Commit Graph

2363 Commits

Author SHA1 Message Date
Tavi
9936408a59
Better patching of CVE-2024-41012
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 21:02:44 -04:00
Tavi
2187d4bf36
Better patching of CVE-2024-36971
4.6 and higher is impacted
need backport for 4.9 and 4.14

not patched kernels:
	LineageOS-17.1
		kernel_xiaomi_sm6150

	LineageOS-19.1
		kernel_xiaomi_sm8150

	LineageOS-20.0
		kernel_fairphone_sdm632
		kernel_google_msm-4.14
		kernel_google_msm-4.9
		kernel_oneplus_sdm845
		kernel_oneplus_sm8150
		kernel_razer_sdm845
		kernel_samsung_exynos9810
		kernel_sony_sdm845
		kernel_xiaomi_msm8937
		kernel_xiaomi_sdm845
		kernel_xiaomi_sm6150
		kernel_xiaomi_vayu

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 20:25:40 -04:00
Tavi
aed895e1ad
More backports
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:49:08 -04:00
Tavi
d2d0c48a25
Reconcile picks
no effective change:
https://review.lineageos.org/q/topic:%22P_asb_2024-05%22

gains 8 patches:
https://review.lineageos.org/q/topic:%22Q_asb_2024-06%22
https://review.lineageos.org/q/topic:%22Q_asb_2024-07%22

Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:27:33 -04:00
Tavi
f07e0f4722
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:01:39 -04:00
Tavi
2bb4d94f88
Fixup + Churn
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-01 00:28:48 -04:00
Tavi
9c4c46478d
Disable 72ff1b1a for now due to more compatibility issues
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 22:19:53 -04:00
Tavi
094b4f4f41 Update CVE patchers
Likely breakage

Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 22:19:43 -04:00
Tavi
0c4b0672e4
Fix spacing
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:52:05 -04:00
Tavi
72ff1b1a4d
16.0+: Relaxed fix for DNS leaks with app based VPNs from GrapheneOS
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:50:20 -04:00
Tavi
5fb3319508
Update commons
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:31:27 -04:00
Tavi
59b9517c08
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-29 18:28:29 -04:00
Tavi
9f5886d80b
Fixup
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-27 18:31:21 -04:00
Tavi
c45060675e
Going the distance... [pt3]
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-27 18:00:56 -04:00
ryneeverett
3999fe1e1f Container: Scripted builds
I had a hard time following the [Build
Guide](https://divestos.org/pages/build) and IMO a script does a much
better job of removing the ambiguity and is more likely to be updated
if it fails. Per
https://github.com/Divested-Mobile/DivestOS-Website/issues/40 I think
this script, as documentation, makes it much more clear what it means to
"color in the lines" and suggests an efficient way of doing so. I'd like
to update the Build Guide too, but I wanted to get your feedback on some
of this first.

The main thing I'm not thrilled with is that the workspace needs to be
patched and reset twice (if I understand correctly). I got this notion
from your guidance on a Reddit post a couple months back which I can't
find now that Reddit seems to have taken down your content.
Unfortunately I don't recall the details but the basic issue is that
generating the signing keys was giving an error and the solution was to
patch the workspace. But one of the workspace patching "phases" is to
copy the keys to the kernel and this fails if the keys don't exist yet.
So it's not clear how to get around doing this step twice.

A couple notes on future work:
- How to do incremental updates? There's no story on this yet and I
  haven't looked into it.
- I found a wealth of information on building android in docker in this
  repository: https://github.com/lineageos4microg/docker-lineage-cicd.
  It might be worth considering trying to integrate DivestOS into that
  project or building on top of their image.
2024-07-26 22:02:12 +00:00
ryneeverett
8216403729 Container: Store DivestOS directory in a volume
This essentially serves as a cache of sources because otherwise all the
downloaded source disappears when the container exits.
2024-07-26 22:02:12 +00:00
ryneeverett
0408730f50 Container: Correct build path 2024-07-26 22:02:12 +00:00
ryneeverett
7f13b9d6a8 Container: Use named volume for ccache.
I don't think there's any reason to want a named path here.
2024-07-26 22:02:12 +00:00
ryneeverett
3827a096da Container: Find git config at XDG_CONFIG_HOME 2024-07-26 22:02:12 +00:00
ryneeverett
41bc2deded Container: Portable scripts
This allows bash to be found if not located in /bin.
2024-07-26 22:02:12 +00:00
ryneeverett
4d22f558ba Container: Allow duplicate group id.
The image build would otherwise fail if the user's group id already
exists in the base image.
2024-07-26 22:02:12 +00:00
ryneeverett
4c0e3c835c Container: Set up ccache (per Build Guide) 2024-07-26 22:02:12 +00:00
ryneeverett
7d9e3d30cd Container: Add gocryptfs (per Build Guide) 2024-07-26 22:02:12 +00:00
ryneeverett
ca83cc1dc8 Container: Update dependencies
See https://github.com/Divested-Mobile/DivestOS-Website/issues/39.
2024-07-26 22:02:12 +00:00
Tavi
33ee2a1c28
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-24 17:24:31 -04:00
Tavi
1f65053495
Fixup
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-18 21:44:00 -04:00
Tavi
e6f816f4a0
Update CVE patchers
Likely breakage
CVE-2022-48781 maybe change to 5.16-^5.17

Signed-off-by: Tavi <tavi@divested.dev>
2024-07-18 14:34:16 -04:00
Tavi
c250665b4f
15.1 & 17.1: Fixup incorrect patch hunk
Needs to be in smp_proc_init not smp_proc_rand
All other branches checked to be correct

15.1: additionally use @syphyr's response backport due to lack of status field

Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 18:23:35 -04:00
Tavi
3400a35eb1
15.1: July 2024 ASB work
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 17:57:47 -04:00
Tavi
105767c7a7
Reconcile picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 17:46:34 -04:00
Tavi
85e5812290
16.0: July 2024 ASB work
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 17:43:18 -04:00
Tavi
da2091f118
Fixup
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 15:48:24 -04:00
Tavi
218493fc4a
17.1: July 2024 ASB work
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 14:18:36 -04:00
Tavi
6dee42d038
Fixup
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 10:26:36 -04:00
Tavi
bcfba01d60
Reconcile picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-16 18:37:07 -04:00
Tavi
83d7f9a807
Fixup
TODO: replace with 3.10 patch instead

Signed-off-by: Tavi <tavi@divested.dev>
2024-07-16 14:00:24 -04:00
Tavi
837cfbbf48
18.1: July ASB work
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-15 15:50:17 -04:00
Tavi
30b658da98
Reconcile picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-14 16:53:44 -04:00
Tavi
7182e4d63a
19.1: July 2024 ASB work
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-14 13:40:10 -04:00
Tavi
236a403d12
Fixup + Churn
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-13 18:46:53 -04:00
Tavi
f0de4dbf4c
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-11 14:14:49 -04:00
Tavi
9efddf820f
20.0: July 2024 ASB picks
ce7b9fd0f5
d39bbaa57e
df49ae67f1
a0afe17e81
cb2db1244c
93a2c9a876
ed52683e9c
09e6330796

Signed-off-by: Tavi <tavi@divested.dev>
2024-07-11 13:26:47 -04:00
Tavi
ef65af8a8e
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-10 15:50:57 -04:00
Tavi
a970293398
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-08 14:43:28 -04:00
Tavi
9d69c5aee8
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-06 12:47:56 -04:00
Tavi
fa6322126d
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-05 13:35:38 -04:00
Tavi
093df020a2
14.1: July ASB picks
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-04 09:19:46 -04:00
Tavi
1e2d7e9218
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-02 09:50:28 -04:00
Tavi
a7ce9de6e8
Update CVE patchers
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-01 10:29:36 -04:00
Tavi
c7c759afd4
20.0: Add "Smart Pixels" screen filter feature
never starts, missing something

de9aa33971
af0aa9c4c3

aa5684f586

not used
dbc6f643b9
50d3f972a9

Signed-off-by: Tavi <tavi@divested.dev>
2024-06-29 11:56:16 -04:00