Commit Graph

566 Commits

Author SHA1 Message Date
Tad
8bcb5c734d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-17 19:27:22 -04:00
Tad
38626e1b0c
Picks + Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-03-14 16:58:27 -04:00
Tad
162b40a39d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-13 18:13:54 -04:00
Tad
ef2fdb1d3e
More handling improvements
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 16:14:51 -05:00
Tad
0b294c1601
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 16:01:49 -05:00
Tad
5d0ab40f0b
Robustness improvements
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 01:14:06 -05:00
Tad
6ba784ac33
Some actual error handling 1/n
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 00:03:23 -05:00
Tad
097019193e
Don't bail when devices are missing
Signed-off-by: Tad <tad@spotco.us>
2023-03-07 23:41:27 -05:00
Tad
804786aa23
Update CVE patchers
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/193

Signed-off-by: Tad <tad@spotco.us>
2023-03-06 19:54:15 -05:00
Tad
2706fc9d59
Missing pick
Signed-off-by: Tad <tad@spotco.us>
2023-02-19 15:37:16 -05:00
Tad
b2913e8170
15.1 February ASB work + Picks
Signed-off-by: Tad <tad@spotco.us>
2023-02-19 13:07:11 -05:00
Tad
a845f59546
Fixup persistent IPv6 privacy address issue + churn
Backports of rfc4941bis from Google/Linaro
and workaround for legacy kernels from GrapheneOS

already has rfc4941bis patch:
fairphone_sdm632
google_gs101
google_gs201
google_msm-4.14
google_msm-4.9
google_redbull
oneplus_sdm845
razer_sdm845
xiaomi_sdm845

Signed-off-by: Tad <tad@spotco.us>
2023-02-11 20:26:24 -05:00
Tad
3047b3b269
Fixup kipper & starlte
Signed-off-by: Tad <tad@spotco.us>
2023-02-10 08:19:23 -05:00
Tad
0e9599af6d
Fixup
Signed-off-by: Tad <tad@spotco.us>
2023-02-09 22:46:42 -05:00
Tad
fa067a3f89
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-02-06 23:06:34 -05:00
Tad
19d5f73b50
Remove silly carrier restrictions
Signed-off-by: Tad <tad@spotco.us>
2023-02-03 22:17:13 -05:00
Tad
dc853bfdae
WebView: Switch to dedicated package name
And remove the F-Droid repo for it, will be moved to the 'DivestOS Official' repo
This simplifies release management and also allows other systems to benefit from the repo

Downside is users who don't update to this build won't receive any updates for it anymore

Signed-off-by: Tad <tad@spotco.us>
2023-02-02 17:17:30 -05:00
Tad
20c4e75fe1
Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 18:30:29 -05:00
Tad
4f6e21d7f9 Deduplicate Defaults.sh
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:57:13 -05:00
Tad
af3fe9776b Small updates
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:19:21 -05:00
Tad
1511176a07
Update CVE patchers
Maybe some breakage

Signed-off-by: Tad <tad@spotco.us>
2023-01-28 20:33:44 -05:00
Tad
da1df44c8f
GrapheneOS kernel hardening patches update
Maybe some compile breakage

Signed-off-by: Tad <tad@spotco.us>
2023-01-24 19:03:01 -05:00
Tad
9558a7d0e9 Switch to the Broadcom PSDS server for Pixel 6/7 series
Instead of agnss.goog cache
Based off of a patch from GrapheneOS

Signed-off-by: Tad <tad@spotco.us>
2023-01-21 04:08:26 -05:00
Tad
91807acf21
various small fixes
- loose versioning fixes for 4.9
- remove GPG commit verification for GOS repos, they use SSH now. TODO: support that
- 20.0: fixup AudioFX stray lines
- 20.0: broken fix for gs101/201 stray iwlan lines

Signed-off-by: Tad <tad@spotco.us>
2023-01-18 20:02:11 -05:00
Tad
5ce2d33162
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-01-18 14:13:33 -05:00
Tad
b82427ce5b Conservative reverse loose versioning for 3.10
This applies 3.4 patches to 3.10 if no other match is available

Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch

Signed-off-by: Tad <tad@spotco.us>
2023-01-13 15:51:46 -05:00
Tad
14f40e024f
Update CVE patchers
This adds loose versioning applying 4.14 patches to 4.9

Signed-off-by: Tad <tad@spotco.us>
2023-01-13 13:23:12 -05:00
Tad
57d951ccb5
Missing patches for 16.0 + Churn
Signed-off-by: Tad <tad@spotco.us>
2023-01-08 13:22:50 -05:00
Tad
efa31534a9
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-01-07 10:52:03 -05:00
Tad
06eed1fba9
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-31 21:41:46 -05:00
Tad
7d6b8e3aeb
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-22 11:33:47 -05:00
Tad
03293f6b52
Fixup
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels

Signed-off-by: Tad <tad@spotco.us>
2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-12-16 22:06:13 -05:00
Tad
5e918c5506
Picks
Signed-off-by: Tad <tad@spotco.us>
2022-12-12 19:30:56 -05:00
Tad
ce47fdae34
Small updates + Picks
Signed-off-by: Tad <tad@spotco.us>
2022-12-07 18:41:50 -05:00
Tad
038fca449b
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-30 08:28:40 -05:00
Tad
fd0e3e8117
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-22 07:11:30 -05:00
Tad
c4fe56a307
Update CVE patchers
This fixes CVE-2018-9422 which was primarily added via b56fabac

May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937

Signed-off-by: Tad <tad@spotco.us>
2022-11-21 08:39:10 -05:00
Tad
9d1efb33c3
More 14.1 picks + 15.1 November ASB work
Signed-off-by: Tad <tad@spotco.us>
2022-11-13 23:21:41 -05:00
Tad
14f7f1db32
Updates + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-11-13 02:06:05 -05:00
Tad
b81d39c969
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 16:05:22 -05:00
Tad
27395374e1
Fixup + Churn
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 13:54:57 -05:00
Tad
8bfedda18b
14/15/16: Fix compile failure with modern kernels
https://android-review.googlesource.com/c/platform/art/+/2226578
https://groups.google.com/g/Android-building/c/ZfUQQWt_ABI

Signed-off-by: Tad <tad@spotco.us>
2022-11-10 18:26:36 -05:00
Tad
ac3dc319c7
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-07 15:51:17 -05:00
Tad
7fb334d825
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-11-03 13:25:38 -04:00
Tad
11780d890f Churn
Signed-off-by: Tad <tad@spotco.us>
2022-10-24 22:53:41 -04:00
Tad
c051cb282d Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-22 21:39:01 -04:00
Tad
1338c24d9b
Disable CarrierConfig and carrier_list changes
I've had reports of non-functional SIM and reboots with select carriers on this last update

Signed-off-by: Tad <tad@spotco.us>
2022-10-20 19:42:01 -04:00
Tad
6b07bc77a5
Picks
Signed-off-by: Tad <tad@spotco.us>
2022-10-19 15:25:56 -04:00
Tad
148df59b7e
Cleanup: Drop UnifiedNlp, FDroidPrivExt, and Silence
These haven't been included for a while

+remove some old cruft from 20.0

Signed-off-by: Tad <tad@spotco.us>
2022-10-19 12:15:24 -04:00
Tad
055ed9bfad
20.0: Initial bringup
Signed-off-by: Tad <tad@spotco.us>
2022-10-15 10:39:48 -04:00
Tad
2acd454f13
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-13 23:42:20 -04:00
Tad
bf66d5db45
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 20:59:55 -04:00
Tad
348b392f03
Picks
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 10:24:04 -04:00
Tad
d78121a1c0
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 10:22:17 -04:00
Tad
598d78bb61
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-09-25 13:49:45 -04:00
Tad
eb200546ea
17.1+: Update carrier configs for improved compatibility
CarrierConfig@c2819f8
TelephonyProvider@af5c1386

Signed-off-by: Tad <tad@spotco.us>
2022-09-14 14:58:01 -04:00
Tad
ec42acceb6
Various fixes from GrapheneOS
Signed-off-by: Tad <tad@spotco.us>
2022-09-13 10:24:26 -04:00
Tad
e2b314da3c
15.1+16.0: September 2022 ASB picks
16.0 backports thanks to MSe1969 as usual:
https://github.com/lin16-microg/android_system_bt/commits/lineage-16.0 - last 3 commits
https://github.com/lin16-microg/android_frameworks_base/commits/lineage-16.0 - last 4 commits
https://github.com/lin16-microg/android_external_expat/commits/lineage-16.0 - last 4 commits

Signed-off-by: Tad <tad@spotco.us>
2022-09-10 18:32:25 -04:00
Tad
2bc43f195c
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-09-07 10:04:28 -04:00
Tad
b6e9f50cb5
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-09-04 14:05:36 -04:00
Tad
5fe5a4f898
Compile fixes
Signed-off-by: Tad <tad@spotco.us>
2022-08-29 14:26:47 -04:00
Tad
86ed884251
More verification
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 23:14:15 -04:00
Tad
3618774d9f
GPG verification for all platform repositories
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 22:40:27 -04:00
Tad
adb61b0fb2
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 12:15:45 -04:00
Tad
d8d8e457a1 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-21 10:44:12 -04:00
Tad
7918347d1c Updates
- Add a script to update commons like APNs, VVM configs, and contributors cloud
- Add the latest contributors cloud to all branches
- Update wireless-regdb to 2022.08.12 release
- Add some shell opts to some scripts

Signed-off-by: Tad <tad@spotco.us>
2022-08-15 16:37:42 -04:00
Tad
a78f9217c6 Fixes
Signed-off-by: Tad <tad@spotco.us>
2022-08-14 19:56:28 -04:00
Tad
8b67d5c41e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-10 22:02:37 -04:00
Tad
12c56938cb Improve CVE-2021-1048 patching on 3.x kernels
It is still actively being used by malware.

This largely handles 3.0, 3.4, and 3.10 kernels.
It works for select 3.18 kernels too.

TODO: need alternate get_file_rcu backport for the following:
15.1/lge_msm8996
15.1/zte_msm8996
16.0/xiaomi_msm8937
17.1/motorola_msm8996
18.1/google_marlin
18.1/lge_msm8996
18.1/oneplus_msm8996

Signed-off-by: Tad <tad@spotco.us>
2022-08-09 21:39:25 -04:00
Tad
4d9a110970 Pick
Signed-off-by: Tad <tad@spotco.us>
2022-08-08 18:47:17 -04:00
Tad
31a67f054d Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-08-04 11:12:40 -04:00
Tad
2b299c1aff Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-07-21 21:28:26 -04:00
Tad
a9d90a06b9 Pick
Signed-off-by: Tad <tad@spotco.us>
2022-07-15 11:03:41 -04:00
Tad
1d64c759a5 Fixes
Signed-off-by: Tad <tad@spotco.us>
2022-07-10 00:31:44 -04:00
Tad
d3632c25ce Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-07-07 21:47:59 -04:00
Tad
2c27a88a24 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-07-06 19:22:21 -04:00
Tad
7b8ef09540 Update CVE patchers
Effectively no changes

Signed-off-by: Tad <tad@spotco.us>
2022-07-04 18:30:09 -04:00
Tad
ac645dd62e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-06-28 11:32:05 -04:00
Tad
519a474173 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-06-19 22:44:05 -04:00
Tad
4e09464e86 Pick
Signed-off-by: Tad <tad@spotco.us>
2022-06-15 17:17:47 -04:00
Tad
70b8485695 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-06-09 17:59:48 -04:00
Tad
2bf84a7643 Increase default max password length to 64, credit GrapheneOS
Closes https://github.com/Divested-Mobile/DivestOS-Build/pull/119
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/27

Signed-off-by: Tad <tad@spotco.us>
2022-06-07 15:33:38 -04:00
Tad
899ea17d4e Add the missing page sanitization to 3.18 kernels
All along they only had slub sanization :(

Signed-off-by: Tad <tad@spotco.us>
2022-06-04 12:00:01 -04:00
Tad
92c66447f8 Drop slub_debug
What is lost?
- sanity checks and redzoning on all devices
  - redzoning reportedly however causes issues on some devices such as the Pixel 3/4 and OnePlus 7
- slub sanization on 3.0, 3.4, 4.4 (except google/wahoo), xiaomi/sm6150, and oneplus/sm7250

Note: all 3.4+ devices still have page sanization

Signed-off-by: Tad <tad@spotco.us>
2022-06-03 13:58:17 -04:00
Tad
da63c9e571 Various small patches
7408144e1b
> extend Network/Sensors permission handling for legacy apps not targeting Android 6
> or above (API 23) to resolve a UI issue where the user choosing to grant the
> Network/Sensors permissions via the legacy permission review interface doesn't
> appear in the Settings app info page

22d32cb61b
suppresses https://github.com/Divested-Mobile/DivestOS-Build/discussions/112

66f406b979
3f69205d06
nice to have

Signed-off-by: Tad <tad@spotco.us>
2022-06-02 23:17:05 -04:00
Tad
6d95c231bc Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-31 21:29:22 -04:00
Tad
735c9e0de8 Revert 5d57bf13
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices

Signed-off-by: Tad <tad@spotco.us>
2022-05-27 23:46:57 -04:00
Tad
28724c4a6e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-25 22:52:22 -04:00
Tad
2c4caa30a1 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-24 00:36:49 -04:00
Tad
e8bc36af04 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-20 17:16:29 -04:00
Tad
05930af014 Various changes 2022-05-14 21:40:50 -04:00
Tad
df398fd6f5 Various
Signed-off-by: Tad <tad@spotco.us>
2022-05-07 20:22:49 -04:00
Tad
b2eb3c01b4 Update CVE patchers
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375

Signed-off-by: Tad <tad@spotco.us>
2022-05-03 23:33:17 -04:00
Tad
65883d9bc4 2022
Signed-off-by: Tad <tad@spotco.us>
2022-05-01 01:13:49 -04:00
Tad
3316cc4824 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-04-27 07:46:22 -04:00
Tad
3457fd4151 Device cleanup
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo

Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)

Signed-off-by: Tad <tad@spotco.us>
2022-04-26 15:19:57 -04:00
Tad
9a6c7a2684 18.1: Add toggle for /etc/hosts
TODO: 19.1 and maybe 17.1

Tested working on klte/18.1

Signed-off-by: Tad <tad@spotco.us>
2022-04-20 16:40:22 -04:00
Tad
1f721c7845 Further credit patches
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 23:52:10 -04:00
Tad
e666a4a891 Update CVE patchers
TODO: maybe split CVE-2022-23960/4.9 to get back?

Signed-off-by: Tad <tad@spotco.us>
2022-04-19 14:38:44 -04:00