Tad
42c9d22de9
Default disable exec spawning
...
Change the property too, so it takes effect next update.
Since 16.0 lacks a toggle, this effectively disables the feature for it.
Even devices with 4GB of RAM have usability severely impacted.
Plus some other tweaks/churn
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 17:58:04 -04:00
Tad
30de608a61
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-12 02:51:44 -04:00
Tad
b464106cc5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-04 15:51:23 -04:00
Tad
01900ca1c6
Reverts
...
WebView overlay is breaking boot on 15.1???
This reverts commit e61e288b4a
.
2022-04-01 17:07:27 -04:00
Tad
3f9b346345
Fix boot breakage
...
On devices with quota enabled and impacted by this patch
Signed-off-by: Tad <tad@spotco.us>
2022-04-01 10:30:30 -04:00
Tad
e1f5d99e51
Fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-04-01 08:16:28 -04:00
Tad
e26908b9e0
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-31 21:30:56 -04:00
Tad
19b03c9ff4
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-28 17:43:48 -04:00
Tad
a56e3a3016
Disable the bionic hardening patchset to fix boot issues
...
10+4 devices tested working with bionic hardening patches enabled
but hammerhead and shamu do not boot...
2 of the patches were already found to have issues and disabled
3 other patches were ruled out:
- Stop implicitly marking mappings as mergeable
- Make __stack_chk_guard read-only at runtime
- On 64-bit, zero the leading stack canary byte
Leaves 11+1 patches remaining that need to be tested
But I don't have either of the two known impacted devices.
Signed-off-by: Tad <tad@spotco.us>
2022-03-19 16:19:00 -04:00
Tad
09353cdcd2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-18 00:07:18 -04:00
Tad
9ba3a061c6
Tweak
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 11:57:34 -04:00
Tad
015799737e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 17:16:47 -05:00
Tad
4f75a8272a
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-09 11:59:30 -05:00
Tad
902239e2b5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 23:20:43 -05:00
Tad
54dbcd9e43
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-07 19:12:10 -05:00
Tad
ac1e89f0c8
Update CVE patchers [the big fixup]
...
This removes many duplicately or wrongly applied patches.
Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely
Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev
Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
This was seemingly fixed with a hand merged patch in patch repo.
Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames
Signed-off-by: Tad <tad@spotco.us>
2022-03-04 00:42:28 -05:00
Tad
0d0104b4bb
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-03-02 22:57:34 -05:00
Tad
512673d97d
Bump marlin/sailfish to 18.1
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-23 13:33:28 -05:00
Tad
8b39498b1c
Initial loose versioning work for 4.9
...
This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL
Untested, but looks mild
Signed-off-by: Tad <tad@spotco.us>
2022-02-22 13:44:47 -05:00
Tad
5245109cc1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-19 23:22:19 -05:00
Tad
a38d544f8b
18.1: small fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-12 07:32:29 -05:00
Tad
48b009a02e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-12 06:56:28 -05:00
Tad
55cdea3c9b
17.1: small fixes
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 14:05:14 -05:00
Tad
ee0bd8625f
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-07 14:43:05 -05:00
Tad
0a664cc22c
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-02-03 21:12:02 -05:00
Tad
c0aac415aa
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-29 09:35:59 -05:00
Tad
6864156bd6
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-20 22:22:22 -05:00
Tad
dbd2a71722
Update CVE patchers
...
Hopefully fixes boot breakage
Signed-off-by: Tad <tad@spotco.us>
2022-01-17 01:23:10 -05:00
Tad
6ec0c63126
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-13 11:08:22 -05:00
Tad
208c7800c8
Fixup
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-12 17:44:18 -05:00
Tad
ce6ee9d8e4
Update CVE patchers
...
CVE-2021-0961 should be fine now
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 05:41:26 -05:00
Tad
b9c7839110
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-11 01:19:31 -05:00
Tad
8a45dc4696
18.1: Device additions
...
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c
Signed-off-by: Tad <tad@spotco.us>
2022-01-06 21:04:17 -05:00
Tad
b05823bb20
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2022-01-04 21:00:25 -05:00
Tad
e08349a202
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-29 11:51:58 -05:00
Tad
68771721d5
Update oneplus/sdm845 to 4.8.282
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-29 11:51:52 -05:00
Tad
567c46fdd1
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-27 18:00:43 -05:00
Tad
3c1931bcc9
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-19 05:15:32 -05:00
Tad
6c38ece551
Update CVE patchers
...
User report confirms fixing wifi on lmi
Signed-off-by: Tad <tad@spotco.us>
2021-12-15 17:10:35 -05:00
Tad
8cf90d055e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-11 01:12:41 -05:00
Tad
359ce4608f
Small updates
...
Signed-off-by: Tad <tad@spotco.us>
2021-12-07 20:57:54 -05:00
Tad
ed1c151ce5
Update CVE patchers
...
CVE-2021-0961/ANY/0001.patch likely causes breakage
Signed-off-by: Tad <tad@spotco.us>
2021-12-06 17:43:34 -05:00
Tad
202f70b980
Final import of loose versioning work
...
Untested, but likely works.
Signed-off-by: Tad <tad@spotco.us>
2021-12-02 02:47:27 -05:00
Tad
b9929ea959
18.1: (extreme) loose versioning work [untested]
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-28 01:24:39 -05:00
Tad
62166d1ea5
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 11:54:59 -05:00
Tad
df3b54fa20
Fixup camera on flox
...
Camera works in OpenCamera, but it can't actually take pictures.
Switch to Camera2 instead, tested pictures and videos working.
Also fixup compile issue with oneplus/msm8998-common
And refresh some patchers
Signed-off-by: Tad <tad@spotco.us>
2021-11-15 18:01:27 -05:00
Tad
b8f5d8a510
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-12 11:51:02 -05:00
Tad
3e62262e88
Small fixup
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-07 13:37:37 -05:00
Tad
e882cf16c7
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-06 18:47:57 -04:00
Tad
f2b9eb8e8b
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-06 11:22:43 -04:00
Tad
f7295a0f74
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 23:50:35 -04:00
Tad
f3277f3c07
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-11-02 12:01:36 -04:00
Tad
ec043e961e
Update CVE patchers
...
CVE-2021-20317 might need to be disabled due to QC timer breakage.
Signed-off-by: Tad <tad@spotco.us>
2021-10-27 15:26:53 -04:00
Tad
e6beba4b15
Small tweaks
...
Sad churn from git version.
Will be removed next build cycle.
Signed-off-by: Tad <tad@spotco.us>
2021-10-27 14:16:37 -04:00
Tad
0c793835da
Expand the available Private DNS options
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-22 18:33:06 -04:00
Tad
a0918b5222
18.1: add z2_plus
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-22 13:37:53 -04:00
Tad
70b96aa211
Update oneplus/sdm845 from 4.9.227 to 4.9.277
...
Pulls us into August 2021
Tested working:
- boot
- usb mtp
- wifi
- bluetooth
- cameras
- audio
- gps
- brightness
Signed-off-by: Tad <tad@spotco.us>
2021-10-21 00:12:59 -04:00
Tad
5d7d710076
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-20 15:01:18 -04:00
Tad
df60bfceda
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-13 12:20:44 -04:00
Tad
d5d3846f2c
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-10 19:44:59 -04:00
Tad
939c6aa7ed
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-07 20:07:49 -04:00
Tad
f2e1d32eba
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-06 16:54:45 -04:00
Tad
59bd09a807
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-05 14:44:23 -04:00
Tad
5658b56424
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-10-03 20:00:52 -04:00
Tad
27fe558b76
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-29 16:47:50 -04:00
Tad
35372142ed
Small tweak
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-25 20:24:14 -04:00
Tad
f5a58bd35f
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-23 20:56:00 -04:00
Tad
83efa5fe7d
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-18 13:43:41 -04:00
Tad
3bb1199c34
Small fix
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-14 09:16:17 -04:00
Tad
bf5d9bc778
Small tweaks
...
- disable disablement of PROC_PAGE_MONITOR to fix memory stats calculation
- enable slub_nomerge, similar to slab_nomerge for pre 3.18 kernels
slub_nomerge was already default enabled on many 3.10 devices via:
0006-AndroidHardening-Kernel_Hardening/3.10/0010.patch
Signed-off-by: Tad <tad@spotco.us>
2021-09-13 10:39:33 -04:00
Tad
907dc0f040
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-11 16:06:57 -04:00
Tad
0ade46cc8e
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-07 16:57:15 -04:00
Tad
e0d300a651
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-09-03 22:52:24 -04:00
Tad
f77971d38f
Small tweaks
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-31 20:53:17 -04:00
Tad
792cb89ed7
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-26 12:17:46 -04:00
Tad
0dbabac59a
Update CVE patchers
...
Maybe breakage?
Signed-off-by: Tad <tad@spotco.us>
2021-08-23 15:27:53 -04:00
Tad
c0debe55c4
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-18 08:54:30 -04:00
Tad
de22605785
18.1: add sunfish, bramble, and redfin
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-14 04:52:08 -04:00
Tad
4ae1402229
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 23:54:19 -04:00
Tad
79132fddef
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 11:07:07 -04:00
Tad
0b4ad0e7cc
18.1: add raphael, lmi, alioth
...
+ verity fixes
+ 16.0: drop beryllium, 18.1 builds now
+ deblob: better handle device makefiles
Signed-off-by: Tad <tad@spotco.us>
2021-08-09 20:54:44 -04:00
Tad
2d468d9da2
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-09 14:44:48 -04:00
Tad
3f311f84ad
Changes
...
- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes
Signed-off-by: Tad <tad@spotco.us>
2021-08-06 18:36:57 -04:00
Tad
2db8ac7c70
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 14:57:55 -04:00
Tad
9e548cabf5
Fixup 3d69ad87
...
Tested to compile bacon, ether, and griffin kernels
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 18:46:38 -04:00
Tad
3d69ad873e
\"\'FIXES\'\" PART 2
...
There will likely be some breakage here.
Many of these patches have been here since the start and never used.
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 15:14:02 -04:00
Tad
4fae8d0445
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-08-03 12:37:28 -04:00
Tad
2c05482872
Update CVE patchers
...
Signed-off-by: Tad <tad@spotco.us>
2021-07-31 09:17:08 -04:00
Tad
702ea9c91f
Move FP3 to 18.1
...
Signed-off-by: Tad <tad@spotco.us>
2021-07-30 11:55:03 -04:00
Tad
914bed8556
Reimplement fe6f8537
...
LTE tested working with hybrid 33-107 modem.
Phone calls drop to HSPA as expected.
No issues if using stock modem either compared to without this patch.
In my area, without this patch, my makos are useless cell-wise.
Gives extra life to the Nexus 4.
Signed-off-by: Tad <tad@spotco.us>
2021-07-29 15:25:05 -04:00
Tad
36331d6d62
Update CVE patchers
2021-07-28 10:08:52 -04:00
Tad
b61264e3b9
Update CVE patchers
2021-07-27 00:17:14 -04:00
Tad
40c356371a
Small tweaks
2021-07-25 22:41:56 -04:00
Tad
ca51db0be0
Update CVE patchers
2021-07-21 22:48:29 -04:00
Tad
eea1d0e7cd
18.1: add hotdog, hotdogb, aura
2021-07-20 12:58:22 -04:00
Tad
ac4d8ab822
17.1: move fp2 to 18.1
2021-07-19 14:42:37 -04:00
Tad
9a4c02c3dc
Tiny tweaks
2021-07-19 12:05:18 -04:00
Tad
48ff571fbb
Small updates and fixes
2021-07-13 16:10:30 -04:00
Tad
3d67f9e25c
Update CVE patchers
2021-07-12 06:31:38 -04:00
Tad
a43601e77b
Update CVE patchers
...
I expect breakage.
2021-07-10 11:39:14 -04:00