Procházet zdrojové kódy

Add new patches, improve wording

csagan5 před 3 roky
rodič
revize
7ce235d1c5

+ 3 - 1
build/bromite_patches_list.txt

@@ -51,6 +51,7 @@ AudioBuffer-AnalyserNode-fp-mitigations.patch
 Multiple-fingerprinting-mitigations.patch
 Add-flag-to-configure-maximum-connections-per-host.patch
 Do-not-ignore-download-location-prompt-setting.patch
+Add-support-for-writing-URIs.patch
 Add-bookmark-import-export-actions.patch
 Bookmarks-select-all-menu-entry.patch
 Add-an-always-incognito-mode.patch
@@ -189,5 +190,6 @@ Revert-Disable-Dictionary-suggestions-for-the-Omnibox.patch
 Disable-AsyncDNS-by-default.patch
 Add-lifetime-options-for-permissions.patch
 Disable-crash-reporting.patch
-Automated-domain-substitution.patch
+Partition-DNS-requests-by-topframe-NIK.patch
 Samsung-Note-9-SDK27-crazylinker-workaround.patch
+Automated-domain-substitution.patch

+ 3 - 3
build/patches/Adds-support-for-writing-URIs.patch → build/patches/Add-support-for-writing-URIs.patch

@@ -1,8 +1,8 @@
 From: uazo <uazo@users.noreply.github.com>
 Date: Tue, 12 Apr 2022 15:58:01 +0000
-Subject: Adds support for writing URIs
+Subject: Add support for writing URIs
 
-Allows native side URI file writing
+Allows native-side URI file writing
 ---
  base/android/content_uri_utils.cc             | 10 ++++++
  base/android/content_uri_utils.h              |  4 +++
@@ -85,7 +85,7 @@ diff --git a/base/android/java/src/org/chromium/base/ContentUriUtils.java b/base
 +            path = Os.readlink("/proc/self/fd/" + pfd.getFd());
 +            pfd.close();
 +        } catch (Exception e) {
-+            Log.w(TAG, "Cannot get file path from content URI", e);
++            Log.e(TAG, "Cannot get file path from content URI", e);
 +        }
 +        return path;
 +    }

+ 23 - 5
build/patches/Partition-dns-requests-by-topframe-nik.patch → build/patches/Partition-DNS-requests-by-topframe-NIK.patch

@@ -1,6 +1,24 @@
 From: uazo <uazo@users.noreply.github.com>
 Date: Wed, 23 Mar 2022 08:37:47 +0000
-Subject: Partition dns requests by top-frame nik
+Subject: Partition DNS requests by top-frame NIK
+
+Chromium does not provide isolation of DOH requests (see related issue).
+This would easily allow DoH servers to reconstruct user navigation by device,
+especially if TLS Resumption is enabled.
+The patch fixes the problem by associating the DoH request to the top frame NIK,
+but in any case separating it with an additional layer because it is marked as a DNS
+request (IsDns in the NetworkIsolationKey).
+The patch adds two new flags:
+* kSplitDnsByNetworkIsolationKey, active by default
+* kLogSplitDnsByNetworkIsolationKey which allows check functionality (via a "DNS:" filter in logcat)
+
+Once the split is active the number of open connections to the DoH server will increase
+(which can be detected with apps like PCAPdroid) but the overhead seems manageable for
+any type of upstream DoH server.
+
+See also:
+* https://bugs.chromium.org/p/chromium/issues/detail?id=1082311
+* https://github.com/bromite/bromite/pull/1974
 
 ---
  chrome/browser/about_flags.cc        | 12 ++++++++++++
@@ -50,12 +68,12 @@ diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descripti
  
 +const char kSplitDnsByNetworkIsolationKeyName[] = "DNS Requests Partitioning";
 +const char kSplitDnsByNetworkIsolationKeyDescription[] =
-+    "Partitions the dns requests by (top-level site) to "
-+    "disallow dns cross-site tracking.";
++    "Partition DNS requests by (top-level site) to "
++    "disallow DoH cross-site tracking.";
 +
-+const char kLogSplitDnsByNetworkIsolationKeyName[] = "Log DNS Requests Partitioning";
++const char kLogSplitDnsByNetworkIsolationKeyName[] = "DNS Requests Partitioning logging";
 +const char kLogSplitDnsByNetworkIsolationKeyDescription[] =
-+    "Log requests done by dns";
++    "Log DNS requests and their effective partitioning";
 +
  const char kSplitCacheByNetworkIsolationKeyName[] = "HTTP Cache Partitioning";
  const char kSplitCacheByNetworkIsolationKeyDescription[] =

+ 3 - 4
build/patches/Remove-signin-integrations.patch

@@ -73,11 +73,11 @@ ld.lld: error: undefined symbol: notifier::NotifierOptions::NotifierOptions()
  .../core/browser/password_form_manager.cc     |  34 +---
  .../core/browser/password_manager_client.h    |   3 -
  .../browser/password_manager_client_helper.cc |  43 +----
- .../core/browser/sync_credentials_filter.cc   |  50 +----
+ .../core/browser/sync_credentials_filter.cc   |  48 +----
  .../signin/SystemAccountManagerDelegate.java  |  25 +--
  .../net/HttpNegotiateAuthenticator.java       |  88 +--------
  .../chromoting/base/OAuthTokenFetcher.java    |   2 -
- 60 files changed, 48 insertions(+), 1372 deletions(-)
+ 60 files changed, 47 insertions(+), 1371 deletions(-)
 
 diff --git a/chrome/android/BUILD.gn b/chrome/android/BUILD.gn
 --- a/chrome/android/BUILD.gn
@@ -2904,8 +2904,7 @@ diff --git a/components/password_manager/core/browser/sync_credentials_filter.cc
 -    }
 -  }
 -
--  return true;
-+  return false;
+   return true;
  }
  
  bool SyncCredentialsFilter::ShouldSaveGaiaPasswordHash(

+ 1 - 1
build/patches/autofill-miscellaneous.patch

@@ -1,5 +1,5 @@
 From: csagan5 <32685696+csagan5@users.noreply.github.com>
-Date:   Mon Apr 11 23:29:29 2022 +0200
+Date: Mon, 11 Apr 2022 23:29:29 +0200
 Subject: autofill: miscellaneous
 
 Make sure that autofill is disabled by default (Jan Engelhardt <jengelh@inai.de>)