Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,134 Commits 1 Branch 0 Tags 101 MiB
4fae529ddc
Commit Graph

324 Commits

Author SHA1 Message Date
Tad
da1df44c8f
GrapheneOS kernel hardening patches update 
Maybe some compile breakage

Signed-off-by: Tad <tad@spotco.us>
 2023-01-24 19:03:01 -05:00
Tad
5ce2d33162
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-18 14:13:33 -05:00
Tad
2153422bb0
Potentially unbreak video playback on vayu, davinci, guacamole*, and hotdog*. 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-13 21:27:18 -05:00
Tad
b82427ce5b Conservative reverse loose versioning for 3.10 
This applies 3.4 patches to 3.10 if no other match is available

Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch

Signed-off-by: Tad <tad@spotco.us>
 2023-01-13 15:51:46 -05:00
Tad
14f40e024f
Update CVE patchers 
This adds loose versioning applying 4.14 patches to 4.9

Signed-off-by: Tad <tad@spotco.us>
 2023-01-13 13:23:12 -05:00
Tad
10c1d825c2
Revert e10d4b17 
17.1 is plagued with the same issue, no reason to use it

Signed-off-by: Tad <tad@spotco.us>
 2023-01-07 11:17:21 -05:00
Tad
f2d87b1e81
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-03 20:18:40 -05:00
Tad
06eed1fba9
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-31 21:41:46 -05:00
Tad
e10d4b1799
17.1: restore m8 
18.1 has some display artifacting issues and hangs

Signed-off-by: Tad <tad@spotco.us>
 2022-12-28 14:38:05 -05:00
Tad
7d6b8e3aeb
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-22 11:33:47 -05:00
Tad
03293f6b52
Fixup 
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels

Signed-off-by: Tad <tad@spotco.us>
 2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-16 22:06:13 -05:00
Tad
a62922e72d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-06 15:00:40 -05:00
Tad
038fca449b
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-30 08:28:40 -05:00
Tad
c4fe56a307
Update CVE patchers 
This fixes CVE-2018-9422 which was primarily added via b56fabac

May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937

Signed-off-by: Tad <tad@spotco.us>
 2022-11-21 08:39:10 -05:00
Tad
b81d39c969
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-11 16:05:22 -05:00
Tad
27395374e1
Fixup + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-11 13:54:57 -05:00
Tad
ac3dc319c7
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-07 15:51:17 -05:00
Tad
7fb334d825
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-03 13:25:38 -04:00
Tad
c051cb282d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-22 21:39:01 -04:00
Tad
2acd454f13
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-13 23:42:20 -04:00
Tad
2166491d5d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-12 17:11:06 -04:00
Tad
bf66d5db45
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 20:59:55 -04:00
Tad
d78121a1c0
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 10:22:17 -04:00
Tad
598d78bb61
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-25 13:49:45 -04:00
Tad
411fcc08e1
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-15 14:11:58 -04:00
Tad
2bc43f195c
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-07 10:04:28 -04:00
Tad
b6e9f50cb5
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-04 14:05:36 -04:00
Tad
da15dc05d5
Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 14:00:52 -04:00
Tad
adb61b0fb2
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 12:15:45 -04:00
Tad
d8d8e457a1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-21 10:44:12 -04:00
Tad
8b67d5c41e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-10 22:02:37 -04:00
Tad
12c56938cb Improve CVE-2021-1048 patching on 3.x kernels 
It is still actively being used by malware.

This largely handles 3.0, 3.4, and 3.10 kernels.
It works for select 3.18 kernels too.

TODO: need alternate get_file_rcu backport for the following:
15.1/lge_msm8996
15.1/zte_msm8996
16.0/xiaomi_msm8937
17.1/motorola_msm8996
18.1/google_marlin
18.1/lge_msm8996
18.1/oneplus_msm8996

Signed-off-by: Tad <tad@spotco.us>
 2022-08-09 21:39:25 -04:00
Tad
31a67f054d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-04 11:12:40 -04:00
Tad
2b299c1aff Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-21 21:28:26 -04:00
Tad
1d64c759a5 Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-10 00:31:44 -04:00
Tad
d3632c25ce Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-07 21:47:59 -04:00
Tad
2c27a88a24 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-06 19:22:21 -04:00
Tad
7b8ef09540 Update CVE patchers 
Effectively no changes

Signed-off-by: Tad <tad@spotco.us>
 2022-07-04 18:30:09 -04:00
Tad
ac645dd62e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-28 11:32:05 -04:00
Tad
519a474173 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-19 22:44:05 -04:00
Tad
70b8485695 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-09 17:59:48 -04:00
Tad
c092b13a44 Restore star*lte 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-08 22:55:00 -04:00
Tad
697bed18fb 17.1+18.1: Drop all devices working on 19.1 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-04 14:26:44 -04:00
Tad
899ea17d4e Add the missing page sanitization to 3.18 kernels 
All along they only had slub sanization :(

Signed-off-by: Tad <tad@spotco.us>
 2022-06-04 12:00:01 -04:00
Tad
6d95c231bc Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-31 21:29:22 -04:00
Tad
735c9e0de8 Revert 5d57bf13 
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices

Signed-off-by: Tad <tad@spotco.us>
 2022-05-27 23:46:57 -04:00
Tad
28724c4a6e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-25 22:52:22 -04:00
Tad
2c4caa30a1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-24 00:36:49 -04:00
Tad
e8bc36af04 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-20 17:16:29 -04:00
Tad
bf7c06105c Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-12 22:13:06 -04:00
Tad
b2eb3c01b4 Update CVE patchers 
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375

Signed-off-by: Tad <tad@spotco.us>
 2022-05-03 23:33:17 -04:00
Tad
3316cc4824 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-27 07:46:22 -04:00
Tad
3457fd4151 Device cleanup 
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo

Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)

Signed-off-by: Tad <tad@spotco.us>
 2022-04-26 15:19:57 -04:00
Tad
e666a4a891 Update CVE patchers 
TODO: maybe split CVE-2022-23960/4.9 to get back?

Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 14:38:44 -04:00
Tad
30de608a61 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-12 02:51:44 -04:00
Tad
b464106cc5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-04 15:51:23 -04:00
Tad
01900ca1c6 Reverts 
WebView overlay is breaking boot on 15.1???

This reverts commit e61e288b4a.
 2022-04-01 17:07:27 -04:00
Tad
3f9b346345 Fix boot breakage 
On devices with quota enabled and impacted by this patch

Signed-off-by: Tad <tad@spotco.us>
 2022-04-01 10:30:30 -04:00
Tad
e1f5d99e51 Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-01 08:16:28 -04:00
Tad
e26908b9e0 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-31 21:30:56 -04:00
Tad
19b03c9ff4 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-28 17:43:48 -04:00
Tad
a56e3a3016 Disable the bionic hardening patchset to fix boot issues 
10+4 devices tested working with bionic hardening patches enabled
but hammerhead and shamu do not boot...

2 of the patches were already found to have issues and disabled
3 other patches were ruled out:
- Stop implicitly marking mappings as mergeable
- Make __stack_chk_guard read-only at runtime
- On 64-bit, zero the leading stack canary byte
Leaves 11+1 patches remaining that need to be tested
But I don't have either of the two known impacted devices.

Signed-off-by: Tad <tad@spotco.us>
 2022-03-19 16:19:00 -04:00
Tad
09353cdcd2 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-18 00:07:18 -04:00
Tad
015799737e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-09 17:16:47 -05:00
Tad
4f75a8272a Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-09 11:59:30 -05:00
Tad
902239e2b5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-08 23:20:43 -05:00
Tad
de764885b3 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-08 12:56:52 -05:00
Tad
54dbcd9e43 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-07 19:12:10 -05:00
Tad
ac1e89f0c8 Update CVE patchers [the big fixup] 
This removes many duplicately or wrongly applied patches.

Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely

Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once	to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev

Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
  then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
  This was seemingly fixed with a hand merged patch in patch repo.

Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames

Signed-off-by: Tad <tad@spotco.us>
 2022-03-04 00:42:28 -05:00
Tad
0d0104b4bb Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-02 22:57:34 -05:00
Tad
f4fbe65756 Various changes 
- 15.1: asb picks
- 17.1: drop marlin, sailfish, z2_plus, m8
- 4.9 loose versioning fixes
 2022-02-24 19:51:44 -05:00
Tad
8b39498b1c Initial loose versioning work for 4.9 
This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL

Untested, but looks mild

Signed-off-by: Tad <tad@spotco.us>
 2022-02-22 13:44:47 -05:00
Tad
5245109cc1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-19 23:22:19 -05:00
Tad
48b009a02e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-12 06:56:28 -05:00
Tad
55cdea3c9b 17.1: small fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-11 14:05:14 -05:00
Tad
ee0bd8625f Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-07 14:43:05 -05:00
Tad
0a664cc22c Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-02-03 21:12:02 -05:00
Tad
c0aac415aa Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-29 09:35:59 -05:00
Tad
dbd2a71722 Update CVE patchers 
Hopefully fixes boot breakage

Signed-off-by: Tad <tad@spotco.us>
 2022-01-17 01:23:10 -05:00
Tad
6ec0c63126 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-13 11:08:22 -05:00
Tad
208c7800c8 Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-12 17:44:18 -05:00
Tad
ce6ee9d8e4 Update CVE patchers 
CVE-2021-0961 should be fine now

Signed-off-by: Tad <tad@spotco.us>
 2022-01-11 05:41:26 -05:00
Tad
b9c7839110 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-11 01:19:31 -05:00
Tad
b05823bb20 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-01-04 21:00:25 -05:00
Tad
e08349a202 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-29 11:51:58 -05:00
Tad
3c1931bcc9 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-19 05:15:32 -05:00
Tad
11141d3bc9 Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-17 14:31:13 -05:00
Tad
8cf90d055e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-11 01:12:41 -05:00
Tad
359ce4608f Small updates 
Signed-off-by: Tad <tad@spotco.us>
 2021-12-07 20:57:54 -05:00
Tad
ed1c151ce5 Update CVE patchers 
CVE-2021-0961/ANY/0001.patch likely causes breakage

Signed-off-by: Tad <tad@spotco.us>
 2021-12-06 17:43:34 -05:00
Tad
c5c3998593 Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝ 
Tested on 14.1 and 15.1 targets

Signed-off-by: Tad <tad@spotco.us>
 2021-11-29 21:14:00 -05:00
Tad
bf129b729d 17.1: extreme loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 23:25:35 -05:00
Tad
9b84cebf92 17.1: loose versioning work 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-27 15:50:11 -05:00
Tad
62166d1ea5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-26 11:54:59 -05:00
Tad
b8f5d8a510 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-12 11:51:02 -05:00
Tad
e882cf16c7 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-06 18:47:57 -04:00
Tad
f7295a0f74 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 23:50:35 -04:00
Tad
f3277f3c07 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2021-11-02 12:01:36 -04:00
Tad
ec043e961e Update CVE patchers 
CVE-2021-20317 might need to be disabled due to QC timer breakage.

Signed-off-by: Tad <tad@spotco.us>
 2021-10-27 15:26:53 -04:00