[ROM] [9] GlassROM

[anupritaisno1]

Updated:
Security changes from march ASB:
Implemented:
============
CVE: References: Type: Severity: Updated AOSP versions:
CVE-2018-9561 A-111660010 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2018-9563 A-114237888 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2018-9564 A-114238578 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2018-20346 A-121156452 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-1989 A-118399205 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-1990 A-118453553 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2003 A-116321860 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2004 A-115739809 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2005 A-68777217 EoP Moderate 8.0, 8.1, 9
CVE-2019-2007 A-120789744 EoP High 8.1, 9
CVE-2019-2008 A-122309228 EoP High 8.0, 8.1, 9
CVE-2019-2009 A-120665616 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2010 A-118152591 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2011 A-120084106 EoP High 8.0, 8.1, 9
CVE-2019-2012 A-120497437 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2013 A-120497583 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2014 A-120499324 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2015 A-120503926 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2016 A-120664978 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2017 A-121035711 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2018 A-110172241 EoP High 8.1, 9
CVE-2019-2019 A-115635871 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2020 A-116788646 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2021 A-120428041 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2022 A-120506143 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2023 A-121035042 EoP High 8.0, 8.1, 9

Not Implemented:
================
None

Not Applicable (platform source):
===============
CVE: References: Type: Severity: Updated AOSP versions:
CVE-2019-1985 A-118694079 EoP High 7.0, 7.1.1, 7.1.2, 8.0
CVE-2019-2006 A-116665972 EoP High 9
https://github.com/GlassROM/android_build/commit/822c751d90c9a796b882ee191be3c8000e1f3aff

Kernel CVEs:
Fixed:
CVE-2018-10883 https://github.com/GlassROM-devices...mmit/e703c792f33381f45ea892d2b67f03c2053c8998

Does not apply:
CVE-2019-2024

Not fixed:
CVE-2019-2025 (reason: additional backports are required but I was unable to backport the changes. This will likely remain vulnerable. I'm sorry about that)

February ASB changes:
Implemented:
============
CVE: References: Type: Severity: Updated AOSP versions:
CVE-2019-1987 A-118143775 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-1988 A-118372692 RCE Critical 8.0, 8.1, 9
CVE-2019-1991 A-110166268 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-1992 A-116222069 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-1993 A-119819889 EoP High 8.0, 8.1, 9
CVE-2019-1994 A-117770924 EoP High 8.0, 8.1, 9
CVE-2019-1995 A-32589229 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-1996 A-111451066 ID High 8.0, 8.1, 9
CVE-2019-1997 A-117508900 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

Not Implemented:
================
None

Not Applicable (platform source):
===============
CVE: References: Type: Severity: Updated AOSP versions:
CVE-2017-17760 A-78029030 RCE High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 (opencv 3.3.1)
CVE-2017-18009 A-78026242 ID Moderate 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 (opencv 3.3.1)
CVE-2018-5268 A-78029634 RCE High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 (opencv 3.3.1)
CVE-2018-5269 A-78029727 RCE High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 (opencv 3.3.1)
CVE-2019-1986 A-117838472 RCE Critical 9
CVE-2019-1998 A-116055338 DoS High 9
https://github.com/GlassROM/android_build/commit/d699eb9b2d47c1efafadc8dd8eabc2407024635c

Kernel CVEs:
Fixed:
CVE-2018-10879 https://github.com/GlassROM-devices...mmit/f679215a584e3806f1b4112e8e53343cf609f903
CVE-2019-1999 https://github.com/GlassROM-devices...mmit/79cbb3a975f7298c058416b5253c73fd0761533f
CVE-2019-2000 https://github.com/GlassROM-devices...mmit/79cbb3a975f7298c058416b5253c73fd0761533f
CVE-2019-2001 https://github.com/GlassROM-devices...mmit/65faf578870865a9944b7005c1f35b1a062a724f

Does not apply:
None

Not fixed:
None

The following critical CVEs not present in the ASB were fixed: CVE-2019-8912 https://github.com/GlassROM-devices...mmit/1ae29b00bcdea59de6a4fb10dcf4a8919be38881
Additional details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8912
https://security-tracker.debian.org/tracker/CVE-2019-8912
https://cloudlinux.com/cloudlinux-os-blog/entry/cve

Many CVEs not present in the ASB were also fixed. Please refer to github for details

Fixed a terrible bug that caused volume buttons and alert slider to not work
Fixed a bug where using lockscreen gestures would lead to a system UI crash
Fixed a bug where playing music would randomly make the device soft reboot
Fixed a bug where device would randomly reboot to rescue party
Encryption now formats data instead of using in-place encryption. This fixes a bug where device would not boot if the correct space for encryption (16384 bytes) was not reserved at the end of the data partition
Dm-verity is now enforced. Tick mount system partition read-only in TWRP before flashing or use a dm-verity disabler

Verifying builds: https://github.com/GlassROM/glassrom-verification/commit/d18c5f409557674d8a102d13bb5f0e612a2b5f42

 

[anupritaisno1]

An update:

It seems only SuperSU can disable dm-verity correctly. If you're facing bootloops on the oneplus logo this is due to dm-verity. I understand that not everyone would want to flash SuperSU so I have put a boot.img on https://glassrom.pw

Flash this boot.img using TWRP to the boot partition. This will disable verity and get rid of the bootloops

This is obviously a bug with the disabler tool. I've contacted the developers who make these for a fix

 

[ΦDroid]

An update:

It seems only SuperSU can disable dm-verity correctly. If you're facing bootloops on the oneplus logo this is due to dm-verity. I understand that not everyone would want to flash SuperSU so I have put a boot.img on https://glassrom.pw

Flash this boot.img using TWRP to the boot partition. This will disable verity and get rid of the bootloops

This is obviously a bug with the disabler tool. I've contacted the developers who make these for a fix

Magisk did work for me.

 

[anupritaisno1]

Updated:
Changes:
Implemented:
============
CVE: References: Type: Severity: Updated AOSP versions:
CVE-2019-2027 A-119120561 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2028 A-120644655 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2029 A-120612744 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2031 A-120502559 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2032 A-121145627 EoP High 8.0, 8.1, 9
CVE-2019-2034 A-122035770 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2035 A-122320256 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2037 A-119870451 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2038 A-121259048 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2039 A-121260197 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

Not Implemented:
================
None

Not Applicable (platform source):
===============
CVE: References: Type: Severity: Updated AOSP versions:
CVE-2019-2026 A-120866126 EoP High 8.0
CVE-2019-2030 A-119496789 EoP High 9
CVE-2019-2033 A-121327565 EoP High 9
CVE-2019-2040 A-122316913 ID High 9
CVE-2019-2041 A-122034690 EoP High 8.1, 9 (device-specific)

The ASB did not mention any kernel CVEs

CVE-2019-2041 affects NFC. Op2 does not use NFC and is unaffected by this vulnerability

This update just adds additional security patches and includes upstream lineage sources

Verifying builds: https://github.com/GlassROM/glassrom-verification/commit/86ae5a24579b91488f8bc2cd190877b45562ca7b

 

[abhijiths362]

Updated:
Changes:
Implemented:
============
CVE: References: Type: Severity: Updated AOSP versions:
CVE-2019-2027 A-119120561 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2028 A-120644655 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2029 A-120612744 RCE Critical 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2031 A-120502559 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2032 A-121145627 EoP High 8.0, 8.1, 9
CVE-2019-2034 A-122035770 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2035 A-122320256 EoP High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2037 A-119870451 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2038 A-121259048 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9
CVE-2019-2039 A-121260197 ID High 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9

Not Implemented:
================
None

Not Applicable (platform source):
===============
CVE: References: Type: Severity: Updated AOSP versions:
CVE-2019-2026 A-120866126 EoP High 8.0
CVE-2019-2030 A-119496789 EoP High 9
CVE-2019-2033 A-121327565 EoP High 9
CVE-2019-2040 A-122316913 ID High 9
CVE-2019-2041 A-122034690 EoP High 8.1, 9 (device-specific)

The ASB did not mention any kernel CVEs

CVE-2019-2041 affects NFC. Op2 does not use NFC and is unaffected by this vulnerability

This update just adds additional security patches and includes upstream lineage sources

Verifying builds: https://github.com/GlassROM/glassrom-verification/commit/86ae5a24579b91488f8bc2cd190877b45562ca7b

Bro i am begging plz do sth to bring glassrom to pie. It was a good rom and i can't help to stay silent. plz,plz,plz....

 

[anupritaisno1]

Bro i am begging plz do sth to bring glassrom to pie. It was a good rom and i can't help to stay silent. plz,plz,plz....

GlassROM's charter was updated and all devices that used the legacy selinux policy were banned from shipping P. Sadly op2 is one of these devices and the only one who can fix this issue is oneplus. P will never arrive on the op2.

Another thing is that P only looks stable on the outside. If you were to see logs you'd see that so much is crashing every second. Something like this is definitely not something that can be shipped in a glassrom release

 

[anupritaisno1]

We have a CDN now

To avoid spamming the forum with duplicate posts please read the announcement on the op3 thread

https://forum.xda-developers.com/showpost.php?p=79330556&postcount=85

 

[rituj_b]

We have a CDN now

To avoid spamming the forum with duplicate posts please read the announcement on the op3 thread

https://forum.xda-developers.com/showpost.php?p=79330556&postcount=85

I'm confused after reading the first post. I'm just a regular guy who wants to flash this ROM coming from another custom ROM and have TWRP installed.
Ofcourse I'll do a factory reset(wipe data without media and all caches) because I'm coming from another ROM.
But can't I just flash this using TWRP (then gapps if I want them) and boot into it. This all seems unnecessarily complex.
Tell me if this procedure would work:
1) Boot into TWRP
2) Wipe data without internal storage and system and cache partitions.
3) Flash this rom.zip
4) Flash Gapps_nano.zip
5) Flash Magisk.zip
6) Reboot

??

Edit: This ROM won't delete my internal storage data, right?
The first post is pretty confusing.

 

[anupritaisno1]

I'm confused after reading the first post. I'm just a regular guy who wants to flash this ROM coming from another custom ROM and have TWRP installed.
Ofcourse I'll do a factory reset(wipe data without media and all caches) because I'm coming from another ROM.
But can't I just flash this using TWRP (then gapps if I want them) and boot into it. This all seems unnecessarily complex.
Tell me if this procedure would work:
1) Boot into TWRP
2) Wipe data without internal storage and system and cache partitions.
3) Flash this rom.zip
4) Flash Gapps_nano.zip
5) Flash Magisk.zip
6) Reboot

??

Edit: This ROM won't delete my internal storage data, right?
The first post is pretty confusing.

I have some huge changes in flashing for the next release so I'll be updating the flashing instructions very soon. They should be a lot less confusing

 

[anupritaisno1]

Here is glassrom's official response to the new WhatsApp vulnerability

https://forum.xda-developers.com/showpost.php?p=79538598&postcount=122

 

[anupritaisno1]

I'm sorry guys but my op2 is dead. All glassrom development will have to be stopped. Further many op2 testers have left and only a few remain

Moderators please close this thread

 

[jerryhou85]

As mentioned above by OP. This thread is closed.

 

[Oswald Boelcke]

Thread re-opened on OP's request.

 

[anupritaisno1]

Guys after almost 4 months I managed to get a P build to work fine

Lots of hacks here and there. The only thing I've fully pushed is the kernel source. I won't be pushing any of my hacks that I did in the ROM since I don't want someone to reuse them

I'll upload the build to the server very soon

Also I somehow managed to upgrade the security patch date from 5 December 2018 to 1 January 2019

This will be the very last build from me. My op2 doesn't even boot now

 

[anupritaisno1]

Download: https://glassrom.pw/glassrom-release.zip
Verification: https://github.com/GlassROM/glassrom-verification/commit/5d9608dbdc359d3075af379cdb8e7f9d66d129d6

Changelog:
Upgraded to P
Updated security patch date to 1 January 2019
And nothing else

Most of the changes that happened on op3 (like storage defragmentation) were simply picked onto op2. Please read op3 changelogs

If you flash this directly on top of 8.1 you might have a black screen after entering your decryption password. This is expected and you should just wait for it to finish upgrading your data from 8.1 to 9. Once the upgrade is complete the bootanimation will appear again

There is no need to clean flash if you're already on glassrom. Just flash it and boot

Warning: v4a might not be able to process any app that directly sends it's output to the hardware. Very few apps do this

Moderators please close the thread again

 

[Oswald Boelcke]

...Moderators please close the thread again

THREAD CLOSED!