Hello all, CVE-2017-13154 was announced in Google's security bulletin here: https://source.android.com/security/bulletin/pixel/2017-12-01
Their patch to fix this is here: https://android.googlesource.com/platform/frameworks/av/+/271defe729a10db25b45759c8ccfb5abed24c647 The patch that fixes CVE-2017-13154 was backported to LineageOS 13 on Jan 12, 2018 here: https://github.com/LineageOS/android_frameworks_av/commit/19d12edc1aad955ecd2e2b1bc786f1e7acb5fe0c#diff-26fac486080a94be3c3dd15b0775665a When testing and reviewing the patch on LOS 13, multiple people observed that it breaks the camera functionality and causes system crashes. https://review.lineageos.org/c/LineageOS/android_frameworks_av/+/198403 This patch also seemed to break video playback / YouTube on LOS 11: https://review.lineageos.org/c/LineageOS/android_frameworks_av/+/211067/11 Due to this, instead of properly backporting the patch to prevent the camera from breaking and system from crashing, a workaround to the patch was made. The commit message describes it this way: Backport: Wrap into #ifndef/#endif statement to allow skipping this patch for specific devices by adding the following directive into the BoardConfig.mk or BoardConfigCommon.mk file of the device repo: TARGET_RELEASE_CPPFLAGS += -DSKIP_CVE_2017_13154 On May 7, 2018 it was determined that the method used in the backported patch, where a C/C++ flag was used in BoardConfig.mk / BoardConfigCommon.mk, was a bad idea and that a Boardflag should be used instead, so this patch was applied: https://review.lineageos.org/c/LineageOS/android_frameworks_av/+/212842 Since LineageOS upstream doesn't have a fix for this, I suggest that we either revert both of these two patches or add the 'BOARD_SKIP_CVE_2017_13154' boardflag for any 6.0 devices that are currently experiencing system crashes on our alpha 0004 builds. The two patches are on our cgit here: https://git.replicant.us/replicant/frameworks_av/commit/?id=19d12edc1aad955ecd2e2b1bc786f1e7acb5fe0c https://git.replicant.us/replicant/frameworks_av/commit/?id=a794b89fe00d214c8c1ced6a9519dd48b1ceb4af Sure, it'd be great to figure out how to properly backport the upstream patch, but we already are missing a number of other upstream patches because they never were fixed in LOS 13. When we release this new Rom, we can emphasize to everyone that Replicant 6.0 0004 is supposed to just be a stop gap between 6.0 0003 and Replicant 9 and that it doesn't have all of Google's security patches applied. As a side note, it seems as though LineageOS only lets you sign into their gerrit instance if you have a Google account. I don't have a google account though and don't particularly want one. It might be worth asking them to provide a different login option so that we can collaborate with them closer. Cordially, Kurtis Joonas Kylmälä: > Hi, > > yeah, this was just linked to #replicant IRC channel: > <https://forum.xda-developers.com/droid-ultra/development/rom-cyanogenmod-13-obake-t3319958/page36>. > So the patch was ifdef'd because it broke on one device. I think we > might be using software audio/video decoding/encoding and in lineageos > it might be hardware so they might use different libraries and not have > come across this on other than that 1 device which was then not fixed. > > Joonas > > Marcos Marado: >> That ifdef is in there because this will happen to some devices but >> not others (and we should investigate each replicant device to see >> which of them are affected, it might be all as you assume, but it >> might be none). Unfortunately, for the devices you see this happen, it >> probably means that one of the propriatery files you are copying from >> the device was depending on the old behavior. >> >> On Mon, Oct 14, 2019 at 9:38 PM Joonas Kylmälä <[email protected]> wrote: >>> >>> Hi, >>> >>> we investigated today a system server crash: >>> <http://paste.debian.net/plain/1106710>. It was bisected to commit >>> <https://git.replicant.us/replicant/frameworks_av/commit/?id=19d12edc1aad955ecd2e2b1bc786f1e7acb5fe0c>. >>> If anybody has suggestions how to fix this please let us know! >>> >>> This is causing most likely the audio issues people have reported >>> happening on the dev branch and it causes the boot time to be much much >>> longer and most likely other issues. It is blocking the 0004 we were >>> planning to do this Sunday. >>> >>> Joonas >>> _______________________________________________ >>> Replicant mailing list >>> [email protected] >>> https://lists.osuosl.org/mailman/listinfo/replicant >> > _______________________________________________ > Replicant mailing list > [email protected] > https://lists.osuosl.org/mailman/listinfo/replicant > _______________________________________________ Replicant mailing list [email protected] https://lists.osuosl.org/mailman/listinfo/replicant
