Tavi
9abdaa0d51
CVE-2024-41020
...
required changes to the patcher
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 21:30:00 -04:00
Tavi
9936408a59
Better patching of CVE-2024-41012
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 21:02:44 -04:00
Tavi
2187d4bf36
Better patching of CVE-2024-36971
...
4.6 and higher is impacted
need backport for 4.9 and 4.14
not patched kernels:
LineageOS-17.1
kernel_xiaomi_sm6150
LineageOS-19.1
kernel_xiaomi_sm8150
LineageOS-20.0
kernel_fairphone_sdm632
kernel_google_msm-4.14
kernel_google_msm-4.9
kernel_oneplus_sdm845
kernel_oneplus_sm8150
kernel_razer_sdm845
kernel_samsung_exynos9810
kernel_sony_sdm845
kernel_xiaomi_msm8937
kernel_xiaomi_sdm845
kernel_xiaomi_sm6150
kernel_xiaomi_vayu
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 20:25:40 -04:00
Tavi
aed895e1ad
More backports
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:49:08 -04:00
Tavi
d2d0c48a25
Reconcile picks
...
no effective change:
https://review.lineageos.org/q/topic:%22P_asb_2024-05%22
gains 8 patches:
https://review.lineageos.org/q/topic:%22Q_asb_2024-06%22
https://review.lineageos.org/q/topic:%22Q_asb_2024-07%22
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:27:33 -04:00
Tavi
f07e0f4722
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-05 16:01:39 -04:00
Tavi
2bb4d94f88
Fixup + Churn
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-08-01 00:28:48 -04:00
Tavi
9c4c46478d
Disable 72ff1b1a
for now due to more compatibility issues
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 22:19:53 -04:00
Tavi
094b4f4f41
Update CVE patchers
...
Likely breakage
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 22:19:43 -04:00
Tavi
0c4b0672e4
Fix spacing
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:52:05 -04:00
Tavi
72ff1b1a4d
16.0+: Relaxed fix for DNS leaks with app based VPNs from GrapheneOS
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:50:20 -04:00
Tavi
5fb3319508
Update commons
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-31 20:31:27 -04:00
Tavi
59b9517c08
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-29 18:28:29 -04:00
Tavi
9f5886d80b
Fixup
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-27 18:31:21 -04:00
Tavi
c45060675e
Going the distance... [pt3]
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-27 18:00:56 -04:00
ryneeverett
3999fe1e1f
Container: Scripted builds
...
I had a hard time following the [Build
Guide](https://divestos.org/pages/build ) and IMO a script does a much
better job of removing the ambiguity and is more likely to be updated
if it fails. Per
https://github.com/Divested-Mobile/DivestOS-Website/issues/40 I think
this script, as documentation, makes it much more clear what it means to
"color in the lines" and suggests an efficient way of doing so. I'd like
to update the Build Guide too, but I wanted to get your feedback on some
of this first.
The main thing I'm not thrilled with is that the workspace needs to be
patched and reset twice (if I understand correctly). I got this notion
from your guidance on a Reddit post a couple months back which I can't
find now that Reddit seems to have taken down your content.
Unfortunately I don't recall the details but the basic issue is that
generating the signing keys was giving an error and the solution was to
patch the workspace. But one of the workspace patching "phases" is to
copy the keys to the kernel and this fails if the keys don't exist yet.
So it's not clear how to get around doing this step twice.
A couple notes on future work:
- How to do incremental updates? There's no story on this yet and I
haven't looked into it.
- I found a wealth of information on building android in docker in this
repository: https://github.com/lineageos4microg/docker-lineage-cicd .
It might be worth considering trying to integrate DivestOS into that
project or building on top of their image.
2024-07-26 22:02:12 +00:00
ryneeverett
8216403729
Container: Store DivestOS directory in a volume
...
This essentially serves as a cache of sources because otherwise all the
downloaded source disappears when the container exits.
2024-07-26 22:02:12 +00:00
ryneeverett
0408730f50
Container: Correct build path
2024-07-26 22:02:12 +00:00
ryneeverett
7f13b9d6a8
Container: Use named volume for ccache.
...
I don't think there's any reason to want a named path here.
2024-07-26 22:02:12 +00:00
ryneeverett
3827a096da
Container: Find git config at XDG_CONFIG_HOME
2024-07-26 22:02:12 +00:00
ryneeverett
41bc2deded
Container: Portable scripts
...
This allows bash to be found if not located in /bin.
2024-07-26 22:02:12 +00:00
ryneeverett
4d22f558ba
Container: Allow duplicate group id.
...
The image build would otherwise fail if the user's group id already
exists in the base image.
2024-07-26 22:02:12 +00:00
ryneeverett
4c0e3c835c
Container: Set up ccache (per Build Guide)
2024-07-26 22:02:12 +00:00
ryneeverett
7d9e3d30cd
Container: Add gocryptfs (per Build Guide)
2024-07-26 22:02:12 +00:00
ryneeverett
ca83cc1dc8
Container: Update dependencies
...
See https://github.com/Divested-Mobile/DivestOS-Website/issues/39 .
2024-07-26 22:02:12 +00:00
Tavi
33ee2a1c28
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-24 17:24:31 -04:00
Tavi
1f65053495
Fixup
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-18 21:44:00 -04:00
Tavi
e6f816f4a0
Update CVE patchers
...
Likely breakage
CVE-2022-48781 maybe change to 5.16-^5.17
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-18 14:34:16 -04:00
Tavi
c250665b4f
15.1 & 17.1: Fixup incorrect patch hunk
...
Needs to be in smp_proc_init not smp_proc_rand
All other branches checked to be correct
15.1: additionally use @syphyr's response backport due to lack of status field
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 18:23:35 -04:00
Tavi
3400a35eb1
15.1: July 2024 ASB work
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 17:57:47 -04:00
Tavi
105767c7a7
Reconcile picks
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 17:46:34 -04:00
Tavi
85e5812290
16.0: July 2024 ASB work
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 17:43:18 -04:00
Tavi
da2091f118
Fixup
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 15:48:24 -04:00
Tavi
218493fc4a
17.1: July 2024 ASB work
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 14:18:36 -04:00
Tavi
6dee42d038
Fixup
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 10:26:36 -04:00
Tavi
bcfba01d60
Reconcile picks
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-16 18:37:07 -04:00
Tavi
83d7f9a807
Fixup
...
TODO: replace with 3.10 patch instead
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-16 14:00:24 -04:00
Tavi
837cfbbf48
18.1: July ASB work
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-15 15:50:17 -04:00
Tavi
30b658da98
Reconcile picks
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-14 16:53:44 -04:00
Tavi
7182e4d63a
19.1: July 2024 ASB work
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-14 13:40:10 -04:00
Tavi
236a403d12
Fixup + Churn
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-13 18:46:53 -04:00
Tavi
f0de4dbf4c
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-11 14:14:49 -04:00
Tavi
9efddf820f
20.0: July 2024 ASB picks
...
ce7b9fd0f5
d39bbaa57e
df49ae67f1
a0afe17e81
cb2db1244c
93a2c9a876
ed52683e9c
09e6330796
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-11 13:26:47 -04:00
Tavi
ef65af8a8e
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-10 15:50:57 -04:00
Tavi
a970293398
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-08 14:43:28 -04:00
Tavi
9d69c5aee8
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-06 12:47:56 -04:00
Tavi
fa6322126d
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-05 13:35:38 -04:00
Tavi
093df020a2
14.1: July ASB picks
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-04 09:19:46 -04:00
Tavi
1e2d7e9218
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-02 09:50:28 -04:00
Tavi
a7ce9de6e8
Update CVE patchers
...
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-01 10:29:36 -04:00