Commit Graph

182 Commits

Author SHA1 Message Date
Tad
6d95c231bc Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2022-05-31 21:29:22 -04:00
Tad
735c9e0de8 Revert 5d57bf13
I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices

Signed-off-by: Tad <tad@spotco.us>
2022-05-27 23:46:57 -04:00
Tad
5d57bf13c4 Compile fixes
The backported fix for CVE-2021-39713 requires CONFIG_MODULES=y
MODULES is default enabled, but some kernels are mutilated and break with it on

Signed-off-by: Tad <tad@spotco.us>
2022-05-26 22:36:22 -04:00
Tad
65883d9bc4 2022
Signed-off-by: Tad <tad@spotco.us>
2022-05-01 01:13:49 -04:00
Tad
13a9997a0c 19.1: aura and beryllium + some fixes
Signed-off-by: Tad <tad@spotco.us>
2022-04-26 11:41:28 -04:00
Tad
4b6a86a473 Add missing device variants
Signed-off-by: Tad <tad@spotco.us>
2022-04-14 19:47:21 -04:00
Tad
01900ca1c6 Reverts
WebView overlay is breaking boot on 15.1???

This reverts commit e61e288b4a.
2022-04-01 17:07:27 -04:00
Tad
3f9b346345 Fix boot breakage
On devices with quota enabled and impacted by this patch

Signed-off-by: Tad <tad@spotco.us>
2022-04-01 10:30:30 -04:00
Tad
9ba3a061c6 Tweak
Signed-off-by: Tad <tad@spotco.us>
2022-03-14 11:57:34 -04:00
Tad
de764885b3 Fixup
Signed-off-by: Tad <tad@spotco.us>
2022-03-08 12:56:52 -05:00
Tad
f4fbe65756 Various changes
- 15.1: asb picks
- 17.1: drop marlin, sailfish, z2_plus, m8
- 4.9 loose versioning fixes
2022-02-24 19:51:44 -05:00
Tad
8b39498b1c Initial loose versioning work for 4.9
This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL

Untested, but looks mild

Signed-off-by: Tad <tad@spotco.us>
2022-02-22 13:44:47 -05:00
Tad
a38d544f8b 18.1: small fixes
Signed-off-by: Tad <tad@spotco.us>
2022-02-12 07:32:29 -05:00
Tad
55cdea3c9b 17.1: small fixes
Signed-off-by: Tad <tad@spotco.us>
2022-02-11 14:05:14 -05:00
Tad
208c7800c8 Fixup
Signed-off-by: Tad <tad@spotco.us>
2022-01-12 17:44:18 -05:00
Tad
8a45dc4696 18.1: Device additions
h910
lavender
pioneer, voyager, discovery
akari, aurora, xz2c

Signed-off-by: Tad <tad@spotco.us>
2022-01-06 21:04:17 -05:00
Tad
daf98f8197 Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-12-31 21:39:04 -05:00
Tad
8cf90d055e Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-12-11 01:12:41 -05:00
Tad
c5c3998593 Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝
Tested on 14.1 and 15.1 targets

Signed-off-by: Tad <tad@spotco.us>
2021-11-29 21:14:00 -05:00
Tad
b9929ea959 18.1: (extreme) loose versioning work [untested]
Signed-off-by: Tad <tad@spotco.us>
2021-11-28 01:24:39 -05:00
Tad
67b5a166fc 16.0: extreme loose versioning work
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 22:44:29 -05:00
Tad
7d54ee4be7 14.1: extreme loose versioning work
This will apply 3.10 and 3.18 specific patches to 3.0
Example of tuna 3.0 kernel:
199 without loose versioning
311 with loose versioning
364 with extreme loose versioning

Signed-off-by: Tad <tad@spotco.us>
2021-11-27 21:06:26 -05:00
Tad
9b84cebf92 17.1: loose versioning work
Signed-off-by: Tad <tad@spotco.us>
2021-11-27 15:50:11 -05:00
Tad
0e539e6f92 16.0: loose versioning work
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 22:53:46 -05:00
Tad
c153981b3f 15.1: loose versioning work
Signed-off-by: Tad <tad@spotco.us>
2021-11-26 22:40:07 -05:00
Tad
1b1db41869 Initial use of loose versioning for 3.x CVE patches
This will for example apply a 3.4 specific patch to 3.0 if no 3.0 specific patch is available.
Tested compiling on 14.1 and booting on toroplus.

Will be applied to other branches soon.

Signed-off-by: Tad <tad@spotco.us>
2021-11-26 18:56:03 -05:00
Tad
3e62262e88 Small fixup
Signed-off-by: Tad <tad@spotco.us>
2021-11-07 13:37:37 -05:00
Tad
e882cf16c7 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-11-06 18:47:57 -04:00
Tad
a9f445ad47 16.0: add land and santoni
Signed-off-by: Tad <tad@spotco.us>
2021-10-28 19:07:31 -04:00
Tad
e6beba4b15 Small tweaks
Sad churn from git version.
Will be removed next build cycle.

Signed-off-by: Tad <tad@spotco.us>
2021-10-27 14:16:37 -04:00
Tad
0c793835da Expand the available Private DNS options
Signed-off-by: Tad <tad@spotco.us>
2021-10-22 18:33:06 -04:00
Tad
5d7d710076 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-10-20 15:01:18 -04:00
Tad
b78944933c More fixes
Ensure new shells have the correct settings too.

Signed-off-by: Tad <tad@spotco.us>
2021-10-16 22:57:43 -04:00
Tad
256b1db98b Hard fail on error
Signed-off-by: Tad <tad@spotco.us>
2021-10-16 16:08:43 -04:00
Tad
7ba42f052a Small changes
Signed-off-by: Tad <tad@spotco.us>
2021-10-14 15:58:22 -04:00
Tad
d5d3846f2c Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-10-10 19:44:59 -04:00
Tad
025ca7df7f compile fixups
after the CVE-2021-Misc2 import and hardenDefconfig overhaul

also sync 18.1 DnsResovler patches with:
6332b25b87
f8490d024a

Signed-off-by: Tad <tad@spotco.us>
2021-10-01 12:34:22 -04:00
Tad
4917af86cc Update copyright dates
Signed-off-by: Tad <tad@spotco.us>
2021-09-15 10:30:08 -04:00
Tad
3bb1199c34 Small fix
Signed-off-by: Tad <tad@spotco.us>
2021-09-14 09:16:17 -04:00
Tad
bf5d9bc778 Small tweaks
- disable disablement of PROC_PAGE_MONITOR to fix memory stats calculation
- enable slub_nomerge, similar to slab_nomerge for pre 3.18 kernels
  slub_nomerge was already default enabled on many 3.10 devices via:
  0006-AndroidHardening-Kernel_Hardening/3.10/0010.patch

Signed-off-by: Tad <tad@spotco.us>
2021-09-13 10:39:33 -04:00
Tad
35036e694d Small tweaks
Signed-off-by: Tad <tad@spotco.us>
2021-09-08 22:59:33 -04:00
Tad
de22605785 18.1: add sunfish, bramble, and redfin
Signed-off-by: Tad <tad@spotco.us>
2021-08-14 04:52:08 -04:00
Tad
4ae1402229 Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2021-08-13 23:54:19 -04:00
Tad
0b4ad0e7cc 18.1: add raphael, lmi, alioth
+ verity fixes
+ 16.0: drop beryllium, 18.1 builds now
+ deblob: better handle device makefiles

Signed-off-by: Tad <tad@spotco.us>
2021-08-09 20:54:44 -04:00
Tad
3f311f84ad Changes
- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes

Signed-off-by: Tad <tad@spotco.us>
2021-08-06 18:36:57 -04:00
Tad
477b0a1a62 More fixes
Signed-off-by: Tad <tad@spotco.us>
2021-08-04 10:58:22 -04:00
Tad
48ff571fbb Small updates and fixes 2021-07-13 16:10:30 -04:00
Tad
24379944ab 18.1: Add serrano 2021-06-23 13:51:58 -04:00
Tad
2f2d94c9b5 Small tweaks 2021-04-13 11:59:08 -04:00
Tad
a423f977ff Update CVE patchers 2021-04-12 20:53:35 -04:00
Tad
8e496341b5 Small tweaks + ASB cherrypicks 2021-04-08 05:40:22 -04:00
Tad
c3271c38da Small fixes 2021-04-01 20:58:04 -04:00
Tad
5d14e4b4f7 Small changes
- Add m7 and avicii (untested)
- Use low_ram target on <2GB devices
  Silly me, this never did anything due to the git reset...
- Update Chromium WebView cherrypick
2021-03-24 14:43:12 -04:00
Tad
ecd0094b6e Fixup dragon 2021-03-23 17:14:19 -04:00
Tad
caeb3d5199 Add FP3 to 16.0 and 17.1
Untested
2021-03-19 21:53:28 -04:00
Tad
f1e2e43642 Update CVE patchers 2021-02-07 19:41:46 -05:00
Tad
6a1fb99cc9 Unbreak last commit
This should be most of it

also
- properly update webview, repopick doesn't seem to handle the branch
- always cd back to base, to prevent script breakage
2021-01-25 13:31:57 -05:00
Tad
55a9da29b0 Small fix 2021-01-14 05:26:49 -05:00
Tad
1be184bac9 Small tweaks 2020-12-16 07:48:41 -05:00
Tad
e36a91facc Update CVE patchers 2020-12-07 09:36:20 -05:00
Tad
9d7e5a24a3 License headers 2020-11-17 10:19:06 -05:00
Tad
e7a65ff912 Small fixes 2020-11-09 22:55:36 -05:00
Tad
3926f3a44f Small updates
- Various rebranding fixes
- 17.1: hold off on Seedvault inclusion for now
- 17.1: update kernel/fxtec/msm8998 CVE patcher
- 17.1: build cheeseburger/dumpling
2020-10-31 15:16:25 -04:00
Tad
47d064f98c Fixes 2020-10-23 18:50:51 -04:00
Tad
688f4dd953 More CVE patcher fixes 2020-10-15 21:31:46 -04:00
Tad
6c9c91941e Fix errors from compile test of all 14.1 kernels 2020-10-14 14:23:22 -04:00
Tad
d53a4f4e41 Update CVE patchers
- Drop tcp_sack=0 sysctl, as most devices are now patched
2020-10-12 18:38:07 -04:00
Tad
260140f0a1 Update CVE patchers 2020-10-10 11:56:35 -04:00
Tad
b56fabac3b Update CVE patchers
I expect some breakage here
2020-10-06 21:14:18 -04:00
Tad
6e16320468 Small fixes 2020-09-13 19:52:37 -04:00
Tad
bca6af1516 Small updates
- recovery: abort on serial number specific updates, credit: GrapheneOS
- Add lists of missing CVEs
- Update cherrypicks
2020-09-02 14:20:51 -04:00
Tad
0808ac1fd0 Many updates
- Add OnePlus 6, 6T, 7, 7 Pro
- Ensure verity/avb keys are *always* copied
- Update cherry picks
2020-09-01 03:26:21 -04:00
Tad
98854115be 16.0: Add pro1
- Also initial beryllium support, no builds yet
2020-08-10 15:34:55 -04:00
Tad
f19dbe5958 More fixes for a69326f3 2020-08-10 03:46:36 -04:00
Tad
887ebb84c5 Update CVE patchers
Includes many fixes for a69326f3
but probably breaks other things
2020-08-09 07:29:19 -04:00
Tad
a69326f396 Update CVE patchers
Untested. I expect some breakage.
2020-08-08 13:06:39 -04:00
Tad
850c4ad88c Small updates
- Partial revert of 5106063c
- Cherry picks
- CVE patcher fixes
2020-06-07 04:25:12 -04:00
Tad
5797ea8fc4 Small fixes
CVE-2019-14047/ANY/0002.patch will probably need to be disabled on more devices
2020-06-02 17:33:27 -04:00
Tad
694f270d75 Initial bringup of many devices to 17.1 2020-05-31 15:10:32 -04:00
Tad
e962fdeb81 Update CVE patchers 2020-05-04 17:18:50 -04:00
Tad
cdd74148b9 Patcher build fixes 2020-04-12 13:58:02 -04:00
Tad
0c89accfb5 Update CVE patchers 2020-04-06 22:23:37 -04:00