Skip to content
GitLab
  1. 01 Feb, 2023 1 commit
  3. 29 Jan, 2023 1 commit
  5. 25 Jan, 2023 1 commit
  7. 22 Dec, 2022 1 commit
  9. 17 Dec, 2022 1 commit
  11. 30 Nov, 2022 1 commit
  13. 22 Nov, 2022 1 commit
  15. 21 Nov, 2022 1 commit
    • Tad's avatar
      Update CVE patchers · c4fe56a3
      Tad authored 
      This fixes CVE-2018-9422 which was primarily added via b56fabac



May still need to be fixed:
16.0/kernel_google_yellowstone
16.0/kernel_xiaomi_msm8937

Signed-off-by: Tad's avatarTad <tad@spotco.us>
      c4fe56a3
  17. 23 Oct, 2022 1 commit
  19. 04 Sep, 2022 1 commit
  21. 21 Aug, 2022 1 commit
  23. 11 Aug, 2022 1 commit
  25. 10 Aug, 2022 1 commit
    • Tad's avatar
      Improve CVE-2021-1048 patching on 3.x kernels · 12c56938
      Tad authored 
      

It is still actively being used by malware.

This largely handles 3.0, 3.4, and 3.10 kernels.
It works for select 3.18 kernels too.

TODO: need alternate get_file_rcu backport for the following:
15.1/lge_msm8996
15.1/zte_msm8996
16.0/xiaomi_msm8937
17.1/motorola_msm8996
18.1/google_marlin
18.1/lge_msm8996
18.1/oneplus_msm8996

Signed-off-by: Tad's avatarTad <tad@spotco.us>
      12c56938
  27. 22 Jul, 2022 1 commit
  29. 08 Jul, 2022 1 commit
  31. 06 Jul, 2022 1 commit
  33. 28 Jun, 2022 1 commit
  35. 01 Jun, 2022 1 commit
  37. 28 May, 2022 1 commit
    • Tad's avatar
      Revert 5d57bf13 · 735c9e0d
      Tad authored 
      

I don't trust enabling MODULES won't cause weird inane breakage on these legacy devices

Signed-off-by: Tad's avatarTad <tad@spotco.us>
      735c9e0d
  39. 26 May, 2022 1 commit
  41. 24 May, 2022 1 commit
  43. 20 May, 2022 1 commit
  45. 19 Apr, 2022 1 commit
  47. 12 Apr, 2022 1 commit
  49. 01 Apr, 2022 2 commits
    • Tad's avatar
      Reverts · 01900ca1
      Tad authored 
      WebView overlay is breaking boot on 15.1???

This reverts commit e61e288b.
      01900ca1
    • Tad's avatar
      Fix boot breakage · 3f9b3463
      Tad authored 
      

On devices with quota enabled and impacted by this patch

Signed-off-by: Tad's avatarTad <tad@spotco.us>
      3f9b3463
  51. 28 Mar, 2022 1 commit
  53. 09 Mar, 2022 2 commits
  55. 08 Mar, 2022 1 commit
  57. 04 Mar, 2022 1 commit
    • Tad's avatar
      Update CVE patchers [the big fixup] · ac1e89f0
      Tad authored 
      

This removes many duplicately or wrongly applied patches.

Correctly removed:
- CVE-2011-4132 can apply infinitely
- CVE-2013-2891 can apply infinitely
- CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap
- CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result
- CVE-2016-2475 can apply infinitely
- CVE-2017-0627 can apply infinitely
- CVE-2017-0750 can apply infinitely
- CVE-2017-14875 can apply infinitely
- CVE-2017-14883 can apply infinitely
- CVE-2020-11146 can apply infinitely
- CVE-2020-11608 can apply infinitely
- CVE-2021-42008 can apply infinitely

Questionable (might actually be beneficial to "incorrectly" apply again):
- CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt
- CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature
- CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect
- CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl
- CVE-2019-10622 can apply once	to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback
- CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev

Other notes:
- CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696
  then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it.
  This was seemingly fixed with a hand merged patch in patch repo.

Wrongly removed:
- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames

Signed-off-by: Tad's avatarTad <tad@spotco.us>
      ac1e89f0
  59. 13 Jan, 2022 1 commit
  61. 11 Jan, 2022 1 commit
  63. 29 Dec, 2021 1 commit
  65. 11 Dec, 2021 1 commit
  67. 08 Dec, 2021 1 commit
  69. 06 Dec, 2021 1 commit
  71. 30 Nov, 2021 1 commit
    • Tad's avatar
      Guess what?... · c5c39985
      Tad authored 
      
Guess what? f̵͖̲̙̝̩̌̌̌̑͆̔͐̏͋̓̅̔̒̈́͠i̴͍̗̦͕̅̓̿͋̓̑̽͌͐͊͘͠͠s̵̡̬͙͚̃͑̓̊̌́̾́͠ḥ̴̬͓͚̹̱̰͕͚͈̞̳͒̊ ̵̢̟̞̖͈͖͕̥̙̤͉̮̍́̅̀̾b̵̛̹̝̙̖̱̲͉͚̝̪̲̓̿͛̔̆͋̎́͐̃͆̀̕͝u̸̞̺͓͎̰̦̯̘̺̬͔̬͆͛̋̍̂͒̓͛̐̈́̋̚͝ṫ̵̠t̶̻̳̜̪̗͖͛̂̒̃̑̏͝

Tested on 14.1 and 15.1 targets

Signed-off-by: Tad's avatarTad <tad@spotco.us>
      c5c39985
  73. 28 Nov, 2021 1 commit
    • Tad's avatar
      14.1: extreme loose versioning work · 7d54ee4b
      Tad authored 
      

This will apply 3.10 and 3.18 specific patches to 3.0
Example of tuna 3.0 kernel:
199 without loose versioning
311 with loose versioning
364 with extreme loose versioning

Signed-off-by: Tad's avatarTad <tad@spotco.us>
      7d54ee4b
  75. 26 Nov, 2021 1 commit