2371, CVE-2017-2364, CVE-2017-2369.
+
+==================
 WebKitGTK+  2.14.3
 ==================
 
diff -Nru webkit2gtk-2.14.3/Source/cmake/OptionsGTK.cmake webkit2gtk-2.14.5/Source/cmake/OptionsGTK.cmake
--- webkit2gtk-2.14.3/Source/cmake/OptionsGTK.cmake	2017-01-17 14:08:43.000000000 +0000
+++ webkit2gtk-2.14.5/Source/cmake/OptionsGTK.cmake	2017-02-15 07:40:00.000000000 +0000
@@ -2,7 +2,7 @@
 
 set(PROJECT_VERSION_MAJOR 2)
 set(PROJECT_VERSION_MINOR 14)
-set(PROJECT_VERSION_MICRO 3)
+set(PROJECT_VERSION_MICRO 5)
 set(PROJECT_VERSION ${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_MICRO})
 set(WEBKITGTK_API_VERSION 4.0)
 
@@ -15,8 +15,8 @@
 
 # Libtool library version, not to be confused with API version.
 # See http://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html
-CALCULATE_LIBRARY_VERSIONS_FROM_LIBTOOL_TRIPLE(WEBKIT2 51 10 14)
-CALCULATE_LIBRARY_VERSIONS_FROM_LIBTOOL_TRIPLE(JAVASCRIPTCORE 22 10 4)
+CALCULATE_LIBRARY_VERSIONS_FROM_LIBTOOL_TRIPLE(WEBKIT2 51 12 14)
+CALCULATE_LIBRARY_VERSIONS_FROM_LIBTOOL_TRIPLE(JAVASCRIPTCORE 22 12 4)
 
 # These are shared variables, but we special case their definition so that we can use the
 # CMAKE_INSTALL_* variables that are populated by the GNUInstallDirs macro.
diff -Nru webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/Executable.cpp webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/Executable.cpp
--- webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/Executable.cpp	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/Executable.cpp	2017-02-09 07:22:48.000000000 +0000
@@ -587,6 +587,15 @@
     RELEASE_ASSERT(globalObject);
     ASSERT(&globalObject->vm() == &vm);
 
+    JSValue nextPrototype = globalObject->getPrototypeDirect();
+    while (nextPrototype && nextPrototype.isObject()) {
+        if (UNLIKELY(asObject(nextPrototype)->type() == ProxyObjectType)) {
+            ExecState* exec = globalObject->globalExec();
+            return createTypeError(exec, ASCIILiteral("Proxy is not allowed in the global prototype chain."));
+        }
+        nextPrototype = asObject(nextPrototype)->getPrototypeDirect();
+    }
+
     JSObject* exception = 0;
     UnlinkedProgramCodeBlock* unlinkedCodeBlock = globalObject->createProgramCodeBlock(callFrame, this, &exception);
     if (exception)
@@ -678,7 +687,7 @@
             RELEASE_ASSERT(offsetForAssert == offset);
         }
     }
-    return 0;
+    return nullptr;
 }
 
 void ProgramExecutable::visitChildren(JSCell* cell, SlotVisitor& visitor)
diff -Nru webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/JSObject.cpp webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/JSObject.cpp
--- webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/JSObject.cpp	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/JSObject.cpp	2017-02-09 07:42:29.000000000 +0000
@@ -1291,6 +1291,9 @@
     if (this->getPrototypeDirect() == prototype)
         return true;
 
+    if (this->structure(vm)->isImmutablePrototypeExoticObject())
+        return throwTypeError(exec, scope, ASCIILiteral("Cannot set prototype of immutable prototype object"));
+
     bool isExtensible = this->isExtensible(exec);
     if (vm.exception())
         return false;
diff -Nru webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/JSTypeInfo.h webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/JSTypeInfo.h
--- webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/JSTypeInfo.h	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/JSTypeInfo.h	2017-02-09 07:35:47.000000000 +0000
@@ -52,6 +52,7 @@
 static const unsigned NewImpurePropertyFiresWatchpoints = 1 << 12;
 static const unsigned IsEnvironmentRecord = 1 << 13;
 static const unsigned GetOwnPropertySlotIsImpureForPropertyAbsence = 1 << 14;
+static const unsigned IsImmutablePrototypeExoticObject = 1 << 15;
 
 class TypeInfo {
 public:
@@ -93,6 +94,7 @@
     bool getOwnPropertySlotIsImpureForPropertyAbsence() const { return isSetOnFlags2(GetOwnPropertySlotIsImpureForPropertyAbsence); }
     bool newImpurePropertyFiresWatchpoints() const { return isSetOnFlags2(NewImpurePropertyFiresWatchpoints); }
     bool isEnvironmentRecord() const { return isSetOnFlags2(IsEnvironmentRecord); }
+    bool isImmutablePrototypeExoticObject() const { return isSetOnFlags2(IsImmutablePrototypeExoticObject); }
 
     static ptrdiff_t flagsOffset()
     {
diff -Nru webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/ObjectConstructor.cpp webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
--- webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/ObjectConstructor.cpp	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/ObjectConstructor.cpp	2017-02-09 07:29:27.000000000 +0000
@@ -224,11 +224,11 @@
 
     JSValue objectValue = exec->argument(0);
     if (objectValue.isUndefinedOrNull())
-        return throwVMTypeError(exec, scope);
+        return throwVMTypeError(exec, scope, ASCIILiteral("Cannot set prototype of undefined or null"));
 
     JSValue protoValue = exec->argument(1);
     if (!protoValue.isObject() && !protoValue.isNull())
-        return throwVMTypeError(exec, scope);
+        return throwVMTypeError(exec, scope, ASCIILiteral("Prototype value can only be an object or null"));
 
     JSObject* object = objectValue.toObject(exec);
     if (exec->hadException())
diff -Nru webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/ObjectPrototype.h webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/ObjectPrototype.h
--- webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/ObjectPrototype.h	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/ObjectPrototype.h	2017-02-09 07:29:27.000000000 +0000
@@ -28,6 +28,7 @@
 class ObjectPrototype : public JSNonFinalObject {
 public:
     typedef JSNonFinalObject Base;
+    static const unsigned StructureFlags = Base::StructureFlags | IsImmutablePrototypeExoticObject;
 
     static ObjectPrototype* create(VM&, JSGlobalObject*, Structure*);
 
diff -Nru webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/Structure.h webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/Structure.h
--- webkit2gtk-2.14.3/Source/JavaScriptCore/runtime/Structure.h	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/JavaScriptCore/runtime/Structure.h	2017-02-09 07:29:27.000000000 +0000
@@ -219,6 +219,11 @@
             && typeInfo().newImpurePropertyFiresWatchpoints();
     }
 
+    bool isImmutablePrototypeExoticObject()
+    {
+        return typeInfo().isImmutablePrototypeExoticObject();
+    }
+
     // We use SlowPath in GetByIdStatus for structures that may get new impure properties later to prevent
     // DFG from inlining property accesses since structures don't transition when a new impure property appears.
     bool takesSlowPathInDFGForImpureProperty()
diff -Nru webkit2gtk-2.14.3/Source/WebCore/accessibility/AXObjectCache.cpp webkit2gtk-2.14.5/Source/WebCore/accessibility/AXObjectCache.cpp
--- webkit2gtk-2.14.3/Source/WebCore/accessibility/AXObjectCache.cpp	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/accessibility/AXObjectCache.cpp	2017-02-09 08:13:36.000000000 +0000
@@ -708,6 +708,8 @@
     AXID axID = m_renderObjectMapping.get(renderer);
     remove(axID);
     m_renderObjectMapping.remove(renderer);
+    if (is(*renderer))
+        m_deferredIsIgnoredChangeList.remove(downcast(renderer));
 }
 
 void AXObjectCache::remove(Node* node)
@@ -2614,6 +2616,18 @@
     return axObject && axObject->isTextControl();
 }
     
+void AXObjectCache::performDeferredIsIgnoredChange()
+{
+    for (auto* renderer : m_deferredIsIgnoredChangeList)
+        recomputeIsIgnored(renderer);
+    m_deferredIsIgnoredChangeList.clear();
+}
+
+void AXObjectCache::recomputeDeferredIsIgnored(RenderBlock& renderer)
+{
+    m_deferredIsIgnoredChangeList.add(&renderer);
+}
+
 bool isNodeAriaVisible(Node* node)
 {
     if (!node)
diff -Nru webkit2gtk-2.14.3/Source/WebCore/accessibility/AXObjectCache.h webkit2gtk-2.14.5/Source/WebCore/accessibility/AXObjectCache.h
--- webkit2gtk-2.14.3/Source/WebCore/accessibility/AXObjectCache.h	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/accessibility/AXObjectCache.h	2017-02-09 08:13:36.000000000 +0000
@@ -44,6 +44,7 @@
 class HTMLAreaElement;
 class Node;
 class Page;
+class RenderBlock;
 class RenderObject;
 class ScrollView;
 class VisiblePosition;
@@ -324,6 +325,8 @@
 #if PLATFORM(MAC)
     static void setShouldRepostNotificationsForTests(bool value);
 #endif
+    void recomputeDeferredIsIgnored(RenderBlock& renderer);
+    void performDeferredIsIgnoredChange();
 
 protected:
     void postPlatformNotification(AccessibilityObject*, AXNotification);
@@ -422,6 +425,7 @@
 
     AXTextStateChangeIntent m_textSelectionIntent;
     bool m_isSynchronizingSelection { false };
+    ListHashSet m_deferredIsIgnoredChangeList;
 };
 
 class AXAttributeCacheEnabler
diff -Nru webkit2gtk-2.14.3/Source/WebCore/bindings/js/JSDOMWindowProperties.h webkit2gtk-2.14.5/Source/WebCore/bindings/js/JSDOMWindowProperties.h
--- webkit2gtk-2.14.3/Source/WebCore/bindings/js/JSDOMWindowProperties.h	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/bindings/js/JSDOMWindowProperties.h	2017-02-09 07:29:26.000000000 +0000
@@ -50,7 +50,7 @@
     static bool getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&);
     static bool getOwnPropertySlotByIndex(JSC::JSObject*, JSC::ExecState*, unsigned propertyName, JSC::PropertySlot&);
 
-    static const unsigned StructureFlags = JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | Base::StructureFlags;
+    static const unsigned StructureFlags = JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::IsImmutablePrototypeExoticObject | Base::StructureFlags;
 
 protected:
     JSDOMWindowProperties(JSC::Structure* structure, JSC::JSGlobalObject& globalObject)
diff -Nru webkit2gtk-2.14.3/Source/WebCore/bindings/js/ScriptController.cpp webkit2gtk-2.14.5/Source/WebCore/bindings/js/ScriptController.cpp
--- webkit2gtk-2.14.3/Source/WebCore/bindings/js/ScriptController.cpp	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/bindings/js/ScriptController.cpp	2017-02-09 08:11:30.000000000 +0000
@@ -1,7 +1,7 @@
 /*
  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
- *  Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2006-2016 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -196,43 +196,53 @@
     static_cast(JSDOMWindow::commonVM().clientData)->getAllWorlds(worlds);
 }
 
-void ScriptController::clearWindowShell(DOMWindow* newDOMWindow, bool goingIntoPageCache)
+void ScriptController::clearWindowShellsNotMatchingDOMWindow(DOMWindow* newDOMWindow, bool goingIntoPageCache)
 {
     if (m_windowShells.isEmpty())
         return;
 
     JSLockHolder lock(JSDOMWindowBase::commonVM());
 
-    Vector> windowShells = this->windowShells();
-    for (size_t i = 0; i < windowShells.size(); ++i) {
-        JSDOMWindowShell* windowShell = windowShells[i].get();
-
+    for (auto& windowShell : windowShells()) {
         if (&windowShell->window()->wrapped() == newDOMWindow)
             continue;
 
         // Clear the debugger and console from the current window before setting the new window.
-        attachDebugger(windowShell, nullptr);
+        attachDebugger(windowShell.get(), nullptr);
         windowShell->window()->setConsoleClient(nullptr);
-
         windowShell->window()->willRemoveFromWindowShell();
-        windowShell->setWindow(newDOMWindow);
+    }
 
+    // It's likely that resetting our windows created a lot of garbage, unless
+    // it went in a back/forward cache.
+    if (!goingIntoPageCache)
+        collectGarbageAfterWindowShellDestruction();
+}
+
+void ScriptController::setDOMWindowForWindowShell(DOMWindow* newDOMWindow)
+{
+    if (m_windowShells.isEmpty())
+        return;
+    
+    JSLockHolder lock(JSDOMWindowBase::commonVM());
+    
+    for (auto& windowShell : windowShells()) {
+        if (&windowShell->window()->wrapped() == newDOMWindow)
+            continue;
+        
+        windowShell->setWindow(newDOMWindow);
+        
         // An m_cacheableBindingRootObject persists between page navigations
         // so needs to know about the new JSDOMWindow.
         if (m_cacheableBindingRootObject)
             m_cacheableBindingRootObject->updateGlobalObject(windowShell->window());
 
         if (Page* page = m_frame.page()) {
-            attachDebugger(windowShell, page->debugger());
+            attachDebugger(windowShell.get(), page->debugger());
             windowShell->window()->setProfileGroup(page->group().identifier());
             windowShell->window()->setConsoleClient(&page->console());
         }
     }
-
-    // It's likely that resetting our windows created a lot of garbage, unless
-    // it went in a back/forward cache.
-    if (!goingIntoPageCache)
-        collectGarbageAfterWindowShellDestruction();
 }
 
 JSDOMWindowShell* ScriptController::initScript(DOMWrapperWorld& world)
diff -Nru webkit2gtk-2.14.3/Source/WebCore/bindings/js/ScriptController.h webkit2gtk-2.14.5/Source/WebCore/bindings/js/ScriptController.h
--- webkit2gtk-2.14.3/Source/WebCore/bindings/js/ScriptController.h	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/bindings/js/ScriptController.h	2017-02-09 08:09:18.000000000 +0000
@@ -1,7 +1,7 @@
 /*
  *  Copyright (C) 1999 Harri Porten (porten@kde.org)
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
- *  Copyright (C) 2008 Apple Inc. All rights reserved.
+ *  Copyright (C) 2008-2016 Apple Inc. All rights reserved.
  *  Copyright (C) 2008 Eric Seidel 
  *
  *  This library is free software; you can redistribute it and/or
@@ -135,7 +135,8 @@
 
     const String* sourceURL() const { return m_sourceURL; } // 0 if we are not evaluating any script
 
-    void clearWindowShell(DOMWindow* newDOMWindow, bool goingIntoPageCache);
+    void clearWindowShellsNotMatchingDOMWindow(DOMWindow*, bool goingIntoPageCache);
+    void setDOMWindowForWindowShell(DOMWindow*);
     void updateDocument();
 
     void namedItemAdded(HTMLDocument*, const AtomicString&) { }
diff -Nru webkit2gtk-2.14.3/Source/WebCore/bindings/js/SerializedScriptValue.cpp webkit2gtk-2.14.5/Source/WebCore/bindings/js/SerializedScriptValue.cpp
--- webkit2gtk-2.14.3/Source/WebCore/bindings/js/SerializedScriptValue.cpp	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/bindings/js/SerializedScriptValue.cpp	2017-02-09 07:10:23.000000000 +0000
@@ -2274,7 +2274,7 @@
             uint32_t length;
             if (!read(length))
                 return JSValue();
-            if (m_end < ((uint8_t*)0) + length || m_ptr > m_end - length) {
+            if (static_cast(m_end - m_ptr) < length) {
                 fail();
                 return JSValue();
             }
@@ -2282,8 +2282,17 @@
                 m_ptr += length;
                 return jsNull();
             }
-            RefPtr result = ImageData::create(IntSize(width, height));
-            memcpy(result->data()->data(), m_ptr, length);
+            IntSize imageSize(width, height);
+            RELEASE_ASSERT(!length || (imageSize.area() * 4).unsafeGet() <= length);
+            RefPtr result = ImageData::create(imageSize);
+            if (!result) {
+                fail();
+                return JSValue();
+            }
+            if (length)
+                memcpy(result->data()->data(), m_ptr, length);
+            else
+                result->data()->zeroFill();
             m_ptr += length;
             return getJSValue(result.get());
         }
diff -Nru webkit2gtk-2.14.3/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm webkit2gtk-2.14.5/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
--- webkit2gtk-2.14.3/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2017-02-09 07:32:57.000000000 +0000
@@ -1232,9 +1232,13 @@
             $structureFlags{"JSC::GetOwnPropertySlotIsImpureForPropertyAbsence"} = 1;
         }
     }
+
     if ($interface->extendedAttributes->{"NewImpurePropertyFiresWatchpoints"}) {
         $structureFlags{"JSC::NewImpurePropertyFiresWatchpoints"} = 1;
     }
+    if ($interface->extendedAttributes->{"IsImmutablePrototypeExoticObject"}) {
+        $structureFlags{"JSC::IsImmutablePrototypeExoticObject"} = 1;
+    }
     if ($interface->extendedAttributes->{"CustomCall"}) {
         $structureFlags{"JSC::TypeOfShouldCallGetCallData"} = 1;
     }
@@ -5188,6 +5192,8 @@
         push(@$outputArray, "    static bool defineOwnProperty(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, const JSC::PropertyDescriptor&, bool shouldThrow);\n");
     }
 
+    $structureFlags{"JSC::IsImmutablePrototypeExoticObject"} = 1 if $interface->extendedAttributes->{IsImmutablePrototypeExoticObjectOnPrototype};
+
     # structure flags
     if (%structureFlags) {
         push(@$outputArray, "public:\n");
diff -Nru webkit2gtk-2.14.3/Source/WebCore/bindings/scripts/IDLAttributes.txt webkit2gtk-2.14.5/Source/WebCore/bindings/scripts/IDLAttributes.txt
--- webkit2gtk-2.14.3/Source/WebCore/bindings/scripts/IDLAttributes.txt	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/bindings/scripts/IDLAttributes.txt	2017-02-09 07:29:27.000000000 +0000
@@ -75,6 +75,8 @@
 ImplicitThis
 InitializedByEventConstructor
 InterfaceName=*
+IsImmutablePrototypeExoticObject
+IsImmutablePrototypeExoticObjectOnPrototype
 IsWeakCallback
 JSBuiltin
 JSBuiltinConstructor
diff -Nru webkit2gtk-2.14.3/Source/WebCore/dom/ContainerNodeAlgorithms.cpp webkit2gtk-2.14.5/Source/WebCore/dom/ContainerNodeAlgorithms.cpp
--- webkit2gtk-2.14.3/Source/WebCore/dom/ContainerNodeAlgorithms.cpp	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/dom/ContainerNodeAlgorithms.cpp	2017-02-10 07:17:28.000000000 +0000
@@ -289,6 +289,9 @@
 
     collectFrameOwners(frameOwners, root);
 
+    if (auto* shadowRoot = root.shadowRoot())
+        collectFrameOwners(frameOwners, *shadowRoot);
+
     // Must disable frame loading in the subtree so an unload handler cannot
     // insert more frames and create loaded frames in detached subtrees.
     SubframeLoadingDisabler disabler(root);
diff -Nru webkit2gtk-2.14.3/Source/WebCore/dom/Document.cpp webkit2gtk-2.14.5/Source/WebCore/dom/Document.cpp
--- webkit2gtk-2.14.3/Source/WebCore/dom/Document.cpp	2017-01-17 13:17:35.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/dom/Document.cpp	2017-02-09 08:22:47.000000000 +0000
@@ -847,6 +847,23 @@
     return documentElement() && documentElement()->hasTagName(htmlTag) && documentElement()->hasAttributeWithoutSynchronization(manifestAttr);
 }
 
+bool Document::hasEverCalledWindowOpen() const
+{
+    auto& topDocument = this->topDocument();
+    if (&topDocument == this)
+        return m_hasEverCalledWindowOpen;
+    return topDocument.hasEverCalledWindowOpen();
+}
+
+void Document::markHasCalledWindowOpen()
+{
+    auto& topDocument = this->topDocument();
+    if (&topDocument == this)
+        m_hasEverCalledWindowOpen = true;
+    else
+        topDocument.markHasCalledWindowOpen();
+}
+
 DocumentType* Document::doctype() const
 {
     for (Node* node = firstChild(); node; node = node->nextSibling()) {
diff -Nru webkit2gtk-2.14.3/Source/WebCore/dom/Document.h webkit2gtk-2.14.5/Source/WebCore/dom/Document.h
--- webkit2gtk-2.14.3/Source/WebCore/dom/Document.h	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/dom/Document.h	2017-02-09 08:22:47.000000000 +0000
@@ -379,6 +379,9 @@
     WEBCORE_EXPORT bool hasFocus() const;
 
     bool hasManifest() const;
+
+    bool hasEverCalledWindowOpen() const;
+    void markHasCalledWindowOpen();
     
     WEBCORE_EXPORT RefPtr createElementForBindings(const AtomicString& tagName, ExceptionCode&);
     WEBCORE_EXPORT Ref createDocumentFragment();
@@ -1516,6 +1519,7 @@
 
     Timer m_optimizedStyleSheetUpdateTimer;
     Timer m_styleRecalcTimer;
+    bool m_hasEverCalledWindowOpen { false };
     bool m_pendingStyleRecalcShouldForce;
     bool m_inStyleRecalc;
     bool m_closeAfterStyleRecalc;
diff -Nru webkit2gtk-2.14.3/Source/WebCore/dom/Element.cpp webkit2gtk-2.14.5/Source/WebCore/dom/Element.cpp
--- webkit2gtk-2.14.3/Source/WebCore/dom/Element.cpp	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/dom/Element.cpp	2017-02-10 07:30:13.000000000 +0000
@@ -1695,6 +1695,9 @@
 void Element::addShadowRoot(Ref&& newShadowRoot)
 {
     ASSERT(!shadowRoot());
+    
+    if (renderer())
+        RenderTreeUpdater::tearDownRenderers(*this);
 
     ShadowRoot& shadowRoot = newShadowRoot.get();
     ensureElementRareData().setShadowRoot(WTFMove(newShadowRoot));
diff -Nru webkit2gtk-2.14.3/Source/WebCore/dom/Element.h webkit2gtk-2.14.5/Source/WebCore/dom/Element.h
--- webkit2gtk-2.14.3/Source/WebCore/dom/Element.h	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/dom/Element.h	2017-02-09 16:17:47.000000000 +0000
@@ -438,6 +438,8 @@
     virtual bool isInRange() const { return false; }
     virtual bool isOutOfRange() const { return false; }
     virtual bool isFrameElementBase() const { return false; }
+    virtual bool isUploadButton() const { return false; }
+    virtual bool isSliderContainerElement() const { return false; }
 
     bool canContainRangeEndPoint() const override;
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/dom/EventTarget.idl webkit2gtk-2.14.5/Source/WebCore/dom/EventTarget.idl
--- webkit2gtk-2.14.3/Source/WebCore/dom/EventTarget.idl	2017-01-17 11:45:51.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/dom/EventTarget.idl	2017-02-09 07:29:27.000000000 +0000
@@ -21,6 +21,7 @@
 [
     CustomToJSObject,
     Exposed=(Window,Worker),
+    IsImmutablePrototypeExoticObjectOnPrototype,
     JSCustomHeader,
     JSCustomToNativeObject,
 ] interface EventTarget {
diff -Nru webkit2gtk-2.14.3/Source/WebCore/history/PageCache.cpp webkit2gtk-2.14.5/Source/WebCore/history/PageCache.cpp
--- webkit2gtk-2.14.3/Source/WebCore/history/PageCache.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/history/PageCache.cpp	2017-02-09 08:22:47.000000000 +0000
@@ -193,6 +193,19 @@
 
     DiagnosticLoggingClient& diagnosticLoggingClient = page.diagnosticLoggingClient();
     bool isCacheable = canCacheFrame(page.mainFrame(), diagnosticLoggingClient, indentLevel + 1);
+
+    if (page.openedByWindowOpen() && !page.settings().allowsPageCacheWithWindowOpener()) {
+        PCLOG("   -Page has been opened via window.open()");
+        logPageCacheFailureDiagnosticMessage(diagnosticLoggingClient, DiagnosticLoggingKeys::hasOpenerKey());
+        isCacheable = false;
+    }
+
+    auto* topDocument = page.mainFrame().document();
+    if (topDocument && topDocument->hasEverCalledWindowOpen()) {
+        PCLOG("   -Page has called window.open()");
+        logPageCacheFailureDiagnosticMessage(diagnosticLoggingClient, DiagnosticLoggingKeys::hasCalledWindowOpenKey());
+        isCacheable = false;
+    }
     
     if (!page.settings().usesPageCache() || page.isResourceCachingDisabled()) {
         PCLOG("   -Page settings says b/f cache disabled");
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/ColorInputType.cpp webkit2gtk-2.14.5/Source/WebCore/html/ColorInputType.cpp
--- webkit2gtk-2.14.3/Source/WebCore/html/ColorInputType.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/ColorInputType.cpp	2017-02-09 16:18:23.000000000 +0000
@@ -38,6 +38,7 @@
 #include "CSSPropertyNames.h"
 #include "Chrome.h"
 #include "Color.h"
+#include "ElementChildIterator.h"
 #include "HTMLDataListElement.h"
 #include "HTMLDivElement.h"
 #include "HTMLInputElement.h"
@@ -204,7 +205,14 @@
 HTMLElement* ColorInputType::shadowColorSwatch() const
 {
     ShadowRoot* shadow = element().userAgentShadowRoot();
-    return shadow ? downcast(shadow->firstChild()->firstChild()) : nullptr;
+    if (!shadow)
+        return nullptr;
+
+    auto wrapper = childrenOfType(*shadow).first();
+    if (!wrapper)
+        return nullptr;
+
+    return childrenOfType(*wrapper).first();
 }
 
 IntRect ColorInputType::elementRectRelativeToRootView() const
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/FileInputType.cpp webkit2gtk-2.14.5/Source/WebCore/html/FileInputType.cpp
--- webkit2gtk-2.14.3/Source/WebCore/html/FileInputType.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/FileInputType.cpp	2017-02-09 16:17:47.000000000 +0000
@@ -24,6 +24,7 @@
 
 #include "Chrome.h"
 #include "DragData.h"
+#include "ElementChildIterator.h"
 #include "Event.h"
 #include "File.h"
 #include "FileList.h"
@@ -39,8 +40,19 @@
 #include "RenderFileUploadControl.h"
 #include "ScriptController.h"
 #include "ShadowRoot.h"
+#include 
 #include 
 
+
+namespace WebCore {
+class UploadButtonElement;
+}
+
+SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::UploadButtonElement)
+    static bool isType(const WebCore::Element& element) { return element.isUploadButton(); }
+    static bool isType(const WebCore::Node& node) { return is(node) && isType(downcast(node)); }
+SPECIALIZE_TYPE_TRAITS_END()
+
 namespace WebCore {
 
 using namespace HTMLNames;
@@ -51,6 +63,8 @@
     static Ref createForMultiple(Document&);
 
 private:
+    bool isUploadButton() const override { return true; }
+    
     UploadButtonElement(Document&);
 };
 
@@ -277,16 +291,24 @@
 void FileInputType::disabledAttributeChanged()
 {
     ASSERT(element().shadowRoot());
-    UploadButtonElement* button = static_cast(element().userAgentShadowRoot()->firstChild());
-    if (button)
+
+    ShadowRoot* root = element().userAgentShadowRoot();
+    if (!root)
+        return;
+    
+    if (auto* button = childrenOfType(*root).first())
         button->setBooleanAttribute(disabledAttr, element().isDisabledFormControl());
 }
 
 void FileInputType::multipleAttributeChanged()
 {
     ASSERT(element().shadowRoot());
-    UploadButtonElement* button = static_cast(element().userAgentShadowRoot()->firstChild());
-    if (button)
+
+    ShadowRoot* root = element().userAgentShadowRoot();
+    if (!root)
+        return;
+
+    if (auto* button = childrenOfType(*root).first())
         button->setValue(element().multiple() ? fileButtonChooseMultipleFilesLabel() : fileButtonChooseFileLabel());
 }
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/HTMLFormElement.cpp webkit2gtk-2.14.5/Source/WebCore/html/HTMLFormElement.cpp
--- webkit2gtk-2.14.3/Source/WebCore/html/HTMLFormElement.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/HTMLFormElement.cpp	2017-02-09 08:05:29.000000000 +0000
@@ -2,7 +2,7 @@
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
- * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2010, 2012-2016 Apple Inc. All rights reserved.
  *           (C) 2006 Alexey Proskuryakov (ap@nypop.com)
  *
  * This library is free software; you can redistribute it and/or
@@ -51,6 +51,7 @@
 #include "Settings.h"
 #include 
 #include 
+#include 
 
 namespace WebCore {
 
@@ -58,13 +59,6 @@
 
 HTMLFormElement::HTMLFormElement(const QualifiedName& tagName, Document& document)
     : HTMLElement(tagName, document)
-    , m_associatedElementsBeforeIndex(0)
-    , m_associatedElementsAfterIndex(0)
-    , m_wasUserSubmitted(false)
-    , m_isSubmittingOrPreparingForSubmission(false)
-    , m_shouldSubmit(false)
-    , m_isInResetFunction(false)
-    , m_wasDemoted(false)
 #if ENABLE(REQUEST_AUTOCOMPLETE)
     , m_requestAutocompletetimer(*this, &HTMLFormElement::requestAutocompleteTimerFired)
 #endif
@@ -374,19 +368,30 @@
     if (m_isInResetFunction || !frame)
         return;
 
-    m_isInResetFunction = true;
+    Ref protectedThis(*this);
+
+    TemporaryChange isInResetFunctionRestorer(m_isInResetFunction, true);
 
-    if (!dispatchEvent(Event::create(eventNames().resetEvent, true, true))) {
-        m_isInResetFunction = false;
+    if (!dispatchEvent(Event::create(eventNames().resetEvent, true, true)))
         return;
-    }
 
-    for (auto& associatedElement : m_associatedElements) {
-        if (is(*associatedElement))
-            downcast(*associatedElement).reset();
-    }
+    resetAssociatedFormControlElements();
+}
 
-    m_isInResetFunction = false;
+void HTMLFormElement::resetAssociatedFormControlElements()
+{
+    // Event handling can cause associated elements to be added or deleted while iterating
+    // over this collection. Protect these elements until we are done notifying them of
+    // the reset operation.
+    Vector> associatedFormControlElements;
+    associatedFormControlElements.reserveInitialCapacity(m_associatedElements.size());
+    for (auto* element : m_associatedElements) {
+        if (is(element))
+            associatedFormControlElements.uncheckedAppend(*downcast(element));
+    }
+    
+    for (auto& associatedFormControlElement : associatedFormControlElements)
+        associatedFormControlElement->reset();
 }
 
 #if ENABLE(IOS_AUTOCORRECT_AND_AUTOCAPITALIZE)
@@ -859,10 +864,9 @@
 {
     ASSERT(!shouldAutocomplete());
 
-    for (auto& associatedElement : m_associatedElements) {
-        if (is(*associatedElement))
-            downcast(*associatedElement).reset();
-    }
+    Ref protectedThis(*this);
+
+    resetAssociatedFormControlElements();
 }
 
 void HTMLFormElement::didMoveToNewDocument(Document* oldDocument)
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/HTMLFormElement.h webkit2gtk-2.14.5/Source/WebCore/html/HTMLFormElement.h
--- webkit2gtk-2.14.3/Source/WebCore/html/HTMLFormElement.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/HTMLFormElement.h	2017-02-09 08:02:30.000000000 +0000
@@ -177,6 +177,8 @@
     bool matchesValidPseudoClass() const final;
     bool matchesInvalidPseudoClass() const final;
 
+    void resetAssociatedFormControlElements();
+
     typedef HashMap, FormNamedItem*> PastNamesMap;
 
     FormSubmission::Attributes m_attributes;
@@ -185,19 +187,19 @@
     RadioButtonGroups m_radioButtonGroups;
     mutable HTMLFormControlElement* m_defaultButton { nullptr };
 
-    unsigned m_associatedElementsBeforeIndex;
-    unsigned m_associatedElementsAfterIndex;
+    unsigned m_associatedElementsBeforeIndex { 0 };
+    unsigned m_associatedElementsAfterIndex { 0 };
     Vector m_associatedElements;
     Vector m_imageElements;
     HashSet m_invalidAssociatedFormControls;
 
-    bool m_wasUserSubmitted;
-    bool m_isSubmittingOrPreparingForSubmission;
-    bool m_shouldSubmit;
+    bool m_wasUserSubmitted { false };
+    bool m_isSubmittingOrPreparingForSubmission { false };
+    bool m_shouldSubmit { false };
 
-    bool m_isInResetFunction;
+    bool m_isInResetFunction { false };
 
-    bool m_wasDemoted;
+    bool m_wasDemoted { false };
 
 #if ENABLE(REQUEST_AUTOCOMPLETE)
     void requestAutocompleteTimerFired();
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/HTMLInputElement.cpp webkit2gtk-2.14.5/Source/WebCore/html/HTMLInputElement.cpp
--- webkit2gtk-2.14.3/Source/WebCore/html/HTMLInputElement.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/HTMLInputElement.cpp	2017-02-09 07:12:32.000000000 +0000
@@ -1436,9 +1436,13 @@
 
 void HTMLInputElement::onSearch()
 {
-    ASSERT(isSearchField());
+    // The type of the input element could have changed during event handling. If we are no longer
+    // a search field, don't try to do search things.
+    if (!isSearchField())
+        return;
+
     if (m_inputType)
-        static_cast(m_inputType.get())->stopSearchEventTimer();
+        downcast(*m_inputType.get()).stopSearchEventTimer();
     dispatchEvent(Event::create(eventNames().searchEvent, true, false));
 }
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/HTMLKeygenElement.cpp webkit2gtk-2.14.5/Source/WebCore/html/HTMLKeygenElement.cpp
--- webkit2gtk-2.14.3/Source/WebCore/html/HTMLKeygenElement.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/HTMLKeygenElement.cpp	2017-02-09 16:17:47.000000000 +0000
@@ -2,7 +2,7 @@
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
- * Copyright (C) 2004, 2005, 2006, 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2006, 2010, 2012-2016 Apple Inc. All rights reserved.
  *           (C) 2006 Alexey Proskuryakov (ap@nypop.com)
  *
  * This library is free software; you can redistribute it and/or
@@ -27,6 +27,7 @@
 
 #include "Attribute.h"
 #include "Document.h"
+#include "ElementChildIterator.h"
 #include "FormDataList.h"
 #include "HTMLNames.h"
 #include "HTMLSelectElement.h"
@@ -145,7 +146,10 @@
 HTMLSelectElement* HTMLKeygenElement::shadowSelect() const
 {
     ShadowRoot* root = userAgentShadowRoot();
-    return root ? downcast(root->firstChild()) : nullptr;
+    if (!root)
+        return nullptr;
+
+    return childrenOfType(*root).first();
 }
 
 } // namespace
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/HTMLMediaElement.cpp webkit2gtk-2.14.5/Source/WebCore/html/HTMLMediaElement.cpp
--- webkit2gtk-2.14.3/Source/WebCore/html/HTMLMediaElement.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/HTMLMediaElement.cpp	2017-02-09 16:17:47.000000000 +0000
@@ -3654,6 +3654,7 @@
 void HTMLMediaElement::removeAudioTrack(AudioTrack& track)
 {
     m_audioTracks->remove(track);
+    track.clearClient();
 }
 
 void HTMLMediaElement::removeTextTrack(TextTrack& track, bool scheduleEvent)
@@ -3671,6 +3672,7 @@
 void HTMLMediaElement::removeVideoTrack(VideoTrack& track)
 {
     m_videoTracks->remove(track);
+    track.clearClient();
 }
 
 void HTMLMediaElement::forgetResourceSpecificTracks()
@@ -5789,9 +5791,13 @@
 MediaControls* HTMLMediaElement::mediaControls() const
 {
 #if ENABLE(MEDIA_CONTROLS_SCRIPT)
-    return 0;
+    return nullptr;
 #else
-    return toMediaControls(userAgentShadowRoot()->firstChild());
+    ShadowRoot* root = userAgentShadowRoot();
+    if (!root)
+        return nullptr;
+    
+    return childrenOfType(*root).first();
 #endif
 }
 
@@ -5802,7 +5808,7 @@
 #else
 
     if (ShadowRoot* userAgent = userAgentShadowRoot()) {
-        Node* node = userAgent->firstChild();
+        Node* node = childrenOfType(*root).first();
         ASSERT_WITH_SECURITY_IMPLICATION(!node || node->isMediaControls());
         return node;
     }
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/HTMLTextAreaElement.cpp webkit2gtk-2.14.5/Source/WebCore/html/HTMLTextAreaElement.cpp
--- webkit2gtk-2.14.3/Source/WebCore/html/HTMLTextAreaElement.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/HTMLTextAreaElement.cpp	2017-02-09 16:17:47.000000000 +0000
@@ -2,7 +2,7 @@
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
- * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010, 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2008, 2010, 2014, 2016 Apple Inc. All rights reserved.
  *           (C) 2006 Alexey Proskuryakov (ap@nypop.com)
  * Copyright (C) 2007 Samuel Weinig (sam@webkit.org)
  *
@@ -30,6 +30,7 @@
 #include "CSSValueKeywords.h"
 #include "Document.h"
 #include "Editor.h"
+#include "ElementChildIterator.h"
 #include "Event.h"
 #include "EventHandler.h"
 #include "EventNames.h"
@@ -322,7 +323,11 @@
 
 TextControlInnerTextElement* HTMLTextAreaElement::innerTextElement() const
 {
-    return downcast(userAgentShadowRoot()->firstChild());
+    ShadowRoot* root = userAgentShadowRoot();
+    if (!root)
+        return nullptr;
+    
+    return childrenOfType(*root).first();
 }
 
 void HTMLTextAreaElement::rendererWillBeDestroyed()
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/HTMLTextFormControlElement.cpp webkit2gtk-2.14.5/Source/WebCore/html/HTMLTextFormControlElement.cpp
--- webkit2gtk-2.14.3/Source/WebCore/html/HTMLTextFormControlElement.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/HTMLTextFormControlElement.cpp	2017-02-10 07:19:24.000000000 +0000
@@ -295,7 +295,12 @@
     if (!hasFocus && innerText) {
         // FIXME: Removing this synchronous layout requires fixing 
         document().updateLayoutIgnorePendingStylesheets();
-        if (RenderElement* rendererTextControl = renderer()) {
+
+        // Double-check the state of innerTextElement after the layout.
+        innerText = innerTextElement();
+        auto* rendererTextControl = renderer();
+
+        if (innerText && rendererTextControl) {
             if (rendererTextControl->style().visibility() == HIDDEN || !innerText->renderBox()->height()) {
                 cacheSelection(start, end, direction);
                 return;
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/InputType.h webkit2gtk-2.14.5/Source/WebCore/html/InputType.h
--- webkit2gtk-2.14.3/Source/WebCore/html/InputType.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/InputType.h	2017-02-09 07:13:48.000000000 +0000
@@ -327,4 +327,9 @@
 
 } // namespace WebCore
 
+#define SPECIALIZE_TYPE_TRAITS_INPUT_TYPE(ToValueTypeName, predicate) \
+SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::ToValueTypeName) \
+static bool isType(const WebCore::InputType& input) { return input.predicate; } \
+SPECIALIZE_TYPE_TRAITS_END()
+
 #endif
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/RangeInputType.cpp webkit2gtk-2.14.5/Source/WebCore/html/RangeInputType.cpp
--- webkit2gtk-2.14.3/Source/WebCore/html/RangeInputType.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/RangeInputType.cpp	2017-02-09 16:17:47.000000000 +0000
@@ -33,6 +33,7 @@
 #include "RangeInputType.h"
 
 #include "AXObjectCache.h"
+#include "ElementChildIterator.h"
 #include "EventNames.h"
 #include "ExceptionCodePlaceholder.h"
 #include "HTMLInputElement.h"
@@ -270,7 +271,15 @@
     ASSERT(element().userAgentShadowRoot()->firstChild()->isHTMLElement());
     ASSERT(element().userAgentShadowRoot()->firstChild()->firstChild()); // track
 
-    return downcast(element().userAgentShadowRoot()->firstChild()->firstChild());
+    ShadowRoot* root = element().userAgentShadowRoot();
+    if (!root)
+        return nullptr;
+    
+    auto* container = childrenOfType(*root).first();
+    if (!container)
+        return nullptr;
+
+    return childrenOfType(*container).first();
 }
 
 SliderThumbElement& RangeInputType::typedSliderThumbElement() const
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/SearchInputType.h webkit2gtk-2.14.5/Source/WebCore/html/SearchInputType.h
--- webkit2gtk-2.14.3/Source/WebCore/html/SearchInputType.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/SearchInputType.h	2017-02-09 07:14:14.000000000 +0000
@@ -72,4 +72,6 @@
 
 } // namespace WebCore
 
+SPECIALIZE_TYPE_TRAITS_INPUT_TYPE(SearchInputType, isSearchField())
+
 #endif // SearchInputType_h
diff -Nru webkit2gtk-2.14.3/Source/WebCore/html/shadow/SliderThumbElement.h webkit2gtk-2.14.5/Source/WebCore/html/shadow/SliderThumbElement.h
--- webkit2gtk-2.14.3/Source/WebCore/html/shadow/SliderThumbElement.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/html/shadow/SliderThumbElement.h	2017-02-09 16:19:01.000000000 +0000
@@ -137,10 +137,17 @@
     RenderPtr createElementRenderer(RenderStyle&&, const RenderTreePosition&) override;
     Optional resolveCustomStyle(const RenderStyle&, const RenderStyle*) override;
     const AtomicString& shadowPseudoId() const override;
+    bool isSliderContainerElement() const override { return true; }
 
     AtomicString m_shadowPseudoId;
 };
 
 }
 
+SPECIALIZE_TYPE_TRAITS_BEGIN(WebCore::SliderContainerElement)
+    static bool isType(const WebCore::Element& element) { return element.isSliderContainerElement(); }
+    static bool isType(const WebCore::Node& node) { return is(node) && isType(downcast(node)); }
+SPECIALIZE_TYPE_TRAITS_END()
+
 #endif
+
diff -Nru webkit2gtk-2.14.3/Source/WebCore/loader/DocumentWriter.cpp webkit2gtk-2.14.5/Source/WebCore/loader/DocumentWriter.cpp
--- webkit2gtk-2.14.3/Source/WebCore/loader/DocumentWriter.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/loader/DocumentWriter.cpp	2017-02-09 08:40:35.000000000 +0000
@@ -73,6 +73,12 @@
 void DocumentWriter::replaceDocument(const String& source, Document* ownerDocument)
 {
     m_frame->loader().stopAllLoaders();
+
+    // If we are in the midst of changing the frame's document, don't execute script
+    // that modifes the document further:
+    if (m_frame->documentIsBeingReplaced())
+        return;
+
     begin(m_frame->document()->url(), true, ownerDocument);
 
     // begin() might fire an unload event, which will result in a situation where no new document has been attached,
diff -Nru webkit2gtk-2.14.3/Source/WebCore/loader/FrameLoader.cpp webkit2gtk-2.14.5/Source/WebCore/loader/FrameLoader.cpp
--- webkit2gtk-2.14.3/Source/WebCore/loader/FrameLoader.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/loader/FrameLoader.cpp	2017-02-09 08:10:38.000000000 +0000
@@ -604,7 +604,7 @@
     if (clearWindowProperties) {
         InspectorInstrumentation::frameWindowDiscarded(&m_frame, m_frame.document()->domWindow());
         m_frame.document()->domWindow()->resetUnlessSuspendedForDocumentSuspension();
-        m_frame.script().clearWindowShell(newDocument->domWindow(), m_frame.document()->inPageCache());
+        m_frame.script().clearWindowShellsNotMatchingDOMWindow(newDocument->domWindow(), m_frame.document()->inPageCache());
     }
 
     m_frame.selection().prepareForDestruction();
@@ -622,6 +622,9 @@
 
     subframeLoader().clear();
 
+    if (clearWindowProperties)
+        m_frame.script().setDOMWindowForWindowShell(newDocument->domWindow());
+
     if (clearScriptObjects)
         m_frame.script().clearScriptObjects();
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/DiagnosticLoggingKeys.cpp webkit2gtk-2.14.5/Source/WebCore/page/DiagnosticLoggingKeys.cpp
--- webkit2gtk-2.14.3/Source/WebCore/page/DiagnosticLoggingKeys.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/DiagnosticLoggingKeys.cpp	2017-02-09 08:22:47.000000000 +0000
@@ -568,6 +568,16 @@
     return ASCIILiteral("font");
 }
 
+String DiagnosticLoggingKeys::hasCalledWindowOpenKey()
+{
+    return ASCIILiteral("hasCalledWindowOpen");
+}
+
+String DiagnosticLoggingKeys::hasOpenerKey()
+{
+    return ASCIILiteral("hasOpener");
+}
+
 String DiagnosticLoggingKeys::prunedDueToMemoryPressureKey()
 {
     return ASCIILiteral("pruned.memoryPressure");
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/DiagnosticLoggingKeys.h webkit2gtk-2.14.5/Source/WebCore/page/DiagnosticLoggingKeys.h
--- webkit2gtk-2.14.3/Source/WebCore/page/DiagnosticLoggingKeys.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/DiagnosticLoggingKeys.h	2017-02-09 08:22:47.000000000 +0000
@@ -52,6 +52,8 @@
     WEBCORE_EXPORT static String entryWronglyNotWarmedUpKey();
     static String expiredKey();
     static String fontKey();
+    static String hasCalledWindowOpenKey();
+    static String hasOpenerKey();
     static String hasPluginsKey();
     static String httpsNoStoreKey();
     static String imageKey();
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/DOMWindow.cpp webkit2gtk-2.14.5/Source/WebCore/page/DOMWindow.cpp
--- webkit2gtk-2.14.3/Source/WebCore/page/DOMWindow.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/DOMWindow.cpp	2017-02-09 08:22:47.000000000 +0000
@@ -2140,6 +2140,8 @@
 
     newFrame->loader().setOpener(&openerFrame);
     newFrame->page()->setOpenedByDOM();
+    if (auto* openerDocument = openerFrame.document())
+        openerDocument->markHasCalledWindowOpen();
 
     if (newFrame->document()->domWindow()->isInsecureScriptAccess(activeWindow, completedURL))
         return newFrame;
@@ -2192,9 +2194,9 @@
 #endif
 
     if (!firstWindow.allowPopUp()) {
-        // Because FrameTree::find() returns true for empty strings, we must check for empty frame names.
+        // Because FrameTree::findFrameForNavigation() returns true for empty strings, we must check for empty frame names.
         // Otherwise, illegitimate window.open() calls with no name will pass right through the popup blocker.
-        if (frameName.isEmpty() || !m_frame->tree().find(frameName))
+        if (frameName.isEmpty() || !m_frame->loader().findFrameForNavigation(frameName, activeDocument))
             return nullptr;
     }
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/DOMWindow.idl webkit2gtk-2.14.5/Source/WebCore/page/DOMWindow.idl
--- webkit2gtk-2.14.3/Source/WebCore/page/DOMWindow.idl	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/DOMWindow.idl	2017-02-09 07:29:27.000000000 +0000
@@ -34,6 +34,8 @@
     ExportMacro=WEBCORE_EXPORT,
     ImplicitThis,
     InterfaceName=Window,
+    IsImmutablePrototypeExoticObject,
+    IsImmutablePrototypeExoticObjectOnPrototype,
     JSCustomDefineOwnProperty,
     JSCustomMarkFunction,
     JSCustomToNativeObject,
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/EventHandler.cpp webkit2gtk-2.14.5/Source/WebCore/page/EventHandler.cpp
--- webkit2gtk-2.14.3/Source/WebCore/page/EventHandler.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/EventHandler.cpp	2017-02-07 09:48:29.000000000 +0000
@@ -1674,17 +1674,23 @@
     m_mousePressNode = mouseEvent.targetNode();
     m_frame.document()->setFocusNavigationStartingNode(mouseEvent.targetNode());
 
-    RefPtr subframe = subframeForHitTestResult(mouseEvent);
-    if (subframe && passMousePressEventToSubframe(mouseEvent, subframe.get())) {
-        // Start capturing future events for this frame.  We only do this if we didn't clear
-        // the m_mousePressed flag, which may happen if an AppKit widget entered a modal event loop.
-        m_capturesDragging = subframe->eventHandler().capturesDragging();
-        if (m_mousePressed && m_capturesDragging) {
-            m_capturingMouseEventsElement = subframe->ownerElement();
-            m_eventHandlerWillResetCapturingMouseEventsElement = true;
+    Scrollbar* scrollbar = scrollbarForMouseEvent(mouseEvent, m_frame.view());
+    updateLastScrollbarUnderMouse(scrollbar, SetOrClearLastScrollbar::Set);
+    bool passedToScrollbar = scrollbar && passMousePressEventToScrollbar(mouseEvent, scrollbar);
+
+    if (!passedToScrollbar) {
+        RefPtr subframe = subframeForHitTestResult(mouseEvent);
+        if (subframe && passMousePressEventToSubframe(mouseEvent, subframe.get())) {
+            // Start capturing future events for this frame. We only do this if we didn't clear
+            // the m_mousePressed flag, which may happen if an AppKit widget entered a modal event loop.
+            m_capturesDragging = subframe->eventHandler().capturesDragging();
+            if (m_mousePressed && m_capturesDragging) {
+                m_capturingMouseEventsElement = subframe->ownerElement();
+                m_eventHandlerWillResetCapturingMouseEventsElement = true;
+            }
+            invalidateClick();
+            return true;
         }
-        invalidateClick();
-        return true;
     }
 
 #if ENABLE(PAN_SCROLLING)
@@ -1743,10 +1749,6 @@
             mouseEvent = m_frame.document()->prepareMouseEvent(HitTestRequest(), documentPoint, platformMouseEvent);
     }
 
-    Scrollbar* scrollbar = scrollbarForMouseEvent(mouseEvent, m_frame.view());
-    updateLastScrollbarUnderMouse(scrollbar, true);
-
-    bool passedToScrollbar = scrollbar && passMousePressEventToScrollbar(mouseEvent, scrollbar);
     if (!swallowEvent) {
         if (passedToScrollbar)
             swallowEvent = true;
@@ -1914,7 +1916,7 @@
         m_resizeLayer->resize(platformMouseEvent, m_offsetFromResizeCorner);
     else {
         Scrollbar* scrollbar = mouseEvent.scrollbar();
-        updateLastScrollbarUnderMouse(scrollbar, !m_mousePressed);
+        updateLastScrollbarUnderMouse(scrollbar, m_mousePressed ? SetOrClearLastScrollbar::Clear : SetOrClearLastScrollbar::Set);
 
         // On iOS, our scrollbars are managed by UIKit.
 #if !PLATFORM(IOS)
@@ -1942,8 +1944,10 @@
         // node to be detached from its FrameView, in which case the event should not be passed.
         if (newSubframe->view())
             swallowEvent |= passMouseMoveEventToSubframe(mouseEvent, newSubframe.get(), hoveredNode);
+    }
+
+    if (!newSubframe || mouseEvent.scrollbar()) {
 #if ENABLE(CURSOR_SUPPORT)
-    } else {
         if (FrameView* view = m_frame.view()) {
             OptionalCursor optionalCursor = selectCursor(mouseEvent.hitTestResult(), platformMouseEvent.shiftKey());
             if (optionalCursor.isCursorChange()) {
@@ -3775,9 +3779,8 @@
     return scrollbar->mouseDown(mouseEvent.event());
 }
 
-// If scrollbar (under mouse) is different from last, send a mouse exited. Set
-// last to scrollbar if setLast is true; else set last to nullptr.
-void EventHandler::updateLastScrollbarUnderMouse(Scrollbar* scrollbar, bool setLast)
+// If scrollbar (under mouse) is different from last, send a mouse exited.
+void EventHandler::updateLastScrollbarUnderMouse(Scrollbar* scrollbar, SetOrClearLastScrollbar setOrClear)
 {
     if (m_lastScrollbarUnderMouse != scrollbar) {
         // Send mouse exited to the old scrollbar.
@@ -3785,12 +3788,10 @@
             m_lastScrollbarUnderMouse->mouseExited();
 
         // Send mouse entered if we're setting a new scrollbar.
-        if (scrollbar && setLast)
+        if (scrollbar && setOrClear == SetOrClearLastScrollbar::Set) {
             scrollbar->mouseEntered();
-
-        if (setLast && scrollbar)
             m_lastScrollbarUnderMouse = scrollbar->createWeakPtr();
-        else
+        } else
             m_lastScrollbarUnderMouse = nullptr;
     }
 }
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/EventHandler.h webkit2gtk-2.14.5/Source/WebCore/page/EventHandler.h
--- webkit2gtk-2.14.3/Source/WebCore/page/EventHandler.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/EventHandler.h	2017-02-07 09:40:11.000000000 +0000
@@ -440,7 +440,8 @@
     void updateSelectionForMouseDrag(const HitTestResult&);
 #endif
 
-    void updateLastScrollbarUnderMouse(Scrollbar*, bool);
+    enum class SetOrClearLastScrollbar { Clear, Set };
+    void updateLastScrollbarUnderMouse(Scrollbar*, SetOrClearLastScrollbar);
     
     void setFrameWasScrolledByUser();
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/Frame.cpp webkit2gtk-2.14.5/Source/WebCore/page/Frame.cpp
--- webkit2gtk-2.14.3/Source/WebCore/page/Frame.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/Frame.cpp	2017-02-09 08:42:03.000000000 +0000
@@ -268,6 +268,11 @@
 {
     ASSERT(!newDocument || newDocument->frame() == this);
 
+    if (m_documentIsBeingReplaced)
+        return;
+
+    m_documentIsBeingReplaced = true;
+    
     if (m_doc && m_doc->pageCacheState() != Document::InPageCache)
         m_doc->prepareForDestruction();
 
@@ -281,6 +286,8 @@
         newDocument->didBecomeCurrentDocumentInFrame();
 
     InspectorInstrumentation::frameDocumentUpdated(this);
+
+    m_documentIsBeingReplaced = false;
 }
 
 #if ENABLE(ORIENTATION_EVENTS)
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/Frame.h webkit2gtk-2.14.5/Source/WebCore/page/Frame.h
--- webkit2gtk-2.14.3/Source/WebCore/page/Frame.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/Frame.h	2017-02-09 08:43:46.000000000 +0000
@@ -156,7 +156,9 @@
         WEBCORE_EXPORT RenderView* contentRenderer() const; // Root of the render tree for the document contained in this frame.
         WEBCORE_EXPORT RenderWidget* ownerRenderer() const; // Renderer for the element that contains this frame.
 
-    // ======== All public functions below this point are candidates to move out of Frame into another class. ========
+        bool documentIsBeingReplaced() const { return m_documentIsBeingReplaced; }
+
+        // ======== All public functions below this point are candidates to move out of Frame into another class. ========
 
         void injectUserScripts(UserScriptInjectionTime);
         
@@ -319,6 +321,7 @@
 
         int m_activeDOMObjectsAndAnimationsSuspendedCount;
         bool m_mainFrameWasDestroyed { false };
+        bool m_documentIsBeingReplaced { false };
 
     protected:
         std::unique_ptr m_eventHandler;
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/FrameView.cpp webkit2gtk-2.14.5/Source/WebCore/page/FrameView.cpp
--- webkit2gtk-2.14.3/Source/WebCore/page/FrameView.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/FrameView.cpp	2017-02-09 08:13:36.000000000 +0000
@@ -3259,6 +3259,9 @@
     viewportContentsChanged();
 
     updateScrollSnapState();
+
+    if (AXObjectCache* cache = frame().document()->existingAXObjectCache())
+        cache->performDeferredIsIgnoredChange();
 }
 
 IntSize FrameView::sizeForResizeEvent() const
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/Page.cpp webkit2gtk-2.14.5/Source/WebCore/page/Page.cpp
--- webkit2gtk-2.14.3/Source/WebCore/page/Page.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/Page.cpp	2017-02-09 08:22:47.000000000 +0000
@@ -436,6 +436,17 @@
     m_openedByDOM = true;
 }
 
+bool Page::openedByWindowOpen() const
+{
+    auto* document = m_mainFrame->document();
+    if (!document)
+        return false;
+    auto* window = document->domWindow();
+    if (!window)
+        return false;
+    return window->opener();
+}
+
 void Page::goToItem(HistoryItem& item, FrameLoadType type)
 {
     // stopAllLoaders may end up running onload handlers, which could cause further history traversals that may lead to the passed in HistoryItem
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/Page.h webkit2gtk-2.14.5/Source/WebCore/page/Page.h
--- webkit2gtk-2.14.3/Source/WebCore/page/Page.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/Page.h	2017-02-09 08:22:47.000000000 +0000
@@ -171,6 +171,8 @@
     bool openedByDOM() const;
     void setOpenedByDOM();
 
+    bool openedByWindowOpen() const;
+
     WEBCORE_EXPORT void goToItem(HistoryItem&, FrameLoadType);
 
     WEBCORE_EXPORT void setGroupName(const String&);
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/PageOverlayController.cpp webkit2gtk-2.14.5/Source/WebCore/page/PageOverlayController.cpp
--- webkit2gtk-2.14.3/Source/WebCore/page/PageOverlayController.cpp	2016-09-16 09:56:47.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/PageOverlayController.cpp	2017-02-13 13:43:36.000000000 +0000
@@ -209,6 +209,13 @@
         updateOverlayGeometry(*overlayAndLayer.key, *overlayAndLayer.value);
 }
 
+void PageOverlayController::willDetachRootLayer()
+{
+    m_documentOverlayRootLayer = nullptr;
+    m_viewOverlayRootLayer = nullptr;
+    m_initialized = false;
+}
+
 void PageOverlayController::didChangeViewSize()
 {
     for (auto& overlayAndLayer : m_overlayGraphicsLayers) {
@@ -234,7 +241,8 @@
 
 void PageOverlayController::didChangeDeviceScaleFactor()
 {
-    createRootLayersIfNeeded();
+    if (!m_initialized)
+        return;
 
     m_documentOverlayRootLayer->noteDeviceOrPageScaleFactorChangedIncludingDescendants();
     m_viewOverlayRootLayer->noteDeviceOrPageScaleFactorChangedIncludingDescendants();
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/PageOverlayController.h webkit2gtk-2.14.5/Source/WebCore/page/PageOverlayController.h
--- webkit2gtk-2.14.3/Source/WebCore/page/PageOverlayController.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/PageOverlayController.h	2017-02-07 09:02:14.000000000 +0000
@@ -60,6 +60,7 @@
     GraphicsLayer& layerForOverlay(PageOverlay&) const;
 
     void willAttachRootLayer();
+    void willDetachRootLayer();
 
     void didChangeViewSize();
     void didChangeDocumentSize();
diff -Nru webkit2gtk-2.14.3/Source/WebCore/page/Settings.in webkit2gtk-2.14.5/Source/WebCore/page/Settings.in
--- webkit2gtk-2.14.3/Source/WebCore/page/Settings.in	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/page/Settings.in	2017-02-09 08:24:06.000000000 +0000
@@ -279,3 +279,5 @@
 
 # Runtime-enabled features
 visualViewportEnabled initial=false
+
+allowsPageCacheWithWindowOpener initial=false
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/cairo/ImageBufferCairo.cpp webkit2gtk-2.14.5/Source/WebCore/platform/graphics/cairo/ImageBufferCairo.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/cairo/ImageBufferCairo.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/cairo/ImageBufferCairo.cpp	2017-02-07 09:37:13.000000000 +0000
@@ -218,7 +218,15 @@
 #else
     ASSERT(m_data.m_renderingMode != Accelerated);
 #endif
-        m_data.m_surface = adoptRef(cairo_image_surface_create(CAIRO_FORMAT_ARGB32, m_size.width(), m_size.height()));
+    {
+        static cairo_user_data_key_t s_surfaceDataKey;
+
+        int stride = cairo_format_stride_for_width(CAIRO_FORMAT_ARGB32, m_size.width());
+        auto* surfaceData = fastZeroedMalloc(m_size.height() * stride);
+
+        m_data.m_surface = adoptRef(cairo_image_surface_create_for_data(static_cast(surfaceData), CAIRO_FORMAT_ARGB32, m_size.width(), m_size.height(), stride));
+        cairo_surface_set_user_data(m_data.m_surface.get(), &s_surfaceDataKey, surfaceData, [](void* data) { fastFree(data); });
+    }
 
     if (cairo_surface_status(m_data.m_surface.get()) != CAIRO_STATUS_SUCCESS)
         return;  // create will notice we didn't set m_initialized and fail.
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/gstreamer/GRefPtrGStreamer.cpp webkit2gtk-2.14.5/Source/WebCore/platform/graphics/gstreamer/GRefPtrGStreamer.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/gstreamer/GRefPtrGStreamer.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/gstreamer/GRefPtrGStreamer.cpp	2017-02-08 11:09:34.000000000 +0000
@@ -105,7 +105,6 @@
 
 template <> GRefPtr adoptGRef(GstContext* ptr)
 {
-    ASSERT(!g_object_is_floating(ptr));
     return GRefPtr(ptr, GRefPtrAdopt);
 }
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp webkit2gtk-2.14.5/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp	2017-02-08 11:05:34.000000000 +0000
@@ -526,6 +526,7 @@
     if (supportsAcceleratedRendering() && m_player->client().mediaPlayerRenderingCanBeAccelerated(m_player) && client()) {
         client()->setPlatformLayerNeedsDisplay();
 #if USE(GSTREAMER_GL)
+        LockHolder lock(m_drawMutex);
         m_drawCondition.notifyOne();
 #endif
         return;
@@ -535,6 +536,7 @@
     m_player->repaint();
 
 #if USE(GSTREAMER_GL) || USE(COORDINATED_GRAPHICS_THREADED)
+    LockHolder lock(m_drawMutex);
     m_drawCondition.notifyOne();
 #endif
 }
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp webkit2gtk-2.14.5/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp	2017-02-08 11:47:56.000000000 +0000
@@ -27,6 +27,7 @@
 
 #if ENABLE(VIDEO) && USE(GSTREAMER)
 
+#include "FileSystem.h"
 #include "GStreamerUtilities.h"
 #include "URL.h"
 #include "MIMETypeRegistry.h"
@@ -36,6 +37,7 @@
 #include "SecurityOrigin.h"
 #include "TimeRanges.h"
 #include "WebKitWebSourceGStreamer.h"
+#include 
 #include 
 #include 
 #include 
@@ -195,6 +197,9 @@
         m_mediaLocations = 0;
     }
 
+    if (WEBKIT_IS_WEB_SRC(m_source.get()) && GST_OBJECT_PARENT(m_source.get()))
+        g_signal_handlers_disconnect_by_func(GST_ELEMENT_PARENT(m_source.get()), reinterpret_cast(uriDecodeBinElementAddedCallback), this);
+
     if (m_autoAudioSink)
         g_signal_handlers_disconnect_by_func(G_OBJECT(m_autoAudioSink.get()),
             reinterpret_cast(setAudioStreamPropertiesCallback), this);
@@ -1303,13 +1308,75 @@
     player->sourceChanged();
 }
 
+void MediaPlayerPrivateGStreamer::uriDecodeBinElementAddedCallback(GstBin* bin, GstElement* element, MediaPlayerPrivateGStreamer* player)
+{
+    if (g_strcmp0(G_OBJECT_CLASS_NAME(G_OBJECT_GET_CLASS(G_OBJECT(element))), "GstDownloadBuffer"))
+        return;
+
+    player->m_downloadBuffer = element;
+    g_signal_handlers_disconnect_by_func(bin, reinterpret_cast(uriDecodeBinElementAddedCallback), player);
+    g_signal_connect_swapped(element, "notify::temp-location", G_CALLBACK(downloadBufferFileCreatedCallback), player);
+
+    GUniqueOutPtr oldDownloadTemplate;
+    g_object_get(element, "temp-template", &oldDownloadTemplate.outPtr(), nullptr);
+
+    GUniquePtr newDownloadTemplate(g_build_filename(G_DIR_SEPARATOR_S, "var", "tmp", "WebKit-Media-XXXXXX", nullptr));
+    g_object_set(element, "temp-template", newDownloadTemplate.get(), nullptr);
+    GST_TRACE("Reconfigured file download template from '%s' to '%s'", oldDownloadTemplate.get(), newDownloadTemplate.get());
+
+    player->purgeOldDownloadFiles(oldDownloadTemplate.get());
+}
+
+void MediaPlayerPrivateGStreamer::downloadBufferFileCreatedCallback(MediaPlayerPrivateGStreamer* player)
+{
+    ASSERT(player->m_downloadBuffer);
+
+    g_signal_handlers_disconnect_by_func(player->m_downloadBuffer.get(), reinterpret_cast(downloadBufferFileCreatedCallback), player);
+
+    GUniqueOutPtr downloadFile;
+    g_object_get(player->m_downloadBuffer.get(), "temp-location", &downloadFile.outPtr(), nullptr);
+    player->m_downloadBuffer = nullptr;
+
+    if (UNLIKELY(!deleteFile(downloadFile.get()))) {
+        GST_WARNING("Couldn't unlink media temporary file %s after creation", downloadFile.get());
+        return;
+    }
+
+    GST_TRACE("Unlinked media temporary file %s after creation", downloadFile.get());
+}
+
+void MediaPlayerPrivateGStreamer::purgeOldDownloadFiles(const char* downloadFileTemplate)
+{
+    if (!downloadFileTemplate)
+        return;
+
+    GUniquePtr templatePath(g_path_get_dirname(downloadFileTemplate));
+    GUniquePtr templateFile(g_path_get_basename(downloadFileTemplate));
+    String templatePattern = String(templateFile.get()).replace("X", "?");
+
+    for (auto& filePath : listDirectory(templatePath.get(), templatePattern)) {
+        if (UNLIKELY(!deleteFile(filePath))) {
+            GST_WARNING("Couldn't unlink legacy media temporary file: %s", filePath.utf8().data());
+            continue;
+        }
+
+        GST_TRACE("Unlinked legacy media temporary file: %s", filePath.utf8().data());
+    }
+}
+
 void MediaPlayerPrivateGStreamer::sourceChanged()
 {
+    if (WEBKIT_IS_WEB_SRC(m_source.get()) && GST_OBJECT_PARENT(m_source.get()))
+        g_signal_handlers_disconnect_by_func(GST_ELEMENT_PARENT(m_source.get()), reinterpret_cast(uriDecodeBinElementAddedCallback), this);
+
     m_source.clear();
     g_object_get(m_pipeline.get(), "source", &m_source.outPtr(), nullptr);
 
-    if (WEBKIT_IS_WEB_SRC(m_source.get()))
+    if (WEBKIT_IS_WEB_SRC(m_source.get())) {
         webKitWebSrcSetMediaPlayer(WEBKIT_WEB_SRC(m_source.get()), m_player);
+        g_signal_connect(GST_ELEMENT_PARENT(m_source.get()), "element-added", G_CALLBACK(uriDecodeBinElementAddedCallback), this);
+    }
+
 #if ENABLE(MEDIA_SOURCE)
     if (m_mediaSource && WEBKIT_IS_MEDIA_SRC(m_source.get())) {
         MediaSourceGStreamer::open(m_mediaSource.get(), WEBKIT_MEDIA_SRC(m_source.get()));
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h webkit2gtk-2.14.5/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h	2017-02-08 11:14:30.000000000 +0000
@@ -170,6 +170,10 @@
     MediaTime totalFrameDelay() override { return MediaTime::zeroTime(); }
 #endif
 
+    void purgeOldDownloadFiles(const char*);
+    static void uriDecodeBinElementAddedCallback(GstBin*, GstElement*, MediaPlayerPrivateGStreamer*);
+    static void downloadBufferFileCreatedCallback(MediaPlayerPrivateGStreamer*);
+
     void readyTimerFired();
 
     void notifyPlayerOfVideo();
@@ -238,6 +242,7 @@
 #endif
     GstState m_requestedState;
     GRefPtr m_autoAudioSink;
+    GRefPtr m_downloadBuffer;
     RefPtr m_missingPluginsCallback;
 #if ENABLE(VIDEO_TRACK)
     Vector> m_audioTracks;
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp	2016-08-30 16:10:50.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp	2017-02-10 07:50:30.000000000 +0000
@@ -22,6 +22,7 @@
 
 #if USE(COORDINATED_GRAPHICS)
 #include "GraphicsContext.h"
+#include "MemoryPressureHandler.h"
 #include "TiledBackingStoreClient.h"
 #include 
 
@@ -59,10 +60,11 @@
 {
     IntRect scaledContentsRect = mapFromContents(contentsRect);
     IntRect visibleRect = mapFromContents(unscaledVisibleRect);
+    float coverAreaMultiplier = MemoryPressureHandler::singleton().isUnderMemoryPressure() ? 1.0f : 2.0f;
 
-    bool didChange = m_trajectoryVector != m_pendingTrajectoryVector || m_visibleRect != visibleRect || m_rect != scaledContentsRect;
+    bool didChange = m_trajectoryVector != m_pendingTrajectoryVector || m_visibleRect != visibleRect || m_rect != scaledContentsRect || m_coverAreaMultiplier != coverAreaMultiplier;
     if (didChange || m_pendingTileCreation)
-        createTiles(visibleRect, scaledContentsRect);
+        createTiles(visibleRect, scaledContentsRect, coverAreaMultiplier);
 }
 
 void TiledBackingStore::invalidate(const IntRect& contentsDirtyRect)
@@ -143,13 +145,14 @@
     return coverageRatio(intersection(m_visibleRect, m_rect)) == 1.0f;
 }
 
-void TiledBackingStore::createTiles(const IntRect& visibleRect, const IntRect& scaledContentsRect)
+void TiledBackingStore::createTiles(const IntRect& visibleRect, const IntRect& scaledContentsRect, float coverAreaMultiplier)
 {
     // Update our backing store geometry.
     const IntRect previousRect = m_rect;
     m_rect = scaledContentsRect;
     m_trajectoryVector = m_pendingTrajectoryVector;
     m_visibleRect = visibleRect;
+    m_coverAreaMultiplier = coverAreaMultiplier;
 
     if (m_rect.isEmpty()) {
         setCoverRect(IntRect());
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.h webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.h
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.h	2016-08-30 16:10:50.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.h	2017-02-10 07:50:30.000000000 +0000
@@ -66,7 +66,7 @@
     void setSupportsAlpha(bool);
 
 private:
-    void createTiles(const IntRect& visibleRect, const IntRect& scaledContentsRect);
+    void createTiles(const IntRect& visibleRect, const IntRect& scaledContentsRect, float coverAreaMultiplier);
     void computeCoverAndKeepRect(const IntRect& visibleRect, IntRect& coverRect, IntRect& keepRect) const;
 
     bool resizeEdgeTiles();
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/TextureMapperGL.cpp	2017-02-07 09:09:17.000000000 +0000
@@ -417,6 +417,16 @@
     drawTexture(textureGL.id(), textureGL.isOpaque() ? 0 : ShouldBlend, textureGL.size(), targetRect, matrix, opacity, exposedEdges);
 }
 
+static bool driverSupportsNPOTTextures(GraphicsContext3D& context)
+{
+    if (context.isGLES2Compliant()) {
+        static bool supportsNPOTTextures = context.getExtensions()->supports("GL_OES_texture_npot");
+        return supportsNPOTTextures;
+    }
+
+    return true;
+}
+
 void TextureMapperGL::drawTexture(Platform3DObject texture, Flags flags, const IntSize& textureSize, const FloatRect& targetRect, const TransformationMatrix& modelViewMatrix, float opacity, unsigned exposedEdges)
 {
     bool useRect = flags & ShouldUseARBTextureRect;
@@ -433,6 +443,8 @@
         options |= TextureMapperShaderProgram::Antialiasing;
         flags |= ShouldAntialias;
     }
+    if (wrapMode() == RepeatWrap && !driverSupportsNPOTTextures(*m_context3D))
+        options |= TextureMapperShaderProgram::ManualRepeat;
 
     RefPtr filter = data().filterInfo ? data().filterInfo->filter: 0;
     GC3Duint filterContentTextureID = 0;
@@ -554,7 +566,7 @@
     GC3Denum target = flags & ShouldUseARBTextureRect ? GC3Denum(Extensions3D::TEXTURE_RECTANGLE_ARB) : GC3Denum(GraphicsContext3D::TEXTURE_2D);
     m_context3D->bindTexture(target, texture);
     m_context3D->uniform1i(program.samplerLocation(), 0);
-    if (wrapMode() == RepeatWrap) {
+    if (wrapMode() == RepeatWrap && driverSupportsNPOTTextures(*m_context3D)) {
         m_context3D->texParameteri(GraphicsContext3D::TEXTURE_2D, GraphicsContext3D::TEXTURE_WRAP_S, GraphicsContext3D::REPEAT);
         m_context3D->texParameteri(GraphicsContext3D::TEXTURE_2D, GraphicsContext3D::TEXTURE_WRAP_T, GraphicsContext3D::REPEAT);
     }
@@ -676,7 +688,9 @@
     m_context3D->useProgram(program->programID());
     m_context3D->enableVertexAttribArray(program->vertexLocation());
     const GC3Dfloat unitRect[] = {0, 0, 1, 0, 1, 1, 0, 1};
-    m_context3D->vertexAttribPointer(program->vertexLocation(), 2, GraphicsContext3D::FLOAT, false, 0, GC3Dintptr(unitRect));
+    Platform3DObject vbo = data().getStaticVBO(GraphicsContext3D::ARRAY_BUFFER, sizeof(GC3Dfloat) * 8, unitRect);
+    m_context3D->bindBuffer(GraphicsContext3D::ARRAY_BUFFER, vbo);
+    m_context3D->vertexAttribPointer(program->vertexLocation(), 2, GraphicsContext3D::FLOAT, false, 0, 0);
 
     TransformationMatrix matrix(modelViewMatrix);
     matrix.multiply(TransformationMatrix::rectToRect(FloatRect(0, 0, 1, 1), targetRect));
@@ -706,6 +720,7 @@
     m_context3D->drawArrays(GraphicsContext3D::TRIANGLE_FAN, 0, 4);
 
     // Clear the state.
+    m_context3D->bindBuffer(GraphicsContext3D::ARRAY_BUFFER, 0);
     m_context3D->disableVertexAttribArray(program->vertexLocation());
     m_context3D->stencilMask(0);
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp	2017-01-17 13:43:04.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp	2017-02-07 09:22:21.000000000 +0000
@@ -72,9 +72,25 @@
 void TextureMapperPlatformLayerProxy::invalidate()
 {
     ASSERT(m_compositorThreadID == WTF::currentThread());
-    LockHolder locker(m_lock);
-    m_compositor = nullptr;
-    m_targetLayer = nullptr;
+    Function updateFunction;
+    {
+        LockHolder locker(m_lock);
+        m_compositor = nullptr;
+        m_targetLayer = nullptr;
+
+        m_currentBuffer = nullptr;
+        m_pendingBuffer = nullptr;
+        m_releaseUnusedBuffersTimer.stop();
+        m_usedBuffers.clear();
+
+        // Clear the timer and dispatch the update function manually now.
+        m_compositorThreadUpdateTimer = nullptr;
+        if (!m_compositorThreadUpdateFunction)
+            return;
+        updateFunction = WTFMove(m_compositorThreadUpdateFunction);
+    }
+
+    updateFunction();
 }
 
 bool TextureMapperPlatformLayerProxy::isActive()
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/TextureMapperShaderProgram.cpp webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/TextureMapperShaderProgram.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/TextureMapperShaderProgram.cpp	2016-10-31 09:21:12.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/TextureMapperShaderProgram.cpp	2017-02-07 08:50:29.000000000 +0000
@@ -159,6 +159,7 @@
 
         void noop(inout vec4 dummyParameter) { }
         void noop(inout vec4 dummyParameter, vec2 texCoord) { }
+        void noop(inout vec2 dummyParameter) { }
 
         float antialias() { return smoothstep(0., 1., v_antialias); }
 
@@ -170,6 +171,8 @@
 
         vec2 vertexTransformTexCoord() { return v_transformedTexCoord; }
 
+        void applyManualRepeat(inout vec2 pos) { pos = fract(pos); }
+
         void applyTexture(inout vec4 color, vec2 texCoord) { color = SamplerFunction(s_sampler, texCoord); }
         void applyOpacity(inout vec4 color) { color *= u_opacity; }
         void applyAntialiasing(inout vec4 color) { color *= antialias(); }
@@ -281,6 +284,7 @@
         {
             vec4 color = vec4(1., 1., 1., 1.);
             vec2 texCoord = transformTexCoord();
+            applyManualRepeatIfNeeded(texCoord);
             applyTextureIfNeeded(color, texCoord);
             applySolidColorIfNeeded(color);
             applyAntialiasingIfNeeded(color);
@@ -323,6 +327,7 @@
     SET_APPLIER_FROM_OPTIONS(BlurFilter);
     SET_APPLIER_FROM_OPTIONS(AlphaBlur);
     SET_APPLIER_FROM_OPTIONS(ContentTexture);
+    SET_APPLIER_FROM_OPTIONS(ManualRepeat);
 
     StringBuilder vertexShaderBuilder;
     vertexShaderBuilder.append(optionsApplierBuilder.toString());
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/TextureMapperShaderProgram.h webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/TextureMapperShaderProgram.h
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/texmap/TextureMapperShaderProgram.h	2016-10-13 08:26:50.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/texmap/TextureMapperShaderProgram.h	2017-02-07 08:50:29.000000000 +0000
@@ -60,7 +60,8 @@
         OpacityFilter    = 1L << 13,
         BlurFilter       = 1L << 14,
         AlphaBlur        = 1L << 15,
-        ContentTexture   = 1L << 16
+        ContentTexture   = 1L << 16,
+        ManualRepeat     = 1L << 17
     };
 
     typedef unsigned Options;
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/x11/PlatformDisplayX11.cpp webkit2gtk-2.14.5/Source/WebCore/platform/graphics/x11/PlatformDisplayX11.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/x11/PlatformDisplayX11.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/x11/PlatformDisplayX11.cpp	2017-02-07 09:05:46.000000000 +0000
@@ -98,7 +98,8 @@
     return m_supportsXComposite.value();
 }
 
-bool PlatformDisplayX11::supportsXDamage(Optional& damageEventBase) const
+
+bool PlatformDisplayX11::supportsXDamage(Optional& damageEventBase, Optional& damageErrorBase) const
 {
     if (!m_supportsXDamage) {
         m_supportsXDamage = false;
@@ -106,13 +107,16 @@
         if (m_display) {
             int eventBase, errorBase;
             m_supportsXDamage = XDamageQueryExtension(m_display, &eventBase, &errorBase);
-            if (m_supportsXDamage.value())
+            if (m_supportsXDamage.value()) {
                 m_damageEventBase = eventBase;
+                m_damageErrorBase = errorBase;
+            }
         }
 #endif
     }
 
     damageEventBase = m_damageEventBase;
+    damageErrorBase = m_damageErrorBase;
     return m_supportsXDamage.value();
 }
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/graphics/x11/PlatformDisplayX11.h webkit2gtk-2.14.5/Source/WebCore/platform/graphics/x11/PlatformDisplayX11.h
--- webkit2gtk-2.14.3/Source/WebCore/platform/graphics/x11/PlatformDisplayX11.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/graphics/x11/PlatformDisplayX11.h	2017-02-07 09:06:24.000000000 +0000
@@ -43,7 +43,8 @@
 
     Display* native() const { return m_display; }
     bool supportsXComposite() const;
-    bool supportsXDamage(Optional& damageEventBase) const;
+
+    bool supportsXDamage(Optional& damageEventBase, Optional& damageErrorBase) const;
 
 private:
     Type type() const override { return PlatformDisplay::Type::X11; }
@@ -56,6 +57,7 @@
     mutable Optional m_supportsXComposite;
     mutable Optional m_supportsXDamage;
     mutable Optional m_damageEventBase;
+    mutable Optional m_damageErrorBase;
 };
 
 } // namespace WebCore
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/gtk/po/de.po webkit2gtk-2.14.5/Source/WebCore/platform/gtk/po/de.po
--- webkit2gtk-2.14.3/Source/WebCore/platform/gtk/po/de.po	2017-01-17 13:47:54.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/gtk/po/de.po	2017-02-07 08:05:08.000000000 +0000
@@ -11,16 +11,16 @@
 msgstr ""
 "Project-Id-Version: webkit HEAD\n"
 "Report-Msgid-Bugs-To: https://bugs.webkit.org/\n"
-"POT-Creation-Date: 2016-12-25 03:35+0000\n"
-"PO-Revision-Date: 2016-12-25 10:53+0100\n"
-"Last-Translator: Bernd Homuth \n"
+"POT-Creation-Date: 2016-09-22 02:30+0000\n"
+"PO-Revision-Date: 2016-09-23 01:21+0200\n"
+"Last-Translator: Benedikt M. Thoma \n"
 "Language-Team: Deutsch \n"
 "Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Poedit 1.8.11\n"
+"X-Generator: Poedit 1.8.8\n"
 
 #: ../ErrorsGtk.cpp:32
 msgid "Load request cancelled"
@@ -327,346 +327,318 @@
 msgstr "Beschreibung"
 
 #: ../LocalizedStringsGtk.cpp:451
-msgid "details"
-msgstr "Details"
-
-#: ../LocalizedStringsGtk.cpp:456
-msgid "summary"
-msgstr "Zusammenfassung"
-
-#: ../LocalizedStringsGtk.cpp:461
-msgid "figure"
-msgstr "Abbildung"
-
-#: ../LocalizedStringsGtk.cpp:466
-msgid "output"
-msgstr "Ausgabe"
-
-#: ../LocalizedStringsGtk.cpp:471
-msgid "email field"
-msgstr "E-Mail-Feld"
-
-#: ../LocalizedStringsGtk.cpp:476
-msgid "telephone number field"
-msgstr "Telefonnummern-Feld"
-
-#: ../LocalizedStringsGtk.cpp:481
-msgid "URL field"
-msgstr "URL-Feld"
-
-#: ../LocalizedStringsGtk.cpp:486
-msgid "date field"
-msgstr "Datums-Feld"
-
-#: ../LocalizedStringsGtk.cpp:491
-msgid "time field"
-msgstr "Zeit-Feld"
-
-#: ../LocalizedStringsGtk.cpp:496
 msgid "footer"
 msgstr "Fußzeile"
 
-#: ../LocalizedStringsGtk.cpp:501
+#: ../LocalizedStringsGtk.cpp:456
 msgid "cancel"
 msgstr "Abbrechen"
 
-#: ../LocalizedStringsGtk.cpp:506
+#: ../LocalizedStringsGtk.cpp:461
 msgid "password auto fill"
 msgstr "Passwörter automatisch eintragen"
 
-#: ../LocalizedStringsGtk.cpp:511
+#: ../LocalizedStringsGtk.cpp:466
 msgid "contact info auto fill"
 msgstr "Kontaktdaten automatisch eintragen"
 
-#: ../LocalizedStringsGtk.cpp:516
+#: ../LocalizedStringsGtk.cpp:471
 msgid "press"
 msgstr "drücken"
 
-#: ../LocalizedStringsGtk.cpp:521
+#: ../LocalizedStringsGtk.cpp:476
 msgid "select"
 msgstr "markieren"
 
-#: ../LocalizedStringsGtk.cpp:526
+#: ../LocalizedStringsGtk.cpp:481
 msgid "activate"
 msgstr "aktivieren"
 
-#: ../LocalizedStringsGtk.cpp:531
+#: ../LocalizedStringsGtk.cpp:486
 msgid "uncheck"
 msgstr "abwählen"
 
-#: ../LocalizedStringsGtk.cpp:536
+#: ../LocalizedStringsGtk.cpp:491
 msgid "check"
 msgstr "wählen"
 
-#: ../LocalizedStringsGtk.cpp:541
+#: ../LocalizedStringsGtk.cpp:496
 msgid "jump"
 msgstr "überspringen"
 
-#: ../LocalizedStringsGtk.cpp:561
+#: ../LocalizedStringsGtk.cpp:516
 msgid "Missing Plug-in"
 msgstr "Fehlende Erweiterung"
 
-#: ../LocalizedStringsGtk.cpp:567
+#: ../LocalizedStringsGtk.cpp:522
 msgid "Plug-in Failure"
 msgstr "Versagen der Erweiterung"
 
 #. FIXME: If this file gets localized, this should really be localized as one string with a wildcard for the number.
-#: ../LocalizedStringsGtk.cpp:585
+#: ../LocalizedStringsGtk.cpp:540
 msgid " files"
 msgstr " Dateien"
 
-#: ../LocalizedStringsGtk.cpp:590
+#: ../LocalizedStringsGtk.cpp:545
 msgid "Unknown"
 msgstr "Unbekannt"
 
-#: ../LocalizedStringsGtk.cpp:595
+#: ../LocalizedStringsGtk.cpp:550
 #, c-format
 msgctxt "Title string for images"
 msgid "%s  (%dx%d pixels)"
 msgstr "%s  (%dx%d Pixel)"
 
-#: ../LocalizedStringsGtk.cpp:606
+#: ../LocalizedStringsGtk.cpp:561
 msgid "Loading..."
 msgstr "Ladevorgang …"
 
-#: ../LocalizedStringsGtk.cpp:611
+#: ../LocalizedStringsGtk.cpp:566
 msgid "Live Broadcast"
 msgstr "Live-Ausstrahlung"
 
-#: ../LocalizedStringsGtk.cpp:617
+#: ../LocalizedStringsGtk.cpp:572
 msgid "audio playback"
 msgstr "Audio-Wiedergabe"
 
-#: ../LocalizedStringsGtk.cpp:619
+#: ../LocalizedStringsGtk.cpp:574
 msgid "video playback"
 msgstr "Video-Wiedergabe"
 
-#: ../LocalizedStringsGtk.cpp:621
+#: ../LocalizedStringsGtk.cpp:576
 msgid "mute"
 msgstr "Stumm schalten"
 
-#: ../LocalizedStringsGtk.cpp:623
+#: ../LocalizedStringsGtk.cpp:578
 msgid "unmute"
 msgstr "Laut schalten"
 
-#: ../LocalizedStringsGtk.cpp:625
+#: ../LocalizedStringsGtk.cpp:580
 msgid "play"
 msgstr "Abspielen"
 
-#: ../LocalizedStringsGtk.cpp:627
+#: ../LocalizedStringsGtk.cpp:582
 msgid "pause"
 msgstr "Pausieren"
 
-#: ../LocalizedStringsGtk.cpp:629
+#: ../LocalizedStringsGtk.cpp:584
 msgid "movie time"
 msgstr "Filmdauer"
 
-#: ../LocalizedStringsGtk.cpp:631
+#: ../LocalizedStringsGtk.cpp:586
 msgid "timeline slider thumb"
 msgstr "Rollbalken-Schieber der Zeitleiste"
 
-#: ../LocalizedStringsGtk.cpp:633
+#: ../LocalizedStringsGtk.cpp:588
 msgid "back 30 seconds"
 msgstr "30 Sekunden zurück"
 
-#: ../LocalizedStringsGtk.cpp:635
+#: ../LocalizedStringsGtk.cpp:590
 msgid "return to realtime"
 msgstr "Auf Echtzeit zurückstellen"
 
-#: ../LocalizedStringsGtk.cpp:637
+#: ../LocalizedStringsGtk.cpp:592
 msgid "elapsed time"
 msgstr "Vergangene Zeit"
 
-#: ../LocalizedStringsGtk.cpp:639
+#: ../LocalizedStringsGtk.cpp:594
 msgid "remaining time"
 msgstr "Verbleibende Zeit"
 
-#: ../LocalizedStringsGtk.cpp:641
+#: ../LocalizedStringsGtk.cpp:596
 msgid "status"
 msgstr "Status"
 
-#: ../LocalizedStringsGtk.cpp:643
+#: ../LocalizedStringsGtk.cpp:598
 msgid "enter fullscreen"
 msgstr "Vollbild starten"
 
-#: ../LocalizedStringsGtk.cpp:645
+#: ../LocalizedStringsGtk.cpp:600
 msgid "exit fullscreen"
 msgstr "Vollbild verlassen"
 
-#: ../LocalizedStringsGtk.cpp:647
+#: ../LocalizedStringsGtk.cpp:602
 msgid "fast forward"
 msgstr "Vorspulen"
 
-#: ../LocalizedStringsGtk.cpp:649
+#: ../LocalizedStringsGtk.cpp:604
 msgid "fast reverse"
 msgstr "Zurückspulen"
 
-#: ../LocalizedStringsGtk.cpp:651
+#: ../LocalizedStringsGtk.cpp:606
 msgid "show closed captions"
 msgstr "geschlossene Beschriftung zeigen"
 
-#: ../LocalizedStringsGtk.cpp:653
+#: ../LocalizedStringsGtk.cpp:608
 msgid "hide closed captions"
 msgstr "geschlossene Beschriftung verbergen"
 
-#: ../LocalizedStringsGtk.cpp:655
+#: ../LocalizedStringsGtk.cpp:610
 msgid "media controls"
 msgstr "Medien-Steuerung"
 
-#: ../LocalizedStringsGtk.cpp:664
+#: ../LocalizedStringsGtk.cpp:619
 msgid "audio element playback controls and status display"
 msgstr "Wiedergabesteuerung und Statusanzeige für Audio-Elemente"
 
-#: ../LocalizedStringsGtk.cpp:666
+#: ../LocalizedStringsGtk.cpp:621
 msgid "video element playback controls and status display"
 msgstr "Wiedergabesteuerung und Statusanzeige für Video-Elemente"
 
-#: ../LocalizedStringsGtk.cpp:668
+#: ../LocalizedStringsGtk.cpp:623
 msgid "mute audio tracks"
 msgstr "Tonspuren stumm schalten"
 
-#: ../LocalizedStringsGtk.cpp:670
+#: ../LocalizedStringsGtk.cpp:625
 msgid "unmute audio tracks"
 msgstr "Tonspuren laut schalten"
 
-#: ../LocalizedStringsGtk.cpp:672
+#: ../LocalizedStringsGtk.cpp:627
 msgid "begin playback"
 msgstr "Wiedergabe starten"
 
-#: ../LocalizedStringsGtk.cpp:674
+#: ../LocalizedStringsGtk.cpp:629
 msgid "pause playback"
 msgstr "Wiedergabe pausieren"
 
-#: ../LocalizedStringsGtk.cpp:676
+#: ../LocalizedStringsGtk.cpp:631
 msgid "movie time scrubber"
 msgstr "Zeitschieber für Filme"
 
-#: ../LocalizedStringsGtk.cpp:678
+#: ../LocalizedStringsGtk.cpp:633
 msgid "movie time scrubber thumb"
 msgstr "Zeitschiebergriff für Filme"
 
-#: ../LocalizedStringsGtk.cpp:680
+#: ../LocalizedStringsGtk.cpp:635
 msgid "seek movie back 30 seconds"
 msgstr "Film 30 Sekunden zurückspulen"
 
-#: ../LocalizedStringsGtk.cpp:682
+#: ../LocalizedStringsGtk.cpp:637
 msgid "return streaming movie to real time"
 msgstr "Streaming-Video auf Echtzeit zurückstellen"
 
-#: ../LocalizedStringsGtk.cpp:684
+#: ../LocalizedStringsGtk.cpp:639
 msgid "current movie time in seconds"
 msgstr "Aktuelle Filmwiedergabezeit in Sekunden"
 
-#: ../LocalizedStringsGtk.cpp:686
+#: ../LocalizedStringsGtk.cpp:641
 msgid "number of seconds of movie remaining"
 msgstr "Anzahl verbleibender Sekunden des Films"
 
-#: ../LocalizedStringsGtk.cpp:688
+#: ../LocalizedStringsGtk.cpp:643
 msgid "current movie status"
 msgstr "Status des aktuellen Films"
 
-#: ../LocalizedStringsGtk.cpp:690
+#: ../LocalizedStringsGtk.cpp:645
 msgid "seek quickly back"
 msgstr "Schnell zurückspulen"
 
-#: ../LocalizedStringsGtk.cpp:692
+#: ../LocalizedStringsGtk.cpp:647
 msgid "seek quickly forward"
 msgstr "Schnell vorspulen"
 
-#: ../LocalizedStringsGtk.cpp:694
+#: ../LocalizedStringsGtk.cpp:649
 msgid "Play movie in fullscreen mode"
 msgstr "Den momentanen Film im Vollbildmodus wiedergeben"
 
-#: ../LocalizedStringsGtk.cpp:696
+#: ../LocalizedStringsGtk.cpp:651
 msgid "Exit fullscreen mode"
 msgstr "Den Vollbildmodus verlassen"
 
-#: ../LocalizedStringsGtk.cpp:698
+#: ../LocalizedStringsGtk.cpp:653
 msgid "start displaying closed captions"
 msgstr "beginnen, geschlossene Beschriftung zu zeigen"
 
-#: ../LocalizedStringsGtk.cpp:700
+#: ../LocalizedStringsGtk.cpp:655
 msgid "stop displaying closed captions"
 msgstr "beenden, geschlossene Beschriftung zu zeigen"
 
-#: ../LocalizedStringsGtk.cpp:709
+#: ../LocalizedStringsGtk.cpp:664
 msgid "indefinite time"
 msgstr "Unbegrenzte Zeit"
 
-#: ../LocalizedStringsGtk.cpp:739
+#: ../LocalizedStringsGtk.cpp:694
 msgid "value missing"
 msgstr "Wert fehlt"
 
-#: ../LocalizedStringsGtk.cpp:775
+#: ../LocalizedStringsGtk.cpp:730
 msgid "type mismatch"
 msgstr "Typ passt nicht"
 
-#: ../LocalizedStringsGtk.cpp:798
+#: ../LocalizedStringsGtk.cpp:753
 msgid "pattern mismatch"
 msgstr "Muster passt nicht"
 
-#: ../LocalizedStringsGtk.cpp:803
+#: ../LocalizedStringsGtk.cpp:758
 msgid "too short"
 msgstr "Zu kurz"
 
-#: ../LocalizedStringsGtk.cpp:808
+#: ../LocalizedStringsGtk.cpp:763
 msgid "too long"
 msgstr "Zu lang"
 
-#: ../LocalizedStringsGtk.cpp:813
+#: ../LocalizedStringsGtk.cpp:768
 msgid "range underflow"
 msgstr "Bereich unterschritten"
 
-#: ../LocalizedStringsGtk.cpp:818
+#: ../LocalizedStringsGtk.cpp:773
 msgid "range overflow"
 msgstr "Bereich überschritten"
 
-#: ../LocalizedStringsGtk.cpp:823
+#: ../LocalizedStringsGtk.cpp:778
 msgid "step mismatch"
 msgstr "Schritt passt nicht"
 
-#: ../LocalizedStringsGtk.cpp:828
+#: ../LocalizedStringsGtk.cpp:783
 msgid "Unacceptable TLS certificate"
 msgstr "Inakzeptables TLS-Zertifikat"
 
-#: ../LocalizedStringsGtk.cpp:845
+#: ../LocalizedStringsGtk.cpp:800
 msgctxt "Menu section heading for subtitles"
 msgid "Subtitles"
 msgstr "Untertitel"
 
-#: ../LocalizedStringsGtk.cpp:850
+#: ../LocalizedStringsGtk.cpp:805
 msgctxt ""
 "Menu item label for the track that represents disabling closed captions"
 msgid "Off"
 msgstr "Aus"
 
-#: ../LocalizedStringsGtk.cpp:855
+#: ../LocalizedStringsGtk.cpp:810
 msgctxt "Menu item label for the automatically chosen track"
 msgid "Auto"
 msgstr "Automatisch"
 
-#: ../LocalizedStringsGtk.cpp:860
+#: ../LocalizedStringsGtk.cpp:815
 msgctxt "Menu item label for a closed captions track that has no other name"
 msgid "No label"
 msgstr "Keine Beschriftung"
 
-#: ../LocalizedStringsGtk.cpp:865
+#: ../LocalizedStringsGtk.cpp:820
 msgctxt "Menu item label for an audio track that has no other name"
 msgid "No label"
 msgstr "Keine Beschriftung"
 
 # Snapshot == Speicherauszug?
-#: ../LocalizedStringsGtk.cpp:871
+#: ../LocalizedStringsGtk.cpp:826
 msgctxt "Snapshotted Plug-In"
 msgid "Title of the label to show on a snapshotted plug-in"
 msgstr "Beschriftung für den Speicherauszug einer Erweiterung"
 
 # Snapshot == Speicherauszug?
-#: ../LocalizedStringsGtk.cpp:876
+#: ../LocalizedStringsGtk.cpp:831
 msgctxt "Click to restart"
 msgid "Subtitle of the label to show on a snapshotted plug-in"
 msgstr "Untertitel der Beschriftung für den Speicherauszug einer Erweiterung"
 
+#: ../../../../WebKit2/NetworkProcess/Downloads/soup/DownloadSoup.cpp:100
+#, c-format
+msgid ""
+"Cannot determine destination URI for download with suggested filename %s"
+msgstr ""
+"Zieladresse zum Herunterladen mit vorgeschlagenem Dateinamen %s kann nicht "
+"bestimmt werden"
+
 #. Title of the HTTP authentication dialog.
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitAuthenticationDialog.cpp:93
 msgid "Authentication Required"
@@ -1493,7 +1465,7 @@
 msgid "The response of the resource"
 msgstr "Die Antwort der Ressource"
 
-#: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp:1246
+#: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp:1238
 msgid "Website running in fullscreen mode"
 msgstr "Internetseite läuft im Vollbildmodus"
 
@@ -1547,7 +1519,7 @@
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:843
 msgid "The WebKitSettings of the view"
-msgstr "Die WebKit-Einstellungen der Ansicht"
+msgstr "Das WebKit-Einstellungen der Ansicht"
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:859
 msgid "WebView user content manager"
@@ -1571,7 +1543,7 @@
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:893
 msgid "An estimate of the percent completion for a document load"
-msgstr "Geschätzter Ladefortschritt eines Dokuments in Prozent"
+msgstr "Eine Schätzung der abgeschlossenen Prozent beim Laden eines Dokuments"
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:905
 msgid "Favicon"
@@ -1579,7 +1551,7 @@
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:906
 msgid "The favicon associated to the view, if any"
-msgstr "Das Favoritensymbol der Ansicht, falls vorhanden"
+msgstr "Das Favoritensymbol der Ansicht falls vorhanden"
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:918
 msgid "The current active URI of the view"
@@ -1591,7 +1563,7 @@
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:934
 msgid "The zoom level of the view content"
-msgstr "Die Vergrößerungsstufe der Inhaltsansicht"
+msgstr "Die Vergrößerungsstufe des Inhalts der Ansicht"
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:953
 msgid "Is Loading"
@@ -1617,13 +1589,13 @@
 msgid "An exception was raised in JavaScript"
 msgstr "Ein Fehler ist in JavaScript aufgetreten"
 
-#: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:3413
+#: ../../../../WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:3415
 msgid "There was an error creating the snapshot"
 msgstr "Es trat ein Fehler beim Erstellen des Schnappschusses auf"
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWindowProperties.cpp:210
 msgid "Geometry"
-msgstr "Fenstereinstellung"
+msgstr "Geometrie"
 
 #: ../../../../WebKit2/UIProcess/API/gtk/WebKitWindowProperties.cpp:211
 msgid "The size and position of the window on the screen."
@@ -1692,12 +1664,6 @@
 msgid "Web Inspector"
 msgstr "Web-Inspector"
 
-#~ msgid ""
-#~ "Cannot determine destination URI for download with suggested filename %s"
-#~ msgstr ""
-#~ "Zieladresse zum Herunterladen mit vorgeschlagenem Dateinamen %s kann "
-#~ "nicht bestimmt werden"
-
 #~ msgctxt "Closed Captions"
 #~ msgid "Menu section heading for closed captions"
 #~ msgstr "Überschrift im Menüabschnitt für geschlossene Beschriftungen"
diff -Nru webkit2gtk-2.14.3/Source/WebCore/platform/text/hyphen/HyphenationLibHyphen.cpp webkit2gtk-2.14.5/Source/WebCore/platform/text/hyphen/HyphenationLibHyphen.cpp
--- webkit2gtk-2.14.3/Source/WebCore/platform/text/hyphen/HyphenationLibHyphen.cpp	2017-01-17 13:09:22.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/platform/text/hyphen/HyphenationLibHyphen.cpp	2017-02-08 11:50:08.000000000 +0000
@@ -247,7 +247,11 @@
     char* hyphenArrayData = hyphenArray.data();
 
     String lowercaseLocaleIdentifier = AtomicString(localeIdentifier.string().convertToASCIILowercase());
-    ASSERT(availableLocales().contains(lowercaseLocaleIdentifier));
+
+    // Web content may specify strings for locales which do not exist or that we do not have.
+    if (!availableLocales().contains(lowercaseLocaleIdentifier))
+        return 0;
+
     for (const auto& dictionaryPath : availableLocales().get(lowercaseLocaleIdentifier)) {
         RefPtr dictionary = WTF::TinyLRUCachePolicy>::cache().get(AtomicString(dictionaryPath));
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/rendering/RenderBlock.cpp webkit2gtk-2.14.5/Source/WebCore/rendering/RenderBlock.cpp
--- webkit2gtk-2.14.3/Source/WebCore/rendering/RenderBlock.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/rendering/RenderBlock.cpp	2017-02-09 08:13:36.000000000 +0000
@@ -683,7 +683,7 @@
 void RenderBlock::deleteLines()
 {
     if (AXObjectCache* cache = document().existingAXObjectCache())
-        cache->recomputeIsIgnored(this);
+        cache->recomputeDeferredIsIgnored(*this);
 }
 
 void RenderBlock::makeChildrenNonInline(RenderObject* insertionPoint)
diff -Nru webkit2gtk-2.14.3/Source/WebCore/rendering/RenderBlockLineLayout.cpp webkit2gtk-2.14.5/Source/WebCore/rendering/RenderBlockLineLayout.cpp
--- webkit2gtk-2.14.3/Source/WebCore/rendering/RenderBlockLineLayout.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/rendering/RenderBlockLineLayout.cpp	2017-02-09 08:13:36.000000000 +0000
@@ -130,7 +130,7 @@
 
     if (UNLIKELY(AXObjectCache::accessibilityEnabled()) && firstRootBox() == rootBox) {
         if (AXObjectCache* cache = document().existingAXObjectCache())
-            cache->recomputeIsIgnored(this);
+            cache->recomputeDeferredIsIgnored(*this);
     }
 
     return rootBox;
diff -Nru webkit2gtk-2.14.3/Source/WebCore/rendering/RenderLayerBacking.cpp webkit2gtk-2.14.5/Source/WebCore/rendering/RenderLayerBacking.cpp
--- webkit2gtk-2.14.3/Source/WebCore/rendering/RenderLayerBacking.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/rendering/RenderLayerBacking.cpp	2017-02-07 09:01:16.000000000 +0000
@@ -2234,6 +2234,10 @@
 
 bool RenderLayerBacking::paintsIntoWindow() const
 {
+#if USE(COORDINATED_GRAPHICS_THREADED)
+        return false;
+#endif
+
     if (m_usingTiledCacheLayer)
         return false;
 
diff -Nru webkit2gtk-2.14.3/Source/WebCore/rendering/RenderLayerCompositor.cpp webkit2gtk-2.14.5/Source/WebCore/rendering/RenderLayerCompositor.cpp
--- webkit2gtk-2.14.3/Source/WebCore/rendering/RenderLayerCompositor.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/rendering/RenderLayerCompositor.cpp	2017-02-07 09:03:28.000000000 +0000
@@ -798,7 +798,7 @@
 
 void RenderLayerCompositor::appendDocumentOverlayLayers(Vector& childList)
 {
-    if (!isMainFrameCompositor())
+    if (!isMainFrameCompositor() || !m_compositing)
         return;
 
     Frame& frame = m_renderView.frameView().frame();
@@ -3588,8 +3588,10 @@
             return;
 
         page->chrome().client().attachRootGraphicsLayer(&frame, 0);
-        if (frame.isMainFrame())
+        if (frame.isMainFrame()) {
             page->chrome().client().attachViewOverlayGraphicsLayer(&frame, 0);
+            frame.mainFrame().pageOverlayController().willDetachRootLayer();
+        }
     }
     break;
     case RootLayerUnattached:
diff -Nru webkit2gtk-2.14.3/Source/WebCore/rendering/RenderObject.h webkit2gtk-2.14.5/Source/WebCore/rendering/RenderObject.h
--- webkit2gtk-2.14.3/Source/WebCore/rendering/RenderObject.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/rendering/RenderObject.h	2017-02-09 08:16:57.000000000 +0000
@@ -412,7 +412,7 @@
         // RenderBlock::createAnonymousBlock(). This includes creating an anonymous
         // RenderBlock having a BLOCK or BOX display. Other classes such as RenderTextFragment
         // are not RenderBlocks and will return false. See https://bugs.webkit.org/show_bug.cgi?id=56709. 
-        return isAnonymous() && (style().display() == BLOCK || style().display() == BOX) && style().styleType() == NOPSEUDO && isRenderBlock() && !isListMarker() && !isRenderFlowThread() && !isRenderMultiColumnSet() && !isRenderView()
+        return isAnonymous() && (style().display() == BLOCK || style().display() == BOX) && style().styleType() == NOPSEUDO && isRenderBlock() && !isListMarker() && !isRenderFlowThread() && !isRenderNamedFlowFragment() && !isRenderMultiColumnSet() && !isRenderView()
 #if ENABLE(FULLSCREEN_API)
             && !isRenderFullScreen()
             && !isRenderFullScreenPlaceholder()
diff -Nru webkit2gtk-2.14.3/Source/WebCore/svg/SVGUseElement.cpp webkit2gtk-2.14.5/Source/WebCore/svg/SVGUseElement.cpp
--- webkit2gtk-2.14.3/Source/WebCore/svg/SVGUseElement.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebCore/svg/SVGUseElement.cpp	2017-02-09 16:17:47.000000000 +0000
@@ -261,7 +261,7 @@
     auto* root = userAgentShadowRoot();
     if (!root)
         return nullptr;
-    return downcast(root->firstChild());
+    return childrenOfType(*root).first();
 }
 
 RenderPtr SVGUseElement::createElementRenderer(RenderStyle&& style, const RenderTreePosition&)
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/NetworkProcess/CustomProtocols/CustomProtocolManager.h webkit2gtk-2.14.5/Source/WebKit2/NetworkProcess/CustomProtocols/CustomProtocolManager.h
--- webkit2gtk-2.14.3/Source/WebKit2/NetworkProcess/CustomProtocols/CustomProtocolManager.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/NetworkProcess/CustomProtocols/CustomProtocolManager.h	2017-02-08 10:54:48.000000000 +0000
@@ -27,6 +27,7 @@
 #define CustomProtocolManager_h
 
 #include "Connection.h"
+#include "MessageReceiver.h"
 #include "NetworkProcessSupplement.h"
 #include 
 #include 
@@ -59,7 +60,13 @@
 class ChildProcess;
 struct NetworkProcessCreationParameters;
 
-class CustomProtocolManager : public NetworkProcessSupplement, public IPC::Connection::WorkQueueMessageReceiver {
+class CustomProtocolManager : public NetworkProcessSupplement
+#if PLATFORM(COCOA)
+    , public IPC::Connection::WorkQueueMessageReceiver {
+#endif
+#if USE(SOUP)
+    , public IPC::MessageReceiver {
+#endif
     WTF_MAKE_NONCOPYABLE(CustomProtocolManager);
 public:
     explicit CustomProtocolManager(ChildProcess*);
@@ -81,15 +88,17 @@
 #endif
 
 private:
+#if PLATFORM(COCOA)
     // ChildProcessSupplement
     void initializeConnection(IPC::Connection*) override;
-
-    // NetworkProcessSupplement
-    void initialize(const NetworkProcessCreationParameters&) override;
+#endif
 
     // IPC::MessageReceiver
     void didReceiveMessage(IPC::Connection&, IPC::Decoder&) override;
 
+    // NetworkProcessSupplement
+    void initialize(const NetworkProcessCreationParameters&) override;
+
     void didFailWithError(uint64_t customProtocolID, const WebCore::ResourceError&);
     void didLoadData(uint64_t customProtocolID, const IPC::DataReference&);
     void didReceiveResponse(uint64_t customProtocolID, const WebCore::ResourceResponse&, uint32_t cacheStoragePolicy);
@@ -97,9 +106,9 @@
     void wasRedirectedToRequest(uint64_t customProtocolID, const WebCore::ResourceRequest&, const WebCore::ResourceResponse& redirectResponse);
 
     ChildProcess* m_childProcess;
-    RefPtr m_messageQueue;
 
 #if PLATFORM(COCOA)
+    RefPtr m_messageQueue;
     HashSet m_registeredSchemes;
     Lock m_registeredSchemesMutex;
 
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/NetworkProcess/CustomProtocols/soup/CustomProtocolManagerSoup.cpp webkit2gtk-2.14.5/Source/WebKit2/NetworkProcess/CustomProtocols/soup/CustomProtocolManagerSoup.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/NetworkProcess/CustomProtocols/soup/CustomProtocolManagerSoup.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/NetworkProcess/CustomProtocols/soup/CustomProtocolManagerSoup.cpp	2017-02-08 10:53:51.000000000 +0000
@@ -24,7 +24,6 @@
 #include "CustomProtocolManagerImpl.h"
 #include "CustomProtocolManagerMessages.h"
 #include "NetworkProcessCreationParameters.h"
-#include "WebProcessCreationParameters.h"
 #include 
 
 namespace WebKit {
@@ -36,14 +35,9 @@
 
 CustomProtocolManager::CustomProtocolManager(ChildProcess* childProcess)
     : m_childProcess(childProcess)
-    , m_messageQueue(WorkQueue::create("com.apple.WebKit.CustomProtocolManager"))
     , m_impl(std::make_unique(childProcess))
 {
-}
-
-void CustomProtocolManager::initializeConnection(IPC::Connection* connection)
-{
-    connection->addWorkQueueMessageReceiver(Messages::CustomProtocolManager::messageReceiverName(), m_messageQueue.get(), this);
+    m_childProcess->addMessageReceiver(Messages::CustomProtocolManager::messageReceiverName(), *this);
 }
 
 void CustomProtocolManager::initialize(const NetworkProcessCreationParameters& parameters)
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp	2016-12-20 11:07:45.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp	2017-02-07 09:20:58.000000000 +0000
@@ -598,6 +598,9 @@
 
 void CoordinatedGraphicsScene::commitSceneState(const CoordinatedGraphicsState& state)
 {
+    if (!m_client)
+        return;
+
     m_renderedContentsScrollPosition = state.scrollPosition;
 
     createLayers(state.layersToCreate);
@@ -673,6 +676,8 @@
     m_surfaceBackingStores.clear();
 #endif
 #if USE(COORDINATED_GRAPHICS_THREADED)
+    for (auto& proxy : m_platformLayerProxies.values())
+        proxy->invalidate();
     m_platformLayerProxies.clear();
 #endif
     m_surfaces.clear();
@@ -707,9 +712,10 @@
 void CoordinatedGraphicsScene::detach()
 {
     ASSERT(isMainThread());
-    m_renderQueue.clear();
     m_isActive = false;
     m_client = nullptr;
+    LockHolder locker(m_renderQueueMutex);
+    m_renderQueue.clear();
 }
 
 void CoordinatedGraphicsScene::appendUpdate(std::function&& function)
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/SimpleViewportController.cpp webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/SimpleViewportController.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/SimpleViewportController.cpp	2016-09-19 12:18:06.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/SimpleViewportController.cpp	2017-02-07 09:24:18.000000000 +0000
@@ -28,7 +28,8 @@
 
 namespace WebKit {
 
-SimpleViewportController::SimpleViewportController()
+SimpleViewportController::SimpleViewportController(const IntSize& size)
+    : m_viewportSize(size)
 {
     resetViewportToDefaultState();
 }
@@ -56,7 +57,7 @@
     }
 }
 
-void SimpleViewportController::didChangeViewportAttributes(const ViewportAttributes& newAttributes)
+void SimpleViewportController::didChangeViewportAttributes(ViewportAttributes&& newAttributes)
 {
     if (newAttributes.layoutSize.isEmpty()) {
         resetViewportToDefaultState();
@@ -65,7 +66,7 @@
 
     m_hasViewportAttribute = true;
 
-    m_rawAttributes = newAttributes;
+    m_rawAttributes = WTFMove(newAttributes);
     m_allowsUserScaling = m_rawAttributes.userScalable;
     m_initiallyFitToViewport = m_rawAttributes.initialScale < 0;
 
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/SimpleViewportController.h webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/SimpleViewportController.h
--- webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/SimpleViewportController.h	2016-09-19 12:18:06.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/SimpleViewportController.h	2017-02-07 09:24:18.000000000 +0000
@@ -37,11 +37,11 @@
 class SimpleViewportController {
     WTF_MAKE_NONCOPYABLE(SimpleViewportController);
 public:
-    SimpleViewportController();
+    SimpleViewportController(const WebCore::IntSize&);
 
     void didChangeViewportSize(const WebCore::IntSize&);
     void didChangeContentsSize(const WebCore::IntSize&);
-    void didChangeViewportAttributes(const WebCore::ViewportAttributes&);
+    void didChangeViewportAttributes(WebCore::ViewportAttributes&&);
     void didScroll(const WebCore::IntPoint&);
 
     WebCore::FloatRect visibleContentsRect() const;
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp	2016-10-19 13:44:07.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp	2017-02-07 09:13:52.000000000 +0000
@@ -119,7 +119,11 @@
 
 CompositingRunLoop::~CompositingRunLoop()
 {
-    WorkQueuePool::singleton().invalidate(this);
+    ASSERT(isMainThread());
+    // Make sure the WorkQueue is deleted after the CompositingRunLoop, because m_updateTimer has a reference
+    // of the WorkQueue run loop. Passing this is not a problem because the pointer will only be used as a
+    // HashMap key by WorkQueuePool.
+    RunLoop::main().dispatch([context = this] { WorkQueuePool::singleton().invalidate(context); });
 }
 
 void CompositingRunLoop::performTask(Function&& function)
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp	2017-01-17 10:55:45.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp	2017-02-07 09:11:51.000000000 +0000
@@ -42,21 +42,28 @@
 
 namespace WebKit {
 
-Ref ThreadedCompositor::create(Client& client, uint64_t nativeSurfaceHandle, ShouldDoFrameSync doFrameSync, TextureMapper::PaintFlags paintFlags)
+Ref ThreadedCompositor::create(Client& client, const IntSize& viewportSize, float scaleFactor, uint64_t nativeSurfaceHandle, ShouldDoFrameSync doFrameSync, TextureMapper::PaintFlags paintFlags)
 {
-    return adoptRef(*new ThreadedCompositor(client, nativeSurfaceHandle, doFrameSync, paintFlags));
+    return adoptRef(*new ThreadedCompositor(client, viewportSize, scaleFactor, nativeSurfaceHandle, doFrameSync, paintFlags));
 }
 
-ThreadedCompositor::ThreadedCompositor(Client& client, uint64_t nativeSurfaceHandle, ShouldDoFrameSync doFrameSync, TextureMapper::PaintFlags paintFlags)
+ThreadedCompositor::ThreadedCompositor(Client& client, const IntSize& viewportSize, float scaleFactor, uint64_t nativeSurfaceHandle, ShouldDoFrameSync doFrameSync, TextureMapper::PaintFlags paintFlags)
     : m_client(client)
+    , m_viewportSize(viewportSize)
+    , m_scaleFactor(scaleFactor)
     , m_nativeSurfaceHandle(nativeSurfaceHandle)
     , m_doFrameSync(doFrameSync)
     , m_paintFlags(paintFlags)
+    , m_needsResize(!viewportSize.isEmpty())
     , m_compositingRunLoop(std::make_unique([this] { renderLayerTree(); }))
 {
     m_compositingRunLoop->performTaskSync([this, protectedThis = makeRef(*this)] {
         m_scene = adoptRef(new CoordinatedGraphicsScene(this));
-        m_scene->setActive(!!m_nativeSurfaceHandle);
+        if (m_nativeSurfaceHandle) {
+            createGLContext();
+            m_scene->setActive(true);
+        } else
+            m_scene->setActive(false);
     });
 }
 
@@ -64,6 +71,21 @@
 {
 }
 
+void ThreadedCompositor::createGLContext()
+{
+    ASSERT(!isMainThread());
+    ASSERT(m_nativeSurfaceHandle);
+
+    m_context = GLContext::createContextForWindow(reinterpret_cast(m_nativeSurfaceHandle), &PlatformDisplay::sharedDisplayForCompositing());
+    if (!m_context)
+        return;
+
+    if (m_doFrameSync == ShouldDoFrameSync::No) {
+        if (m_context->makeContextCurrent())
+            m_context->swapInterval(0);
+    }
+}
+
 void ThreadedCompositor::invalidate()
 {
     m_scene->detach();
@@ -80,13 +102,16 @@
 {
     m_compositingRunLoop->stopUpdateTimer();
     m_compositingRunLoop->performTaskSync([this, protectedThis = makeRef(*this), handle] {
-        m_scene->setActive(!!handle);
-
         // A new native handle can't be set without destroying the previous one first if any.
         ASSERT(!!handle ^ !!m_nativeSurfaceHandle);
         m_nativeSurfaceHandle = handle;
-        if (!m_nativeSurfaceHandle)
+        if (m_nativeSurfaceHandle) {
+            createGLContext();
+            m_scene->setActive(true);
+        } else {
+            m_scene->setActive(false);
             m_context = nullptr;
+        }
     });
 }
 
@@ -147,27 +172,6 @@
     m_compositingRunLoop->startUpdateTimer(CompositingRunLoop::Immediate);
 }
 
-bool ThreadedCompositor::makeContextCurrent()
-{
-    if (m_context)
-        return m_context->makeContextCurrent();
-
-    if (!m_nativeSurfaceHandle)
-        return false;
-
-    m_context = GLContext::createContextForWindow(reinterpret_cast(m_nativeSurfaceHandle), &PlatformDisplay::sharedDisplayForCompositing());
-    if (!m_context)
-        return false;
-
-    if (!m_context->makeContextCurrent())
-        return false;
-
-    if (m_doFrameSync == ShouldDoFrameSync::No)
-        m_context->swapInterval(0);
-
-    return true;
-}
-
 void ThreadedCompositor::forceRepaint()
 {
     m_compositingRunLoop->performTaskSync([this, protectedThis = makeRef(*this)] {
@@ -180,7 +184,7 @@
     if (!m_scene || !m_scene->isActive())
         return;
 
-    if (!makeContextCurrent())
+    if (!m_context || !m_context->makeContextCurrent())
         return;
 
     if (m_needsResize) {
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.h webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.h
--- webkit2gtk-2.14.3/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.h	2016-10-19 13:44:07.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.h	2017-02-07 09:11:51.000000000 +0000
@@ -58,7 +58,7 @@
 
     enum class ShouldDoFrameSync { No, Yes };
 
-    static Ref create(Client&, uint64_t nativeSurfaceHandle = 0, ShouldDoFrameSync = ShouldDoFrameSync::Yes, WebCore::TextureMapper::PaintFlags = 0);
+    static Ref create(Client&, const WebCore::IntSize&, float scaleFactor, uint64_t nativeSurfaceHandle = 0, ShouldDoFrameSync = ShouldDoFrameSync::Yes, WebCore::TextureMapper::PaintFlags = 0);
     virtual ~ThreadedCompositor();
 
     void setNativeSurfaceHandleForCompositing(uint64_t);
@@ -74,7 +74,7 @@
     void forceRepaint();
 
 private:
-    ThreadedCompositor(Client&, uint64_t nativeSurfaceHandle, ShouldDoFrameSync, WebCore::TextureMapper::PaintFlags);
+    ThreadedCompositor(Client&, const WebCore::IntSize&, float scaleFactor, uint64_t nativeSurfaceHandle, ShouldDoFrameSync, WebCore::TextureMapper::PaintFlags);
 
     // CoordinatedGraphicsSceneClient
     void renderNextFrame() override;
@@ -84,7 +84,7 @@
     void renderLayerTree();
     void scheduleDisplayImmediately();
 
-    bool makeContextCurrent();
+    void createGLContext();
 
     Client& m_client;
     RefPtr m_scene;
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/Shared/WebPreferencesDefinitions.h webkit2gtk-2.14.5/Source/WebKit2/Shared/WebPreferencesDefinitions.h
--- webkit2gtk-2.14.3/Source/WebKit2/Shared/WebPreferencesDefinitions.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/Shared/WebPreferencesDefinitions.h	2017-02-09 08:22:46.000000000 +0000
@@ -133,6 +133,7 @@
     macro(WebArchiveDebugModeEnabled, webArchiveDebugModeEnabled, Bool, bool, false, "", "") \
     macro(LocalFileContentSniffingEnabled, localFileContentSniffingEnabled, Bool, bool, false, "", "") \
     macro(UsesPageCache, usesPageCache, Bool, bool, true, "", "") \
+    macro(AllowsPageCacheWithWindowOpener, allowsPageCacheWithWindowOpener, Bool, bool, false, "", "") \
     macro(PageCacheSupportsPlugins, pageCacheSupportsPlugins, Bool, bool, true, "", "") \
     macro(AuthorAndUserStylesEnabled, authorAndUserStylesEnabled, Bool, bool, true, "", "") \
     macro(PaginateDuringLayoutEnabled, paginateDuringLayoutEnabled, Bool, bool, false, "", "") \
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp webkit2gtk-2.14.5/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp	2017-02-09 08:22:46.000000000 +0000
@@ -623,6 +623,16 @@
     return toImpl(preferencesRef)->usesPageCache();
 }
 
+void WKPreferencesSetAllowsPageCacheWithWindowOpener(WKPreferencesRef preferencesRef, bool enabled)
+{
+    toImpl(preferencesRef)->setAllowsPageCacheWithWindowOpener(enabled);
+}
+
+bool WKPreferencesGetAllowsPageCacheWithWindowOpener(WKPreferencesRef preferencesRef)
+{
+    return toImpl(preferencesRef)->allowsPageCacheWithWindowOpener();
+}
+
 void WKPreferencesSetPageCacheSupportsPlugins(WKPreferencesRef preferencesRef, bool pageCacheSupportsPlugins)
 {
     toImpl(preferencesRef)->setPageCacheSupportsPlugins(pageCacheSupportsPlugins);
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h webkit2gtk-2.14.5/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h
--- webkit2gtk-2.14.3/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h	2017-02-09 08:22:46.000000000 +0000
@@ -143,6 +143,10 @@
 WK_EXPORT void WKPreferencesSetPageCacheEnabled(WKPreferencesRef preferences, bool enabled);
 WK_EXPORT bool WKPreferencesGetPageCacheEnabled(WKPreferencesRef preferences);
 
+// Defaults to false.
+WK_EXPORT void WKPreferencesSetAllowsPageCacheWithWindowOpener(WKPreferencesRef preferences, bool enabled);
+WK_EXPORT bool WKPreferencesGetAllowsPageCacheWithWindowOpener(WKPreferencesRef preferences);
+
 // Defaults to true.
 WK_EXPORT void WKPreferencesSetPageCacheSupportsPlugins(WKPreferencesRef preferences, bool pageCacheSupportsPlugins);
 WK_EXPORT bool WKPreferencesGetPageCacheSupportsPlugins(WKPreferencesRef preferences);
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/UIProcess/DrawingAreaProxyImpl.cpp webkit2gtk-2.14.5/Source/WebKit2/UIProcess/DrawingAreaProxyImpl.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/UIProcess/DrawingAreaProxyImpl.cpp	2016-09-19 12:20:01.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/UIProcess/DrawingAreaProxyImpl.cpp	2017-02-07 08:58:17.000000000 +0000
@@ -175,7 +175,7 @@
 
 void DrawingAreaProxyImpl::discardBackingStoreSoon()
 {
-    if (!m_isBackingStoreDiscardable || m_discardBackingStoreTimer.isActive())
+    if (!m_backingStore || !m_isBackingStoreDiscardable || m_discardBackingStoreTimer.isActive())
         return;
 
     // We'll wait this many seconds after the last paint before throwing away our backing store to save memory.
@@ -187,6 +187,8 @@
 
 void DrawingAreaProxyImpl::discardBackingStore()
 {
+    if (!m_backingStore)
+        return;
     m_backingStore = nullptr;
     backingStoreStateDidChange(DoNotRespondImmediately);
 }
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/UIProcess/gtk/AcceleratedBackingStoreX11.cpp webkit2gtk-2.14.5/Source/WebKit2/UIProcess/gtk/AcceleratedBackingStoreX11.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/UIProcess/gtk/AcceleratedBackingStoreX11.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/UIProcess/gtk/AcceleratedBackingStoreX11.cpp	2017-02-07 09:07:08.000000000 +0000
@@ -47,6 +47,7 @@
 namespace WebKit {
 
 static Optional s_damageEventBase;
+static Optional s_damageErrorBase;
 
 class XDamageNotifier {
     WTF_MAKE_NONCOPYABLE(XDamageNotifier);
@@ -105,7 +106,7 @@
 std::unique_ptr AcceleratedBackingStoreX11::create(WebPageProxy& webPage)
 {
     auto& display = downcast(PlatformDisplay::sharedDisplay());
-    if (!display.supportsXComposite() || !display.supportsXDamage(s_damageEventBase))
+    if (!display.supportsXComposite() || !display.supportsXDamage(s_damageEventBase, s_damageErrorBase))
         return nullptr;
     return std::unique_ptr(new AcceleratedBackingStoreX11(webPage));
 }
@@ -115,13 +116,19 @@
 {
 }
 
+static inline unsigned char xDamageErrorCode(unsigned char errorCode)
+{
+    ASSERT(s_damageErrorBase);
+    return static_cast(s_damageErrorBase.value()) + errorCode;
+}
+
 AcceleratedBackingStoreX11::~AcceleratedBackingStoreX11()
 {
     if (!m_surface && !m_damage)
         return;
 
     Display* display = downcast(PlatformDisplay::sharedDisplay()).native();
-    XErrorTrapper trapper(display, XErrorTrapper::Policy::Crash, { BadDrawable, BadDamage });
+    XErrorTrapper trapper(display, XErrorTrapper::Policy::Crash, { BadDrawable, xDamageErrorCode(BadDamage) });
     if (m_damage) {
         XDamageNotifier::singleton().remove(m_damage.get());
         m_damage.reset();
@@ -138,7 +145,7 @@
     Display* display = downcast(PlatformDisplay::sharedDisplay()).native();
 
     if (m_surface) {
-        XErrorTrapper trapper(display, XErrorTrapper::Policy::Crash, { BadDrawable, BadDamage });
+        XErrorTrapper trapper(display, XErrorTrapper::Policy::Crash, { BadDrawable, xDamageErrorCode(BadDamage) });
         if (m_damage) {
             XDamageNotifier::singleton().remove(m_damage.get());
             m_damage.reset();
@@ -158,7 +165,7 @@
     float deviceScaleFactor = m_webPage.deviceScaleFactor();
     size.scale(deviceScaleFactor);
 
-    XErrorTrapper trapper(display, XErrorTrapper::Policy::Crash, { BadDrawable, BadDamage });
+    XErrorTrapper trapper(display, XErrorTrapper::Policy::Crash, { BadDrawable, xDamageErrorCode(BadDamage) });
     ASSERT(downcast(PlatformDisplay::sharedDisplay()).native() == GDK_DISPLAY_XDISPLAY(gdk_display_get_default()));
     GdkVisual* visual = gdk_screen_get_rgba_visual(gdk_screen_get_default());
     if (!visual)
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/UIProcess/gtk/WebPreferencesGtk.cpp webkit2gtk-2.14.5/Source/WebKit2/UIProcess/gtk/WebPreferencesGtk.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/UIProcess/gtk/WebPreferencesGtk.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/UIProcess/gtk/WebPreferencesGtk.cpp	2017-02-07 09:29:02.000000000 +0000
@@ -44,16 +44,12 @@
 #if !ENABLE(OPENGL)
     setAcceleratedCompositingEnabled(false);
 #else
-#if USE(COORDINATED_GRAPHICS_THREADED)
-    setForceCompositingMode(true);
-#else
-    const char* force_compositing = getenv("WEBKIT_FORCE_COMPOSITING_MODE");
-    if (force_compositing && strcmp(force_compositing, "0"))
+    const char* forceCompositing = getenv("WEBKIT_FORCE_COMPOSITING_MODE");
+    if (forceCompositing && strcmp(forceCompositing, "0"))
         setForceCompositingMode(true);
-#endif
 
-    const char* disable_compositing = getenv("WEBKIT_DISABLE_COMPOSITING_MODE");
-    if (disable_compositing && strcmp(disable_compositing, "0")) {
+    const char* disableCompositing = getenv("WEBKIT_DISABLE_COMPOSITING_MODE");
+    if (disableCompositing && strcmp(disableCompositing, "0")) {
         setAcceleratedCompositingEnabled(false);
         return;
     }
@@ -61,8 +57,8 @@
 #if USE(REDIRECTED_XCOMPOSITE_WINDOW)
     if (PlatformDisplay::sharedDisplay().type() == PlatformDisplay::Type::X11) {
         auto& display = downcast(PlatformDisplay::sharedDisplay());
-        Optional damageBase;
-        if (!display.supportsXComposite() || !display.supportsXDamage(damageBase))
+        Optional damageBase, errorBase;
+        if (!display.supportsXComposite() || !display.supportsXDamage(damageBase, errorBase))
             setAcceleratedCompositingEnabled(false);
     }
 #endif
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp webkit2gtk-2.14.5/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp	2017-02-09 08:22:46.000000000 +0000
@@ -225,6 +225,7 @@
     macro(WebKitPageCacheSupportsPluginsPreferenceKey, PageCacheSupportsPlugins, pageCacheSupportsPlugins) \
     macro(WebKitPluginsEnabled, PluginsEnabled, pluginsEnabled) \
     macro(WebKitUsesPageCachePreferenceKey, UsesPageCache, usesPageCache) \
+    macro(WebKitAllowsPageCacheWithWindowOpenerKey, AllowsPageCacheWithWindowOpener, allowsPageCacheWithWindowOpener) \
     macro(WebKitWebAudioEnabled, WebAudioEnabled, webAudioEnabled) \
     macro(WebKitWebGLEnabled, WebGLEnabled, webGLEnabled) \
     macro(WebKitXSSAuditorEnabled, XSSAuditorEnabled, xssAuditorEnabled) \
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.cpp webkit2gtk-2.14.5/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.cpp	2016-07-20 12:15:24.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.cpp	2017-02-08 11:02:31.000000000 +0000
@@ -20,14 +20,13 @@
 #include "config.h"
 #include "WebKitSoupRequestInputStream.h"
 
-#include 
-#include 
+#include 
 #include 
 #include 
 
 struct AsyncReadData {
-    AsyncReadData(GTask* task, void* buffer, gsize count)
-        : task(task)
+    AsyncReadData(GRefPtr&& task, void* buffer, gsize count)
+        : task(WTFMove(task))
         , buffer(buffer)
         , count(count)
     {
@@ -45,7 +44,6 @@
 
     GUniquePtr error;
 
-    Lock readLock;
     std::unique_ptr pendingAsyncRead;
 };
 
@@ -65,12 +63,8 @@
 
 static void webkitSoupRequestInputStreamPendingReadAsyncComplete(WebKitSoupRequestInputStream* stream)
 {
-    if (!stream->priv->pendingAsyncRead)
-        return;
-
-    AsyncReadData* data = stream->priv->pendingAsyncRead.get();
-    webkitSoupRequestInputStreamReadAsyncResultComplete(data->task.get(), data->buffer, data->count);
-    stream->priv->pendingAsyncRead = nullptr;
+    if (auto data = WTFMove(stream->priv->pendingAsyncRead))
+        webkitSoupRequestInputStreamReadAsyncResultComplete(data->task.get(), data->buffer, data->count);
 }
 
 static bool webkitSoupRequestInputStreamHasDataToRead(WebKitSoupRequestInputStream* stream)
@@ -85,11 +79,10 @@
 
 static void webkitSoupRequestInputStreamReadAsync(GInputStream* inputStream, void* buffer, gsize count, int /*priority*/, GCancellable* cancellable, GAsyncReadyCallback callback, gpointer userData)
 {
+    ASSERT(isMainThread());
     WebKitSoupRequestInputStream* stream = WEBKIT_SOUP_REQUEST_INPUT_STREAM(inputStream);
     GRefPtr task = adoptGRef(g_task_new(stream, cancellable, callback, userData));
 
-    LockHolder locker(stream->priv->readLock);
-
     if (!webkitSoupRequestInputStreamHasDataToRead(stream) && !webkitSoupRequestInputStreamIsWaitingForData(stream)) {
         g_task_return_int(task.get(), 0);
         return;
@@ -105,7 +98,7 @@
         return;
     }
 
-    stream->priv->pendingAsyncRead = std::make_unique(task.get(), buffer, count);
+    stream->priv->pendingAsyncRead = std::make_unique(WTFMove(task), buffer, count);
 }
 
 static gssize webkitSoupRequestInputStreamReadFinish(GInputStream* inputStream, GAsyncResult* result, GError** error)
@@ -149,11 +142,11 @@
 
 void webkitSoupRequestInputStreamAddData(WebKitSoupRequestInputStream* stream, const void* data, size_t dataLength)
 {
+    ASSERT(isMainThread());
+
     if (webkitSoupRequestInputStreamFinished(stream))
         return;
 
-    LockHolder locker(stream->priv->readLock);
-
     if (dataLength) {
         // Truncate the dataLength to the contentLength if it's known.
         if (stream->priv->contentLength && stream->priv->bytesReceived + dataLength > stream->priv->contentLength)
@@ -174,10 +167,9 @@
 void webkitSoupRequestInputStreamDidFailWithError(WebKitSoupRequestInputStream* stream, const WebCore::ResourceError& resourceError)
 {
     GUniquePtr error(g_error_new(g_quark_from_string(resourceError.domain().utf8().data()), resourceError.errorCode(), "%s", resourceError.localizedDescription().utf8().data()));
-    if (stream->priv->pendingAsyncRead) {
-        AsyncReadData* data = stream->priv->pendingAsyncRead.get();
+    if (auto data = WTFMove(stream->priv->pendingAsyncRead))
         g_task_return_error(data->task.get(), error.release());
-    } else {
+    else {
         stream->priv->contentLength = stream->priv->bytesReceived;
         stream->priv->error = WTFMove(error);
     }
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.cpp webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.cpp	2017-02-07 09:19:09.000000000 +0000
@@ -479,10 +479,13 @@
 
     m_page->pageDidScroll();
 #if USE(COORDINATED_GRAPHICS)
-    m_page->drawingArea()->scroll(rect, IntSize());
-#else
-    m_page->drawingArea()->setNeedsDisplayInRect(rect);
+    FrameView* frameView = m_page->mainFrame()->view();
+    if (frameView && frameView->delegatesScrolling()) {
+        m_page->drawingArea()->scroll(rect, IntSize());
+        return;
+    }
 #endif
+    m_page->drawingArea()->setNeedsDisplayInRect(rect);
 }
 
 void WebChromeClient::scroll(const IntSize& scrollDelta, const IntRect& scrollRect, const IntRect& clipRect)
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebCoreSupport/WebInspectorClient.cpp webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebCoreSupport/WebInspectorClient.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebCoreSupport/WebInspectorClient.cpp	2017-01-11 11:13:50.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebCoreSupport/WebInspectorClient.cpp	2017-02-07 09:02:14.000000000 +0000
@@ -33,6 +33,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 
 #if PLATFORM(IOS)
@@ -105,6 +106,9 @@
 
 void WebInspectorClient::highlight()
 {
+    if (!m_page->corePage()->settings().acceleratedCompositingEnabled())
+        return;
+
 #if !PLATFORM(IOS)
     if (!m_highlightOverlay) {
         auto highlightOverlay = PageOverlay::create(*this);
@@ -134,6 +138,9 @@
 
 void WebInspectorClient::showPaintRect(const FloatRect& rect)
 {
+    if (!m_page->corePage()->settings().acceleratedCompositingEnabled())
+        return;
+
     if (!m_paintRectOverlay) {
         m_paintRectOverlay = PageOverlay::create(*this, PageOverlay::OverlayType::Document);
         m_page->mainFrame()->pageOverlayController().installPageOverlay(m_paintRectOverlay, PageOverlay::FadeMode::DoNotFade);
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/AcceleratedDrawingArea.cpp webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/AcceleratedDrawingArea.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/AcceleratedDrawingArea.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/AcceleratedDrawingArea.cpp	2017-02-10 08:28:02.000000000 +0000
@@ -44,6 +44,7 @@
 
 AcceleratedDrawingArea::~AcceleratedDrawingArea()
 {
+    discardPreviousLayerTreeHost();
     if (m_layerTreeHost)
         m_layerTreeHost->invalidate();
 }
@@ -55,6 +56,7 @@
     : DrawingArea(DrawingAreaTypeImpl, webPage)
 #endif
     , m_exitCompositingTimer(RunLoop::main(), this, &AcceleratedDrawingArea::exitAcceleratedCompositingMode)
+    , m_discardPreviousLayerTreeHostTimer(RunLoop::main(), this, &AcceleratedDrawingArea::discardPreviousLayerTreeHost)
 {
     if (!m_webPage.isVisible())
         suspendPainting();
@@ -91,6 +93,8 @@
 {
     if (m_layerTreeHost)
         m_layerTreeHost->pageBackgroundTransparencyChanged();
+    else if (m_previousLayerTreeHost)
+        m_previousLayerTreeHost->pageBackgroundTransparencyChanged();
 }
 
 void AcceleratedDrawingArea::setLayerTreeStateIsFrozen(bool isFrozen)
@@ -150,8 +154,12 @@
 
 void AcceleratedDrawingArea::mainFrameContentSizeChanged(const IntSize& size)
 {
-    if (m_webPage.useFixedLayout() && m_layerTreeHost)
-        m_layerTreeHost->sizeDidChange(size);
+    if (m_webPage.useFixedLayout()) {
+        if (m_layerTreeHost)
+            m_layerTreeHost->sizeDidChange(size);
+        else if (m_previousLayerTreeHost)
+            m_previousLayerTreeHost->sizeDidChange(size);
+    }
     m_webPage.mainFrame()->pageOverlayController().didChangeDocumentSize();
 }
 
@@ -174,6 +182,8 @@
 
 GraphicsLayerFactory* AcceleratedDrawingArea::graphicsLayerFactory()
 {
+    if (!m_layerTreeHost)
+        enterAcceleratedCompositingMode(nullptr);
     return m_layerTreeHost ? m_layerTreeHost->graphicsLayerFactory() : nullptr;
 }
 
@@ -232,6 +242,8 @@
 #else
         if (m_layerTreeHost)
             m_layerTreeHost->sizeDidChange(m_webPage.size());
+        else if (m_previousLayerTreeHost)
+            m_previousLayerTreeHost->sizeDidChange(m_webPage.size());
 #endif
     } else {
         ASSERT(size == m_webPage.size());
@@ -315,19 +327,36 @@
 
 void AcceleratedDrawingArea::enterAcceleratedCompositingMode(GraphicsLayer* graphicsLayer)
 {
+    m_discardPreviousLayerTreeHostTimer.stop();
+
     m_exitCompositingTimer.stop();
     m_wantsToExitAcceleratedCompositingMode = false;
 
     ASSERT(!m_layerTreeHost);
-    m_layerTreeHost = LayerTreeHost::create(m_webPage);
+    if (m_previousLayerTreeHost) {
+#if USE(COORDINATED_GRAPHICS)
+        m_layerTreeHost = WTFMove(m_previousLayerTreeHost);
+        m_layerTreeHost->setIsDiscardable(false);
+        if (!m_isPaintingSuspended)
+            m_layerTreeHost->resumeRendering();
+        if (!m_layerTreeStateIsFrozen)
+            m_layerTreeHost->setLayerFlushSchedulingEnabled(true);
+#else
+        ASSERT_NOT_REACHED();
+#endif
+    } else {
+        m_layerTreeHost = LayerTreeHost::create(m_webPage);
+
+        if (m_isPaintingSuspended)
+            m_layerTreeHost->pauseRendering();
+    }
+
 #if USE(TEXTURE_MAPPER_GL) && PLATFORM(GTK) && PLATFORM(X11) && !USE(REDIRECTED_XCOMPOSITE_WINDOW)
     if (m_nativeSurfaceHandleForCompositing)
         m_layerTreeHost->setNativeSurfaceHandleForCompositing(m_nativeSurfaceHandleForCompositing);
 #endif
     if (!m_inUpdateBackingStoreState)
         m_layerTreeHost->setShouldNotifyAfterNextScheduledLayerFlush(true);
-    if (m_isPaintingSuspended)
-        m_layerTreeHost->pauseRendering();
 
     m_layerTreeHost->setRootCompositingLayer(graphicsLayer);
 }
@@ -345,6 +374,35 @@
     m_exitCompositingTimer.startOneShot(0);
 }
 
+void AcceleratedDrawingArea::exitAcceleratedCompositingModeNow()
+{
+    ASSERT(!m_layerTreeStateIsFrozen);
+
+    m_exitCompositingTimer.stop();
+    m_wantsToExitAcceleratedCompositingMode = false;
+
+#if USE(COORDINATED_GRAPHICS)
+    ASSERT(m_layerTreeHost);
+    m_previousLayerTreeHost = WTFMove(m_layerTreeHost);
+    m_previousLayerTreeHost->setIsDiscardable(true);
+    m_previousLayerTreeHost->pauseRendering();
+    m_previousLayerTreeHost->setLayerFlushSchedulingEnabled(false);
+    m_discardPreviousLayerTreeHostTimer.startOneShot(5);
+#else
+    m_layerTreeHost = nullptr;
+#endif
+}
+
+void AcceleratedDrawingArea::discardPreviousLayerTreeHost()
+{
+    m_discardPreviousLayerTreeHostTimer.stop();
+    if (!m_previousLayerTreeHost)
+        return;
+
+    m_previousLayerTreeHost->invalidate();
+    m_previousLayerTreeHost = nullptr;
+}
+
 #if USE(COORDINATED_GRAPHICS_MULTIPROCESS)
 void AcceleratedDrawingArea::didReceiveCoordinatedLayerTreeHostMessage(IPC::Connection& connection, IPC::Decoder& decoder)
 {
@@ -369,6 +427,26 @@
 }
 #endif
 
+#if USE(COORDINATED_GRAPHICS_THREADED)
+void AcceleratedDrawingArea::didChangeViewportAttributes(ViewportAttributes&& attrs)
+{
+    if (m_layerTreeHost)
+        m_layerTreeHost->didChangeViewportAttributes(WTFMove(attrs));
+    else if (m_previousLayerTreeHost)
+        m_previousLayerTreeHost->didChangeViewportAttributes(WTFMove(attrs));
+}
+#endif
+
+#if USE(COORDINATED_GRAPHICS) || USE(TEXTURE_MAPPER)
+void AcceleratedDrawingArea::deviceOrPageScaleFactorChanged()
+{
+    if (m_layerTreeHost)
+        m_layerTreeHost->deviceOrPageScaleFactorChanged();
+    else if (m_previousLayerTreeHost)
+        m_previousLayerTreeHost->deviceOrPageScaleFactorChanged();
+}
+#endif
+
 void AcceleratedDrawingArea::viewStateDidChange(ViewState::Flags changed, bool, const Vector&)
 {
     if (changed & ViewState::IsVisible) {
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/AcceleratedDrawingArea.h webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/AcceleratedDrawingArea.h
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/AcceleratedDrawingArea.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/AcceleratedDrawingArea.h	2017-02-07 09:27:31.000000000 +0000
@@ -73,11 +73,21 @@
 
     void layerHostDidFlushLayers() override;
 
+#if USE(COORDINATED_GRAPHICS_THREADED)
+    void didChangeViewportAttributes(WebCore::ViewportAttributes&&) override;
+#endif
+
+#if USE(COORDINATED_GRAPHICS) || USE(TEXTURE_MAPPER)
+    void deviceOrPageScaleFactorChanged() override;
+#endif
+
     // IPC message handlers.
     void updateBackingStoreState(uint64_t backingStoreStateID, bool respondImmediately, float deviceScaleFactor, const WebCore::IntSize&, const WebCore::IntSize& scrollOffset) override;
 
     void exitAcceleratedCompositingModeSoon();
     bool exitAcceleratedCompositingModePending() const { return m_exitCompositingTimer.isActive(); }
+    void exitAcceleratedCompositingModeNow();
+    void discardPreviousLayerTreeHost();
 
     virtual void suspendPainting();
     virtual void resumePainting();
@@ -119,6 +129,9 @@
 
     // The layer tree host that handles accelerated compositing.
     RefPtr m_layerTreeHost;
+
+    RefPtr m_previousLayerTreeHost;
+    RunLoop::Timer m_discardPreviousLayerTreeHostTimer;
 };
 
 } // namespace WebKit
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp	2017-02-10 07:31:25.000000000 +0000
@@ -35,6 +35,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 
@@ -409,15 +410,21 @@
 
 void CompositingCoordinator::releaseInactiveAtlasesTimerFired()
 {
+    releaseAtlases(MemoryPressureHandler::singleton().isUnderMemoryPressure() ? ReleaseUnused : ReleaseInactive);
+}
+
+void CompositingCoordinator::releaseAtlases(ReleaseAtlasPolicy policy)
+{
     // We always want to keep one atlas for root contents layer.
     std::unique_ptr atlasToKeepAnyway;
     bool foundActiveAtlasForRootContentsLayer = false;
     for (int i = m_updateAtlases.size() - 1;  i >= 0; --i) {
         UpdateAtlas* atlas = m_updateAtlases[i].get();
-        if (!atlas->isInUse())
+        bool inUse = atlas->isInUse();
+        if (!inUse)
             atlas->addTimeInactive(ReleaseInactiveAtlasesTimerInterval);
         bool usableForRootContentsLayer = !atlas->supportsAlpha();
-        if (atlas->isInactive()) {
+        if (atlas->isInactive() || (!inUse && policy == ReleaseUnused)) {
             if (!foundActiveAtlasForRootContentsLayer && !atlasToKeepAnyway && usableForRootContentsLayer)
                 atlasToKeepAnyway = WTFMove(m_updateAtlases[i]);
             m_updateAtlases.remove(i);
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.h	2017-02-10 07:31:25.000000000 +0000
@@ -91,6 +91,11 @@
 #endif
 
 private:
+    enum ReleaseAtlasPolicy {
+        ReleaseInactive,
+        ReleaseUnused
+    };
+
     // GraphicsLayerClient
     void notifyAnimationStarted(const WebCore::GraphicsLayer*, const String&, double time) override;
     void notifyFlushRequired(const WebCore::GraphicsLayer*) override;
@@ -126,8 +131,8 @@
     void purgeBackingStores();
 
     void scheduleReleaseInactiveAtlases();
-
     void releaseInactiveAtlasesTimerFired();
+    void releaseAtlases(ReleaseAtlasPolicy);
 
     double timestamp() const;
 
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.cpp webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.cpp	2017-01-17 10:57:31.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.cpp	2017-02-07 09:27:29.000000000 +0000
@@ -53,7 +53,18 @@
     : CoordinatedLayerTreeHost(webPage)
     , m_compositorClient(*this)
     , m_surface(AcceleratedSurface::create(webPage))
+    , m_viewportController(webPage.size())
 {
+    if (FrameView* frameView = m_webPage.mainFrameView()) {
+        auto contentsSize = frameView->contentsSize();
+        if (!contentsSize.isEmpty())
+            m_viewportController.didChangeContentsSize(contentsSize);
+    }
+
+    IntSize scaledSize(m_webPage.size());
+    scaledSize.scale(m_webPage.deviceScaleFactor());
+    float scaleFactor = m_webPage.deviceScaleFactor() * m_viewportController.pageScaleFactor();
+
     if (m_surface) {
         TextureMapper::PaintFlags paintFlags = 0;
 
@@ -63,10 +74,12 @@
         // Do not do frame sync when rendering offscreen in the web process to ensure that SwapBuffers never blocks.
         // Rendering to the actual screen will happen later anyway since the UI process schedules a redraw for every update,
         // the compositor will take care of syncing to vblank.
-        m_compositor = ThreadedCompositor::create(m_compositorClient, m_surface->window(), ThreadedCompositor::ShouldDoFrameSync::No, paintFlags);
+        m_compositor = ThreadedCompositor::create(m_compositorClient, scaledSize, scaleFactor, m_surface->window(), ThreadedCompositor::ShouldDoFrameSync::No, paintFlags);
         m_layerTreeContext.contextID = m_surface->surfaceID();
     } else
-        m_compositor = ThreadedCompositor::create(m_compositorClient);
+        m_compositor = ThreadedCompositor::create(m_compositorClient, scaledSize, scaleFactor);
+
+    didChangeViewport();
 }
 
 void ThreadedCoordinatedLayerTreeHost::invalidate()
@@ -89,17 +102,28 @@
         return;
 
     m_viewportController.didScroll(rect.location());
-    didChangeViewport();
+    if (m_isDiscardable)
+        m_discardableSyncActions |= DiscardableSyncActions::UpdateViewport;
+    else
+        didChangeViewport();
 }
 
 void ThreadedCoordinatedLayerTreeHost::contentsSizeChanged(const IntSize& newSize)
 {
     m_viewportController.didChangeContentsSize(newSize);
-    didChangeViewport();
+    if (m_isDiscardable)
+        m_discardableSyncActions |= DiscardableSyncActions::UpdateViewport;
+    else
+        didChangeViewport();
 }
 
 void ThreadedCoordinatedLayerTreeHost::deviceOrPageScaleFactorChanged()
 {
+    if (m_isDiscardable) {
+        m_discardableSyncActions |= DiscardableSyncActions::UpdateScale;
+        return;
+    }
+
     if (m_surface && m_surface->resize(m_webPage.size()))
         m_layerTreeContext.contextID = m_surface->surfaceID();
 
@@ -109,12 +133,23 @@
 
 void ThreadedCoordinatedLayerTreeHost::pageBackgroundTransparencyChanged()
 {
+    if (m_isDiscardable) {
+        m_discardableSyncActions |= DiscardableSyncActions::UpdateBackground;
+        return;
+    }
+
     CoordinatedLayerTreeHost::pageBackgroundTransparencyChanged();
     m_compositor->setDrawsBackground(m_webPage.drawsBackground());
 }
 
 void ThreadedCoordinatedLayerTreeHost::sizeDidChange(const IntSize& size)
 {
+    if (m_isDiscardable) {
+        m_discardableSyncActions |= DiscardableSyncActions::UpdateSize;
+        m_viewportController.didChangeViewportSize(size);
+        return;
+    }
+
     if (m_surface && m_surface->resize(size))
         m_layerTreeContext.contextID = m_surface->surfaceID();
 
@@ -126,10 +161,13 @@
     didChangeViewport();
 }
 
-void ThreadedCoordinatedLayerTreeHost::didChangeViewportProperties(const ViewportAttributes& attr)
+void ThreadedCoordinatedLayerTreeHost::didChangeViewportAttributes(ViewportAttributes&& attr)
 {
-    m_viewportController.didChangeViewportAttributes(attr);
-    didChangeViewport();
+    m_viewportController.didChangeViewportAttributes(WTFMove(attr));
+    if (m_isDiscardable)
+        m_discardableSyncActions |= DiscardableSyncActions::UpdateViewport;
+    else
+        didChangeViewport();
 }
 
 #if PLATFORM(GTK) && PLATFORM(X11) && !USE(REDIRECTED_XCOMPOSITE_WINDOW)
@@ -182,6 +220,33 @@
     m_compositor->updateSceneState(state);
 }
 
+void ThreadedCoordinatedLayerTreeHost::setIsDiscardable(bool discardable)
+{
+    m_isDiscardable = discardable;
+    if (m_isDiscardable) {
+        m_discardableSyncActions = OptionSet();
+        return;
+    }
+
+    if (m_discardableSyncActions.isEmpty())
+        return;
+
+    if (m_discardableSyncActions.contains(DiscardableSyncActions::UpdateBackground))
+        pageBackgroundTransparencyChanged();
+
+    if (m_discardableSyncActions.contains(DiscardableSyncActions::UpdateSize)) {
+        // Size changes already sets the scale factor and updates the viewport.
+        sizeDidChange(m_webPage.size());
+        return;
+    }
+
+    if (m_discardableSyncActions.contains(DiscardableSyncActions::UpdateScale))
+        deviceOrPageScaleFactorChanged();
+
+    if (m_discardableSyncActions.contains(DiscardableSyncActions::UpdateViewport))
+        didChangeViewport();
+}
+
 } // namespace WebKit
 
 #endif // USE(COORDINATED_GRAPHICS)
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.h webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.h
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.h	2016-09-19 12:18:06.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/ThreadedCoordinatedLayerTreeHost.h	2017-02-07 09:27:29.000000000 +0000
@@ -33,6 +33,7 @@
 #include "CoordinatedLayerTreeHost.h"
 #include "SimpleViewportController.h"
 #include "ThreadedCompositor.h"
+#include 
 
 namespace WebCore {
 class GraphicsContext;
@@ -59,13 +60,15 @@
     void pageBackgroundTransparencyChanged() override;
 
     void contentsSizeChanged(const WebCore::IntSize&) override;
-    void didChangeViewportProperties(const WebCore::ViewportAttributes&) override;
+    void didChangeViewportAttributes(WebCore::ViewportAttributes&&) override;
 
     void invalidate() override;
 
     void forceRepaint() override;
     bool forceRepaintAsync(uint64_t callbackID) override { return false; }
 
+    void setIsDiscardable(bool) override;
+
 #if PLATFORM(GTK) && PLATFORM(X11) &&  !USE(REDIRECTED_XCOMPOSITE_WINDOW)
     void setNativeSurfaceHandleForCompositing(uint64_t) override;
 #endif
@@ -98,12 +101,21 @@
     void didFlushRootLayer(const WebCore::FloatRect&) override { }
     void commitSceneState(const WebCore::CoordinatedGraphicsState&) override;
 
+    enum class DiscardableSyncActions {
+        UpdateSize = 1 << 1,
+        UpdateViewport = 1 << 2,
+        UpdateScale = 1 << 3,
+        UpdateBackground = 1 << 4
+    };
+
     CompositorClient m_compositorClient;
     std::unique_ptr m_surface;
     RefPtr m_compositor;
     SimpleViewportController m_viewportController;
     float m_lastPageScaleFactor { 1 };
     WebCore::IntPoint m_lastScrollPosition;
+    bool m_isDiscardable { false };
+    OptionSet m_discardableSyncActions;
 };
 
 } // namespace WebKit
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/DrawingArea.h webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/DrawingArea.h
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/DrawingArea.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/DrawingArea.h	2017-02-07 09:24:20.000000000 +0000
@@ -52,6 +52,7 @@
 class GraphicsLayer;
 class GraphicsLayerFactory;
 class MachSendRight;
+struct ViewportAttributes;
 }
 
 namespace WebKit {
@@ -140,6 +141,14 @@
 
     virtual void layerHostDidFlushLayers() { };
 
+#if USE(COORDINATED_GRAPHICS_THREADED)
+    virtual void didChangeViewportAttributes(WebCore::ViewportAttributes&&) = 0;
+#endif
+
+#if USE(COORDINATED_GRAPHICS) || USE(TEXTURE_MAPPER)
+    virtual void deviceOrPageScaleFactorChanged() = 0;
+#endif
+
 protected:
     DrawingArea(DrawingAreaType, WebPage&);
 
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp	2016-09-16 09:56:48.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/DrawingAreaImpl.cpp	2017-02-07 09:27:31.000000000 +0000
@@ -98,6 +98,9 @@
     if (scrollRect.isEmpty())
         return;
 
+    if (m_previousLayerTreeHost)
+        m_previousLayerTreeHost->scrollNonCompositedContents(scrollRect);
+
     if (!m_scrollRect.isEmpty() && scrollRect != m_scrollRect) {
         unsigned scrollArea = scrollRect.width() * scrollRect.height();
         unsigned currentScrollArea = m_scrollRect.width() * m_scrollRect.height();
@@ -152,10 +155,11 @@
         return;
     }
 
-    setNeedsDisplay();
-    m_webPage.layoutIfNeeded();
     m_isWaitingForDidUpdate = false;
-    display();
+    if (m_isPaintingEnabled) {
+        m_dirtyRegion = m_webPage.bounds();
+        display();
+    }
 }
 
 void DrawingAreaImpl::mainFrameContentSizeChanged(const WebCore::IntSize& newSize)
@@ -163,6 +167,8 @@
 #if USE(COORDINATED_GRAPHICS_THREADED)
     if (m_layerTreeHost)
         m_layerTreeHost->contentsSizeChanged(newSize);
+    else if (m_previousLayerTreeHost)
+        m_previousLayerTreeHost->contentsSizeChanged(newSize);
 #else
     UNUSED_PARAM(newSize);
 #endif
@@ -288,15 +294,7 @@
     if (m_alwaysUseCompositing)
         return;
 
-    ASSERT(!m_layerTreeStateIsFrozen);
-
-    m_exitCompositingTimer.stop();
-    m_wantsToExitAcceleratedCompositingMode = false;
-
-    ASSERT(m_layerTreeHost);
-
-    m_layerTreeHost->invalidate();
-    m_layerTreeHost = nullptr;
+    AcceleratedDrawingArea::exitAcceleratedCompositingModeNow();
     m_dirtyRegion = m_webPage.bounds();
 
     if (m_inUpdateBackingStoreState)
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/LayerTreeHost.h webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/LayerTreeHost.h
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/LayerTreeHost.h	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/LayerTreeHost.h	2017-02-07 09:27:31.000000000 +0000
@@ -72,7 +72,6 @@
     virtual void forceRepaint() = 0;
     virtual bool forceRepaintAsync(uint64_t /*callbackID*/) { return false; }
     virtual void sizeDidChange(const WebCore::IntSize& newSize) = 0;
-    virtual void deviceOrPageScaleFactorChanged() = 0;
     virtual void pageBackgroundTransparencyChanged() = 0;
 
     virtual void pauseRendering();
@@ -86,17 +85,22 @@
 
 #if USE(COORDINATED_GRAPHICS_THREADED)
     virtual void contentsSizeChanged(const WebCore::IntSize&) { };
-    virtual void didChangeViewportProperties(const WebCore::ViewportAttributes&) { };
+    virtual void didChangeViewportAttributes(WebCore::ViewportAttributes&&) { };
 #endif
 
 #if USE(COORDINATED_GRAPHICS) && ENABLE(REQUEST_ANIMATION_FRAME)
     virtual void scheduleAnimation() = 0;
+    virtual void setIsDiscardable(bool) { };
 #endif
 
 #if USE(TEXTURE_MAPPER_GL) && PLATFORM(GTK)
     virtual void setNativeSurfaceHandleForCompositing(uint64_t) { };
 #endif
 
+#if USE(COORDINATED_GRAPHICS) || USE(TEXTURE_MAPPER)
+    virtual void deviceOrPageScaleFactorChanged() = 0;
+#endif
+
     virtual void setViewOverlayRootLayer(WebCore::GraphicsLayer* viewOverlayRootLayer) { m_viewOverlayRootLayer = viewOverlayRootLayer; }
 
 protected:
diff -Nru webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/WebPage.cpp webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/WebPage.cpp
--- webkit2gtk-2.14.3/Source/WebKit2/WebProcess/WebPage/WebPage.cpp	2017-01-17 11:45:52.000000000 +0000
+++ webkit2gtk-2.14.5/Source/WebKit2/WebProcess/WebPage/WebPage.cpp	2017-02-09 08:22:46.000000000 +0000
@@ -230,10 +230,6 @@
 #include 
 #endif
 
-#if USE(COORDINATED_GRAPHICS) || USE(TEXTURE_MAPPER)
-#include "LayerTreeHost.h"
-#endif
-
 #if USE(COORDINATED_GRAPHICS_MULTIPROCESS)
 #include "CoordinatedLayerTreeHostMessages.h"
 #endif
@@ -1406,8 +1402,7 @@
     setFixedLayoutSize(roundedIntSize(attr.layoutSize));
 
 #if USE(COORDINATED_GRAPHICS_THREADED)
-    if (m_drawingArea->layerTreeHost())
-        m_drawingArea->layerTreeHost()->didChangeViewportProperties(attr);
+    m_drawingArea->didChangeViewportAttributes(WTFMove(attr));
 #else
     send(Messages::WebPageProxy::DidChangeViewportProperties(attr));
 #endif
@@ -1565,8 +1560,7 @@
         pluginView->pageScaleFactorDidChange();
 
 #if USE(COORDINATED_GRAPHICS) || USE(TEXTURE_MAPPER)
-    if (m_drawingArea->layerTreeHost())
-        m_drawingArea->layerTreeHost()->deviceOrPageScaleFactorChanged();
+    m_drawingArea->deviceOrPageScaleFactorChanged();
 #endif
 
     send(Messages::WebPageProxy::PageScaleFactorDidChange(scale));
@@ -1643,8 +1637,7 @@
     }
 
 #if USE(COORDINATED_GRAPHICS) || USE(TEXTURE_MAPPER)
-    if (m_drawingArea->layerTreeHost())
-        m_drawingArea->layerTreeHost()->deviceOrPageScaleFactorChanged();
+    m_drawingArea->deviceOrPageScaleFactorChanged();
 #endif
 }
 
@@ -1723,8 +1716,8 @@
     if (view && view->useFixedLayout())
         sendViewportAttributesChanged(viewportArguments);
 #if USE(COORDINATED_GRAPHICS_THREADED)
-    else if (auto* layerTreeHost = m_drawingArea->layerTreeHost())
-        layerTreeHost->didChangeViewportProperties(ViewportAttributes());
+    else
+        m_drawingArea->didChangeViewportAttributes(ViewportAttributes());
 #endif
 #endif
 
@@ -2947,6 +2940,7 @@
 #endif
     settings.setLocalFileContentSniffingEnabled(store.getBoolValueForKey(WebPreferencesKey::localFileContentSniffingEnabledKey()));
     settings.setUsesPageCache(store.getBoolValueForKey(WebPreferencesKey::usesPageCacheKey()));
+    settings.setAllowsPageCacheWithWindowOpener(store.getBoolValueForKey(WebPreferencesKey::allowsPageCacheWithWindowOpenerKey()));
     settings.setPageCacheSupportsPlugins(store.getBoolValueForKey(WebPreferencesKey::pageCacheSupportsPluginsKey()));
     settings.setAuthorAndUserStylesEnabled(store.getBoolValueForKey(WebPreferencesKey::authorAndUserStylesEnabledKey()));
     settings.setPaginateDuringLayoutEnabled(store.getBoolValueForKey(WebPreferencesKey::paginateDuringLayoutEnabledKey()));
diff -Nru webkit2gtk-2.14.3/Tools/WebKitTestRunner/TestController.cpp webkit2gtk-2.14.5/Tools/WebKitTestRunner/TestController.cpp
--- webkit2gtk-2.14.3/Tools/WebKitTestRunner/TestController.cpp	2017-01-17 11:45:53.000000000 +0000
+++ webkit2gtk-2.14.5/Tools/WebKitTestRunner/TestController.cpp	2017-02-09 08:22:45.000000000 +0000
@@ -649,6 +649,7 @@
     WKPreferencesSetFullScreenEnabled(preferences, true);
 #endif
     WKPreferencesSetPageCacheEnabled(preferences, false);
+    WKPreferencesSetAllowsPageCacheWithWindowOpener(preferences, false);
     WKPreferencesSetAsynchronousPluginInitializationEnabled(preferences, false);
     WKPreferencesSetAsynchronousPluginInitializationEnabledForAllPlugins(preferences, false);
     WKPreferencesSetArtificialPluginInitializationDelayEnabled(preferences, false);