From 61129e8ec78e5424fdc17e1bcea4f0a090020e60 Mon Sep 17 00:00:00 2001 From: Andrew Gunnerson Date: Thu, 28 Sep 2023 21:53:15 -0400 Subject: [PATCH] Version 2.1.1 Signed-off-by: Andrew Gunnerson --- CHANGELOG.md | 6 +++++- Cargo.lock | 8 ++++---- Cargo.toml | 2 +- README.md | 4 ++-- modules/clearotacerts/module.prop | 4 ++-- modules/oemunlockonboot/module.prop | 4 ++-- 6 files changed, 16 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2153c3d..1ae1c57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,11 @@ to update the actual links at the bottom of the file. --> -### Unreleased +### Version 2.1.1 + +This release is all about hardening avbroot against untrusted (or corrupted) inputs. While all of avbroot's parsers are memory-safe, it's still possible for crashes to occur due to logic issues like allocating too much memory or dividing by zero. With this release, most of these potential issues have been fixed and fuzz tests have been added to help find more of these situations. + +On the filesystem side of things, it is no longer possible for a nefarious program to cause avbroot to write to unintended locations by eg. swapping out an output directory or temp directory with a symlink while it is running. Behind-the-scenes changes: diff --git a/Cargo.lock b/Cargo.lock index f205c98..7b3fb3f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -121,7 +121,7 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "avbroot" -version = "2.1.0" +version = "2.1.1" dependencies = [ "anyhow", "assert_matches", @@ -575,7 +575,7 @@ dependencies = [ [[package]] name = "e2e" -version = "2.1.0" +version = "2.1.1" dependencies = [ "anyhow", "attohttpc", @@ -694,7 +694,7 @@ dependencies = [ [[package]] name = "fuzz" -version = "2.1.0" +version = "2.1.1" dependencies = [ "avbroot", "honggfuzz", @@ -2025,7 +2025,7 @@ dependencies = [ [[package]] name = "xtask" -version = "2.1.0" +version = "2.1.1" dependencies = [ "anyhow", "clap", diff --git a/Cargo.toml b/Cargo.toml index 2e1f300..014dcc6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,7 +4,7 @@ members = ["avbroot", "e2e", "fuzz", "xtask"] resolver = "2" [workspace.package] -version = "2.1.0" +version = "2.1.1" license = "GPL-3.0-only" edition = "2021" repository = "https://github.com/chenxiaolong/avbroot" diff --git a/README.md b/README.md index 6acb770..e4662ac 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ The boot-related components are signed with an AVB key and OTA-related component The commands above are provided for convenience. avbroot is compatible with any standard PKCS8-encoded 4096-bit RSA private key and X509 certificate (eg. like those generated by openssl). -If you lose your AVB or OTA signing key you will no longer be able to sign new OTA zips. You will have to generate new signing keys and unlock your bootloader again (including a data wipe). Follow the [Usage section](#usage) as if doing an initial setup. +If you lose your AVB or OTA signing key, you will no longer be able to sign new OTA zips. You will have to generate new signing keys and unlock your bootloader again (including a data wipe). Follow the [Usage section](#usage) as if doing an initial setup. ## Usage @@ -155,7 +155,7 @@ Unpatched OTA updates are already blocked in recovery because the original OTA c The `clearotacerts` module additionally makes A/B OTAs fail while booted into Android to prevent accidental manual updates. The module simply overrides `/system/etc/security/otacerts.zip` at runtime with an empty zip so that even if an OTA is downloaded, signature verification will fail. -At least in CalyxOS the Updater app does not respect the `Automatic system updates` setting and may enter an infinite loop downloading the OTA update and restarting the download when signature verification fails. If this happens on your ROM, you can try to either remove network access from the Updater app or disable the Updater app altogether (if your ROM allows you to do so). In CalyxOS it is possible to go to `Settings > Apps > See all apps`, open the three-dot menu, `Show system`, then find the `System updater` app and disable it. +At least in CalyxOS, the Updater app does not respect the `Automatic system updates` setting and may enter an infinite loop downloading the OTA update and restarting the download when signature verification fails. If this happens on your ROM, you can try to either remove network access from the Updater app or disable the Updater app altogether (if your ROM allows you to do so). In CalyxOS, it is possible to go to `Settings > Apps > See all apps`, open the three-dot menu, `Show system`, then find the `System updater` app and disable it. Alternatively, see [Custota](https://github.com/chenxiaolong/Custota) for a custom OTA updater app that pulls from a self-hosted OTA server. diff --git a/modules/clearotacerts/module.prop b/modules/clearotacerts/module.prop index 027bd3c..cfac714 100644 --- a/modules/clearotacerts/module.prop +++ b/modules/clearotacerts/module.prop @@ -1,6 +1,6 @@ id=com.chiller3.avbroot.clearotacerts name=clearotacerts -version=v2.1.0 -versionCode=131328 +version=v2.1.1 +versionCode=131329 author=chenxiaolong description=Block A/B OTAs by clearing verification certificates diff --git a/modules/oemunlockonboot/module.prop b/modules/oemunlockonboot/module.prop index 249ea7b..59c1d13 100644 --- a/modules/oemunlockonboot/module.prop +++ b/modules/oemunlockonboot/module.prop @@ -1,6 +1,6 @@ id=com.chiller3.avbroot.oemunlockonboot name=oemunlockonboot -version=v2.1.0 -versionCode=131328 +version=v2.1.1 +versionCode=131329 author=chenxiaolong description=Enable OEM unlocking on every boot