Commit Graph

1302 Commits

Author SHA1 Message Date
Tad
d7996e8240
14.1: December ASB picks
Signed-off-by: Tad <tad@spotco.us>
2023-12-07 00:07:02 -05:00
Tad
ee3e067016
Fixup
Signed-off-by: Tad <tad@spotco.us>
2023-12-06 23:53:44 -05:00
Tad
56aa41bf47
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-12-05 20:45:24 -05:00
Tad
26c0951cd2
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-12-04 15:51:53 -05:00
Tad
5c99bc4098
Picks
- 14.1: more ffmpeg patches from @syphyr
- 16.0: switch to @MSe1969's patchsets, gains 3 libcups related fixes

Signed-off-by: Tad <tad@spotco.us>
2023-12-03 19:08:52 -05:00
Tad
5d794c1a3a
14.1: Freeze Mulch to 119
120 drops support for Nougat
https://groups.google.com/a/chromium.org/g/chromium-dev/c/B9AYI3WAvRo

Signed-off-by: Tad <tad@spotco.us>
2023-11-30 16:10:23 -05:00
Tad
af0cea3572
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-11-16 22:59:28 -05:00
Tad
5a87cd6bcb
15.1 November ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-11-13 22:16:47 -05:00
Tad
ad298935a2
16.0 November ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-11-13 20:10:40 -05:00
Tad
c45a1db5e2
17.1 November ASB work
Plus a bonus October patch from @flamefire
https://github.com/Flamefire/android_device_sony_lilac/blob/lineage-17.1/patches/asb-2023-10/android_packages_providers_MediaProvider/0001-Fix-path-traversal-vulnerabilities-in-MediaProvider.patch

Signed-off-by: Tad <tad@spotco.us>
2023-11-13 16:25:48 -05:00
Tad
798c665f74
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-11-12 16:55:58 -05:00
Tad
46c5c52393
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-11-11 00:00:32 -05:00
Tad
77b7de4b1e
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-11-09 17:59:22 -05:00
Tad
0b102adb1d
Final fixups
compile tested: h830, h850, rs988

Signed-off-by: Tad <tad@spotco.us>
2023-11-07 23:46:00 -05:00
Tad
4eed156d14
Fixup 09494a1c
compile tested: vayu, pioneer

Signed-off-by: Tad <tad@spotco.us>
2023-11-07 21:19:43 -05:00
Tad
09494a1c71
Move all 19.1 devices to 20.0
Signed-off-by: Tad <tad@spotco.us>
2023-11-07 16:50:54 -05:00
Tad
01a196e055
Pull in Messaging notifications fix
Likely solves https://github.com/Divested-Mobile/DivestOS-Build/issues/141

Signed-off-by: Tad <tad@spotco.us>
2023-11-05 19:32:30 -05:00
Tad
548aec9c9d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-11-05 18:58:11 -05:00
Tad
095d222e87
Add patch to allow disabling presidential broadcasts from GrapheneOS
Signed-off-by: Tad <tad@spotco.us>
2023-11-05 18:12:08 -05:00
Tad
01e41a26f6
19.1+: Reduce EXIF metadata in screenshots, thanks to CalyxOS
546fd13c6f

Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/263

Signed-off-by: Tad <tad@spotco.us>
2023-10-20 18:54:01 -04:00
Tad
f64285f6fd
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-10-15 21:06:16 -04:00
Tad
d1103ddc2f
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-10-13 04:41:22 -04:00
Tad
f5da93c4e5
15.1 October ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-10-09 22:02:07 -04:00
Tad
5d53945c3c
16.0 October ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-10-09 21:41:54 -04:00
Tad
27066c202f
17.1 October ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-10-09 19:41:44 -04:00
Tad
bf565cd578
Switch to upstream ASB patchsets
Signed-off-by: Tad <tad@spotco.us>
2023-10-08 22:52:14 -04:00
Tad
7b54b4459c
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-10-08 15:10:59 -04:00
Tad
718f06e0f6
20.0: LineageParts patches rebased by @danielk43
Signed-off-by: Tad <tad@spotco.us>
2023-10-07 17:06:12 -04:00
Tad
781f2820de
14.1: October ASB picks
Signed-off-by: Tad <tad@spotco.us>
2023-10-05 16:35:36 -04:00
Tad
7bdcaac45d
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-10-03 17:45:51 -04:00
Tad
7ace4ca4a9
Update CVE patchers
no change

Signed-off-by: Tad <tad@spotco.us>
2023-10-03 16:39:50 -04:00
Tad
8ca9d55a57
Update commons
Signed-off-by: Tad <tad@spotco.us>
2023-10-03 15:33:07 -04:00
Tad
7d2c184d1f
Bonus patches
Signed-off-by: Tad <tad@spotco.us>
2023-10-03 15:17:06 -04:00
Tad
af360bc9ea
20.0: October ASB picks
wget c873988898.patch -O telecomm-01.patch
wget 0fb5786dbf.patch -O mediaprovider-01.patch
wget 1a4b9ef510.patch -O wifi-01.patch
wget 364a1d9962.patch -O bluetooth-01.patch
wget 87a06448b9.patch -O settings-01.patch
wget aaba724a68.patch -O settings-02.patch
wget 507304e1f5.patch -O native-01.patch
wget 89489ff5dd.patch -O base-01.patch
wget d1765c4715.patch -O base-02.patch
wget cbb1a0ecd6.patch -O base-03.patch
wget 4725772c0b.patch -O base-04.patch
wget 19747f6923.patch -O base-05.patch
wget e7a1aa9ed0.patch -O base-06.patch
wget 922a7860b1.patch -O base-07.patch
wget ed183ed912.patch -O base-08.patch
wget c6fbe1330a.patch -O base-09.patch
wget 9141cac175.patch -O base-10.patch
wget 41235bcc67.patch -O av-01.patch
wget a89f704701.patch -O av-02.patch
wget 6d7cd80d77.patch -O av-03.patch
wget 75fc175a08.patch -O av-04.patch
wget b023ec300f.patch -O av-05.patch
wget c8117d1539.patch -O av-06.patch
wget f06d23d824.patch -O av-07.patch
wget 9c7408ab07.patch -O av-08.patch
wget cfbfcefb3c.patch -O launcher-01.patch
wget 4a27a7f162.patch -O libxml-01.patch

Signed-off-by: Tad <tad@spotco.us>
2023-10-03 14:42:00 -04:00
Tad
d80f272b54
Update CVE patchers
CVE-2023-4128 replaces CVE-2023-4208

Signed-off-by: Tad <tad@spotco.us>
2023-10-02 21:41:34 -04:00
Tad
5bf0ecf173
Bump
Signed-off-by: Tad <tad@spotco.us>
2023-10-02 12:12:06 -04:00
Tad
fcf4f812cc
CVE-2023-5217
untested

Signed-off-by: Tad <tad@spotco.us>
2023-09-28 09:17:29 -04:00
Tad
24420a7150
20.0: LatinIME patches rebased by @danielk43
closes https://github.com/Divested-Mobile/DivestOS-Build/issues/248

Signed-off-by: Tad <tad@spotco.us>
2023-09-26 14:17:59 -04:00
Tad
19f4964036
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-09-21 16:52:35 -04:00
Tad
b39b2f2feb
Churn + Picks
Signed-off-by: Tad <tad@spotco.us>
2023-09-21 16:12:28 -04:00
Tad
25f02f4177
14.1 though 17.1: patch CVE-2023-4863, thanks to @syphyr
run tested on 14.1, 15.1, and 17.1
compile tested on 16.0

Signed-off-by: Tad <tad@spotco.us>
2023-09-20 04:16:17 -04:00
Tad
de7d2a2a62
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-09-19 01:53:33 -04:00
Tad
724b742b64
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-09-18 15:34:11 -04:00
Tad
1b4f6d3bd8
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-09-17 01:30:23 -04:00
Tad
095753ffaf
Tweak
Signed-off-by: Tad <tad@spotco.us>
2023-09-17 00:28:29 -04:00
Tad
cbf76ea4eb
18.1+: patch CVE-2023-4863
TODO:
- 17.1 uses v1.0.2, needs backport
  patch for v1.0.3: 8d9916da90

Signed-off-by: Tad <tad@spotco.us>
2023-09-15 14:38:14 -04:00
Tad
cbc5a339e6
20.0: LatinIME patches rebased by @danielk43
closes https://github.com/Divested-Mobile/DivestOS-Build/issues/244

Signed-off-by: Tad <tad@spotco.us>
2023-09-13 15:30:11 -04:00
Tad
5eb6190931
Fixup 15.1/16.0 backport: system/bt: Fix UAF in gatt_cl.cc
thanks to @syphyr for this!

Signed-off-by: Tad <tad@spotco.us>
2023-09-12 16:55:46 -04:00
Tad
3aa7e02455
15.1 September ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-09-11 20:09:30 -04:00
Tad
033c600eac
16.0 September ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-09-11 16:14:15 -04:00
Tad
aa4464d1c4
17.1 September ASB work
+ an August backport from @flamefire

Signed-off-by: Tad <tad@spotco.us>
2023-09-11 01:23:37 -04:00
Tad
84a84c4742
Picks + Churn
Signed-off-by: Tad <tad@spotco.us>
2023-09-10 21:12:24 -04:00
Tad
6e5745143f
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-09-08 20:00:23 -04:00
Tad
b0800a1479
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-09-07 21:23:50 -04:00
Tad
964877bbf6
20.0: September ASB picks
wget b96ee4a2d1.patch -O telephony-01.patch
wget c16e6e78c1.patch -O media-01.patch
wget d5771450d7.patch -O media-02.patch
wget a1370bd00c.patch -O nn-01.patch
wget ce2776f4ca.patch -O bt-01.patch
wget 585f583ef5.patch -O bt-02.patch
wget c9905e7968.patch -O bt-03.patch
wget c93ec045f5.patch -O bt-04.patch
wget 89fb17d172.patch -O bt-05.patch
wget 14aed2455e.patch -O bt-06.patch
wget cd438ebc52.patch -O bt-07.patch
wget 27e7cdc4e5.patch -O nfc-01.patch
wget dfeb4270b8.patch -O launcher-01.patch
wget b1993f6cec.patch -O native-01.patch
wget df4a9362cd.patch -O fwb-01.patch
wget b55563bb9d.patch -O fwb-02.patch
wget a80971a281.patch -O fwb-03.patch
wget 7e173b4383.patch -O fwb-04.patch
wget 44191b1c6b.patch -O fwb-05.patch
wget 8dc8dfe572.patch -O fwb-06.patch
wget 00a4224100.patch -O av-01.patch
wget 21623d1f43.patch -O settings-01.patch
wget fa5ec443d9.patch -O settings-02.patch
wget ba4da9c7b3.patch -O settings-03.patch

Signed-off-by: Tad <tad@spotco.us>
2023-09-06 15:42:52 -04:00
Tad
3e8effa345
ASB cherrypicks
https://review.lineageos.org/q/topic:%22n-asb-2023-09%22

Signed-off-by: Tad <tad@spotco.us>
2023-09-05 20:50:36 -04:00
Tad
0ec3c25d86
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-09-05 20:42:14 -04:00
Tad
ababe54a0c
14.1: Disable dexpreopt
causes many bizarre issues on devices
- apps crashing on certain functions
- apps loading content from other apps
- etc.

Signed-off-by: Tad <tad@spotco.us>
2023-09-04 15:36:57 -04:00
Tad
a17a425265
14.1: Fixup Freetype
90b7894627

Signed-off-by: Tad <tad@spotco.us>
2023-09-03 17:36:24 -04:00
Tad
9e954ea987
Restore face unlock for Pixel 4 series
We keep fingerprint reader blobs, so why not these?

Signed-off-by: Tad <tad@spotco.us>
2023-09-01 20:51:49 -04:00
Tad
6d52d2f6ce
m8: Fix display corruption
Fixes the screen shifting vertically when in a full screen task like camera

Signed-off-by: Tad <tad@spotco.us>
2023-08-31 21:55:13 -04:00
Tad
56b71651c5
Tweak
Signed-off-by: Tad <tad@spotco.us>
2023-08-30 15:22:00 -04:00
Tad
4afb99b6d1
Fixup fc903251
Signed-off-by: Tad <tad@spotco.us>
2023-08-30 12:48:37 -04:00
Tad
8acec36989 20.0: eUICC for all
TODO: move this setting to the cell menu

Signed-off-by: Tad <tad@spotco.us>
2023-08-30 12:41:30 -04:00
Tad
fc9032513f
Update CVE patchers
Likely issue CVE-2023-3773/^6.4

Signed-off-by: Tad <tad@spotco.us>
2023-08-27 17:13:53 -04:00
Tad
bf55f7d572
Remove more face unlock blobs and unbreak camera on Pixel 4 series
Signed-off-by: Tad <tad@spotco.us>
2023-08-26 18:22:51 -04:00
Tad
aa0ab3c1ba
Revert "Try to fixup cell service on crackling"
didn't work

This reverts commit 43e55668fd.
2023-08-25 09:56:20 -04:00
Tad
fa030fcbf4
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-24 21:38:33 -04:00
Tad
52a0c55c41
Fixups
- Revert Freetype branch switching for 15.1+, broken
- Don't include OpenEUICC on Pixel 2 and 3 series, they won't work
- Churn

Signed-off-by: Tad <tad@spotco.us>
2023-08-24 03:06:02 -04:00
Tad
1fde0f9c45
More branch switching, thanks to @syphyr
Signed-off-by: Tad <tad@spotco.us>
2023-08-23 11:05:05 -04:00
Tad
7835c2b2ae
18.1+: Restrict tile usage when locked, credit @GrapheneOS
TODO: backport to older branches

Signed-off-by: Tad <tad@spotco.us>
2023-08-22 17:54:19 -04:00
Tad
8b51c3cd0f
Fixup OpenEUICC inclusion
Signed-off-by: Tad <tad@spotco.us>
2023-08-21 20:00:31 -04:00
Tad
d6c3b6c8fa
More eSIM work
- Add the GrapheneOS package hook mechanism
- Ensure OpenEUICC and EuiccSupportPixel are only enabled in the system user
- Prevent EuiccSupportPixel interactions
- Remove INTERNET permission from EuiccSupportPixel

Signed-off-by: Tad <tad@spotco.us>
2023-08-21 16:50:51 -04:00
Tad
c070e856b2
eSIM enablement via @PeterCxy's OpenEUICC
tested working on bluejay

Signed-off-by: Tad <tad@spotco.us>
2023-08-21 09:25:10 -04:00
Tad
c90920965f
Remove some garbage
Signed-off-by: Tad <tad@spotco.us>
2023-08-20 16:11:44 -04:00
Tad
43e55668fd
Try to fixup cell service on crackling
netmgrd appears incompatible with hmalloc
noted by @fishy1337
https://github.com/Divested-Mobile/DivestOS-Build/issues/204#issuecomment-1676439970

Signed-off-by: Tad <tad@spotco.us>
2023-08-18 11:24:04 -04:00
Tad
ceec1584a9
Fixup hosts cache thanks to patch from @danielk43
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/198

Signed-off-by: Tad <tad@spotco.us>
2023-08-18 11:17:14 -04:00
Tad
2142e2e763
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-08-17 17:18:10 -04:00
Tad
9707326c4f
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-13 16:16:21 -04:00
Tad
160aee5049
Backport patch to handle verity with openssl 3.0
ref: https://github.com/Divested-Mobile/DivestOS-Website/pull/19

Signed-off-by: Tad <tad@spotco.us>
2023-08-11 18:53:01 -04:00
Tad
3a32beaad5
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-10 12:40:34 -04:00
Tad
cd0ede5a0d
Fix an inconsistency
As noted by @syphyr

Signed-off-by: Tad <tad@spotco.us>
2023-08-09 16:15:29 -04:00
Tad
877257692e
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-09 12:58:32 -04:00
Tad
974878988b
Fixup
Will regen later

Signed-off-by: Tad <tad@spotco.us>
2023-08-09 00:46:44 -04:00
Tad
51bcf23dac
14.1 August ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 23:41:40 -04:00
Tad
79e3fb6fb4
15.1 August ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 09:35:44 -04:00
Tad
4b2160cf56
16.0 August ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 07:48:57 -04:00
Tad
f52adb2bc5
17.1 August ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 06:31:22 -04:00
Tad
566decb5dd
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 05:14:44 -04:00
Tad
e627cdee05
Sync with @flamefire's Q_asb_2023-07
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 05:01:00 -04:00
Tad
eef09ae519
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-08-07 18:07:19 -04:00
Tad
7ef5d9a9c4
Broken EUICC handling
Signed-off-by: Tad <tad@spotco.us>
2023-08-05 18:57:32 -04:00
Tad
180280b233
Update CVE patchers
TODO: adjust min version of CVE-2023-4132

Signed-off-by: Tad <tad@spotco.us>
2023-08-04 21:00:29 -04:00
Tad
c777c74717 16.0 Backports
- hosts toggle
- auto reboot
- bluetooth timeout
- unprivileged microG
- ptrace toggle
- exec spawning toggle

TODO: needs work

Signed-off-by: Tad <tad@spotco.us>
2023-07-27 16:35:00 -04:00
Tad
95a57748ea
Fix the fix
Signed-off-by: Tad <tad@spotco.us>
2023-07-25 13:03:44 -04:00
Tad
e458e9ddd4
Unbreak the F-Droid additional repos
microG pubkey was wrongly spanning multiple lines
likely from copy/paste of old diff

addresses https://gitlab.com/fdroid/fdroidclient/-/issues/2662

Signed-off-by: Tad <tad@spotco.us>
2023-07-25 13:01:45 -04:00
Tad
73414e76d2
Update CVE patchers
two lpes

Signed-off-by: Tad <tad@spotco.us>
2023-07-25 12:04:05 -04:00
Tad
c8d3354113
Patch from CalyxOS to make AOSP less spyware
Signed-off-by: Tad <tad@spotco.us>
2023-07-24 14:35:24 -04:00
Tad
e74f861c8e
Fixes + Churn
- Fix instances of awk failing on missing globs
- Remove unwanted packages from work/user/managed profiles
- Remove proprietary camera extensions

Signed-off-by: Tad <tad@spotco.us>
2023-07-24 03:59:51 -04:00
Tad
4bab1c31d7
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-19 16:05:51 -04:00
Tad
af57c5c857
Tweaks
Signed-off-by: Tad <tad@spotco.us>
2023-07-19 04:43:13 -04:00
Tad
aa6bfad801
Various
- Drop OpenCamera, it doesn't work on lock screens anymore?
- microG on 18.1+:
  - set packages forceQueryable
  - spoof some sources as Play Store
    TODO: backport this to 17.1
- Remove camera extensions
- Churn
- Wording

Signed-off-by: Tad <tad@spotco.us>
2023-07-15 18:22:07 -04:00
Tad
1c9076fffe
KSM tuning
- Only enable on Linux 3.0 through 4.9
- Always enable defer option
- Only run twice a second, instead of fifty times a second

Signed-off-by: Tad <tad@spotco.us>
2023-07-14 20:27:10 -04:00
Tad
11c286ecd4
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-14 17:27:20 -04:00
Tad
192c73146a
Add a toggle for KSM
Signed-off-by: Tad <tad@spotco.us>
2023-07-14 17:11:21 -04:00
Tad
b5bb498248
Many tweaks
- 19.1/20.0: Enable low ram for <6GB devices
- 20.0: support RROs with exec spawning patch from GrapheneOS
- allow work profiles when low ram is enabled
- churn
- cherrypicks

Signed-off-by: Tad <tad@spotco.us>
2023-07-13 16:40:05 -04:00
Tad
eff7a69bed
Small changes
- Another fix
- Deblobber tweaks
- Patch from GrapheneOS
- Cherrypick

Signed-off-by: Tad <tad@spotco.us>
2023-07-13 10:58:41 -04:00
Tad
fdeceb5c9c
Fixups
Signed-off-by: Tad <tad@spotco.us>
2023-07-10 22:50:33 -04:00
Tad
7a53edc390
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-10 17:11:15 -04:00
Tad
fc01bcba7f
Churn
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/222

Signed-off-by: Tad <tad@spotco.us>
2023-07-09 21:23:25 -04:00
Tad
ad8e5b631a
16.0+17.1: Extra July ASB backport from @MSe1969
Signed-off-by: Tad <tad@spotco.us>
2023-07-09 14:49:51 -04:00
Tad
fb0064ffbf
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-09 14:43:06 -04:00
Tad
83cbcfa39b
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-08 15:21:06 -04:00
Tad
9d6662dee7
15.1 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 18:00:23 -04:00
Tad
293f97d678
16.0 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 17:24:47 -04:00
Tad
4db68c3de1
Fixup b92655da
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 15:28:55 -04:00
Tad
b92655dac4
17.1 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 14:17:23 -04:00
Tad
2651f33e5c
ASB cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 13:44:00 -04:00
Tad
5bc210f135
Adjust microg config path
/product can't be used for now
https://github.com/microg/GmsCore/issues/1976

also move the wording around so it can be easier to remove later
after a new release is tagged

Signed-off-by: Tad <tad@spotco.us>
2023-07-07 13:33:48 -04:00
Tad
492ed24ca2
Fixups
Signed-off-by: Tad <tad@spotco.us>
2023-07-06 17:59:25 -04:00
Tad
34f2d0d15a
Tweak micorG defaults
New options added
4772008582

Signed-off-by: Tad <tad@spotco.us>
2023-07-06 14:39:38 -04:00
Tad
c4666a33b7
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-07-05 19:42:40 -04:00
Tad
c9a7ff8bba
Override all microG defaults to disabled
TODO after fixed:
SafetyNet: https://github.com/microg/GmsCore/issues/1971
Geocoder: https://github.com/microg/GmsCore/issues/1972

Signed-off-by: Tad <tad@spotco.us>
2023-07-04 14:48:18 -04:00
Tad
a96f74ca28
Enable the opt-in unprivileged microG enablement patchset
Runtime tested: 17.1, 18.1, 20.0
Compile tested: 19.1

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 21:50:08 -04:00
Tad
b7d37053c3
Further harden signature spoofing with targetSdk and versionCode checks
- Also fix compile for 17.1, rest should be fine

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 17:33:34 -04:00
Tad
f2c8005853
16.0: switch to upstream P_asb_2023-06
Has two extra patches for Traceur, but misses a patch for CarSettings

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 15:22:32 -04:00
Tad
4282c7c35f
Backports of 0f4044e2 to 17.1/18.1/19.1
Also don't grant any special location permissions

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 15:17:56 -04:00
Tad
0f4044e242
20.0: opt-in hardened unprivileged microG ability
Unlike other systems which ship privileged microG out of the box:
- User must enable microG repo in F-Droid
- User must install official microG apps (GmsCore/FakeStore/GSF)
- User must enable the microG toggle in Settings
- NOT a privileged app, not all features will work
- gmscore SELinux domain is still disabled

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 13:45:06 -04:00
Tad
2e2ac4557d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-26 19:41:11 -04:00
Tad
dc4d6b0901
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-20 18:36:31 -04:00
Tad
1e7f10d6b6
20.0: drop June ASB patches
QPR3 has been merged

Signed-off-by: Tad <tad@spotco.us>
2023-06-20 16:22:02 -04:00
Tad
5146f67cee
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-18 07:34:03 -04:00
Tad
cda898f141
Certificate Authority store updates
- Remove some untrustworthy CAs
- Update CA store for all branches to aosp/e302aa968334b3c3fc9cd709a7c7661e0cf534eb

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:54 -04:00
Tad
41e2669884
17.1: switch to flamefire's ASB topics
This gets us ~9 extra patches

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:46 -04:00
Tad
a07133a064
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-16 11:03:46 -04:00
Tad
e2ca79c607
20.0: add dot.sb DNS preset
Signed-off-by: Tad <tad@spotco.us>
2023-06-14 19:42:30 -04:00
Tad
0dde119d7e
20.0 June ASB work + churn
QPR3 is delayed a week now

Patches pulled from GrapheneOS and checked against CalyxOS

Signed-off-by: Tad <tad@spotco.us>
2023-06-12 21:06:42 -04:00
Tad
8c7f3daa00
15.1+16.0 June ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-06-10 05:16:45 -04:00
Tad
ab52996e4f
16.0: switch to upstream topic for May ASB patches
They're identical
I'll likely eventually pull them back in anyway

Signed-off-by: Tad <tad@spotco.us>
2023-06-10 01:57:59 -04:00
Tad
67dd049bf6
17.1 June ASB work
Note: 358555 is prone to mismerge

Signed-off-by: Tad <tad@spotco.us>
2023-06-09 23:42:54 -04:00
Tad
e7b390d7e6
Picks
https://review.lineageos.org/q/topic:%22n-asb-2023-06%22

Signed-off-by: Tad <tad@spotco.us>
2023-06-09 21:59:53 -04:00
Tad
78fa476749
Churn + Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-06-09 16:19:07 -04:00
Tad
04b4a1a45f
Picks + Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-08 22:48:40 -04:00
Tad
ffe020a7a0
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-07 18:01:35 -04:00
Tad
f31b5f6ac9
Update CVE patchers
No change :(

Signed-off-by: Tad <tad@spotco.us>
2023-06-05 16:26:16 -04:00
Tad
11d228c7c3
Switch CensurfriDNS to anycast domain
Signed-off-by: Tad <tad@spotco.us>
2023-06-05 15:47:21 -04:00
Tad
2ee99fe3ef
Update CVE patchers
CVE-2020-36694 appears to be a duplicate of CVE-2021-29650

Signed-off-by: Tad <tad@spotco.us>
2023-06-01 21:12:08 -04:00
Tad
e696cceac9
20.0 Private DNS work
- Simplify Private DNS preset patchsets
  based on updated CalyxOS patchset
  TODO: backport this

- Add DoH endpoints for all of the presets
  Disabled, very few hosts actually support DoH/3

Signed-off-by: Tad <tad@spotco.us>
2023-05-31 19:02:10 -04:00
Tad
8a43be3c58
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-05-30 15:17:29 -04:00
Tad
59bda0360e
Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-05-30 13:59:28 -04:00