Tad
0c89accfb5
Update CVE patchers
2020-04-06 22:23:37 -04:00
Tad
c26b3e95c7
Minor tweaks
...
- Cherry pick PPP/CVE-2020-8597 patches
- Add some more DNS providers
- Switch default DNS to Cloudflare's new malware blocking provider
- GCC 10 build fix
- Update CVE patchers (select)
2020-04-05 15:53:58 -04:00
Tad
d7ef9abf61
Minor tweaks
2020-03-25 22:08:25 -04:00
Tad
01843b6b2b
Update incrementals
2020-03-02 19:33:43 -05:00
Tad
637bb171c8
Switch to partial 4096 signing keys by default
...
Update engine <10 doesn't support 4096-bit keys
Make releasekey 2048-bits
Verity has also been 2048-bits
The rest are 4096-bits
2020-02-26 20:14:42 -05:00
Tad
50f44d1934
Small changes
...
- cheeseburger/dumpling: fix ogg vorbis playback, credit @LuK1337
- cheeseburger/dumpling: fix delta ota generation
- remove a few more blobs
- potentially bluetooth when ant is removed on newer devices
- support newer clamav
- commented support for extracting boot.img when recovery.img isn't available
-- fastboot.zip should be preferred
- potentially fix boot on many untested newer devices (diag on msm8996+)
- update cherry picks
2020-02-24 18:53:27 -05:00
Tad
4292bcaa3e
recovery: fix sideload with larger files
...
+ 16.0: add a disabled patch to remove backuptool
+ processRelease: add support for copying recovery image to archive
2020-02-23 16:06:47 -05:00
Tad
fe54dd26a6
Fix many device issues
...
- Fix mata
- Fix cheeseburger
- Enable near-entire IMS stack (proprietary)
- Fix many other new devices
2020-02-22 13:29:01 -05:00
Tad
4e25046418
Many changes
...
- Add OnePlus 2, 3/T, 5/T
- Fix flounder
- Cherrypicks
2020-02-17 22:21:47 -05:00
Tad
cc28df15f7
Cherry picks + fix 5 failing devices
2020-02-09 13:52:25 -05:00
Tad
2734a075c6
Update CVE patchers
2020-02-03 21:36:49 -05:00
Tad
332807d427
Update CVE patchers
2020-02-02 12:09:49 -05:00
Tad
d87457630a
Update cherrypicks
2020-01-26 21:17:33 -05:00
Tad
84ac696e16
Small updates
2020-01-08 21:22:35 -05:00
Tad
d3f28918e5
Update CVE patchers
2020-01-06 18:25:36 -05:00
Tad
d8c2a56124
Update CVE patchers
2019-12-11 20:21:14 -05:00
Tad
4610cd9bde
Update CVE patchers
...
CVE-2019-19252 was dropped
dependent on d21b0be246
2019-12-03 06:12:46 -05:00
Tad
7ef8a2726d
Minor tweaks
2019-11-28 12:03:40 -05:00
Tad
a8cc390c3d
14.1: cherrypicks
2019-11-24 20:14:23 -05:00
Tad
f90b62982b
Update CVE patchers
2019-11-24 20:13:55 -05:00
Tad
038ae37376
Minor tweaks
2019-11-24 16:22:58 -05:00
Tad
baabd45a16
Minor tweaks + ASB cherrypicks
2019-11-10 02:34:40 -05:00
Tad
d64534a7c1
Update CVE patchers
2019-11-04 21:04:49 -05:00
Tad
1a7897211a
16.0: add Amber
2019-10-29 17:37:43 -04:00
Tad
791087fefa
minor tweaks
2019-10-27 16:20:27 -04:00
Tad
a8af0c3d0d
hardenDefconfig: more options from Alexander Popov's checker
2019-10-20 01:53:59 -04:00
Tad
640ef60b83
Move many old cherry picks in tree for archival/support purposes
2019-10-19 22:03:59 -04:00
Tad
204285d7c8
kernel command line: enable hardening options
2019-10-18 22:14:28 -04:00
Tad
e13c6c7c9c
processRelease features
...
- support removing device out after complete
- support malware scan before sign
- Update cherry picks
2019-10-15 12:23:46 -04:00
Tad
bffcd06644
16.0: add zenfone3
2019-10-11 15:16:09 -04:00
Tad
159e5ea194
Minor tweaks
...
- Update cherry picks
- Update copyright year
- bacon: fix delta generation
2019-10-11 13:24:38 -04:00
Tad
579f340c3c
Update CVE patchers
2019-10-04 14:43:19 -04:00
Tad
f20ddfc0f6
Minor tweaks
2019-10-04 10:39:27 -04:00
Tad
79ec8a4999
clark: experimental 16.0
2019-09-28 17:37:18 -04:00
Tad
a0e8f9653c
Future proofing keys
2019-09-25 21:04:24 -04:00
Tad
ca734124f9
Generate factory image if needed by device
2019-09-23 12:45:00 -04:00
Tad
f55cdef5b0
Minor tweaks
2019-09-21 15:42:26 -04:00
Tad
ae87cffe34
14.1: add v1awifi
2019-09-18 18:04:22 -04:00
Tad
4a1ebe1b71
Scripts: localize variables in functions
2019-09-17 04:14:35 -04:00
Tad
e01e457b24
Per-device signing keys
...
- also fix OTA/recovery key regression
- Update cherrypicks
2019-09-15 22:18:04 -04:00
Tad
19d5b66097
Many changes
...
- ASB chery picks
- 16.0: recovery: fix sideload
- Restore releasetools for some devices
- Only include Backup where supported
- Change some small defaults
- z00t: 14.1 -> 15.1
- himaul: 14.1 -> 15.1
- i9100: 14.1 -> 15.1+16.0
- flo: 15.1 -> 16.0, disabled
- flounder: 15.1 disabled, enable 14.1
2019-09-13 20:24:02 -04:00
Tad
09b38c1f04
marlin/sailfish: fix MediaProvider using 100% CPU
...
- by disabling mtp over functionfs
- affects both GrapheneOS and LineageOS
- might need to be applied to other devices
[pid 2482] ppoll([{fd=42, events=POLLIN}, {fd=51, events=POLLIN}], 2, {tv_sec=0, tv_nsec=0}, NULL, 0) = 0 (Timeout)
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 42 -> /dev/usb-ffs/mtp/ep0
lrwx------ 1 u0_a13 u0_a13 64 2019-09-05 18:47 51 -> anon_inode:[eventfd]
https://forum.xda-developers.com/android/help/pixel2-help-diagnose-android-process-t3863274
https://bugs.chromium.org/p/chromium/issues/detail?id=947901
2019-09-06 09:38:01 -04:00
Tad
1a7291aa36
Minor changes
...
- Cherry picks
- New default wallpaper, credit: Pawel Czerwinski, UmzGrVna1P0
2019-09-05 04:23:28 -04:00
Tad
9ce8cdb9b6
Add Steve Soltys' Backup app
2019-09-04 06:40:05 -04:00
Tad
ec48a4c89c
Update CVE patchers
2019-09-04 01:31:12 -04:00
Tad
db572efa89
Many changes
...
- processRelease: Support AVB
- sort device build order by SoC
Additions:
- taimen/muskie: 15.1, 16.0
- crosshatch/blueline: 16.0
- bonito/sargo: 16.0
2019-09-03 16:50:50 -04:00
Tad
1bd0e47099
victara: 15.1 -> 16.0
...
- other fixes
2019-08-30 22:42:10 -04:00
Tad
330df0983c
16.0: Add GrapheneOS' exec-based spawning feature + misc tweaks
...
- patch credit updates
- 16.0: allow SystemUI to directly manage Bluetooth/WiFi
- from GrapheneOS
- cleanup
2019-08-30 02:30:13 -04:00
Tad
e10a865b05
Improve release processing to support deltas and archiving
2019-08-29 19:09:31 -04:00
Tad
057bedb65b
Minor tweaks
...
- 14.1+15.1+16.0: enable kernel protections for files
- protected_*: hardlinks, symlinks, fifos, regular
- from GrapheneOS
- defconfig: enable more verity options
- cleanup
2019-08-28 20:24:59 -04:00
Tad
db348ab09c
Minor tweaks
...
- 15.1+16.0: Replace in-line build signing patch with bash function
- From GrapheneOS/script
- 15.1+16.0: Enable fingerprint failed lockout after 5 attempts
- From GrapheneOS
2019-08-28 00:40:27 -04:00
Tad
68cdef8733
Minor tweaks
2019-08-26 20:50:28 -04:00
Tad
eccf9c6f6d
Many new devices
...
- hammerhead: 15.1 -> 16.0
- axon7: 14.1, 15.1
- cheryl: 16.0
- crackling: 14.1, 15.1, 16.0
- ham: 14.1, 15.1, 16.0
- kipper: 14.1, 15.1, 16.0
- z2_plus: 16.0
2019-08-23 17:27:53 -04:00
Tad
e9b5c06188
Lots of device updates
...
- d802: 15.1 -> 16.0
- d852: 15.1 -> 16.0
- d855: 15.1 -> 16.0
- fugu: 15.1 -> 16.0
- jfltexx: 14.1 -> 16.0
- m8: 15.1 -> 16.0
- mata: 15.1 -> 16.0
- update cherrypicks
- defconfig: enable MMC_SECDISCARD
2019-08-23 11:47:43 -04:00
Tad
3a080bbcd7
Minor tweaks
2019-08-13 01:56:01 -04:00
Tad
89de66bdba
Many small changes
...
- Cherrypicks for ASB patches
- Apps: Switch gallery to Simple Gallery
- Apps: Switch camera to OpenCamera
- PKGBUILD: update with image optimization dependencies
- Deblobber: fix bug introducted in 6d33e4ecbf
2019-08-08 14:22:24 -04:00
Tad
6d33e4ecbf
Parallize many functions invoked by find
2019-08-05 21:09:35 -04:00
Tad
3f8e9a846b
Complete tree image optimization
...
- recursively optimize images using optipng/jpegoptim
benefits:
+ reduces image size
+ decreases load time
+ reduces memory usage
2019-08-05 20:34:08 -04:00
Tad
aee6b66dd8
Update CVE patchers
2019-08-05 16:03:41 -04:00
Tad
bad890614e
Update CVE patchers
2019-07-21 09:47:10 -04:00
Tad
34d1bbe155
Minor updates
2019-07-21 07:36:02 -04:00
Tad
6458d6785f
Enable IPv6 privacy extensions
2019-07-05 16:47:59 -04:00
Tad
4fe74583a9
Minor tweaks
2019-07-03 10:42:24 -04:00
Tad
a29825f6e1
Update CVE patchers
2019-07-01 18:06:05 -04:00
Tad
fe19e8c830
Minor tweaks
2019-06-30 04:52:57 -04:00
Tad
e41d053f00
Minor updates
...
- drop usage stats patch, causes Settings to crash
2019-06-27 23:01:28 -04:00
Tad
55c3072089
Going the distance... [pt2]
2019-06-18 13:51:04 -04:00
Tad
c15105d945
Update CVE patchers
2019-06-17 23:26:38 -04:00
Tad
02cf6e4778
Update cherry picks
2019-06-17 14:43:14 -04:00
Tad
1d67143181
Update CVE patchers
2019-06-08 04:09:24 -04:00
Tad
aa4ad7a6da
Cherry picks
2019-06-06 10:45:00 -04:00
Tad
d7078bafd6
Update CVE patchers
2019-06-03 18:41:24 -04:00
Tad
bb72bccbeb
Two hardening patches from @MSe1969
...
+ a backport of browser location restriction patch to 14.1 and 15.1
by @syphyr
2019-06-02 19:25:29 -04:00
Tad
163fdb1f68
Minor updates
2019-05-31 21:13:39 -04:00
Tad
40d6db0326
divestos.xyz > divestos.org
2019-05-23 11:34:26 -04:00
Tad
8030a63a2a
11.0: fixes
2019-05-17 23:26:25 -04:00
Tad
380353773e
Fixes
2019-05-17 20:48:26 -04:00
Tad
899812864f
Update CVE patchers
2019-05-14 21:04:55 -04:00
Tad
c040d79c9b
16.0: add FP2
2019-05-13 13:51:48 -04:00
Tad
de5a4dda72
Minor tweaks
2019-05-12 09:33:21 -04:00
Tad
30bf0f2fb9
Resurrect verity
2019-05-09 06:16:34 -04:00
Tad
ebaf61eb31
Cherrypicks
2019-05-07 03:10:55 -04:00
Tad
b2e521440e
Update CVE patchers
2019-05-06 18:31:06 -04:00
Tad
f59c77f00c
Cherrypicks
2019-05-06 16:29:58 -04:00
Tad
08a2506fe9
14.1: support i9300 and n7100
...
i9300 has less blobs compared to i9305 due to different modem
2019-05-02 16:42:50 -04:00
Tad
cc976eeffe
Minor tweaks
2019-04-16 22:34:31 -04:00
Tad
f8cfdbca4f
Update CVE patchers
2019-04-07 20:31:27 -04:00
Tad
304f39918c
Update cherrypicks
2019-04-07 17:31:23 -04:00
Tad
20c8c7525c
Misc tweaks
...
- 15.1: Contacts: remove Privacy Policy and Terms of Service links
- from GrapheneOS
- cherry picks
2019-04-06 22:55:14 -04:00
Tad
974cc3b3f8
16.0: recovery has been updated
...
but leave it disabled because it doesn't boot
2019-04-04 23:33:10 -04:00
Tad
935795f5bb
Minor tweaks
2019-04-04 15:51:00 -04:00
Tad
25cc717ec2
Use GrapheneOS' hardened memory allocator
...
+ 16.0: some other misc hardening patches from GrapheneOS
- always restrict access to Build.SERIAL
- don't grant location permission to system browsers
- fbe: pad filenames more
+ 16.0: Contacts: remove Privacy Policy and Terms of Service links
2019-04-04 01:07:58 -04:00
Tad
60cf364f19
Minor tweaks
...
- init.sh: sort options
- overlay: leave radioScanningTimeout default
- hardenDefconfig: disable more components with CVEs
- cherry picks
- 16.0: trebuchet: tmp fix for default workspace overlay
2019-04-03 19:04:37 -04:00
Tad
1c49b80da0
Minor tweaks
...
- CVE patchers were updated with no change
- hardenDefconfig: disable MSM_SMP2P_TEST to mitigate CVE-2019-2247
- 14.1 add a cherry pick
2019-04-01 18:57:04 -04:00
Tad
7223df543a
Minor fixes
2019-03-31 22:46:37 -04:00
Tad
61ee2e5757
More minor fixes
2019-03-26 19:37:56 -04:00
Tad
3c806603d9
Various fixes
2019-03-25 21:30:26 -04:00
Tad
8f609e9cbe
Minor tweaks
...
+ remove a few more blobs
+ fix broken USB and log spam on hdx*
2019-03-24 16:32:55 -04:00
Tad
54c68a1e93
Fixup radio on Motorola device
2019-03-23 20:23:42 -04:00
Tad
a8dbb447ed
Deblobber cleanup
...
Break all the really long lines up into the following categories
- libraries (*.so)
- jars (*.jar)
- binaries
- apps (*.apk)
- non-executables (*.xml, *.cfg, *.conf, *.txt)
- firmwares (tz.*)
- treble stuff (vendor.*, com.*)
2019-03-23 18:11:57 -04:00
Tad
c044136234
Remove many more blobs
2019-03-23 14:57:39 -04:00
Tad
fc2e71acbe
Remove more blobs
2019-03-22 19:43:29 -04:00
Tad
510fa2163e
Cherry picks
2019-03-22 08:10:20 -04:00
Tad
a91a3d427a
Remove more blobs
2019-03-22 06:04:29 -04:00
Tad
c64ad2ecdc
Make it easier to build all supported branches of a device
2019-03-22 05:38:58 -04:00
Tad
dd7e4c3faf
Remove more blobs
2019-03-22 05:28:57 -04:00
Tad
e344b17a36
Build fixes + new blob blocker
2019-03-22 04:20:06 -04:00
Tad
d3d924bd91
16.0: add marlin/sailfish and ether
2019-03-21 12:19:26 -04:00
Tad
3c056c7785
Remove some more blobs
2019-03-21 08:55:01 -04:00
Tad
6a0c39d14f
Submodule updates
2019-03-20 22:43:38 -04:00
Tad
cf5a58f447
11.0: misc. fixes
2019-03-17 17:27:51 -04:00
Tad
97dc687812
Update cherry picks
2019-03-15 22:13:32 -04:00
Tad
2367074a0f
Update submodules + misc fixes
2019-03-14 16:09:17 -04:00
Tad
31faec9bdc
16.0: Restore TTS
2019-03-12 20:07:28 -04:00
Tad
39bb65e181
Minor changes
...
15.1: Disabled devices with working 16.0
16.0: Build fixes
16.0: mako: don't touch partitions sizes
2019-03-12 17:18:38 -04:00
Tad
7945ed0e10
16.0: -user on legacy devices
2019-03-11 22:47:11 -04:00
Tad
cfe766be09
Tweaks
2019-03-11 18:19:50 -04:00
Tad
61a8a10c42
Many changes
...
repo changes
15.1: build fixes
16.0: add unofficial mako
2019-03-11 00:55:21 -04:00
Tad
b1455b641d
Update CVE patchers
2019-03-08 15:15:46 -05:00
Tad
913fbcd109
ASB cherry picks + minor tweaks
2019-03-05 22:57:45 -05:00
Tad
5607db2e0b
Update CVE patchers
...
- More aggressively attempt to apply incremental patches by
ignoring the current subversion, as it is common for it to be 0
Hopefully I won't have to revert this
2019-03-04 21:41:55 -05:00
Tad
9e897989d1
Update CVE patchers
2019-03-04 20:18:29 -05:00
Tad
f5d99c938b
16.0: More bringup
2019-03-04 05:53:51 -05:00
Tad
23056ddef0
Minor tweaks
2019-03-04 03:11:51 -05:00
Tad
afe719ffc4
16.0: Initial bringup
...
- 14.1/15.1: Remove @ValdikSS' bluetooth patches
- 15.1: Cleanup
2019-03-04 02:45:54 -05:00
Tad
83478880ef
WireGuard kernel module inclusion support
2019-03-04 00:06:22 -05:00
Tad
6eab4c6529
Minor updates
2019-02-22 08:38:24 -05:00
Tad
bc63feedc9
Update CVE patchers
2019-02-21 06:25:47 -05:00
Tad
fccc124868
tuna fixes + fdroid priv changes
2019-02-14 04:36:50 -05:00
Tad
b9ff7a74e6
Updates and fixes
2019-02-12 16:09:41 -05:00
Tad
c9e17ffb52
Many changes
...
- Add more DNS resolver choices
- Change default DNS resolver back to OpenNIC
- More cleanup
- 15.1: Update some CVE patchers
2019-02-09 20:51:23 -05:00
Tad
ffabfb3616
14.1: fix maguro denials
2019-02-09 14:47:55 -05:00
Tad
a7a4e869fd
Many changes
...
- Remove broken/permissive devices
- Notify user when location is requested via SUPL
- 15.1: skia cherrypicks for Feb ASB
- 15.1: recovery: change selected text color
2019-02-09 14:20:19 -05:00
Tad
9178760d1a
Updater: Fix downloads over Tor
...
+ Update TODO
+ Minor tweaks
2019-02-08 20:58:15 -05:00
Tad
24c291c630
Improve hardenLocation to include fwb and its overlays
2019-02-08 18:46:42 -05:00
Tad
aa9b5499e6
Updates
2019-02-07 11:15:29 -05:00
Tad
3f9d78a4c7
Updates
2019-02-06 17:44:17 -05:00
Tad
15237becbb
Update CVE patchers
2019-02-04 16:03:59 -05:00
Tad
929a3d5704
15.1: fix g3
2019-02-04 04:39:31 -05:00
Tad
db260cf1e1
Updates
2019-02-02 06:11:41 -05:00
Tad
378971497c
14.1: Support unified tuna
2019-02-01 02:53:13 -05:00
Tad
0ea1d37f0c
Minor changes
...
- Update cherrypicks
- Update submodules
- Add some comments
2019-01-28 21:54:45 -05:00
Tad
883c22d162
Get d852 building + Update CVE patchers
2019-01-17 18:52:55 -05:00
Tad
a7a0a67888
Many changes
...
- Allow enabling accessibility services without disabling secure start-up
- Disable overclocks
- Update select CVE patchers
- Update submodules
- Support select downloads over Tor
- Update defconfig enablers
- Cherry pick security patches
2019-01-14 03:12:50 -05:00
Tad
ec3ffa38f2
Fixup CVE patchers
2019-01-07 19:42:25 -05:00
Tad
d8aac4c07b
Update CVE patchers
2019-01-07 17:07:00 -05:00
Tad
c27f226269
Properly fix network mode patch
2018-12-29 12:19:27 -05:00
Tad
0df749ef73
Add more preferred network modes such as LTE Only, LTE/3G only, and 3G only
2018-12-28 08:02:24 -05:00
Tad
c07027dd97
Many changes
...
- Update CVE patchers
- Update submodules
- Update defconfig enablers
- Update DNS IP addresses
- + Misc changes
2018-12-24 23:29:56 -05:00
Tad
6c4eadcdc7
Manifest cleanup + always remove latemount from /cache
...
formatting/erasing /cache will result in selinux contexts being lost
these are normally restored by system/core/rootdir/init.rc in post-fs
but latemount causes /cache to not be mounted beforehand
preventing it from ever being fixed
result is broken ota and recovery updates
2018-12-20 17:22:34 -05:00