Patches for 122

build/RELEASE

@@ -1 +1 @@
-121.0.6167.164
+122.0.6261.64

build/cromite_patches_list.txt

@@ -174,7 +174,6 @@ Partition-blobs-by-top-frame-URL.patch
 Override-Navigator-Language.patch
 Disable-add-to-home-screen-prompt.patch
 Remove-HTTP-referrals-in-cross-origin-navigation.patch
-Enable-ECH-by-default.patch
 Disable-StartSurface-feature.patch
 Enable-PermuteTLSExtensions-by-default.patch
 Enable-third-party-storage-partitioning.patch
@@ -216,11 +215,9 @@ Remove-ChromiumNetworkAdapter.patch
 Internal-firewall.patch
 Disable-devtools-remote-and-custom-protocols.patch
 Remove-detection-of-captive-portals.patch
-Disable-SHA1-Server-Signature.patch
 Remove-auth-header-upon-cross-origin-redirect.patch
 Clear-CORS-Preflight-Cache-on-clearing-data.patch
 Multi-Screen-Window-Placement-API-fix.patch
-Remove-https-connection-from-chrome-discards.patch
 Add-a-flag-to-disable-GamePad-API.patch
 Disable-WebGPU.patch
 Disable-FirstPartySets-and-StorageAccessAPI.patch
@@ -287,6 +284,8 @@ Temp-disable-predictive-back-gesture.patch
 TEMP-Add-a-log-to-track-strange-behavior.patch
 Temp-guard-FileSystemAccessPersistentPermissions.patch
 Fix-chromium-build-bugs.patch
+00Temp-disable-network-service-windows.patch
+00Temp-fix-Content-settings-infrastructure.patch
 
 eyeo-beta-118.0.5993.48-base.patch
 eyeo-beta-118.0.5993.48-chrome_integration.patch
@@ -296,5 +295,3 @@ eyeo-beta-118.0.5993.48-extension_api.patch
 Eyeo-Adblock-Remove-Privacy-Issues.patch
 AdblockPlus-add-blocking-in-service-workers.patch
 AdblockPlus-connect-popup-blocker.patch
-
-Temp-FIXUP-Content-settings-infrastructure.patch

build/patches/00Temp-disable-network-service-windows.patch

@@ -0,0 +1,20 @@
+From: Your Name <[email protected]>
+Date: Wed, 21 Feb 2024 09:16:27 +0000
+Subject: Temp disable network service windows
+
+---
+ sandbox/policy/features.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sandbox/policy/features.cc b/sandbox/policy/features.cc
+--- a/sandbox/policy/features.cc
++++ b/sandbox/policy/features.cc
+@@ -217,6 +217,6 @@ SET_CROMITE_FEATURE_ENABLED(kUseRendererProcessPolicy);
+ SET_CROMITE_FEATURE_ENABLED(kRestrictRendererPoliciesInBaseline);
+ #endif
+ #if BUILDFLAG(IS_WIN)
+-SET_CROMITE_FEATURE_ENABLED(kNetworkServiceSandbox);
++//SET_CROMITE_FEATURE_ENABLED(kNetworkServiceSandbox);
+ #endif
+ }  // namespace sandbox::policy::features
+--

build/patches/00Temp-fix-Content-settings-infrastructure.patch

@@ -0,0 +1,23 @@
+From: Your Name <[email protected]>
+Date: Wed, 21 Feb 2024 09:16:51 +0000
+Subject: Temp fix Content settings infrastructure
+
+---
+ .../content_settings/core/common/content_settings_types.mojom | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/components/content_settings/core/common/content_settings_types.mojom b/components/content_settings/core/common/content_settings_types.mojom
+--- a/components/content_settings/core/common/content_settings_types.mojom
++++ b/components/content_settings/core/common/content_settings_types.mojom
+@@ -388,6 +388,10 @@ enum ContentSettingsType {
+   WEB_PRINTING,
+
+   NUM_TYPES_CHROMIUM,
++  TIMEZONE_OVERRIDE,
++  VIEWPORT,
++  WEBGL,
++  WEBRTC,
+ // #include "components/content_settings/core/common/bromite_content_settings.inc"
+   NUM_TYPES_BROMITE,
+ };
+--

build/patches/AImageReader-CFI-crash-mitigations.patch

@@ -20,8 +20,8 @@ See discussions at:
 
 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
 ---
- base/android/android_image_reader_compat.cc      |  8 +++++++-
- base/android/android_image_reader_compat.h       |  4 ++++
+ base/android/android_image_reader_compat.cc      | 16 ++++++++++++++++
+ base/android/android_image_reader_compat.h       | 14 ++++++++++++++
  chrome/browser/flag-metadata.json                |  6 +++---
  .../AImageReader-CFI-crash-mitigations.inc       |  4 ++++
  .../AImageReader-CFI-crash-mitigations.inc       |  1 +
@@ -30,63 +30,67 @@ License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
  gpu/config/gpu_finch_features.h                  |  1 +
  gpu/config/gpu_util.cc                           |  8 ++++++++
  gpu/config/gpu_workaround_list.txt               |  1 +
- gpu/ipc/service/gpu_init.cc                      |  7 +++++++
+ gpu/ipc/service/gpu_init.cc                      |  8 ++++++++
  gpu/ipc/service/stream_texture_android.cc        | 11 ++++++++++-
- 12 files changed, 67 insertions(+), 5 deletions(-)
+ 12 files changed, 87 insertions(+), 4 deletions(-)
  create mode 100644 cromite_flags/media/base/media_switches_cc/AImageReader-CFI-crash-mitigations.inc
  create mode 100644 cromite_flags/media/base/media_switches_h/AImageReader-CFI-crash-mitigations.inc
 
 diff --git a/base/android/android_image_reader_compat.cc b/base/android/android_image_reader_compat.cc
 --- a/base/android/android_image_reader_compat.cc
 +++ b/base/android/android_image_reader_compat.cc
-@@ -23,6 +23,8 @@
+@@ -7,7 +7,23 @@
  namespace base {
  namespace android {
 
-+bool AndroidImageReader::disable_support_ = false;
++AndroidImageReader& AndroidImageReader::GetInstance() {
++  // C++11 static local variable initialization is
++  // thread-safe.
++  static AndroidImageReader instance;
++  return instance;
++}
 +
- AndroidImageReader& AndroidImageReader::GetInstance() {
-   // C++11 static local variable initialization is
-   // thread-safe.
-@@ -30,8 +32,12 @@ AndroidImageReader& AndroidImageReader::GetInstance() {
-   return instance;
- }
-
 +void AndroidImageReader::DisableSupport() {
 +  disable_support_ = true;
 +}
 +
- bool AndroidImageReader::IsSupported() {
--  return is_supported_;
-+  return !disable_support_ && is_supported_;
- }
-
- AndroidImageReader::AndroidImageReader() : is_supported_(LoadFunctions()) {}
++bool AndroidImageReader::IsSupported() {
++  return !disable_support_;
++}
++
+ bool EnableAndroidImageReader() {
++  if (!AndroidImageReader::GetInstance().IsSupported()) return false;
+   // Currently we want to enable AImageReader only for android P+ devices.
+   if (__builtin_available(android 28, *)) {
+     return true;
 diff --git a/base/android/android_image_reader_compat.h b/base/android/android_image_reader_compat.h
 --- a/base/android/android_image_reader_compat.h
 +++ b/base/android/android_image_reader_compat.h
-@@ -24,6 +24,9 @@ class BASE_EXPORT AndroidImageReader {
-   AndroidImageReader(const AndroidImageReader&) = delete;
-   AndroidImageReader& operator=(const AndroidImageReader&) = delete;
+@@ -10,6 +10,20 @@
+ namespace base {
+ namespace android {
 
++class BASE_EXPORT AndroidImageReader {
++ public:
++  // Thread safe GetInstance.
++  static AndroidImageReader& GetInstance();
++
++  bool IsSupported();
++
 +  // Disable image reader support.
-+  static void DisableSupport();
++  void DisableSupport();
 +
-   // Check if the image reader usage is supported. This function returns TRUE
-   // if android version is >=OREO, image reader support is not disabled and all
-   // the required functions are loaded.
-@@ -61,6 +64,7 @@ class BASE_EXPORT AndroidImageReader {
-   jobject ANativeWindow_toSurface(JNIEnv* env, ANativeWindow* window);
-
-  private:
-+  static bool disable_support_;
-   friend class base::NoDestructor<AndroidImageReader>;
++ private:
++  bool disable_support_ = false;
++};
++
+ // Check if the image reader usage is supported.
+ BASE_EXPORT bool EnableAndroidImageReader();
 
-   AndroidImageReader();
 diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json
 --- a/chrome/browser/flag-metadata.json
 +++ b/chrome/browser/flag-metadata.json
-@@ -2923,9 +2923,9 @@
+@@ -2980,9 +2980,9 @@
      "expiry_milestone": 125
    },
    {
@@ -179,7 +183,7 @@ diff --git a/gpu/config/gpu_util.cc b/gpu/config/gpu_util.cc
    if (!gpu_preferences.enable_android_surface_control)
      return kGpuFeatureStatusDisabled;
 
-@@ -355,6 +358,11 @@ void AdjustGpuFeatureStatusToWorkarounds(GpuFeatureInfo* gpu_feature_info) {
+@@ -368,6 +371,11 @@ void AdjustGpuFeatureStatusToWorkarounds(GpuFeatureInfo* gpu_feature_info) {
      gpu_feature_info->status_values[GPU_FEATURE_TYPE_CANVAS_OOP_RASTERIZATION] =
          kGpuFeatureStatusBlocklisted;
    }
@@ -205,14 +209,22 @@ diff --git a/gpu/config/gpu_workaround_list.txt b/gpu/config/gpu_workaround_list
 diff --git a/gpu/ipc/service/gpu_init.cc b/gpu/ipc/service/gpu_init.cc
 --- a/gpu/ipc/service/gpu_init.cc
 +++ b/gpu/ipc/service/gpu_init.cc
-@@ -675,6 +675,13 @@ bool GpuInit::InitializeAndStartSandbox(base::CommandLine* command_line,
+@@ -65,6 +65,7 @@
+
+ #if BUILDFLAG(IS_ANDROID)
+ #include "ui/gfx/android/android_surface_control_compat.h"
++#include "base/android/android_image_reader_compat.h"
+ #endif
+
+ #if BUILDFLAG(ENABLE_VULKAN)
+@@ -672,6 +673,13 @@ bool GpuInit::InitializeAndStartSandbox(base::CommandLine* command_line,
    }
  #endif  // BUILDFLAG(IS_WIN)
 
 +#if BUILDFLAG(IS_ANDROID)
 +  // Disable AImageReader if the workaround is enabled.
 +  if (gpu_feature_info_.IsWorkaroundEnabled(DISABLE_AIMAGEREADER)) {
-+    base::android::AndroidImageReader::DisableSupport();
++    base::android::AndroidImageReader::GetInstance().DisableSupport();
 +  }
 +#endif
 +

build/patches/AdblockPlus-add-blocking-in-service-workers.patch

@@ -401,7 +401,7 @@ diff --git a/chrome/browser/adblock/adblock_content_browser_client.h b/chrome/br
 diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
 --- a/chrome/browser/chrome_content_browser_client.cc
 +++ b/chrome/browser/chrome_content_browser_client.cc
-@@ -6305,7 +6305,9 @@ ChromeContentBrowserClient::
+@@ -6132,7 +6132,9 @@ ChromeContentBrowserClient::
  }
 
  bool ChromeContentBrowserClient::WillInterceptWebSocket(
@@ -412,7 +412,7 @@ diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/ch
  #if BUILDFLAG(ENABLE_EXTENSIONS)
    if (!frame) {
      return false;
-@@ -6328,9 +6330,11 @@ bool ChromeContentBrowserClient::WillInterceptWebSocket(
+@@ -6155,9 +6157,11 @@ bool ChromeContentBrowserClient::WillInterceptWebSocket(
  }
 
  void ChromeContentBrowserClient::CreateWebSocket(
@@ -422,12 +422,12 @@ diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/ch
      const GURL& url,
 +    const url::Origin& initiator_origin,
      const net::SiteForCookies& site_for_cookies,
-     const absl::optional<std::string>& user_agent,
+     const std::optional<std::string>& user_agent,
      mojo::PendingRemote<network::mojom::WebSocketHandshakeClient>
 diff --git a/chrome/browser/chrome_content_browser_client.h b/chrome/browser/chrome_content_browser_client.h
 --- a/chrome/browser/chrome_content_browser_client.h
 +++ b/chrome/browser/chrome_content_browser_client.h
-@@ -642,11 +642,15 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
+@@ -637,11 +637,15 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
    CreateURLLoaderHandlerForServiceWorkerNavigationPreload(
        int frame_tree_node_id,
        const network::ResourceRequest& resource_request) override;
@@ -442,12 +442,12 @@ diff --git a/chrome/browser/chrome_content_browser_client.h b/chrome/browser/chr
        const GURL& url,
 +      const url::Origin& initiator_origin,
        const net::SiteForCookies& site_for_cookies,
-       const absl::optional<std::string>& user_agent,
+       const std::optional<std::string>& user_agent,
        mojo::PendingRemote<network::mojom::WebSocketHandshakeClient>
 diff --git a/components/adblock/content/browser/adblock_url_loader_factory.cc b/components/adblock/content/browser/adblock_url_loader_factory.cc
 --- a/components/adblock/content/browser/adblock_url_loader_factory.cc
 +++ b/components/adblock/content/browser/adblock_url_loader_factory.cc
-@@ -343,12 +343,6 @@ void AdblockURLLoaderFactory::InProgressRequest::OnRequestError(
+@@ -344,12 +344,6 @@ void AdblockURLLoaderFactory::InProgressRequest::OnRequestError(
 
  void AdblockURLLoaderFactory::InProgressRequest::CheckFilterMatch(
      CheckFilterMatchCallback callback) {
@@ -460,7 +460,7 @@ diff --git a/components/adblock/content/browser/adblock_url_loader_factory.cc b/
    auto subscription_service = factory_->config_.subscription_service;
    if (is_document_request_) {
      auto* host = content::RenderFrameHost::FromID(factory_->host_id_);
-@@ -387,7 +381,7 @@ void AdblockURLLoaderFactory::InProgressRequest::CheckFilterMatch(
+@@ -388,7 +382,7 @@ void AdblockURLLoaderFactory::InProgressRequest::CheckFilterMatch(
    } else {
      factory_->config_.resource_classifier->CheckRequestFilterMatch(
          subscription_service->GetCurrentSnapshot(), request_url_,
@@ -469,7 +469,7 @@ diff --git a/components/adblock/content/browser/adblock_url_loader_factory.cc b/
          base::BindOnce(
              &AdblockURLLoaderFactory::InProgressRequest::OnRequestUrlClassified,
              weak_factory_.GetWeakPtr(),
-@@ -676,12 +670,14 @@ void AdblockURLLoaderFactory::InProgressRequest::OnRequestFilterMatchResult(
+@@ -677,12 +671,14 @@ void AdblockURLLoaderFactory::InProgressRequest::OnRequestFilterMatchResult(
 
  AdblockURLLoaderFactory::AdblockURLLoaderFactory(
      AdblockURLLoaderFactoryConfig config,
@@ -528,7 +528,7 @@ diff --git a/components/adblock/content/browser/frame_hierarchy_builder.cc b/com
 diff --git a/components/adblock/content/browser/resource_classification_runner.h b/components/adblock/content/browser/resource_classification_runner.h
 --- a/components/adblock/content/browser/resource_classification_runner.h
 +++ b/components/adblock/content/browser/resource_classification_runner.h
-@@ -81,14 +81,22 @@ class ResourceClassificationRunner : public KeyedService {
+@@ -81,12 +81,20 @@ class ResourceClassificationRunner : public KeyedService {
    virtual void CheckRequestFilterMatch(
        SubscriptionService::Snapshot subscription_collections,
        const GURL& request_url,
@@ -540,17 +540,15 @@ diff --git a/components/adblock/content/browser/resource_classification_runner.h
        SubscriptionService::Snapshot subscription_collections,
        const GURL& request_url,
 +      const GURL& request_initiator,
-       content::GlobalRenderFrameHostId render_frame_host_id,
-       CheckFilterMatchCallback callback) = 0;
++      content::GlobalRenderFrameHostId render_frame_host_id,
++      CheckFilterMatchCallback callback) = 0;
 +  virtual void CheckRequestFilterMatchForWebTransport(
 +      SubscriptionService::Snapshot subscription_collections,
 +      const GURL& request_url,
 +      const GURL& request_initiator,
-+      content::GlobalRenderFrameHostId render_frame_host_id,
-+      CheckFilterMatchCallback callback);
+       content::GlobalRenderFrameHostId render_frame_host_id,
+       CheckFilterMatchCallback callback) = 0;
    // No callback, just notify observers
-   virtual void CheckDocumentAllowlisted(
-       SubscriptionService::Snapshot subscription_collection,
 diff --git a/components/adblock/content/browser/resource_classification_runner_impl.cc b/components/adblock/content/browser/resource_classification_runner_impl.cc
 --- a/components/adblock/content/browser/resource_classification_runner_impl.cc
 +++ b/components/adblock/content/browser/resource_classification_runner_impl.cc
@@ -683,7 +681,7 @@ diff --git a/content/browser/websockets/websocket_connector_impl.cc b/content/br
 diff --git a/content/public/browser/content_browser_client.cc b/content/public/browser/content_browser_client.cc
 --- a/content/public/browser/content_browser_client.cc
 +++ b/content/public/browser/content_browser_client.cc
-@@ -1023,7 +1023,7 @@ bool ContentBrowserClient::WillCreateURLLoaderFactory(
+@@ -1009,7 +1009,7 @@ bool ContentBrowserClient::WillCreateURLLoaderFactory(
    return false;
  }
 
@@ -692,7 +690,7 @@ diff --git a/content/public/browser/content_browser_client.cc b/content/public/b
    return false;
  }
 
-@@ -1032,9 +1032,11 @@ uint32_t ContentBrowserClient::GetWebSocketOptions(RenderFrameHost* frame) {
+@@ -1018,9 +1018,11 @@ uint32_t ContentBrowserClient::GetWebSocketOptions(RenderFrameHost* frame) {
  }
 
  void ContentBrowserClient::CreateWebSocket(
@@ -702,12 +700,12 @@ diff --git a/content/public/browser/content_browser_client.cc b/content/public/b
      const GURL& url,
 +    const url::Origin& initiator_origin,
      const net::SiteForCookies& site_for_cookies,
-     const absl::optional<std::string>& user_agent,
+     const std::optional<std::string>& user_agent,
      mojo::PendingRemote<network::mojom::WebSocketHandshakeClient>
 diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
 --- a/content/public/browser/content_browser_client.h
 +++ b/content/public/browser/content_browser_client.h
-@@ -1859,7 +1859,7 @@ class CONTENT_EXPORT ContentBrowserClient {
+@@ -1840,7 +1840,7 @@ class CONTENT_EXPORT ContentBrowserClient {
        scoped_refptr<base::SequencedTaskRunner> navigation_response_task_runner);
 
    // Returns true when the embedder wants to intercept a websocket connection.
@@ -716,7 +714,7 @@ diff --git a/content/public/browser/content_browser_client.h b/content/public/br
 
    // Returns the WebSocket creation options.
    virtual uint32_t GetWebSocketOptions(RenderFrameHost* frame);
-@@ -1881,9 +1881,11 @@ class CONTENT_EXPORT ContentBrowserClient {
+@@ -1862,9 +1862,11 @@ class CONTENT_EXPORT ContentBrowserClient {
    // Always called on the UI thread and only when the Network Service is
    // enabled.
    virtual void CreateWebSocket(
@@ -726,6 +724,6 @@ diff --git a/content/public/browser/content_browser_client.h b/content/public/br
        const GURL& url,
 +      const url::Origin& initiator_origin,
        const net::SiteForCookies& site_for_cookies,
-       const absl::optional<std::string>& user_agent,
+       const std::optional<std::string>& user_agent,
        mojo::PendingRemote<network::mojom::WebSocketHandshakeClient>
 --