Replicant: Issueshttps://redmine.replicant.us/https://redmine.replicant.us/favicon.ico?15984615062017-04-24T14:09:56ZReplicant
Redmine Replicant - Feature #1794 (Resolved): Use free hardware composer for smdk4412 deviceshttps://redmine.replicant.us/issues/17942017-04-24T14:09:56ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p>Javi Ferrer developed a free hardware composer for Exynos 4. It is part of NamelessRom:<br /><a class="external" href="https://github.com/NamelessRom/android_hardware_samsung/commit/90ce74afc13c8265673bc90bedeb8bc8a17f5497">https://github.com/NamelessRom/android_hardware_samsung/commit/90ce74afc13c8265673bc90bedeb8bc8a17f5497</a><br /><a class="external" href="https://github.com/NamelessRom/android_hardware_samsung/commit/999f31969533a8042726489e957b3dc3c927851a">https://github.com/NamelessRom/android_hardware_samsung/commit/999f31969533a8042726489e957b3dc3c927851a</a><br /><a class="external" href="https://github.com/NamelessRom/android_hardware_samsung/commit/a133ba7dd102fa3d2db3141f35fedd13b88afd14">https://github.com/NamelessRom/android_hardware_samsung/commit/a133ba7dd102fa3d2db3141f35fedd13b88afd14</a><br />Other Gralloc-related commits might be needed as well.</p>
<p>The implementation depends on a change in the smdk4412 kernel:<br /><a class="external" href="https://github.com/NamelessRom/android_kernel_samsung_smdk4412/commit/f1c6163ac1896e5d92b77a45d882d0564f060206">https://github.com/NamelessRom/android_kernel_samsung_smdk4412/commit/f1c6163ac1896e5d92b77a45d882d0564f060206</a></p>
<p>Furthermore, the NamelessRom smdk4412 kernel was rebased on the Note 2 kernel sources. This rebase was not done for the LineageOS kernel and thus is not included in the Replicant kernel. It needs to be investigated if the required changes can be backported, at least for the Samsung video drivers in <code>drivers/video/samsung</code>.</p>
<p>The free hardware composer is also not yet part of LineageOS. Development on their part can be tracked on their Gerrit, e.g.:<br /><a class="external" href="https://review.lineageos.org/#/c/167147/">https://review.lineageos.org/#/c/167147/</a></p>
<p>Replicant 6.0 currently does not make use of FIMG, Replicant 4.2 has some code in skia:<br /><a class="external" href="https://github.com/CyanogenMod/android_external_skia/commit/647876b665f2cf011e75adc6ff2238d467c47635">https://github.com/CyanogenMod/android_external_skia/commit/647876b665f2cf011e75adc6ff2238d467c47635</a></p>
<p>A newer skia commit to make use of FIMG2D:<br /><a class="external" href="https://review.lineageos.org/#/c/61162/">https://review.lineageos.org/#/c/61162/</a></p>
<p>Integrating these hardware composer changes could make it possible to use the integrated 2D graphics unit (FIMG2D) for compositing which could improve graphics speed significantly on Replicant. It should work at least on the Galaxy S 3 and Note 2, but it should be possible to make it work for the Galaxy S 2 and Note, too.</p> Replicant - Feature #1789 (Closed): Lower screen resolution to speed up graphicshttps://redmine.replicant.us/issues/17892017-04-09T18:43:53ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p>Some Replicant-supported devices have a pretty high screen resolution which makes the devices slow with the software renderer. The display drivers usually don't allow to set a lower screen resolution.</p>
<p>Making the display drivers work with a lower screen resolution would lead to a smaller framebuffer which in turn would greatly improve graphics speed.</p>
<p>A possible approach could be to reduce the resolution in one or both dimensions by half and using the pixel values for one pixel in the framebuffer for two or four screen pixels. This way a simple scaling mechanism could be implemented.</p> Replicant - Issue #1787 (Closed): Make Replicant 6.0 buildable on a GNU FSDG-compliant distributionhttps://redmine.replicant.us/issues/17872017-04-09T17:48:09ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p>Replicant 6.0 makes use of many packaged build tools in Debian to avoid using prebuilt binaries shipped with the AOSP toolchain. These Android build tools packages are not yet available on any GNU FSDG-compliant distro, at least to my knowledge. Therefore, it is currently not possible to build the toolchain and Replicant images on such distros without significant changes to the build system.</p>
<p>The current release of Trisquel is too old to have these packages and it will likely take a long time until the needed packages become available in Trisquel. Parabola lacks these packages because these tools are not yet packaged for Arch-based distros.</p>
<p>This issue can be solved by asking Trisquel developers if it's possible to upload the packages to Trisquel's repos and make them available for the current or next release. For Parabola, the required steps need to be investigated, how the missing tools can be packaged.</p>
<p>As a temporary solution, we could provide an archive that contains all binaries that are either not available as part of packages on FSDG-compliant distros or that are not buildable on these distros. We could provide a script as part of the archive that puts the binaries in the right places in the source tree. Changes to the build system are necessary so that binaries from the archive are detected. This would make it possible to build Replicant images on FSDG-compliant distros with the limitation of using binaries from Debian and not having all the needed tools directly available as packages or buildable from source. It is still a far better solution than using the prebuilt AOSP tools.</p>
<p>The temporary solution should only be considered if it is in fact a lot more work to make the tools available in FSDG-compliant distros.</p> Replicant - Issue #1782 (Closed): F-droid Antifeature: NonFreeAdd definition unclearhttps://redmine.replicant.us/issues/17822017-03-20T21:17:05ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p><a href="https://gitlab.com/fdroid/fdroid-website/blob/master/_docs/Build_Metadata_Reference.md#AntiFeatures" class="external">Current definition</a> of the NonFreeAdd anti-feature:</p>
<blockquote>
<p>the application promotes non-free add-ons, such that the app is effectively an advert for other non-free software and such software is not clearly labelled as such.</p>
</blockquote>
<p>The last part makes it sound as it would be ok to promote non-free software as long as it is labeled as such. This would not be in compliance with the Free System Distribution Guidelines and it raises the question if there are apps included in F-Droid that advertise nonfree software and that are not marked with an anti-feature.</p> Replicant - Issue #1778 (Resolved): The installation pages lack advice to backup the EFS partitionhttps://redmine.replicant.us/issues/17782017-03-05T21:27:30ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p>The installation pages of devices that have an EFS partition should advise to backup the EFS partition so users can restore the partition in case of corruption. This could prevent <a class="issue tracker-3 status-27 priority-27 priority-high3 closed" title="Issue: i9300 lost IMEI (Closed)" href="https://redmine.replicant.us/issues/1467">#1467</a> and would not require to install the proprietary stock images.</p>
<p>The page detailing the backup process should also include information about the necessary permissions the files should have to prevent <a href="http://redmine.replicant.us/boards/9/topics/8841" class="external">network issues</a>.</p> Replicant - Issue #1401 (Closed): CVE-2014-3686 wpa_supplicanthttps://redmine.replicant.us/issues/14012015-10-20T21:09:42ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p>Entry: <a class="external" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686</a><br />I noticed that the cm-11.0 branch of CyanogenMod contains patches for this vulnerability:<br /><a class="external" href="https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/5ed77d870e563df8560a40478204be5ea9db33e9">https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/5ed77d870e563df8560a40478204be5ea9db33e9</a><br /><a class="external" href="https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/8e575d91534fd8ad98b06caec872a056c7f2737c">https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/8e575d91534fd8ad98b06caec872a056c7f2737c</a><br /><a class="external" href="https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/b76a82e8f28a5c3f43958e0e1b3c26390725b040">https://github.com/CyanogenMod/android_external_wpa_supplicant_8/commit/b76a82e8f28a5c3f43958e0e1b3c26390725b040</a></p>
<p>They can be applied to Replicant without any changes. They are also in the android_external_wpa_supplicant_8_ti repository. Is this repository actually needed in Replicant?</p>
<p>upstream patches for reference: <a class="external" href="https://w1.fi/security/2014-1/">https://w1.fi/security/2014-1/</a></p> Replicant - Issue #1395 (Closed): Nexus Security Bulletin from Septemberhttps://redmine.replicant.us/issues/13952015-10-18T19:10:16ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p>Same procedure as in <a class="issue tracker-3 status-27 priority-27 priority-high3 closed" title="Issue: Nexus Security Bulletin from August (Closed)" href="https://redmine.replicant.us/issues/1389">#1389</a>. This time the bulletin from September: <a class="external" href="https://groups.google.com/forum/?_escaped_fragment_=msg/android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ#!msg/android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ">https://groups.google.com/forum/?_escaped_fragment_=msg/android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ#!msg/android-security-updates/1M7qbSvACjo/Y7jewiW1AwAJ</a></p>
<p><strong>CVE-2015-3636: Elevation of Privilege Vulnerability in Kernel</strong><br /><a class="external" href="https://github.com/torvalds/linux/commit/a134f083e79f">https://github.com/torvalds/linux/commit/a134f083e79f</a></p>
<p><strong>Elevation of Privilege Vulnerability in Binder</strong><br /><strong>CVE-2015-3845</strong><br /><a class="external" href="https://android.googlesource.com/platform/frameworks/native/+/e68cbc3e9e66df4231e70efa3e9c41abc12aea20%5E!/">https://android.googlesource.com/platform/frameworks/native/+/e68cbc3e9e66df4231e70efa3e9c41abc12aea20%5E!/</a><br /><strong>CVE-2015-1528</strong><br /><a class="external" href="https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254%5E!/">https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254%5E!/</a><br /><a class="external" href="https://github.com/CyanogenMod/android_system_core/commit/d869e89766d80256117c528bbcc0854acbc068f1">https://github.com/CyanogenMod/android_system_core/commit/d869e89766d80256117c528bbcc0854acbc068f1</a></p>
<p><strong>CVE-2015-3863: Elevation of Privilege Vulnerability in Keystore</strong><br /><a class="external" href="https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b%5E!/">https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b%5E!/</a><br />merge conflict resolved</p>
<p><strong>CVE-2015-3849: Elevation of Privilege Vulnerability in Region</strong><br /><a class="external" href="https://android.googlesource.com/platform/frameworks/base/+/4cff1f49ff95d990d6c2614da5d5a23d02145885%5E!/">https://android.googlesource.com/platform/frameworks/base/+/4cff1f49ff95d990d6c2614da5d5a23d02145885%5E!/</a><br />merge conflict: Problem is that readFromMemory() is not available in Replicant's Skia, so I kept the unflatten function in there.</p>
<p><a class="external" href="https://android.googlesource.com/platform/frameworks/base/+/1e72dc7a3074cd0b44d89afbf39bbf5000ef7cc3%5E!/">https://android.googlesource.com/platform/frameworks/base/+/1e72dc7a3074cd0b44d89afbf39bbf5000ef7cc3%5E!/</a><br />merge conflict: Same as above, working around missing readFromMemory()</p>
<p><strong>CVE-2015-3858: Elevation of Privilege vulnerability in SMS enables notification bypass.</strong><br />It seems that Replicant is not affected by this. android.permission.SEND_SMS_NO_CONFIRMATION was renamed to android.permission.SEND_RESPOND_VIA_MESSAGE in API level 18 so we should be safe.</p>
<p><strong>CVE-2015-3861: Denial of Service Vulnerability in Mediaserver</strong><br /><a class="external" href="https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0%5E!/">https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0%5E!/</a><br />merge conflict resolved</p> Replicant - Issue #1389 (Closed): Nexus Security Bulletin from Augusthttps://redmine.replicant.us/issues/13892015-10-18T12:59:39ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p>Google now releases monthly security bulletins. I went through the one from August, which also includes some older security fixes: <a class="external" href="https://groups.google.com/forum/?_escaped_fragment_=msg/android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ#!msg/android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ">https://groups.google.com/forum/?_escaped_fragment_=msg/android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ#!msg/android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ</a><br />Although most of the Stagefright related stuff is already fixed in Replicant, some other security bugs aren't.<br />I added a note below the link to the commit if the patch needed to be changed.</p>
<p><strong>CVE-2015-3836: Buffer overflow in Sonivox Parse_wave</strong><br /><a class="external" href="https://android.googlesource.com/platform/external/sonivox/+/e999f077f6ef59d20282f1e04786816a31fb8be6%5E!/">https://android.googlesource.com/platform/external/sonivox/+/e999f077f6ef59d20282f1e04786816a31fb8be6%5E!/</a></p>
<p><strong>CVE-2015-3832: Buffer overflows in libstagefright MPEG4Extractor.cpp</strong><br /><a class="external" href="https://github.com/CyanogenMod/android_frameworks_av/commit/c086b29ee1353fe85e3c08cb2ea4ce1f5dd462d7">https://github.com/CyanogenMod/android_frameworks_av/commit/c086b29ee1353fe85e3c08cb2ea4ce1f5dd462d7</a><br />merge conflict resolved</p>
<p><strong>CVE-2015-0973: Vulnerability in libpng: Overflow in png_Read_IDAT_data</strong><br /><a class="external" href="https://github.com/CyanogenMod/android_external_libpng/commit/abd737d8149ee16d843c2d9d65f75ecf13d6ca99">https://github.com/CyanogenMod/android_external_libpng/commit/abd737d8149ee16d843c2d9d65f75ecf13d6ca99</a></p>
<p><strong>CVE-2015-1863: Remotely exploitable memcpy() overflow in p2p_add_device() in wpa_supplicant</strong><br /><a class="external" href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/4cf0f2d0d869c35a9ec4432861d5efa8ead4279c%5E!/">https://android.googlesource.com/platform/external/wpa_supplicant_8/+/4cf0f2d0d869c35a9ec4432861d5efa8ead4279c%5E!/</a><br />Replicant also has the repository external_wpa_supplicant_8_ti, so I applied the patch to this repository, too.</p>
<p><strong>CVE-2015-3834: Buffer overflow in mediaserver BnHDCP</strong><br /><a class="external" href="https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E!/">https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E!/</a><br />merge conflict resolved</p>
<p><strong>CVE-2015-3835: Buffer overflow in libstagefright OMXNodeInstance::emptyBuffer</strong><br /><a class="external" href="https://github.com/CyanogenMod/android_frameworks_av/commit/49fa7b75b65c3047f55efb4cd2b25261f4289799">https://github.com/CyanogenMod/android_frameworks_av/commit/49fa7b75b65c3047f55efb4cd2b25261f4289799</a></p>
<p><strong>CVE-2015-3843: Applications can intercept or emulate SIM commands to Telephony</strong><br /><a class="external" href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/b48581401259439dc5ef6dcf8b0f303e4cbefbe9%5E!/">https://android.googlesource.com/platform/frameworks/opt/telephony/+/b48581401259439dc5ef6dcf8b0f303e4cbefbe9%5E!/</a><br />merge conflict resolved</p>
<p><a class="external" href="https://android.googlesource.com/platform/packages/apps/Stk/+/1d8e00160c07ae308e5b460214eb2a425b93ccf7%5E!/">https://android.googlesource.com/platform/packages/apps/Stk/+/1d8e00160c07ae308e5b460214eb2a425b93ccf7%5E!/</a><br />merge conflict resolved</p>
<p><a class="external" href="https://android.googlesource.com/platform/frameworks/base/+/a5e904e7eb3aaec532de83ca52e24af18e0496b4%5E!/#F0">https://android.googlesource.com/platform/frameworks/base/+/a5e904e7eb3aaec532de83ca52e24af18e0496b4%5E!/#F0</a><br />merge conflict resolved</p>
<p><strong>CVE-2015-1536: Vulnerability in Bitmap unmarshalling</strong><br /><a class="external" href="https://android.googlesource.com/platform/frameworks/base/+/d44e5bde18a41beda39d49189bef7f2ba7c8f3cb%5E!/">https://android.googlesource.com/platform/frameworks/base/+/d44e5bde18a41beda39d49189bef7f2ba7c8f3cb%5E!/</a><br />patch does not work at all. I ported the changes manually. There is also a small change in external/skia necessary for this patch to work. Please review carefully!</p>
<p><strong>CVE-2015-3844: ActivityManagerService.getProcessRecordLocked() may load a system UID application into the wrong process</strong><br /><a class="external" href="https://github.com/CyanogenMod/android_frameworks_base/commit/22a5396c052bef500ceea2522c7d8ae61be39c4f">https://github.com/CyanogenMod/android_frameworks_base/commit/22a5396c052bef500ceea2522c7d8ae61be39c4f</a></p>
<p>Patches are attached.<br />These and my other changes can also be found in my personal repository at <a class="external" href="https://code.fossencdi.org">https://code.fossencdi.org</a></p> Replicant - Issue #1365 (Closed): Install from unknown sources and adb enabled by defaulthttps://redmine.replicant.us/issues/13652015-10-01T16:35:56ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p>Replicant allows by default the installation of apps from unknown sources. As F-Droid nowadays works perfectly without this setting enabled, there is IMHO no reason to keep it enabled.</p>
<p>Having adb enabled by default might be a nice thing for developing and for advanced tasks, but it also adds a big attack vector. There are at the moment alone two open security bugs related to adb on this issue tracker and there might be more yet unpatched. People who need adb will very likely know how to enable it.</p> Replicant - Issue #1359 (Closed): Device lock bypass - CVE-2013-6271https://redmine.replicant.us/issues/13592015-09-28T23:55:52ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<p>Replicant is affected by the following vulnerability: <a class="external" href="https://www.cvedetails.com/cve/CVE-2013-6271">https://www.cvedetails.com/cve/CVE-2013-6271</a><br />More information: <a class="external" href="http://blog.curesec.com/article/blog/CVE-2013-6271-Remove-Device-Locks-from-Android-Phone-26.html">http://blog.curesec.com/article/blog/CVE-2013-6271-Remove-Device-Locks-from-Android-Phone-26.html</a></p>
<p>You can test it for yourself with the following adb command:<br />adb shell am start -n com.android.settings/com.android.settings.ChooseLockGeneric --ez confirm_credentials false --ei lockscreen.password_type 0 --activity-clear-task<br />Your device lock should now be removed.</p>
<p>The upstream patch is here: <a class="external" href="https://android.googlesource.com/platform/packages/apps/Settings/+/66026773bbf1d7631743a5b892a4f768c694f868%5E!/">https://android.googlesource.com/platform/packages/apps/Settings/+/66026773bbf1d7631743a5b892a4f768c694f868%5E!/</a><br />The patch needed to be modified for compatibility with replicant and the modified version is attached.<br />If you run the above command with the patch applied, you should now get prompted for your lock password/pin etc. and the lock is not just removed.</p>