Tad
1df7c7f1d4
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 19:16:19 -04:00
Tad
181519cf38
Add bionic hardening patchsets from GrapheneOS
...
11 b3a0c2c5db
11 5412c37195
#explicit zero
11 31456ac632
#brk
11 58ebc243ea
#random
11 5323b39f7e
#undefined
11 6a91d9dddb
#merge
11 a042b5a0ba
#vla formatting
11 9ec639de1b
#pthread
11 49571a0a49
#read only
11 149cc5ccb8
#zero
11 2e613ccbe7
#fork mmap
11 e239c7dff8
#memprot pthread
11 0b03d92b7f
#xor
11 de08419b82
#junk
11 897d4903e2
#guard
11 648cd68ca3
#ptrhread guard
11 0bc4dbcbd2
#stack rand
10 aa9cc05d07
10 a8cdbb6352
#explicit zero
10 b28302c668
#brk
10 9f8be7d07c
#random
10 cb91a7ee3a
#undefined
10 08279e2fdd
#merge
10 6a18bd565d
#vla formatting
10 2f392c2d08
#pthread
10 8bbce1bc50
#read only
10 725f61db82
#zero
10 4cd257135f
#fork mmap
10 9220cf622b
#memprot pthread
10 8ef71d1ffd
#memprot exit
10 0eaef1abbd
#xor
10 64f1cc2148
#junk
10 5c42a527cf
#guard
10 5cc8c34e60
#pthread guard
10 7f61cc8a1c
#stack rand
9 abdf523d26
9 e4b9b31e6f
#explicit zero
9 a3a22a63d2
#brk
9 7444dbc3cf
#random
9 dcd3b72ac9
#undefined
9 543e1df342
#merge
9 611e5691f7
#vla formatting
9 8de97ce864
#pthread
9 a475717042
#read only
9 7f0947cc0e
#zero
9 e9751d3370
#fork mmap
9 83cd86d0d5
#memprot pthread
9 1ebb165455
#memprot exit
9 488ba483cf
#xor
9 f9351d884b
#junk
9 85e5bca0a5
#move
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 16:56:46 -04:00
Tad
1878cd19ab
Fix/Add hardened malloc patchsets from GrapheneOS
...
11 8c0f3c0e04
11 4e6320c247
11 108754debb
10 818be3fc1d
10 010949662f
10 ede5e38f5b
9 80754c93bf
9 20160b8161
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 16:24:56 -04:00
Tad
209481c53e
Fix/Add exec based spawning patchsets from GrapheneOS
...
11 14c3c1d4cd
ac1943345e
1abb805041
2e07ab8c24
0044836677
c561811fad
7a848373ef
89646bdeb1
2a70bbac4a
d414dcaa35
b4cd877e3a
98634286bb
11 4c2635390c
11 add34a4bc6
11 a2b51906de
10 527787f3c8
ffde474ad7
aa87e487c4
c906fe9722
c69c3eecd4
b2303adccc
5bb05db6f7
536b497688
24802a832b
ce6dcc2368
3d3d5c4d38
2eda592b79
10 29f28b53c0
10 13a992c716
9 750efbf6bc
ed563b6f26
aad3c7d750
da3180f9a8
68773a29b7
283b3fa09c
f133136b65
01a01ce5f6
17c309c098
8806ec3ef1
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 15:55:13 -04:00
Tad
f015dd348f
Add the JNINativeMethod table constification patchsets from GrapheneOS
...
11 63b9f96a12
11 d8a62b5156
11 e3a4d64f29
11 e41f1d7f8e
11 c34b037486
11 dce2d0f64f
11 c99c35cb2a
10 07071814db
10 a48ba29b98
10 157fa78115
10 b914409e05
10 20a51f508b
10 b8afb8af37
10 e1b6653db7
9 ff688b68a7
9 866f0df315
9 77c9fa981a
9 fbf620e59c
9 ceaf63c790
9 253247fc39
9 76bf4c46f0
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 15:26:48 -04:00
Tad
ad579b6681
Misc hardening from GrapheneOS
...
11 62f81c237b
11 1f05db99ab
11 f242089d3f
10 abcf485dcf
9x c5db5a9f9e
Signed-off-by: Tad <tad@spotco.us>
2022-03-15 14:40:05 -04:00
Tad
e61e288b4a
Optionally allow the official Bromite WebView to be used, credit @MSe1969
...
This also replaces the overrides for all versions
And should allow the Google WebView on 14/15/16
And lastly only leaves the bundled version as default
This is a merge of the LineageOS 14/15/16 and 17/18 overlay
With the addition of the Bromite signature from @MSe1969
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 22:59:40 -04:00
Tad
f65c7a4ccd
Tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-12 11:48:23 -05:00
Tad
015799737e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 17:16:47 -05:00
Tad
4f75a8272a
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 11:59:30 -05:00
Tad
902239e2b5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 23:20:43 -05:00
Tad
de764885b3
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 12:56:52 -05:00
Tad
54dbcd9e43
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-07 19:12:10 -05:00
Tad
bda848a0a1
Fixup 057bedb6
...
Sadly this means the option was never enabled :(
Note: these options are only available on 4.4+ kernels
Signed-off-by: Tad <tad@spotco.us>
2022-03-06 23:05:13 -05:00
Tad
ac1e89f0c8
Update CVE patchers [the big fixup]
...
This removes many duplicately or wrongly applied patches.
Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely
Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev
Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
This was seemingly fixed with a hand merged patch in patch repo.
Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames
Signed-off-by: Tad <tad@spotco.us>
2022-03-04 00:42:28 -05:00
Tad
0d59c18c85
Enable the NETWORK permission patchset for 16.0 too
...
Likely has issues with secondary users.
As in the permission affects all copies of the same app.
Signed-off-by: Tad <tad@spotco.us>
2022-02-28 01:27:38 -05:00
Tad
f4fbe65756
Various changes
...
- 15.1: asb picks
- 17.1: drop marlin, sailfish, z2_plus, m8
- 4.9 loose versioning fixes
2022-02-24 19:51:44 -05:00
Tad
8b39498b1c
Initial loose versioning work for 4.9
...
This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL
Untested, but looks mild
Signed-off-by: Tad <tad@spotco.us>
2022-02-22 13:44:47 -05:00
Tad
5245109cc1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-19 23:22:19 -05:00
Tad
2eda5086fc
Tiny tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-13 23:57:59 -05:00
Tad
48b009a02e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-12 06:56:28 -05:00
Tad
b6da59d24f
Drop FairEmail, Vanilla, and their AOSP equivalents
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 14:25:30 -05:00
Tad
c0aac415aa
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-29 09:35:59 -05:00
Tad
82cc1bc979
Tiny update
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-28 09:09:10 -05:00
Tad
58b53de17a
Multi user tweaks from GrapheneOS
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-24 06:30:39 -05:00
Tad
2400cf0964
App updates
...
- Drops Calendar, Eleven, and Email
- Adds a variable for Silence inclusion
- Adds a NONE option for microG inclusion flag to disable NLP inclusion
Signed-off-by: Tad <tad@spotco.us>
2022-01-24 06:30:15 -05:00
Tad
6329922104
Disable the Hamper Analytics patches
...
Rely on the HOSTS to do any blocking.
With the last update this causes app crashes, due to boolean/string mismatch.
Need to figure out exactly how string in manifest can become a boolean when wanted.
Signed-off-by: Tad <tad@spotco.us>
2022-01-23 16:55:24 -05:00
Tad
6ec0c63126
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-13 11:08:22 -05:00
Tad
ce6ee9d8e4
Update CVE patchers
...
CVE-2021-0961 should be fine now
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 05:41:26 -05:00
Tad
b9c7839110
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 01:19:31 -05:00
Tad
b05823bb20
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-04 21:00:25 -05:00
Tad
daf98f8197
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-31 21:39:04 -05:00
Tad
e08349a202
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-29 11:51:58 -05:00
Tad
3c1931bcc9
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-19 05:15:32 -05:00
Tad
11141d3bc9
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-17 14:31:13 -05:00
Tad
20e1023627
Small changes
...
- 16.0: drop wallpaper optimization patch, questionable source
- deblobber: don't remove libmmparser_lite.so, potentially used by camera
- 17.1: pick Q_asb_2021-12, excluding a broken patch
- clark 17.1: some camera denial fixes
- alioth: unmark broken
- 17.1: switch to upstream glibc fix
- 17.1/18.1: disable per app sensors permission patchset, potential camera issues
Signed-off-by: Tad <tad@spotco.us>
2021-12-13 20:28:54 -05:00
Tad
8cf90d055e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-11 01:12:41 -05:00
Tad
359ce4608f
Small updates
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-07 20:57:54 -05:00
Tad
ed1c151ce5
Update CVE patchers
...
CVE-2021-0961/ANY/0001.patch likely causes breakage
Signed-off-by: Tad <tad@spotco.us>
2021-12-06 17:43:34 -05:00
Tad
c5c3998593
Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝
...
Tested on 14.1 and 15.1 targets
Signed-off-by: Tad <tad@spotco.us>
2021-11-29 21:14:00 -05:00
Tad
67b5a166fc
16.0: extreme loose versioning work
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 22:44:29 -05:00
Tad
9b84cebf92
17.1: loose versioning work
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 15:50:11 -05:00
Tad
0e539e6f92
16.0: loose versioning work
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 22:53:46 -05:00
Tad
ebab5c9407
17.1: add harpia and merlin
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-11 10:22:00 -05:00
Tad
5c8250bbdd
Disable the per-app sensor permission patches
...
Breaks camera on angler
Signed-off-by: Tad <tad@spotco.us>
2021-11-05 14:46:32 -04:00
Tad
fdd549ee98
16.0: add kccat6 and lentislte
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-05 14:16:18 -04:00
Tad
6567937b05
ASB picks
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-05 13:29:50 -04:00
Tad
f7295a0f74
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 23:50:35 -04:00
Tad
f3277f3c07
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 12:01:36 -04:00
Tad
809e03833e
Verity enablement overhaul
...
No change to AVB devices except for enabling on more
Verity devices have the potential to regress by not booting
No change to non-verity/avb devices
Tested working on: mata, cheeseburger, fajita
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 10:24:07 -04:00
Tad
a9f445ad47
16.0: add land and santoni
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-28 19:07:31 -04:00
Tad
ec043e961e
Update CVE patchers
...
CVE-2021-20317 might need to be disabled due to QC timer breakage.
Signed-off-by: Tad <tad@spotco.us>
2021-10-27 15:26:53 -04:00
Tad
fe8e8201a9
Add more 'Private DNS' options
...
Based off of patches from CalyxOS as noted in each included patch.
Tested and verified working on klte and mata 18.1
Signed-off-by: Tad <tad@spotco.us>
2021-10-21 23:39:46 -04:00
Tad
5d7d710076
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-20 15:01:18 -04:00
Tad
b78944933c
More fixes
...
Ensure new shells have the correct settings too.
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 22:57:43 -04:00
Tad
042b9063d1
More fixes
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 17:12:13 -04:00
Tad
256b1db98b
Hard fail on error
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 16:08:43 -04:00
Tad
a5cdb9ab58
Fix patch ordering
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 15:21:22 -04:00
Tad
4ce35a3c60
Refresh most branch specific patches
...
Fixed up:
LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch
LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch
Must review again:
LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 15:19:55 -04:00
Tad
f7194d1f13
Switch to applyPatch
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 14:01:44 -04:00
Tad
7ba42f052a
Small changes
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-14 15:58:22 -04:00
Tad
d5d3846f2c
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-10 19:44:59 -04:00
Tad
939c6aa7ed
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-07 20:07:49 -04:00
Tad
2af0e1201e
Re-enable the recovery downgrade check
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-06 17:03:22 -04:00
Tad
f2e1d32eba
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-06 16:54:45 -04:00
Tad
7b28a193f1
Include the Support app
...
This is a very basic app with zero permissions and has quick links to
various related resources.
Signed-off-by: Tad <tad@spotco.us>
2021-10-06 06:21:38 -04:00
Tad
59bd09a807
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-05 14:44:23 -04:00
Tad
870382ff40
Switch to the Mulch WebView
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-02 01:44:46 -04:00
Tad
27fe558b76
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-29 16:47:50 -04:00
Tad
84c7d230ab
Permission for sensors access patches from @MSe1969
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-24 23:35:33 -04:00
Tad
f5a58bd35f
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-23 20:56:00 -04:00
Tad
c753abf1b2
Small update
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-20 12:12:58 -04:00
Tad
4917af86cc
Update copyright dates
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:30:08 -04:00
Tad
cf3a12cb5a
Move some changes into a new Post.sh
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:26:37 -04:00
Tad
bf5d9bc778
Small tweaks
...
- disable disablement of PROC_PAGE_MONITOR to fix memory stats calculation
- enable slub_nomerge, similar to slab_nomerge for pre 3.18 kernels
slub_nomerge was already default enabled on many 3.10 devices via:
0006-AndroidHardening-Kernel_Hardening/3.10/0010.patch
Signed-off-by: Tad <tad@spotco.us>
2021-09-13 10:39:33 -04:00
Tad
907dc0f040
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-11 16:06:57 -04:00
Tad
faf681a0c6
17.1: add davinci
...
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/10
Signed-off-by: Tad <tad@spotco.us>
2021-09-11 14:55:27 -04:00
Tad
35036e694d
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-08 22:59:33 -04:00
Tad
0ade46cc8e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-07 16:57:15 -04:00
Tad
e84111aaa8
Small changes
...
- Include TalkBack
- Fixup hosts inclusion, due to path mismatch
- 14.1: bump patch level to match the picked ASB
- 14.1: m7-common: deblobber fix
Signed-off-by: Tad <tad@spotco.us>
2021-09-06 14:32:37 -04:00
Tad
809a361e07
Update CVE patchers
...
Don't introduce https://gitlab.com/LineageOS/issues/android/-/issues/3916
Will consider adding it as a revert
Signed-off-by: Tad <tad@spotco.us>
2021-09-04 14:35:24 -04:00
Tad
043b194210
17.1: add surnia + other changes
...
- 17.1: fixup invalid line in marlin from deblobber
- 18.1: fixup audiofx removal
- all: change repo sync to 8 threads from 20, for google HTTP 429 error
Signed-off-by: Tad <tad@spotco.us>
2021-08-26 21:02:28 -04:00
Tad
79132fddef
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 11:07:07 -04:00
Tad
3a79316ddb
Fix camera on taimen/walleye/alioth
...
+ typo fix for last commit
+ cherrypick cleanups
Signed-off-by: Tad <tad@spotco.us>
2021-08-10 00:21:02 -04:00
Tad
0b4ad0e7cc
18.1: add raphael, lmi, alioth
...
+ verity fixes
+ 16.0: drop beryllium, 18.1 builds now
+ deblob: better handle device makefiles
Signed-off-by: Tad <tad@spotco.us>
2021-08-09 20:54:44 -04:00
Tad
2d468d9da2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-09 14:44:48 -04:00
Tad
3f311f84ad
Changes
...
- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes
Signed-off-by: Tad <tad@spotco.us>
2021-08-06 18:36:57 -04:00
Tad
189cf4d801
Update comments
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 22:18:00 -04:00
Tad
2db8ac7c70
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 14:57:55 -04:00
Tad
477b0a1a62
More fixes
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 10:58:22 -04:00
Tad
9e548cabf5
Fixup 3d69ad87
...
Tested to compile bacon, ether, and griffin kernels
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 18:46:38 -04:00
Tad
3d69ad873e
\"\'FIXES\'\" PART 2
...
There will likely be some breakage here.
Many of these patches have been here since the start and never used.
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 15:14:02 -04:00
Tad
4fae8d0445
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 12:37:28 -04:00
Tad
2c05482872
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-07-31 09:17:08 -04:00
Tad
36331d6d62
Update CVE patchers
2021-07-28 10:08:52 -04:00
Tad
b61264e3b9
Update CVE patchers
2021-07-27 00:17:14 -04:00
Tad
ca51db0be0
Update CVE patchers
2021-07-21 22:48:29 -04:00
Tad
9a4c02c3dc
Tiny tweaks
2021-07-19 12:05:18 -04:00
Tad
3d67f9e25c
Update CVE patchers
2021-07-12 06:31:38 -04:00
Tad
c2b2aa5830
16.0+: Add captive portal toggle from @MSe1969
...
Source:
0045a97cb4
b483b4e9ab
18.1 is the 17.1 patch rebased
Wording was altered.
Already included in 14.1+15.1
2021-07-10 22:48:45 -04:00
Tad
a43601e77b
Update CVE patchers
...
I expect breakage.
2021-07-10 11:39:14 -04:00
Tad
0c53c40b7b
Cherrypicks
2021-07-09 20:54:14 -04:00
Tad
ca857913ef
Directory sanity
2021-07-09 07:09:27 -04:00
Tad
dd3a611d0e
Cherrypicks
2021-07-08 20:08:24 -04:00
Tad
c13672b9b7
Update CVE patchers
2021-07-07 15:14:20 -04:00
Tad
12283124b5
Fixup last commit
2021-07-04 17:05:27 -04:00
Tad
f6357512a7
Update CVE patchers
2021-07-04 14:41:44 -04:00
Tad
44003bd2f5
Update CVE patchers
2021-06-30 17:05:59 -04:00
Tad
c2ce9572fa
umask 0022 all the things
...
umask 0077 breaks things in subtle ways
2021-06-27 14:14:34 -04:00
Tad
ef8573b29c
Small fixes
2021-06-26 22:59:46 -04:00
Tad
881c24d8b2
Various patches from GrapheneOS
2021-06-26 18:57:46 -04:00
Tad
d6dca6e66d
Small tweaks
2021-06-26 14:13:03 -04:00
Tad
eb3e51e7e3
Small tweaks
2021-06-23 13:00:43 -04:00
Tad
48f35901c2
Update CVE patchers
2021-06-16 23:17:37 -04:00
Tad
d42c8f033d
Small changes
...
- Fixup CVE-2020-36386 breakage
- Move some cherrypicks in tree (gerrit down right now, pulled from reflog)
- Update cherrypicks
2021-06-15 05:46:30 -04:00
Tad
71fe4d590e
Small tweaks
...
- 14.1: drop z00t, compiles on 15.1
- fix double patch breakage for CVE-2020-36386
- clark: fix recovery firmware extraction, hopefully
2021-06-12 10:49:54 -04:00
Tad
4b044379ec
Update CVE patchers
2021-06-11 11:00:54 -04:00
Tad
50c670c477
Small tweaks
...
- June ASB cherrypicks
- Change default NTP. only 2*.pool.ntp.org supports IPv6
2021-06-10 22:45:32 -04:00
Tad
94b91c6afd
Incall privacy warning from CalyxOS
2021-06-08 12:11:13 -04:00
Tad
d9c49b56c3
Update CVE patchers
2021-06-07 22:30:33 -04:00
Tad
143bec97a9
Small tweaks
2021-06-07 21:32:10 -04:00
Tad
1e5df6f42e
Update CVE patchers
2021-06-03 13:28:32 -04:00
Tad
5c3d3b4d35
Reverts + disable mm-pp removal
...
Revert d7fd127e5f
Partial revert 1c9a66f896
2021-05-30 10:39:34 -04:00
Tad
d7fd127e5f
Only dexpreopt boot and system server
...
Full dexpreopt has repeatedly shown to cause many problems over the years.
The slight gains are not worth the headache it incurs.
2021-05-30 00:36:57 -04:00
Tad
4af81f4d66
Update CVE patchers
2021-05-27 14:54:07 -04:00
Tad
13bffe05e7
Update CVE patchers
2021-05-21 09:14:31 -04:00
Tad
1cde58eaa4
Tiny tweaks
2021-05-12 03:15:41 -04:00
Tad
ccce1fad9b
Update CVE patchers
2021-05-11 17:11:41 -04:00
Tad
731e0e995c
Update CVE patchers
2021-05-07 21:48:29 -04:00
Tad
2cf0b314d8
Various changes
...
- Cherrypick May ASB topics
- 18.1: bump enchilada, fajita, and guacamole
2021-05-06 14:37:52 -04:00
Tad
4450921a10
Update CVE patchers
2021-05-03 20:41:32 -04:00
Tad
febec1b60a
Update CVE patchers
2021-05-02 17:05:53 -04:00
Tad
82014e469a
Update CVE patchers
2021-04-25 11:55:12 -04:00
Tad
3770bf469d
Add a list of potentially bad commits from umn.edu addresses
2021-04-21 21:40:40 -04:00
Tad
4362cf4e63
Small changes
...
- 16.0: drop cheeseburger/dumpling, tested working on 18.1
- Fix some conflicts
2021-04-18 13:42:23 -04:00
Tad
81084a26d7
Update CVE patchers
2021-04-17 11:01:30 -04:00
Tad
83fe8f0434
More small tweaks
...
- Really fix yylloc sed line
- Drop merged ASB cherrypicks
- Edit vendor gps.conf files too
2021-04-16 20:31:57 -04:00
Tad
bdf990a638
Small tweaks
...
- Remove some changes that have been commented for a while
- Don't remove the QCOM VR repos
- Adjust the default quick tiles
- Don't force hardware layers for recents
- Only generate deltas for update_engine devices
- Cherrypick: Update WebView to 90.0.4430.66
- Adjust yylloc sed line
- Add comments to 17.1 devices explaining why they aren't removed for 18.1 yet
2021-04-14 21:29:12 -04:00
Tad
2f2d94c9b5
Small tweaks
2021-04-13 11:59:08 -04:00
Tad
a423f977ff
Update CVE patchers
2021-04-12 20:53:35 -04:00
Tad
8e496341b5
Small tweaks + ASB cherrypicks
2021-04-08 05:40:22 -04:00
Tad
f48738f944
Update CVE patchers
2021-04-06 20:55:55 -04:00
Tad
9293f48b0c
Revert "17.1: drop support for all devices tested working on 18.1"
...
This reverts commit 2bbbd6d87f
.
18.1 recovery is refusing to compile properly.
2021-04-06 04:12:46 -04:00
Tad
f3e672fb18
Failed attempt at fixing signing
...
PRODUCT_OTA_PUBLIC_KEYS is meant to be set by a vendor tree, something
we don't use.
Override it at the source and set it explicitely as well.
This ensures that the compiled recovery.img and the one generated by
sign_target_files_apks.py includes the real public keys for verification.
11.0 signing is ignored.
This will need to be extensively tested as breakage can mean brick on locked
devices.
Although in failure cases it seems test-keys are accepted.
--
After much testing there appears to be a deeper issue with how keys
are inserted into the recovery and handled
2021-04-06 04:07:18 -04:00
Tad
2bbbd6d87f
17.1: drop support for all devices tested working on 18.1
2021-04-02 02:32:15 -04:00
Tad
9db9215d6b
Small changes
...
- Disable generation of unused OTA to reduce compile time
- 17.1+: Disable APEX, breaks signing, and is also useless since no Play Store.
- 18.1: Fixup signing
2021-03-31 01:30:17 -04:00
Tad
9c70bfc6a3
Small fixes
...
- Bring 17.1 recovery in line with 18.1
- flox: fix sensors on 17.1
- flo 15.1: sensors might still be broken due to denial
- flox 17.1: reboot issue is likely fixed
- 18.1: fix my Wi-Fi (wpa2-eap with a cert, but no domain)
2021-03-27 13:48:55 -04:00
Tad
9ae46b7624
Update CVE patchers
...
This fixes Fenix causing a reboot on select devices.
2021-03-26 22:51:50 -04:00
Tad
4d902672df
More cleanup
2021-03-25 10:16:38 -04:00
Tad
d8712ad62a
Update CVE patchers
2021-03-24 16:31:25 -04:00
Tad
5d14e4b4f7
Small changes
...
- Add m7 and avicii (untested)
- Use low_ram target on <2GB devices
Silly me, this never did anything due to the git reset...
- Update Chromium WebView cherrypick
2021-03-24 14:43:12 -04:00
Tad
08ea27fd00
Only include Silence when needed
...
ie. not on tablets without cellular
2021-03-23 21:11:08 -04:00
Tad
529b47039c
18.1: Initial bringup
...
- Functionality tested on mako and klte
- In-place upgrade from 17.1 tested working on klte
- Compile tested on bacon and klte
- Recovery OTA key patch missing, unsure if still needed.
- Deblobber needs support for removing vintf manifest paths from vendor Android.bp
- Launcher needs more default_workspace grid variants (eg. 4x5)
2021-03-23 12:36:31 -04:00
Tad
add30db605
Drop support for overclocking
...
These patches have been disabled for years.
2021-03-20 16:23:38 -04:00
Tad
62cba6a878
More cleanup
2021-03-20 16:15:01 -04:00
Tad
92dcea3b7d
Update CVE patchers
2021-03-20 16:04:14 -04:00
Tad
70b1007dec
15.1: drop support for all devices compiling on 16.0 or 17.1
2021-03-20 14:28:36 -04:00
Tad
aa3d0aeac5
16.0: drop support for all devices compiling on 17.1
2021-03-20 14:03:01 -04:00
Tad
d87ae7d12c
16.0: drop support for all devices tested working on 17.1
2021-03-20 13:38:05 -04:00
Tad
caeb3d5199
Add FP3 to 16.0 and 17.1
...
Untested
2021-03-19 21:53:28 -04:00
Tad
c6f2a5a06d
Fixup ef0ee2c3
2021-03-15 01:06:23 -04:00
Tad
ef0ee2c316
Update CVE patchers
2021-03-14 21:59:19 -04:00
Tad
a3fbed9da5
Update cherrypicks and small tweaks
2021-03-07 03:04:44 -05:00
Tad
60070a19bd
Update CVE patchers
...
Consider splitting CVE-2020-27067 to restore basic patches.
2021-03-04 15:10:24 -05:00
Tad
f02363ecb4
March 2021 Security Updates
2021-03-04 13:02:10 -05:00
Tad
5a3b13e650
Update CVE patchers
2021-02-28 17:56:07 -05:00
Tad
07e46913d9
Fixup verity enablement for cheryl
...
cheryl was already supported in Copy_Keys.sh
2021-02-14 22:50:34 -05:00
Tad
6d0bc0c57e
Update CVE patchers
2021-02-11 15:04:46 -05:00
Tad
41a04ebd36
Update CVE patchers
2021-02-10 15:55:51 -05:00
Tad
f1e2e43642
Update CVE patchers
2021-02-07 19:41:46 -05:00
Tad
d003ee6ea7
Update cherrypicks
2021-02-06 15:24:31 -05:00
Tad
3c0aaaa803
Update CVE patchers
2021-02-06 13:04:52 -05:00
Tad
820c637f20
Move many old cherry picks in tree for archival/support purposes
2021-02-05 20:00:43 -05:00
Tad
ebd992580c
Update cherrypicks
2021-02-05 16:53:25 -05:00
Tad
d44eca7187
Update CVE patchers
2021-02-03 19:40:55 -05:00
Tad
fc5ba24098
Fixup
2021-02-03 12:19:37 -05:00
Tad
8fbe6a4bd2
Update CVE patchers
2021-02-03 11:50:22 -05:00
Tad
31d0b901ae
Update cherrypicks
2021-02-03 09:45:26 -05:00
Tad
bac552732f
Small tweaks
2021-01-30 21:34:50 -05:00
Tad
6a1fb99cc9
Unbreak last commit
...
This should be most of it
also
- properly update webview, repopick doesn't seem to handle the branch
- always cd back to base, to prevent script breakage
2021-01-25 13:31:57 -05:00
Tad
08142c2c9d
Update CVE patchers
...
I expect breakage.
2021-01-24 00:30:24 -05:00
Tad
bef3ba0049
Small changes
2021-01-23 23:08:00 -05:00
Tad
c17623a87a
Update CVE patchers
2021-01-16 22:48:28 -05:00
Tad
e9fd952ba2
Many small tweaks
...
- Remove leftover WireGuard repo missed in 31898834
- Enable the volteOverride, to ensure VoLTE enablement on supported devices on unknown carriers
- Extend volteOverride to support system.prop if vendor.prop doesn't exist (to cover eg. marlin/sailfish)
- Disable commenting of SOUND_TRIGGER flags.
sountrigger blobs are not removed due to boot breakage.
disable this and stop patching hardware/qcom/audio.
Intended to potentially fix phone call audio issues on mata
- Small CVE patcher updates
2021-01-16 21:16:02 -05:00
Tad
a4333daefe
Update cherrypicks
...
I managed to miss 300243 in the recent 17.1 rebuilds
2021-01-14 12:08:46 -05:00
Tad
318988345b
Drop WireGuard kernel module support
...
It was never used or enabled.
Silly me didn't acknowledge that it requires root for any app to use.
The app itself will still be included in the PrebuiltApps submodule for anyone who needs.
2021-01-13 06:30:44 -05:00
Tad
f621ff7dda
Update CVE patchers
...
I have absolutely no idea why kernel_oneplus_msm8998 was downgraded
4.4.241 to 4.4.205
https://github.com/LineageOS/android_kernel_oneplus_msm8998/tree/backup/lineage-17.1_20210108_1948
2021-01-13 04:29:00 -05:00
Tad
b683d40ef3
Small tweaks
...
- Update cherry picks
- Add star2lte to 15.1 and 17.1
2021-01-09 13:37:07 -05:00
Tad
42b94605f8
Cherrypicks and CVE-2019-2306 patching
2021-01-06 14:04:18 -05:00
Tad
e557ca3710
Update CVE patchers
2021-01-05 14:26:15 -05:00
Tad
bd4cb22db1
ASB cherry picks
2021-01-05 12:22:42 -05:00
Tad
e62afb602b
Sync APN list from 17.1 to all versions
...
- 15.1: enable hammerhead due to reported bt issues on 16.0
2021-01-04 20:16:33 -05:00
Tad
ff96315fb4
Update CVE patchers
2020-12-30 11:08:19 -05:00
Tad
4c0ac9c46c
Small changes
2020-12-24 02:01:10 -05:00
Tad
8b56cd13c6
deblobber: Don't remove CNE
...
- breaks Wi-Fi calling
- breaks IMS on marlin/sailfish
2020-12-22 13:53:29 -05:00
Tad
d6cf9ec8b0
Many fixes
...
VoLTE tested working on mata/17.1!
VoWiFi tested working with DOS_DEBLOBBER_REMOVE_CNE=false
- Disable Graphene exec spawning feature, subtly breaks many apps
Maybe missing some patches?
- Build old versions for devices with broken IMS
- Ensure shell umask is always 0022
- fwb overlay: drop the MMS user-agent overrides
- Drop the BlobBlocker and ModuleBlocker
They were unused and unkempt.
- Put volteOverride behind DOS_DEBLOBBER_REMOVE_IMS and comment it
2020-12-22 04:00:12 -05:00
Tad
356c743cd8
Update cherrpicks
2020-12-21 03:44:07 -05:00
Tad
1be184bac9
Small tweaks
2020-12-16 07:48:41 -05:00
Tad
39727cb7c7
Update CVE patchers
2020-12-10 14:09:58 -05:00
Tad
5ffefc4dc3
Cherry picks
2020-12-10 12:34:14 -05:00
Tad
3ec13d6bc8
Update CVE patchers
2020-12-08 10:24:24 -05:00
Tad
e36a91facc
Update CVE patchers
2020-12-07 09:36:20 -05:00
Tad
9c691d02ab
Update CVE patchers
2020-12-03 22:43:23 -05:00
Tad
09722044b0
Update CVE patchers
2020-11-29 19:06:06 -05:00
Tad
69c8bdfb22
Update CVE patchers
2020-11-26 09:03:45 -05:00
Tad
48e72f67bb
Tiny update
2020-11-22 22:12:47 -05:00
Tad
445582fe2a
Update CVE patchers
2020-11-19 17:15:55 -05:00
Tad
9d7e5a24a3
License headers
2020-11-17 10:19:06 -05:00
Tad
7b9d90d781
move clark from 14.1 to 17.1
2020-11-15 08:16:29 -05:00
Tad
523264aebb
Update CVE patchers
2020-11-12 23:46:38 -05:00
Tad
e7a65ff912
Small fixes
2020-11-09 22:55:36 -05:00
Tad
a21a6acaa8
Update cherrypicks
2020-11-07 17:20:30 -05:00
Tad
dc5b1d91f2
Update CVE patchers
2020-11-06 16:15:16 -05:00
Tad
42053a97e2
ASB cherry picks
2020-11-04 09:48:12 -05:00
Tad
6a5866c01d
More failed attempts at fixing IMS
...
Keeping IMS, RCS, CNE, ATFWD, and allowing ims* to access /dev/diag:
IMS service still fails to register on mata
Is it the carrier?
Is it the phone?
Is it LineageOS?
Is is DivestOS?
Absolute mess.
2020-11-02 19:24:56 -05:00
Tad
e36f4529a3
Fixup 9f01dc03
...
Enables replacing of vendor fingerprints.
I thought this was broken, turns out it was the AUX camera change instead.
2020-11-02 11:04:49 -05:00
Tad
9f01dc038c
Small changes
...
- SUPL NTP fix
- Remove debug info from dexpreopt, saves a few MB
- 15.1+: enable full dexpreopt, for perf and memory benefits
- 17.1: change oneplus/msm8998-common kernel
- 17.1: add OpenCamera to AUX list
- Resurrect verity for devices missed previously
- Update some CVE patchers
- deblobber: remove some lingering atfwd blobs
2020-11-02 06:28:06 -05:00
Tad
3926f3a44f
Small updates
...
- Various rebranding fixes
- 17.1: hold off on Seedvault inclusion for now
- 17.1: update kernel/fxtec/msm8998 CVE patcher
- 17.1: build cheeseburger/dumpling
2020-10-31 15:16:25 -04:00
Tad
5ec84b9f7b
Update CVE patchers
2020-10-30 14:35:12 -04:00
Tad
40f8cebc53
Small updates
2020-10-28 19:09:18 -04:00
Tad
b89cc98001
Small updates
2020-10-27 21:40:20 -04:00
Tad
ff8dfd95db
Small updates
2020-10-26 05:24:59 -04:00
Tad
47d064f98c
Fixes
2020-10-23 18:50:51 -04:00
Tad
fb2a4df9a0
Add yellowstone, untested and disabled for now
2020-10-23 16:47:06 -04:00
Tad
95077df728
Update CVE patchers
2020-10-23 15:51:19 -04:00
Tad
1b4b86c38d
Tiny tweaks
2020-10-23 14:49:16 -04:00
Tad
d889ae4642
Update CVE patchers
2020-10-17 15:28:42 -04:00
Tad
6d15a2bb82
Update CVE patchers
2020-10-15 22:36:28 -04:00
Tad
688f4dd953
More CVE patcher fixes
2020-10-15 21:31:46 -04:00
Tad
cc64ce1634
Update CVE patchers
2020-10-14 16:28:07 -04:00
Tad
10d042c3c0
Update CVE patchers
2020-10-14 15:20:06 -04:00
Tad
6c9c91941e
Fix errors from compile test of all 14.1 kernels
2020-10-14 14:23:22 -04:00
Tad
d53a4f4e41
Update CVE patchers
...
- Drop tcp_sack=0 sysctl, as most devices are now patched
2020-10-12 18:38:07 -04:00
Tad
b56929d3d9
Many changes
...
- Missing credit in LICENSE
- Update TODO
- hardenLocationConf: don't change version
- hardenDefconfig: Fix reboot on shutdown
- changeDefaultDNS: replace a level3 dns straggler for tethering config
- Don't remove CompanionDeviceManager if microG is included
- Update cherry picks
- init.sh: update comment wording
2020-10-12 07:52:54 -04:00
Tad
115dd21832
Many changes
...
- 17.1: Add Pixel 4/XL
- Promote klte to 17.1
- hardenBootArgs: don't run on klte
- hardenBootArgs: regorganize
- hardenDefconfig: enabler: drop unnecessary options (iommu)
- hardenDefconfig: disabler: comment diag options for now
- deblobber: comment dirac lines to fix cheeseburger headphone jack
- fixup Etar replacement
2020-10-11 07:12:00 -04:00
Tad
260140f0a1
Update CVE patchers
2020-10-10 11:56:35 -04:00
Tad
8bdad21040
Update CVE patchers
2020-10-06 23:36:29 -04:00
Tad
b56fabac3b
Update CVE patchers
...
I expect some breakage here
2020-10-06 21:14:18 -04:00
Tad
bf9167f442
Update CVE patchers
2020-10-05 21:38:25 -04:00
Tad
55e010fba5
Small updates
2020-10-01 14:56:37 -04:00
Tad
92f7f37096
Update CVE patchers
...
Fix CVE-2020-25221 breakage
2020-09-25 09:27:12 -04:00
Tad
bc7cf7af0a
Update CVE patchers
2020-09-25 06:55:18 -04:00
Tad
92879ec2a4
Update CVE patchers
2020-09-23 06:31:34 -04:00
Tad
3bc1463017
Update CVE patchers
2020-09-18 10:36:01 -04:00
Tad
8c1e8ee3e3
Update CVE patchers
2020-09-17 15:35:48 -04:00
Tad
6e16320468
Small fixes
2020-09-13 19:52:37 -04:00
Tad
d16a362141
ASB cherry picks + Fixup 2f83043c
...
TODO: rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk
2020-09-12 08:29:09 -04:00
Tad
4c29ac36d2
Update CVE patchers
2020-09-09 19:00:03 -04:00
Tad
76fcd8a0d4
Update CVE patchers
2020-09-08 18:19:52 -04:00
Tad
37ff7ddc2d
Update CVE patchers
2020-09-02 15:03:00 -04:00
Tad
bca6af1516
Small updates
...
- recovery: abort on serial number specific updates, credit: GrapheneOS
- Add lists of missing CVEs
- Update cherrypicks
2020-09-02 14:20:51 -04:00
Tad
0808ac1fd0
Many updates
...
- Add OnePlus 6, 6T, 7, 7 Pro
- Ensure verity/avb keys are *always* copied
- Update cherry picks
2020-09-01 03:26:21 -04:00
Tad
ec17d20f58
Update CVE patchers
2020-08-22 11:03:23 -04:00
Tad
98854115be
16.0: Add pro1
...
- Also initial beryllium support, no builds yet
2020-08-10 15:34:55 -04:00
Tad
f19dbe5958
More fixes for a69326f3
2020-08-10 03:46:36 -04:00
Tad
887ebb84c5
Update CVE patchers
...
Includes many fixes for a69326f3
but probably breaks other things
2020-08-09 07:29:19 -04:00
Tad
a69326f396
Update CVE patchers
...
Untested. I expect some breakage.
2020-08-08 13:06:39 -04:00
Tad
7cd6df559c
Update AOSP CVE list to August patches
2020-08-05 01:53:50 -04:00
Tad
af54500797
Update CVE patchers
2020-08-03 18:15:27 -04:00
Tad
0a979b67fa
Small changes
...
- 17.1: bringup bacon and ether
2020-07-24 10:20:07 -04:00
Tad
820a680d4d
Small updates + Many fixes
2020-07-13 17:37:33 -04:00
Tad
e8f13920bb
Cherry picks
2020-07-08 16:39:26 -04:00
Tad
c715d549a7
Update CVE patchers
2020-07-07 01:57:39 -04:00
Tad
9bafe76906
Update CVE patchers
2020-06-27 02:29:14 -04:00
Tad
2ef92046af
Small changes
2020-06-22 20:41:49 -04:00
Tad
5b9e44794b
Fixup broken checksum generation
2020-06-14 09:36:39 -04:00
Tad
4e9f733f27
Small updates
2020-06-12 16:27:45 -04:00
Tad
837fbecc49
More verity resurrection
2020-06-08 11:57:52 -04:00
Tad
d96a421dee
17.1: disable cheeseburger/dumpling
2020-06-07 22:33:50 -04:00
Tad
79c7443c7d
17.1: bring up osprey and cheeseburger/dumpling
...
- also fix cherrypick mismatch
2020-06-07 16:35:05 -04:00
Tad
850c4ad88c
Small updates
...
- Partial revert of 5106063c
- Cherry picks
- CVE patcher fixes
2020-06-07 04:25:12 -04:00
Tad
5797ea8fc4
Small fixes
...
CVE-2019-14047/ANY/0002.patch will probably need to be disabled on more devices
2020-06-02 17:33:27 -04:00
Tad
ca77d36357
Update CVE patchers
2020-06-02 02:23:57 -04:00
Tad
694f270d75
Initial bringup of many devices to 17.1
2020-05-31 15:10:32 -04:00
Tad
31d6ab5299
Update CVE patchers
2020-05-28 23:06:53 -04:00
Tad
5106063cb5
Drop many more repositories
2020-05-24 20:07:03 -04:00
Tad
7af3c42325
Minor fixes
2020-05-23 23:31:05 -04:00
Tad
25cc3c5a10
Update CVE patchers
2020-05-18 16:25:41 -04:00
Tad
7343973b1d
Minor updates
...
- Update cherrypicks
- 17.1: mata fix usb
- 16.0: whitelist open camera for aux support
2020-05-17 10:04:48 -04:00
Tad
2aa65e6b16
Cherry picks
2020-05-11 07:57:53 -04:00
Tad
e962fdeb81
Update CVE patchers
2020-05-04 17:18:50 -04:00
Tad
e58ba3e9b2
Disable IMS stack
2020-05-02 22:29:23 -04:00
Tad
2a0352ba1c
Many fixes
...
17.1: recovery: rebranding reverts
17.1: mata: fix vorbis
17.1: g2/g3: fix Wi-Fi under -user
15.1/16.0: g2/g3: improve misc_block_exception patch
2020-04-30 18:37:41 -04:00
Tad
c1e0503390
Update cherry picks
2020-04-28 19:23:49 -04:00
Tad
9fcb91793e
Update CVE patchers
2020-04-26 13:24:43 -04:00
Tad
358a0d703b
Many changes
...
- Promote many 16.0 devices to 17.1
- Many build fixes
- Switch to FairEmail
2020-04-25 12:34:49 -04:00
Tad
84300d6611
Small fixes
2020-04-19 13:19:55 -04:00
Tad
c3bb898eb0
2020
2020-04-14 21:39:51 -04:00
Tad
8012903ba1
17.1: Initial bringup
...
- See items marked with '17REBASE'
2020-04-14 21:21:13 -04:00
Tad
cdd74148b9
Patcher build fixes
2020-04-12 13:58:02 -04:00
Tad
ee458d0ed1
April ASB cherry picks
2020-04-08 13:44:52 -04:00
Tad
0c89accfb5
Update CVE patchers
2020-04-06 22:23:37 -04:00
Tad
c26b3e95c7
Minor tweaks
...
- Cherry pick PPP/CVE-2020-8597 patches
- Add some more DNS providers
- Switch default DNS to Cloudflare's new malware blocking provider
- GCC 10 build fix
- Update CVE patchers (select)
2020-04-05 15:53:58 -04:00
Tad
d7ef9abf61
Minor tweaks
2020-03-25 22:08:25 -04:00
Tad
01843b6b2b
Update incrementals
2020-03-02 19:33:43 -05:00
Tad
50f44d1934
Small changes
...
- cheeseburger/dumpling: fix ogg vorbis playback, credit @LuK1337
- cheeseburger/dumpling: fix delta ota generation
- remove a few more blobs
- potentially bluetooth when ant is removed on newer devices
- support newer clamav
- commented support for extracting boot.img when recovery.img isn't available
-- fastboot.zip should be preferred
- potentially fix boot on many untested newer devices (diag on msm8996+)
- update cherry picks
2020-02-24 18:53:27 -05:00
Tad
4292bcaa3e
recovery: fix sideload with larger files
...
+ 16.0: add a disabled patch to remove backuptool
+ processRelease: add support for copying recovery image to archive
2020-02-23 16:06:47 -05:00
Tad
fe54dd26a6
Fix many device issues
...
- Fix mata
- Fix cheeseburger
- Enable near-entire IMS stack (proprietary)
- Fix many other new devices
2020-02-22 13:29:01 -05:00
Tad
4e25046418
Many changes
...
- Add OnePlus 2, 3/T, 5/T
- Fix flounder
- Cherrypicks
2020-02-17 22:21:47 -05:00
Tad
cc28df15f7
Cherry picks + fix 5 failing devices
2020-02-09 13:52:25 -05:00
Tad
2734a075c6
Update CVE patchers
2020-02-03 21:36:49 -05:00
Tad
332807d427
Update CVE patchers
2020-02-02 12:09:49 -05:00
Tad
d87457630a
Update cherrypicks
2020-01-26 21:17:33 -05:00
Tad
84ac696e16
Small updates
2020-01-08 21:22:35 -05:00
Tad
d3f28918e5
Update CVE patchers
2020-01-06 18:25:36 -05:00
Tad
d8c2a56124
Update CVE patchers
2019-12-11 20:21:14 -05:00
Tad
4610cd9bde
Update CVE patchers
...
CVE-2019-19252 was dropped
dependent on d21b0be246
2019-12-03 06:12:46 -05:00
Tad
7ef8a2726d
Minor tweaks
2019-11-28 12:03:40 -05:00
Tad
f90b62982b
Update CVE patchers
2019-11-24 20:13:55 -05:00
Tad
038ae37376
Minor tweaks
2019-11-24 16:22:58 -05:00
Tad
baabd45a16
Minor tweaks + ASB cherrypicks
2019-11-10 02:34:40 -05:00
Tad
d64534a7c1
Update CVE patchers
2019-11-04 21:04:49 -05:00
Tad
1a7897211a
16.0: add Amber
2019-10-29 17:37:43 -04:00
Tad
791087fefa
minor tweaks
2019-10-27 16:20:27 -04:00
Tad
640ef60b83
Move many old cherry picks in tree for archival/support purposes
2019-10-19 22:03:59 -04:00
Tad
204285d7c8
kernel command line: enable hardening options
2019-10-18 22:14:28 -04:00
Tad
e13c6c7c9c
processRelease features
...
- support removing device out after complete
- support malware scan before sign
- Update cherry picks
2019-10-15 12:23:46 -04:00
Tad
bffcd06644
16.0: add zenfone3
2019-10-11 15:16:09 -04:00
Tad
159e5ea194
Minor tweaks
...
- Update cherry picks
- Update copyright year
- bacon: fix delta generation
2019-10-11 13:24:38 -04:00
Tad
579f340c3c
Update CVE patchers
2019-10-04 14:43:19 -04:00
Tad
f20ddfc0f6
Minor tweaks
2019-10-04 10:39:27 -04:00
Tad
79ec8a4999
clark: experimental 16.0
2019-09-28 17:37:18 -04:00
Tad
a0e8f9653c
Future proofing keys
2019-09-25 21:04:24 -04:00
Tad
f55cdef5b0
Minor tweaks
2019-09-21 15:42:26 -04:00
Tad
4a1ebe1b71
Scripts: localize variables in functions
2019-09-17 04:14:35 -04:00
Tad
e01e457b24
Per-device signing keys
...
- also fix OTA/recovery key regression
- Update cherrypicks
2019-09-15 22:18:04 -04:00
Tad
19d5b66097
Many changes
...
- ASB chery picks
- 16.0: recovery: fix sideload
- Restore releasetools for some devices
- Only include Backup where supported
- Change some small defaults
- z00t: 14.1 -> 15.1
- himaul: 14.1 -> 15.1
- i9100: 14.1 -> 15.1+16.0
- flo: 15.1 -> 16.0, disabled
- flounder: 15.1 disabled, enable 14.1
2019-09-13 20:24:02 -04:00
Tad
09b38c1f04
marlin/sailfish: fix MediaProvider using 100% CPU
...
- by disabling mtp over functionfs
- affects both GrapheneOS and LineageOS
- might need to be applied to other devices
[pid 2482] ppoll([{fd=42, events=POLLIN}, {fd=51, events=POLLIN}], 2, {tv_sec=0, tv_nsec=0}, NULL, 0) = 0 (Timeout)
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 42 -> /dev/usb-ffs/mtp/ep0
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 51 -> anon_inode:[eventfd]
https://forum.xda-developers.com/android/help/pixel2-help-diagnose-android-process-t3863274
https://bugs.chromium.org/p/chromium/issues/detail?id=947901
2019-09-06 09:38:01 -04:00
Tad
1a7291aa36
Minor changes
...
- Cherry picks
- New default wallpaper, credit: Pawel Czerwinski, UmzGrVna1P0
2019-09-05 04:23:28 -04:00
Tad
9ce8cdb9b6
Add Steve Soltys' Backup app
2019-09-04 06:40:05 -04:00
Tad
ec48a4c89c
Update CVE patchers
2019-09-04 01:31:12 -04:00
Tad
db572efa89
Many changes
...
- processRelease: Support AVB
- sort device build order by SoC
Additions:
- taimen/muskie: 15.1, 16.0
- crosshatch/blueline: 16.0
- bonito/sargo: 16.0
2019-09-03 16:50:50 -04:00
Tad
1bd0e47099
victara: 15.1 -> 16.0
...
- other fixes
2019-08-30 22:42:10 -04:00
Tad
330df0983c
16.0: Add GrapheneOS' exec-based spawning feature + misc tweaks
...
- patch credit updates
- 16.0: allow SystemUI to directly manage Bluetooth/WiFi
- from GrapheneOS
- cleanup
2019-08-30 02:30:13 -04:00
Tad
e10a865b05
Improve release processing to support deltas and archiving
2019-08-29 19:09:31 -04:00
Tad
057bedb65b
Minor tweaks
...
- 14.1+15.1+16.0: enable kernel protections for files
- protected_*: hardlinks, symlinks, fifos, regular
- from GrapheneOS
- defconfig: enable more verity options
- cleanup
2019-08-28 20:24:59 -04:00
Tad
db348ab09c
Minor tweaks
...
- 15.1+16.0: Replace in-line build signing patch with bash function
- From GrapheneOS/script
- 15.1+16.0: Enable fingerprint failed lockout after 5 attempts
- From GrapheneOS
2019-08-28 00:40:27 -04:00
Tad
68cdef8733
Minor tweaks
2019-08-26 20:50:28 -04:00
Tad
eccf9c6f6d
Many new devices
...
- hammerhead: 15.1 -> 16.0
- axon7: 14.1, 15.1
- cheryl: 16.0
- crackling: 14.1, 15.1, 16.0
- ham: 14.1, 15.1, 16.0
- kipper: 14.1, 15.1, 16.0
- z2_plus: 16.0
2019-08-23 17:27:53 -04:00
Tad
e9b5c06188
Lots of device updates
...
- d802: 15.1 -> 16.0
- d852: 15.1 -> 16.0
- d855: 15.1 -> 16.0
- fugu: 15.1 -> 16.0
- jfltexx: 14.1 -> 16.0
- m8: 15.1 -> 16.0
- mata: 15.1 -> 16.0
- update cherrypicks
- defconfig: enable MMC_SECDISCARD
2019-08-23 11:47:43 -04:00
Tad
3a080bbcd7
Minor tweaks
2019-08-13 01:56:01 -04:00
Tad
89de66bdba
Many small changes
...
- Cherrypicks for ASB patches
- Apps: Switch gallery to Simple Gallery
- Apps: Switch camera to OpenCamera
- PKGBUILD: update with image optimization dependencies
- Deblobber: fix bug introducted in 6d33e4ecbf
2019-08-08 14:22:24 -04:00
Tad
6d33e4ecbf
Parallize many functions invoked by find
2019-08-05 21:09:35 -04:00
Tad
3f8e9a846b
Complete tree image optimization
...
- recursively optimize images using optipng/jpegoptim
benefits:
+ reduces image size
+ decreases load time
+ reduces memory usage
2019-08-05 20:34:08 -04:00
Tad
aee6b66dd8
Update CVE patchers
2019-08-05 16:03:41 -04:00
Tad
bad890614e
Update CVE patchers
2019-07-21 09:47:10 -04:00
Tad
34d1bbe155
Minor updates
2019-07-21 07:36:02 -04:00
Tad
6458d6785f
Enable IPv6 privacy extensions
2019-07-05 16:47:59 -04:00
Tad
4fe74583a9
Minor tweaks
2019-07-03 10:42:24 -04:00
Tad
a29825f6e1
Update CVE patchers
2019-07-01 18:06:05 -04:00