Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,299 Commits 1 Branch 0 Tags 101 MiB
7e6c6ad5e5
Commit Graph

831 Commits

Author SHA1 Message Date
Thaddeus
9d230974a2
Update CVE patchers 
Signed-off-by: Thaddeus <tad@spotco.us>
 2024-01-04 15:51:27 -05:00
Tad
7c46f43fc4
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-12-20 12:28:48 -05:00
Tad
0310c702c7
15/16: two missing system/bt fixes 
Signed-off-by: Tad <tad@spotco.us>
 2023-12-12 13:58:25 -05:00
Tad
9926f25ada
15.1 December ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-12-12 01:21:38 -05:00
Tad
ba1e29a1b1
Reconcile picks 
This gains one us patch: 376607

Signed-off-by: Tad <tad@spotco.us>
 2023-12-11 18:59:08 -05:00
Tad
af0cea3572
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-11-16 22:59:28 -05:00
Tad
5a87cd6bcb
15.1 November ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-11-13 22:16:47 -05:00
Tad
ad298935a2
16.0 November ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-11-13 20:10:40 -05:00
Tad
acd2484816
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-11-07 17:37:16 -05:00
Tad
01a196e055
Pull in Messaging notifications fix 
Likely solves https://github.com/Divested-Mobile/DivestOS-Build/issues/141

Signed-off-by: Tad <tad@spotco.us>
 2023-11-05 19:32:30 -05:00
Tad
548aec9c9d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-11-05 18:58:11 -05:00
Tad
90979e494c
Updater: point the changelog button to our news page 
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/257

Signed-off-by: Tad <tad@spotco.us>
 2023-10-20 18:44:05 -04:00
Tad
f64285f6fd
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-10-15 21:06:16 -04:00
Tad
f5da93c4e5
15.1 October ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-10-09 22:02:07 -04:00
Tad
bf565cd578
Switch to upstream ASB patchsets 
Signed-off-by: Tad <tad@spotco.us>
 2023-10-08 22:52:14 -04:00
Tad
7d2c184d1f
Bonus patches 
Signed-off-by: Tad <tad@spotco.us>
 2023-10-03 15:17:06 -04:00
Tad
d80f272b54
Update CVE patchers 
CVE-2023-4128 replaces CVE-2023-4208

Signed-off-by: Tad <tad@spotco.us>
 2023-10-02 21:41:34 -04:00
Tad
fcf4f812cc
CVE-2023-5217 
untested

Signed-off-by: Tad <tad@spotco.us>
 2023-09-28 09:17:29 -04:00
Tad
19f4964036
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-09-21 16:52:35 -04:00
Tad
25f02f4177
14.1 though 17.1: patch CVE-2023-4863, thanks to @syphyr 
run tested on 14.1, 15.1, and 17.1
compile tested on 16.0

Signed-off-by: Tad <tad@spotco.us>
 2023-09-20 04:16:17 -04:00
Tad
337ae6012d
Fixup 
TODO: regen

Signed-off-by: Tad <tad@spotco.us>
 2023-09-17 20:26:44 -04:00
Tad
1b4f6d3bd8
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-09-17 01:30:23 -04:00
Tad
5eb6190931
Fixup 15.1/16.0 backport: system/bt: Fix UAF in gatt_cl.cc 
thanks to @syphyr for this!

Signed-off-by: Tad <tad@spotco.us>
 2023-09-12 16:55:46 -04:00
Tad
3aa7e02455
15.1 September ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-09-11 20:09:30 -04:00
Tad
84a84c4742
Picks + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2023-09-10 21:12:24 -04:00
Tad
0ec3c25d86
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-09-05 20:42:14 -04:00
Tad
fc9032513f
Update CVE patchers 
Likely issue CVE-2023-3773/^6.4

Signed-off-by: Tad <tad@spotco.us>
 2023-08-27 17:13:53 -04:00
Tad
52a0c55c41
Fixups 
- Revert Freetype branch switching for 15.1+, broken
- Don't include OpenEUICC on Pixel 2 and 3 series, they won't work
- Churn

Signed-off-by: Tad <tad@spotco.us>
 2023-08-24 03:06:02 -04:00
Tad
1fde0f9c45
More branch switching, thanks to @syphyr 
Signed-off-by: Tad <tad@spotco.us>
 2023-08-23 11:05:05 -04:00
Tad
7ad46d58f1
Switch to @syphyr's security backport branches 
Signed-off-by: Tad <tad@spotco.us>
 2023-08-18 11:34:39 -04:00
Tad
2142e2e763
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-08-17 17:18:10 -04:00
Tad
160aee5049
Backport patch to handle verity with openssl 3.0 
ref: https://github.com/Divested-Mobile/DivestOS-Website/pull/19

Signed-off-by: Tad <tad@spotco.us>
 2023-08-11 18:53:01 -04:00
Tad
974878988b
Fixup 
Will regen later

Signed-off-by: Tad <tad@spotco.us>
 2023-08-09 00:46:44 -04:00
Tad
79e3fb6fb4
15.1 August ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-08-08 09:35:44 -04:00
Tad
eef09ae519
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-08-07 18:07:19 -04:00
Tad
180280b233
Update CVE patchers 
TODO: adjust min version of CVE-2023-4132

Signed-off-by: Tad <tad@spotco.us>
 2023-08-04 21:00:29 -04:00
Tad
73414e76d2
Update CVE patchers 
two lpes

Signed-off-by: Tad <tad@spotco.us>
 2023-07-25 12:04:05 -04:00
Tad
e408e7e19a
Drop devices with newer versions available 
14.1: clark
15.1: deb, flo, hammerhead, shamu, ether
16.0: hammerhead
19.1: alioth

Signed-off-by: Tad <tad@spotco.us>
 2023-07-22 19:17:42 -04:00
Tad
0f9a2c7aea
Less aggressive low_ram enablement 
14.1 <2GB
15.1 <2GB
16.0 <2GB
17.1 <3GB
18.1 <3GB
19.1 <4GB
20.0 <4GB

Signed-off-by: Tad <tad@spotco.us>
 2023-07-17 18:44:56 -04:00
Tad
b6308caa37
Update CVE patchers 
TODO: enable CVE-2023-31084/4.4

Signed-off-by: Tad <tad@spotco.us>
 2023-07-15 21:22:18 -04:00
Tad
1c9076fffe
KSM tuning 
- Only enable on Linux 3.0 through 4.9
- Always enable defer option
- Only run twice a second, instead of fifty times a second

Signed-off-by: Tad <tad@spotco.us>
 2023-07-14 20:27:10 -04:00
Tad
15de8ed2e8
Expand the low_ram coverage 
As follows
14.1 <3GB
15.1 <3GB
16.0 <3GB
17.1 <3GB
18.1 <4GB
19.1 <6GB
20.0 <6GB

Signed-off-by: Tad <tad@spotco.us>
 2023-07-13 18:31:03 -04:00
Tad
9d6662dee7
15.1 July ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-07-07 18:00:23 -04:00
Tad
a1a3cbb94e
Fix overlay conflicts 
Should mostly fix https://github.com/Divested-Mobile/DivestOS-Build/issues/219

Signed-off-by: Tad <tad@spotco.us>
 2023-07-06 14:51:40 -04:00
Tad
2e2ac4557d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-06-26 19:41:11 -04:00
Tad
cda898f141
Certificate Authority store updates 
- Remove some untrustworthy CAs
- Update CA store for all branches to aosp/e302aa968334b3c3fc9cd709a7c7661e0cf534eb

Signed-off-by: Tad <tad@spotco.us>
 2023-06-17 15:13:54 -04:00
Tad
a07133a064
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-06-16 11:03:46 -04:00
Tad
8c7f3daa00
15.1+16.0 June ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-06-10 05:16:45 -04:00
Tad
2ee99fe3ef
Update CVE patchers 
CVE-2020-36694 appears to be a duplicate of CVE-2021-29650

Signed-off-by: Tad <tad@spotco.us>
 2023-06-01 21:12:08 -04:00
Tad
71c169d326
Promote LGE G5, G6, and V20 to 19.1 
Signed-off-by: Tad <tad@spotco.us>
 2023-05-17 02:52:11 -04:00
Tad
cd0a29d69b
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-05-12 23:28:44 -04:00
Tad
6fb0a581c3
15.1 and 16.0 May ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-05-07 21:28:27 -04:00
Tad
6d2a255eef
Remove User-Agent (and serial) from source built libloc 
Signed-off-by: Tad <tad@spotco.us>
 2023-05-05 22:27:27 -04:00
Tad
c544c28b94
Prevent Qualcomm location stack from reading chipset serial number 
The deblobber already removes xtra-daemon which is what actually performs the requests.
This is just extra sanctity.

Signed-off-by: Tad <tad@spotco.us>
 2023-05-03 21:41:20 -04:00
Tad
366b4eb5ef
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-05-02 18:01:39 -04:00
Tad
39b0c9e036
Remove broken emoji updates 
Signed-off-by: Tad <tad@spotco.us>
 2023-05-02 15:31:57 -04:00
Tad
7b2eb1079a
Update emoji list in LatinIME too and disable 
tested not working on 15.1
shows as cross boxes or double characters

Signed-off-by: Tad <tad@spotco.us>
 2023-04-29 16:56:13 -04:00
Tad
86b7525400
Update the emojis, untested 
Signed-off-by: Tad <tad@spotco.us>
 2023-04-29 16:17:00 -04:00
Tad
47136145e5
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-04-23 23:20:36 -04:00
Tad
26cf500dad
15.1 April ASB work + picks 
Signed-off-by: Tad <tad@spotco.us>
 2023-04-18 23:12:22 -04:00
Tad
9ba61642de
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-04-17 23:19:28 -04:00
Tad
2cc87c4dc7
Switch fingerprint locked to 5 attempts instead of 3 + churn 
Signed-off-by: Tad <tad@spotco.us>
 2023-04-12 15:26:26 -04:00
Tad
9a97c7013b
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-04-05 12:43:36 -04:00
Tad
750f244304
Updates, logging, and churn 
also add an extra March ASB patch for 17.1

Signed-off-by: Tad <tad@spotco.us>
 2023-03-31 12:38:46 -04:00
Tad
790eeebc90
14/15 extra March patch 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-25 20:35:40 -04:00
Tad
fe80137df9
Don't remove CompanionDeviceManager 
Used by some wearables, not just Android Wear

Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/196

Signed-off-by: Tad <tad@spotco.us>
 2023-03-25 20:21:38 -04:00
Tad
2c17747c82
15.1 March ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-22 22:13:31 -04:00
Tad
8bcb5c734d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-17 19:27:22 -04:00
Tad
38626e1b0c
Picks + Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-14 16:58:27 -04:00
Tad
162b40a39d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-13 18:13:54 -04:00
Tad
ef2fdb1d3e
More handling improvements 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-08 16:14:51 -05:00
Tad
0b294c1601
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-08 16:01:49 -05:00
Tad
5d0ab40f0b
Robustness improvements 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-08 01:14:06 -05:00
Tad
6ba784ac33
Some actual error handling 1/n 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-08 00:03:23 -05:00
Tad
097019193e
Don't bail when devices are missing 
Signed-off-by: Tad <tad@spotco.us>
 2023-03-07 23:41:27 -05:00
Tad
804786aa23
Update CVE patchers 
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/193

Signed-off-by: Tad <tad@spotco.us>
 2023-03-06 19:54:15 -05:00
Tad
b2913e8170
15.1 February ASB work + Picks 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-19 13:07:11 -05:00
Tad
a845f59546
Fixup persistent IPv6 privacy address issue + churn 
Backports of rfc4941bis from Google/Linaro
and workaround for legacy kernels from GrapheneOS

already has rfc4941bis patch:
fairphone_sdm632
google_gs101
google_gs201
google_msm-4.14
google_msm-4.9
google_redbull
oneplus_sdm845
razer_sdm845
xiaomi_sdm845

Signed-off-by: Tad <tad@spotco.us>
 2023-02-11 20:26:24 -05:00
Tad
0e9599af6d
Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-09 22:46:42 -05:00
Tad
fa067a3f89
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-06 23:06:34 -05:00
Tad
dc853bfdae
WebView: Switch to dedicated package name 
And remove the F-Droid repo for it, will be moved to the 'DivestOS Official' repo
This simplifies release management and also allows other systems to benefit from the repo

Downside is users who don't update to this build won't receive any updates for it anymore

Signed-off-by: Tad <tad@spotco.us>
 2023-02-02 17:17:30 -05:00
Tad
20c4e75fe1
Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-01 18:30:29 -05:00
Tad
4f6e21d7f9 Deduplicate Defaults.sh 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-01 15:57:13 -05:00
Tad
af3fe9776b Small updates 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-01 15:19:21 -05:00
Tad
1511176a07
Update CVE patchers 
Maybe some breakage

Signed-off-by: Tad <tad@spotco.us>
 2023-01-28 20:33:44 -05:00
Tad
da1df44c8f
GrapheneOS kernel hardening patches update 
Maybe some compile breakage

Signed-off-by: Tad <tad@spotco.us>
 2023-01-24 19:03:01 -05:00
Tad
9558a7d0e9 Switch to the Broadcom PSDS server for Pixel 6/7 series 
Instead of agnss.goog cache
Based off of a patch from GrapheneOS

Signed-off-by: Tad <tad@spotco.us>
 2023-01-21 04:08:26 -05:00
Tad
ad466bd3e4
Various changes 
- 17.1: Add more captive portal server options like 18.1+, disabled: needs fixes
- 17.1: Add the hosts toggle like 18.1+
- 18.1: fix junk in patch
- 17.1+: hosts toggle: bugfix: fixup localhost handling by switching to strcmp
- 15.1: fixes to get hmalloc to compile, does NOT boot

Signed-off-by: Tad <tad@spotco.us>
 2023-01-20 18:59:02 -05:00
Tad
91807acf21
various small fixes 
- loose versioning fixes for 4.9
- remove GPG commit verification for GOS repos, they use SSH now. TODO: support that
- 20.0: fixup AudioFX stray lines
- 20.0: broken fix for gs101/201 stray iwlan lines

Signed-off-by: Tad <tad@spotco.us>
 2023-01-18 20:02:11 -05:00
Tad
5ce2d33162
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-18 14:13:33 -05:00
Tad
b82427ce5b Conservative reverse loose versioning for 3.10 
This applies 3.4 patches to 3.10 if no other match is available

Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch

Signed-off-by: Tad <tad@spotco.us>
 2023-01-13 15:51:46 -05:00
Tad
14f40e024f
Update CVE patchers 
This adds loose versioning applying 4.14 patches to 4.9

Signed-off-by: Tad <tad@spotco.us>
 2023-01-13 13:23:12 -05:00
Tad
b143ffcd8b
15.1 January ASB work 
+ a missing patch from 2019-08

Signed-off-by: Tad <tad@spotco.us>
 2023-01-08 16:31:54 -05:00
Tad
06eed1fba9
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-31 21:41:46 -05:00
Tad
7d6b8e3aeb
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-22 11:33:47 -05:00
Tad
03293f6b52
Fixup 
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels

Signed-off-by: Tad <tad@spotco.us>
 2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-16 22:06:13 -05:00
Tad
1eb373d1e0
15.1 December ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-12 21:01:34 -05:00
Tad
ce47fdae34
Small updates + Picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-07 18:41:50 -05:00
Tad
a62922e72d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-06 15:00:40 -05:00