Tad
73414e76d2
Update CVE patchers
...
two lpes
Signed-off-by: Tad <tad@spotco.us>
2023-07-25 12:04:05 -04:00
Tad
b6308caa37
Update CVE patchers
...
TODO: enable CVE-2023-31084/4.4
Signed-off-by: Tad <tad@spotco.us>
2023-07-15 21:22:18 -04:00
Tad
c4666a33b7
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-07-05 19:42:40 -04:00
Tad
2e2ac4557d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-06-26 19:41:11 -04:00
Tad
a07133a064
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-06-16 11:03:46 -04:00
Tad
2ee99fe3ef
Update CVE patchers
...
CVE-2020-36694 appears to be a duplicate of CVE-2021-29650
Signed-off-by: Tad <tad@spotco.us>
2023-06-01 21:12:08 -04:00
Tad
59bda0360e
Fixes
...
Signed-off-by: Tad <tad@spotco.us>
2023-05-30 13:59:28 -04:00
Tad
8463705798
Update CVE patchers
...
- Includes CVE-2023-32233 fixes for more devices
- Upstream has reverted the LVT patches, maybe consider handling them
Signed-off-by: Tad <tad@spotco.us>
2023-05-22 20:33:47 -04:00
Tad
cd0a29d69b
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-05-12 23:28:44 -04:00
Tad
366b4eb5ef
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 18:01:39 -04:00
Tad
47136145e5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-04-23 23:20:36 -04:00
Tad
9ba61642de
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-04-17 23:19:28 -04:00
Tad
aad60b7567
Promotions
...
16.0 santoni/land to 20.0 Mi8937 unified
17.1 griffin to 18.1
17.1 star*/crownlte to 20.0
20.0 add pro1x
Signed-off-by: Tad <tad@spotco.us>
2023-04-17 21:36:49 -04:00
Tad
9a97c7013b
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-04-05 12:43:36 -04:00
Tad
2907be1be5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-28 00:48:08 -04:00
Tad
61a3892314
Drop devices working on 20.0
...
Removes:
- 19.1: mata and FP3
- 17.1: avicii
all above tested/reported working on 20.0
Signed-off-by: Tad <tad@spotco.us>
2023-03-25 17:04:25 -04:00
Tad
ec38522af9
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-18 20:52:59 -04:00
Tad
8bcb5c734d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-17 19:27:22 -04:00
Tad
38626e1b0c
Picks + Fixes
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-14 16:58:27 -04:00
Tad
162b40a39d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-13 18:13:54 -04:00
Tad
fd1becb8c4
20.0: bringup avicii
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 17:29:58 -05:00
Tad
0b294c1601
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 16:01:49 -05:00
Tad
804786aa23
Update CVE patchers
...
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/193
Signed-off-by: Tad <tad@spotco.us>
2023-03-06 19:54:15 -05:00
Tad
b8f39716f1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-26 12:21:36 -05:00
Tad
e9f58cfd3c
VPN fixes
...
Some devices still don't have these in 2023
https://gitlab.com/LineageOS/issues/android/-/issues/2193
Note, the following still aren't patched:
15.1
kernel/google/msm
kernel/lge/hammerhead
16.0
kernel/cyanogen/msm8974
kernel/lge/hammerhead
18.1
kernel/motorola/msm8974
Signed-off-by: Tad <tad@spotco.us>
2023-02-12 21:34:23 -05:00
Tad
a845f59546
Fixup persistent IPv6 privacy address issue + churn
...
Backports of rfc4941bis from Google/Linaro
and workaround for legacy kernels from GrapheneOS
already has rfc4941bis patch:
fairphone_sdm632
google_gs101
google_gs201
google_msm-4.14
google_msm-4.9
google_redbull
oneplus_sdm845
razer_sdm845
xiaomi_sdm845
Signed-off-by: Tad <tad@spotco.us>
2023-02-11 20:26:24 -05:00
Tad
3047b3b269
Fixup kipper & starlte
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-10 08:19:23 -05:00
Tad
0e9599af6d
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-09 22:46:42 -05:00
Tad
fa067a3f89
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-06 23:06:34 -05:00
Tad
af3fe9776b
Small updates
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:19:21 -05:00
Tad
1511176a07
Update CVE patchers
...
Maybe some breakage
Signed-off-by: Tad <tad@spotco.us>
2023-01-28 20:33:44 -05:00
Tad
da1df44c8f
GrapheneOS kernel hardening patches update
...
Maybe some compile breakage
Signed-off-by: Tad <tad@spotco.us>
2023-01-24 19:03:01 -05:00
Tad
5ce2d33162
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-01-18 14:13:33 -05:00
Tad
2153422bb0
Potentially unbreak video playback on vayu, davinci, guacamole*, and hotdog*.
...
Signed-off-by: Tad <tad@spotco.us>
2023-01-13 21:27:18 -05:00
Tad
b82427ce5b
Conservative reverse loose versioning for 3.10
...
This applies 3.4 patches to 3.10 if no other match is available
Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch
Signed-off-by: Tad <tad@spotco.us>
2023-01-13 15:51:46 -05:00
Tad
14f40e024f
Update CVE patchers
...
This adds loose versioning applying 4.14 patches to 4.9
Signed-off-by: Tad <tad@spotco.us>
2023-01-13 13:23:12 -05:00
Tad
10c1d825c2
Revert e10d4b17
...
17.1 is plagued with the same issue, no reason to use it
Signed-off-by: Tad <tad@spotco.us>
2023-01-07 11:17:21 -05:00
Tad
f2d87b1e81
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-01-03 20:18:40 -05:00
Tad
06eed1fba9
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-12-31 21:41:46 -05:00
Tad
e10d4b1799
17.1: restore m8
...
18.1 has some display artifacting issues and hangs
Signed-off-by: Tad <tad@spotco.us>
2022-12-28 14:38:05 -05:00
Tad
7d6b8e3aeb
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-12-22 11:33:47 -05:00
Tad
03293f6b52
Fixup
...
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels
Signed-off-by: Tad <tad@spotco.us>
2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-12-16 22:06:13 -05:00
Tad
a62922e72d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-12-06 15:00:40 -05:00
Tad
038fca449b
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-30 08:28:40 -05:00
Tad
c4fe56a307
Update CVE patchers
...
This fixes CVE-2018-9422 which was primarily added via b56fabac
May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937
Signed-off-by: Tad <tad@spotco.us>
2022-11-21 08:39:10 -05:00
Tad
b81d39c969
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 16:05:22 -05:00
Tad
27395374e1
Fixup + Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 13:54:57 -05:00
Tad
ac3dc319c7
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-07 15:51:17 -05:00
Tad
7fb334d825
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-03 13:25:38 -04:00
Tad
c051cb282d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-22 21:39:01 -04:00
Tad
2acd454f13
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-13 23:42:20 -04:00
Tad
2166491d5d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-12 17:11:06 -04:00
Tad
bf66d5db45
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 20:59:55 -04:00
Tad
d78121a1c0
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-03 10:22:17 -04:00
Tad
598d78bb61
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-09-25 13:49:45 -04:00
Tad
411fcc08e1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-09-15 14:11:58 -04:00
Tad
2bc43f195c
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-09-07 10:04:28 -04:00
Tad
b6e9f50cb5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-09-04 14:05:36 -04:00
Tad
da15dc05d5
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 14:00:52 -04:00
Tad
adb61b0fb2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-26 12:15:45 -04:00
Tad
d8d8e457a1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-21 10:44:12 -04:00
Tad
8b67d5c41e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-10 22:02:37 -04:00
Tad
12c56938cb
Improve CVE-2021-1048 patching on 3.x kernels
...
It is still actively being used by malware.
This largely handles 3.0, 3.4, and 3.10 kernels.
It works for select 3.18 kernels too.
TODO: need alternate get_file_rcu backport for the following:
15.1/lge_msm8996
15.1/zte_msm8996
16.0/xiaomi_msm8937
17.1/motorola_msm8996
18.1/google_marlin
18.1/lge_msm8996
18.1/oneplus_msm8996
Signed-off-by: Tad <tad@spotco.us>
2022-08-09 21:39:25 -04:00
Tad
31a67f054d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-08-04 11:12:40 -04:00
Tad
2b299c1aff
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-07-21 21:28:26 -04:00
Tad
1d64c759a5
Fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-07-10 00:31:44 -04:00
Tad
d3632c25ce
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-07-07 21:47:59 -04:00
Tad
2c27a88a24
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-07-06 19:22:21 -04:00
Tad
7b8ef09540
Update CVE patchers
...
Effectively no changes
Signed-off-by: Tad <tad@spotco.us>
2022-07-04 18:30:09 -04:00
Tad
ac645dd62e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-28 11:32:05 -04:00
Tad
519a474173
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-19 22:44:05 -04:00
Tad
70b8485695
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-09 17:59:48 -04:00
Tad
c092b13a44
Restore star*lte
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-08 22:55:00 -04:00
Tad
697bed18fb
17.1+18.1: Drop all devices working on 19.1
...
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 14:26:44 -04:00
Tad
899ea17d4e
Add the missing page sanitization to 3.18 kernels
...
All along they only had slub sanization :(
Signed-off-by: Tad <tad@spotco.us>
2022-06-04 12:00:01 -04:00
Tad
6d95c231bc
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-31 21:29:22 -04:00
Tad
735c9e0de8
Revert 5d57bf13
...
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices
Signed-off-by: Tad <tad@spotco.us>
2022-05-27 23:46:57 -04:00
Tad
28724c4a6e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-25 22:52:22 -04:00
Tad
2c4caa30a1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-24 00:36:49 -04:00
Tad
e8bc36af04
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-20 17:16:29 -04:00
Tad
bf7c06105c
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-05-12 22:13:06 -04:00
Tad
b2eb3c01b4
Update CVE patchers
...
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375
Signed-off-by: Tad <tad@spotco.us>
2022-05-03 23:33:17 -04:00
Tad
3316cc4824
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-27 07:46:22 -04:00
Tad
3457fd4151
Device cleanup
...
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo
Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)
Signed-off-by: Tad <tad@spotco.us>
2022-04-26 15:19:57 -04:00
Tad
e666a4a891
Update CVE patchers
...
TODO: maybe split CVE-2022-23960/4.9 to get back?
Signed-off-by: Tad <tad@spotco.us>
2022-04-19 14:38:44 -04:00
Tad
30de608a61
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 02:51:44 -04:00
Tad
b464106cc5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-04 15:51:23 -04:00
Tad
01900ca1c6
Reverts
...
WebView overlay is breaking boot on 15.1???
This reverts commit e61e288b4a
.
2022-04-01 17:07:27 -04:00
Tad
3f9b346345
Fix boot breakage
...
On devices with quota enabled and impacted by this patch
Signed-off-by: Tad <tad@spotco.us>
2022-04-01 10:30:30 -04:00
Tad
e1f5d99e51
Fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-01 08:16:28 -04:00
Tad
e26908b9e0
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-31 21:30:56 -04:00
Tad
19b03c9ff4
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-28 17:43:48 -04:00
Tad
a56e3a3016
Disable the bionic hardening patchset to fix boot issues
...
10+4 devices tested working with bionic hardening patches enabled
but hammerhead and shamu do not boot...
2 of the patches were already found to have issues and disabled
3 other patches were ruled out:
- Stop implicitly marking mappings as mergeable
- Make __stack_chk_guard read-only at runtime
- On 64-bit, zero the leading stack canary byte
Leaves 11+1 patches remaining that need to be tested
But I don't have either of the two known impacted devices.
Signed-off-by: Tad <tad@spotco.us>
2022-03-19 16:19:00 -04:00
Tad
09353cdcd2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-18 00:07:18 -04:00
Tad
015799737e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 17:16:47 -05:00
Tad
4f75a8272a
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 11:59:30 -05:00
Tad
902239e2b5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 23:20:43 -05:00
Tad
de764885b3
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 12:56:52 -05:00
Tad
54dbcd9e43
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-07 19:12:10 -05:00