20.0 June ASB work + churn

QPR3 is delayed a week now Patches pulled from GrapheneOS and checked against CalyxOS Signed-off-by: Tad <tad@spotco.us>
2025-05-02 06:26:20 -04:00 · 2023-06-12 20:21:48 -04:00 · 2023-06-12 20:21:48 -04:00 · 0dde119d7e
commit 0dde119d7e
parent 8c7f3daa00
56 changed files with 8052 additions and 75 deletions
--- a/Scripts/Common/Fix_CVE_Patchers.sh
+++ b/Scripts/Common/Fix_CVE_Patchers.sh
@ -68,7 +68,7 @@ commentPatches android_kernel_htc_msm8974.sh "CVE-2016-8393" "CVE-2022-22058";
 commentPatches android_kernel_htc_msm8994.sh "CVE-2016-8394/ANY/0001.patch" "CVE-2017-13166" "CVE-2018-3585" "CVE-2018-9514";
 commentPatches android_kernel_lge_bullhead.sh "CVE-2014-8559";
 commentPatches android_kernel_lge_msm8992.sh "CVE-2018-5897" "CVE-2018-11266";
-commentPatches android_kernel_lge_msm8996.sh "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2023-31084/^6.4/0001.patch";
+commentPatches android_kernel_lge_msm8996.sh "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch";
 commentPatches android_kernel_moto_shamu.sh "CVE-2014-8559";
 commentPatches android_kernel_motorola_msm8916.sh "0001-LinuxIncrementals/3.10/3.10.0050-0051.patch" "CVE-2014-8559" "CVE-2017-15817" "CVE-2018-9514";
 commentPatches android_kernel_motorola_msm8974.sh "CVE-2016-5696" "CVE-2017-7373" "CVE-2017-17770/3.4/0002.patch" "CVE-2019-11599" "CVE-2022-22058";
@ -94,13 +94,13 @@ commentPatches android_kernel_samsung_tuna.sh "CVE-2012-2127";
 commentPatches android_kernel_samsung_universal8890.sh "0008-Graphene-Kernel_Hardening-ro" "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2022-42896/4.9";
 commentPatches android_kernel_samsung_exynos9810.sh "CVE-2020-1749" "CVE-2019-ctnl-addr-leak" "CVE-2019-18282" "CVE-2019-11599" "CVE-2022-20566" "CVE-2019-16746" "CVE-2021-45469" "CVE-2020-0305";
 commentPatches android_kernel_samsung_universal9810.sh "CVE-2020-1749";
-commentPatches android_kernel_sony_sdm660.sh "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2019-19319" "CVE-2020-0305" "CVE-2020-8992" "CVE-2020-16166" "CVE-2023-31084/^6.4/0001.patch";
+commentPatches android_kernel_sony_sdm660.sh "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2019-19319" "CVE-2020-0305" "CVE-2020-8992" "CVE-2020-16166";
 commentPatches android_kernel_sony_sdm845.sh "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992";
 commentPatches android_kernel_xiaomi_msm8937.sh "CVE-2017-13162" "CVE-2019-14070" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-16166" "CVE-2021-39715/ANY/0001.patch" "CVE-2022-25715";
-commentPatches android_kernel_xiaomi_sdm660.sh "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2023-31084/^6.4/0001.patch";
+commentPatches android_kernel_xiaomi_sdm660.sh "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch";
 commentPatches android_kernel_xiaomi_sm8150.sh "CVE-2020-24588/4.14/0018.patch";
 commentPatches android_kernel_xiaomi_sm8250.sh "CVE-2018-5873" "CVE-2020-1749" "CVE-2021-3444" "CVE-2021-3600" "CVE-2022-22075";
-commentPatches android_kernel_yandex_sdm660.sh "CVE-2019-11599" "CVE-2019-14070/ANY/0005.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992" "CVE-2020-16166" "CVE-2023-31084/^6.4/0001.patch";
+commentPatches android_kernel_yandex_sdm660.sh "CVE-2019-11599" "CVE-2019-14070/ANY/0005.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992" "CVE-2020-16166";
 commentPatches android_kernel_zte_msm8930.sh "CVE-2015-2922" "CVE-2017-11015/prima";
 commentPatches android_kernel_zte_msm8996.sh "0001-LinuxIncrementals/3.18/3.18.0098-0099.patch" "CVE-2017-13162" "CVE-2017-15951" "CVE-2017-16939" "CVE-2018-17972" "CVE-2019-2214" "CVE-2019-14070" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2021-39715/ANY/0001.patch" "CVE-2022-42896/4.9";
 commentPatches android_kernel_zuk_msm8996.sh "0008-Graphene-Kernel_Hardening-slab" "CVE-2019-19319" "CVE-2020-0305" "CVE-2020-1749" "CVE-2020-8992" "CVE-2020-1616";
@ -140,7 +140,7 @@ done
 declare -a fourDotNine=("${fourDotFour[@]}" "android_kernel_fairphone_sdm632.sh" "android_kernel_google_msm-4.9.sh" "android_kernel_oneplus_sdm845.sh" "android_kernel_razer_sdm845.sh" "android_kernel_samsung_exynos9810.sh" "android_kernel_samsung_universal9810.sh" "android_kernel_sony_sdm845.sh" "android_kernel_xiaomi_msm8937.sh" "android_kernel_xiaomi_sdm845.sh");
 for script in "${fourDotNine[@]}"
 do
-	commentPatches $script "CVE-2018-11412/4.14" "CVE-2020-0067/4.14" "CVE-2022-1204/4.14" "CVE-2023-0461/4.14"; #handle 4.14
+	commentPatches $script "CVE-2018-11412/4.14" "CVE-2020-0067/4.14" "CVE-2022-1204/4.14" "CVE-2023-0461/4.14" "CVE-2023-31084/^6.4/0001.patch"; #handle 4.14
 done

 echo -e "\e[0;32m[SCRIPT COMPLETE] Fixed CVE patchers\e[0m";
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_marlin.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_marlin.sh
@ -522,7 +522,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-20941/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0002-ozwpan-Use-unsigned-ints-to-prevent-heap-overflow.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0005-tcp-fix-zero-cwnd-in-tcp_cwnd_reduction.patch
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8996.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8996.sh
@ -535,7 +535,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-20941/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15815/qcacld-2.0/0002.patch --directory=drivers/staging/qcacld-2.0
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8996.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8996.sh
@ -523,7 +523,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-20941/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_zuk_msm8996.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_zuk_msm8996.sh
@ -432,7 +432,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28772/4.4/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0429/4.4/0012.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_essential_msm8998.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_essential_msm8998.sh
@ -209,7 +209,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh
@ -96,7 +96,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sm7225.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sm7225.sh
@ -73,7 +73,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4662/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20148/^5.15/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20571/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0030/^4.20/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0386/^6.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1380/4.19/0003.patch
@ -82,8 +81,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32233/4.19/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.19/0003.patch
-editKernelLocalversion "-dos.p83"
+editKernelLocalversion "-dos.p81"
 else echo "kernel_fairphone_sm7225 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_msm8998.sh
@ -162,7 +162,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
 editKernelLocalversion "-dos.p165"
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_sm6115.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fxtec_sm6115.sh
@ -73,7 +73,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4662/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20148/^5.15/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20571/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0030/^4.20/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0386/^6.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1380/4.19/0003.patch
@ -82,8 +81,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32233/4.19/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.19/0003.patch
-editKernelLocalversion "-dos.p83"
+editKernelLocalversion "-dos.p81"
 else echo "kernel_fxtec_sm6115 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.9.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_msm-4.9.sh
@ -102,7 +102,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_wahoo.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_wahoo.sh
@ -172,7 +172,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh
@ -163,7 +163,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
 editKernelLocalversion "-dos.p166"
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sdm845.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sdm845.sh
@ -96,7 +96,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8250.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8250.sh
@ -71,7 +71,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4662/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20148/^5.15/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20571/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0030/^4.20/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0386/^6.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1380/4.19/0003.patch
@ -80,8 +79,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.19/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32233/4.19/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.19/0003.patch
-editKernelLocalversion "-dos.p81"
+editKernelLocalversion "-dos.p79"
 else echo "kernel_oneplus_sm8250 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8350.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8350.sh
@ -1,7 +1,6 @@
 #!/bin/bash
 if cd "$DOS_BUILD_BASE""kernel/oneplus/sm8350"; then
 git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-misc/ANY/0015.patch
 git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/5.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3695/ANY/0001.patch
@ -25,36 +24,18 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3061/^5.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3108/^5.16/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3903/^6.0/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4662/5.4/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4744/5.4/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39189/5.4/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/5.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-OctWirelessASB/ANY/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0386/^6.2/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1281/^6.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1380/5.4/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1670/5.4/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1855/5.4/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1859/5.4/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1989/5.4/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1990/5.4/0007.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1998/5.4/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2002/3.10-^6.3/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2166/5.4/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2194/5.4/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2248/5.4/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/5.4/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2483/5.4/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/5.4/0007.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-21630/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28466/5.4/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30456/5.4/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/5.4/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32233/5.4/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/5.4/0006.patch
-editKernelLocalversion "-dos.p54"
+editKernelLocalversion "-dos.p35"
 else echo "kernel_oneplus_sm8350 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_msm8998.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_msm8998.sh
@ -162,7 +162,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
 editKernelLocalversion "-dos.p165"
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_sdm845.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_razer_sdm845.sh
@ -96,7 +96,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh
@ -578,7 +578,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28772/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_sony_sdm845.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_sony_sdm845.sh
@ -411,7 +411,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28772/4.9/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh
@ -94,7 +94,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sdm845.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_xiaomi_sdm845.sh
@ -98,7 +98,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
--- a/Scripts/LineageOS-20.0/Patch.sh
+++ b/Scripts/LineageOS-20.0/Patch.sh
@ -97,6 +97,7 @@ applyPatch "$DOS_PATCHES/android_build/0004-Selective_APEX.patch"; #Only enable
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_util.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
 #sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
+sed -i 's/2023-05-05/2023-06-01/' core/version_defaults.mk; #Bump Security String #T_asb_2023-06 #XXX
 fi;

 if enterAndClear "build/soong"; then
@ -122,7 +123,12 @@ sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requ
 fi;
 fi;

+if enterAndClear "frameworks/av"; then
+git am $DOS_PATCHES/android_frameworks_av/ASB-2023-06/*.patch; #T_asb_2023-06
+fi;
+
 if enterAndClear "frameworks/base"; then
+git am $DOS_PATCHES/android_frameworks_base/ASB-2023-06/*.patch; #T_asb_2023-06
 git revert --no-edit d36faad3267522c6d3ff91ba9dcca8f6274bccd1; #Reverts "JobScheduler: Respect allow-in-power-save perm" in favor of below patch
 git revert --no-edit 90d6826548189ca850d91692e71fcc1be426f453; #Reverts "Remove sensitive info from SUPL requests" in favor of below patch
 applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
@ -285,6 +291,8 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa
 fi;

 if enterAndClear "packages/apps/Settings"; then
+git am $DOS_PATCHES/android_packages_apps_Settings/ASB-2023-06/*.patch; #T_asb_2023-06
+git revert --no-edit 41b4ed345a91da1dd46c00ee11a151c2b5ff4f43;
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (CalyxOS)
@ -308,6 +316,10 @@ if enterAndClear "packages/apps/ThemePicker"; then
 git revert --no-edit fcf658d2005dc557a95d5a7fb89cb90d06b31d33; #grant permission by default, to prevent crashes, missing previews, and confusion
 fi;

+if enterAndClear "packages/apps/Traceur"; then
+git am $DOS_PATCHES/android_packages_apps_Traceur/ASB-2023-06/*.patch; #T_asb_2023-06
+fi;
+
 if enterAndClear "packages/apps/Trebuchet"; then
 cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
 fi;
@ -324,6 +336,10 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic
 applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
 fi;

+if enterAndClear "packages/modules/Bluetooth"; then
+git am $DOS_PATCHES/android_packages_modules_Bluetooth/ASB-2023-06/*.patch; #T_asb_2023-06
+fi;
+
 if enterAndClear "packages/modules/Connectivity"; then
 applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-1.patch"; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-2.patch"; #Enforce INTERNET permission per-uid instead of per-appId (GrapheneOS)
@ -349,6 +365,7 @@ applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0006-Location_Indic
 fi;

 if enterAndClear "packages/modules/Wifi"; then
+git am $DOS_PATCHES/android_packages_modules_Wifi/ASB-2023-06/*.patch; #T_asb_2023-06
 applyPatch "$DOS_PATCHES/android_packages_modules_Wifi/344228.patch"; #wifi: resurrect mWifiLinkLayerStatsSupported counter (sassmann)
 applyPatch "$DOS_PATCHES/android_packages_modules_Wifi/0001-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
 fi;
@ -357,6 +374,10 @@ if enterAndClear "packages/providers/DownloadProvider"; then
 applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
 fi;

+if enterAndClear "packages/services/Telecomm"; then
+git am $DOS_PATCHES/android_packages_services_Telecomm/ASB-2023-06/*.patch; #T_asb_2023-06
+fi;
+
 #if enterAndClear "packages/providers/TelephonyProvider"; then
 #cp $DOS_PATCHES_COMMON/android_packages_providers_TelephonyProvider/carrier_list.* assets/latest_carrier_id/;
 #fi;