Commit Graph

605 Commits

Author SHA1 Message Date
Tad
fc9032513f
Update CVE patchers
Likely issue CVE-2023-3773/^6.4

Signed-off-by: Tad <tad@spotco.us>
2023-08-27 17:13:53 -04:00
Tad
aa0ab3c1ba
Revert "Try to fixup cell service on crackling"
didn't work

This reverts commit 43e55668fd.
2023-08-25 09:56:20 -04:00
Alberto García
62ca909711
Push davinci to 20.0 2023-08-24 19:06:22 -04:00
Tad
52a0c55c41
Fixups
- Revert Freetype branch switching for 15.1+, broken
- Don't include OpenEUICC on Pixel 2 and 3 series, they won't work
- Churn

Signed-off-by: Tad <tad@spotco.us>
2023-08-24 03:06:02 -04:00
Tad
1fde0f9c45
More branch switching, thanks to @syphyr
Signed-off-by: Tad <tad@spotco.us>
2023-08-23 11:05:05 -04:00
Tad
43e55668fd
Try to fixup cell service on crackling
netmgrd appears incompatible with hmalloc
noted by @fishy1337
https://github.com/Divested-Mobile/DivestOS-Build/issues/204#issuecomment-1676439970

Signed-off-by: Tad <tad@spotco.us>
2023-08-18 11:24:04 -04:00
Tad
2142e2e763
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-08-17 17:18:10 -04:00
Tad
160aee5049
Backport patch to handle verity with openssl 3.0
ref: https://github.com/Divested-Mobile/DivestOS-Website/pull/19

Signed-off-by: Tad <tad@spotco.us>
2023-08-11 18:53:01 -04:00
Tad
974878988b
Fixup
Will regen later

Signed-off-by: Tad <tad@spotco.us>
2023-08-09 00:46:44 -04:00
Tad
f52adb2bc5
17.1 August ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 06:31:22 -04:00
Tad
e627cdee05
Sync with @flamefire's Q_asb_2023-07
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 05:01:00 -04:00
Tad
eef09ae519
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-08-07 18:07:19 -04:00
Tad
180280b233
Update CVE patchers
TODO: adjust min version of CVE-2023-4132

Signed-off-by: Tad <tad@spotco.us>
2023-08-04 21:00:29 -04:00
Tad
7b7d5b93dd
Adjust
Signed-off-by: Tad <tad@spotco.us>
2023-07-27 13:43:06 -04:00
Tad
73414e76d2
Update CVE patchers
two lpes

Signed-off-by: Tad <tad@spotco.us>
2023-07-25 12:04:05 -04:00
Tad
e74f861c8e
Fixes + Churn
- Fix instances of awk failing on missing globs
- Remove unwanted packages from work/user/managed profiles
- Remove proprietary camera extensions

Signed-off-by: Tad <tad@spotco.us>
2023-07-24 03:59:51 -04:00
Tad
e408e7e19a
Drop devices with newer versions available
14.1: clark
15.1: deb, flo, hammerhead, shamu, ether
16.0: hammerhead
19.1: alioth

Signed-off-by: Tad <tad@spotco.us>
2023-07-22 19:17:42 -04:00
Tad
0f9a2c7aea
Less aggressive low_ram enablement
14.1 <2GB
15.1 <2GB
16.0 <2GB
17.1 <3GB
18.1 <3GB
19.1 <4GB
20.0 <4GB

Signed-off-by: Tad <tad@spotco.us>
2023-07-17 18:44:56 -04:00
Tad
b6308caa37
Update CVE patchers
TODO: enable CVE-2023-31084/4.4

Signed-off-by: Tad <tad@spotco.us>
2023-07-15 21:22:18 -04:00
Tad
aa6bfad801
Various
- Drop OpenCamera, it doesn't work on lock screens anymore?
- microG on 18.1+:
  - set packages forceQueryable
  - spoof some sources as Play Store
    TODO: backport this to 17.1
- Remove camera extensions
- Churn
- Wording

Signed-off-by: Tad <tad@spotco.us>
2023-07-15 18:22:07 -04:00
Tad
192c73146a
Add a toggle for KSM
Signed-off-by: Tad <tad@spotco.us>
2023-07-14 17:11:21 -04:00
Tad
15de8ed2e8
Expand the low_ram coverage
As follows
14.1 <3GB
15.1 <3GB
16.0 <3GB
17.1 <3GB
18.1 <4GB
19.1 <6GB
20.0 <6GB

Signed-off-by: Tad <tad@spotco.us>
2023-07-13 18:31:03 -04:00
Tad
eff7a69bed
Small changes
- Another fix
- Deblobber tweaks
- Patch from GrapheneOS
- Cherrypick

Signed-off-by: Tad <tad@spotco.us>
2023-07-13 10:58:41 -04:00
Tad
ad8e5b631a
16.0+17.1: Extra July ASB backport from @MSe1969
Signed-off-by: Tad <tad@spotco.us>
2023-07-09 14:49:51 -04:00
Tad
293f97d678
16.0 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 17:24:47 -04:00
Tad
4db68c3de1
Fixup b92655da
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 15:28:55 -04:00
Tad
b92655dac4
17.1 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 14:17:23 -04:00
Tad
a1a3cbb94e
Fix overlay conflicts
Should mostly fix https://github.com/Divested-Mobile/DivestOS-Build/issues/219

Signed-off-by: Tad <tad@spotco.us>
2023-07-06 14:51:40 -04:00
Tad
c4666a33b7
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-07-05 19:42:40 -04:00
Tad
4282c7c35f
Backports of 0f4044e2 to 17.1/18.1/19.1
Also don't grant any special location permissions

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 15:17:56 -04:00
Tad
2e2ac4557d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-26 19:41:11 -04:00
Tad
cda898f141
Certificate Authority store updates
- Remove some untrustworthy CAs
- Update CA store for all branches to aosp/e302aa968334b3c3fc9cd709a7c7661e0cf534eb

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:54 -04:00
Tad
41e2669884
17.1: switch to flamefire's ASB topics
This gets us ~9 extra patches

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:46 -04:00
Tad
a07133a064
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-16 11:03:46 -04:00
Tad
8c7f3daa00
15.1+16.0 June ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-06-10 05:16:45 -04:00
Tad
67dd049bf6
17.1 June ASB work
Note: 358555 is prone to mismerge

Signed-off-by: Tad <tad@spotco.us>
2023-06-09 23:42:54 -04:00
Tad
2ee99fe3ef
Update CVE patchers
CVE-2020-36694 appears to be a duplicate of CVE-2021-29650

Signed-off-by: Tad <tad@spotco.us>
2023-06-01 21:12:08 -04:00
Tad
59bda0360e
Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-05-30 13:59:28 -04:00
Tad
8463705798
Update CVE patchers
- Includes CVE-2023-32233 fixes for more devices
- Upstream has reverted the LVT patches, maybe consider handling them

Signed-off-by: Tad <tad@spotco.us>
2023-05-22 20:33:47 -04:00
Tad
cd0a29d69b
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-05-12 23:28:44 -04:00
Tad
8503986acb
17.1 May ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-05-07 14:29:54 -04:00
Tad
6d2a255eef
Remove User-Agent (and serial) from source built libloc
Signed-off-by: Tad <tad@spotco.us>
2023-05-05 22:27:27 -04:00
Tad
c544c28b94
Prevent Qualcomm location stack from reading chipset serial number
The deblobber already removes xtra-daemon which is what actually performs the requests.
This is just extra sanctity.

Signed-off-by: Tad <tad@spotco.us>
2023-05-03 21:41:20 -04:00
Tad
366b4eb5ef
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 18:01:39 -04:00
Tad
39b0c9e036
Remove broken emoji updates
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 15:31:57 -04:00
Tad
7b2eb1079a
Update emoji list in LatinIME too and disable
tested not working on 15.1
shows as cross boxes or double characters

Signed-off-by: Tad <tad@spotco.us>
2023-04-29 16:56:13 -04:00
Tad
86b7525400
Update the emojis, untested
Signed-off-by: Tad <tad@spotco.us>
2023-04-29 16:17:00 -04:00
Tad
91ec03f096
Fixup davinci
Signed-off-by: Tad <tad@spotco.us>
2023-04-29 11:17:32 -04:00
Tad
e7d8f7598b
17.1 extra backports, credit @Flamefire
Includes 2 extra patches from
https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-04

Santiy checked patches against
https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-03

Signed-off-by: Tad <tad@spotco.us>
2023-04-29 11:17:21 -04:00
Tad
ab4eceb830
17.1 April ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-04-28 17:17:54 -04:00
Tad
47136145e5
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-04-23 23:20:36 -04:00
Tad
9ba61642de
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-04-17 23:19:28 -04:00
Tad
aad60b7567
Promotions
16.0 santoni/land to 20.0 Mi8937 unified
17.1 griffin to 18.1
17.1 star*/crownlte to 20.0
20.0 add pro1x

Signed-off-by: Tad <tad@spotco.us>
2023-04-17 21:36:49 -04:00
Tad
2cc87c4dc7
Switch fingerprint locked to 5 attempts instead of 3 + churn
Signed-off-by: Tad <tad@spotco.us>
2023-04-12 15:26:26 -04:00
Tad
9a97c7013b
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-04-05 12:43:36 -04:00
Tad
4435c200ed
15.1+: vCard 4.0 support from GrapheneOS
8fbeedd002

Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/202

Signed-off-by: Tad <tad@spotco.us>
2023-04-04 12:50:42 -04:00
Tad
750f244304
Updates, logging, and churn
also add an extra March ASB patch for 17.1

Signed-off-by: Tad <tad@spotco.us>
2023-03-31 12:38:46 -04:00
Tad
ca93ef33ce
Slightly improve compatibility with apps that want GSF
38a5ca05e9

Signed-off-by: Tad <tad@spotco.us>
2023-03-28 23:45:58 -04:00
Tad
9039ae3ed1
17 extra March patch
Signed-off-by: Tad <tad@spotco.us>
2023-03-28 23:42:28 -04:00
Tad
2907be1be5
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-28 00:48:08 -04:00
Tad
fe80137df9
Don't remove CompanionDeviceManager
Used by some wearables, not just Android Wear

Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/196

Signed-off-by: Tad <tad@spotco.us>
2023-03-25 20:21:38 -04:00
Tad
61a3892314
Drop devices working on 20.0
Removes:
- 19.1: mata and FP3
- 17.1: avicii

all above tested/reported working on 20.0

Signed-off-by: Tad <tad@spotco.us>
2023-03-25 17:04:25 -04:00
Tad
44fa294eca
17.1 March ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-03-21 15:01:12 -04:00
Tad
ec38522af9
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-03-18 20:52:59 -04:00
Tad
8bcb5c734d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-17 19:27:22 -04:00
Tad
38626e1b0c
Picks + Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-03-14 16:58:27 -04:00
Tad
162b40a39d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-13 18:13:54 -04:00
Tad
fd1becb8c4
20.0: bringup avicii
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 17:29:58 -05:00
Tad
ef2fdb1d3e
More handling improvements
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 16:14:51 -05:00
Tad
0b294c1601
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 16:01:49 -05:00
Tad
5d0ab40f0b
Robustness improvements
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 01:14:06 -05:00
Tad
6ba784ac33
Some actual error handling 1/n
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 00:03:23 -05:00
Tad
097019193e
Don't bail when devices are missing
Signed-off-by: Tad <tad@spotco.us>
2023-03-07 23:41:27 -05:00
Tad
804786aa23
Update CVE patchers
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/193

Signed-off-by: Tad <tad@spotco.us>
2023-03-06 19:54:15 -05:00
Tad
b8f39716f1
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-02-26 12:21:36 -05:00
Tad
9f82763c53
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-02-17 23:57:04 -05:00
Tad
e9f58cfd3c
VPN fixes
Some devices still don't have these in 2023
https://gitlab.com/LineageOS/issues/android/-/issues/2193

Note, the following still aren't patched:
15.1
kernel/google/msm
kernel/lge/hammerhead

16.0
kernel/cyanogen/msm8974
kernel/lge/hammerhead

18.1
kernel/motorola/msm8974

Signed-off-by: Tad <tad@spotco.us>
2023-02-12 21:34:23 -05:00
Tad
a845f59546
Fixup persistent IPv6 privacy address issue + churn
Backports of rfc4941bis from Google/Linaro
and workaround for legacy kernels from GrapheneOS

already has rfc4941bis patch:
fairphone_sdm632
google_gs101
google_gs201
google_msm-4.14
google_msm-4.9
google_redbull
oneplus_sdm845
razer_sdm845
xiaomi_sdm845

Signed-off-by: Tad <tad@spotco.us>
2023-02-11 20:26:24 -05:00
Tad
62b2318078 Backports + Picks
Signed-off-by: Tad <tad@spotco.us>
2023-02-11 19:20:28 -05:00
Tad
3047b3b269
Fixup kipper & starlte
Signed-off-by: Tad <tad@spotco.us>
2023-02-10 08:19:23 -05:00
Tad
0e9599af6d
Fixup
Signed-off-by: Tad <tad@spotco.us>
2023-02-09 22:46:42 -05:00
Tad
fa067a3f89
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-02-06 23:06:34 -05:00
Tad
19d5f73b50
Remove silly carrier restrictions
Signed-off-by: Tad <tad@spotco.us>
2023-02-03 22:17:13 -05:00
Tad
dc853bfdae
WebView: Switch to dedicated package name
And remove the F-Droid repo for it, will be moved to the 'DivestOS Official' repo
This simplifies release management and also allows other systems to benefit from the repo

Downside is users who don't update to this build won't receive any updates for it anymore

Signed-off-by: Tad <tad@spotco.us>
2023-02-02 17:17:30 -05:00
Tad
20c4e75fe1
Fixes
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 18:30:29 -05:00
Tad
4f6e21d7f9 Deduplicate Defaults.sh
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:57:13 -05:00
Tad
af3fe9776b Small updates
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:19:21 -05:00
Tad
1511176a07
Update CVE patchers
Maybe some breakage

Signed-off-by: Tad <tad@spotco.us>
2023-01-28 20:33:44 -05:00
Tad
3231979ef4
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-01-24 20:55:42 -05:00
Tad
da1df44c8f
GrapheneOS kernel hardening patches update
Maybe some compile breakage

Signed-off-by: Tad <tad@spotco.us>
2023-01-24 19:03:01 -05:00
Tad
e81cd5586d
Add even more captive portal servers + sorting
TODO: apply to other branches

Signed-off-by: Tad <tad@spotco.us>
2023-01-23 16:42:00 -05:00
Tad
9558a7d0e9 Switch to the Broadcom PSDS server for Pixel 6/7 series
Instead of agnss.goog cache
Based off of a patch from GrapheneOS

Signed-off-by: Tad <tad@spotco.us>
2023-01-21 04:08:26 -05:00
Tad
ad466bd3e4
Various changes
- 17.1: Add more captive portal server options like 18.1+, disabled: needs fixes
- 17.1: Add the hosts toggle like 18.1+
- 18.1: fix junk in patch
- 17.1+: hosts toggle: bugfix: fixup localhost handling by switching to strcmp
- 15.1: fixes to get hmalloc to compile, does NOT boot

Signed-off-by: Tad <tad@spotco.us>
2023-01-20 18:59:02 -05:00
Tad
91807acf21
various small fixes
- loose versioning fixes for 4.9
- remove GPG commit verification for GOS repos, they use SSH now. TODO: support that
- 20.0: fixup AudioFX stray lines
- 20.0: broken fix for gs101/201 stray iwlan lines

Signed-off-by: Tad <tad@spotco.us>
2023-01-18 20:02:11 -05:00
Tad
5ce2d33162
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-01-18 14:13:33 -05:00
Tad
2153422bb0
Potentially unbreak video playback on vayu, davinci, guacamole*, and hotdog*.
Signed-off-by: Tad <tad@spotco.us>
2023-01-13 21:27:18 -05:00
Tad
b82427ce5b Conservative reverse loose versioning for 3.10
This applies 3.4 patches to 3.10 if no other match is available

Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch

Signed-off-by: Tad <tad@spotco.us>
2023-01-13 15:51:46 -05:00
Tad
14f40e024f
Update CVE patchers
This adds loose versioning applying 4.14 patches to 4.9

Signed-off-by: Tad <tad@spotco.us>
2023-01-13 13:23:12 -05:00
Tad
10c1d825c2
Revert e10d4b17
17.1 is plagued with the same issue, no reason to use it

Signed-off-by: Tad <tad@spotco.us>
2023-01-07 11:17:21 -05:00
Tad
efa31534a9
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-01-07 10:52:03 -05:00