Release 88.0.4324.149

2021-02-06 15:32:57 +01:00 · 2021-02-06 15:32:57 +01:00 · 0292b9612f
commit 0292b9612f
parent 0fde359db6
9 changed files with 79 additions and 17 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,7 +1,12 @@
+# 88.0.4324.149
+* fix proxy PAC URL option not working (fixes https://github.com/bromite/bromite/issues/908)
+* store proxy configuration in LocalState instead of Profile (thanks to @uazo)
+* fix toggle for reversing the meaning of bypass rules (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/884)
+* ignore managed state and policies for secure DNS (fixes https://github.com/bromite/bromite/issues/832)
+
 # 88.0.4324.141
 * fix bookmarks not opening (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/891)
 * fix proxy page not loading (fixes https://github.com/bromite/bromite/issues/890)
-* ignore managed state for secure DNS (fixes https://github.com/bromite/bromite/issues/832)

 # 88.0.4324.95
 * fix broken recent tabs behaviour (fixes https://github.com/bromite/bromite/issues/886)
--- a/build/RELEASE
+++ b/build/RELEASE
@ -1 +1 @@
-88.0.4324.141
+88.0.4324.149
--- a/build/bromite_patches_list.txt
+++ b/build/bromite_patches_list.txt
@ -154,5 +154,6 @@ Enable-network-isolation-features.patch
 Disable-unified-autoplay-feature.patch
 Revert-flags-remove-num-raster-threads.patch
 webview-Hard-no-to-persistent-histograms.patch
-Ignore-managed-state-for-secure-DNS.patch
+Ignore-managed-state-and-policies-for-secure-DNS.patch
+Do-not-permit-user-installed-certificates.patch
 Automated-domain-substitution.patch
--- a/build/patches/Add-a-proxy-configuration-page.patch
+++ b/build/patches/Add-a-proxy-configuration-page.patch
@ -6,6 +6,8 @@ Accessible from proxy settings and chrome://proxy
 Allows to use a PAC script URL, automatic configuration and explicit proxy
 settings.
 Offer auto-complete for the proxy page URL.
+Store proxy settings in LocalState instead of Profile, so that proxy is used
+for SimpleURLLoaders as well.
 ---
 chrome/android/java/res/values/values.xml     |   3 +
 .../java/res/xml/privacy_preferences.xml      |   4 +
@ -18,10 +20,10 @@ Offer auto-complete for the proxy page URL.
 .../prefs/chrome_command_line_pref_store.cc   |   2 +-
 chrome/browser/resources/proxy_config.css     |  61 +++
 chrome/browser/resources/proxy_config.html    |  80 ++++
- chrome/browser/resources/proxy_config.js      | 262 +++++++++++
+ chrome/browser/resources/proxy_config.js      | 263 +++++++++++
 chrome/browser/ui/BUILD.gn                    |   2 +
 .../webui/chrome_web_ui_controller_factory.cc |   3 +
- chrome/browser/ui/webui/proxy_config_ui.cc    | 413 ++++++++++++++++++
+ chrome/browser/ui/webui/proxy_config_ui.cc    | 417 ++++++++++++++++++
 chrome/browser/ui/webui/proxy_config_ui.h     |  33 ++
 chrome/common/webui_url_constants.cc          |   4 +
 chrome/common/webui_url_constants.h           |   2 +
@ -31,7 +33,7 @@ Offer auto-complete for the proxy page URL.
 .../proxy_config/proxy_config_dictionary.h    |   7 +-
 net/proxy_resolution/proxy_config.cc          |  52 ++-
 net/proxy_resolution/proxy_config.h           |   3 +
- 24 files changed, 992 insertions(+), 15 deletions(-)
+ 24 files changed, 997 insertions(+), 15 deletions(-)
 create mode 100644 chrome/browser/resources/proxy_config.css
 create mode 100644 chrome/browser/resources/proxy_config.html
 create mode 100644 chrome/browser/resources/proxy_config.js
@ -366,7 +368,7 @@ diff --git a/chrome/browser/resources/proxy_config.js b/chrome/browser/resources
 new file mode 100644
 --- /dev/null
 +++ b/chrome/browser/resources/proxy_config.js
-@@ -0,0 +1,262 @@
+@@ -0,0 +1,263 @@
 +/*
 +    This file is part of Bromite.
 +
@ -526,7 +528,8 @@ new file mode 100644
 +        return {
 +          "auto_detect": false,
 +          "pac_url": $(kIdPacURL).value.trim(),
-+          "pac_mandatory": $(kIdPacMandatory).checked
+          "pac_mandatory": $(kIdPacMandatory).checked,
+          "rules": {}
 +        };
 +      } else if ($(kIdModeUseListPerScheme).checked || $(kIdModeUseSingleList).checked) {
 +        var config = {
@ -665,7 +668,7 @@ diff --git a/chrome/browser/ui/webui/proxy_config_ui.cc b/chrome/browser/ui/webu
 new file mode 100644
 --- /dev/null
 +++ b/chrome/browser/ui/webui/proxy_config_ui.cc
-@@ -0,0 +1,413 @@
+@@ -0,0 +1,417 @@
 +/*
 +    This file is part of Bromite.
 +
@ -850,12 +853,16 @@ new file mode 100644
 +
 +  state.SetPath({"config", "auto_detect"}, base::Value(config.auto_detect()));
 +
+  auto rules = config.proxy_rules();
 +  if (config.has_pac_url()) {
 +    state.SetPath({"config", "pac_url"}, base::Value(config.pac_url().spec()));
 +    state.SetPath({"config", "pac_mandatory"}, base::Value(config.pac_mandatory()));
+    state.SetPath({"config", "rules", "type"}, base::Value("none"));
+    state.SetPath({"config", "rules", "bypass_rules"}, base::Value(rules.bypass_rules.ToString()));
+    state.SetPath({"config", "rules", "reverse_bypass"}, base::Value(rules.reverse_bypass));
+    return;
 +  }
 +
-+  auto rules = config.proxy_rules();
 +  const char *type;
 +  switch (rules.type) {
 +    case net::ProxyConfig::ProxyRules::Type::EMPTY:
--- a/build/patches/Add-history-support-in-incognito-mode.patch
+++ b/build/patches/Add-history-support-in-incognito-mode.patch
@ -163,7 +163,7 @@ diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browse
 #include "chrome/browser/android/bookmarks/partner_bookmarks_shim.h"
 #include "chrome/browser/android/explore_sites/history_statistics_reporter.h"
 #include "chrome/browser/android/ntp/recent_tabs_page_prefs.h"
-@@ -903,6 +905,7 @@ void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry,
+@@ -907,6 +909,7 @@ void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry,
   variations::VariationsService::RegisterProfilePrefs(registry);
   video_tutorials::RegisterPrefs(registry);
   feed::prefs::RegisterFeedSharedProfilePrefs(registry);
--- a/build/patches/Automated-domain-substitution.patch
+++ b/build/patches/Automated-domain-substitution.patch
@ -27238,7 +27238,7 @@ diff --git a/content/browser/portal/portal_navigation_throttle.cc b/content/brow
 diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
 --- a/content/browser/renderer_host/navigation_request.cc
 +++ b/content/browser/renderer_host/navigation_request.cc
-@@ -3670,7 +3670,7 @@ NavigationRequest::CheckCredentialedSubresource() const {
+@@ -3676,7 +3676,7 @@ NavigationRequest::CheckCredentialedSubresource() const {
   const char* console_message =
       "Subresource requests whose URLs contain embedded credentials (e.g. "
       "`https://user:pass@host/`) are blocked. See "
@ -27247,7 +27247,7 @@ diff --git a/content/browser/renderer_host/navigation_request.cc b/content/brows
       "details.";
   parent->AddMessageToConsole(blink::mojom::ConsoleMessageLevel::kWarning,
                               console_message);
-@@ -3698,7 +3698,7 @@ NavigationRequest::CheckLegacyProtocolInSubresource() const {
+@@ -3704,7 +3704,7 @@ NavigationRequest::CheckLegacyProtocolInSubresource() const {
   const char* console_message =
       "Subresource requests using legacy protocols (like `ftp:`) are blocked. "
       "Please deliver web-accessible resources over modern protocols like "
@ -27256,7 +27256,7 @@ diff --git a/content/browser/renderer_host/navigation_request.cc b/content/brows
       "details.";
   parent->AddMessageToConsole(blink::mojom::ConsoleMessageLevel::kWarning,
                               console_message);
-@@ -3799,7 +3799,7 @@ void NavigationRequest::RecordDownloadUseCountersPrePolicyCheck(
+@@ -3805,7 +3805,7 @@ void NavigationRequest::RecordDownloadUseCountersPrePolicyCheck(
         base::StringPrintf(
             "Navigating a cross-origin opener to a download (%s) is "
             "deprecated, see "
--- a/build/patches/Disable-safe-browsing.patch
+++ b/build/patches/Disable-safe-browsing.patch
@ -502,7 +502,7 @@ diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
       "download/download_dir_policy_handler.cc",
       "download/download_dir_policy_handler.h",
       "download/download_dir_util.cc",
-@@ -6619,8 +6598,6 @@ static_library("test_support") {
+@@ -6617,8 +6596,6 @@ static_library("test_support") {
     "//components/policy/core/browser:test_support",
     "//components/policy/proto:reporting_record_proto",
     "//components/prefs:test_support",
--- a/build/patches/Do-not-permit-user-installed-certificates.patch
+++ b/build/patches/Do-not-permit-user-installed-certificates.patch
@ -0,0 +1,28 @@
+From: Artem Borisov <dedsa2002@gmail.com>
+Date: Wed, 3 Feb 2021 12:49:05 +0000
+Subject: Do not permit user-installed certificates
+
+Current Android policy allows user-installed certificates usage only if that
+specific certificate is permitted by the specific application in its network
+security configuration.
+Default Chromium configuration though allows all user-installed certificates,
+potentially making it easier to let in the malicious traffic.
+This patch disallows user certificates by default.
+---
+ chrome/android/java/res_base/xml/network_security_config.xml | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/chrome/android/java/res_base/xml/network_security_config.xml b/chrome/android/java/res_base/xml/network_security_config.xml
+--- a/chrome/android/java/res_base/xml/network_security_config.xml
+++ b/chrome/android/java/res_base/xml/network_security_config.xml
+@@ -11,7 +11,6 @@
+     See https://crbug.com/827265. See also MediaPlayerRenderer. -->
+     <base-config cleartextTrafficPermitted="true">
+         <trust-anchors>
+-            <certificates src="user"/>
+             <certificates src="system"/>
+         </trust-anchors>
+     </base-config>
+-- 
+2.17.1
+
--- a/build/patches/Ignore-managed-state-and-policies-for-secure-DNS.patch
+++ b/build/patches/Ignore-managed-state-and-policies-for-secure-DNS.patch
@ -1,12 +1,33 @@
 From: csagan5 <32685696+csagan5@users.noreply.github.com>
 Date: Tue, 26 Jan 2021 00:21:51 +0100
-Subject: Ignore managed state for secure DNS
+Subject: Ignore managed state and policies for secure DNS

 ---
+ chrome/browser/net/secure_dns_policy_handler.cc   | 3 +++
 chrome/browser/net/stub_resolver_config_reader.cc | 3 +--
 chrome/browser/privacy/secure_dns_bridge.cc       | 9 ++-------
- 2 files changed, 3 insertions(+), 9 deletions(-)
+ 3 files changed, 6 insertions(+), 9 deletions(-)

+diff --git a/chrome/browser/net/secure_dns_policy_handler.cc b/chrome/browser/net/secure_dns_policy_handler.cc
+--- a/chrome/browser/net/secure_dns_policy_handler.cc
+++ b/chrome/browser/net/secure_dns_policy_handler.cc
+@@ -28,6 +28,8 @@ SecureDnsPolicyHandler::~SecureDnsPolicyHandler() {}
+ 
+ bool SecureDnsPolicyHandler::CheckPolicySettings(const PolicyMap& policies,
+                                                  PolicyErrorMap* errors) {
+  return false;
+#if 0
+   bool mode_is_applicable = true;
+   bool templates_is_applicable = true;
+ 
+@@ -84,6 +86,7 @@ bool SecureDnsPolicyHandler::CheckPolicySettings(const PolicyMap& policies,
+   }
+ 
+   return mode_is_applicable || templates_is_applicable;
+#endif
+ }
+ 
+ void SecureDnsPolicyHandler::ApplyPolicySettings(const PolicyMap& policies,
 diff --git a/chrome/browser/net/stub_resolver_config_reader.cc b/chrome/browser/net/stub_resolver_config_reader.cc
 --- a/chrome/browser/net/stub_resolver_config_reader.cc
 +++ b/chrome/browser/net/stub_resolver_config_reader.cc