Accepting request 1185255 from home:dziobian:gulgul-ultron:19

- Fix use after free in content::RenderFrameHostImpl::RemoveDocumentService (bsc#1227307)
  * RenderFrameHostImpl-use-after-free.patch: correct second instance of the same bug
- ix86, aarch64: pass --jitless in %electron_rebuild macro to work around crashes on OBS and unblock downstream packages

OBS-URL: https://build.opensuse.org/request/show/1185255
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs-electron?expand=0&rev=158

RenderFrameHostImpl-use-after-free.patch

@@ -1,6 +1,6 @@
 --- src/content/browser/renderer_host/render_frame_host_impl.cc.orig	2023-02-08 21:38:09.974003318 +0100
 +++ src/content/browser/renderer_host/render_frame_host_impl.cc	2023-02-13 14:13:50.217792624 +0100
-@@ -5,6 +5,7 @@
+@@ -8,6 +8,7 @@
  #include <deque>
  #include <limits>
  #include <memory>
@@ -8,7 +8,7 @@
  #include <optional>
  #include <tuple>
  #include <unordered_map>
-@@ -1876,7 +1877,12 @@
+@@ -1818,7 +1819,12 @@ RenderFrameHostImpl::~RenderFrameHostImp
    // `DocumentService` and `RenderFrameHostUserData` subclasses are still valid
    // when their destructors run.
    document_associated_data_->RemoveAllServices();
@@ -22,3 +22,14 @@
  
    // If this was the last active frame in the SiteInstanceGroup, the
    // DecrementActiveFrameCount call will trigger the deletion of the
+@@ -13254,7 +13260,9 @@ bool RenderFrameHostImpl::DidCommitNavig
+       // RenderFrameHost commits before the navigation commits. This happens
+       // when the current RenderFrameHost crashes before navigating to a new
+       // URL.
+-      document_associated_data_.emplace(*this,
++      // bsc#1227307 — same root cause as above
++      document_associated_data_->~DocumentAssociatedData();
++      new(&document_associated_data_) std::optional<DocumentAssociatedData>(std::in_place, *this,
+                                         navigation_request->GetDocumentToken());
+     } else {
+       // Cross-RenderFrameHost navigations that commit into a speculative

nodejs-electron.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jul  4 04:27:14 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
+
+- Fix use after free in content::RenderFrameHostImpl::RemoveDocumentService (bsc#1227307)
+  * RenderFrameHostImpl-use-after-free.patch: correct second instance of the same bug
+- ix86, aarch64: pass --jitless in %electron_rebuild macro to work around crashes on OBS and unblock downstream packages
+
 -------------------------------------------------------------------
 Fri Jun 28 16:56:51 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
 

nodejs-electron.spec

@@ -55,8 +55,10 @@ BuildArch:      i686
 #(all the widgets use Gtk unconditionally — not sure which of the changed codepaths are used in Electron)
 %bcond_with qt
 
-
-
+%ifarch aarch64 %ix86
+#work around npm rebuild crashes on OBS
+%global jitless NODE_OPTIONS=--jitless
+%endif
 
 %ifarch aarch64 riscv64
 #Video acceleration API to support. Useful for e.g. signal messenger.
@@ -1409,7 +1411,7 @@ cp /dev/stdin %{buildroot}%{_rpmconfigdir}/macros.d/macros.electron <<"EOF"
 
 # Build native modules against Electron. This should be done as the first step in ‰build. You must set CFLAGS/LDFLAGS previously.
 # You can call it multiple times in different directories and pass more parameters to it (seen in vscode)
-%%electron_rebuild PATH="%{_libexecdir}/electron-node:$PATH" npm rebuild --verbose --foreground-scripts --nodedir=%{_includedir}/electron
+%%electron_rebuild  %{?jitless} PATH="%{_libexecdir}/electron-node:$PATH" npm rebuild --verbose --foreground-scripts --nodedir=%{_includedir}/electron
 
 # Sanity check that native modules load. You must include this in ‰check if the package includes native modules (possibly in addition to actual test suites)
 # These do, in order: