Tad
1b4f6d3bd8
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-09-17 01:30:23 -04:00
Tad
5eb6190931
Fixup 15.1/16.0 backport: system/bt: Fix UAF in gatt_cl.cc
...
thanks to @syphyr for this!
Signed-off-by: Tad <tad@spotco.us>
2023-09-12 16:55:46 -04:00
Tad
51b28e6cdf
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2023-09-11 17:24:48 -04:00
Tad
033c600eac
16.0 September ASB work
...
Signed-off-by: Tad <tad@spotco.us>
2023-09-11 16:14:15 -04:00
Tad
84a84c4742
Picks + Churn
...
Signed-off-by: Tad <tad@spotco.us>
2023-09-10 21:12:24 -04:00
Tad
0ec3c25d86
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-09-05 20:42:14 -04:00
Tad
fc9032513f
Update CVE patchers
...
Likely issue CVE-2023-3773/^6.4
Signed-off-by: Tad <tad@spotco.us>
2023-08-27 17:13:53 -04:00
Tad
52a0c55c41
Fixups
...
- Revert Freetype branch switching for 15.1+, broken
- Don't include OpenEUICC on Pixel 2 and 3 series, they won't work
- Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-24 03:06:02 -04:00
Tad
7ad46d58f1
Switch to @syphyr's security backport branches
...
Signed-off-by: Tad <tad@spotco.us>
2023-08-18 11:34:39 -04:00
Tad
2142e2e763
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-08-17 17:18:10 -04:00
Tad
160aee5049
Backport patch to handle verity with openssl 3.0
...
ref: https://github.com/Divested-Mobile/DivestOS-Website/pull/19
Signed-off-by: Tad <tad@spotco.us>
2023-08-11 18:53:01 -04:00
Tad
974878988b
Fixup
...
Will regen later
Signed-off-by: Tad <tad@spotco.us>
2023-08-09 00:46:44 -04:00
Tad
4b2160cf56
16.0 August ASB work
...
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 07:48:57 -04:00
Tad
eef09ae519
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-08-07 18:07:19 -04:00
Tad
180280b233
Update CVE patchers
...
TODO: adjust min version of CVE-2023-4132
Signed-off-by: Tad <tad@spotco.us>
2023-08-04 21:00:29 -04:00
Tad
c777c74717
16.0 Backports
...
- hosts toggle
- auto reboot
- bluetooth timeout
- unprivileged microG
- ptrace toggle
- exec spawning toggle
TODO: needs work
Signed-off-by: Tad <tad@spotco.us>
2023-07-27 16:35:00 -04:00
Tad
73414e76d2
Update CVE patchers
...
two lpes
Signed-off-by: Tad <tad@spotco.us>
2023-07-25 12:04:05 -04:00
Tad
e74f861c8e
Fixes + Churn
...
- Fix instances of awk failing on missing globs
- Remove unwanted packages from work/user/managed profiles
- Remove proprietary camera extensions
Signed-off-by: Tad <tad@spotco.us>
2023-07-24 03:59:51 -04:00
Tad
e408e7e19a
Drop devices with newer versions available
...
14.1: clark
15.1: deb, flo, hammerhead, shamu, ether
16.0: hammerhead
19.1: alioth
Signed-off-by: Tad <tad@spotco.us>
2023-07-22 19:17:42 -04:00
Tad
0f9a2c7aea
Less aggressive low_ram enablement
...
14.1 <2GB
15.1 <2GB
16.0 <2GB
17.1 <3GB
18.1 <3GB
19.1 <4GB
20.0 <4GB
Signed-off-by: Tad <tad@spotco.us>
2023-07-17 18:44:56 -04:00
Tad
1c9076fffe
KSM tuning
...
- Only enable on Linux 3.0 through 4.9
- Always enable defer option
- Only run twice a second, instead of fifty times a second
Signed-off-by: Tad <tad@spotco.us>
2023-07-14 20:27:10 -04:00
Tad
192c73146a
Add a toggle for KSM
...
Signed-off-by: Tad <tad@spotco.us>
2023-07-14 17:11:21 -04:00
Tad
15de8ed2e8
Expand the low_ram coverage
...
As follows
14.1 <3GB
15.1 <3GB
16.0 <3GB
17.1 <3GB
18.1 <4GB
19.1 <6GB
20.0 <6GB
Signed-off-by: Tad <tad@spotco.us>
2023-07-13 18:31:03 -04:00
Tad
ad8e5b631a
16.0+17.1: Extra July ASB backport from @MSe1969
...
Signed-off-by: Tad <tad@spotco.us>
2023-07-09 14:49:51 -04:00
Tad
293f97d678
16.0 July ASB work
...
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 17:24:47 -04:00
Tad
a1a3cbb94e
Fix overlay conflicts
...
Should mostly fix https://github.com/Divested-Mobile/DivestOS-Build/issues/219
Signed-off-by: Tad <tad@spotco.us>
2023-07-06 14:51:40 -04:00
Tad
f2c8005853
16.0: switch to upstream P_asb_2023-06
...
Has two extra patches for Traceur, but misses a patch for CarSettings
Signed-off-by: Tad <tad@spotco.us>
2023-07-03 15:22:32 -04:00
Tad
2e2ac4557d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-06-26 19:41:11 -04:00
Tad
cda898f141
Certificate Authority store updates
...
- Remove some untrustworthy CAs
- Update CA store for all branches to aosp/e302aa968334b3c3fc9cd709a7c7661e0cf534eb
Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:54 -04:00
Tad
41e2669884
17.1: switch to flamefire's ASB topics
...
This gets us ~9 extra patches
Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:46 -04:00
Tad
a07133a064
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-06-16 11:03:46 -04:00
Tad
8c7f3daa00
15.1+16.0 June ASB work
...
Signed-off-by: Tad <tad@spotco.us>
2023-06-10 05:16:45 -04:00
Tad
ab52996e4f
16.0: switch to upstream topic for May ASB patches
...
They're identical
I'll likely eventually pull them back in anyway
Signed-off-by: Tad <tad@spotco.us>
2023-06-10 01:57:59 -04:00
Tad
2ee99fe3ef
Update CVE patchers
...
CVE-2020-36694 appears to be a duplicate of CVE-2021-29650
Signed-off-by: Tad <tad@spotco.us>
2023-06-01 21:12:08 -04:00
Tad
cd0a29d69b
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-05-12 23:28:44 -04:00
Tad
6fb0a581c3
15.1 and 16.0 May ASB work
...
Signed-off-by: Tad <tad@spotco.us>
2023-05-07 21:28:27 -04:00
Tad
6d2a255eef
Remove User-Agent (and serial) from source built libloc
...
Signed-off-by: Tad <tad@spotco.us>
2023-05-05 22:27:27 -04:00
Tad
c544c28b94
Prevent Qualcomm location stack from reading chipset serial number
...
The deblobber already removes xtra-daemon which is what actually performs the requests.
This is just extra sanctity.
Signed-off-by: Tad <tad@spotco.us>
2023-05-03 21:41:20 -04:00
Tad
366b4eb5ef
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 18:01:39 -04:00
Tad
39b0c9e036
Remove broken emoji updates
...
Signed-off-by: Tad <tad@spotco.us>
2023-05-02 15:31:57 -04:00
Tad
7b2eb1079a
Update emoji list in LatinIME too and disable
...
tested not working on 15.1
shows as cross boxes or double characters
Signed-off-by: Tad <tad@spotco.us>
2023-04-29 16:56:13 -04:00
Tad
86b7525400
Update the emojis, untested
...
Signed-off-by: Tad <tad@spotco.us>
2023-04-29 16:17:00 -04:00
Tad
47136145e5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-04-23 23:20:36 -04:00
Tad
26cf500dad
15.1 April ASB work + picks
...
Signed-off-by: Tad <tad@spotco.us>
2023-04-18 23:12:22 -04:00
Tad
9ba61642de
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-04-17 23:19:28 -04:00
Tad
aad60b7567
Promotions
...
16.0 santoni/land to 20.0 Mi8937 unified
17.1 griffin to 18.1
17.1 star*/crownlte to 20.0
20.0 add pro1x
Signed-off-by: Tad <tad@spotco.us>
2023-04-17 21:36:49 -04:00
Tad
2cc87c4dc7
Switch fingerprint locked to 5 attempts instead of 3 + churn
...
Signed-off-by: Tad <tad@spotco.us>
2023-04-12 15:26:26 -04:00
Tad
9a97c7013b
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-04-05 12:43:36 -04:00
Tad
4435c200ed
15.1+: vCard 4.0 support from GrapheneOS
...
8fbeedd002
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/202
Signed-off-by: Tad <tad@spotco.us>
2023-04-04 12:50:42 -04:00
Tad
750f244304
Updates, logging, and churn
...
also add an extra March ASB patch for 17.1
Signed-off-by: Tad <tad@spotco.us>
2023-03-31 12:38:46 -04:00
Tad
ca93ef33ce
Slightly improve compatibility with apps that want GSF
...
38a5ca05e9
Signed-off-by: Tad <tad@spotco.us>
2023-03-28 23:45:58 -04:00
Tad
fe80137df9
Don't remove CompanionDeviceManager
...
Used by some wearables, not just Android Wear
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/196
Signed-off-by: Tad <tad@spotco.us>
2023-03-25 20:21:38 -04:00
Tad
472ec96915
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-22 16:23:26 -04:00
Tad
8bcb5c734d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-17 19:27:22 -04:00
Tad
38626e1b0c
Picks + Fixes
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-14 16:58:27 -04:00
Tad
162b40a39d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-13 18:13:54 -04:00
Tad
ef2fdb1d3e
More handling improvements
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 16:14:51 -05:00
Tad
0b294c1601
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 16:01:49 -05:00
Tad
5d0ab40f0b
Robustness improvements
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 01:14:06 -05:00
Tad
6ba784ac33
Some actual error handling 1/n
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-08 00:03:23 -05:00
Tad
097019193e
Don't bail when devices are missing
...
Signed-off-by: Tad <tad@spotco.us>
2023-03-07 23:41:27 -05:00
Tad
804786aa23
Update CVE patchers
...
Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/193
Signed-off-by: Tad <tad@spotco.us>
2023-03-06 19:54:15 -05:00
Tad
2706fc9d59
Missing pick
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-19 15:37:16 -05:00
Tad
b2913e8170
15.1 February ASB work + Picks
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-19 13:07:11 -05:00
Tad
a845f59546
Fixup persistent IPv6 privacy address issue + churn
...
Backports of rfc4941bis from Google/Linaro
and workaround for legacy kernels from GrapheneOS
already has rfc4941bis patch:
fairphone_sdm632
google_gs101
google_gs201
google_msm-4.14
google_msm-4.9
google_redbull
oneplus_sdm845
razer_sdm845
xiaomi_sdm845
Signed-off-by: Tad <tad@spotco.us>
2023-02-11 20:26:24 -05:00
Tad
3047b3b269
Fixup kipper & starlte
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-10 08:19:23 -05:00
Tad
0e9599af6d
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-09 22:46:42 -05:00
Tad
fa067a3f89
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-06 23:06:34 -05:00
Tad
19d5f73b50
Remove silly carrier restrictions
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-03 22:17:13 -05:00
Tad
dc853bfdae
WebView: Switch to dedicated package name
...
And remove the F-Droid repo for it, will be moved to the 'DivestOS Official' repo
This simplifies release management and also allows other systems to benefit from the repo
Downside is users who don't update to this build won't receive any updates for it anymore
Signed-off-by: Tad <tad@spotco.us>
2023-02-02 17:17:30 -05:00
Tad
20c4e75fe1
Fixes
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 18:30:29 -05:00
Tad
4f6e21d7f9
Deduplicate Defaults.sh
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:57:13 -05:00
Tad
af3fe9776b
Small updates
...
Signed-off-by: Tad <tad@spotco.us>
2023-02-01 15:19:21 -05:00
Tad
1511176a07
Update CVE patchers
...
Maybe some breakage
Signed-off-by: Tad <tad@spotco.us>
2023-01-28 20:33:44 -05:00
Tad
da1df44c8f
GrapheneOS kernel hardening patches update
...
Maybe some compile breakage
Signed-off-by: Tad <tad@spotco.us>
2023-01-24 19:03:01 -05:00
Tad
9558a7d0e9
Switch to the Broadcom PSDS server for Pixel 6/7 series
...
Instead of agnss.goog cache
Based off of a patch from GrapheneOS
Signed-off-by: Tad <tad@spotco.us>
2023-01-21 04:08:26 -05:00
Tad
91807acf21
various small fixes
...
- loose versioning fixes for 4.9
- remove GPG commit verification for GOS repos, they use SSH now. TODO: support that
- 20.0: fixup AudioFX stray lines
- 20.0: broken fix for gs101/201 stray iwlan lines
Signed-off-by: Tad <tad@spotco.us>
2023-01-18 20:02:11 -05:00
Tad
5ce2d33162
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2023-01-18 14:13:33 -05:00
Tad
b82427ce5b
Conservative reverse loose versioning for 3.10
...
This applies 3.4 patches to 3.10 if no other match is available
Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch
Signed-off-by: Tad <tad@spotco.us>
2023-01-13 15:51:46 -05:00
Tad
14f40e024f
Update CVE patchers
...
This adds loose versioning applying 4.14 patches to 4.9
Signed-off-by: Tad <tad@spotco.us>
2023-01-13 13:23:12 -05:00
Tad
57d951ccb5
Missing patches for 16.0 + Churn
...
Signed-off-by: Tad <tad@spotco.us>
2023-01-08 13:22:50 -05:00
Tad
efa31534a9
Picks
...
Signed-off-by: Tad <tad@spotco.us>
2023-01-07 10:52:03 -05:00
Tad
06eed1fba9
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-12-31 21:41:46 -05:00
Tad
7d6b8e3aeb
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-12-22 11:33:47 -05:00
Tad
03293f6b52
Fixup
...
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels
Signed-off-by: Tad <tad@spotco.us>
2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-12-16 22:06:13 -05:00
Tad
5e918c5506
Picks
...
Signed-off-by: Tad <tad@spotco.us>
2022-12-12 19:30:56 -05:00
Tad
ce47fdae34
Small updates + Picks
...
Signed-off-by: Tad <tad@spotco.us>
2022-12-07 18:41:50 -05:00
Tad
038fca449b
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-30 08:28:40 -05:00
Tad
fd0e3e8117
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-22 07:11:30 -05:00
Tad
c4fe56a307
Update CVE patchers
...
This fixes CVE-2018-9422 which was primarily added via b56fabac
May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937
Signed-off-by: Tad <tad@spotco.us>
2022-11-21 08:39:10 -05:00
Tad
9d1efb33c3
More 14.1 picks + 15.1 November ASB work
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-13 23:21:41 -05:00
Tad
14f7f1db32
Updates + Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-13 02:06:05 -05:00
Tad
b81d39c969
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 16:05:22 -05:00
Tad
27395374e1
Fixup + Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-11 13:54:57 -05:00
Tad
8bfedda18b
14/15/16: Fix compile failure with modern kernels
...
https://android-review.googlesource.com/c/platform/art/+/2226578
https://groups.google.com/g/Android-building/c/ZfUQQWt_ABI
Signed-off-by: Tad <tad@spotco.us>
2022-11-10 18:26:36 -05:00
Tad
ac3dc319c7
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-07 15:51:17 -05:00
Tad
7fb334d825
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-11-03 13:25:38 -04:00
Tad
11780d890f
Churn
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-24 22:53:41 -04:00
Tad
c051cb282d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-10-22 21:39:01 -04:00