Pull request bromite#31: AP9-5174 Update Chromium code to latest

Merge in AP/chromiumpatches from upstream-101.0.4951.69 to master * commit 'e27c948d5ef6b3ff8f36a70b313a7d74d043adb0': (88 commits) AP9-5174 Update Chromium code to latest Release 101.0.4951.69 Update build/patches/Add-webrtc-site-setting.patch Add webRTC site settings Do not specify 'latest' fix odd behaviour with search or site suggestions Add Android 12L to version list Add a flag to site engagement feature Add webgl site setting Add missing CHANGELOG entries Release 101.0.4951.53 Fix merge typo in privacy patch Updated patches for v101 multiple fixes reverse the order of appmenu Fix Move-navigation-bar-to-bottom.patch (bromite#2029) Release 101.0.4951.39 Patches for v101 (bromite#2010) Quote grep expression Document home page as NTP ...
PrometheanWorld · May 31, 2022 · a9f59e6 · a9f59e6
2 parents 1573b37 + e27c948
commit a9f59e6
Show file tree

Hide file tree

Showing 216 changed files with 25,991 additions and 12,895 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -21,6 +21,8 @@ body:
           required: true
         - label: "I have searched the existing issues for my problem. This is a new ticket, NOT a duplicate or related to another open issue."
           required: true
+        - label: "I have read the [FAQs](https://github.com/bromite/bromite/blob/master/FAQ.md)."
+          required: true
         - label: "I have updated Bromite to the latest version. The bug is reproducible on this latest version."
           required: true
 
@@ -45,7 +47,7 @@ body:
     id: bromite_version
     attributes:
       label: Bromite version
-      description: What version of Bromite are you using? Please specify a single version e.g. `96.0.4664.1`. If this is not the latest version then please update and retry before submitting this bug report.
+      description: What version of Bromite are you using? Please specify a single version e.g. `96.0.4664.1` not `latest`. If this is not the latest version then please update and retry before submitting this bug report.
     validations:
       required: true
 
@@ -71,7 +73,8 @@ body:
       multiple: false
       description: What version of Android are you running?
       options:
-        - 12
+        - 12.1
+        - 12.0
         - 11
         - 10
         - 9
@@ -156,7 +159,7 @@ body:
         2. Yes, I have attached the crash report dump that I downloaded from `chrome://crashes`
         3. Yes, I have copy/pasted the crash dump
       placeholder: |
-        Drag the crash report dump here to attach it or paste the logcat dump individuated with `adb logcat | grep chromium`.
+        Drag the crash report dump here to attach it or paste the logcat dump individuated with `adb logcat | grep -E '( cr_|bromite|chromium)'`.
     validations:
       required: true
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,97 @@
+# 101.0.4951.69
+* flag to toggle site engagement (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/2022)
+* site settings to enable webGL (thanks to @uazo)
+* removed flag to disable webGL
+* fix bottom navigation bar search/site suggestions behaviour (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/2049)
+* enable process isolation for all iframes
+* add webRTC site settings (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1965)
+
+# 101.0.4951.53
+* move incognito settings to separate page (thanks to @uazo)
+* disable automatic offline pages saving by default (thanks to @uazo)
+* make history support and site settings in always incognito mode disabled by default (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1991)
+* move pop-up toolbar to the bottom when using bottom navigation bar (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/2030)
+* menu does not show all entries (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/2011)
+* stray shadow when using bottom toolbar (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1995)
+
+# 101.0.4951.39
+* save only ContentSettings in always-incognito mode (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1942)
+* fix a couple issues related to signin and metrics leftover code affecting debug builds (thanks to @uazo)
+* remove some more parameters from the English-version search engine (thanks to @uazo)
+* add welcome screen with mention of privacy statements (fixes https://github.com/bromite/bromite/issues/691)
+
+# 100.0.4896.135
+* remove mremap from seccomp baseline policy
+* add flag to move top toolbar to bottom (thanks to @uazo)
+
+# 100.0.4896.92
+* improve user script errors and visualized name (thanks to @uazo)
+* fix autofill password not working anymore (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1956)
+* mark sites as visited when they have an already-parsed OpenSearch descriptor
+* disable TLS resumption by default (thanks to @uazo)
+* partition DoH requests by top-frame NIK (thanks to @uazo)
+
+# 100.0.4896.83
+* update zh_CN translations (thanks to @zhmars)
+* fix custom UA reported via Javascript (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1936)
+* introduce session granularity for permissions (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1549)
+* disable crash reporting
+* avoid script injection on some sites
+* fix upstream OpenSearch bug with search engines prematurely discarded
+* fix upstream DNS bug with inconsistent Android system DNS configuration (fixes https://github.com/bromite/bromite/issues/1960)
+* use less invasive approach to protect local IP address when using webRTC (fixes https://github.com/bromite/bromite/issues/589)
+* add menu entry to select all bookmarks (fixes https://github.com/bromite/bromite/issues/1959)
+* fix Note 9 crash on startup (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1871)
+* remove passwords menu entry for leak check
+* remove privacy menu entry to use phone as a security key
+
+# 100.0.4896.57
+* allow OpenSearch search engine URLs with path
+* disable AsyncDNS by default
+* remove translate menu entries
+* fix patch to remove contextual search (thanks to @nikolowry)
+* add option to never expire history
+* improve description for JIT site settings (fixes https://github.com/bromite/bromite/issues/1931)
+* remove more signin integration (fixes https://github.com/bromite/bromite/issues/1902)
+* miscellaneous fixes for AMP and background video playback (fixes https://github.com/bromite/bromite/issues/1921)
+* update zh_CN translations (thanks to @zhmars)
+
+# 99.0.4844.77
+* fix missing adaptive icon for updates
+* do not close adblock filters editor when tapping reset button
+* change text for 'Never' in history days to keep setting
+* bring back dictionary hints in address bar
+
+# 99.0.4844.58
+* remove contextual search (fixes https://github.com/bromite/bromite/issues/1750)
+* remove global JIT settings
+* add privacy setting for how many number of days of history to keep (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1870)
+* disable UA full version (thanks to @uazo)
+* reintroduce patch for Save-Data header
+* updated zh_CN translations (thanks to @zhmars)
+* reintroduce Save-Data header flag
+
+# 99.0.4844.55
+* flag to enable Certificate Transparency (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1554)
+* allow adding search engines from incognito mode
+* disable all predictors code (thanks to @uazo)
+* revert allow block of view-source URLs
+* enable StrictOriginIsolation and SitePerProcess for all devices (thanks to @uazo)
+* JIT toggle site setting (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1720 and https://github.com/bromite/bromite/issues/1819)
+* move always incognito preference to native (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1496 and https://github.com/bromite/bromite/issues/1568)
+* remove Save-Data header flag
+* close a potential security issue with user scripts on native pages (thanks to @uazo)
+* disable safety checks and possible Omaha interactions
+* disable SegmentationPlatformFeature and Optimization Hints (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1632)
+* add notification for a major upstream version being released (fixes https://github.com/bromite/bromite/issues/1796)
+* fix screenshots in incognito allowed by default (fixes https://github.com/bromite/bromite/issues/1816)
+
+# 98.0.4758.116
+* disable minidumps upload
+* complete disabling of client hint headers (thanks to @uazo)
+* disable another way to activate origin trials (thanks to @uazo)
+* fix for gateway attacks via websockets blocking (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1693)
+
 # 98.0.4758.108
 * re-introduce flag for text fragments
 * re-introduce content feature flag to disable field trials
@@ -51,6 +145,7 @@
 * fix incognito tab closing new tab under normal tab (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1030)
 * allow custom tab intents and opening external links in incognito (thanks to @uazo)
 * never use HTTP probes for connectivity check on Android < M
+* re-introduce option to use home page as NTP (thanks to @uazo, https://github.com/bromite/bromite/pull/1586)
 
 # 94.0.4606.109
 * experimental user scripts support (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/792)
@@ -175,7 +270,7 @@
 * use 64-bit ABI for webview processes (fixes https://github.com/bromite/bromite/issues/997)
 * use dedicated folder for bookmark all tabs
 * fix Javascript and cookies permissions missing (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/990)
-* fix missing enable save data header flag (fixes https://github.com/bromite/bromite/issues/989)
+* fix missing enable Save-Data header flag (fixes https://github.com/bromite/bromite/issues/989)
 * fix menu items not properly displayed with tab overflow menu regroup (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/963)
 
 # 89.0.4389.78

diff --git a/FAQ.md b/FAQ.md
@@ -48,9 +48,7 @@ It is not on the official F-Droid repository and there are no (more) plans to su
 You can use F-Droid client to install and receive updates via [the official Bromite F-Droid repository](https://www.bromite.org/fdroid).
 
 ## Does Bromite support WebRTC?
-Yes, since version 69. While the desktop version of Chromium has an option to disable it (video/audio site settings), the Android version cannot.
-
-The WebRTC functionality has always been using safe defaults to prevent leaks (disabled multiple routes and non-proxied UDP).
+Partially, see https://github.com/bromite/bromite/wiki/WebRTC
 
 ## Using Bromite will favour the monopoly of the Chromium/Blink engine, why do you develop and maintain Bromite?
 In short, to show what a Chromium-based engine could do **for the user** if the user experience and needs were the main focus of modern browser design.
@@ -85,3 +83,9 @@ No.
 Bromite does not make any choice related to default search engines, the Chromium default is used.
 Various Android browsers get some fee to ship their apps with a specific default search engine, Bromite does not get any fee from anyone.
 Changing the default search engine would lead to an endless series of requests to change it based on personal preferences, thus no change is made to the default.
+See also: https://github.com/bromite/bromite/wiki/SearchEngines
+
+## Some sites show ads, how can I fix this?
+You can compare the blocked URLs with a desktop browser and Bromite (using [remote debugging](https://developer.chrome.com/docs/devtools/remote-debugging/)) and figure out some new filter rules to be added.
+If the ads are blocked via cosmetic filtering then blocking them is not possible with Bromite's engine and you might need something like an [user script](https://github.com/bromite/bromite/wiki/UserScripts) instead.
+See also: https://github.com/bromite/bromite/wiki/AdBlocking
diff --git a/README.md b/README.md
@@ -7,11 +7,11 @@ security and privacy and fix various annoyances.
 
 One patch has been removed from the original Bromite distribution:
 
-  - Automated domain substitution
+- Automated domain substitution
 
 One patch has been modified:
 
-  - The Bromite adblock engine is disabled by default
+- The Bromite adblock engine is disabled by default
 
 # Build instructions
 
@@ -52,13 +52,13 @@ cd /tank/chromium4allen/src
 
 ## Prepare Chromium
 
-The patches are intended to be applied to the `98.0.4758.108` tag of
+The patches are intended to be applied to the `101.0.4951.69` tag of
 the Chromium repo. Before continuing, make sure you are on that tag in
 the Chromium source repo:
 
 ```
 git fetch origin
-git checkout -B promethean-98.0.4758.108 98.0.4758.108
+git checkout -B promethean-101.0.4951.69 101.0.4951.69
 gclient sync --with_branch_heads --with_tags
 gclient runhooks
 ```
@@ -88,7 +88,7 @@ done
 ```
 
 All patches should apply cleanly. If they did not, make sure you have
-checked out the proper Chromium tag (98.0.4758.108).
+checked out the proper Chromium tag (101.0.4951.69).
 
 ## Getting the third dependencies
 
@@ -154,21 +154,21 @@ If you do not have an upstream remote, add it with:
 
 2. Retrieve the upstream changes
 
-    git fetch upstream
+   git fetch upstream
 
 3. Find the latest Bromite release tag
 
-    git describe --tags --abbrev=0 upstream/master
+   git describe --tags --abbrev=0 upstream/master
 
-This will give you output like `98.0.4758.108` which we'll use as an example going forward.
+This will give you output like `101.0.4951.69` which we'll use as an example going forward.
 
 4. Create a new branch based on this tag
 
-    git checkout -b upstream-98.0.4758.108 98.0.4758.108
+   git checkout -b upstream-101.0.4951.69 101.0.4951.69
 
 5. Rebase this branch on the current master
 
-    git rebase origin/master
+   git rebase origin/master
 
 If the rebase complete cleanly, you're done! Push the branch and open
 a PR to master.
@@ -224,9 +224,10 @@ ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6`
 * always-incognito mode
 * disable all field trials permanently
 * disable smart search by default, allow web search from incognito mode
-* always-visible cookies, javascript and ads site settings
+* always-visible cookies, javascript and ads site settings from address bar popup
 * remove Play integration binary blobs
 * use [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) on all architectures except x86
+* enable trivial auto var init
 * disable media router and remoting by default
 * disable dynamic module loading
 * show warnings for TLSv1.0/TLSv1.1 pages
@@ -240,29 +241,40 @@ ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6`
 * security enhancement patches from [GrapheneOS](https://github.com/GrapheneOS) project
 * disable scroll-to-text-fragment
 * reduced referer granularity
-* block gateway attacks via websockets
+* block gateway attacks via websockets (partial fix, see [this upstream issue](https://bugs.chromium.org/p/chromium/issues/detail?id=590714))
 * use 64-bit ABI for webview processes
 * make all favicon requests on-demand ([supercookie](https://supercookie.me/) mitigation)
 * enable all network isolation features (`PartitionConnectionsByNetworkIsolationKey`, `PartitionHttpServerPropertiesByNetworkIsolationKey`, `SplitHostCacheByNetworkIsolationKey`, `AppendFrameOriginToNetworkIsolationKey`, `SplitCacheByNetworkIsolationKey`, `UseRegistrableDomainInNetworkIsolationKey`, `PartitionSSLSessionsByNetworkIsolationKey`, `PartitionExpectCTStateByNetworkIsolationKey`, `PartitionDomainReliabilityByNetworkIsolationKey`)
 * ignore enterprise policies that disallow secure DNS
 * ask permission to play protected media
 * disable the DIAL repeating discovery
 * disable RTCGetCurrentBrowsingContextMedia by default
-* disable FLoC by default
+* disable FLoC and privacy sandbox by default
 * disable feeds
 * disable reporting of certificate errors
 * use pre-defined phone model for client hints and Javascript
-* site settings to disable images
 * allow forcing external links to open in incognito
 * disable AGSA by default
-* allow disabling JIT
+* flag to enable Certificate Transparency
+* allow adding search engines from incognito mode
+* disable predictors
+* disable supervised users
+* disable safety check
+* disable capability to block `view-source:` URLs
+* disable `SegmentationPlatformFeature`, `OptimizationHints`, client hint headers
+* disable `AsyncDNS` by default
+* customize history expiration threshold
+* disable idle detection
+* HTTPS-only mode enabled by default
+* disable TLS resumption by default
+* partition DoH requests by top-frame NIK
+* add option to use home page as NTP
 
 ## Features not related to privacy
 * browser automatic updates, enabled by default
 * native Android autofill support
 * import/export bookmarks
 * bookmark all tabs from tabs regroup menu
-* flag to allow screenshots of incognito tabs
 * allow playing videos in background tabs and disable pause on switching tabs
 * all codecs included (proprietary, open H.264 etc.)
 * [AV1 codec support](https://github.com/bromite/bromite/wiki/AV1-support)
@@ -275,14 +287,17 @@ ETH donations address: `0x5d392F8FBf3465afe05B1Adc575e248D33B891F6`
 * adding an URL as bookmark will clear its blocked status for the NTP tiles
 * history support in incognito mode
 * view source of pages
-* timezone customization
 * sticky desktop mode setting
-* disable video autoplay by default, reintroduce site settings
 * mobile/desktop user agent customization
 * accessibility preference to force tablet UI
 * use Alt+D to focus address bar
 * allow sharing to Bromite
 * UI for crash information collection
+* allow OpenSearch search engine detection in incognito
+* allow OpenSearch search engine detection with paths
+* keyboard dictionary hints in address bar
+* always allow `view-source:` URLs
+* allow moving navigation bar to bottom
 
 You can inspect all functionality/privacy changes by reading the [patches](https://github.com/bromite/bromite/tree/master/build/patches) and/or the [CHANGELOG](./CHANGELOG.md).
 
@@ -307,7 +322,6 @@ New flags:
 * `#max-connections-per-host`
 * `#resume-background-video`
 * `#ipv6-probing`
-* `#disable-webgl`
 * `#enable-device-motion` and `#enable-device-orientation`
 * `#show-legacy-tls-warnings`
 * `#save-data-header`, disabled by default
@@ -316,6 +330,19 @@ New flags:
 * `#cleartext-permitted`, enabled by default, can be used to disable all cleartext-HTTP traffic
 * `#omnibox-autocomplete-filtering`, can be used to restrict omnibox autocomplete results
 * `#disable-external-intent-requests`
+* `#enable-userscripts-log`, see https://github.com/bromite/bromite/wiki/UserScripts#flags
+* `#certificate-transparency-enabled`, enabled by default; see https://chromium.googlesource.com/chromium/src/+/master/net/docs/certificate-transparency.md
+* `#move-top-toolbar-to-bottom`, disabled by default
+* `#site-engagement`, enabled by default
+
+### Site settings
+
+* webGL, disabled by default
+* images, enabled by default
+* Javascript JIT, disabled by default
+* timezone customization override
+* autoplay, disabled by default
+* webRTC, disabled by default
 
 # Privacy limitations
 

diff --git a/build/LASTCHANGE b/build/LASTCHANGE
@@ -0,0 +1 @@
+f441c1f02214920ad09ab14ca8be3eaa4b5a942a-
diff --git a/build/RELEASE b/build/RELEASE
@@ -1 +1 @@
-98.0.4758.108
+101.0.4951.69
diff --git a/build/RELEASE_COMMIT b/build/RELEASE_COMMIT
@@ -0,0 +1 @@
+3b19d1cba55608c5382ebd24ffdfa28d937c9e37
diff --git a/build/bromite.gn_args b/build/bromite.gn_args
@@ -1,5 +1,7 @@
 android_channel="stable"
 blink_symbol_level=1
+build_contextual_search=false
+build_with_tflite_lib=false
 chrome_pgo_phase=0
 dcheck_always_on=false
 debuggable_apks=false
@@ -20,7 +22,7 @@ enable_platform_dolby_vision=true
 enable_platform_hevc=true
 enable_remoting=false
 enable_reporting=false
-enable_supervised_users = false
+enable_supervised_users=false
 enable_vr=false
 exclude_unwind_tables=false
 ffmpeg_branding="Chrome"
@@ -37,7 +39,7 @@ system_webview_package_name="org.bromite.webview"
 target_os="android"
 target_cpu="arm"
 treat_warnings_as_errors=false
-use_cfi_cast = true
+use_cfi_cast=true
 use_debug_fission=true
 use_errorprone_java_compiler=false
 use_gnome_keyring=false