diff --git a/build/install/master_preferences b/build/install/master_preferences deleted file mode 100644 index f37f1d3d..00000000 --- a/build/install/master_preferences +++ /dev/null @@ -1,12 +0,0 @@ -{ - "homepage_is_newtabpage": true, - "distribution": { - "alternate_shortcut_text": false, - "oem_bubble": true, - "chrome_shortcut_icon_index": 0, - "create_all_shortcuts": true, - "show_welcome_page": true, - "system_level": false, - "verbose_logging": false, - }, -} diff --git a/build/trivalent.spec b/build/trivalent.spec index e36622d9..5959f5c9 100644 --- a/build/trivalent.spec +++ b/build/trivalent.spec @@ -70,7 +70,6 @@ Source3: %{chromium_name}.sh Source4: %{chromium_name}.desktop Source9: %{chromium_name}.xml Source10: %{chromium_name}.appdata.xml -Source11: master_preferences Source12: %{chromium_name}16.png Source13: %{chromium_name}32.png @@ -636,9 +635,6 @@ cp -a %{SOURCE17} %{buildroot}%{_datadir}/icons/hicolor/128x128/apps/%{chromium_ mkdir -p %{buildroot}%{_datadir}/icons/hicolor/256x256/apps cp -a %{SOURCE18} %{buildroot}%{_datadir}/icons/hicolor/256x256/apps/%{chromium_name}.png -# Install the master_preferences file -install -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/%{chromium_name}/ - mkdir -p %{buildroot}%{_datadir}/applications/ desktop-file-install --dir %{buildroot}%{_datadir}/applications %{SOURCE4} @@ -670,7 +666,6 @@ install -Dp -m 0644 %{SOURCE24} %{buildroot}%{_user_tmpfilesdir}/%{modulename}-d # Config %config %{_sysconfdir}/%{chromium_name}/%{chromium_name}.conf %config %{_sysconfdir}/%{chromium_name}/%{chromium_name}.conf.d/ -%config %{_sysconfdir}/%{chromium_name}/master_preferences %config %{_sysconfdir}/%{chromium_name}/policies/ # System entries %{_datadir}/applications/%{chromium_name}.desktop diff --git a/patches/third_party/fedora/disable-cflag-for-aarch64-builds.patch b/patches/third_party/fedora/disable-cflag-for-aarch64-builds.patch deleted file mode 100644 index b47551a4..00000000 --- a/patches/third_party/fedora/disable-cflag-for-aarch64-builds.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn -index f2b15447535c0..db4cab206a818 100644 ---- a/build/config/compiler/BUILD.gn -+++ b/build/config/compiler/BUILD.gn -@@ -625,13 +625,6 @@ config("compiler") { - ] - } - -- # The performance improvement does not seem worth the risk. See -- # https://crbug.com/484082200 for background and https://crrev.com/c/7593035 -- # for discussion. -- if (!is_wasm) { -- cflags += [ "-fno-lifetime-dse" ] -- } -- - # TODO(hans): Remove this once Clang generates better optimized debug info - # by default. https://crbug.com/765793 - cflags += [ -@@ -1905,18 +1898,6 @@ config("sanitize_c_array_bounds") { - cflags = [ - "-fsanitize=array-bounds", - "-fsanitize-trap=array-bounds", -- -- # Some code users feature detection to determine if UBSAN (or any -- # sanitizer) is enabled, they then do expensive debug like operations. We -- # want to suppress this behaviour since we want to keep performance costs -- # as low as possible while having these checks. -- "-fsanitize-ignore-for-ubsan-feature=array-bounds", -- -- # Because we've enabled array-bounds sanitizing we also want to suppress -- # the related warning about "unsafe-buffer-usage-in-static-sized-array", -- # since we know that the array bounds sanitizing will catch any out-of- -- # bounds accesses. -- "-Wno-unsafe-buffer-usage-in-static-sized-array", - ] - } - } -@@ -1929,12 +1910,6 @@ config("sanitize_return") { - cflags = [ - "-fsanitize=return", - "-fsanitize-trap=return", -- -- # Some code users feature detection to determine if UBSAN (or any -- # sanitizer) is enabled, they then do expensive debug like operations. We -- # want to suppress this behaviour since we want to keep performance costs -- # as low as possible while having these checks. -- "-fsanitize-ignore-for-ubsan-feature=return", - ] - } - } diff --git a/patches/trivalent/add-dark-mode-toolbar-toggle.patch b/patches/trivalent/add-dark-mode-toolbar-toggle.patch index 502e8428..392c352e 100644 --- a/patches/trivalent/add-dark-mode-toolbar-toggle.patch +++ b/patches/trivalent/add-dark-mode-toolbar-toggle.patch @@ -71,10 +71,10 @@ index d637eecb9e..621b51f79c 100644 #if BUILDFLAG(ENABLE_PRINTING) case IDC_BASIC_PRINT: base::RecordAction(base::UserMetricsAction("Accel_Advanced_Print")); -@@ -1570,6 +1574,7 @@ void BrowserCommandController::InitCommandState() { +@@ -1687,6 +1691,7 @@ void BrowserCommandController::InitCommandState() { command_updater_.UpdateCommandEnabled( - IDC_SHOW_HISTORY_CLUSTERS_SIDE_PANEL, - (!guest_session && !profile()->IsSystemProfile())); + IDC_SHOW_TABS_FROM_OTHER_DEVICES_SIDE_PANEL, + TabsFromOtherDevicesSidePanelCoordinator::IsSupported(profile())); + command_updater_.UpdateCommandEnabled(IDC_WEBSITE_DARKMODE, true); command_updater_.UpdateCommandEnabled(IDC_SHOW_DOWNLOADS, true); command_updater_.UpdateCommandEnabled(IDC_SHOW_COMMENTS_SIDE_PANEL, true); diff --git a/patches/trivalent/add-hide-profile-icon-feature.patch b/patches/trivalent/add-hide-profile-icon-feature.patch index e22a5919..fba5a3fd 100644 --- a/patches/trivalent/add-hide-profile-icon-feature.patch +++ b/patches/trivalent/add-hide-profile-icon-feature.patch @@ -24,30 +24,30 @@ index 45501ce4b4..dffd87c1e2 100644 BASE_FEATURE(kAllowEyeDropperWGCScreenCapture, #if BUILDFLAG(IS_WIN) diff --git a/chrome/browser/ui/ui_features.h b/chrome/browser/ui/ui_features.h -index 43f876760f..d1a60b37ab 100644 +index ec4e5c2d2b..b276e1a066 100644 --- a/chrome/browser/ui/ui_features.h +++ b/chrome/browser/ui/ui_features.h -@@ -20,6 +20,8 @@ namespace features { +@@ -19,6 +19,8 @@ namespace features { // All features in alphabetical order. The features should be documented // alongside the definition of their values in the .cc file. - + +BASE_DECLARE_FEATURE(kHideProfileIcon); + BASE_DECLARE_FEATURE(kAllowEyeDropperWGCScreenCapture); - - BASE_DECLARE_FEATURE(kBrowserWidgetCacheThemeService); + + BASE_DECLARE_FEATURE(kCreateNewTabGroupAppMenuTopLevel); diff --git a/chrome/browser/ui/views/toolbar/toolbar_view.cc b/chrome/browser/ui/views/toolbar/toolbar_view.cc -index d1519e7f3782a..548be223ca340 100644 +index f4a09082bd..f129849413 100644 --- a/chrome/browser/ui/views/toolbar/toolbar_view.cc +++ b/chrome/browser/ui/views/toolbar/toolbar_view.cc -@@ -481,7 +481,9 @@ void ToolbarView::Init() { - // DevTools profiles are OffTheRecord, so hide it there. - show_avatar_toolbar_button = browser_->profile()->IsIncognitoProfile() || - browser_->profile()->IsGuestSession() || -- browser_->profile()->IsRegularProfile(); -+ (browser_->profile()->IsRegularProfile() && -+ !base::FeatureList::IsEnabled( -+ features::kHideProfileIcon)); +@@ -591,7 +591,9 @@ void ToolbarView::Init() { + // DevTools profiles are OffTheRecord, so hide it there. + show_avatar_toolbar_button = browser_->profile()->IsIncognitoProfile() || + browser_->profile()->IsGuestSession() || +- browser_->profile()->IsRegularProfile(); ++ (browser_->profile()->IsRegularProfile() && ++ !base::FeatureList::IsEnabled( ++ features::kHideProfileIcon)); #endif - avatar_->SetVisible(show_avatar_toolbar_button); - + avatar_->SetVisible(show_avatar_toolbar_button); + } diff --git a/patches/trivalent/branding/trivalent-faq-page.patch b/patches/trivalent/branding/trivalent-faq-page.patch index a37830b7..7cc8e8dd 100644 --- a/patches/trivalent/branding/trivalent-faq-page.patch +++ b/patches/trivalent/branding/trivalent-faq-page.patch @@ -40,18 +40,18 @@ index d347c428ac..29faea895d 100644 } } diff --git a/chrome/browser/ui/webui/chrome_web_ui_configs.cc b/chrome/browser/ui/webui/chrome_web_ui_configs.cc -index 30dddd61a2..08ebe4e6c0 100644 +index 9daef52054..4ea0bb0a42 100644 --- a/chrome/browser/ui/webui/chrome_web_ui_configs.cc +++ b/chrome/browser/ui/webui/chrome_web_ui_configs.cc -@@ -53,6 +53,7 @@ - #include "chrome/browser/ui/webui/signin_internals_ui.h" +@@ -55,6 +55,7 @@ + #include "chrome/browser/ui/webui/subresource_filter/subresource_filter_internals_ui.h" #include "chrome/browser/ui/webui/sync_internals/sync_internals_ui.h" #include "chrome/browser/ui/webui/translate_internals/translate_internals_ui.h" +#include "chrome/browser/ui/webui/trivalent_faq.h" #include "chrome/browser/ui/webui/usb_internals/usb_internals_ui.h" #include "chrome/browser/ui/webui/version/version_ui.h" #include "components/enterprise/buildflags/buildflags.h" -@@ -290,6 +291,7 @@ void RegisterChromeWebUIConfigs() { +@@ -298,6 +299,7 @@ void RegisterChromeWebUIConfigs() { map.AddWebUIConfig(std::make_unique()); map.AddWebUIConfig(std::make_unique()); map.AddWebUIConfig(std::make_unique()); diff --git a/patches/trivalent/disable-secondary-browser-features-by-default.patch b/patches/trivalent/disable-secondary-browser-features-by-default.patch index 462340be..5d76c92c 100644 --- a/patches/trivalent/disable-secondary-browser-features-by-default.patch +++ b/patches/trivalent/disable-secondary-browser-features-by-default.patch @@ -1,4 +1,4 @@ -Copyright 2024-2025 The Trivalent Authors +Copyright 2024-2026 The Trivalent Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -11,12 +11,12 @@ distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, e See the License for the specific language governing permissions and limitations under the License. --- diff --git a/chrome/browser/ui/ui_features.cc b/chrome/browser/ui/ui_features.cc -index 6db4237015..eeabb6f749 100644 +index 885ed2375b..3bb0fd7a57 100644 --- a/chrome/browser/ui/ui_features.cc +++ b/chrome/browser/ui/ui_features.cc -@@ -178,11 +178,7 @@ bool IsTabGroupHoverCardsEnabled() { +@@ -171,11 +171,7 @@ bool IsTabGroupHoverCardsEnabled() { // Enables preview images in tab-hover cards. - // https://crbug.com/928954 + // https://crbug.com/41439486 BASE_FEATURE(kTabHoverCardImages, -#if BUILDFLAG(IS_MAC) base::FEATURE_DISABLED_BY_DEFAULT diff --git a/patches/trivalent/dns-providers.patch b/patches/trivalent/dns-providers.patch index 675267a5..866095cd 100644 --- a/patches/trivalent/dns-providers.patch +++ b/patches/trivalent/dns-providers.patch @@ -11,10 +11,10 @@ distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, e See the License for the specific language governing permissions and limitations under the License. --- diff --git a/net/dns/public/doh_provider_entry.cc b/net/dns/public/doh_provider_entry.cc -index 386c76b3c8..eaaec51147 100644 +index f48d26044b..33f6166877 100644 --- a/net/dns/public/doh_provider_entry.cc +++ b/net/dns/public/doh_provider_entry.cc -@@ -95,7 +95,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { +@@ -98,7 +98,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { "https://doh.cleanbrowsing.org/doh/family-filter{?dns}", /*ui_name=*/"CleanBrowsing (Family Filter)", /*privacy_policy=*/"https://cleanbrowsing.org/privacy", @@ -23,7 +23,7 @@ index 386c76b3c8..eaaec51147 100644 /*display_countries=*/{}, }, { -@@ -119,8 +119,8 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { +@@ -121,8 +121,8 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { {"1.1.1.1", "1.0.0.1", "2606:4700:4700::1111", "2606:4700:4700::1001"}, /*dns_over_tls_hostnames=*/ @@ -34,12 +34,12 @@ index 386c76b3c8..eaaec51147 100644 /*ui_name=*/"Cloudflare (1.1.1.1)", "https://developers.cloudflare.com/1.1.1.1/privacy/" /*privacy_policy=*/"public-dns-resolver/", -@@ -130,27 +130,100 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { +@@ -132,24 +132,97 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { { "CloudflareFamily", - MAKE_BASE_FEATURE_WITH_STATIC_STORAGE( -- DohProviderCloudflareFamily, base::FEATURE_DISABLED_BY_DEFAULT), -+ DohProviderCloudflareFamily, base::FEATURE_ENABLED_BY_DEFAULT), + MAKE_STATIC_STORAGE_BASE_FEATURE(kDohProviderCloudflareFamily, +- base::FEATURE_DISABLED_BY_DEFAULT), ++ base::FEATURE_ENABLED_BY_DEFAULT), {"1.1.1.3", "1.0.0.3", "2606:4700:4700::1113", "2606:4700:4700::1003"}, {"family.cloudflare-dns.com"}, @@ -53,20 +53,18 @@ index 386c76b3c8..eaaec51147 100644 }, { "CloudflareSecurity", - MAKE_BASE_FEATURE_WITH_STATIC_STORAGE( - DohProviderCloudflareSecurity, -- base::FEATURE_DISABLED_BY_DEFAULT), -+ base::FEATURE_ENABLED_BY_DEFAULT), + MAKE_STATIC_STORAGE_BASE_FEATURE(kDohProviderCloudflareSecurity, +- base::FEATURE_DISABLED_BY_DEFAULT), ++ base::FEATURE_ENABLED_BY_DEFAULT), {"1.1.1.2", "1.0.0.2", "2606:4700:4700::1112", "2606:4700:4700::1002"}, {"security.cloudflare-dns.com"}, "https://security.cloudflare-dns.com/dns-query", -- /*ui_name=*/"", + /*ui_name=*/"Cloudflare Security (1.1.1.2)", - /*privacy_policy=*/"", ++ /*privacy_policy=*/"", + /*display_globally=*/true, + /*display_countries=*/{}, -+ }, ++ }, + // Source for Control D IP addresses and hostnames/URLs: https://controld.com/free-dns + { + "ControlD", @@ -135,12 +133,10 @@ index 386c76b3c8..eaaec51147 100644 + {"76.76.2.5", "76.76.10.5", "2606:1a40::5", "2606:1a40:1::5", "76.76.2.11", "2606:1a40::11"}, + {"p5.freedns.controld.com"}, + "https://freedns.controld.com/p5", -+ /*ui_name=*/"", -+ /*privacy_policy=*/"", + /*ui_name=*/"", + /*privacy_policy=*/"", /*display_globally=*/false, - /*display_countries=*/{}, - }, -@@ -203,10 +276,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { +@@ -204,10 +277,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { "https://app-eu1.hubspotdocuments.com/documents/142290803/view/" "1331719984?accessId=b505d9", /*display_globally=*/false, @@ -152,7 +148,7 @@ index 386c76b3c8..eaaec51147 100644 /*dns_over_https_server_ip_strs=*/ {"86.54.11.1", "86.54.11.201", "2a13:1001::86:54:11:1", "2a13:1001::86:54:11:201"}}, -@@ -234,7 +304,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { +@@ -235,7 +305,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { /*ui_name=*/"Google (Public DNS)", "https://developers.google.com/speed/public-dns/" /*privacy_policy=*/"privacy", @@ -161,7 +157,7 @@ index 386c76b3c8..eaaec51147 100644 /*display_countries=*/{}, }, { -@@ -284,7 +354,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { +@@ -285,7 +355,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { /*ui_name=*/"NextDNS", /*privacy_policy=*/"https://nextdns.io/privacy", /*display_globally=*/false, @@ -170,7 +166,7 @@ index 386c76b3c8..eaaec51147 100644 }, { "OpenDNS", -@@ -297,7 +367,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { +@@ -298,7 +368,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { /*ui_name=*/"OpenDNS", "https://www.cisco.com/c/en/us/about/legal/" /*privacy_policy=*/"privacy-full.html", @@ -179,7 +175,14 @@ index 386c76b3c8..eaaec51147 100644 /*display_countries=*/{}, }, { -@@ -346,7 +416,7 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { +@@ -341,13 +411,13 @@ const DohProviderEntry::List& DohProviderEntry::GetList() { + { + "Quad9Secure", + MAKE_STATIC_STORAGE_BASE_FEATURE(kDohProviderQuad9Secure, +- base::FEATURE_DISABLED_BY_DEFAULT), ++ base::FEATURE_ENABLED_BY_DEFAULT), + {"9.9.9.9", "149.112.112.112", "2620:fe::fe", "2620:fe::9"}, + /*dns_over_tls_hostnames=*/{"dns.quad9.net", "dns9.quad9.net"}, "https://dns.quad9.net/dns-query", /*ui_name=*/"Quad9 (9.9.9.9)", /*privacy_policy=*/"https://www.quad9.net/home/privacy/", @@ -188,3 +191,4 @@ index 386c76b3c8..eaaec51147 100644 /*display_countries=*/{}, }, { + diff --git a/patches/trivalent/enable-vertical-tabs-exposure.patch b/patches/trivalent/enable-vertical-tabs-exposure.patch index 5cd830ef..2478ed30 100644 --- a/patches/trivalent/enable-vertical-tabs-exposure.patch +++ b/patches/trivalent/enable-vertical-tabs-exposure.patch @@ -11,15 +11,15 @@ distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, e See the License for the specific language governing permissions and limitations under the License. --- diff --git a/chrome/browser/ui/tabs/features.cc b/chrome/browser/ui/tabs/features.cc -index faa16e19c8..11db930e93 100644 +index 831ca49804..2c08b2fc2f 100644 --- a/chrome/browser/ui/tabs/features.cc +++ b/chrome/browser/ui/tabs/features.cc -@@ -15,7 +15,7 @@ BASE_FEATURE(kTabGroupHome, base::FEATURE_DISABLED_BY_DEFAULT); +@@ -16,7 +16,7 @@ BASE_FEATURE(kTabGroupHome, base::FEATURE_DISABLED_BY_DEFAULT); BASE_FEATURE(kSessionRestoreShowThrobberOnVisible, base::FEATURE_DISABLED_BY_DEFAULT); -BASE_FEATURE(kVerticalTabs, base::FEATURE_DISABLED_BY_DEFAULT); +BASE_FEATURE(kVerticalTabs, base::FEATURE_ENABLED_BY_DEFAULT); - BASE_FEATURE(kVerticalTabsLaunch, base::FEATURE_DISABLED_BY_DEFAULT); - BASE_FEATURE_PARAM(bool, + BASE_FEATURE(kVerticalTabsLaunch, + #if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_LINUX) diff --git a/patches/trivalent/fixes/chromium-141-glibc-2.42-SYS_SECCOMP.patch b/patches/trivalent/fixes/chromium-141-glibc-2.42-SYS_SECCOMP.patch deleted file mode 100644 index f82a9d25..00000000 --- a/patches/trivalent/fixes/chromium-141-glibc-2.42-SYS_SECCOMP.patch +++ /dev/null @@ -1,37 +0,0 @@ -Copyright Fedora Project Authors. - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -Fix FTBFS - -/usr/include/bits/siginfo-consts.h:219:3: error: expected identifier - 219 | SYS_SECCOMP = 1, /* Seccomp triggered. */ - | ^ -../../sandbox/linux/system_headers/linux_seccomp.h:220:39: note: expanded from macro 'SYS_SECCOMP' - 220 | #define SYS_SECCOMP 1 - | ^ -../../sandbox/linux/seccomp-bpf/trap.cc:159:46: error: use of undeclared identifier 'SYS_SECCOMP' - 159 | if (nr != LINUX_SIGSYS || info->si_code != SYS_SECCOMP || !ctx || - | ^~~~~~~~~~~ -/usr/include/bits/siginfo-consts.h:220:23: note: expanded from macro 'SYS_SECCOMP' - 220 | # define SYS_SECCOMP SYS_SECCOMP - -diff -up chromium-141.0.7390.122/sandbox/linux/system_headers/linux_seccomp.h.me chromium-141.0.7390.122/sandbox/linux/system_headers/linux_seccomp.h ---- chromium-141.0.7390.122/sandbox/linux/system_headers/linux_seccomp.h.me 2025-10-28 10:05:44.970248151 +0100 -+++ chromium-141.0.7390.122/sandbox/linux/system_headers/linux_seccomp.h 2025-10-28 10:05:52.291345772 +0100 -@@ -214,8 +214,11 @@ struct seccomp_notif_addfd { - #define SECCOMP_RET_INVALID 0x00010000U // Illegal return value - #endif - -+// check glibc version < 2.42 -+#if (__GLIBC__ < 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 42) - #ifndef SYS_SECCOMP - #define SYS_SECCOMP 1 - #endif -+#endif - - #endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SECCOMP_H_ diff --git a/patches/trivalent/force-third-party-ntp.patch b/patches/trivalent/force-third-party-ntp.patch index a9b762ea..55425cd4 100644 --- a/patches/trivalent/force-third-party-ntp.patch +++ b/patches/trivalent/force-third-party-ntp.patch @@ -11,22 +11,16 @@ distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, e See the License for the specific language governing permissions and limitations under the License. --- diff --git a/chrome/browser/search/search.cc b/chrome/browser/search/search.cc -index 86564e6286685..e1e56774701a3 100644 +index eab18ff732..b5817a27dc 100644 --- a/chrome/browser/search/search.cc +++ b/chrome/browser/search/search.cc -@@ -175,13 +175,8 @@ struct NewTabURLDetails { +@@ -175,6 +175,9 @@ struct NewTabURLDetails { #if BUILDFLAG(IS_ANDROID) const GURL local_url; #else -- const bool default_is_google = DefaultSearchProviderIsGoogle(profile); -- const GURL local_url(default_is_google -- ? chrome::kChromeUINewTabPageURL -- : chrome::kChromeUINewTabPageThirdPartyURL); -- if (default_is_google) { -- return NewTabURLDetails(local_url, NEW_TAB_URL_VALID); -- } + const GURL local_url(chrome::kChromeUINewTabPageThirdPartyURL); + return NewTabURLDetails(local_url, NEW_TAB_URL_VALID); - #endif - - const TemplateURL* template_url = ++ + const bool default_is_google = DefaultSearchProviderIsGoogle(profile); + const GURL local_url(default_is_google + ? chrome::ChromeUINewTabPageURLAsGURL() diff --git a/patches/trivalent/hide-ui-popup-text.patch b/patches/trivalent/hide-ui-popup-text.patch index f482d69f..65ba4c73 100644 --- a/patches/trivalent/hide-ui-popup-text.patch +++ b/patches/trivalent/hide-ui-popup-text.patch @@ -1,4 +1,4 @@ -Copyright 2024-2025 The Trivalent Authors +Copyright 2024-2026 The Trivalent Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -25,14 +25,14 @@ index 67786bb905..f49a5bb28c 100644 const ContentSettingsImageDetails* GetImageDetails(ContentSettingsType type) { diff --git a/chrome/browser/user_education/user_education_service_factory.cc b/chrome/browser/user_education/user_education_service_factory.cc -index 2bc8bbc578..04df4bf832 100644 +index 80135033b5..3f4815b2a4 100644 --- a/chrome/browser/user_education/user_education_service_factory.cc +++ b/chrome/browser/user_education/user_education_service_factory.cc -@@ -112,6 +112,7 @@ UserEducationServiceFactory::BuildServiceInstanceForBrowserContextImpl( - +@@ -117,6 +117,7 @@ UserEducationServiceFactory::BuildServiceInstanceForBrowserContextImpl( + // static bool UserEducationServiceFactory::ProfileAllowsUserEducation(Profile* profile) { -+ return false; // Disable user education services ++ return false; #if BUILDFLAG(CHROME_FOR_TESTING) - // IPH is always disabled in Chrome for Testing. - return false; + if (!chrome_for_testing::IsEnableUserEducationUI()) { + return false; diff --git a/patches/trivalent/linux/build-hardening.patch b/patches/trivalent/linux/build-hardening.patch index 26542f06..12a886e5 100644 --- a/patches/trivalent/linux/build-hardening.patch +++ b/patches/trivalent/linux/build-hardening.patch @@ -11,10 +11,10 @@ distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, e See the License for the specific language governing permissions and limitations under the License. --- diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn -index c092446fa0715..11abf5e542083 100644 +index f977c9fed7..a062b0205f 100644 --- a/build/config/compiler/BUILD.gn +++ b/build/config/compiler/BUILD.gn -@@ -443,14 +443,24 @@ config("compiler") { +@@ -444,14 +444,24 @@ config("compiler") { # On Aarch64, SCS requires the x18 register to be unused because it will hold # a pointer to the shadow stack. For Android we know that Clang doesn't use # x18 by default. On other OSs adding "-ffixed-x18" might be required. @@ -41,7 +41,7 @@ index c092446fa0715..11abf5e542083 100644 } else { if (is_apple) { # The strong variant of the stack protector significantly increases -@@ -465,10 +475,17 @@ config("compiler") { +@@ -466,10 +476,17 @@ config("compiler") { } else if (is_posix || is_fuchsia) { if (current_os != "aix") { # Not available on aix. @@ -60,9 +60,9 @@ index c092446fa0715..11abf5e542083 100644 } # Non-Apple Posix and Fuchsia compiler flags setup. -@@ -583,6 +600,12 @@ config("compiler") { - if (is_clang) { - cflags += [ "-fcolor-diagnostics" ] +@@ -598,6 +615,12 @@ config("compiler") { + cflags += [ "-fdiagnostics-print-source-range-info" ] + } + cflags += [ "-ftrivial-auto-var-init=zero" ] + @@ -73,7 +73,7 @@ index c092446fa0715..11abf5e542083 100644 # Enable -fmerge-all-constants. This used to be the default in clang # for over a decade. It makes clang non-conforming, but is fairly safe # in practice and saves some binary size. We might want to consider -@@ -2406,7 +2429,7 @@ config("chromium_code") { +@@ -2440,7 +2463,7 @@ config("chromium_code") { # Non-chromium code is not guaranteed to compile cleanly with # _FORTIFY_SOURCE. Also, fortified build may fail when optimizations are # disabled, so only do that for Release build. @@ -82,7 +82,7 @@ index c092446fa0715..11abf5e542083 100644 # ChromeOS's toolchain supports a high-quality _FORTIFY_SOURCE=3 # implementation with a few custom glibc patches. Use that if it's -@@ -3474,8 +3497,14 @@ buildflag_header("compiler_buildflags") { +@@ -3519,8 +3542,14 @@ buildflag_header("compiler_buildflags") { } config("cet_shadow_stack") { diff --git a/patches/trivalent/linux/linux-gpu-sandbox.patch b/patches/trivalent/linux/linux-gpu-sandbox.patch index fb981835..a5797baf 100644 --- a/patches/trivalent/linux/linux-gpu-sandbox.patch +++ b/patches/trivalent/linux/linux-gpu-sandbox.patch @@ -518,46 +518,6 @@ index f7044194b5..0336958235 100644 gpu_info_.sandboxed = sandbox_helper_->EnsureSandboxInitialized( watchdog_thread_.get(), &gpu_info_, gpu_preferences_); attempted_startsandbox = true; -diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -index f6e95147c6..81f68bf97d 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -@@ -256,6 +256,20 @@ ResultExpr RestrictMmapFlags() { - return If((flags & ~kAllowedMask) == 0, Allow()).Else(CrashSIGSYS()); - } - -+SANDBOX_EXPORT ResultExpr RestrictMmapFlagsNvidia() { -+#if defined(__x86_64__) -+ const uint64_t kNvidiaSpecificAllowedMask = MAP_EXECUTABLE | MAP_32BIT; -+#else -+ const uint64_t kNvidiaSpecificAllowedMask = MAP_EXECUTABLE; -+#endif -+ const uint64_t kAllowedMask = MAP_SHARED | MAP_PRIVATE | MAP_ANONYMOUS | -+ MAP_STACK | MAP_NORESERVE | MAP_FIXED | -+ MAP_DENYWRITE | MAP_LOCKED | MAP_DROPPABLE | -+ kNvidiaSpecificAllowedMask; -+ const Arg flags(3); -+ return If((flags & ~kAllowedMask) == 0, Allow()).Else(CrashSIGSYS()); -+} -+ - SANDBOX_EXPORT ResultExpr RestrictMremapFlagsForODML() { - // No flags are allowed. - const uint64_t kAllowedMask = 0; -diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h -index ed0f61cfb2..5f711ed1bb 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h -+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h -@@ -40,6 +40,10 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictIoctl(); - // Crash if any other flag is used. - SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictMmapFlags(); - -+// Nvidia requires a few more mmap calls in the gpu process -+// Extra flags: MAP_32BIT | MAP_EXECUTABLE -+SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictMmapFlagsNvidia(); -+ - // Restrict the flags argument in mremap(2). - // Crash if any flags are used. - SANDBOX_EXPORT bpf_dsl::ResultExpr RestrictMremapFlagsForODML(); diff --git a/sandbox/policy/linux/bpf_cros_nvidia_gpu_policy_linux.cc b/sandbox/policy/linux/bpf_cros_nvidia_gpu_policy_linux.cc index c4e4614eb8..288f7f03ea 100644 --- a/sandbox/policy/linux/bpf_cros_nvidia_gpu_policy_linux.cc @@ -570,16 +530,21 @@ index c4e4614eb8..288f7f03ea 100644 // Define these so that unistd.h pulls in needed symbols. #if !defined(__ARCH_WANT_SYSCALL_NO_AT) || \ -@@ -29,7 +30,16 @@ CrosNvidiaGpuProcessPolicy::~CrosNvidiaGpuProcessPolicy() = default; +@@ -29,7 +30,21 @@ CrosNvidiaGpuProcessPolicy::~CrosNvidiaGpuProcessPolicy() = default; ResultExpr CrosNvidiaGpuProcessPolicy::EvaluateSyscall(int sysno) const { switch (sysno) { case __NR_sched_setscheduler: + case __NR_mprotect: return Allow(); +#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) -+ // (MAP_LOCKED | MAP_EXECUTABLE | MAP_32BIT) ++ // (MAP_EXECUTABLE | MAP_32BIT) + case __NR_mmap: -+ return RestrictMmapFlagsNvidia(); ++#if defined(__x86_64__) ++ const uint64_t kSpecificAllowedMask = MAP_EXECUTABLE | MAP_32BIT; ++#else ++ const uint64_t kSpecificAllowedMask = MAP_EXECUTABLE; ++#endif ++ return RestrictMmapFlags(kSpecificAllowedMask); +#endif + case __NR_memfd_create: + // TODO(crbug.com/442771181) diff --git a/patches/trivalent/privacy/disable-ai-features-and-components-by-default.patch b/patches/trivalent/privacy/disable-ai-features-and-components-by-default.patch index b5586ef4..9db1ee69 100644 --- a/patches/trivalent/privacy/disable-ai-features-and-components-by-default.patch +++ b/patches/trivalent/privacy/disable-ai-features-and-components-by-default.patch @@ -95,10 +95,10 @@ index 014e4ad46ec9e..088c44bac95af 100644 BASE_FEATURE(kAimServerEligibilityEnabled, base::FEATURE_ENABLED_BY_DEFAULT); diff --git a/components/omnibox/common/omnibox_features.cc b/components/omnibox/common/omnibox_features.cc -index a9d1a0a25dbe8..fbca614044dfd 100644 +index 32155a1750..8aed226d7e 100644 --- a/components/omnibox/common/omnibox_features.cc +++ b/components/omnibox/common/omnibox_features.cc -@@ -168,7 +168,7 @@ BASE_FEATURE(kOmniboxMultimodalInput, DISABLED); +@@ -170,7 +170,7 @@ BASE_FEATURE(kAndroidDesktopAimGate, DISABLED); // Whether the AI Mode entrypoint is shown in the Omnibox as a RHS button. Only // used on desktop platforms. @@ -107,11 +107,11 @@ index a9d1a0a25dbe8..fbca614044dfd 100644 // Hides the AIM entrypoint in the Omnibox when user input is in progress. Only // used on desktop platforms. -@@ -246,7 +246,7 @@ BASE_FEATURE(kOmniboxTouchDownTriggerForPrefetch, enable_if(IS_ANDROID)); +@@ -264,7 +264,7 @@ BASE_FEATURE(kOmniboxTouchDownTriggerForPrefetch, enable_if(IS_ANDROID)); BASE_FEATURE(kOmniboxSiteSearch, DISABLED); // Enables additional site search providers for the Site search Starter Pack. --BASE_FEATURE(kStarterPackExpansion, enable_if(!IS_ANDROID && !IS_IOS)); +-BASE_FEATURE(kStarterPackExpansion, enable_if(!IS_IOS)); +BASE_FEATURE(kStarterPackExpansion, DISABLED); // Enables an informational IPH message at the bottom of the Omnibox directing @@ -156,3 +156,16 @@ index c01de2e0f7..b37b6254e2 100644 registry->RegisterBooleanPref(localstate::kOnDeviceAiUserSettingsEnabled, true); registry->RegisterDictionaryPref(localstate::kManifestAssetLedger); +diff --git a/chrome/browser/glic/glic_pref_names.cc b/chrome/browser/glic/glic_pref_names.cc +index 128e61fe32..12e021e73c 100644 +--- a/chrome/browser/glic/glic_pref_names.cc ++++ b/chrome/browser/glic/glic_pref_names.cc +@@ -70,7 +70,7 @@ void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry) { + + registry->RegisterIntegerPref( + prefs::kGlicActuationOnWeb, +- std::to_underlying(GetGlicActuationOnWebPolicyState())); ++ 1); + + registry->RegisterListPref(prefs::kGlicActuationOnWebAllowedForURLs); + registry->RegisterListPref(prefs::kGlicActuationOnWebBlockedForURLs); diff --git a/patches/trivalent/privacy/disable-lens.patch b/patches/trivalent/privacy/disable-lens.patch index 5d0e326f..e73c24fa 100644 --- a/patches/trivalent/privacy/disable-lens.patch +++ b/patches/trivalent/privacy/disable-lens.patch @@ -11,16 +11,18 @@ distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, e See the License for the specific language governing permissions and limitations under the License. --- diff --git a/components/lens/lens_features.cc b/components/lens/lens_features.cc -index ed88895a1abf6..91e0658cbf4f6 100644 +index d7d82dbde4..c8f53ca21d 100644 --- a/components/lens/lens_features.cc +++ b/components/lens/lens_features.cc -@@ -15,14 +15,10 @@ +@@ -15,16 +15,12 @@ namespace lens::features { -BASE_FEATURE(kLensStandalone, base::FEATURE_ENABLED_BY_DEFAULT); +BASE_FEATURE(kLensStandalone, base::FEATURE_DISABLED_BY_DEFAULT); + BASE_FEATURE(kShowContextualTasksMenuIcon, base::FEATURE_DISABLED_BY_DEFAULT); + BASE_FEATURE(kLensOverlay, -#if BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_IOS) base::FEATURE_DISABLED_BY_DEFAULT @@ -29,7 +31,7 @@ index ed88895a1abf6..91e0658cbf4f6 100644 -#endif ); - BASE_FEATURE(kLensOverlayTranslateButton, base::FEATURE_DISABLED_BY_DEFAULT); + BASE_FEATURE(kLensOverlayAndroid, base::FEATURE_DISABLED_BY_DEFAULT); diff --git a/components/lens/lens_overlay_permission_utils.cc b/components/lens/lens_overlay_permission_utils.cc index 067786be500bb..7a4a55167693f 100644 --- a/components/lens/lens_overlay_permission_utils.cc diff --git a/patches/trivalent/privacy/disable-metrics-reporting.patch b/patches/trivalent/privacy/disable-metrics-reporting.patch index a100047f..f851e138 100644 --- a/patches/trivalent/privacy/disable-metrics-reporting.patch +++ b/patches/trivalent/privacy/disable-metrics-reporting.patch @@ -1,4 +1,4 @@ -Copyright 2024-2025 The Trivalent Authors +Copyright 2024-2026 The Trivalent Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,12 +14,12 @@ diff --git a/chrome/browser/browser_process_impl.cc b/chrome/browser/browser_pro index 1c3854d029..13c0e2d62b 100644 --- a/chrome/browser/browser_process_impl.cc +++ b/chrome/browser/browser_process_impl.cc -@@ -1288,7 +1288,7 @@ void BrowserProcessImpl::RegisterPrefs(PrefRegistrySimple* registry) { +@@ -1305,7 +1305,7 @@ void BrowserProcessImpl::RegisterPrefs(PrefRegistrySimple* registry) { #endif // BUILDFLAG(IS_CHROMEOS) registry->RegisterBooleanPref(metrics::prefs::kMetricsReportingEnabled, - GoogleUpdateSettings::GetCollectStatsConsent()); + false); - registry->RegisterIntegerPref( - metrics::prefs::kMetricsReportingLevel, - static_cast(GoogleUpdateSettings::GetMetricsReportingLevel())); + registry->RegisterBooleanPref(prefs::kDevToolsRemoteDebuggingAllowed, true); + registry->RegisterBooleanPref(prefs::kDevToolsRemoteDebuggingEnabled, false); + diff --git a/patches/trivalent/security/set-mv3-only-by-default.patch b/patches/trivalent/security/set-mv3-only-by-default.patch index 52ce3c77..166be4cb 100644 --- a/patches/trivalent/security/set-mv3-only-by-default.patch +++ b/patches/trivalent/security/set-mv3-only-by-default.patch @@ -11,15 +11,15 @@ distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, e See the License for the specific language governing permissions and limitations under the License. --- diff --git a/extensions/common/extension_features.cc b/extensions/common/extension_features.cc -index 4230eb0d77..0974582fbc 100644 +index 78a11e4915..85fde5d8e1 100644 --- a/extensions/common/extension_features.cc +++ b/extensions/common/extension_features.cc -@@ -110,7 +110,7 @@ BASE_FEATURE(kAllowLegacyMV2Extensions, base::FEATURE_DISABLED_BY_DEFAULT); - - BASE_FEATURE(kExtensionProtocolHandlers, base::FEATURE_DISABLED_BY_DEFAULT); - +@@ -147,7 +147,7 @@ BASE_FEATURE(kExtensionProtocolHandlers, base::FEATURE_DISABLED_BY_DEFAULT); + + BASE_FEATURE(kExtensionTabContextMenu, base::FEATURE_DISABLED_BY_DEFAULT); + -BASE_FEATURE(kExtensionsManifestV3Only, base::FEATURE_DISABLED_BY_DEFAULT); +BASE_FEATURE(kExtensionsManifestV3Only, base::FEATURE_ENABLED_BY_DEFAULT); - + BASE_FEATURE(kExtensionsMenuAccessControl, #if BUILDFLAG(IS_ANDROID) diff --git a/patches/trivalent/set-browser-defaults.patch b/patches/trivalent/set-browser-defaults.patch index 02cb9e34..6b2c87bb 100644 --- a/patches/trivalent/set-browser-defaults.patch +++ b/patches/trivalent/set-browser-defaults.patch @@ -23,7 +23,7 @@ index 837e75e79b..bb8acd5cb1 100644 user_prefs::PrefRegistrySyncable::SYNCABLE_PREF); registry->RegisterDictionaryPref(prefs::kBrowserWindowPlacement); registry->RegisterDictionaryPref(prefs::kBrowserWindowPlacementPopup); -@@ -142,24 +142,24 @@ void RegisterBrowserUserPrefs(user_prefs::PrefRegistrySyncable* registry) { +@@ -150,23 +150,23 @@ void RegisterBrowserUserPrefs(user_prefs::PrefRegistrySyncable* registry) { false); #endif registry->RegisterStringPref(prefs::kWebRTCIPHandlingPolicy, @@ -39,20 +39,19 @@ index 837e75e79b..bb8acd5cb1 100644 registry->RegisterListPref( prefs::kWebRTCDiagnosticLogCollectionAllowedForOrigins, base::ListValue()); - + // We need to register the type of these preferences in order to query // them even though they're only typically controlled via policy. - registry->RegisterBooleanPref(policy::policy_prefs::kHideWebStoreIcon, false); - registry->RegisterBooleanPref(prefs::kSharedClipboardEnabled, true); + registry->RegisterBooleanPref(policy::policy_prefs::kHideWebStoreIcon, true); + registry->RegisterBooleanPref(prefs::kSharedClipboardEnabled, false); - - #if BUILDFLAG(ENABLE_CLICK_TO_CALL) + - registry->RegisterBooleanPref(prefs::kClickToCallEnabled, true); + registry->RegisterBooleanPref(prefs::kClickToCallEnabled, false); - #endif // BUILDFLAG(ENABLE_CLICK_TO_CALL) - + #if BUILDFLAG(IS_MAC) + // This really belongs in platform code, but there's no good place to @@ -188,7 +188,7 @@ void RegisterBrowserUserPrefs(user_prefs::PrefRegistrySyncable* registry) { registry->RegisterBooleanPref(prefs::kEnterpriseHardwarePlatformAPIEnabled, diff --git a/patches/trivalent/ui/add-new-prefs.patch b/patches/trivalent/ui/add-new-prefs.patch index 37d6c2d9..3a352695 100644 --- a/patches/trivalent/ui/add-new-prefs.patch +++ b/patches/trivalent/ui/add-new-prefs.patch @@ -71,7 +71,7 @@ index 2a44a0d606..f3790357da 100644 +