Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-10-01 01:35:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,038 Commits 1 Branch 0 Tags 101 MiB
ababe54a0c
Commit Graph

755 Commits

Author SHA1 Message Date
Tad
b2913e8170
15.1 February ASB work + Picks 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-19 13:07:11 -05:00
Tad
a845f59546
Fixup persistent IPv6 privacy address issue + churn 
Backports of rfc4941bis from Google/Linaro
and workaround for legacy kernels from GrapheneOS

already has rfc4941bis patch:
fairphone_sdm632
google_gs101
google_gs201
google_msm-4.14
google_msm-4.9
google_redbull
oneplus_sdm845
razer_sdm845
xiaomi_sdm845

Signed-off-by: Tad <tad@spotco.us>
 2023-02-11 20:26:24 -05:00
Tad
0e9599af6d
Fixup 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-09 22:46:42 -05:00
Tad
fa067a3f89
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-06 23:06:34 -05:00
Tad
dc853bfdae
WebView: Switch to dedicated package name 
And remove the F-Droid repo for it, will be moved to the 'DivestOS Official' repo
This simplifies release management and also allows other systems to benefit from the repo

Downside is users who don't update to this build won't receive any updates for it anymore

Signed-off-by: Tad <tad@spotco.us>
 2023-02-02 17:17:30 -05:00
Tad
20c4e75fe1
Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-01 18:30:29 -05:00
Tad
4f6e21d7f9 Deduplicate Defaults.sh 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-01 15:57:13 -05:00
Tad
af3fe9776b Small updates 
Signed-off-by: Tad <tad@spotco.us>
 2023-02-01 15:19:21 -05:00
Tad
1511176a07
Update CVE patchers 
Maybe some breakage

Signed-off-by: Tad <tad@spotco.us>
 2023-01-28 20:33:44 -05:00
Tad
da1df44c8f
GrapheneOS kernel hardening patches update 
Maybe some compile breakage

Signed-off-by: Tad <tad@spotco.us>
 2023-01-24 19:03:01 -05:00
Tad
9558a7d0e9 Switch to the Broadcom PSDS server for Pixel 6/7 series 
Instead of agnss.goog cache
Based off of a patch from GrapheneOS

Signed-off-by: Tad <tad@spotco.us>
 2023-01-21 04:08:26 -05:00
Tad
ad466bd3e4
Various changes 
- 17.1: Add more captive portal server options like 18.1+, disabled: needs fixes
- 17.1: Add the hosts toggle like 18.1+
- 18.1: fix junk in patch
- 17.1+: hosts toggle: bugfix: fixup localhost handling by switching to strcmp
- 15.1: fixes to get hmalloc to compile, does NOT boot

Signed-off-by: Tad <tad@spotco.us>
 2023-01-20 18:59:02 -05:00
Tad
91807acf21
various small fixes 
- loose versioning fixes for 4.9
- remove GPG commit verification for GOS repos, they use SSH now. TODO: support that
- 20.0: fixup AudioFX stray lines
- 20.0: broken fix for gs101/201 stray iwlan lines

Signed-off-by: Tad <tad@spotco.us>
 2023-01-18 20:02:11 -05:00
Tad
5ce2d33162
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2023-01-18 14:13:33 -05:00
Tad
b82427ce5b Conservative reverse loose versioning for 3.10 
This applies 3.4 patches to 3.10 if no other match is available

Note: CVE-2017-13245/3.4/0002.patch ends up applied over CVE-2018-10902/3.18/0003.patch

Signed-off-by: Tad <tad@spotco.us>
 2023-01-13 15:51:46 -05:00
Tad
14f40e024f
Update CVE patchers 
This adds loose versioning applying 4.14 patches to 4.9

Signed-off-by: Tad <tad@spotco.us>
 2023-01-13 13:23:12 -05:00
Tad
b143ffcd8b
15.1 January ASB work 
+ a missing patch from 2019-08

Signed-off-by: Tad <tad@spotco.us>
 2023-01-08 16:31:54 -05:00
Tad
06eed1fba9
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-31 21:41:46 -05:00
Tad
7d6b8e3aeb
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-22 11:33:47 -05:00
Tad
03293f6b52
Fixup 
Messy, but better to have CVE-2022-42896 applied to *some* 3.18 kernels

Signed-off-by: Tad <tad@spotco.us>
 2022-12-17 00:42:25 -05:00
Tad
c2fc228f3b Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-16 22:06:13 -05:00
Tad
1eb373d1e0
15.1 December ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-12 21:01:34 -05:00
Tad
ce47fdae34
Small updates + Picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-07 18:41:50 -05:00
Tad
a62922e72d
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-12-06 15:00:40 -05:00
Tad
038fca449b
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-30 08:28:40 -05:00
Tad
fd0e3e8117
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-22 07:11:30 -05:00
Tad
c4fe56a307
Update CVE patchers 
This fixes CVE-2018-9422 which was primarily added via b56fabac

May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937

Signed-off-by: Tad <tad@spotco.us>
 2022-11-21 08:39:10 -05:00
Tad
9d1efb33c3
More 14.1 picks + 15.1 November ASB work 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-13 23:21:41 -05:00
Tad
b81d39c969
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-11 16:05:22 -05:00
Tad
27395374e1
Fixup + Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-11 13:54:57 -05:00
Tad
8bfedda18b
14/15/16: Fix compile failure with modern kernels 
https://android-review.googlesource.com/c/platform/art/+/2226578
https://groups.google.com/g/Android-building/c/ZfUQQWt_ABI

Signed-off-by: Tad <tad@spotco.us>
 2022-11-10 18:26:36 -05:00
Tad
ac3dc319c7
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-07 15:51:17 -05:00
Tad
7fb334d825
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-11-03 13:25:38 -04:00
Tad
c051cb282d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-22 21:39:01 -04:00
Tad
dfcbf14c17
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-19 22:13:14 -04:00
Tad
006f128fc5
15.1: October 2022 ASB picks 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-19 16:08:18 -04:00
Tad
148df59b7e
Cleanup: Drop UnifiedNlp, FDroidPrivExt, and Silence 
These haven't been included for a while

+remove some old cruft from 20.0

Signed-off-by: Tad <tad@spotco.us>
 2022-10-19 12:15:24 -04:00
Tad
055ed9bfad
20.0: Initial bringup 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-15 10:39:48 -04:00
Tad
2acd454f13
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-13 23:42:20 -04:00
Tad
bf66d5db45
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 20:59:55 -04:00
Tad
d78121a1c0
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-10-03 10:22:17 -04:00
Tad
598d78bb61
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-25 13:49:45 -04:00
Tad
202033c013
Pull in old cherrypicks + 5 missing patches from syphyr 
This adds 3 expat patches for n-asb-2022-09
from https://github.com/syphyr/android_external_expat/commits/cm-14.1
and also applies 2 of them to 15.1

Signed-off-by: Tad <tad@spotco.us>
 2022-09-11 14:02:35 -04:00
Tad
df3db92d5a
Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-10 22:09:18 -04:00
Tad
e2b314da3c
15.1+16.0: September 2022 ASB picks 
16.0 backports thanks to MSe1969 as usual:
https://github.com/lin16-microg/android_system_bt/commits/lineage-16.0 - last 3 commits
https://github.com/lin16-microg/android_frameworks_base/commits/lineage-16.0 - last 4 commits
https://github.com/lin16-microg/android_external_expat/commits/lineage-16.0 - last 4 commits

Signed-off-by: Tad <tad@spotco.us>
 2022-09-10 18:32:25 -04:00
Tad
2bc43f195c
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-07 10:04:28 -04:00
Tad
b6e9f50cb5
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-09-04 14:05:36 -04:00
Tad
86ed884251
More verification 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 23:14:15 -04:00
Tad
3618774d9f
GPG verification for all platform repositories 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 22:40:27 -04:00
Tad
adb61b0fb2
Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-26 12:15:45 -04:00
Tad
d8d8e457a1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-21 10:44:12 -04:00
Tad
7918347d1c Updates 
- Add a script to update commons like APNs, VVM configs, and contributors cloud
- Add the latest contributors cloud to all branches
- Update wireless-regdb to 2022.08.12 release
- Add some shell opts to some scripts

Signed-off-by: Tad <tad@spotco.us>
 2022-08-15 16:37:42 -04:00
Tad
cf019edef9 Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-13 18:54:50 -04:00
Tad
ebdf629cbc 15.1 ASB work 
Compile tested

Signed-off-by: Tad <tad@spotco.us>
 2022-08-12 21:10:31 -04:00
Tad
8b67d5c41e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-10 22:02:37 -04:00
Tad
12c56938cb Improve CVE-2021-1048 patching on 3.x kernels 
It is still actively being used by malware.

This largely handles 3.0, 3.4, and 3.10 kernels.
It works for select 3.18 kernels too.

TODO: need alternate get_file_rcu backport for the following:
15.1/lge_msm8996
15.1/zte_msm8996
16.0/xiaomi_msm8937
17.1/motorola_msm8996
18.1/google_marlin
18.1/lge_msm8996
18.1/oneplus_msm8996

Signed-off-by: Tad <tad@spotco.us>
 2022-08-09 21:39:25 -04:00
Tad
4d9a110970 Pick 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-08 18:47:17 -04:00
Tad
e0b57197ea Churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-06 11:30:49 -04:00
Tad
31a67f054d Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-04 11:12:40 -04:00
Tad
178f01958d Cherrypicks 
Signed-off-by: Tad <tad@spotco.us>
 2022-08-02 19:39:09 -04:00
Tad
2b299c1aff Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-21 21:28:26 -04:00
Tad
1d64c759a5 Fixes 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-10 00:31:44 -04:00
Tad
d3632c25ce Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-07 21:47:59 -04:00
Tad
22f915cc3e Cherrypicks 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-07 18:59:37 -04:00
Tad
2c27a88a24 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-07-06 19:22:21 -04:00
Tad
7b8ef09540 Update CVE patchers 
Effectively no changes

Signed-off-by: Tad <tad@spotco.us>
 2022-07-04 18:30:09 -04:00
Tad
ac645dd62e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-28 11:32:05 -04:00
Tad
519a474173 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-19 22:44:05 -04:00
Tad
70b8485695 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-06-09 17:59:48 -04:00
Tad
2bf84a7643 Increase default max password length to 64, credit GrapheneOS 
Closes https://github.com/Divested-Mobile/DivestOS-Build/pull/119
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/27

Signed-off-by: Tad <tad@spotco.us>
 2022-06-07 15:33:38 -04:00
Tad
899ea17d4e Add the missing page sanitization to 3.18 kernels 
All along they only had slub sanization :(

Signed-off-by: Tad <tad@spotco.us>
 2022-06-04 12:00:01 -04:00
Tad
92c66447f8 Drop slub_debug 
What is lost?
- sanity checks and redzoning on all devices
  - redzoning reportedly however causes issues on some devices such as the Pixel 3/4 and OnePlus 7
- slub sanization on 3.0, 3.4, 4.4 (except google/wahoo), xiaomi/sm6150, and oneplus/sm7250

Note: all 3.4+ devices still have page sanization

Signed-off-by: Tad <tad@spotco.us>
 2022-06-03 13:58:17 -04:00
Tad
da63c9e571 Various small patches 
7408144e1b
> extend Network/Sensors permission handling for legacy apps not targeting Android 6
> or above (API 23) to resolve a UI issue where the user choosing to grant the
> Network/Sensors permissions via the legacy permission review interface doesn't
> appear in the Settings app info page

22d32cb61b
suppresses https://github.com/Divested-Mobile/DivestOS-Build/discussions/112

66f406b979
3f69205d06
nice to have

Signed-off-by: Tad <tad@spotco.us>
 2022-06-02 23:17:05 -04:00
Tad
6d95c231bc Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-31 21:29:22 -04:00
Tad
735c9e0de8 Revert 5d57bf13 
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices

Signed-off-by: Tad <tad@spotco.us>
 2022-05-27 23:46:57 -04:00
Tad
28724c4a6e Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-25 22:52:22 -04:00
Tad
2c4caa30a1 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-24 00:36:49 -04:00
Tad
e8bc36af04 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-20 17:16:29 -04:00
Tad
b2eb3c01b4 Update CVE patchers 
Newly added CVE-2022-20009 is dupe with CVE-2022-25258 and CVE-2022-25375

Signed-off-by: Tad <tad@spotco.us>
 2022-05-03 23:33:17 -04:00
Tad
65883d9bc4 2022 
Signed-off-by: Tad <tad@spotco.us>
 2022-05-01 01:13:49 -04:00
Tad
3316cc4824 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-27 07:46:22 -04:00
Tad
3457fd4151 Device cleanup 
Drop long non-compiling devices:
- 14.1: n7100, jellypro
- 15.1: himaul, oneplus2
- 16.0: zenfone3, fugu
- 17.1: yellowstone, fugu
- 18.1: bonito, sargo

Drop in favor of 19.1:
- 17.1: bonito, sargo
- 18.1: pro1, aura, sunfish, coral, flame, bramble, redfin
(experimental, but these devices don't currently appear to have any users)

Signed-off-by: Tad <tad@spotco.us>
 2022-04-26 15:19:57 -04:00
Tad
1f721c7845 Further credit patches 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 23:52:10 -04:00
Tad
e666a4a891 Update CVE patchers 
TODO: maybe split CVE-2022-23960/4.9 to get back?

Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 14:38:44 -04:00
Tad
d4dceffa60 Update supported kernels to latest wireless regulations database 
Applies for ~43 kernel trees

Source: wireless-regdb-2022.04.08

Signed-off-by: Tad <tad@spotco.us>
 2022-04-19 11:30:57 -04:00
Tad
163a162568 Fix boot animation + churn 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-18 23:04:24 -04:00
Tad
4b6a86a473 Add missing device variants 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-14 19:47:21 -04:00
Tad
42c9d22de9 Default disable exec spawning 
Change the property too, so it takes effect next update.
Since 16.0 lacks a toggle, this effectively disables the feature for it.
Even devices with 4GB of RAM have usability severely impacted.

Plus some other tweaks/churn

Signed-off-by: Tad <tad@spotco.us>
 2022-04-12 17:58:04 -04:00
Tad
30de608a61 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-12 02:51:44 -04:00
Tad
d078b24ddb lowram tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-11 23:40:26 -04:00
Tad
a9e250afd9 Cleanup 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-07 00:37:20 -04:00
Tad
b464106cc5 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-04-04 15:51:23 -04:00
Tad
6c5a65622c Page sanitization improvements 
This ensures init_on_alloc/free is used instead of page poisioning where available.

3.4 through 3.18 have a patch without a toggle for page sanitization.

Signed-off-by: Tad <tad@spotco.us>
 2022-04-02 12:57:17 -04:00
Tad
01900ca1c6 Reverts 
WebView overlay is breaking boot on 15.1???

This reverts commit e61e288b4a.
 2022-04-01 17:07:27 -04:00
Tad
3f9b346345 Fix boot breakage 
On devices with quota enabled and impacted by this patch

Signed-off-by: Tad <tad@spotco.us>
 2022-04-01 10:30:30 -04:00
Tad
19b03c9ff4 Update CVE patchers 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-28 17:43:48 -04:00
Tad
a3266de8df Tiny fix 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-21 18:25:48 -04:00
Tad
a53062ca0b Backports 
Adds ptrace_scope and timeout options to 17.1, tested working

Also adds hardened_malloc to 15.1, but failing to compile:
external/hardened_malloc/h_malloc.c:1688:18: error: use of undeclared identifier 'M_PURGE'
    if (param == M_PURGE) {
                 ^
external/hardened_malloc/h_malloc.c:1743:30: error: missing field 'ordblks' initializer [-Werror,-Wmissing-field-initializers]
    struct mallinfo info = {0};
                             ^

Signed-off-by: Tad <tad@spotco.us>
 2022-03-21 18:06:49 -04:00
Tad
a56e3a3016 Disable the bionic hardening patchset to fix boot issues 
10+4 devices tested working with bionic hardening patches enabled
but hammerhead and shamu do not boot...

2 of the patches were already found to have issues and disabled
3 other patches were ruled out:
- Stop implicitly marking mappings as mergeable
- Make __stack_chk_guard read-only at runtime
- On 64-bit, zero the leading stack canary byte
Leaves 11+1 patches remaining that need to be tested
But I don't have either of the two known impacted devices.

Signed-off-by: Tad <tad@spotco.us>
 2022-03-19 16:19:00 -04:00
Tad
3207cde72e Small tweaks 
Signed-off-by: Tad <tad@spotco.us>
 2022-03-19 12:41:49 -04:00