| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The applications built from Replicant are signed with a key that is
generated during the build procedure The issue is that the data of an
application becomes inaccessible to it if the application signature change.
This affects all the applications built during and signed during the build
of Replicant images, which includes all system applications.
This is why, during the installation of a new Replicant version, the
otasigcheck.sh is run: it verifies if the application signatures expected
by the applications data match the signatures of the new applications
that are part of the new Replicant image being installed.
Without this check, users installing a new Replicant minor version (like
Replicant 6.0 0004) and keeping the data from the previous minor version
(like Replicant 6.0 0003) with a key that change will make at least some
system applications like the launcher crash as they will not be able to
access their data.
If the check detects an incompatibility, on a Galaxy SIII (GT-I9300), we
end up the installation aborting and the following message being displayed
on the screen:
detected filesystem ext4 for /dev/block/mmcblk0p12
Can't install this package on top of incompatible data. Ples
se try another package or run a factory test
E:Failed to install /sideload/package.zip
E:Please take note of all the above lines for reports.
This design has several issues:
- You cannot upgrade between Replicant minor versions if the keys signing
applications shipped in the new version changed. This is really
problematic as to upgrade, users need to delete all their application
data and restart creating them from scratch which is very time consuming.
With frequent updates that would becomes too much time consuming to do.
- It is also very fragile: if the data partition is encrypted,
otasigcheck.sh cannot do the check, and the check is skipped completely,
with the consequences explained before (the system applications end up
not being able to access their data).
To fix that:
- This patch removes the call to otasigcheck.sh during the installation
of new Replicant versions.
- otasigcheck.sh will be removed in the vendor_replicant repository
- A new script (key-migration.sh) will be added to the vendor_replicant
repository. It will take care of migrating the applications data to
the new keys during the first boot (so after the data partition will
have been mounted).
- A python script generating this key-migration.sh script will be added
to the vendor_replicant-scripts repository to enable users and developers
to generate a key-migration.sh script with the keys they want. This
should make downgrade easier as the key-migration.sh could also be run
manually in the recovery and also make the migration to self-built images
much easier.
Also, the otasigcheck.sh script has already been removed in LineageOS 17.1
by the following commit in vendor/lineage:
commit 95621f3c73b94a87ca4528748535bb114ae1613f
Author: Michael Bestas <mkbestas@lineageos.org>
Date: Sat Aug 4 17:46:35 2018 +0300
Revert "ota: Validate any installed data's signature against our own"
* otasigcheck doesn't work on encrypted devices and makes
the zip installation fail since oreo.
* The build part of this was never ported to oreo.
This reverts commit aff5e54c4ef5fec7e67e830f83ee64424005d07c.
Change-Id: I411f33c1db64844091c1692ef4706ae541925d4f
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
| |
It can exceed its maximum length for devices with longer codenames
(e.g. espressowifi). PRODUCT_BRAND is set to "Android" which doesn't
say much and TARGET_VENDOR_DEVICE_NAME should always have the same
codename that is already set in the build target
TARGET_VENDOR_PRODUCT_NAME, so no information is lost.
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on Paul's Replicant 4.2 patch:
commit 3e39ecabad250118c613b71e01738bb4c7a4d51c
Author: Paul Kocialkowski <contact@paulk.fr>
Date: Fri Apr 25 11:43:26 2014 +0200
kernel: mkimage dependency for U-Boot kernels
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
|
|
|
|
| |
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without that fix we have:
Kernel: arch/arm/boot/zImage is ready
multiple (or no) load addresses:
This is incompatible with uImages
Specify LOADADDR on the commandline to build an uImage
make[3]: *** [arch/arm/boot/uImage] Error 1
make[2]: *** [uImage] Error 2
make[1]: *** [sub-make] Error 2
make[1]: Leaving directory `/home/gnutoo/embedded/android/replicant-4.0/kernel/goldelico/gta04'
make: *** [TARGET_KERNEL_BINARIES] Error 2
While building a recent kernel (3.10 based in that case).
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).
The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.
https://lwn.net/Articles/584225/
Change-Id: Iccc20852db8a5e4dd9792f9da6d5e325fc59b0a5
|
|
|
|
|
|
| |
Relocation packer is built from source.
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
| |
Newer manifest merger expects colons instead of spaces.
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
| |
Port of commit f6fe3cf5 from Replicant 4.2
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
| |
sdklib and tools.common are needed from Debian
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
It's now available in Debian Stretch
|
|
|
|
|
|
| |
This fixes build errors with a more recent binutils.
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
| |
They changed in the latest gcc from 4.9 to 4.9.x
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
| |
was previously a prebuilt from misc
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
| |
export androideabi arm toolchain path
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
| |
this way, the prebuilt ones from the sdk are not needed
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
|
| |
take flex, bison, yasm and findbugs from /usr/bin
TODO: cleanup removal of analyzer
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
|
| |
this is just an initial version
various config parts need cleanup and more testing is necessary
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
|
|
| |
qemu kernel repo
it shouldn't matter from which kernel repo the licence text is taken
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
| |
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
| |
Change-Id: Iaafc283244ec47a0599c474a6a42efa4d87fa97c
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
|
|
|
|
|
|
|
|
|
| |
Change-Id: I69b539d5a87304d53b62d112d6895fd36bfc6446
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Conflicts:
envsetup.sh
tools/device/cm.mk.template
|
|
|
|
|
|
|
|
| |
Change-Id: Ib8f1596e73951000e32bcf8bc9a3f0790d3b37f9
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Conflicts:
target/product/generic_no_telephony.mk
|
|
|
|
|
| |
Change-Id: I3b4debf8f58f9dbc3b22aedb4df1402e04394227
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
|
|
|
|
|
| |
Change-Id: I867fa21cd52b1d0e0a49160b953bde3cd84b1639
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
|
|
|
|
| |
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
|
|
|
|
| |
Change-Id: Ica4a8919ed29e91edb0c6f697da5aa2f68448dc8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2019-2027 A-119120561 Crit Change 251187
CVE-2019-2028 A-120644655 Crit Change 254099
CVE-2019-2031 A-120502559 High Change 251188
CVE-2019-2034 A-122035770 High Change 251192
CVE-2019-2035 A-122320256 High Change 251191
CVE-2019-2038 A-121259048 High Change 251190
CVE-2019-2039 A-121260197 High Change 251189
CVE-2019-2029 A-120612744 Crit Change 251193
CVE-2019-2037 A-119870451 High Change 251194
Reference Version: 7.0
Change-Id: I258c7ac961dbc2281b01f4ecd69097e5e08d57b9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2018-20346 A-121156452 High Change 254060/249486
CVE-2019-1985 A-118694079* High Change 246141
CVE-2019-2003 A-116321860 High Change 246849
CVE-2019-2004 A-115739809 High Change 246139
CVE-2019-1989 A-118399205 Crit. Change 246143
CVE-2019-1990 A-118453553 Crit. Change 246142
CVE-2019-2009 A-120665616 Crit. vulnerable feature missing
CVE-2019-2010 A-118152591 High Change 246132
CVE-2019-2012 A-120497437 High Change 246131
CVE-2019-2013 A-120497583 High Change 246131
CVE-2019-2014 A-120499324 High Change 246138
CVE-2019-2015 A-120503926 High Change 246130
CVE-2019-2016 A-120664978 High Change 246129
CVE-2019-2017 A-121035711 High Change 246135
CVE-2018-9561 A-111660010[1] High Change 246134
CVE-2018-9561 A-111660010[2] High Change 246134
CVE-2018-9563 A-114237888[1] High Change 246134
CVE-2018-9563 A-114237888[2] High Change 246134
CVE-2018-9564 A-114238578[1] High Change 246134
CVE-2018-9564 A-114238578[2] High Change 246134
CVE-2019-2019 A-115635871 High Change 246136
CVE-2019-2020 A-116788646 High Change 246133
CVE-2019-2021 A-120428041 High Change 246137
CVE-2019-2022 A-120506143 High Change 246131
Reference version: 7.0
Change-Id: I3e73d75b38e88bfa649d2e960704cc4796f7b422
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2019-1987 A-118143775 [1] Crit. Dependency of [2]
CVE-2019-1987 A-118143775 [2] Crit. Not applicable
CVE-2017-17760 A-78029030* High Change 244765
CVE-2018-5268 A-78029634* High Change 244765
CVE-2018-5269 A-78029727* High Change 244765
CVE-2017-18009 A-78026242* Mod. Change 244765
CVE-2019-1991 A-110166268 Crit. Change 244753
CVE-2019-1992 A-116222069 Crit. Change 244755
CVE-2019-1995 A-32589229 [1] High Change 244756
CVE-2019-1995 A-32589229 [2] High Change 244757
CVE-2019-1997 A-117508900 High Change 244758
Reference Version: 7.0
Change-Id: Iac3b46a870f0a91900fcfe486e863ad1ff3466e6
|