Release 102.0.5005.96

2022-06-11 09:02:03 +02:00 · 2022-06-11 09:02:03 +02:00 · f5a6e77bb1
commit f5a6e77bb1
parent c34f5ec6c7
11 changed files with 167 additions and 190 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,9 @@
+# 102.0.5005.96
+* fix history expiration bug (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/2104)
+* fix category setting activation (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/2091)
+* improve plain text rendering on mobile
+* rewritten certificate transparency patch (fixes https://github.com/bromite/bromite/issues/2101)
+
 # 102.0.5005.92
 * restore offline-indicator-v2 flag functionality (thanks to @Zelda189)

--- a/build/LASTCHANGE
+++ b/build/LASTCHANGE
@ -1 +1 @@
-a36e9bc9c8f2df56c89b7b7a1afbde175eee1fad-
+d5d96df7c999fb23a203ac332784b203afe8614f-
--- a/build/RELEASE
+++ b/build/RELEASE
@ -1 +1 @@
-102.0.5005.92
+102.0.5005.96
--- a/build/RELEASE_COMMIT
+++ b/build/RELEASE_COMMIT
@ -1 +1 @@
-ab83f30c1716f7fc990039b28a3ded97ff082625
+91e2c8c16071b47c9a1d2c1bba592f6a643dd1b1
--- a/build/bromite_patches_list.txt
+++ b/build/bromite_patches_list.txt
@ -175,7 +175,6 @@ Revert-Permit-blocking-of-view-source.patch
 Disable-safety-check.patch
 Disable-all-predictors-code.patch
 OpenSearch-miscellaneous.patch
-Enable-Certificate-Transparency.patch
 Update-i18n-zh_CN-support.patch
 Add-flag-for-save-data-header.patch
 Disable-UA-full-version.patch
@ -194,4 +193,7 @@ Add-webGL-site-setting.patch
 Add-site-engagement-flag.patch
 Add-webRTC-site-settings.patch
 enable-process-isolated-sandboxed-iframes-by-default.patch
+Enable-Certificate-Transparency.patch
+Invalidate-components-public-key.patch
+Improve-plain-text-rendering-on-mobile.patch
 Automated-domain-substitution.patch
--- a/build/patches/Add-site-engagement-flag.patch
+++ b/build/patches/Add-site-engagement-flag.patch
@ -26,7 +26,7 @@ diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
 #include "components/shared_highlighting/core/common/shared_highlighting_features.h"
 #include "components/signin/core/browser/dice_account_reconcilor_delegate.h"
 #include "components/signin/public/base/signin_buildflags.h"
-@@ -8500,6 +8501,11 @@ const FeatureEntry kFeatureEntries[] = {
+@@ -8495,6 +8496,11 @@ const FeatureEntry kFeatureEntries[] = {
      flag_descriptions::kReduceUserAgentMinorVersionDescription, kOsAll,
      FEATURE_VALUE_TYPE(blink::features::kReduceUserAgentMinorVersion)},
 
--- a/build/patches/Client-hints-overrides.patch
+++ b/build/patches/Client-hints-overrides.patch
@ -13,14 +13,11 @@ use Google Chrome branding for client hints
 content/common/user_agent.cc                             | 9 +--------
 content/public/common/content_features.cc                | 2 +-
 services/network/public/cpp/client_hints.cc              | 1 +
- services/network/public/cpp/features.cc                  | 6 ++++++
- services/network/public/cpp/features.h                   | 3 +++
- services/network/url_loader.cc                           | 3 ++-
- services/network/url_loader_unittest.cc                  | 3 ++-
+ services/network/public/cpp/features.cc                  | 4 ++--
 third_party/blink/common/client_hints/client_hints.cc    | 1 +
 .../blink/common/client_hints/enabled_client_hints.cc    | 4 +++-
 third_party/blink/common/features.cc                     | 4 ++--
- 14 files changed, 31 insertions(+), 19 deletions(-)
+ 11 files changed, 20 insertions(+), 19 deletions(-)

 diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc
 --- a/chrome/browser/prefs/browser_prefs.cc
@ -64,10 +61,10 @@ diff --git a/content/browser/client_hints/client_hints.cc b/content/browser/clie
 diff --git a/content/browser/loader/navigation_url_loader_impl.cc b/content/browser/loader/navigation_url_loader_impl.cc
 --- a/content/browser/loader/navigation_url_loader_impl.cc
 +++ b/content/browser/loader/navigation_url_loader_impl.cc
-@@ -983,6 +983,11 @@ void NavigationURLLoaderImpl::OnAcceptCHFrameReceived(
-     const std::vector<network::mojom::WebClientHintsType>& accept_ch_frame,
-     OnAcceptCHFrameReceivedCallback callback) {
-   received_accept_ch_frame_ = true;
+@@ -988,6 +988,11 @@ void NavigationURLLoaderImpl::OnAcceptCHFrameReceived(
+     return;
+   }
+ 
 +  if (!base::FeatureList::IsEnabled(network::features::kAcceptCHFrame)) {
 +    std::move(callback).Run(net::OK);
 +    return;
@ -121,58 +118,17 @@ diff --git a/services/network/public/cpp/client_hints.cc b/services/network/publ
 diff --git a/services/network/public/cpp/features.cc b/services/network/public/cpp/features.cc
 --- a/services/network/public/cpp/features.cc
 +++ b/services/network/public/cpp/features.cc
-@@ -181,6 +181,12 @@ const base::FeatureParam<bool> kPlatformProvidedTrustTokenIssuance{
- const base::Feature kWebSocketReassembleShortMessages{
-     "WebSocketReassembleShortMessages", base::FEATURE_ENABLED_BY_DEFAULT};
+@@ -184,8 +184,8 @@ const base::Feature kWebSocketReassembleShortMessages{
+ // Enable support for ACCEPT_CH H2/3 frame as part of Client Hint Reliability.
+ // See:
+ // https://tools.ietf.org/html/draft-davidben-http-client-hint-reliability-02#section-4.3
+-const base::Feature kAcceptCHFrame{"AcceptCHFrame",
+-                                   base::FEATURE_ENABLED_BY_DEFAULT};
+const base::Feature kAcceptCHFrame{"AcceptCHFrame",                    // disabled by default
+                                   base::FEATURE_DISABLED_BY_DEFAULT};  // in Bromite
 
-+// Enable support for ACCEPT_CH H2/3 frame as part of Client Hint Reliability.
-+// See:
-+// https://tools.ietf.org/html/draft-davidben-http-client-hint-reliability-02#section-4.3
-+const base::Feature kAcceptCHFrame{"AcceptCHFrame",
-+                                   base::FEATURE_DISABLED_BY_DEFAULT};
-+
 const base::Feature kSCTAuditingRetryReports{"SCTAuditingRetryReports",
                                              base::FEATURE_ENABLED_BY_DEFAULT};
- 
-diff --git a/services/network/public/cpp/features.h b/services/network/public/cpp/features.h
--- a/services/network/public/cpp/features.h
-+++ b/services/network/public/cpp/features.h
-@@ -66,6 +66,9 @@ extern const base::FeatureParam<bool> kPlatformProvidedTrustTokenIssuance;
- COMPONENT_EXPORT(NETWORK_CPP)
- extern const base::Feature kWebSocketReassembleShortMessages;
- 
-+COMPONENT_EXPORT(NETWORK_CPP)
-+extern const base::Feature kAcceptCHFrame;
-+
- COMPONENT_EXPORT(NETWORK_CPP)
- extern const base::Feature kSCTAuditingRetryReports;
- 
-diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc
--- a/services/network/url_loader.cc
-+++ b/services/network/url_loader.cc
-@@ -1149,7 +1149,8 @@ int URLLoader::OnConnected(net::URLRequest* url_request,
-     return net::ERR_FAILED;
-   }
- 
-  if (!accept_ch_frame_observer_ || info.accept_ch_frame.empty()) {
-+  if (!accept_ch_frame_observer_ || info.accept_ch_frame.empty() ||
-+      !base::FeatureList::IsEnabled(features::kAcceptCHFrame)) {
-     return net::OK;
-   }
- 
-diff --git a/services/network/url_loader_unittest.cc b/services/network/url_loader_unittest.cc
--- a/services/network/url_loader_unittest.cc
-+++ b/services/network/url_loader_unittest.cc
-@@ -686,7 +686,8 @@ class URLLoaderTest : public testing::Test {
-     net::URLRequestFailedJob::AddUrlHandler();
- 
-     scoped_feature_list_.InitWithFeatures(
-        /*enabled_features=*/{net::features::kRecordRadioWakeupTrigger},
-+        /*enabled_features=*/{features::kAcceptCHFrame,
-+                              net::features::kRecordRadioWakeupTrigger},
-         /*disabled_features=*/{});
-   }
-   ~URLLoaderTest() override {
 diff --git a/third_party/blink/common/client_hints/client_hints.cc b/third_party/blink/common/client_hints/client_hints.cc
 --- a/third_party/blink/common/client_hints/client_hints.cc
 +++ b/third_party/blink/common/client_hints/client_hints.cc
--- a/build/patches/Enable-Certificate-Transparency.patch
+++ b/build/patches/Enable-Certificate-Transparency.patch
@ -1,93 +1,76 @@
-From: uazo <uazo@users.noreply.github.com>
-Date: Tue, 18 Jan 2022 16:02:06 +0000
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Fri, 10 Jun 2022 14:20:02 +0200
 Subject: Enable Certificate Transparency

-Disable CT reporting
+Reporting/auditing functionalities are disabled; a flag is exposed.
 ---
 chrome/browser/about_flags.cc                        |  5 +++++
- chrome/browser/browser_features.cc                   |  4 ++--
- .../pki_metadata_component_installer.cc              |  3 ++-
+ chrome/browser/browser_features.cc                   |  2 +-
 chrome/browser/flag_descriptions.cc                  |  4 ++++
 chrome/browser/flag_descriptions.h                   |  3 +++
 chrome/browser/net/system_network_context_manager.cc |  4 ----
- chrome/browser/ssl/sct_reporting_service.cc          |  3 +++
- chrome/common/chrome_features.cc                     |  2 +-
- net/http/transport_security_state.cc                 | 12 +++++-------
- net/url_request/report_sender.cc                     |  2 +-
- services/network/network_context.cc                  | 10 +++++++---
- services/network/public/cpp/features.gni             |  2 +-
- .../network/sct_auditing/sct_auditing_handler.cc     |  6 ++++++
- 13 files changed, 40 insertions(+), 20 deletions(-)
+ chrome/browser/ssl/sct_reporting_service.cc          |  5 +++++
+ chrome/common/chrome_features.cc                     |  6 +++---
+ net/http/transport_security_state.cc                 | 12 +++---------
+ net/url_request/report_sender.cc                     |  3 ++-
+ services/network/network_context.cc                  |  2 +-
+ .../network/sct_auditing/sct_auditing_handler.cc     |  2 ++
+ 11 files changed, 29 insertions(+), 19 deletions(-)

 diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
 --- a/chrome/browser/about_flags.cc
 +++ b/chrome/browser/about_flags.cc
-@@ -8164,6 +8164,11 @@ const FeatureEntry kFeatureEntries[] = {
-      kOsWin | kOsLinux | kOsLacros,
-      FEATURE_VALUE_TYPE(features::kWebBluetoothBondOnDemand)},
- 
+@@ -8168,6 +8168,11 @@ const FeatureEntry kFeatureEntries[] = {
+      flag_descriptions::kWebMidiDescription, kOsAll,
+      FEATURE_VALUE_TYPE(features::kWebMidi)},
+ #if BUILDFLAG(IS_ANDROID)
 +    {"certificate-transparency-enabled",
 +     flag_descriptions::kCTEnabledName,
 +     flag_descriptions::kCTEnabledDescription, kOsAndroid,
 +     FEATURE_VALUE_TYPE(features::kCertificateTransparencyAndroid)},
 +
- #if BUILDFLAG(IS_CHROMEOS_ASH)
-     {"enable-libinput-to-handle-touchpad",
-      flag_descriptions::kEnableLibinputToHandleTouchpadName,
+     {"use-real-color-space-for-android-video",
+      flag_descriptions::kUseRealColorSpaceForAndroidVideoName,
+      flag_descriptions::kUseRealColorSpaceForAndroidVideoDescription,
 diff --git a/chrome/browser/browser_features.cc b/chrome/browser/browser_features.cc
 --- a/chrome/browser/browser_features.cc
 +++ b/chrome/browser/browser_features.cc
-@@ -142,8 +142,8 @@ const base::Feature kWebUsbDeviceDetection{"WebUsbDeviceDetection",
- 
+@@ -143,7 +143,7 @@ const base::Feature kWebUsbDeviceDetection{"WebUsbDeviceDetection",
 #if BUILDFLAG(IS_ANDROID)
 // Enables Certificate Transparency on Android.
-const base::Feature kCertificateTransparencyAndroid{
+ const base::Feature kCertificateTransparencyAndroid{
 -    "CertificateTransparencyAndroid", base::FEATURE_ENABLED_BY_DEFAULT};
-+const base::Feature kCertificateTransparencyAndroid{                       // must be enabled in Bromite
-+    "CertificateTransparencyAndroid", base::FEATURE_ENABLED_BY_DEFAULT};   // ^
+    "CertificateTransparencyAndroid", base::FEATURE_ENABLED_BY_DEFAULT};  // enabled by default in Bromite
 #endif
 
 const base::Feature kLargeFaviconFromGoogle{"LargeFaviconFromGoogle",
-diff --git a/chrome/browser/component_updater/pki_metadata_component_installer.cc b/chrome/browser/component_updater/pki_metadata_component_installer.cc
--- a/chrome/browser/component_updater/pki_metadata_component_installer.cc
-+++ b/chrome/browser/component_updater/pki_metadata_component_installer.cc
-@@ -61,7 +61,8 @@ const char kGoogleOperatorName[] = "Google";
- // The extension id is: efniojlnjndmcbiieegkicadnoecjjef
- const uint8_t kPKIMetadataPublicKeySHA256[32] = {
-     0x45, 0xd8, 0xe9, 0xbd, 0x9d, 0x3c, 0x21, 0x88, 0x44, 0x6a, 0x82,
-    0x03, 0xde, 0x42, 0x99, 0x45, 0x66, 0x25, 0xfe, 0xb3, 0xd1, 0xf8,
-+    // this is changed on purpose in Bromite
-+    0x01, 0x02, 0x03, 0x04, 0x05, 0x66, 0x25, 0xfe, 0xb3, 0xd1, 0xf8,
-     0x11, 0x65, 0xb4, 0x6f, 0xd3, 0x1b, 0x21, 0x89, 0xbe, 0x9c};
- 
- const base::FilePath::CharType kCTConfigProtoFileName[] =
 diff --git a/chrome/browser/flag_descriptions.cc b/chrome/browser/flag_descriptions.cc
 --- a/chrome/browser/flag_descriptions.cc
 +++ b/chrome/browser/flag_descriptions.cc
-@@ -5917,6 +5917,10 @@ const char kUIDebugToolsDescription[] =
-     "Enables additional keyboard shortcuts to help debugging.";
- #endif
+@@ -5934,6 +5934,10 @@ const char kAutofillCreditCardUploadDescription[] =
+ #endif  // defined(TOOLKIT_VIEWS) || BUILDFLAG(IS_ANDROID)
 
+ #if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_ANDROID)
 +const char kCTEnabledName[] = "Enable Certificate Transparency";
 +const char kCTEnabledDescription[] =
-+    "Enables compliance against the Certificate Transparency Policy, without any reports being issued.";
+    "Enables compliance against the Certificate Transparency Policy, with reporting disabled.";
 +
- #if defined(WEBRTC_USE_PIPEWIRE)
- const char kWebrtcPipeWireCapturerName[] = "WebRTC PipeWire support";
- const char kWebrtcPipeWireCapturerDescription[] =
+ const char kElasticOverscrollName[] = "Elastic Overscroll";
+ const char kElasticOverscrollDescription[] =
+     "Enables Elastic Overscrolling on touchscreens and precision touchpads.";
 diff --git a/chrome/browser/flag_descriptions.h b/chrome/browser/flag_descriptions.h
 --- a/chrome/browser/flag_descriptions.h
 +++ b/chrome/browser/flag_descriptions.h
-@@ -3436,6 +3436,9 @@ extern const char kUIDebugToolsName[];
- extern const char kUIDebugToolsDescription[];
- #endif
+@@ -3446,6 +3446,9 @@ extern const char kAutofillCreditCardUploadDescription[];
+ #endif  // defined(TOOLKIT_VIEWS) || BUILDFLAG(IS_ANDROID)
 
+ #if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_ANDROID)
 +extern const char kCTEnabledName[];
 +extern const char kCTEnabledDescription[];
 +
- #if defined(WEBRTC_USE_PIPEWIRE)
- extern const char kWebrtcPipeWireCapturerName[];
- extern const char kWebrtcPipeWireCapturerDescription[];
+ extern const char kElasticOverscrollName[];
+ extern const char kElasticOverscrollDescription[];
+ #endif  // BUILDFLAG(IS_WIN) || BUILDFLAG(IS_ANDROID)
 diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/browser/net/system_network_context_manager.cc
 --- a/chrome/browser/net/system_network_context_manager.cc
 +++ b/chrome/browser/net/system_network_context_manager.cc
@ -112,57 +95,65 @@ diff --git a/chrome/browser/net/system_network_context_manager.cc b/chrome/brows
 diff --git a/chrome/browser/ssl/sct_reporting_service.cc b/chrome/browser/ssl/sct_reporting_service.cc
 --- a/chrome/browser/ssl/sct_reporting_service.cc
 +++ b/chrome/browser/ssl/sct_reporting_service.cc
-@@ -199,6 +199,9 @@ void SetSCTAuditingEnabledForStoragePartition(
+@@ -199,6 +199,11 @@ void SetSCTAuditingEnabledForStoragePartition(
 }  // namespace
 
 network::mojom::SCTAuditingMode SCTReportingService::GetReportingMode() {
 +  if ((true)) {
+    // always disabled in Bromite
 +    return network::mojom::SCTAuditingMode::kDisabled;
 +  }
+
   if (profile_->IsOffTheRecord() ||
       !base::FeatureList::IsEnabled(features::kSCTAuditing)) {
     return network::mojom::SCTAuditingMode::kDisabled;
 diff --git a/chrome/common/chrome_features.cc b/chrome/common/chrome_features.cc
 --- a/chrome/common/chrome_features.cc
 +++ b/chrome/common/chrome_features.cc
-@@ -887,7 +887,7 @@ const base::Feature kSchedulerConfiguration{"SchedulerConfiguration",
+@@ -881,9 +881,9 @@ const base::Feature kSchedulerConfiguration{"SchedulerConfiguration",
+ 
+ // Controls whether SCT audit reports are queued and the rate at which they
 // should be sampled. Default sampling rate is 1/10,000 certificates.
- #if BUILDFLAG(IS_ANDROID)
- const base::Feature kSCTAuditing{"SCTAuditing",
+-#if BUILDFLAG(IS_ANDROID)
+-const base::Feature kSCTAuditing{"SCTAuditing",
 -                                 base::FEATURE_DISABLED_BY_DEFAULT};
-+                                 base::FEATURE_DISABLED_BY_DEFAULT}; // Bromite: guard against enabling this
+#if BUILDFLAG(IS_ANDROID)                                            // SCT auditing
+const base::Feature kSCTAuditing{"SCTAuditing",                      // must be always
+                                 base::FEATURE_DISABLED_BY_DEFAULT}; // disabled in Bromite
 #else
 const base::Feature kSCTAuditing{"SCTAuditing",
                                  base::FEATURE_ENABLED_BY_DEFAULT};
 diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
 --- a/net/http/transport_security_state.cc
 +++ b/net/http/transport_security_state.cc
-@@ -340,6 +340,7 @@ bool DecodeHSTSPreload(const std::string& search_hostname, PreloadResult* out) {
+@@ -338,6 +338,7 @@ class HSTSPreloadDecoder : public net::extras::PreloadDecoder {
+ 
+ bool DecodeHSTSPreload(const std::string& search_hostname, PreloadResult* out) {
 #if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST)
+#error "BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) must be enabled"
   if (g_hsts_source == nullptr)
     return false;
-+#error "BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST) must be enabled"
 #endif
-   bool found = false;
- 
@@ -383,11 +384,11 @@ bool DecodeHSTSPreload(const std::string& search_hostname, PreloadResult* out) {
 
 // static
 const base::Feature TransportSecurityState::kDynamicExpectCTFeature{
 -    "DynamicExpectCT", base::FEATURE_ENABLED_BY_DEFAULT};
-+    "DynamicExpectCT", base::FEATURE_DISABLED_BY_DEFAULT};
+    "DynamicExpectCT", base::FEATURE_DISABLED_BY_DEFAULT};                         // disabled in Bromite
 
 // static
 const base::Feature TransportSecurityState::kCertificateTransparencyEnforcement{
 -    "CertificateTransparencyEnforcement", base::FEATURE_ENABLED_BY_DEFAULT};
-+    "CertificateTransparencyEnforcement", base::FEATURE_ENABLED_BY_DEFAULT}; // Bromite: guard against disabling this
+    "CertificateTransparencyEnforcement", base::FEATURE_ENABLED_BY_DEFAULT};       // always enabled in Bromite
 
 void SetTransportSecurityStateSourceForTesting(
     const TransportSecurityStateSource* source) {
-@@ -413,11 +414,6 @@ TransportSecurityState::TransportSecurityState(
+@@ -411,13 +412,6 @@ TransportSecurityState::TransportSecurityState(
+       sent_expect_ct_reports_cache_(kMaxReportCacheEntries),
+       key_expect_ct_by_nik_(base::FeatureList::IsEnabled(
           features::kPartitionExpectCTStateByNetworkIsolationKey)) {
- // Static pinning is only enabled for official builds to make sure that
- // others don't end up with pins that cannot be easily updated.
+-// Static pinning is only enabled for official builds to make sure that
+-// others don't end up with pins that cannot be easily updated.
 -#if !BUILDFLAG(GOOGLE_CHROME_BRANDING) || BUILDFLAG(IS_ANDROID) || \
 -    BUILDFLAG(IS_IOS)
 -  enable_static_pins_ = false;
@ -171,23 +162,15 @@ diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_
   // Check that there no invalid entries in the static HSTS bypass list.
   for (auto& host : hsts_host_bypass_list) {
     DCHECK(host.find('.') == std::string::npos);
-@@ -470,6 +466,8 @@ TransportSecurityState::PKPStatus TransportSecurityState::CheckPublicKeyPins(
-   if (!HasPublicKeyPins(host_port_pair.host())) {
-     return PKPStatus::OK;
-   }
-+  if (ct_emergency_disable_)
-+     return PKPStatus::OK;
- 
-   PKPStatus pin_validity = CheckPublicKeyPinsImpl(
-       host_port_pair, is_issued_by_known_root, public_key_hashes,
 diff --git a/net/url_request/report_sender.cc b/net/url_request/report_sender.cc
 --- a/net/url_request/report_sender.cc
 +++ b/net/url_request/report_sender.cc
-@@ -87,7 +87,7 @@ void ReportSender::Send(const GURL& report_uri,
+@@ -87,7 +87,8 @@ void ReportSender::Send(const GURL& report_uri,
 
   URLRequest* raw_url_request = url_request.get();
   inflight_requests_[raw_url_request] = std::move(url_request);
 -  raw_url_request->Start();
+  // pretend that request completed
 +  OnResponseStarted(raw_url_request, OK);
 }
 
@ -200,68 +183,28 @@ diff --git a/services/network/network_context.cc b/services/network/network_cont
   // this even after the call to Build().
 
 -  if (params_->enable_certificate_reporting) {
-+  if ((false /*params_->enable_certificate_reporting*/)) {
+  if ((false) /* params_->enable_certificate_reporting*/) {
     net::NetworkTrafficAnnotationTag traffic_annotation =
         net::DefineNetworkTrafficAnnotation("domain_security_policy", R"(
         semantics {
-@@ -2666,7 +2666,7 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext(
-   }
- 
- #if BUILDFLAG(IS_CT_SUPPORTED)
-  if (params_->enable_expect_ct_reporting) {
-+  if ((false)/*params_->enable_expect_ct_reporting*/) {
-     LazyCreateExpectCTReporter(result.url_request_context.get());
-     result.url_request_context->transport_security_state()->SetExpectCTReporter(
-         expect_ct_reporter_.get());
-@@ -2678,9 +2678,13 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext(
-     result.url_request_context->transport_security_state()
-         ->SetRequireCTDelegate(require_ct_delegate_.get());
-   }
-+  else {
-+    result.url_request_context->transport_security_state()
-+        ->SetCTEmergencyDisabled(true);
-+  }
- #endif  // BUILDFLAG(IS_CT_SUPPORTED)
- 
-  if (params_->enable_domain_reliability) {
-+  if ((false)/*params_->enable_domain_reliability*/) {
-     domain_reliability_monitor_ =
-         std::make_unique<domain_reliability::DomainReliabilityMonitor>(
-             result.url_request_context.get(),
-diff --git a/services/network/public/cpp/features.gni b/services/network/public/cpp/features.gni
--- a/services/network/public/cpp/features.gni
-+++ b/services/network/public/cpp/features.gni
-@@ -7,7 +7,7 @@ import("//build/config/features.gni")
- declare_args() {
-   # Certificate transparency is not supported on iOS.
-   # TODO(mmenke): It's actually not supported on Android, either.
-  is_ct_supported = !is_ios
-+  is_ct_supported = true
- 
-   # Controls whether P2P is exposed by the network service.
-   # Optional to reduce avoid having Chrome on iOS depends on
 diff --git a/services/network/sct_auditing/sct_auditing_handler.cc b/services/network/sct_auditing/sct_auditing_handler.cc
 --- a/services/network/sct_auditing/sct_auditing_handler.cc
 +++ b/services/network/sct_auditing/sct_auditing_handler.cc
-@@ -105,6 +105,9 @@ void SCTAuditingHandler::MaybeEnqueueReport(
-     const net::X509Certificate* validated_certificate_chain,
-     const net::SignedCertificateTimestampAndStatusList&
-         signed_certificate_timestamps) {
-+  if ((true)) {
-+    return;
-+  }
+@@ -108,6 +108,7 @@ void SCTAuditingHandler::MaybeEnqueueReport(
   if (mode_ == mojom::SCTAuditingMode::kDisabled) {
     return;
   }
-@@ -294,6 +297,9 @@ void SCTAuditingHandler::AddReporter(
-     absl::optional<SCTAuditingReporter::SCTHashdanceMetadata> sct_metadata,
-     std::unique_ptr<net::BackoffEntry> backoff_entry) {
-   DCHECK(foreground_runner_->RunsTasksInCurrentSequence());
-+  if ((true)) {
-+    return;
-+  }
+  if ((true)) return;
+ 
+   // Only audit valid SCTs. This ensures that they come from a known log, have
+   // a valid signature, and thus are expected to be public certificates. If
+@@ -297,6 +298,7 @@ void SCTAuditingHandler::AddReporter(
   if (mode_ == mojom::SCTAuditingMode::kDisabled) {
     return;
   }
+  if ((true)) return;
+ 
+   auto reporter = std::make_unique<SCTAuditingReporter>(
+       owner_network_context_, reporter_key, std::move(report),
 --
 2.25.1
--- a/build/patches/Improve-plain-text-rendering-on-mobile.patch
+++ b/build/patches/Improve-plain-text-rendering-on-mobile.patch
@ -0,0 +1,33 @@
+From: mauve <ranger@mauve.moe>
+Date: Mon, 30 May 2022 22:25:04 -0400
+Subject: Improve plain text rendering on mobile
+
+---
+ .../renderer/core/html/parser/text_document_parser.cc | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/blink/renderer/core/html/parser/text_document_parser.cc b/third_party/blink/renderer/core/html/parser/text_document_parser.cc
+--- a/third_party/blink/renderer/core/html/parser/text_document_parser.cc
+++ b/third_party/blink/renderer/core/html/parser/text_document_parser.cc
+@@ -63,9 +63,18 @@ void TextDocumentParser::InsertFakePreElement() {
+   TreeBuilder()->ConstructTree(&fake_meta);
+   attributes.clear();
+ 
+  // Scale up text to look good on Mobile
+  attributes.push_back(Attribute(html_names::kNameAttr, "viewport"));
+  attributes.push_back(Attribute(html_names::kContentAttr,
+    "width=device-width, initial-scale=1.0, maximum-scale=1.0"));
+  AtomicHTMLToken viewport_meta(HTMLToken::kStartTag,
+                            html_names::kMetaTag.LocalName(), attributes);
+  TreeBuilder()->ConstructTree(&viewport_meta);
+  attributes.clear();
+
+   // Wrap the actual contents of the text file in <pre>.
+   attributes.push_back(Attribute(
+-      html_names::kStyleAttr, "word-wrap: break-word; white-space: pre-wrap;"));
+      html_names::kStyleAttr, "word-wrap: break-word; white-space: pre-wrap; font-family: system-ui;"));
+   AtomicHTMLToken fake_pre(HTMLToken::kStartTag,
+                            html_names::kPreTag.LocalName(), attributes);
+   TreeBuilder()->ConstructTree(&fake_pre);
+--
+2.25.1
--- a/build/patches/Invalidate-components-public-key.patch
+++ b/build/patches/Invalidate-components-public-key.patch
@ -0,0 +1,24 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Fri, 10 Jun 2022 14:21:13 +0200
+Subject: Invalidate components public key
+
+This prevents usage of any signed component
+---
+ .../component_updater/pki_metadata_component_installer.cc      | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/chrome/browser/component_updater/pki_metadata_component_installer.cc b/chrome/browser/component_updater/pki_metadata_component_installer.cc
+--- a/chrome/browser/component_updater/pki_metadata_component_installer.cc
+++ b/chrome/browser/component_updater/pki_metadata_component_installer.cc
+@@ -61,7 +61,8 @@ const char kGoogleOperatorName[] = "Google";
+ // The extension id is: efniojlnjndmcbiieegkicadnoecjjef
+ const uint8_t kPKIMetadataPublicKeySHA256[32] = {
+     0x45, 0xd8, 0xe9, 0xbd, 0x9d, 0x3c, 0x21, 0x88, 0x44, 0x6a, 0x82,
+-    0x03, 0xde, 0x42, 0x99, 0x45, 0x66, 0x25, 0xfe, 0xb3, 0xd1, 0xf8,
+    // this fingerprint is changed on purpose in Bromite
+    0x01, 0x02, 0x03, 0x04, 0x05, 0x66, 0x25, 0xfe, 0xb3, 0xd1, 0xf8,
+     0x11, 0x65, 0xb4, 0x6f, 0xd3, 0x1b, 0x21, 0x89, 0xbe, 0x9c};
+ 
+ const base::FilePath::CharType kCTConfigProtoFileName[] =
+--
+2.25.1
--- a/build/patches/ungoogled-chromium-no-special-hosts-domains.patch
+++ b/build/patches/ungoogled-chromium-no-special-hosts-domains.patch
@ -17,7 +17,8 @@ Disable domain reliability detection
 .../common/page_load_metrics_util.cc          |  33 +--
 components/search_engines/template_url.cc     |   6 +-
 net/base/url_util.cc                          |  21 --
- 12 files changed, 44 insertions(+), 329 deletions(-)
+ services/network/network_context.cc           |   2 +-
+ 13 files changed, 45 insertions(+), 330 deletions(-)

 diff --git a/chrome/browser/domain_reliability/service_factory.cc b/chrome/browser/domain_reliability/service_factory.cc
 --- a/chrome/browser/domain_reliability/service_factory.cc
@ -579,5 +580,17 @@ diff --git a/net/base/url_util.cc b/net/base/url_util.cc
   return false;
 }
 
+diff --git a/services/network/network_context.cc b/services/network/network_context.cc
+--- a/services/network/network_context.cc
+++ b/services/network/network_context.cc
+@@ -2680,7 +2680,7 @@ URLRequestContextOwner NetworkContext::MakeURLRequestContext(
+   }
+ #endif  // BUILDFLAG(IS_CT_SUPPORTED)
+ 
+-  if (params_->enable_domain_reliability) {
+  if ((false) /*params_->enable_domain_reliability*/) {
+     domain_reliability_monitor_ =
+         std::make_unique<domain_reliability::DomainReliabilityMonitor>(
+             result.url_request_context.get(),
 --
 2.25.1