diff --git a/patches/build-hardening.patch b/patches/build-hardening.patch new file mode 100644 index 00000000..047894e3 --- /dev/null +++ b/patches/build-hardening.patch @@ -0,0 +1,24 @@ +diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn +index 5898b8c54bef2..d924cec372c1a 100644 +--- a/build/config/compiler/BUILD.gn ++++ b/build/config/compiler/BUILD.gn +@@ -371,6 +371,10 @@ config("compiler") { + } + } + ++ if (is_linux) { ++ cflags += [ "-fstack-clash-protection" ] ++ } ++ + if (use_lld) { + ldflags += [ "-fuse-ld=lld" ] + if (lld_path != "") { +@@ -2059,7 +2063,7 @@ config("chromium_code") { + # Non-chromium code is not guaranteed to compile cleanly with + # _FORTIFY_SOURCE. Also, fortified build may fail when optimizations are + # disabled, so only do that for Release build. +- fortify_level = "2" ++ fortify_level = "3" + + # ChromeOS's toolchain supports a high-quality _FORTIFY_SOURCE=3 + # implementation with a few custom glibc patches. Use that if it's diff --git a/patches/clear-windowname-property-across-contexts.patch b/patches/clear-windowname-property-across-contexts.patch new file mode 100644 index 00000000..f4006ea7 --- /dev/null +++ b/patches/clear-windowname-property-across-contexts.patch @@ -0,0 +1,34 @@ +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc +index a0ac946fc64b4..bb3ba83bf77a9 100644 +--- a/content/public/common/content_features.cc ++++ b/content/public/common/content_features.cc +@@ -192,7 +192,7 @@ BASE_FEATURE(kCdmStorageDatabaseMigration, + // swap BrowsingContextGroups(BrowsingInstances). + BASE_FEATURE(kClearCrossSiteCrossBrowsingContextGroupWindowName, + "ClearCrossSiteCrossBrowsingContextGroupWindowName", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kCompositeBGColorAnimation, + "CompositeBGColorAnimation", +diff --git a/third_party/blink/renderer/core/loader/document_loader.cc b/third_party/blink/renderer/core/loader/document_loader.cc +index 85c4d912e2fdb..d03099ab283f0 100644 +--- a/third_party/blink/renderer/core/loader/document_loader.cc ++++ b/third_party/blink/renderer/core/loader/document_loader.cc +@@ -2854,7 +2854,7 @@ void DocumentLoader::CommitNavigation() { + // that the name would be nulled and if the name is accessed after we will + // fire a UseCounter. If we decide to move forward with this change, we'd + // actually clean the name here. +- // frame_->tree().setName(g_null_atom); ++ frame_->Tree().SetName(g_null_atom); + frame_->Tree().ExperimentalSetNulledName(); + } + +@@ -2865,6 +2865,7 @@ void DocumentLoader::CommitNavigation() { + // TODO(shuuran): CrossSiteCrossBrowsingContextGroupSetNulledName will just + // record the fact that the name would be nulled and if the name is accessed + // after we will fire a UseCounter. ++ frame_->Tree().SetName(g_null_atom); + frame_->Tree().CrossSiteCrossBrowsingContextGroupSetNulledName(); + } + diff --git a/update-vanadium-patches.sh b/update-vanadium-patches.sh old mode 100644 new mode 100755 diff --git a/vanadium_patches/0011-Checkout-PGO-profiles.patch b/vanadium_patches/0012-Checkout-PGO-profiles.patch similarity index 93% rename from vanadium_patches/0011-Checkout-PGO-profiles.patch rename to vanadium_patches/0012-Checkout-PGO-profiles.patch index 4db38c45..b5d181f5 100644 --- a/vanadium_patches/0011-Checkout-PGO-profiles.patch +++ b/vanadium_patches/0012-Checkout-PGO-profiles.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Checkout PGO profiles 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPS b/DEPS -index 24e3d54243d59..5f30d7de632e9 100644 +index 76ea649d79e24..8ce0c6fd25774 100644 --- a/DEPS +++ b/DEPS @@ -149,7 +149,7 @@ vars = { diff --git a/vanadium_patches/0012-disable-checkout_nacl.patch b/vanadium_patches/0013-disable-checkout_nacl.patch similarity index 93% rename from vanadium_patches/0012-disable-checkout_nacl.patch rename to vanadium_patches/0013-disable-checkout_nacl.patch index d12147c8..c7351e9d 100644 --- a/vanadium_patches/0012-disable-checkout_nacl.patch +++ b/vanadium_patches/0013-disable-checkout_nacl.patch @@ -8,7 +8,7 @@ Subject: [PATCH] disable checkout_nacl 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPS b/DEPS -index 5f30d7de632e9..4505e1a6164b9 100644 +index 8ce0c6fd25774..10f8c4dea1d90 100644 --- a/DEPS +++ b/DEPS @@ -118,7 +118,7 @@ vars = { diff --git a/vanadium_patches/0014-disable-seed-based-field-trials.patch b/vanadium_patches/0015-disable-seed-based-field-trials.patch similarity index 100% rename from vanadium_patches/0014-disable-seed-based-field-trials.patch rename to vanadium_patches/0015-disable-seed-based-field-trials.patch diff --git a/vanadium_patches/0017-disable-navigation-error-correction-by-default.patch b/vanadium_patches/0019-disable-navigation-error-correction-by-default.patch similarity index 100% rename from vanadium_patches/0017-disable-navigation-error-correction-by-default.patch rename to vanadium_patches/0019-disable-navigation-error-correction-by-default.patch diff --git a/vanadium_patches/0019-disable-network-prediction-by-default.patch b/vanadium_patches/0021-disable-network-prediction-by-default.patch similarity index 100% rename from vanadium_patches/0019-disable-network-prediction-by-default.patch rename to vanadium_patches/0021-disable-network-prediction-by-default.patch diff --git a/vanadium_patches/0021-disable-hyperlink-auditing-by-default.patch b/vanadium_patches/0023-disable-hyperlink-auditing-by-default.patch similarity index 100% rename from vanadium_patches/0021-disable-hyperlink-auditing-by-default.patch rename to vanadium_patches/0023-disable-hyperlink-auditing-by-default.patch diff --git a/vanadium_patches/0022-disable-showing-popular-sites-by-default.patch b/vanadium_patches/0024-disable-showing-popular-sites-by-default.patch similarity index 100% rename from vanadium_patches/0022-disable-showing-popular-sites-by-default.patch rename to vanadium_patches/0024-disable-showing-popular-sites-by-default.patch diff --git a/vanadium_patches/0023-disable-article-suggestions-feature-by-default.patch b/vanadium_patches/0025-disable-article-suggestions-feature-by-default.patch similarity index 100% rename from vanadium_patches/0023-disable-article-suggestions-feature-by-default.patch rename to vanadium_patches/0025-disable-article-suggestions-feature-by-default.patch diff --git a/vanadium_patches/0024-disable-content-feed-suggestions-by-default.patch b/vanadium_patches/0026-disable-content-feed-suggestions-by-default.patch similarity index 100% rename from vanadium_patches/0024-disable-content-feed-suggestions-by-default.patch rename to vanadium_patches/0026-disable-content-feed-suggestions-by-default.patch diff --git a/vanadium_patches/0025-disable-sensors-access-by-default.patch b/vanadium_patches/0027-disable-sensors-access-by-default.patch similarity index 100% rename from vanadium_patches/0025-disable-sensors-access-by-default.patch rename to vanadium_patches/0027-disable-sensors-access-by-default.patch diff --git a/vanadium_patches/0026-block-playing-protected-media-by-default.patch b/vanadium_patches/0028-block-playing-protected-media-by-default.patch similarity index 100% rename from vanadium_patches/0026-block-playing-protected-media-by-default.patch rename to vanadium_patches/0028-block-playing-protected-media-by-default.patch diff --git a/vanadium_patches/0027-disable-third-party-cookies-by-default.patch b/vanadium_patches/0029-disable-third-party-cookies-by-default.patch similarity index 100% rename from vanadium_patches/0027-disable-third-party-cookies-by-default.patch rename to vanadium_patches/0029-disable-third-party-cookies-by-default.patch diff --git a/vanadium_patches/0028-disable-background-sync-by-default.patch b/vanadium_patches/0030-disable-background-sync-by-default.patch similarity index 100% rename from vanadium_patches/0028-disable-background-sync-by-default.patch rename to vanadium_patches/0030-disable-background-sync-by-default.patch diff --git a/vanadium_patches/0029-disable-payment-support-by-default.patch b/vanadium_patches/0031-disable-payment-support-by-default.patch similarity index 100% rename from vanadium_patches/0029-disable-payment-support-by-default.patch rename to vanadium_patches/0031-disable-payment-support-by-default.patch diff --git a/vanadium_patches/0030-disable-media-router-media-remoting-by-default.patch b/vanadium_patches/0032-disable-media-router-media-remoting-by-default.patch similarity index 100% rename from vanadium_patches/0030-disable-media-router-media-remoting-by-default.patch rename to vanadium_patches/0032-disable-media-router-media-remoting-by-default.patch diff --git a/vanadium_patches/0031-disable-media-router-by-default.patch b/vanadium_patches/0033-disable-media-router-by-default.patch similarity index 100% rename from vanadium_patches/0031-disable-media-router-by-default.patch rename to vanadium_patches/0033-disable-media-router-by-default.patch diff --git a/vanadium_patches/0033-disable-browser-sign-in-feature-by-default.patch b/vanadium_patches/0035-disable-browser-sign-in-feature-by-default.patch similarity index 100% rename from vanadium_patches/0033-disable-browser-sign-in-feature-by-default.patch rename to vanadium_patches/0035-disable-browser-sign-in-feature-by-default.patch diff --git a/vanadium_patches/0035-disable-safe-browsing-reporting-opt-in-by-default.patch b/vanadium_patches/0036-disable-safe-browsing-reporting-opt-in-by-default.patch similarity index 100% rename from vanadium_patches/0035-disable-safe-browsing-reporting-opt-in-by-default.patch rename to vanadium_patches/0036-disable-safe-browsing-reporting-opt-in-by-default.patch diff --git a/vanadium_patches/0036-disable-unused-safe-browsing-option-by-default.patch b/vanadium_patches/0037-disable-unused-safe-browsing-option-by-default.patch similarity index 100% rename from vanadium_patches/0036-disable-unused-safe-browsing-option-by-default.patch rename to vanadium_patches/0037-disable-unused-safe-browsing-option-by-default.patch diff --git a/vanadium_patches/0037-disable-media-DRM-preprovisioning-by-default.patch b/vanadium_patches/0038-disable-media-DRM-preprovisioning-by-default.patch similarity index 100% rename from vanadium_patches/0037-disable-media-DRM-preprovisioning-by-default.patch rename to vanadium_patches/0038-disable-media-DRM-preprovisioning-by-default.patch diff --git a/vanadium_patches/0038-disable-autofill-server-communication-by-default.patch b/vanadium_patches/0039-disable-autofill-server-communication-by-default.patch similarity index 100% rename from vanadium_patches/0038-disable-autofill-server-communication-by-default.patch rename to vanadium_patches/0039-disable-autofill-server-communication-by-default.patch diff --git a/vanadium_patches/0039-disable-component-updater-pings-by-default.patch b/vanadium_patches/0040-disable-component-updater-pings-by-default.patch similarity index 100% rename from vanadium_patches/0039-disable-component-updater-pings-by-default.patch rename to vanadium_patches/0040-disable-component-updater-pings-by-default.patch diff --git a/vanadium_patches/0041-disable-trivial-subdomain-hiding.patch b/vanadium_patches/0042-disable-trivial-subdomain-hiding.patch similarity index 100% rename from vanadium_patches/0041-disable-trivial-subdomain-hiding.patch rename to vanadium_patches/0042-disable-trivial-subdomain-hiding.patch diff --git a/vanadium_patches/0044-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch b/vanadium_patches/0045-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch similarity index 100% rename from vanadium_patches/0044-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch rename to vanadium_patches/0045-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch diff --git a/vanadium_patches/0046-Disable-newer-privacy-sandbox-features-by-default.patch b/vanadium_patches/0047-Disable-newer-privacy-sandbox-features-by-default.patch similarity index 100% rename from vanadium_patches/0046-Disable-newer-privacy-sandbox-features-by-default.patch rename to vanadium_patches/0047-Disable-newer-privacy-sandbox-features-by-default.patch diff --git a/vanadium_patches/0048-Disable-top-toolbar-button-Translate-option-by-defau.patch b/vanadium_patches/0049-Disable-top-toolbar-button-Translate-option-by-defau.patch similarity index 100% rename from vanadium_patches/0048-Disable-top-toolbar-button-Translate-option-by-defau.patch rename to vanadium_patches/0049-Disable-top-toolbar-button-Translate-option-by-defau.patch diff --git a/vanadium_patches/0049-always-use-local-new-tab-page.patch b/vanadium_patches/0050-always-use-local-new-tab-page.patch similarity index 100% rename from vanadium_patches/0049-always-use-local-new-tab-page.patch rename to vanadium_patches/0050-always-use-local-new-tab-page.patch diff --git a/vanadium_patches/0050-mark-non-secure-origins-as-dangerous.patch b/vanadium_patches/0051-mark-non-secure-origins-as-dangerous.patch similarity index 100% rename from vanadium_patches/0050-mark-non-secure-origins-as-dangerous.patch rename to vanadium_patches/0051-mark-non-secure-origins-as-dangerous.patch diff --git a/vanadium_patches/0052-stub-out-the-battery-status-API.patch b/vanadium_patches/0053-stub-out-the-battery-status-API.patch similarity index 100% rename from vanadium_patches/0052-stub-out-the-battery-status-API.patch rename to vanadium_patches/0053-stub-out-the-battery-status-API.patch diff --git a/vanadium_patches/0055-disable-trials-of-privacy-aware-analytics-advertisin.patch b/vanadium_patches/0056-disable-trials-of-privacy-aware-analytics-advertisin.patch similarity index 100% rename from vanadium_patches/0055-disable-trials-of-privacy-aware-analytics-advertisin.patch rename to vanadium_patches/0056-disable-trials-of-privacy-aware-analytics-advertisin.patch diff --git a/vanadium_patches/0057-disable-appending-variations-header.patch b/vanadium_patches/0058-disable-appending-variations-header.patch similarity index 100% rename from vanadium_patches/0057-disable-appending-variations-header.patch rename to vanadium_patches/0058-disable-appending-variations-header.patch diff --git a/vanadium_patches/0058-Disable-detailed-language-settings-by-default.patch b/vanadium_patches/0059-Disable-detailed-language-settings-by-default.patch similarity index 100% rename from vanadium_patches/0058-Disable-detailed-language-settings-by-default.patch rename to vanadium_patches/0059-Disable-detailed-language-settings-by-default.patch diff --git a/vanadium_patches/0059-disable-fetching-optimization-guides-by-default.patch b/vanadium_patches/0060-disable-fetching-optimization-guides-by-default.patch similarity index 100% rename from vanadium_patches/0059-disable-fetching-optimization-guides-by-default.patch rename to vanadium_patches/0060-disable-fetching-optimization-guides-by-default.patch diff --git a/vanadium_patches/0063-require-HTTPS-for-component-updates.patch b/vanadium_patches/0064-require-HTTPS-for-component-updates.patch similarity index 100% rename from vanadium_patches/0063-require-HTTPS-for-component-updates.patch rename to vanadium_patches/0064-require-HTTPS-for-component-updates.patch diff --git a/vanadium_patches/0069-enable-prefetch-privacy-changes-by-default.patch b/vanadium_patches/0070-enable-prefetch-privacy-changes-by-default.patch similarity index 100% rename from vanadium_patches/0069-enable-prefetch-privacy-changes-by-default.patch rename to vanadium_patches/0070-enable-prefetch-privacy-changes-by-default.patch diff --git a/vanadium_patches/0070-enable-split-cache-by-default.patch b/vanadium_patches/0071-enable-split-cache-by-default.patch similarity index 100% rename from vanadium_patches/0070-enable-split-cache-by-default.patch rename to vanadium_patches/0071-enable-split-cache-by-default.patch diff --git a/vanadium_patches/0071-enable-partitioning-connections-by-default.patch b/vanadium_patches/0072-enable-partitioning-connections-by-default.patch similarity index 100% rename from vanadium_patches/0071-enable-partitioning-connections-by-default.patch rename to vanadium_patches/0072-enable-partitioning-connections-by-default.patch diff --git a/vanadium_patches/0074-Enable-strict-origin-isolation-by-default.patch b/vanadium_patches/0075-Enable-strict-origin-isolation-by-default.patch similarity index 100% rename from vanadium_patches/0074-Enable-strict-origin-isolation-by-default.patch rename to vanadium_patches/0075-Enable-strict-origin-isolation-by-default.patch diff --git a/vanadium_patches/0075-Enable-reduce-accept-language-header-by-default.patch b/vanadium_patches/0076-Enable-reduce-accept-language-header-by-default.patch similarity index 100% rename from vanadium_patches/0075-Enable-reduce-accept-language-header-by-default.patch rename to vanadium_patches/0076-Enable-reduce-accept-language-header-by-default.patch diff --git a/vanadium_patches/0115-Derive-high-entropy-client-hints-with-reduced-user-a.patch b/vanadium_patches/0116-Derive-high-entropy-client-hints-with-reduced-user-a.patch similarity index 100% rename from vanadium_patches/0115-Derive-high-entropy-client-hints-with-reduced-user-a.patch rename to vanadium_patches/0116-Derive-high-entropy-client-hints-with-reduced-user-a.patch diff --git a/vanadium_patches/0122-Use-local-list-of-supported-languages-for-Language-s.patch b/vanadium_patches/0123-Use-local-list-of-supported-languages-for-Language-s.patch similarity index 100% rename from vanadium_patches/0122-Use-local-list-of-supported-languages-for-Language-s.patch rename to vanadium_patches/0123-Use-local-list-of-supported-languages-for-Language-s.patch diff --git a/vanadium_patches/0165-Enable-content-settings-partitioning-by-default.patch b/vanadium_patches/0167-Enable-content-settings-partitioning-by-default.patch similarity index 100% rename from vanadium_patches/0165-Enable-content-settings-partitioning-by-default.patch rename to vanadium_patches/0167-Enable-content-settings-partitioning-by-default.patch