Tad
19b03c9ff4
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-28 17:43:48 -04:00
Tad
a56e3a3016
Disable the bionic hardening patchset to fix boot issues
...
10+4 devices tested working with bionic hardening patches enabled
but hammerhead and shamu do not boot...
2 of the patches were already found to have issues and disabled
3 other patches were ruled out:
- Stop implicitly marking mappings as mergeable
- Make __stack_chk_guard read-only at runtime
- On 64-bit, zero the leading stack canary byte
Leaves 11+1 patches remaining that need to be tested
But I don't have either of the two known impacted devices.
Signed-off-by: Tad <tad@spotco.us>
2022-03-19 16:19:00 -04:00
Tad
09353cdcd2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-18 00:07:18 -04:00
Tad
015799737e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 17:16:47 -05:00
Tad
4f75a8272a
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 11:59:30 -05:00
Tad
902239e2b5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 23:20:43 -05:00
Tad
54dbcd9e43
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-07 19:12:10 -05:00
Tad
ac1e89f0c8
Update CVE patchers [the big fixup]
...
This removes many duplicately or wrongly applied patches.
Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely
Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev
Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
This was seemingly fixed with a hand merged patch in patch repo.
Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames
Signed-off-by: Tad <tad@spotco.us>
2022-03-04 00:42:28 -05:00
Tad
f4fbe65756
Various changes
...
- 15.1: asb picks
- 17.1: drop marlin, sailfish, z2_plus, m8
- 4.9 loose versioning fixes
2022-02-24 19:51:44 -05:00
Tad
8b39498b1c
Initial loose versioning work for 4.9
...
This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL
Untested, but looks mild
Signed-off-by: Tad <tad@spotco.us>
2022-02-22 13:44:47 -05:00
Tad
5245109cc1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-19 23:22:19 -05:00
Tad
6ec0c63126
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-13 11:08:22 -05:00
Tad
ce6ee9d8e4
Update CVE patchers
...
CVE-2021-0961 should be fine now
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 05:41:26 -05:00
Tad
b9c7839110
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 01:19:31 -05:00
Tad
e08349a202
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-29 11:51:58 -05:00
Tad
3c1931bcc9
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-19 05:15:32 -05:00
Tad
8cf90d055e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-11 01:12:41 -05:00
Tad
359ce4608f
Small updates
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-07 20:57:54 -05:00
Tad
ed1c151ce5
Update CVE patchers
...
CVE-2021-0961/ANY/0001.patch likely causes breakage
Signed-off-by: Tad <tad@spotco.us>
2021-12-06 17:43:34 -05:00
Tad
c5c3998593
Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝
...
Tested on 14.1 and 15.1 targets
Signed-off-by: Tad <tad@spotco.us>
2021-11-29 21:14:00 -05:00
Tad
67b5a166fc
16.0: extreme loose versioning work
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 22:44:29 -05:00
Tad
7d54ee4be7
14.1: extreme loose versioning work
...
This will apply 3.10 and 3.18 specific patches to 3.0
Example of tuna 3.0 kernel:
199 without loose versioning
311 with loose versioning
364 with extreme loose versioning
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 21:06:26 -05:00
Tad
9b84cebf92
17.1: loose versioning work
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 15:50:11 -05:00
Tad
c153981b3f
15.1: loose versioning work
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 22:40:07 -05:00
Tad
1b1db41869
Initial use of loose versioning for 3.x CVE patches
...
This will for example apply a 3.4 specific patch to 3.0 if no 3.0 specific patch is available.
Tested compiling on 14.1 and booting on toroplus.
Will be applied to other branches soon.
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 18:56:03 -05:00
Tad
f7295a0f74
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 23:50:35 -04:00
Tad
f3277f3c07
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 12:01:36 -04:00
Tad
ec043e961e
Update CVE patchers
...
CVE-2021-20317 might need to be disabled due to QC timer breakage.
Signed-off-by: Tad <tad@spotco.us>
2021-10-27 15:26:53 -04:00
Tad
5d7d710076
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-20 15:01:18 -04:00
Tad
59bd09a807
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-05 14:44:23 -04:00
Tad
025ca7df7f
compile fixups
...
after the CVE-2021-Misc2 import and hardenDefconfig overhaul
also sync 18.1 DnsResovler patches with:
6332b25b87
f8490d024a
Signed-off-by: Tad <tad@spotco.us>
2021-10-01 12:34:22 -04:00
Tad
27fe558b76
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-29 16:47:50 -04:00
Tad
f5a58bd35f
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-23 20:56:00 -04:00
Tad
35036e694d
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-08 22:59:33 -04:00
Tad
0ade46cc8e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-07 16:57:15 -04:00
Tad
809a361e07
Update CVE patchers
...
Don't introduce https://gitlab.com/LineageOS/issues/android/-/issues/3916
Will consider adding it as a revert
Signed-off-by: Tad <tad@spotco.us>
2021-09-04 14:35:24 -04:00
Tad
79132fddef
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 11:07:07 -04:00
Tad
2d468d9da2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-09 14:44:48 -04:00
Tad
3f311f84ad
Changes
...
- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes
Signed-off-by: Tad <tad@spotco.us>
2021-08-06 18:36:57 -04:00
Tad
477b0a1a62
More fixes
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 10:58:22 -04:00
Tad
9e548cabf5
Fixup 3d69ad87
...
Tested to compile bacon, ether, and griffin kernels
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 18:46:38 -04:00
Tad
3d69ad873e
\"\'FIXES\'\" PART 2
...
There will likely be some breakage here.
Many of these patches have been here since the start and never used.
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 15:14:02 -04:00
Tad
2c05482872
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-07-31 09:17:08 -04:00
Tad
b61264e3b9
Update CVE patchers
2021-07-27 00:17:14 -04:00
Tad
ca51db0be0
Update CVE patchers
2021-07-21 22:48:29 -04:00
Tad
a43601e77b
Update CVE patchers
...
I expect breakage.
2021-07-10 11:39:14 -04:00
Tad
12283124b5
Fixup last commit
2021-07-04 17:05:27 -04:00
Tad
f6357512a7
Update CVE patchers
2021-07-04 14:41:44 -04:00
Tad
44003bd2f5
Update CVE patchers
2021-06-30 17:05:59 -04:00
Tad
48f35901c2
Update CVE patchers
2021-06-16 23:17:37 -04:00
Tad
d42c8f033d
Small changes
...
- Fixup CVE-2020-36386 breakage
- Move some cherrypicks in tree (gerrit down right now, pulled from reflog)
- Update cherrypicks
2021-06-15 05:46:30 -04:00
Tad
71fe4d590e
Small tweaks
...
- 14.1: drop z00t, compiles on 15.1
- fix double patch breakage for CVE-2020-36386
- clark: fix recovery firmware extraction, hopefully
2021-06-12 10:49:54 -04:00
Tad
4b044379ec
Update CVE patchers
2021-06-11 11:00:54 -04:00
Tad
d9c49b56c3
Update CVE patchers
2021-06-07 22:30:33 -04:00
Tad
1e5df6f42e
Update CVE patchers
2021-06-03 13:28:32 -04:00
Tad
13bffe05e7
Update CVE patchers
2021-05-21 09:14:31 -04:00
Tad
731e0e995c
Update CVE patchers
2021-05-07 21:48:29 -04:00
Tad
5f0ae93a0b
Drop the umn patch list
...
Most seem OK
2021-04-25 11:25:32 -04:00
Tad
81084a26d7
Update CVE patchers
2021-04-17 11:01:30 -04:00
Tad
1ba3585c9b
14.1: drop axon7, it compiles on 15.1
2021-04-14 23:41:31 -04:00
Tad
a423f977ff
Update CVE patchers
2021-04-12 20:53:35 -04:00
Tad
8e496341b5
Small tweaks + ASB cherrypicks
2021-04-08 05:40:22 -04:00
Tad
f48738f944
Update CVE patchers
2021-04-06 20:55:55 -04:00
Tad
d8712ad62a
Update CVE patchers
2021-03-24 16:31:25 -04:00
Tad
5d14e4b4f7
Small changes
...
- Add m7 and avicii (untested)
- Use low_ram target on <2GB devices
Silly me, this never did anything due to the git reset...
- Update Chromium WebView cherrypick
2021-03-24 14:43:12 -04:00
Tad
92dcea3b7d
Update CVE patchers
2021-03-20 16:04:14 -04:00
Tad
c6f2a5a06d
Fixup ef0ee2c3
2021-03-15 01:06:23 -04:00
Tad
ef0ee2c316
Update CVE patchers
2021-03-14 21:59:19 -04:00
Tad
60070a19bd
Update CVE patchers
...
Consider splitting CVE-2020-27067 to restore basic patches.
2021-03-04 15:10:24 -05:00
Tad
5a3b13e650
Update CVE patchers
2021-02-28 17:56:07 -05:00
Tad
41a04ebd36
Update CVE patchers
2021-02-10 15:55:51 -05:00
Tad
f1e2e43642
Update CVE patchers
2021-02-07 19:41:46 -05:00
Tad
3c0aaaa803
Update CVE patchers
2021-02-06 13:04:52 -05:00
Tad
d44eca7187
Update CVE patchers
2021-02-03 19:40:55 -05:00
Tad
8fbe6a4bd2
Update CVE patchers
2021-02-03 11:50:22 -05:00
Tad
6a1fb99cc9
Unbreak last commit
...
This should be most of it
also
- properly update webview, repopick doesn't seem to handle the branch
- always cd back to base, to prevent script breakage
2021-01-25 13:31:57 -05:00
Tad
08142c2c9d
Update CVE patchers
...
I expect breakage.
2021-01-24 00:30:24 -05:00
Tad
c17623a87a
Update CVE patchers
2021-01-16 22:48:28 -05:00
Tad
e557ca3710
Update CVE patchers
2021-01-05 14:26:15 -05:00
Tad
ff96315fb4
Update CVE patchers
2020-12-30 11:08:19 -05:00
Tad
1be184bac9
Small tweaks
2020-12-16 07:48:41 -05:00
Tad
39727cb7c7
Update CVE patchers
2020-12-10 14:09:58 -05:00
Tad
3ec13d6bc8
Update CVE patchers
2020-12-08 10:24:24 -05:00
Tad
e36a91facc
Update CVE patchers
2020-12-07 09:36:20 -05:00
Tad
9c691d02ab
Update CVE patchers
2020-12-03 22:43:23 -05:00
Tad
09722044b0
Update CVE patchers
2020-11-29 19:06:06 -05:00
Tad
69c8bdfb22
Update CVE patchers
2020-11-26 09:03:45 -05:00
Tad
445582fe2a
Update CVE patchers
2020-11-19 17:15:55 -05:00
Tad
523264aebb
Update CVE patchers
2020-11-12 23:46:38 -05:00
Tad
e7a65ff912
Small fixes
2020-11-09 22:55:36 -05:00
Tad
dc5b1d91f2
Update CVE patchers
2020-11-06 16:15:16 -05:00
Tad
5ec84b9f7b
Update CVE patchers
2020-10-30 14:35:12 -04:00
Tad
95077df728
Update CVE patchers
2020-10-23 15:51:19 -04:00
Tad
d889ae4642
Update CVE patchers
2020-10-17 15:28:42 -04:00
Tad
6d15a2bb82
Update CVE patchers
2020-10-15 22:36:28 -04:00
Tad
688f4dd953
More CVE patcher fixes
2020-10-15 21:31:46 -04:00
Tad
cc64ce1634
Update CVE patchers
2020-10-14 16:28:07 -04:00
Tad
10d042c3c0
Update CVE patchers
2020-10-14 15:20:06 -04:00
Tad
6c9c91941e
Fix errors from compile test of all 14.1 kernels
2020-10-14 14:23:22 -04:00
Tad
d53a4f4e41
Update CVE patchers
...
- Drop tcp_sack=0 sysctl, as most devices are now patched
2020-10-12 18:38:07 -04:00
Tad
260140f0a1
Update CVE patchers
2020-10-10 11:56:35 -04:00
Tad
8bdad21040
Update CVE patchers
2020-10-06 23:36:29 -04:00
Tad
b56fabac3b
Update CVE patchers
...
I expect some breakage here
2020-10-06 21:14:18 -04:00
Tad
bf9167f442
Update CVE patchers
2020-10-05 21:38:25 -04:00
Tad
92879ec2a4
Update CVE patchers
2020-09-23 06:31:34 -04:00
Tad
3bc1463017
Update CVE patchers
2020-09-18 10:36:01 -04:00
Tad
8c1e8ee3e3
Update CVE patchers
2020-09-17 15:35:48 -04:00
Tad
d16a362141
ASB cherry picks + Fixup 2f83043c
...
TODO: rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk
2020-09-12 08:29:09 -04:00
Tad
76fcd8a0d4
Update CVE patchers
2020-09-08 18:19:52 -04:00
Tad
37ff7ddc2d
Update CVE patchers
2020-09-02 15:03:00 -04:00
Tad
ec17d20f58
Update CVE patchers
2020-08-22 11:03:23 -04:00
Tad
f19dbe5958
More fixes for a69326f3
2020-08-10 03:46:36 -04:00
Tad
887ebb84c5
Update CVE patchers
...
Includes many fixes for a69326f3
but probably breaks other things
2020-08-09 07:29:19 -04:00
Tad
a69326f396
Update CVE patchers
...
Untested. I expect some breakage.
2020-08-08 13:06:39 -04:00
Tad
af54500797
Update CVE patchers
2020-08-03 18:15:27 -04:00
Tad
c715d549a7
Update CVE patchers
2020-07-07 01:57:39 -04:00
Tad
9bafe76906
Update CVE patchers
2020-06-27 02:29:14 -04:00
Tad
5797ea8fc4
Small fixes
...
CVE-2019-14047/ANY/0002.patch will probably need to be disabled on more devices
2020-06-02 17:33:27 -04:00
Tad
ca77d36357
Update CVE patchers
2020-06-02 02:23:57 -04:00
Tad
31d6ab5299
Update CVE patchers
2020-05-28 23:06:53 -04:00
Tad
25cc3c5a10
Update CVE patchers
2020-05-18 16:25:41 -04:00
Tad
2aa65e6b16
Cherry picks
2020-05-11 07:57:53 -04:00
Tad
e962fdeb81
Update CVE patchers
2020-05-04 17:18:50 -04:00
Tad
9fcb91793e
Update CVE patchers
2020-04-26 13:24:43 -04:00
Tad
cdd74148b9
Patcher build fixes
2020-04-12 13:58:02 -04:00
Tad
0c89accfb5
Update CVE patchers
2020-04-06 22:23:37 -04:00
Tad
c26b3e95c7
Minor tweaks
...
- Cherry pick PPP/CVE-2020-8597 patches
- Add some more DNS providers
- Switch default DNS to Cloudflare's new malware blocking provider
- GCC 10 build fix
- Update CVE patchers (select)
2020-04-05 15:53:58 -04:00
Tad
01843b6b2b
Update incrementals
2020-03-02 19:33:43 -05:00
Tad
4e25046418
Many changes
...
- Add OnePlus 2, 3/T, 5/T
- Fix flounder
- Cherrypicks
2020-02-17 22:21:47 -05:00
Tad
cc28df15f7
Cherry picks + fix 5 failing devices
2020-02-09 13:52:25 -05:00
Tad
2734a075c6
Update CVE patchers
2020-02-03 21:36:49 -05:00
Tad
332807d427
Update CVE patchers
2020-02-02 12:09:49 -05:00
Tad
d8c2a56124
Update CVE patchers
2019-12-11 20:21:14 -05:00
Tad
4610cd9bde
Update CVE patchers
...
CVE-2019-19252 was dropped
dependent on d21b0be246
2019-12-03 06:12:46 -05:00
Tad
f90b62982b
Update CVE patchers
2019-11-24 20:13:55 -05:00
Tad
d64534a7c1
Update CVE patchers
2019-11-04 21:04:49 -05:00
Tad
640ef60b83
Move many old cherry picks in tree for archival/support purposes
2019-10-19 22:03:59 -04:00
Tad
579f340c3c
Update CVE patchers
2019-10-04 14:43:19 -04:00
Tad
ae87cffe34
14.1: add v1awifi
2019-09-18 18:04:22 -04:00
Tad
e01e457b24
Per-device signing keys
...
- also fix OTA/recovery key regression
- Update cherrypicks
2019-09-15 22:18:04 -04:00
Tad
ec48a4c89c
Update CVE patchers
2019-09-04 01:31:12 -04:00
Tad
eccf9c6f6d
Many new devices
...
- hammerhead: 15.1 -> 16.0
- axon7: 14.1, 15.1
- cheryl: 16.0
- crackling: 14.1, 15.1, 16.0
- ham: 14.1, 15.1, 16.0
- kipper: 14.1, 15.1, 16.0
- z2_plus: 16.0
2019-08-23 17:27:53 -04:00
Tad
aee6b66dd8
Update CVE patchers
2019-08-05 16:03:41 -04:00
Tad
bad890614e
Update CVE patchers
2019-07-21 09:47:10 -04:00
Tad
a29825f6e1
Update CVE patchers
2019-07-01 18:06:05 -04:00
Tad
55c3072089
Going the distance... [pt2]
2019-06-18 13:51:04 -04:00
Tad
c15105d945
Update CVE patchers
2019-06-17 23:26:38 -04:00
Tad
1d67143181
Update CVE patchers
2019-06-08 04:09:24 -04:00
Tad
d7078bafd6
Update CVE patchers
2019-06-03 18:41:24 -04:00
Tad
380353773e
Fixes
2019-05-17 20:48:26 -04:00