Release 84.0.4147.119

2020-08-05 08:49:10 +02:00 · 2020-08-05 08:49:10 +02:00 · 96671ab221
commit 96671ab221
parent 166c05b5c5
8 changed files with 160 additions and 1816 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,8 @@
+# 84.0.4147.119
+* update zh_CN translations
+* disable CORS RFC1918 (fixes https://github.com/bromite/bromite/issues/664)
+* restore duet flags (fixes https://github.com/bromite/bromite/issues/667)
+
 # 84.0.4147.113
 * block gateway attacks via websockets (fixes https://github.com/bromite/bromite/issues/590)
 * enable prefetch-privacy-changes by default (fixes https://github.com/bromite/bromite/issues/659)
--- a/README.md
+++ b/README.md
@ -74,6 +74,7 @@ Flags which have been retired from upstream Chromium but are still available in
 * `#enable-horizontal-tab-switcher`
 * `#pull-to-refresh`
 * `#enable-search-ready-omnibox`
+* `#enable-chrome-duet` and `#enable-duet-tabstrip-integration`

 New flags:

--- a/build/RELEASE
+++ b/build/RELEASE
@ -1 +1 @@
-84.0.4147.113
+84.0.4147.119
--- a/build/bromite_patches_list.txt
+++ b/build/bromite_patches_list.txt
@ -145,4 +145,5 @@ Enable-legacy-TLS-interstitital-warning.patch
 Block-gateway-attacks-via-websockets.patch
 Enable-prefetch-privacy-changes-by-default.patch
 Enable-reduced-referrer-granularity-by-default.patch
+Restore-duet-flags.patch
 Automated-domain-substitution.patch
--- a/build/patches/Automated-domain-substitution.patch
+++ b/build/patches/Automated-domain-substitution.patch
--- a/build/patches/Block-gateway-attacks-via-websockets.patch
+++ b/build/patches/Block-gateway-attacks-via-websockets.patch
@ -2,19 +2,19 @@ From: csagan5 <32685696+csagan5@users.noreply.github.com>
 Date: Tue, 28 Jul 2020 12:28:58 +0200
 Subject: Block gateway attacks via websockets

-Enable CORS-RFC1918
 ---
 services/network/public/cpp/features.cc       |  2 +-
 .../renderer/core/loader/base_fetch_context.h |  1 +
- .../core/loader/frame_fetch_context.cc        | 20 +++++++++++++
+ .../core/loader/frame_fetch_context.cc        | 18 ++++++++++
 .../core/loader/frame_fetch_context.h         |  1 +
- .../core/loader/worker_fetch_context.cc       | 21 ++++++++++++++
+ .../core/loader/worker_fetch_context.cc       | 19 +++++++++++
 .../core/loader/worker_fetch_context.h        |  1 +
- .../websockets/websocket_channel_impl.cc      |  5 ++++
- .../modules/websockets/websocket_common.cc    | 29 +++++++++++++++++++
+ .../background_fetch_manager.cc               | 34 +++++++++----------
+ .../websockets/websocket_channel_impl.cc      |  5 +++
+ .../modules/websockets/websocket_common.cc    | 27 +++++++++++++++
 .../modules/websockets/websocket_common.h     |  4 +++
- .../platform/runtime_enabled_features.json5   |  1 +
- 10 files changed, 84 insertions(+), 1 deletion(-)
+ .../platform/runtime_enabled_features.json5   |  2 +-
+ 11 files changed, 94 insertions(+), 20 deletions(-)

 diff --git a/services/network/public/cpp/features.cc b/services/network/public/cpp/features.cc
 --- a/services/network/public/cpp/features.cc
@ -42,26 +42,24 @@ diff --git a/third_party/blink/renderer/core/loader/base_fetch_context.h b/third
 diff --git a/third_party/blink/renderer/core/loader/frame_fetch_context.cc b/third_party/blink/renderer/core/loader/frame_fetch_context.cc
 --- a/third_party/blink/renderer/core/loader/frame_fetch_context.cc
 +++ b/third_party/blink/renderer/core/loader/frame_fetch_context.cc
-@@ -763,6 +763,26 @@ bool FrameFetchContext::ShouldBlockRequestByInspector(const KURL& url) const {
+@@ -763,6 +763,24 @@ bool FrameFetchContext::ShouldBlockRequestByInspector(const KURL& url) const {
   return should_block_request;
 }
 
 +bool FrameFetchContext::ShouldBlockGateWayAttacks(network::mojom::IPAddressSpace requestor_space, const KURL& request_url) const {
-+  if (RuntimeEnabledFeatures::CorsRFC1918Enabled()) {
-+    // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
-+    // all this up to //net and //content in order to have any real impact on
-+    // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
-+    network::mojom::IPAddressSpace target_space =
-+        network::mojom::IPAddressSpace::kPublic;
-+    if (network_utils::IsReservedIPAddress(request_url.Host()))
-+      target_space = network::mojom::IPAddressSpace::kPrivate;
-+    if (SecurityOrigin::Create(request_url)->IsLocalhost())
-+      target_space = network::mojom::IPAddressSpace::kLocal;
+  // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
+  // all this up to //net and //content in order to have any real impact on
+  // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
+  network::mojom::IPAddressSpace target_space =
+      network::mojom::IPAddressSpace::kPublic;
+  if (network_utils::IsReservedIPAddress(request_url.Host()))
+    target_space = network::mojom::IPAddressSpace::kPrivate;
+  if (SecurityOrigin::Create(request_url)->IsLocalhost())
+    target_space = network::mojom::IPAddressSpace::kLocal;
 +
-+    bool is_external_request = requestor_space > target_space;
-+    if (is_external_request)
-+      return true;
-+  }
+  bool is_external_request = requestor_space > target_space;
+  if (is_external_request)
+    return true;
 +
 +  return false;
 +}
@ -91,26 +89,24 @@ diff --git a/third_party/blink/renderer/core/loader/worker_fetch_context.cc b/th
 #include "third_party/blink/renderer/platform/runtime_enabled_features.h"
 #include "third_party/blink/renderer/platform/supplementable.h"
 #include "third_party/blink/renderer/platform/weborigin/security_policy.h"
-@@ -95,6 +96,26 @@ bool WorkerFetchContext::ShouldBlockRequestByInspector(const KURL& url) const {
+@@ -95,6 +96,24 @@ bool WorkerFetchContext::ShouldBlockRequestByInspector(const KURL& url) const {
   return should_block_request;
 }
 
 +bool WorkerFetchContext::ShouldBlockGateWayAttacks(network::mojom::IPAddressSpace requestor_space, const KURL& request_url) const {
-+  if (RuntimeEnabledFeatures::CorsRFC1918Enabled()) {
-+    // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
-+    // all this up to //net and //content in order to have any real impact on
-+    // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
-+    network::mojom::IPAddressSpace target_space =
-+        network::mojom::IPAddressSpace::kPublic;
-+    if (network_utils::IsReservedIPAddress(request_url.Host()))
-+      target_space = network::mojom::IPAddressSpace::kPrivate;
-+    if (SecurityOrigin::Create(request_url)->IsLocalhost())
-+      target_space = network::mojom::IPAddressSpace::kLocal;
+  // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
+  // all this up to //net and //content in order to have any real impact on
+  // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
+  network::mojom::IPAddressSpace target_space =
+      network::mojom::IPAddressSpace::kPublic;
+  if (network_utils::IsReservedIPAddress(request_url.Host()))
+    target_space = network::mojom::IPAddressSpace::kPrivate;
+  if (SecurityOrigin::Create(request_url)->IsLocalhost())
+    target_space = network::mojom::IPAddressSpace::kLocal;
 +
-+    bool is_external_request = requestor_space > target_space;
-+    if (is_external_request)
-+      return true;
-+  }
+  bool is_external_request = requestor_space > target_space;
+  if (is_external_request)
+    return true;
 +
 +  return false;
 +}
@ -129,6 +125,50 @@ diff --git a/third_party/blink/renderer/core/loader/worker_fetch_context.h b/thi
   bool ShouldBlockFetchByMixedContentCheck(
       mojom::blink::RequestContextType request_context,
       ResourceRequest::RedirectStatus redirect_status,
+diff --git a/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc b/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc
+--- a/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc
+++ b/third_party/blink/renderer/modules/background_fetch/background_fetch_manager.cc
+@@ -105,24 +105,22 @@ bool ShouldBlockDanglingMarkup(const KURL& request_url) {
+ 
+ bool ShouldBlockGateWayAttacks(ExecutionContext* execution_context,
+                                const KURL& request_url) {
+-  if (RuntimeEnabledFeatures::CorsRFC1918Enabled()) {
+-    network::mojom::IPAddressSpace requestor_space =
+-        execution_context->GetSecurityContext().AddressSpace();
+-
+-    // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
+-    // all this up to //net and //content in order to have any real impact on
+-    // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
+-    network::mojom::IPAddressSpace target_space =
+-        network::mojom::IPAddressSpace::kPublic;
+-    if (network_utils::IsReservedIPAddress(request_url.Host()))
+-      target_space = network::mojom::IPAddressSpace::kPrivate;
+-    if (SecurityOrigin::Create(request_url)->IsLocalhost())
+-      target_space = network::mojom::IPAddressSpace::kLocal;
+-
+-    bool is_external_request = requestor_space > target_space;
+-    if (is_external_request)
+-      return true;
+-  }
+  network::mojom::IPAddressSpace requestor_space =
+      execution_context->GetSecurityContext().AddressSpace();
+
+  // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
+  // all this up to //net and //content in order to have any real impact on
+  // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
+  network::mojom::IPAddressSpace target_space =
+      network::mojom::IPAddressSpace::kPublic;
+  if (network_utils::IsReservedIPAddress(request_url.Host()))
+    target_space = network::mojom::IPAddressSpace::kPrivate;
+  if (SecurityOrigin::Create(request_url)->IsLocalhost())
+    target_space = network::mojom::IPAddressSpace::kLocal;
+
+  bool is_external_request = requestor_space > target_space;
+  if (is_external_request)
+    return true;
+ 
+   return false;
+ }
 diff --git a/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc b/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc
 --- a/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc
 +++ b/third_party/blink/renderer/modules/websockets/websocket_channel_impl.cc
@ -163,26 +203,24 @@ diff --git a/third_party/blink/renderer/modules/websockets/websocket_common.cc b
   if (!execution_context->GetContentSecurityPolicyForWorld()
            ->AllowConnectToSource(url_)) {
     state_ = kClosed;
-@@ -135,6 +144,26 @@ WebSocketCommon::ConnectResult WebSocketCommon::Connect(
+@@ -135,6 +144,24 @@ WebSocketCommon::ConnectResult WebSocketCommon::Connect(
   return ConnectResult::kSuccess;
 }
 
 +bool WebSocketCommon::ShouldBlockGateWayAttacks(network::mojom::IPAddressSpace requestor_space, const KURL& request_url) const {
-+  if (RuntimeEnabledFeatures::CorsRFC1918Enabled()) {
-+    // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
-+    // all this up to //net and //content in order to have any real impact on
-+    // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
-+    network::mojom::IPAddressSpace target_space =
-+        network::mojom::IPAddressSpace::kPublic;
-+    if (network_utils::IsReservedIPAddress(request_url.Host()))
-+      target_space = network::mojom::IPAddressSpace::kPrivate;
-+    if (SecurityOrigin::Create(request_url)->IsLocalhost())
-+      target_space = network::mojom::IPAddressSpace::kLocal;
+  // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
+  // all this up to //net and //content in order to have any real impact on
+  // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
+  network::mojom::IPAddressSpace target_space =
+      network::mojom::IPAddressSpace::kPublic;
+  if (network_utils::IsReservedIPAddress(request_url.Host()))
+    target_space = network::mojom::IPAddressSpace::kPrivate;
+  if (SecurityOrigin::Create(request_url)->IsLocalhost())
+    target_space = network::mojom::IPAddressSpace::kLocal;
 +
-+    bool is_external_request = requestor_space > target_space;
-+    if (is_external_request)
-+      return true;
-+  }
+  bool is_external_request = requestor_space > target_space;
+  if (is_external_request)
+    return true;
 +
 +  return false;
 +}
@ -214,11 +252,12 @@ diff --git a/third_party/blink/renderer/modules/websockets/websocket_common.h b/
 diff --git a/third_party/blink/renderer/platform/runtime_enabled_features.json5 b/third_party/blink/renderer/platform/runtime_enabled_features.json5
 --- a/third_party/blink/renderer/platform/runtime_enabled_features.json5
 +++ b/third_party/blink/renderer/platform/runtime_enabled_features.json5
-@@ -386,6 +386,7 @@
+@@ -385,7 +385,7 @@
+       name: "CooperativeScheduling"
     },
     {
-       name: "CorsRFC1918",
-+      status: "stable",
+-      name: "CorsRFC1918",
+      name: "CorsRFC1918"
     },
     {
       name: "CSS3Text",
--- a/build/patches/Restore-duet-flags.patch
+++ b/build/patches/Restore-duet-flags.patch
@ -0,0 +1,34 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Tue, 4 Aug 2020 07:58:21 +0200
+Subject: Restore duet flags
+
+---
+ chrome/browser/flag-metadata.json | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json
+--- a/chrome/browser/flag-metadata.json
+++ b/chrome/browser/flag-metadata.json
+@@ -1273,7 +1273,7 @@
+   {
+     "name": "enable-chrome-duet",
+     "owners": [ "mdjones" ],
+-    "expiry_milestone": 82
+    "expiry_milestone": -1
+   },
+   {
+     "name": "enable-chrome-duet-labels",
+@@ -1455,8 +1455,8 @@
+   },
+   {
+     "name": "enable-duet-tabstrip-integration",
+-    "owners": [ "memex-team@google.com" ],
+-    "expiry_milestone": 84
+    "owners": [ "memex-team@9oo91e.qjz9zk" ],
+    "expiry_milestone": -1
+   },
+   {
+     "name": "enable-edu-coexistence",
+-- 
+2.17.1
+
--- a/build/patches/Update-i18n-zh_CN-support.patch
+++ b/build/patches/Update-i18n-zh_CN-support.patch
@ -1,12 +1,24 @@
 From: mars <gzhqyz@gmail.com>
-Date: Sun, 2 Aug 2020 00:37:49 +0800
+Date: Wed, 13 May 2020 11:28:04 +0800
 Subject: Update i18n zh_CN support

 ---
- .../resources/generated_resources_zh-CN.xtb   |  6 +++++-
- .../android_chrome_strings_zh-CN.xtb          | 21 ++++++++++++++++++-
- 2 files changed, 25 insertions(+), 2 deletions(-)
+ .../app/resources/chromium_strings_zh-CN.xtb   |  3 ++-
+ .../resources/generated_resources_zh-CN.xtb    |  6 +++++-
+ .../android_chrome_strings_zh-CN.xtb           | 18 ++++++++++++++++++
+ 3 files changed, 25 insertions(+), 2 deletions(-)

+diff --git a/chrome/app/resources/chromium_strings_zh-CN.xtb b/chrome/app/resources/chromium_strings_zh-CN.xtb
+--- a/chrome/app/resources/chromium_strings_zh-CN.xtb
+++ b/chrome/app/resources/chromium_strings_zh-CN.xtb
+@@ -245,4 +245,5 @@ Chromium 无法恢复您的设置。</translation>
+ <translation id="93478295209880648">Chromium 可能无法正常运行，因为它不再支持 Windows XP 和 Windows Vista</translation>
+ <translation id="95514773681268843"><ph name="DOMAIN" /> 要求您必须先阅读并接受以下服务条款，才能使用此设备。这些条款不会扩大、修改或限制 Chromium 操作系统条款。</translation>
+ <translation id="985602178874221306">The Chromium Authors</translation>
+-</translationbundle>
+\ No newline at end of file
+<translation id="9090881409075599658">关于 Bromite</translation>
+</translationbundle>
 diff --git a/chrome/app/resources/generated_resources_zh-CN.xtb b/chrome/app/resources/generated_resources_zh-CN.xtb
 --- a/chrome/app/resources/generated_resources_zh-CN.xtb
 +++ b/chrome/app/resources/generated_resources_zh-CN.xtb
@ -24,13 +36,10 @@ diff --git a/chrome/app/resources/generated_resources_zh-CN.xtb b/chrome/app/res
 diff --git a/chrome/browser/ui/android/strings/translations/android_chrome_strings_zh-CN.xtb b/chrome/browser/ui/android/strings/translations/android_chrome_strings_zh-CN.xtb
 --- a/chrome/browser/ui/android/strings/translations/android_chrome_strings_zh-CN.xtb
 +++ b/chrome/browser/ui/android/strings/translations/android_chrome_strings_zh-CN.xtb
-@@ -994,4 +994,23 @@
- <translation id="981121421437150478">离线</translation>
- <translation id="983192555821071799">关闭所有标签页</translation>
- <translation id="987264212798334818">常规</translation>
-</translationbundle>
-\ No newline at end of file
-+<translation id="5334844597069022743">查看源代码</translation>
+@@ -1011,4 +1011,22 @@
+ <translation id="666268767214822976">当您在地址栏中输入查询内容时，使用联想查询服务显示相关查询和热门网站</translation>
+ <translation id="8283853025636624853">正在同步到 <ph name="SYNC_ACCOUNT_USER_NAME" /></translation>
+ <translation id="8981454092730389528">Google 活动控件</translation>
 +<translation id="9090881409075599658">关于 Bromite</translation>
 +<translation id="9148058034647219655">退出</translation>
 +<translation id="6544149167512551709">保留 Cookies 直到您退出浏览器</translation>
@ -49,7 +58,7 @@ diff --git a/chrome/browser/ui/android/strings/translations/android_chrome_strin
 +<translation id="3544784763752062458">编辑过滤器地址</translation>
 +<translation id="4456370887631736415">过滤器地址</translation>
 +<translation id="8189997785233370573">访问帮助页面</translation>
-+</translationbundle>
--
-2.28.0
+ </translationbundle>
+-- 
+2.17.1