From 24e0750a927f29bdfd935e68b17c3be31c92a932 Mon Sep 17 00:00:00 2001 From: Stephan Hartmann Date: Thu, 30 Apr 2020 20:03:53 +0200 Subject: [PATCH] www-client/chromium: beta channel bump to 83.0.4103.34 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Stephan Hartmann Signed-off-by: Mike Gilbert --- www-client/chromium/Manifest | 2 +- ...23.ebuild => chromium-83.0.4103.34.ebuild} | 8 +- .../files/chromium-83-gcc-serviceworker.patch | 130 ++++++++++++++ .../chromium/files/chromium-83-icu67.patch | 170 ++++++++++++++++++ 4 files changed, 306 insertions(+), 4 deletions(-) rename www-client/chromium/{chromium-83.0.4103.23.ebuild => chromium-83.0.4103.34.ebuild} (99%) create mode 100644 www-client/chromium/files/chromium-83-gcc-serviceworker.patch create mode 100644 www-client/chromium/files/chromium-83-icu67.patch diff --git a/www-client/chromium/Manifest b/www-client/chromium/Manifest index c9f5ef3ccd44..3dd02cf00c39 100644 --- a/www-client/chromium/Manifest +++ b/www-client/chromium/Manifest @@ -1,3 +1,3 @@ DIST chromium-81.0.4044.129.tar.xz 785978416 BLAKE2B 5af9ab9e17bbc237f5a254b98cb27b998021d5c95b5da4d6de25c3fb234fea609f8a9173f3ac75eee208b8c88c5d39d9cf1ec39ebc8d436cf8aafee31e8f32c1 SHA512 93dfc5c1050bc226b836721d422a8d98a183fff81e91f55477dce0c650d35a95aeb89c810bea6e07ffb948ee62e8e150c8b8c5bad4658fcc215de05a681b064a -DIST chromium-83.0.4103.23.tar.xz 802566932 BLAKE2B 00c9105a9b5e9cebc8adeb8a61b4491f0ca7cc95da9595506c77d556c0ee07074da0da506831bec1b390a39c7535220ab5c6d06ce784e6b20d2694f94d3b0a76 SHA512 08a50372570aa9da5fb9ccc6dfc3d949e84cb401d62d650132aa4edea2b1658fb56a81854fde11690d040e3b36b9d20da1ad7f83e47ffca77893ab57620c2a3e +DIST chromium-83.0.4103.34.tar.xz 802525184 BLAKE2B d5e47c96642fb9344fe43a582d035f507b714565c01b6bacbf1cd4fdb3537db28ae0e54a47bbd7f47ad4d00960ee9e40d9a10522262cba4063f95501225fce75 SHA512 467006d3b3093b078569c0ead9203e66cfd83ad14ed95a07b5f83e49451a0e9f4506b3ce35c97106b4540b55484d6cd33afbacf92385ace261e78d5c1cc0188e DIST setuptools-44.1.0.zip 858569 BLAKE2B f59f154e121502a731e51294ccd293d60ffccadacf51e23b53bf7ceba38858948b86783238061136c827ac3373ea7ea8e6253d4bb53f3f1dd69284568ec65a68 SHA512 4dfb0f42d334b835758e865a26ecd1e725711fa2b9c38ddc273b8b3849fba04527bc97436d11ba1e98f1a42922aa0f0b9032e32998273c705fac6e10735eacbf diff --git a/www-client/chromium/chromium-83.0.4103.23.ebuild b/www-client/chromium/chromium-83.0.4103.34.ebuild similarity index 99% rename from www-client/chromium/chromium-83.0.4103.23.ebuild rename to www-client/chromium/chromium-83.0.4103.34.ebuild index 2056dda0889a..2cb862a2cb9b 100644 --- a/www-client/chromium/chromium-83.0.4103.23.ebuild +++ b/www-client/chromium/chromium-83.0.4103.34.ebuild @@ -103,8 +103,8 @@ BDEPEND=" ) " -: ${CHROMIUM_FORCE_CLANG=yes} -: ${CHROMIUM_FORCE_LIBCXX=yes} +: ${CHROMIUM_FORCE_CLANG=no} +: ${CHROMIUM_FORCE_LIBCXX=no} if [[ ${CHROMIUM_FORCE_CLANG} == yes ]]; then BDEPEND+=" >=sys-devel/clang-9" @@ -123,7 +123,7 @@ else dev-libs/libxslt:= >=dev-libs/re2-0.2019.08.01:= >=media-libs/openh264-1.6.0:= - system-icu? ( >=dev-libs/icu-65:= ) + system-icu? ( >=dev-libs/icu-67.1:= ) " RDEPEND+="${COMMON_DEPEND}" DEPEND+="${COMMON_DEPEND}" @@ -178,7 +178,9 @@ PATCHES=( "${FILESDIR}/chromium-83-gcc-include.patch" "${FILESDIR}/chromium-83-gcc-permissive.patch" "${FILESDIR}/chromium-83-gcc-iterator.patch" + "${FILESDIR}/chromium-83-gcc-serviceworker.patch" "${FILESDIR}/chromium-83-gcc-10.patch" + "${FILESDIR}/chromium-83-icu67.patch" ) pre_build_checks() { diff --git a/www-client/chromium/files/chromium-83-gcc-serviceworker.patch b/www-client/chromium/files/chromium-83-gcc-serviceworker.patch new file mode 100644 index 000000000000..a836e7fc533c --- /dev/null +++ b/www-client/chromium/files/chromium-83-gcc-serviceworker.patch @@ -0,0 +1,130 @@ +From 0914a38252f205fc04fa50e858b24fa5f535ab11 Mon Sep 17 00:00:00 2001 +From: Hiroki Nakagawa +Date: Wed, 29 Apr 2020 11:46:54 +0900 +Subject: [PATCH] ServiceWorker: Avoid double destruction of ServiceWorkerObjectHost on connection error + +This CL avoids the case where ServiceWorkerObjectHost is destroyed twice +on ServiceWorkerObjectHost::OnConnectionError() when Chromium is built +with the GCC build toolchain. + +> How does the issue happen? + +ServiceWorkerObjectHost has a cyclic reference like this: + +ServiceWorkerObjectHost + --([1] scoped_refptr)--> ServiceWorkerVersion + --([2] std::unique_ptr)--> ServiceWorkerProviderHost + --([3] std::unique_ptr)--> ServiceWorkerContainerHost + --([4] std::unique_ptr)--> ServiceWorkerObjectHost + +Note that ServiceWorkerContainerHost manages ServiceWorkerObjectHost in +map>. + +When ServiceWorkerObjectHost::OnConnectionError() is called, the +function removes the reference [4] from the map, and destroys +ServiceWorkerObjectHost. If the object host has the last reference [1] +to ServiceWorkerVersion, the destruction also cuts off the references +[2] and [3], and destroys ServiceWorkerProviderHost and +ServiceWorkerContainerHost. + +This seems to work well on the Chromium's default toolchain, but not +work on the GCC toolchain. According to the report, destruction of +ServiceWorkerContainerHost happens while the map owned by the container +host is erasing the ServiceWorkerObjectHost, and this results in crash +due to double destruction of the object host. + +I don't know the reason why this happens only on the GCC toolchain, but +I suspect the order of object destruction on std::map::erase() could be +different depending on the toolchains. + +> How does this CL fix this? + +The ideal fix is to redesign the ownership model of +ServiceWorkerVersion, but it's not feasible in the short term. + +Instead, this CL avoids destruction of ServiceWorkerObjectHost on +std::map::erase(). The new code takes the ownership of the object host +from the map first, and then erases the entry from the map. This +separates timings to erase the map entry and to destroy the object host, +so the crash should no longer happen. + +Bug: 1056598 +Change-Id: Id30654cb575bc557c42044d6f0c6f1f9bfaed613 +--- + +diff --git a/content/browser/service_worker/service_worker_container_host.cc b/content/browser/service_worker/service_worker_container_host.cc +index c631bcd..ff917f8 100644 +--- a/content/browser/service_worker/service_worker_container_host.cc ++++ b/content/browser/service_worker/service_worker_container_host.cc +@@ -717,6 +717,16 @@ + int64_t version_id) { + DCHECK_CURRENTLY_ON(ServiceWorkerContext::GetCoreThreadId()); + DCHECK(base::Contains(service_worker_object_hosts_, version_id)); ++ ++ // ServiceWorkerObjectHost to be deleted may have the last reference to ++ // ServiceWorkerVersion that indirectly owns this ServiceWorkerContainerHost. ++ // If we erase the object host directly from the map, |this| could be deleted ++ // during the map operation and may crash. To avoid the case, we take the ++ // ownership of the object host from the map first, and then erase the entry ++ // from the map. See https://crbug.com/1056598 for details. ++ std::unique_ptr to_be_deleted = ++ std::move(service_worker_object_hosts_[version_id]); ++ DCHECK(to_be_deleted); + service_worker_object_hosts_.erase(version_id); + } + +diff --git a/content/browser/service_worker/service_worker_object_host_unittest.cc b/content/browser/service_worker/service_worker_object_host_unittest.cc +index 238cb8b..f60c7a2 100644 +--- a/content/browser/service_worker/service_worker_object_host_unittest.cc ++++ b/content/browser/service_worker/service_worker_object_host_unittest.cc +@@ -200,6 +200,19 @@ + return registration_info; + } + ++ void CallOnConnectionError(ServiceWorkerContainerHost* container_host, ++ int64_t version_id) { ++ // ServiceWorkerObjectHost has the last reference to the version. ++ ServiceWorkerObjectHost* object_host = ++ GetServiceWorkerObjectHost(container_host, version_id); ++ EXPECT_TRUE(object_host->version_->HasOneRef()); ++ ++ // Make sure that OnConnectionError induces destruction of the version and ++ // the object host. ++ object_host->receivers_.Clear(); ++ object_host->OnConnectionError(); ++ } ++ + BrowserTaskEnvironment task_environment_; + std::unique_ptr helper_; + scoped_refptr registration_; +@@ -409,5 +422,30 @@ + events[0]->source_info_for_client->client_type); + } + ++// This is a regression test for https://crbug.com/1056598. ++TEST_F(ServiceWorkerObjectHostTest, OnConnectionError) { ++ const GURL scope("https://www.example.com/"); ++ const GURL script_url("https://www.example.com/service_worker.js"); ++ Initialize(std::make_unique(base::FilePath())); ++ SetUpRegistration(scope, script_url); ++ ++ // Create the provider host. ++ ASSERT_EQ(blink::ServiceWorkerStatusCode::kOk, ++ StartServiceWorker(version_.get())); ++ ++ // Set up the case where the last reference to the version is owned by the ++ // service worker object host. ++ ServiceWorkerContainerHost* container_host = ++ version_->provider_host()->container_host(); ++ ServiceWorkerVersion* version_rawptr = version_.get(); ++ version_ = nullptr; ++ ASSERT_TRUE(version_rawptr->HasOneRef()); ++ ++ // Simulate the connection error that induces the object host destruction. ++ // This shouldn't crash. ++ CallOnConnectionError(container_host, version_rawptr->version_id()); ++ base::RunLoop().RunUntilIdle(); ++} ++ + } // namespace service_worker_object_host_unittest + } // namespace content diff --git a/www-client/chromium/files/chromium-83-icu67.patch b/www-client/chromium/files/chromium-83-icu67.patch new file mode 100644 index 000000000000..d45d9e810a4e --- /dev/null +++ b/www-client/chromium/files/chromium-83-icu67.patch @@ -0,0 +1,170 @@ +From 3f8dc4b2e5baf77b463334c769af85b79d8c1463 Mon Sep 17 00:00:00 2001 +From: Frank Tang +Date: Fri, 03 Apr 2020 23:13:54 -0700 +Subject: [PATCH] [intl] Remove soon-to-be removed getAllFieldPositions + +Needed to land ICU67.1 soon. + +Bug: v8:10393 +Change-Id: I3c7737ca600d6ccfdc46ffaddfb318ce60bc7618 +Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2136489 +Reviewed-by: Jakob Kummerow +Commit-Queue: Frank Tang +Cr-Commit-Position: refs/heads/master@{#67027} +--- + +diff --git a/v8/src/objects/js-number-format.cc b/v8/src/objects/js-number-format.cc +index ad831c5..bcd4403 100644 +--- a/v8/src/objects/js-number-format.cc ++++ b/v8/src/objects/js-number-format.cc +@@ -1241,44 +1241,33 @@ + } + + namespace { +-Maybe IcuFormatNumber( ++Maybe IcuFormatNumber( + Isolate* isolate, + const icu::number::LocalizedNumberFormatter& number_format, +- Handle numeric_obj, icu::FieldPositionIterator* fp_iter) { ++ Handle numeric_obj, icu::number::FormattedNumber* formatted) { + // If it is BigInt, handle it differently. + UErrorCode status = U_ZERO_ERROR; +- icu::number::FormattedNumber formatted; + if (numeric_obj->IsBigInt()) { + Handle big_int = Handle::cast(numeric_obj); + Handle big_int_string; + ASSIGN_RETURN_ON_EXCEPTION_VALUE(isolate, big_int_string, + BigInt::ToString(isolate, big_int), +- Nothing()); +- formatted = number_format.formatDecimal( ++ Nothing()); ++ *formatted = number_format.formatDecimal( + {big_int_string->ToCString().get(), big_int_string->length()}, status); + } else { + double number = numeric_obj->IsNaN() + ? std::numeric_limits::quiet_NaN() + : numeric_obj->Number(); +- formatted = number_format.formatDouble(number, status); ++ *formatted = number_format.formatDouble(number, status); + } + if (U_FAILURE(status)) { + // This happen because of icu data trimming trim out "unit". + // See https://bugs.chromium.org/p/v8/issues/detail?id=8641 +- THROW_NEW_ERROR_RETURN_VALUE(isolate, +- NewTypeError(MessageTemplate::kIcuError), +- Nothing()); ++ THROW_NEW_ERROR_RETURN_VALUE( ++ isolate, NewTypeError(MessageTemplate::kIcuError), Nothing()); + } +- if (fp_iter) { +- formatted.getAllFieldPositions(*fp_iter, status); +- } +- icu::UnicodeString result = formatted.toString(status); +- if (U_FAILURE(status)) { +- THROW_NEW_ERROR_RETURN_VALUE(isolate, +- NewTypeError(MessageTemplate::kIcuError), +- Nothing()); +- } +- return Just(result); ++ return Just(true); + } + + } // namespace +@@ -1289,10 +1278,16 @@ + Handle numeric_obj) { + DCHECK(numeric_obj->IsNumeric()); + +- Maybe maybe_format = +- IcuFormatNumber(isolate, number_format, numeric_obj, nullptr); ++ icu::number::FormattedNumber formatted; ++ Maybe maybe_format = ++ IcuFormatNumber(isolate, number_format, numeric_obj, &formatted); + MAYBE_RETURN(maybe_format, Handle()); +- return Intl::ToString(isolate, maybe_format.FromJust()); ++ UErrorCode status = U_ZERO_ERROR; ++ icu::UnicodeString result = formatted.toString(status); ++ if (U_FAILURE(status)) { ++ THROW_NEW_ERROR(isolate, NewTypeError(MessageTemplate::kIcuError), String); ++ } ++ return Intl::ToString(isolate, result); + } + + namespace { +@@ -1405,12 +1400,18 @@ + } + + namespace { +-Maybe ConstructParts(Isolate* isolate, const icu::UnicodeString& formatted, +- icu::FieldPositionIterator* fp_iter, ++Maybe ConstructParts(Isolate* isolate, ++ icu::number::FormattedNumber* formatted, + Handle result, int start_index, + Handle numeric_obj, bool style_is_unit) { ++ UErrorCode status = U_ZERO_ERROR; ++ icu::UnicodeString formatted_text = formatted->toString(status); ++ if (U_FAILURE(status)) { ++ THROW_NEW_ERROR_RETURN_VALUE( ++ isolate, NewTypeError(MessageTemplate::kIcuError), Nothing()); ++ } + DCHECK(numeric_obj->IsNumeric()); +- int32_t length = formatted.length(); ++ int32_t length = formatted_text.length(); + int index = start_index; + if (length == 0) return Just(index); + +@@ -1419,13 +1420,14 @@ + // other region covers some part of the formatted string. It's possible + // there's another field with exactly the same begin and end as this backdrop, + // in which case the backdrop's field_id of -1 will give it lower priority. +- regions.push_back(NumberFormatSpan(-1, 0, formatted.length())); ++ regions.push_back(NumberFormatSpan(-1, 0, formatted_text.length())); + + { +- icu::FieldPosition fp; +- while (fp_iter->next(fp)) { +- regions.push_back(NumberFormatSpan(fp.getField(), fp.getBeginIndex(), +- fp.getEndIndex())); ++ icu::ConstrainedFieldPosition cfp; ++ cfp.constrainCategory(UFIELD_CATEGORY_NUMBER); ++ while (formatted->nextPosition(cfp, status)) { ++ regions.push_back( ++ NumberFormatSpan(cfp.getField(), cfp.getStart(), cfp.getLimit())); + } + } + +@@ -1447,7 +1449,7 @@ + Handle substring; + ASSIGN_RETURN_ON_EXCEPTION_VALUE( + isolate, substring, +- Intl::ToString(isolate, formatted, part.begin_pos, part.end_pos), ++ Intl::ToString(isolate, formatted_text, part.begin_pos, part.end_pos), + Nothing()); + Intl::AddElement(isolate, result, index, field_type_string, substring); + ++index; +@@ -1467,20 +1469,19 @@ + number_format->icu_number_formatter().raw(); + CHECK_NOT_NULL(fmt); + +- icu::FieldPositionIterator fp_iter; +- Maybe maybe_format = +- IcuFormatNumber(isolate, *fmt, numeric_obj, &fp_iter); ++ icu::number::FormattedNumber formatted; ++ Maybe maybe_format = ++ IcuFormatNumber(isolate, *fmt, numeric_obj, &formatted); + MAYBE_RETURN(maybe_format, Handle()); +- + UErrorCode status = U_ZERO_ERROR; ++ + bool style_is_unit = + Style::UNIT == StyleFromSkeleton(fmt->toSkeleton(status)); + CHECK(U_SUCCESS(status)); + + Handle result = factory->NewJSArray(0); +- Maybe maybe_format_to_parts = +- ConstructParts(isolate, maybe_format.FromJust(), &fp_iter, result, 0, +- numeric_obj, style_is_unit); ++ Maybe maybe_format_to_parts = ConstructParts( ++ isolate, &formatted, result, 0, numeric_obj, style_is_unit); + MAYBE_RETURN(maybe_format_to_parts, Handle()); + + return result; -- 2.26.2