From 92c0d59c1e4e1b9ff427e85d7a60fcaf3aaca111 Mon Sep 17 00:00:00 2001 From: Rootkit404 <175176948+RKNF404@users.noreply.github.com> Date: Fri, 19 Jul 2024 21:18:46 -0400 Subject: [PATCH 1/5] Enable partitioning features and modernize existing partitioning patch from Vanadium --- patches/enable-memory-cache-scoping.patch | 13 +++++ patches/enable-state-partitioning.patch | 13 +++++ ...e-visited-link-database-partitioning.patch | 13 +++++ ...-partitioning-connections-by-default.patch | 47 ------------------- 4 files changed, 39 insertions(+), 47 deletions(-) create mode 100644 patches/enable-memory-cache-scoping.patch create mode 100644 patches/enable-state-partitioning.patch create mode 100644 patches/enable-visited-link-database-partitioning.patch delete mode 100644 vanadium_patches/0071-enable-partitioning-connections-by-default.patch diff --git a/patches/enable-memory-cache-scoping.patch b/patches/enable-memory-cache-scoping.patch new file mode 100644 index 00000000..cd34da07 --- /dev/null +++ b/patches/enable-memory-cache-scoping.patch @@ -0,0 +1,13 @@ +diff --git a/third_party/blink/common/features.cc b/third_party/blink/common/features.cc +index 00e268b511265..ccfca911e3a2f 100644 +--- a/third_party/blink/common/features.cc ++++ b/third_party/blink/common/features.cc +@@ -2081,7 +2081,7 @@ BASE_FEATURE(kSaveDataImgSrcset, + // fetched it was the same as the current document. + BASE_FEATURE(kScopeMemoryCachePerContext, + "ScopeMemoryCachePerContext", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kPausePagesPerBrowsingContextGroup, + "PausePagesPerBrowsingContextGroup", diff --git a/patches/enable-state-partitioning.patch b/patches/enable-state-partitioning.patch new file mode 100644 index 00000000..71e152ee --- /dev/null +++ b/patches/enable-state-partitioning.patch @@ -0,0 +1,13 @@ +diff --git a/net/base/features.cc b/net/base/features.cc +index 387c7f01e1f5e..a69ddbc33983f 100644 +--- a/net/base/features.cc ++++ b/net/base/features.cc +@@ -134,7 +134,7 @@ BASE_FEATURE(kSplitCodeCacheByNetworkIsolationKey, + + BASE_FEATURE(kPartitionConnectionsByNetworkIsolationKey, + "PartitionConnectionsByNetworkIsolationKey", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kTLS13KeyUpdate, + "TLS13KeyUpdate", diff --git a/patches/enable-visited-link-database-partitioning.patch b/patches/enable-visited-link-database-partitioning.patch new file mode 100644 index 00000000..8d4c8064 --- /dev/null +++ b/patches/enable-visited-link-database-partitioning.patch @@ -0,0 +1,13 @@ +diff --git a/third_party/blink/common/features.cc b/third_party/blink/common/features.cc +index 00e268b511265..9f59a42de211b 100644 +--- a/third_party/blink/common/features.cc ++++ b/third_party/blink/common/features.cc +@@ -1769,7 +1769,7 @@ const base::FeatureParam kPartialLowEndModeExcludeCanvasFontCache{ + // TODO(crbug.com/329102369): complete the partitioned hashtable implementation. + BASE_FEATURE(kPartitionVisitedLinkDatabase, + "PartitionVisitedLinkDatabase", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + // Enables the use of the PaintCache for Path2D objects that are rasterized + // out of process. Has no effect when kCanvasOopRasterization is disabled. diff --git a/vanadium_patches/0071-enable-partitioning-connections-by-default.patch b/vanadium_patches/0071-enable-partitioning-connections-by-default.patch deleted file mode 100644 index 1a0b4848..00000000 --- a/vanadium_patches/0071-enable-partitioning-connections-by-default.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Daniel Micay -Date: Mon, 8 Mar 2021 16:53:47 -0500 -Subject: [PATCH] enable partitioning connections by default - ---- - net/base/features.cc | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/net/base/features.cc b/net/base/features.cc -index 3f6d23fae985e..512ba5171cf0e 100644 ---- a/net/base/features.cc -+++ b/net/base/features.cc -@@ -119,27 +119,27 @@ BASE_FEATURE(kSplitCodeCacheByNetworkIsolationKey, - - BASE_FEATURE(kSplitHostCacheByNetworkIsolationKey, - "SplitHostCacheByNetworkIsolationKey", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kPartitionConnectionsByNetworkIsolationKey, - "PartitionConnectionsByNetworkIsolationKey", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kPartitionHttpServerPropertiesByNetworkIsolationKey, - "PartitionHttpServerPropertiesByNetworkIsolationKey", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kPartitionSSLSessionsByNetworkIsolationKey, - "PartitionSSLSessionsByNetworkIsolationKey", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kPartitionNelAndReportingByNetworkIsolationKey, - "PartitionNelAndReportingByNetworkIsolationKey", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kEnableCrossSiteFlagNetworkIsolationKey, - "EnableCrossSiteFlagNetworkIsolationKey", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - BASE_FEATURE(kEnableFrameSiteSharedOpaqueNetworkIsolationKey, - "EnableFrameSiteSharedOpaqueNetworkIsolationKey", - base::FEATURE_DISABLED_BY_DEFAULT); From 0a492eef0859f6be08bb129c26c940f19f4cfc6c Mon Sep 17 00:00:00 2001 From: Rootkit404 <175176948+RKNF404@users.noreply.github.com> Date: Sun, 21 Jul 2024 23:13:11 -0400 Subject: [PATCH 2/5] Added back Vanadium patch, removed experimental memory cache partitioning patch. --- patches/enable-memory-cache-scoping.patch | 13 ----- patches/enable-state-partitioning.patch | 13 ----- ...-partitioning-connections-by-default.patch | 47 +++++++++++++++++++ 3 files changed, 47 insertions(+), 26 deletions(-) delete mode 100644 patches/enable-memory-cache-scoping.patch delete mode 100644 patches/enable-state-partitioning.patch create mode 100644 vanadium_patches/0071-enable-partitioning-connections-by-default.patch diff --git a/patches/enable-memory-cache-scoping.patch b/patches/enable-memory-cache-scoping.patch deleted file mode 100644 index cd34da07..00000000 --- a/patches/enable-memory-cache-scoping.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/third_party/blink/common/features.cc b/third_party/blink/common/features.cc -index 00e268b511265..ccfca911e3a2f 100644 ---- a/third_party/blink/common/features.cc -+++ b/third_party/blink/common/features.cc -@@ -2081,7 +2081,7 @@ BASE_FEATURE(kSaveDataImgSrcset, - // fetched it was the same as the current document. - BASE_FEATURE(kScopeMemoryCachePerContext, - "ScopeMemoryCachePerContext", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kPausePagesPerBrowsingContextGroup, - "PausePagesPerBrowsingContextGroup", diff --git a/patches/enable-state-partitioning.patch b/patches/enable-state-partitioning.patch deleted file mode 100644 index 71e152ee..00000000 --- a/patches/enable-state-partitioning.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/net/base/features.cc b/net/base/features.cc -index 387c7f01e1f5e..a69ddbc33983f 100644 ---- a/net/base/features.cc -+++ b/net/base/features.cc -@@ -134,7 +134,7 @@ BASE_FEATURE(kSplitCodeCacheByNetworkIsolationKey, - - BASE_FEATURE(kPartitionConnectionsByNetworkIsolationKey, - "PartitionConnectionsByNetworkIsolationKey", -- base::FEATURE_DISABLED_BY_DEFAULT); -+ base::FEATURE_ENABLED_BY_DEFAULT); - - BASE_FEATURE(kTLS13KeyUpdate, - "TLS13KeyUpdate", diff --git a/vanadium_patches/0071-enable-partitioning-connections-by-default.patch b/vanadium_patches/0071-enable-partitioning-connections-by-default.patch new file mode 100644 index 00000000..1a0b4848 --- /dev/null +++ b/vanadium_patches/0071-enable-partitioning-connections-by-default.patch @@ -0,0 +1,47 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Mon, 8 Mar 2021 16:53:47 -0500 +Subject: [PATCH] enable partitioning connections by default + +--- + net/base/features.cc | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/net/base/features.cc b/net/base/features.cc +index 3f6d23fae985e..512ba5171cf0e 100644 +--- a/net/base/features.cc ++++ b/net/base/features.cc +@@ -119,27 +119,27 @@ BASE_FEATURE(kSplitCodeCacheByNetworkIsolationKey, + + BASE_FEATURE(kSplitHostCacheByNetworkIsolationKey, + "SplitHostCacheByNetworkIsolationKey", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kPartitionConnectionsByNetworkIsolationKey, + "PartitionConnectionsByNetworkIsolationKey", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kPartitionHttpServerPropertiesByNetworkIsolationKey, + "PartitionHttpServerPropertiesByNetworkIsolationKey", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kPartitionSSLSessionsByNetworkIsolationKey, + "PartitionSSLSessionsByNetworkIsolationKey", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kPartitionNelAndReportingByNetworkIsolationKey, + "PartitionNelAndReportingByNetworkIsolationKey", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kEnableCrossSiteFlagNetworkIsolationKey, + "EnableCrossSiteFlagNetworkIsolationKey", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + BASE_FEATURE(kEnableFrameSiteSharedOpaqueNetworkIsolationKey, + "EnableFrameSiteSharedOpaqueNetworkIsolationKey", + base::FEATURE_DISABLED_BY_DEFAULT); From b71efce9ea847403a7c90e05d9d3f36e6370ce25 Mon Sep 17 00:00:00 2001 From: Rootkit404 <175176948+RKNF404@users.noreply.github.com> Date: Mon, 22 Jul 2024 12:10:06 -0400 Subject: [PATCH 3/5] Add patch to spec file --- hardening.patch | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/hardening.patch b/hardening.patch index d41bf454..2624b5d2 100644 --- a/hardening.patch +++ b/hardening.patch @@ -36,7 +36,7 @@ index 931b9c0..451591e 100644 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only) -@@ -563,6 +563,81 @@ Patch413: fix-unknown-warning-option-messages.diff +@@ -563,6 +563,82 @@ Patch413: fix-unknown-warning-option-messages.diff # 64kpage support on el8 Patch500: chromium-124-el8-support-64kpage.patch @@ -114,11 +114,12 @@ index 931b9c0..451591e 100644 +Patch2076: disable-sync-by-default.patch +Patch2077: disable-infobar-for-builds-without-api-key.patch +Patch2078: disable-printing-by-default.patch ++Patch2079: enable-visited-link-database-partitioning.patch + # Use chromium-latest.py to generate clean tarball from released build tarballs, found here: # http://build.chromium.org/buildbot/official/ # For Chromium Fedora use chromium-latest.py --stable --ffmpegclean --ffmpegarm -@@ -928,7 +1003,7 @@ Requires: libcanberra-gtk3%{_isa} +@@ -928,7 +1004,7 @@ Requires: libcanberra-gtk3%{_isa} Requires: u2f-hidraw-policy %endif @@ -127,7 +128,7 @@ index 931b9c0..451591e 100644 # rhel 7: x86_64 # rhel 8 or newer: x86_64, aarch64 -@@ -1098,7 +1173,7 @@ Requires(preun): systemd +@@ -1098,7 +1174,7 @@ Requires(preun): systemd Requires(postun): systemd Requires: xorg-x11-server-Xvfb Requires: python3-psutil @@ -136,7 +137,7 @@ index 931b9c0..451591e 100644 Summary: Remote desktop support for google-chrome & chromium %description -n chrome-remote-desktop -@@ -1107,7 +1182,7 @@ Remote desktop support for google-chrome & chromium. +@@ -1107,7 +1183,7 @@ Remote desktop support for google-chrome & chromium. %package -n chromedriver Summary: WebDriver for Google Chrome/Chromium @@ -145,7 +146,7 @@ index 931b9c0..451591e 100644 %description -n chromedriver WebDriver is an open source tool for automated testing of webapps across many -@@ -1118,7 +1193,7 @@ members of the Chromium and WebDriver teams. +@@ -1118,7 +1194,7 @@ members of the Chromium and WebDriver teams. %package headless Summary: A minimal headless shell built from Chromium @@ -154,7 +155,7 @@ index 931b9c0..451591e 100644 %description headless A minimal headless client built from Chromium. headless_shell is built -@@ -1127,14 +1202,14 @@ udev. +@@ -1127,14 +1203,14 @@ udev. %package qt5-ui Summary: Qt5 UI built from Chromium @@ -171,7 +172,7 @@ index 931b9c0..451591e 100644 %description qt6-ui Qt6 UI for chromium. -@@ -1341,6 +1416,78 @@ cp /opt/rh/%{toolset}-%{dts_version}/root/usr/include/c++/%{dts_version}/optiona +@@ -1341,6 +1417,78 @@ cp /opt/rh/%{toolset}-%{dts_version}/root/usr/include/c++/%{dts_version}/optiona %endif %endif @@ -250,7 +251,7 @@ index 931b9c0..451591e 100644 # Change shebang in all relevant files in this directory and all subdirectories # See `man find` for how the `-exec command {} +` syntax works find -type f \( -iname "*.py" \) -exec sed -i '1s=^#! */usr/bin/\(python\|env python\)[23]\?=#!%{chromium_pybin}=' {} + -@@ -1393,7 +1540,7 @@ cp -a %{_includedir}/libusb-1.0/libusb.h third_party/libusb/src/libusb/libusb.h +@@ -1393,7 +1541,7 @@ cp -a %{_includedir}/libusb-1.0/libusb.h third_party/libusb/src/libusb/libusb.h %endif # Hard code extra version @@ -259,7 +260,7 @@ index 931b9c0..451591e 100644 # Fix hardcoded path in remoting code sed -i 's|/opt/google/chrome-remote-desktop|%{crd_path}|g' remoting/host/setup/daemon_controller_delegate_linux.cc -@@ -1494,9 +1641,11 @@ sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/gene +@@ -1494,9 +1642,11 @@ sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/gene CHROMIUM_CORE_GN_DEFINES+=' chrome_pgo_phase=0' @@ -274,7 +275,7 @@ index 931b9c0..451591e 100644 %if %{useapikey} CHROMIUM_CORE_GN_DEFINES+=' google_api_key="%{api_key}"' -@@ -1547,6 +1696,9 @@ CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=false' +@@ -1547,6 +1697,9 @@ CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=false' %endif CHROMIUM_CORE_GN_DEFINES+=' enable_iterator_debugging=false' CHROMIUM_CORE_GN_DEFINES+=' enable_vr=false' @@ -284,7 +285,7 @@ index 931b9c0..451591e 100644 CHROMIUM_CORE_GN_DEFINES+=' build_dawn_tests=false enable_perfetto_unittests=false' CHROMIUM_CORE_GN_DEFINES+=' disable_fieldtrial_testing_config=true' CHROMIUM_CORE_GN_DEFINES+=' symbol_level=%{debug_level} blink_symbol_level=%{debug_level}' -@@ -1586,8 +1738,8 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_qt6=false' +@@ -1586,8 +1739,8 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_qt6=false' %endif CHROMIUM_BROWSER_GN_DEFINES+=' use_gio=true use_pulseaudio=true' @@ -295,7 +296,7 @@ index 931b9c0..451591e 100644 %if %{use_vaapi} CHROMIUM_BROWSER_GN_DEFINES+=' use_vaapi=true' -@@ -1784,15 +1936,15 @@ rm -rf %{buildroot} +@@ -1784,15 +1937,15 @@ rm -rf %{buildroot} mkdir -p %{buildroot}%{_bindir} \ %{buildroot}%{chromium_path}/locales \ @@ -314,7 +315,7 @@ index 931b9c0..451591e 100644 %endif export BUILD_TARGET=`cat /etc/redhat-release` -@@ -1953,7 +2105,7 @@ mkdir -p %{buildroot}%{_datadir}/icons/hicolor/24x24/apps +@@ -1953,7 +2106,7 @@ mkdir -p %{buildroot}%{_datadir}/icons/hicolor/24x24/apps cp -a chrome/app/theme/chromium/product_logo_24.png %{buildroot}%{_datadir}/icons/hicolor/24x24/apps/%{chromium_browser_channel}.png # Install the master_preferences file @@ -323,7 +324,7 @@ index 931b9c0..451591e 100644 mkdir -p %{buildroot}%{_datadir}/applications/ desktop-file-install --dir %{buildroot}%{_datadir}/applications %{SOURCE4} -@@ -2005,11 +2157,11 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt +@@ -2005,11 +2158,11 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %doc AUTHORS README.fedora %doc chrome_policy_list.html *.json %license LICENSE @@ -340,7 +341,6 @@ index 931b9c0..451591e 100644 %{_bindir}/%{chromium_browser_channel} %{chromium_path}/*.bin diff --git a/master_preferences b/master_preferences -index 8d732dc..58b079c 100644 --- a/master_preferences +++ b/master_preferences @@ -1,5 +1,5 @@ From 6142aa15d1ccb9f35bf48decef7a835f1c1570ab Mon Sep 17 00:00:00 2001 From: Rootkit404 <175176948+RKNF404@users.noreply.github.com> Date: Mon, 22 Jul 2024 14:15:53 -0400 Subject: [PATCH 4/5] Actually add the patch --- hardening.patch | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/hardening.patch b/hardening.patch index 2624b5d2..48c995fe 100644 --- a/hardening.patch +++ b/hardening.patch @@ -172,7 +172,7 @@ index 931b9c0..451591e 100644 %description qt6-ui Qt6 UI for chromium. -@@ -1341,6 +1417,78 @@ cp /opt/rh/%{toolset}-%{dts_version}/root/usr/include/c++/%{dts_version}/optiona +@@ -1341,6 +1417,79 @@ cp /opt/rh/%{toolset}-%{dts_version}/root/usr/include/c++/%{dts_version}/optiona %endif %endif @@ -248,10 +248,11 @@ index 931b9c0..451591e 100644 +%patch -P2076 -p1 -b .disable-sync-by-default +%patch -P2077 -p1 -b .disable-infobar-for-builds-without-api-key +%patch -P2078 -p1 -b .disable-printing-by-default ++%patch -P2079 -p1 -b .enable-visited-link-database-partitioning # Change shebang in all relevant files in this directory and all subdirectories # See `man find` for how the `-exec command {} +` syntax works find -type f \( -iname "*.py" \) -exec sed -i '1s=^#! */usr/bin/\(python\|env python\)[23]\?=#!%{chromium_pybin}=' {} + -@@ -1393,7 +1541,7 @@ cp -a %{_includedir}/libusb-1.0/libusb.h third_party/libusb/src/libusb/libusb.h +@@ -1393,7 +1542,7 @@ cp -a %{_includedir}/libusb-1.0/libusb.h third_party/libusb/src/libusb/libusb.h %endif # Hard code extra version @@ -260,7 +261,7 @@ index 931b9c0..451591e 100644 # Fix hardcoded path in remoting code sed -i 's|/opt/google/chrome-remote-desktop|%{crd_path}|g' remoting/host/setup/daemon_controller_delegate_linux.cc -@@ -1494,9 +1642,11 @@ sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/gene +@@ -1494,9 +1643,11 @@ sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/gene CHROMIUM_CORE_GN_DEFINES+=' chrome_pgo_phase=0' @@ -275,7 +276,7 @@ index 931b9c0..451591e 100644 %if %{useapikey} CHROMIUM_CORE_GN_DEFINES+=' google_api_key="%{api_key}"' -@@ -1547,6 +1697,9 @@ CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=false' +@@ -1547,6 +1698,9 @@ CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=false' %endif CHROMIUM_CORE_GN_DEFINES+=' enable_iterator_debugging=false' CHROMIUM_CORE_GN_DEFINES+=' enable_vr=false' @@ -285,7 +286,7 @@ index 931b9c0..451591e 100644 CHROMIUM_CORE_GN_DEFINES+=' build_dawn_tests=false enable_perfetto_unittests=false' CHROMIUM_CORE_GN_DEFINES+=' disable_fieldtrial_testing_config=true' CHROMIUM_CORE_GN_DEFINES+=' symbol_level=%{debug_level} blink_symbol_level=%{debug_level}' -@@ -1586,8 +1739,8 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_qt6=false' +@@ -1586,8 +1740,8 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_qt6=false' %endif CHROMIUM_BROWSER_GN_DEFINES+=' use_gio=true use_pulseaudio=true' @@ -296,7 +297,7 @@ index 931b9c0..451591e 100644 %if %{use_vaapi} CHROMIUM_BROWSER_GN_DEFINES+=' use_vaapi=true' -@@ -1784,15 +1937,15 @@ rm -rf %{buildroot} +@@ -1784,15 +1938,15 @@ rm -rf %{buildroot} mkdir -p %{buildroot}%{_bindir} \ %{buildroot}%{chromium_path}/locales \ @@ -315,7 +316,7 @@ index 931b9c0..451591e 100644 %endif export BUILD_TARGET=`cat /etc/redhat-release` -@@ -1953,7 +2106,7 @@ mkdir -p %{buildroot}%{_datadir}/icons/hicolor/24x24/apps +@@ -1953,7 +2107,7 @@ mkdir -p %{buildroot}%{_datadir}/icons/hicolor/24x24/apps cp -a chrome/app/theme/chromium/product_logo_24.png %{buildroot}%{_datadir}/icons/hicolor/24x24/apps/%{chromium_browser_channel}.png # Install the master_preferences file @@ -324,7 +325,7 @@ index 931b9c0..451591e 100644 mkdir -p %{buildroot}%{_datadir}/applications/ desktop-file-install --dir %{buildroot}%{_datadir}/applications %{SOURCE4} -@@ -2005,11 +2158,11 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt +@@ -2005,11 +2159,11 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %doc AUTHORS README.fedora %doc chrome_policy_list.html *.json %license LICENSE @@ -340,7 +341,6 @@ index 931b9c0..451591e 100644 %endif %{_bindir}/%{chromium_browser_channel} %{chromium_path}/*.bin -diff --git a/master_preferences b/master_preferences --- a/master_preferences +++ b/master_preferences @@ -1,5 +1,5 @@ From a1b793e54e6ba27e350fb39754f33885b97b1f8b Mon Sep 17 00:00:00 2001 From: Rootkit404 <175176948+RKNF404@users.noreply.github.com> Date: Mon, 22 Jul 2024 14:23:17 -0400 Subject: [PATCH 5/5] Incremement release --- hardening.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening.patch b/hardening.patch index 48c995fe..cf456f5e 100644 --- a/hardening.patch +++ b/hardening.patch @@ -32,7 +32,7 @@ index 931b9c0..451591e 100644 +Name: hardened-chromium%{chromium_channel} Version: 126.0.6478.182 -Release: 1%{?dist} -+Release: 2%{?dist} ++Release: 3%{?dist} Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)