mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-08-24 05:49:33 -04:00
20.0 June ASB work + churn
QPR3 is delayed a week now Patches pulled from GrapheneOS and checked against CalyxOS Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
8c7f3daa00
commit
0dde119d7e
56 changed files with 8052 additions and 75 deletions
|
|
@ -209,7 +209,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
|
||||
|
|
|
|||
|
|
@ -73,7 +73,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4662/4.19/0004.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20148/^5.15/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20571/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0030/^4.20/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0386/^6.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1380/4.19/0003.patch
|
||||
|
|
@ -82,8 +81,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.19/0003.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32233/4.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.19/0003.patch
|
||||
editKernelLocalversion "-dos.p83"
|
||||
editKernelLocalversion "-dos.p81"
|
||||
else echo "kernel_fairphone_sm7225 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
|
||||
editKernelLocalversion "-dos.p165"
|
||||
|
|
|
|||
|
|
@ -73,7 +73,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4662/4.19/0004.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20148/^5.15/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20571/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0030/^4.20/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0386/^6.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1380/4.19/0003.patch
|
||||
|
|
@ -82,8 +81,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.19/0003.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32233/4.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.19/0003.patch
|
||||
editKernelLocalversion "-dos.p83"
|
||||
editKernelLocalversion "-dos.p81"
|
||||
else echo "kernel_fxtec_sm6115 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
|
||||
|
|
|
|||
|
|
@ -172,7 +172,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
|
||||
editKernelLocalversion "-dos.p166"
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
|
||||
|
|
|
|||
|
|
@ -71,7 +71,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4662/4.19/0004.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20148/^5.15/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20571/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/4.19/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0030/^4.20/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0386/^6.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1380/4.19/0003.patch
|
||||
|
|
@ -80,8 +79,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.19/0003.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32233/4.19/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.19/0003.patch
|
||||
editKernelLocalversion "-dos.p81"
|
||||
editKernelLocalversion "-dos.p79"
|
||||
else echo "kernel_oneplus_sm8250 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
#!/bin/bash
|
||||
if cd "$DOS_BUILD_BASE""kernel/oneplus/sm8350"; then
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-misc/ANY/0015.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/5.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3695/ANY/0001.patch
|
||||
|
|
@ -25,36 +24,18 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3061/^5.18/0001.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3108/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-3903/^6.0/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4662/5.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-4744/5.4/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-27950/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-39189/5.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-42703/5.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-OctWirelessASB/ANY/0009.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-0386/^6.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1281/^6.2/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1380/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1670/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1855/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1859/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1989/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1990/5.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-1998/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2002/3.10-^6.3/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2166/5.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2194/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2248/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2483/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/5.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-21630/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23000/^5.16/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28466/5.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30456/5.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/5.4/0006.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32233/5.4/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/5.4/0006.patch
|
||||
editKernelLocalversion "-dos.p54"
|
||||
editKernelLocalversion "-dos.p35"
|
||||
else echo "kernel_oneplus_sm8350 is unavailable, not patching.";
|
||||
fi;
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-26545/4.4/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.4/0008.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/^6.4/0001.patch
|
||||
editKernelLocalversion "-dos.p165"
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
|
||||
|
|
|
|||
|
|
@ -578,7 +578,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.9/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28772/4.9/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.patch
|
||||
|
|
|
|||
|
|
@ -411,7 +411,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28328/4.9/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-28772/4.9/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2269/4.14/0002.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-2985/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-30772/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31084/^6.4/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-34256/4.14/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-fortify/4.9/0003.patch
|
||||
|
|
|
|||
|
|
@ -97,6 +97,7 @@ applyPatch "$DOS_PATCHES/android_build/0004-Selective_APEX.patch"; #Only enable
|
|||
sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
|
||||
sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_util.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
|
||||
#sed -i 's/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := true/PRODUCT_OTA_ENFORCE_VINTF_KERNEL_REQUIREMENTS := false/' core/product_config.mk; #broken by hardenDefconfig
|
||||
sed -i 's/2023-05-05/2023-06-01/' core/version_defaults.mk; #Bump Security String #T_asb_2023-06 #XXX
|
||||
fi;
|
||||
|
||||
if enterAndClear "build/soong"; then
|
||||
|
|
@ -122,7 +123,12 @@ sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requ
|
|||
fi;
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/av"; then
|
||||
git am $DOS_PATCHES/android_frameworks_av/ASB-2023-06/*.patch; #T_asb_2023-06
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/base"; then
|
||||
git am $DOS_PATCHES/android_frameworks_base/ASB-2023-06/*.patch; #T_asb_2023-06
|
||||
git revert --no-edit d36faad3267522c6d3ff91ba9dcca8f6274bccd1; #Reverts "JobScheduler: Respect allow-in-power-save perm" in favor of below patch
|
||||
git revert --no-edit 90d6826548189ca850d91692e71fcc1be426f453; #Reverts "Remove sensitive info from SUPL requests" in favor of below patch
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
|
||||
|
|
@ -285,6 +291,8 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa
|
|||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
git am $DOS_PATCHES/android_packages_apps_Settings/ASB-2023-06/*.patch; #T_asb_2023-06
|
||||
git revert --no-edit 41b4ed345a91da1dd46c00ee11a151c2b5ff4f43;
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (heavily based off of a CalyxOS patch)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0005-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0006-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (CalyxOS)
|
||||
|
|
@ -308,6 +316,10 @@ if enterAndClear "packages/apps/ThemePicker"; then
|
|||
git revert --no-edit fcf658d2005dc557a95d5a7fb89cb90d06b31d33; #grant permission by default, to prevent crashes, missing previews, and confusion
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Traceur"; then
|
||||
git am $DOS_PATCHES/android_packages_apps_Traceur/ASB-2023-06/*.patch; #T_asb_2023-06
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Trebuchet"; then
|
||||
cp $DOS_BUILD_BASE/vendor/divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_*.xml res/xml/; #XXX: Likely no longer needed
|
||||
fi;
|
||||
|
|
@ -324,6 +336,10 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic
|
|||
applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/modules/Bluetooth"; then
|
||||
git am $DOS_PATCHES/android_packages_modules_Bluetooth/ASB-2023-06/*.patch; #T_asb_2023-06
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/modules/Connectivity"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-1.patch"; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Connectivity/0001-Network_Permission-2.patch"; #Enforce INTERNET permission per-uid instead of per-appId (GrapheneOS)
|
||||
|
|
@ -349,6 +365,7 @@ applyPatch "$DOS_PATCHES/android_packages_modules_Permission/0006-Location_Indic
|
|||
fi;
|
||||
|
||||
if enterAndClear "packages/modules/Wifi"; then
|
||||
git am $DOS_PATCHES/android_packages_modules_Wifi/ASB-2023-06/*.patch; #T_asb_2023-06
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Wifi/344228.patch"; #wifi: resurrect mWifiLinkLayerStatsSupported counter (sassmann)
|
||||
applyPatch "$DOS_PATCHES/android_packages_modules_Wifi/0001-Random_MAC.patch"; #Add support for always generating new random MAC (GrapheneOS)
|
||||
fi;
|
||||
|
|
@ -357,6 +374,10 @@ if enterAndClear "packages/providers/DownloadProvider"; then
|
|||
applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/services/Telecomm"; then
|
||||
git am $DOS_PATCHES/android_packages_services_Telecomm/ASB-2023-06/*.patch; #T_asb_2023-06
|
||||
fi;
|
||||
|
||||
#if enterAndClear "packages/providers/TelephonyProvider"; then
|
||||
#cp $DOS_PATCHES_COMMON/android_packages_providers_TelephonyProvider/carrier_list.* assets/latest_carrier_id/;
|
||||
#fi;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue