DivestOS/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_xiaomi_sdm660.sh

#!/bin/bash
cd "$DOS_BUILD_BASE""kernel/xiaomi/sdm660"
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10153/4.9/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9059/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9211/4.9/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0019.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17052/4.9/0003.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.7/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/4.4/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0005.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16597/4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14763/^4.16.4/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0935/4.9/0006.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20292/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-42739/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-44879/^5.16/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-0487/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-24958/^5.16/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25258/4.9/0004.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25375/4.9/0004.patch
editKernelLocalversion "-dos.p47"
cd "$DOS_BUILD_BASE"
18.1: Device additions h910 lavender pioneer, voyager, discovery akari, aurora, xz2c Signed-off-by: Tad <tad@spotco.us> 2022-01-06 20:29:27 +00:00			`#!/bin/bash`
			`cd "$DOS_BUILD_BASE""kernel/xiaomi/sdm660"`
			`git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch`
			`#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0003.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch`
Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us> 2022-02-22 18:01:58 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10153/4.9/0002.patch`
18.1: Device additions h910 lavender pioneer, voyager, discovery akari, aurora, xz2c Signed-off-by: Tad <tad@spotco.us> 2022-01-06 20:29:27 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch`
Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us> 2022-02-22 18:01:58 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9059/4.9/0004.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9211/4.9/0003.patch`
18.1: Device additions h910 lavender pioneer, voyager, discovery akari, aurora, xz2c Signed-off-by: Tad <tad@spotco.us> 2022-01-06 20:29:27 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/4.4/0019.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch`
Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us> 2022-02-22 18:01:58 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17052/4.9/0003.patch`
18.1: Device additions h910 lavender pioneer, voyager, discovery akari, aurora, xz2c Signed-off-by: Tad <tad@spotco.us> 2022-01-06 20:29:27 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18174/^4.7/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18204/4.4/0004.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0002.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0005.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16597/4.4/0002.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14763/^4.16.4/0001.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch`
Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us> 2022-02-22 18:01:58 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/4.9/0004.patch`
18.1: Device additions h910 lavender pioneer, voyager, discovery akari, aurora, xz2c Signed-off-by: Tad <tad@spotco.us> 2022-01-06 20:29:27 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch`
Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us> 2022-02-22 18:01:58 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0935/4.9/0006.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20292/4.9/0004.patch`
			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-42739/4.9/0004.patch`
Update CVE patchers Signed-off-by: Tad <tad@spotco.us> 2022-02-20 03:28:35 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-44879/^5.16/0001.patch`
Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us> 2022-02-22 18:01:58 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-0487/4.9/0004.patch`
Update CVE patchers Signed-off-by: Tad <tad@spotco.us> 2022-02-12 11:11:55 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-24958/^5.16/0001.patch`
Initial loose versioning work for 4.9 This applies 4.9 patches to 4.4 and 3.18 now that 4.4 is EOL Untested, but looks mild Signed-off-by: Tad <tad@spotco.us> 2022-02-22 18:01:58 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25258/4.9/0004.patch`
Update CVE patchers Signed-off-by: Tad <tad@spotco.us> 2022-03-03 03:12:42 +00:00			`git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-25375/4.9/0004.patch`
Update CVE patchers [the big fixup] This removes many duplicately or wrongly applied patches. Correctly removed: - CVE-2011-4132 can apply infinitely - CVE-2013-2891 can apply infinitely - CVE-2014-9781 can apply once to fb_cmap_to_user correctly and incorrectly to fb_copy_cmap - CVE-2015-0571 can apply incorrectly and was disabled in patch repo as a result - CVE-2016-2475 can apply infinitely - CVE-2017-0627 can apply infinitely - CVE-2017-0750 can apply infinitely - CVE-2017-14875 can apply infinitely - CVE-2017-14883 can apply infinitely - CVE-2020-11146 can apply infinitely - CVE-2020-11608 can apply infinitely - CVE-2021-42008 can apply infinitely Questionable (might actually be beneficial to "incorrectly" apply again): - CVE-2012-6544 can apply once to hci_sock_getsockopt correctly and incorrectly to hci_sock_setsockopt - CVE-2013-2898 can apply once to sensor_hub_get_feature correctly and incorrectly to sensor_hub_set_feature - CVE-2015-8575 can apply once to sco_sock_bind correctly and incorrectly to sco_sock_connect - CVE-2017-8281 can apply once to diagchar_ioctl correctly and incorrectly to diagchar_compat_ioctl - CVE-2019-10622 can apply once to qdsp_cvp_callback correctly and incorrectly to qdsp_cvs_callback - CVE-2019-14104 can apply once to cam_context_handle_start/stop_dev and incorrectly to cam_context_handle_crm_process_evt and cam_context_handle_flush_dev Other notes: - CVE-2016-6693 can be applied again if it was already applied in combination with CVE-2016-6696 then the dupe check will fail and mark CVE-2016-6696 as already applied, effectively reverting it. This was seemingly fixed with a hand merged patch in patch repo. Wrongly removed: - CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru - CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops - CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames Signed-off-by: Tad <tad@spotco.us> 2022-03-04 01:43:00 +00:00			`editKernelLocalversion "-dos.p47"`
18.1: Device additions h910 lavender pioneer, voyager, discovery akari, aurora, xz2c Signed-off-by: Tad <tad@spotco.us> 2022-01-06 20:29:27 +00:00			`cd "$DOS_BUILD_BASE"`