DivestOS

mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-07-05 02:51:33 +00:00

Author	SHA1	Message	Date
Tad	209481c53e	Fix/Add exec based spawning patchsets from GrapheneOS 11 `14c3c1d4cd` `ac1943345e` `1abb805041` `2e07ab8c24` `0044836677` `c561811fad` `7a848373ef` `89646bdeb1` `2a70bbac4a` `d414dcaa35` `b4cd877e3a` `98634286bb` 11 `4c2635390c` 11 `add34a4bc6` 11 `a2b51906de` 10 `527787f3c8` `ffde474ad7` `aa87e487c4` `c906fe9722` `c69c3eecd4` `b2303adccc` `5bb05db6f7` `536b497688` `24802a832b` `ce6dcc2368` `3d3d5c4d38` `2eda592b79` 10 `29f28b53c0` 10 `13a992c716` 9 `750efbf6bc` `ed563b6f26` `aad3c7d750` `da3180f9a8` `68773a29b7` `283b3fa09c` `f133136b65` `01a01ce5f6` `17c309c098` `8806ec3ef1` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 15:55:13 -04:00
Tad	f015dd348f	Add the JNINativeMethod table constification patchsets from GrapheneOS 11 `63b9f96a12` 11 `d8a62b5156` 11 `e3a4d64f29` 11 `e41f1d7f8e` 11 `c34b037486` 11 `dce2d0f64f` 11 `c99c35cb2a` 10 `07071814db` 10 `a48ba29b98` 10 `157fa78115` 10 `b914409e05` 10 `20a51f508b` 10 `b8afb8af37` 10 `e1b6653db7` 9 `ff688b68a7` 9 `866f0df315` 9 `77c9fa981a` 9 `fbf620e59c` 9 `ceaf63c790` 9 `253247fc39` 9 `76bf4c46f0` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 15:26:48 -04:00
Tad	ad579b6681	Misc hardening from GrapheneOS 11 `62f81c237b` 11 `1f05db99ab` 11 `f242089d3f` 10 `abcf485dcf` 9x `c5db5a9f9e` Signed-off-by: Tad <tad@spotco.us>	2022-03-15 14:40:05 -04:00
Tad	e61e288b4a	Optionally allow the official Bromite WebView to be used, credit @MSe1969 This also replaces the overrides for all versions And should allow the Google WebView on 14/15/16 And lastly only leaves the bundled version as default This is a merge of the LineageOS 14/15/16 and 17/18 overlay With the addition of the Bromite signature from @MSe1969 Signed-off-by: Tad <tad@spotco.us>	2022-03-14 22:59:40 -04:00
Tad	f65c7a4ccd	Tweaks Signed-off-by: Tad <tad@spotco.us>	2022-03-12 11:48:23 -05:00
Tad	015799737e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-09 17:16:47 -05:00
Tad	4f75a8272a	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-09 11:59:30 -05:00
Tad	902239e2b5	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-08 23:20:43 -05:00
Tad	de764885b3	Fixup Signed-off-by: Tad <tad@spotco.us>	2022-03-08 12:56:52 -05:00
Tad	54dbcd9e43	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-07 19:12:10 -05:00
Tad	bda848a0a1	Fixup `057bedb6` Sadly this means the option was never enabled :( Note: these options are only available on 4.4+ kernels Signed-off-by: Tad <tad@spotco.us>	2022-03-06 23:05:13 -05:00
Tad	ac1e89f0c8	Update CVE patchers [the big fixup] This removes many duplicately or wrongly applied patches. Correctly removed: - CVE-2011-4132 can apply infinitely - CVE-2013-2891 can apply infinitely - CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap - CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result - CVE-2016-2475 can apply infinitely - CVE-2017-0627 can apply infinitely - CVE-2017-0750 can apply infinitely - CVE-2017-14875 can apply infinitely - CVE-2017-14883 can apply infinitely - CVE-2020-11146 can apply infinitely - CVE-2020-11608 can apply infinitely - CVE-2021-42008 can apply infinitely Questionable (might actually be beneficial to "incorrectly" apply again): - CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt - CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature - CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect - CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl - CVE-2019-10622 can apply once to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback - CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev Other notes: - CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696 then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it. This was seemingly fixed with a hand merged patch in patch repo. Wrongly removed: - CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru - CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops - CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames Signed-off-by: Tad <tad@spotco.us>	2022-03-04 00:42:28 -05:00
Tad	927b9bfbc5	Fix random reboots on broken kernels when an app has data restricted I don't like this Reading: - `24b3bdcf71` - https://review.lineageos.org/c/LineageOS/android_kernel_essential_msm8998/+/320470 - https://review.lineageos.org/c/LineageOS/android_system_bpf/+/264702 - https://gitlab.com/LineageOS/issues/android/-/issues/2514 - https://gitlab.com/LineageOS/issues/android/-/issues/3144 - https://gitlab.com/LineageOS/issues/android/-/issues/3287 Test: - restrict mobile data for an app - toggle wifi on and off a few times - watch systemui crash and soft-reboot Tested working on cheeseburger Signed-off-by: Tad <tad@spotco.us>	2022-03-03 17:51:46 -05:00
Tad	0d0104b4bb	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-03-02 22:57:34 -05:00
Tad	5e1521700f	Port the GrapheneOS NETWORK permission to 17.1 and 18.1 Some patches were ported from 12 to 10/11 Some patches from 11 were ported to 10 This 10/11 port should be very close to 12 BOUNS: 16.0 patches, disabled Signed-off-by: Tad <tad@spotco.us>	2022-02-25 16:52:51 -05:00
Tad	f4fbe65756	Various changes - 15.1: asb picks - 17.1: drop marlin, sailfish, z2_plus, m8 - 4.9 loose versioning fixes	2022-02-24 19:51:44 -05:00
Tad	8b39498b1c	Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us>	2022-02-22 13:44:47 -05:00
Tad	5245109cc1	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-19 23:22:19 -05:00
Tad	48b009a02e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-12 06:56:28 -05:00
Tad	b6da59d24f	Drop FairEmail, Vanilla, and their AOSP equivalents Signed-off-by: Tad <tad@spotco.us>	2022-02-11 14:25:30 -05:00
Tad	55cdea3c9b	17.1: small fixes Signed-off-by: Tad <tad@spotco.us>	2022-02-11 14:05:14 -05:00
Tad	f767a8ea87	Hopefully fix the broken radio on Pixels Thank you Google for all these great proprietary apps. Signed-off-by: Tad <tad@spotco.us>	2022-02-10 15:36:44 -05:00
Tad	65584e96ce	Switch to official Etar The Lineage forks have fallen behind Signed-off-by: Tad <tad@spotco.us>	2022-02-08 14:10:04 -05:00
Tad	ee0bd8625f	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-07 14:43:05 -05:00
Tad	0a664cc22c	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-02-03 21:12:02 -05:00
Tad	c0aac415aa	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-29 09:35:59 -05:00
Tad	58b53de17a	Multi user tweaks from GrapheneOS Signed-off-by: Tad <tad@spotco.us>	2022-01-24 06:30:39 -05:00
Tad	2400cf0964	App updates - Drops Calendar, Eleven, and Email - Adds a variable for Silence inclusion - Adds a NONE option for microG inclusion flag to disable NLP inclusion Signed-off-by: Tad <tad@spotco.us>	2022-01-24 06:30:15 -05:00
Tad	6329922104	Disable the Hamper Analytics patches Rely on the HOSTS to do any blocking. With the last update this causes app crashes, due to boolean/string mismatch. Need to figure out exactly how string in manifest can become a boolean when wanted. Signed-off-by: Tad <tad@spotco.us>	2022-01-23 16:55:24 -05:00
Tad	dbd2a71722	Update CVE patchers Hopefully fixes boot breakage Signed-off-by: Tad <tad@spotco.us>	2022-01-17 01:23:10 -05:00
Tad	6ec0c63126	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-13 11:08:22 -05:00
Tad	208c7800c8	Fixup Signed-off-by: Tad <tad@spotco.us>	2022-01-12 17:44:18 -05:00
Tad	ce6ee9d8e4	Update CVE patchers CVE-2021-0961 should be fine now Signed-off-by: Tad <tad@spotco.us>	2022-01-11 05:41:26 -05:00
Tad	b9c7839110	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-11 01:19:31 -05:00
Tad	b05823bb20	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2022-01-04 21:00:25 -05:00
Tad	e08349a202	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-12-29 11:51:58 -05:00
Tad	3c1931bcc9	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-12-19 05:15:32 -05:00
Tad	11141d3bc9	Small tweaks Signed-off-by: Tad <tad@spotco.us>	2021-12-17 14:31:13 -05:00
Tad	20e1023627	Small changes - 16.0: drop wallpaper optimization patch, questionable source - deblobber: don't remove libmmparser_lite.so, potentially used by camera - 17.1: pick Q_asb_2021-12, excluding a broken patch - clark 17.1: some camera denial fixes - alioth: unmark broken - 17.1: switch to upstream glibc fix - 17.1/18.1: disable per app sensors permission patchset, potential camera issues Signed-off-by: Tad <tad@spotco.us>	2021-12-13 20:28:54 -05:00
Tad	8b85bf9719	Small change Signed-off-by: Tad <tad@spotco.us>	2021-12-12 12:10:47 -05:00
Tad	8cf90d055e	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-12-11 01:12:41 -05:00
Tad	359ce4608f	Small updates Signed-off-by: Tad <tad@spotco.us>	2021-12-07 20:57:54 -05:00
Tad	ed1c151ce5	Update CVE patchers CVE-2021-0961/ANY/0001.patch likely causes breakage Signed-off-by: Tad <tad@spotco.us>	2021-12-06 17:43:34 -05:00
Tad	c5c3998593	Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝ Tested on 14.1 and 15.1 targets Signed-off-by: Tad <tad@spotco.us>	2021-11-29 21:14:00 -05:00
Tad	bf129b729d	17.1: extreme loose versioning work Signed-off-by: Tad <tad@spotco.us>	2021-11-27 23:25:35 -05:00
Tad	c4dbc73c56	Alter the glibc fix Signed-off-by: Tad <tad@spotco.us>	2021-11-27 15:52:09 -05:00
Tad	9b84cebf92	17.1: loose versioning work Signed-off-by: Tad <tad@spotco.us>	2021-11-27 15:50:11 -05:00
Tad	62166d1ea5	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-11-26 11:54:59 -05:00
Tad	f950398fa1	glibc 2.34 fix Tested working to compile mako on Fedora 35 Signed-off-by: Tad <tad@spotco.us>	2021-11-14 20:16:48 -05:00
Tad	b8f5d8a510	Update CVE patchers Signed-off-by: Tad <tad@spotco.us>	2021-11-12 11:51:02 -05:00

1 2 3 4 5 ...

333 Commits