From 2f59b2014e4203aeaab2d83c7f3707876faefa57 Mon Sep 17 00:00:00 2001 From: Rootkit404 <175176948+RKNF404@users.noreply.github.com> Date: Thu, 29 Aug 2024 15:39:07 -0400 Subject: [PATCH 1/2] Add new patches, update Vanadium patches --- patches/build-hardening.patch | 22 ++++++++++ ...-windowname-property-across-contexts.patch | 42 +++++++++++++++++++ update-vanadium-patches.sh | 0 ...patch => 0012-Checkout-PGO-profiles.patch} | 2 +- ...patch => 0013-disable-checkout_nacl.patch} | 2 +- ...015-disable-seed-based-field-trials.patch} | 0 ...igation-error-correction-by-default.patch} | 0 ...sable-network-prediction-by-default.patch} | 0 ...sable-hyperlink-auditing-by-default.patch} | 0 ...le-showing-popular-sites-by-default.patch} | 0 ...icle-suggestions-feature-by-default.patch} | 0 ...content-feed-suggestions-by-default.patch} | 0 ...7-disable-sensors-access-by-default.patch} | 0 ...-playing-protected-media-by-default.patch} | 0 ...able-third-party-cookies-by-default.patch} | 0 ...-disable-background-sync-by-default.patch} | 0 ...-disable-payment-support-by-default.patch} | 0 ...ia-router-media-remoting-by-default.patch} | 0 ...033-disable-media-router-by-default.patch} | 0 ...-browser-sign-in-feature-by-default.patch} | 0 ...rowsing-reporting-opt-in-by-default.patch} | 0 ...sed-safe-browsing-option-by-default.patch} | 0 ...edia-DRM-preprovisioning-by-default.patch} | 0 ...ill-server-communication-by-default.patch} | 0 ...-component-updater-pings-by-default.patch} | 0 ...42-disable-trivial-subdomain-hiding.patch} | 0 ...uthFetcher-code-due-to-upstream-bug.patch} | 0 ...privacy-sandbox-features-by-default.patch} | 0 ...ar-button-Translate-option-by-defau.patch} | 0 ... 0050-always-use-local-new-tab-page.patch} | 0 ...ark-non-secure-origins-as-dangerous.patch} | 0 ...053-stub-out-the-battery-status-API.patch} | 0 ...-privacy-aware-analytics-advertisin.patch} | 0 ...disable-appending-variations-header.patch} | 0 ...tailed-language-settings-by-default.patch} | 0 ...hing-optimization-guides-by-default.patch} | 0 ...require-HTTPS-for-component-updates.patch} | 0 ...prefetch-privacy-changes-by-default.patch} | 0 ... 0071-enable-split-cache-by-default.patch} | 0 ...partitioning-connections-by-default.patch} | 0 ...-strict-origin-isolation-by-default.patch} | 0 ...e-accept-language-header-by-default.patch} | 0 ...py-client-hints-with-reduced-user-a.patch} | 0 ...-supported-languages-for-Language-s.patch} | 0 ...nt-settings-partitioning-by-default.patch} | 0 45 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 patches/build-hardening.patch create mode 100644 patches/clear-windowname-property-across-contexts.patch mode change 100644 => 100755 update-vanadium-patches.sh rename vanadium_patches/{0011-Checkout-PGO-profiles.patch => 0012-Checkout-PGO-profiles.patch} (93%) rename vanadium_patches/{0012-disable-checkout_nacl.patch => 0013-disable-checkout_nacl.patch} (93%) rename vanadium_patches/{0014-disable-seed-based-field-trials.patch => 0015-disable-seed-based-field-trials.patch} (100%) rename vanadium_patches/{0017-disable-navigation-error-correction-by-default.patch => 0019-disable-navigation-error-correction-by-default.patch} (100%) rename vanadium_patches/{0019-disable-network-prediction-by-default.patch => 0021-disable-network-prediction-by-default.patch} (100%) rename vanadium_patches/{0021-disable-hyperlink-auditing-by-default.patch => 0023-disable-hyperlink-auditing-by-default.patch} (100%) rename vanadium_patches/{0022-disable-showing-popular-sites-by-default.patch => 0024-disable-showing-popular-sites-by-default.patch} (100%) rename vanadium_patches/{0023-disable-article-suggestions-feature-by-default.patch => 0025-disable-article-suggestions-feature-by-default.patch} (100%) rename vanadium_patches/{0024-disable-content-feed-suggestions-by-default.patch => 0026-disable-content-feed-suggestions-by-default.patch} (100%) rename vanadium_patches/{0025-disable-sensors-access-by-default.patch => 0027-disable-sensors-access-by-default.patch} (100%) rename vanadium_patches/{0026-block-playing-protected-media-by-default.patch => 0028-block-playing-protected-media-by-default.patch} (100%) rename vanadium_patches/{0027-disable-third-party-cookies-by-default.patch => 0029-disable-third-party-cookies-by-default.patch} (100%) rename vanadium_patches/{0028-disable-background-sync-by-default.patch => 0030-disable-background-sync-by-default.patch} (100%) rename vanadium_patches/{0029-disable-payment-support-by-default.patch => 0031-disable-payment-support-by-default.patch} (100%) rename vanadium_patches/{0030-disable-media-router-media-remoting-by-default.patch => 0032-disable-media-router-media-remoting-by-default.patch} (100%) rename vanadium_patches/{0031-disable-media-router-by-default.patch => 0033-disable-media-router-by-default.patch} (100%) rename vanadium_patches/{0033-disable-browser-sign-in-feature-by-default.patch => 0035-disable-browser-sign-in-feature-by-default.patch} (100%) rename vanadium_patches/{0035-disable-safe-browsing-reporting-opt-in-by-default.patch => 0036-disable-safe-browsing-reporting-opt-in-by-default.patch} (100%) rename vanadium_patches/{0036-disable-unused-safe-browsing-option-by-default.patch => 0037-disable-unused-safe-browsing-option-by-default.patch} (100%) rename vanadium_patches/{0037-disable-media-DRM-preprovisioning-by-default.patch => 0038-disable-media-DRM-preprovisioning-by-default.patch} (100%) rename vanadium_patches/{0038-disable-autofill-server-communication-by-default.patch => 0039-disable-autofill-server-communication-by-default.patch} (100%) rename vanadium_patches/{0039-disable-component-updater-pings-by-default.patch => 0040-disable-component-updater-pings-by-default.patch} (100%) rename vanadium_patches/{0041-disable-trivial-subdomain-hiding.patch => 0042-disable-trivial-subdomain-hiding.patch} (100%) rename vanadium_patches/{0044-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch => 0045-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch} (100%) rename vanadium_patches/{0046-Disable-newer-privacy-sandbox-features-by-default.patch => 0047-Disable-newer-privacy-sandbox-features-by-default.patch} (100%) rename vanadium_patches/{0048-Disable-top-toolbar-button-Translate-option-by-defau.patch => 0049-Disable-top-toolbar-button-Translate-option-by-defau.patch} (100%) rename vanadium_patches/{0049-always-use-local-new-tab-page.patch => 0050-always-use-local-new-tab-page.patch} (100%) rename vanadium_patches/{0050-mark-non-secure-origins-as-dangerous.patch => 0051-mark-non-secure-origins-as-dangerous.patch} (100%) rename vanadium_patches/{0052-stub-out-the-battery-status-API.patch => 0053-stub-out-the-battery-status-API.patch} (100%) rename vanadium_patches/{0055-disable-trials-of-privacy-aware-analytics-advertisin.patch => 0056-disable-trials-of-privacy-aware-analytics-advertisin.patch} (100%) rename vanadium_patches/{0057-disable-appending-variations-header.patch => 0058-disable-appending-variations-header.patch} (100%) rename vanadium_patches/{0058-Disable-detailed-language-settings-by-default.patch => 0059-Disable-detailed-language-settings-by-default.patch} (100%) rename vanadium_patches/{0059-disable-fetching-optimization-guides-by-default.patch => 0060-disable-fetching-optimization-guides-by-default.patch} (100%) rename vanadium_patches/{0063-require-HTTPS-for-component-updates.patch => 0064-require-HTTPS-for-component-updates.patch} (100%) rename vanadium_patches/{0069-enable-prefetch-privacy-changes-by-default.patch => 0070-enable-prefetch-privacy-changes-by-default.patch} (100%) rename vanadium_patches/{0070-enable-split-cache-by-default.patch => 0071-enable-split-cache-by-default.patch} (100%) rename vanadium_patches/{0071-enable-partitioning-connections-by-default.patch => 0072-enable-partitioning-connections-by-default.patch} (100%) rename vanadium_patches/{0074-Enable-strict-origin-isolation-by-default.patch => 0075-Enable-strict-origin-isolation-by-default.patch} (100%) rename vanadium_patches/{0075-Enable-reduce-accept-language-header-by-default.patch => 0076-Enable-reduce-accept-language-header-by-default.patch} (100%) rename vanadium_patches/{0115-Derive-high-entropy-client-hints-with-reduced-user-a.patch => 0116-Derive-high-entropy-client-hints-with-reduced-user-a.patch} (100%) rename vanadium_patches/{0122-Use-local-list-of-supported-languages-for-Language-s.patch => 0123-Use-local-list-of-supported-languages-for-Language-s.patch} (100%) rename vanadium_patches/{0165-Enable-content-settings-partitioning-by-default.patch => 0167-Enable-content-settings-partitioning-by-default.patch} (100%) diff --git a/patches/build-hardening.patch b/patches/build-hardening.patch new file mode 100644 index 00000000..bf37c1ea --- /dev/null +++ b/patches/build-hardening.patch @@ -0,0 +1,22 @@ +diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn +index 5898b8c54bef2..417e6278f4655 100644 +--- a/build/config/compiler/BUILD.gn ++++ b/build/config/compiler/BUILD.gn +@@ -371,6 +371,8 @@ config("compiler") { + } + } + ++ cflags += [ "-fstack-clash-protection" ] ++ + if (use_lld) { + ldflags += [ "-fuse-ld=lld" ] + if (lld_path != "") { +@@ -2059,7 +2061,7 @@ config("chromium_code") { + # Non-chromium code is not guaranteed to compile cleanly with + # _FORTIFY_SOURCE. Also, fortified build may fail when optimizations are + # disabled, so only do that for Release build. +- fortify_level = "2" ++ fortify_level = "3" + + # ChromeOS's toolchain supports a high-quality _FORTIFY_SOURCE=3 + # implementation with a few custom glibc patches. Use that if it's diff --git a/patches/clear-windowname-property-across-contexts.patch b/patches/clear-windowname-property-across-contexts.patch new file mode 100644 index 00000000..bde2d208 --- /dev/null +++ b/patches/clear-windowname-property-across-contexts.patch @@ -0,0 +1,42 @@ +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc +index a0ac946fc64b4..bb3ba83bf77a9 100644 +--- a/content/public/common/content_features.cc ++++ b/content/public/common/content_features.cc +@@ -192,7 +192,7 @@ BASE_FEATURE(kCdmStorageDatabaseMigration, + // swap BrowsingContextGroups(BrowsingInstances). + BASE_FEATURE(kClearCrossSiteCrossBrowsingContextGroupWindowName, + "ClearCrossSiteCrossBrowsingContextGroupWindowName", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + BASE_FEATURE(kCompositeBGColorAnimation, + "CompositeBGColorAnimation", +diff --git a/third_party/blink/renderer/core/loader/document_loader.cc b/third_party/blink/renderer/core/loader/document_loader.cc +index 85c4d912e2fdb..2a32cd1f49249 100644 +--- a/third_party/blink/renderer/core/loader/document_loader.cc ++++ b/third_party/blink/renderer/core/loader/document_loader.cc +@@ -184,6 +184,7 @@ + #include "third_party/blink/renderer/platform/wtf/text/string_view.h" + #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" + #include "third_party/blink/renderer/platform/wtf/vector.h" ++#include "content/public/common/content_features.h" + + namespace blink { + namespace { +@@ -2854,7 +2855,7 @@ void DocumentLoader::CommitNavigation() { + // that the name would be nulled and if the name is accessed after we will + // fire a UseCounter. If we decide to move forward with this change, we'd + // actually clean the name here. +- // frame_->tree().setName(g_null_atom); ++ frame_->Tree().SetName(g_null_atom); + frame_->Tree().ExperimentalSetNulledName(); + } + +@@ -2865,6 +2866,7 @@ void DocumentLoader::CommitNavigation() { + // TODO(shuuran): CrossSiteCrossBrowsingContextGroupSetNulledName will just + // record the fact that the name would be nulled and if the name is accessed + // after we will fire a UseCounter. ++ frame_->Tree().SetName(g_null_atom); + frame_->Tree().CrossSiteCrossBrowsingContextGroupSetNulledName(); + } + diff --git a/update-vanadium-patches.sh b/update-vanadium-patches.sh old mode 100644 new mode 100755 diff --git a/vanadium_patches/0011-Checkout-PGO-profiles.patch b/vanadium_patches/0012-Checkout-PGO-profiles.patch similarity index 93% rename from vanadium_patches/0011-Checkout-PGO-profiles.patch rename to vanadium_patches/0012-Checkout-PGO-profiles.patch index 4db38c45..b5d181f5 100644 --- a/vanadium_patches/0011-Checkout-PGO-profiles.patch +++ b/vanadium_patches/0012-Checkout-PGO-profiles.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Checkout PGO profiles 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPS b/DEPS -index 24e3d54243d59..5f30d7de632e9 100644 +index 76ea649d79e24..8ce0c6fd25774 100644 --- a/DEPS +++ b/DEPS @@ -149,7 +149,7 @@ vars = { diff --git a/vanadium_patches/0012-disable-checkout_nacl.patch b/vanadium_patches/0013-disable-checkout_nacl.patch similarity index 93% rename from vanadium_patches/0012-disable-checkout_nacl.patch rename to vanadium_patches/0013-disable-checkout_nacl.patch index d12147c8..c7351e9d 100644 --- a/vanadium_patches/0012-disable-checkout_nacl.patch +++ b/vanadium_patches/0013-disable-checkout_nacl.patch @@ -8,7 +8,7 @@ Subject: [PATCH] disable checkout_nacl 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPS b/DEPS -index 5f30d7de632e9..4505e1a6164b9 100644 +index 8ce0c6fd25774..10f8c4dea1d90 100644 --- a/DEPS +++ b/DEPS @@ -118,7 +118,7 @@ vars = { diff --git a/vanadium_patches/0014-disable-seed-based-field-trials.patch b/vanadium_patches/0015-disable-seed-based-field-trials.patch similarity index 100% rename from vanadium_patches/0014-disable-seed-based-field-trials.patch rename to vanadium_patches/0015-disable-seed-based-field-trials.patch diff --git a/vanadium_patches/0017-disable-navigation-error-correction-by-default.patch b/vanadium_patches/0019-disable-navigation-error-correction-by-default.patch similarity index 100% rename from vanadium_patches/0017-disable-navigation-error-correction-by-default.patch rename to vanadium_patches/0019-disable-navigation-error-correction-by-default.patch diff --git a/vanadium_patches/0019-disable-network-prediction-by-default.patch b/vanadium_patches/0021-disable-network-prediction-by-default.patch similarity index 100% rename from vanadium_patches/0019-disable-network-prediction-by-default.patch rename to vanadium_patches/0021-disable-network-prediction-by-default.patch diff --git a/vanadium_patches/0021-disable-hyperlink-auditing-by-default.patch b/vanadium_patches/0023-disable-hyperlink-auditing-by-default.patch similarity index 100% rename from vanadium_patches/0021-disable-hyperlink-auditing-by-default.patch rename to vanadium_patches/0023-disable-hyperlink-auditing-by-default.patch diff --git a/vanadium_patches/0022-disable-showing-popular-sites-by-default.patch b/vanadium_patches/0024-disable-showing-popular-sites-by-default.patch similarity index 100% rename from vanadium_patches/0022-disable-showing-popular-sites-by-default.patch rename to vanadium_patches/0024-disable-showing-popular-sites-by-default.patch diff --git a/vanadium_patches/0023-disable-article-suggestions-feature-by-default.patch b/vanadium_patches/0025-disable-article-suggestions-feature-by-default.patch similarity index 100% rename from vanadium_patches/0023-disable-article-suggestions-feature-by-default.patch rename to vanadium_patches/0025-disable-article-suggestions-feature-by-default.patch diff --git a/vanadium_patches/0024-disable-content-feed-suggestions-by-default.patch b/vanadium_patches/0026-disable-content-feed-suggestions-by-default.patch similarity index 100% rename from vanadium_patches/0024-disable-content-feed-suggestions-by-default.patch rename to vanadium_patches/0026-disable-content-feed-suggestions-by-default.patch diff --git a/vanadium_patches/0025-disable-sensors-access-by-default.patch b/vanadium_patches/0027-disable-sensors-access-by-default.patch similarity index 100% rename from vanadium_patches/0025-disable-sensors-access-by-default.patch rename to vanadium_patches/0027-disable-sensors-access-by-default.patch diff --git a/vanadium_patches/0026-block-playing-protected-media-by-default.patch b/vanadium_patches/0028-block-playing-protected-media-by-default.patch similarity index 100% rename from vanadium_patches/0026-block-playing-protected-media-by-default.patch rename to vanadium_patches/0028-block-playing-protected-media-by-default.patch diff --git a/vanadium_patches/0027-disable-third-party-cookies-by-default.patch b/vanadium_patches/0029-disable-third-party-cookies-by-default.patch similarity index 100% rename from vanadium_patches/0027-disable-third-party-cookies-by-default.patch rename to vanadium_patches/0029-disable-third-party-cookies-by-default.patch diff --git a/vanadium_patches/0028-disable-background-sync-by-default.patch b/vanadium_patches/0030-disable-background-sync-by-default.patch similarity index 100% rename from vanadium_patches/0028-disable-background-sync-by-default.patch rename to vanadium_patches/0030-disable-background-sync-by-default.patch diff --git a/vanadium_patches/0029-disable-payment-support-by-default.patch b/vanadium_patches/0031-disable-payment-support-by-default.patch similarity index 100% rename from vanadium_patches/0029-disable-payment-support-by-default.patch rename to vanadium_patches/0031-disable-payment-support-by-default.patch diff --git a/vanadium_patches/0030-disable-media-router-media-remoting-by-default.patch b/vanadium_patches/0032-disable-media-router-media-remoting-by-default.patch similarity index 100% rename from vanadium_patches/0030-disable-media-router-media-remoting-by-default.patch rename to vanadium_patches/0032-disable-media-router-media-remoting-by-default.patch diff --git a/vanadium_patches/0031-disable-media-router-by-default.patch b/vanadium_patches/0033-disable-media-router-by-default.patch similarity index 100% rename from vanadium_patches/0031-disable-media-router-by-default.patch rename to vanadium_patches/0033-disable-media-router-by-default.patch diff --git a/vanadium_patches/0033-disable-browser-sign-in-feature-by-default.patch b/vanadium_patches/0035-disable-browser-sign-in-feature-by-default.patch similarity index 100% rename from vanadium_patches/0033-disable-browser-sign-in-feature-by-default.patch rename to vanadium_patches/0035-disable-browser-sign-in-feature-by-default.patch diff --git a/vanadium_patches/0035-disable-safe-browsing-reporting-opt-in-by-default.patch b/vanadium_patches/0036-disable-safe-browsing-reporting-opt-in-by-default.patch similarity index 100% rename from vanadium_patches/0035-disable-safe-browsing-reporting-opt-in-by-default.patch rename to vanadium_patches/0036-disable-safe-browsing-reporting-opt-in-by-default.patch diff --git a/vanadium_patches/0036-disable-unused-safe-browsing-option-by-default.patch b/vanadium_patches/0037-disable-unused-safe-browsing-option-by-default.patch similarity index 100% rename from vanadium_patches/0036-disable-unused-safe-browsing-option-by-default.patch rename to vanadium_patches/0037-disable-unused-safe-browsing-option-by-default.patch diff --git a/vanadium_patches/0037-disable-media-DRM-preprovisioning-by-default.patch b/vanadium_patches/0038-disable-media-DRM-preprovisioning-by-default.patch similarity index 100% rename from vanadium_patches/0037-disable-media-DRM-preprovisioning-by-default.patch rename to vanadium_patches/0038-disable-media-DRM-preprovisioning-by-default.patch diff --git a/vanadium_patches/0038-disable-autofill-server-communication-by-default.patch b/vanadium_patches/0039-disable-autofill-server-communication-by-default.patch similarity index 100% rename from vanadium_patches/0038-disable-autofill-server-communication-by-default.patch rename to vanadium_patches/0039-disable-autofill-server-communication-by-default.patch diff --git a/vanadium_patches/0039-disable-component-updater-pings-by-default.patch b/vanadium_patches/0040-disable-component-updater-pings-by-default.patch similarity index 100% rename from vanadium_patches/0039-disable-component-updater-pings-by-default.patch rename to vanadium_patches/0040-disable-component-updater-pings-by-default.patch diff --git a/vanadium_patches/0041-disable-trivial-subdomain-hiding.patch b/vanadium_patches/0042-disable-trivial-subdomain-hiding.patch similarity index 100% rename from vanadium_patches/0041-disable-trivial-subdomain-hiding.patch rename to vanadium_patches/0042-disable-trivial-subdomain-hiding.patch diff --git a/vanadium_patches/0044-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch b/vanadium_patches/0045-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch similarity index 100% rename from vanadium_patches/0044-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch rename to vanadium_patches/0045-disable-GaiaAuthFetcher-code-due-to-upstream-bug.patch diff --git a/vanadium_patches/0046-Disable-newer-privacy-sandbox-features-by-default.patch b/vanadium_patches/0047-Disable-newer-privacy-sandbox-features-by-default.patch similarity index 100% rename from vanadium_patches/0046-Disable-newer-privacy-sandbox-features-by-default.patch rename to vanadium_patches/0047-Disable-newer-privacy-sandbox-features-by-default.patch diff --git a/vanadium_patches/0048-Disable-top-toolbar-button-Translate-option-by-defau.patch b/vanadium_patches/0049-Disable-top-toolbar-button-Translate-option-by-defau.patch similarity index 100% rename from vanadium_patches/0048-Disable-top-toolbar-button-Translate-option-by-defau.patch rename to vanadium_patches/0049-Disable-top-toolbar-button-Translate-option-by-defau.patch diff --git a/vanadium_patches/0049-always-use-local-new-tab-page.patch b/vanadium_patches/0050-always-use-local-new-tab-page.patch similarity index 100% rename from vanadium_patches/0049-always-use-local-new-tab-page.patch rename to vanadium_patches/0050-always-use-local-new-tab-page.patch diff --git a/vanadium_patches/0050-mark-non-secure-origins-as-dangerous.patch b/vanadium_patches/0051-mark-non-secure-origins-as-dangerous.patch similarity index 100% rename from vanadium_patches/0050-mark-non-secure-origins-as-dangerous.patch rename to vanadium_patches/0051-mark-non-secure-origins-as-dangerous.patch diff --git a/vanadium_patches/0052-stub-out-the-battery-status-API.patch b/vanadium_patches/0053-stub-out-the-battery-status-API.patch similarity index 100% rename from vanadium_patches/0052-stub-out-the-battery-status-API.patch rename to vanadium_patches/0053-stub-out-the-battery-status-API.patch diff --git a/vanadium_patches/0055-disable-trials-of-privacy-aware-analytics-advertisin.patch b/vanadium_patches/0056-disable-trials-of-privacy-aware-analytics-advertisin.patch similarity index 100% rename from vanadium_patches/0055-disable-trials-of-privacy-aware-analytics-advertisin.patch rename to vanadium_patches/0056-disable-trials-of-privacy-aware-analytics-advertisin.patch diff --git a/vanadium_patches/0057-disable-appending-variations-header.patch b/vanadium_patches/0058-disable-appending-variations-header.patch similarity index 100% rename from vanadium_patches/0057-disable-appending-variations-header.patch rename to vanadium_patches/0058-disable-appending-variations-header.patch diff --git a/vanadium_patches/0058-Disable-detailed-language-settings-by-default.patch b/vanadium_patches/0059-Disable-detailed-language-settings-by-default.patch similarity index 100% rename from vanadium_patches/0058-Disable-detailed-language-settings-by-default.patch rename to vanadium_patches/0059-Disable-detailed-language-settings-by-default.patch diff --git a/vanadium_patches/0059-disable-fetching-optimization-guides-by-default.patch b/vanadium_patches/0060-disable-fetching-optimization-guides-by-default.patch similarity index 100% rename from vanadium_patches/0059-disable-fetching-optimization-guides-by-default.patch rename to vanadium_patches/0060-disable-fetching-optimization-guides-by-default.patch diff --git a/vanadium_patches/0063-require-HTTPS-for-component-updates.patch b/vanadium_patches/0064-require-HTTPS-for-component-updates.patch similarity index 100% rename from vanadium_patches/0063-require-HTTPS-for-component-updates.patch rename to vanadium_patches/0064-require-HTTPS-for-component-updates.patch diff --git a/vanadium_patches/0069-enable-prefetch-privacy-changes-by-default.patch b/vanadium_patches/0070-enable-prefetch-privacy-changes-by-default.patch similarity index 100% rename from vanadium_patches/0069-enable-prefetch-privacy-changes-by-default.patch rename to vanadium_patches/0070-enable-prefetch-privacy-changes-by-default.patch diff --git a/vanadium_patches/0070-enable-split-cache-by-default.patch b/vanadium_patches/0071-enable-split-cache-by-default.patch similarity index 100% rename from vanadium_patches/0070-enable-split-cache-by-default.patch rename to vanadium_patches/0071-enable-split-cache-by-default.patch diff --git a/vanadium_patches/0071-enable-partitioning-connections-by-default.patch b/vanadium_patches/0072-enable-partitioning-connections-by-default.patch similarity index 100% rename from vanadium_patches/0071-enable-partitioning-connections-by-default.patch rename to vanadium_patches/0072-enable-partitioning-connections-by-default.patch diff --git a/vanadium_patches/0074-Enable-strict-origin-isolation-by-default.patch b/vanadium_patches/0075-Enable-strict-origin-isolation-by-default.patch similarity index 100% rename from vanadium_patches/0074-Enable-strict-origin-isolation-by-default.patch rename to vanadium_patches/0075-Enable-strict-origin-isolation-by-default.patch diff --git a/vanadium_patches/0075-Enable-reduce-accept-language-header-by-default.patch b/vanadium_patches/0076-Enable-reduce-accept-language-header-by-default.patch similarity index 100% rename from vanadium_patches/0075-Enable-reduce-accept-language-header-by-default.patch rename to vanadium_patches/0076-Enable-reduce-accept-language-header-by-default.patch diff --git a/vanadium_patches/0115-Derive-high-entropy-client-hints-with-reduced-user-a.patch b/vanadium_patches/0116-Derive-high-entropy-client-hints-with-reduced-user-a.patch similarity index 100% rename from vanadium_patches/0115-Derive-high-entropy-client-hints-with-reduced-user-a.patch rename to vanadium_patches/0116-Derive-high-entropy-client-hints-with-reduced-user-a.patch diff --git a/vanadium_patches/0122-Use-local-list-of-supported-languages-for-Language-s.patch b/vanadium_patches/0123-Use-local-list-of-supported-languages-for-Language-s.patch similarity index 100% rename from vanadium_patches/0122-Use-local-list-of-supported-languages-for-Language-s.patch rename to vanadium_patches/0123-Use-local-list-of-supported-languages-for-Language-s.patch diff --git a/vanadium_patches/0165-Enable-content-settings-partitioning-by-default.patch b/vanadium_patches/0167-Enable-content-settings-partitioning-by-default.patch similarity index 100% rename from vanadium_patches/0165-Enable-content-settings-partitioning-by-default.patch rename to vanadium_patches/0167-Enable-content-settings-partitioning-by-default.patch From 4de6ee071de05f19b4ade878d98ccf6c449256ad Mon Sep 17 00:00:00 2001 From: Rootkit404 <175176948+RKNF404@users.noreply.github.com> Date: Mon, 2 Sep 2024 17:34:27 -0400 Subject: [PATCH 2/2] Remove patch artifacts, add build condition for Linux only --- patches/build-hardening.patch | 10 ++++++---- ...clear-windowname-property-across-contexts.patch | 14 +++----------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/patches/build-hardening.patch b/patches/build-hardening.patch index bf37c1ea..047894e3 100644 --- a/patches/build-hardening.patch +++ b/patches/build-hardening.patch @@ -1,17 +1,19 @@ diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn -index 5898b8c54bef2..417e6278f4655 100644 +index 5898b8c54bef2..d924cec372c1a 100644 --- a/build/config/compiler/BUILD.gn +++ b/build/config/compiler/BUILD.gn -@@ -371,6 +371,8 @@ config("compiler") { +@@ -371,6 +371,10 @@ config("compiler") { } } -+ cflags += [ "-fstack-clash-protection" ] ++ if (is_linux) { ++ cflags += [ "-fstack-clash-protection" ] ++ } + if (use_lld) { ldflags += [ "-fuse-ld=lld" ] if (lld_path != "") { -@@ -2059,7 +2061,7 @@ config("chromium_code") { +@@ -2059,7 +2063,7 @@ config("chromium_code") { # Non-chromium code is not guaranteed to compile cleanly with # _FORTIFY_SOURCE. Also, fortified build may fail when optimizations are # disabled, so only do that for Release build. diff --git a/patches/clear-windowname-property-across-contexts.patch b/patches/clear-windowname-property-across-contexts.patch index bde2d208..f4006ea7 100644 --- a/patches/clear-windowname-property-across-contexts.patch +++ b/patches/clear-windowname-property-across-contexts.patch @@ -12,18 +12,10 @@ index a0ac946fc64b4..bb3ba83bf77a9 100644 BASE_FEATURE(kCompositeBGColorAnimation, "CompositeBGColorAnimation", diff --git a/third_party/blink/renderer/core/loader/document_loader.cc b/third_party/blink/renderer/core/loader/document_loader.cc -index 85c4d912e2fdb..2a32cd1f49249 100644 +index 85c4d912e2fdb..d03099ab283f0 100644 --- a/third_party/blink/renderer/core/loader/document_loader.cc +++ b/third_party/blink/renderer/core/loader/document_loader.cc -@@ -184,6 +184,7 @@ - #include "third_party/blink/renderer/platform/wtf/text/string_view.h" - #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" - #include "third_party/blink/renderer/platform/wtf/vector.h" -+#include "content/public/common/content_features.h" - - namespace blink { - namespace { -@@ -2854,7 +2855,7 @@ void DocumentLoader::CommitNavigation() { +@@ -2854,7 +2854,7 @@ void DocumentLoader::CommitNavigation() { // that the name would be nulled and if the name is accessed after we will // fire a UseCounter. If we decide to move forward with this change, we'd // actually clean the name here. @@ -32,7 +24,7 @@ index 85c4d912e2fdb..2a32cd1f49249 100644 frame_->Tree().ExperimentalSetNulledName(); } -@@ -2865,6 +2866,7 @@ void DocumentLoader::CommitNavigation() { +@@ -2865,6 +2865,7 @@ void DocumentLoader::CommitNavigation() { // TODO(shuuran): CrossSiteCrossBrowsingContextGroupSetNulledName will just // record the fact that the name would be nulled and if the name is accessed // after we will fire a UseCounter.