mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-25 15:39:26 -05:00
Many changes
- 17.1: Add Pixel 4/XL - Promote klte to 17.1 - hardenBootArgs: don't run on klte - hardenBootArgs: regorganize - hardenDefconfig: enabler: drop unnecessary options (iommu) - hardenDefconfig: disabler: comment diag options for now - deblobber: comment dirac lines to fix cheeseburger headphone jack - fixup Etar replacement
This commit is contained in:
parent
496fddb303
commit
115dd21832
@ -127,6 +127,11 @@
|
|||||||
<project path="device/google/sargo" name="LineageOS/android_device_google_sargo" remote="github" />
|
<project path="device/google/sargo" name="LineageOS/android_device_google_sargo" remote="github" />
|
||||||
<!-- uses google/msm-4.9 kernel -->
|
<!-- uses google/msm-4.9 kernel -->
|
||||||
|
|
||||||
|
<!-- Google Pixel 4 (coral/flame) -->
|
||||||
|
<project path="device/google/coral" name="LineageOS/android_device_google_coral" remote="github" />
|
||||||
|
<project path="device/google/flame" name="LineageOS/android_device_google_flame" remote="github" />
|
||||||
|
<project path="kernel/google/coral" name="LineageOS/android_kernel_google_coral" remote="github" />
|
||||||
|
|
||||||
<!-- HTC One (m8) -->
|
<!-- HTC One (m8) -->
|
||||||
<project path="device/htc/m8" name="LineageOS/android_device_htc_m8" remote="github" />
|
<project path="device/htc/m8" name="LineageOS/android_device_htc_m8" remote="github" />
|
||||||
<project path="device/htc/m8-common" name="LineageOS/android_device_htc_m8-common" remote="github" />
|
<project path="device/htc/m8-common" name="LineageOS/android_device_htc_m8-common" remote="github" />
|
||||||
@ -233,6 +238,12 @@
|
|||||||
<project path="device/samsung/jf-common" name="LineageOS/android_device_samsung_jf-common" remote="github" />
|
<project path="device/samsung/jf-common" name="LineageOS/android_device_samsung_jf-common" remote="github" />
|
||||||
<project path="kernel/samsung/jf" name="LineageOS/android_kernel_samsung_jf" remote="github" />
|
<project path="kernel/samsung/jf" name="LineageOS/android_kernel_samsung_jf" remote="github" />
|
||||||
|
|
||||||
|
<!-- Samsung Galaxy S5 (klte) -->
|
||||||
|
<project path="device/samsung/klte" name="LineageOS/android_device_samsung_klte" remote="github" />
|
||||||
|
<project path="device/samsung/klte-common" name="LineageOS/android_device_samsung_klte-common" remote="github" />
|
||||||
|
<project path="device/samsung/msm8974-common" name="LineageOS/android_device_samsung_msm8974-common" remote="github" />
|
||||||
|
<project path="kernel/samsung/msm8974" name="LineageOS/android_kernel_samsung_msm8974" remote="github" />
|
||||||
|
|
||||||
<!-- Samsung Galaxy S9 (starlte) -->
|
<!-- Samsung Galaxy S9 (starlte) -->
|
||||||
<project path="device/samsung/starlte" name="LineageOS/android_device_samsung_starlte" remote="github" />
|
<project path="device/samsung/starlte" name="LineageOS/android_device_samsung_starlte" remote="github" />
|
||||||
<project path="device/samsung/universal9810-common" name="LineageOS/android_device_samsung_universal9810-common" remote="github" />
|
<project path="device/samsung/universal9810-common" name="LineageOS/android_device_samsung_universal9810-common" remote="github" />
|
||||||
|
@ -12,7 +12,7 @@ PRODUCT_PACKAGES += \
|
|||||||
|
|
||||||
# Replacements
|
# Replacements
|
||||||
PRODUCT_PACKAGES += \
|
PRODUCT_PACKAGES += \
|
||||||
Etar \
|
EtarPrebuilt \
|
||||||
FennecDOS \
|
FennecDOS \
|
||||||
FairEmail \
|
FairEmail \
|
||||||
OpenCamera \
|
OpenCamera \
|
||||||
|
@ -1 +1 @@
|
|||||||
Subproject commit af6c4916924861c2ea3de7e0fee6e1566e4a108a
|
Subproject commit 61ad2ecdbebd9aa10e8974082fad38edce618227
|
@ -7,11 +7,13 @@ cat "$DOS_SIGNING_KEYS/bonito/verity.x509.pem" >> "kernel/google/bonito/certs/ve
|
|||||||
cat "$DOS_SIGNING_KEYS/bonito/verity.x509.pem" >> "kernel/google/msm-4.9/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/bonito/verity.x509.pem" >> "kernel/google/msm-4.9/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/cheeseburger/verity.x509.pem" >> "kernel/oneplus/msm8998/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/cheeseburger/verity.x509.pem" >> "kernel/oneplus/msm8998/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/cheryl/verity.x509.pem" >> "kernel/razer/msm8998/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/cheryl/verity.x509.pem" >> "kernel/razer/msm8998/certs/verity.x509.pem";
|
||||||
|
cat "$DOS_SIGNING_KEYS/coral/verity.x509.pem" >> "kernel/google/coral/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/crosshatch/verity.x509.pem" >> "kernel/google/crosshatch/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/crosshatch/verity.x509.pem" >> "kernel/google/crosshatch/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/crosshatch/verity.x509.pem" >> "kernel/google/msm-4.9/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/crosshatch/verity.x509.pem" >> "kernel/google/msm-4.9/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/dumpling/verity.x509.pem" >> "kernel/oneplus/msm8998/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/dumpling/verity.x509.pem" >> "kernel/oneplus/msm8998/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/enchilada/verity.x509.pem" >> "kernel/oneplus/sdm845/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/enchilada/verity.x509.pem" >> "kernel/oneplus/sdm845/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/fajita/verity.x509.pem" >> "kernel/oneplus/sdm845/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/fajita/verity.x509.pem" >> "kernel/oneplus/sdm845/certs/verity.x509.pem";
|
||||||
|
cat "$DOS_SIGNING_KEYS/flame/verity.x509.pem" >> "kernel/google/coral/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/guacamoleb/verity.x509.pem" >> "kernel/oneplus/sm8150/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/guacamoleb/verity.x509.pem" >> "kernel/oneplus/sm8150/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/guacamole/verity.x509.pem" >> "kernel/oneplus/sm8150/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/guacamole/verity.x509.pem" >> "kernel/oneplus/sm8150/certs/verity.x509.pem";
|
||||||
cat "$DOS_SIGNING_KEYS/mata/verity.x509.pem" >> "kernel/essential/msm8998/certs/verity.x509.pem";
|
cat "$DOS_SIGNING_KEYS/mata/verity.x509.pem" >> "kernel/essential/msm8998/certs/verity.x509.pem";
|
||||||
@ -30,11 +32,13 @@ cp -v "$DOS_SIGNING_KEYS/bonito/verifiedboot_relkeys.der.x509" "kernel/google/bo
|
|||||||
cp -v "$DOS_SIGNING_KEYS/bonito/verifiedboot_relkeys.der.x509" "kernel/google/msm-4.9/verifiedboot_bonito_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/bonito/verifiedboot_relkeys.der.x509" "kernel/google/msm-4.9/verifiedboot_bonito_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/cheeseburger/verifiedboot_relkeys.der.x509" "kernel/oneplus/msm8998/verifiedboot_cheeseburger_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/cheeseburger/verifiedboot_relkeys.der.x509" "kernel/oneplus/msm8998/verifiedboot_cheeseburger_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/cheryl/verifiedboot_relkeys.der.x509" "kernel/razer/msm8998/verifiedboot_cheryl_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/cheryl/verifiedboot_relkeys.der.x509" "kernel/razer/msm8998/verifiedboot_cheryl_dos_relkeys.der.x509";
|
||||||
|
cp -v "$DOS_SIGNING_KEYS/coral/verifiedboot_relkeys.der.x509" "kernel/google/coral/verifiedboot_coral_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/crosshatch/verifiedboot_relkeys.der.x509" "kernel/google/crosshatch/verifiedboot_crosshatch_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/crosshatch/verifiedboot_relkeys.der.x509" "kernel/google/crosshatch/verifiedboot_crosshatch_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/crosshatch/verifiedboot_relkeys.der.x509" "kernel/google/msm-4.9/verifiedboot_crosshatch_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/crosshatch/verifiedboot_relkeys.der.x509" "kernel/google/msm-4.9/verifiedboot_crosshatch_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/dumpling/verifiedboot_relkeys.der.x509" "kernel/oneplus/msm8998/verifiedboot_dumpling_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/dumpling/verifiedboot_relkeys.der.x509" "kernel/oneplus/msm8998/verifiedboot_dumpling_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/enchilada/verifiedboot_relkeys.der.x509" "kernel/oneplus/sdm845/verifiedboot_enchilada_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/enchilada/verifiedboot_relkeys.der.x509" "kernel/oneplus/sdm845/verifiedboot_enchilada_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/fajita/verifiedboot_relkeys.der.x509" "kernel/oneplus/sdm845/verifiedboot_fajita_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/fajita/verifiedboot_relkeys.der.x509" "kernel/oneplus/sdm845/verifiedboot_fajita_dos_relkeys.der.x509";
|
||||||
|
cp -v "$DOS_SIGNING_KEYS/flame/verifiedboot_relkeys.der.x509" "kernel/google/coral/verifiedboot_flame_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/griffin/verifiedboot_relkeys.der.x509" "kernel/motorola/msm8996/verifiedboot_griffin_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/griffin/verifiedboot_relkeys.der.x509" "kernel/motorola/msm8996/verifiedboot_griffin_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/guacamoleb/verifiedboot_relkeys.der.x509" "kernel/oneplus/sm8150/verifiedboot_guacamoleb_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/guacamoleb/verifiedboot_relkeys.der.x509" "kernel/oneplus/sm8150/verifiedboot_guacamoleb_dos_relkeys.der.x509";
|
||||||
cp -v "$DOS_SIGNING_KEYS/guacamole/verifiedboot_relkeys.der.x509" "kernel/oneplus/sm8150/verifiedboot_guacamole_dos_relkeys.der.x509";
|
cp -v "$DOS_SIGNING_KEYS/guacamole/verifiedboot_relkeys.der.x509" "kernel/oneplus/sm8150/verifiedboot_guacamole_dos_relkeys.der.x509";
|
||||||
|
@ -103,10 +103,10 @@ echo "Deblobbing...";
|
|||||||
ipcSec="4097:4294967295:2002:2950:3009:2901|4097:4294967295:3009";
|
ipcSec="4097:4294967295:2002:2950:3009:2901|4097:4294967295:3009";
|
||||||
|
|
||||||
#Dirac (Audio Codec + Effects) [Dirac]
|
#Dirac (Audio Codec + Effects) [Dirac]
|
||||||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then
|
#if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then
|
||||||
blobs=$blobs"|libDiracAPI_SHARED.so|.*dirac.*";
|
#blobs=$blobs"|libDiracAPI_SHARED.so|.*dirac.*"; #XXX: Breaks headphone jack
|
||||||
blobs=$blobs"|diracmobile.config";
|
#blobs=$blobs"|diracmobile.config";
|
||||||
fi;
|
#fi;
|
||||||
|
|
||||||
#Discretix (DRM/HDCP) [Discretix Technologies]
|
#Discretix (DRM/HDCP) [Discretix Technologies]
|
||||||
blobs=$blobs"|DxDrmServerIpc|discretix";
|
blobs=$blobs"|DxDrmServerIpc|discretix";
|
||||||
|
@ -474,7 +474,9 @@ export -f hardenUserdata;
|
|||||||
|
|
||||||
hardenBootArgs() {
|
hardenBootArgs() {
|
||||||
cd "$DOS_BUILD_BASE$1";
|
cd "$DOS_BUILD_BASE$1";
|
||||||
sed -i 's/BOARD_KERNEL_CMDLINE := /BOARD_KERNEL_CMDLINE := kpti=on pti=on init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 page_poison=1 slab_nomerge slub_debug=FZP lockdown=confidentiality /' BoardConfig*.mk */BoardConfig*.mk &>/dev/null || true;
|
if [[ "$1" != *"device/samsung/klte"* ]] && [[ "$1" != *"device/samsung/msm8974-common"* ]]; then
|
||||||
|
sed -i 's/BOARD_KERNEL_CMDLINE := /BOARD_KERNEL_CMDLINE := page_poison=1 slab_nomerge slub_debug=FZP kpti=on pti=on page_alloc.shuffle=1 init_on_alloc=1 init_on_free=1 lockdown=confidentiality /' BoardConfig*.mk */BoardConfig*.mk &>/dev/null || true;
|
||||||
|
fi;
|
||||||
echo "Hardened kernel command line arguments for $1";
|
echo "Hardened kernel command line arguments for $1";
|
||||||
cd "$DOS_BUILD_BASE";
|
cd "$DOS_BUILD_BASE";
|
||||||
}
|
}
|
||||||
@ -623,7 +625,7 @@ hardenDefconfig() {
|
|||||||
|
|
||||||
#Enable supported options
|
#Enable supported options
|
||||||
#Disabled: DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
|
#Disabled: DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
|
||||||
declare -a optionsYes=("ARM64_PTR_AUTH" "ARM64_SW_TTBR0_PAN" "ARM64_UAO" "ARM_SMMU" "ASYMMETRIC_KEY_TYPE" "ASYMMETRIC_PUBLIC_KEY_SUBTYPE" "BUG" "BUG_ON_DATA_CORRUPTION" "CC_STACKPROTECTOR" "CC_STACKPROTECTOR_STRONG" "CPU_SW_DOMAIN_PAN" "DEBUG_CREDENTIALS" "DEBUG_KERNEL" "DEBUG_LIST" "DEBUG_NOTIFIERS" "DEBUG_RODATA" "DEBUG_SET_MODULE_RONX" "DEBUG_VIRTUAL" "DEBUG_WX" "DM_ANDROID_VERITY" "DM_VERITY" "DM_VERITY_FEC" "EXYNOS_IOMMU" "FORTIFY_SOURCE" "HARDEN_BRANCH_PREDICTOR" "HARDENED_USERCOPY" "HARDEN_EL2_VECTORS" "INIT_ON_ALLOC_DEFAULT_ON" "INIT_ON_FREE_DEFAULT_ON" "INIT_STACK_ALL" "INTEL_IOMMU_DEFAULT_ON" "IOMMU_API" "IOMMU_HELPER" "IOMMU_PGTABLES_L2" "IOMMU_SUPPORT" "IO_STRICT_DEVMEM" "IPV6_PRIVACY" "KAISER" "KGSL_PER_PROCESS_PAGE_TABLE" "LEGACY_VSYSCALL_NONE" "MMC_SECDISCARD" "MSM_IOMMU" "MSM_KGSL_MMU_PAGE_FAULT" "MSM_TZ_SMMU" "MTK_IOMMU" "OF_IOMMU" "OMAP_IOMMU" "PAGE_POISONING" "PAGE_POISONING_NO_SANITY" "PAGE_POISONING_ZERO" "PAGE_TABLE_ISOLATION" "PANIC_ON_OOPS" "PKCS7_MESSAGE_PARSER" "QCOM_IOMMU" "RANDOMIZE_BASE" "RANDOMIZE_MEMORY" "REFCOUNT_FULL" "RETPOLINE" "RODATA_FULL_DEFAULT_ENABLED" "SCHED_STACK_END_CHECK" "SECCOMP" "SECCOMP_FILTER" "SECURITY" "SECURITY_DMESG_RESTRICT" "SECURITY_PERF_EVENTS_RESTRICT" "SECURITY_YAMA" "SECURITY_YAMA_STACKED" "SHUFFLE_PAGE_ALLOCATOR" "SLAB_FREELIST_HARDENED" "SLAB_FREELIST_RANDOM" "SLAB_HARDENED" "SLUB_DEBUG" "SLUB_HARDENED" "STACKPROTECTOR" "STACKPROTECTOR_PER_TASK" "STACKPROTECTOR_STRONG" "STATIC_USERMODEHELPER" "STRICT_DEVMEM" "STRICT_KERNEL_RWX" "STRICT_MEMORY_RWX" "STRICT_MODULE_RWX" "SYN_COOKIES" "SYSTEM_TRUSTED_KEYRING" "TEGRA_IOMMU_GART" "TEGRA_IOMMU_SMMU" "THREAD_INFO_IN_TASK" "UNMAP_KERNEL_AT_EL0" "VMAP_STACK" "X509_CERTIFICATE_PARSER")
|
declare -a optionsYes=("ARM64_PTR_AUTH" "ARM64_SW_TTBR0_PAN" "ARM64_UAO" "ASYMMETRIC_KEY_TYPE" "ASYMMETRIC_PUBLIC_KEY_SUBTYPE" "BUG" "BUG_ON_DATA_CORRUPTION" "CC_STACKPROTECTOR" "CC_STACKPROTECTOR_STRONG" "CPU_SW_DOMAIN_PAN" "DEBUG_CREDENTIALS" "DEBUG_KERNEL" "DEBUG_LIST" "DEBUG_NOTIFIERS" "DEBUG_RODATA" "DEBUG_SET_MODULE_RONX" "DEBUG_VIRTUAL" "DEBUG_WX" "FORTIFY_SOURCE" "HARDEN_BRANCH_PREDICTOR" "HARDENED_USERCOPY" "HARDEN_EL2_VECTORS" "INIT_ON_ALLOC_DEFAULT_ON" "INIT_ON_FREE_DEFAULT_ON" "INIT_STACK_ALL" "IO_STRICT_DEVMEM" "IPV6_PRIVACY" "KAISER" "KGSL_PER_PROCESS_PAGE_TABLE" "LEGACY_VSYSCALL_NONE" "MMC_SECDISCARD" "PAGE_POISONING" "PAGE_POISONING_NO_SANITY" "PAGE_POISONING_ZERO" "PAGE_TABLE_ISOLATION" "PANIC_ON_OOPS" "PKCS7_MESSAGE_PARSER" "RANDOMIZE_BASE" "RANDOMIZE_MEMORY" "REFCOUNT_FULL" "RETPOLINE" "RODATA_FULL_DEFAULT_ENABLED" "SCHED_STACK_END_CHECK" "SECCOMP" "SECCOMP_FILTER" "SECURITY" "SECURITY_DMESG_RESTRICT" "SECURITY_PERF_EVENTS_RESTRICT" "SECURITY_YAMA" "SECURITY_YAMA_STACKED" "SHUFFLE_PAGE_ALLOCATOR" "SLAB_FREELIST_HARDENED" "SLAB_FREELIST_RANDOM" "SLAB_HARDENED" "SLUB_DEBUG" "SLUB_HARDENED" "STACKPROTECTOR" "STACKPROTECTOR_PER_TASK" "STACKPROTECTOR_STRONG" "STATIC_USERMODEHELPER" "STRICT_DEVMEM" "STRICT_KERNEL_RWX" "STRICT_MEMORY_RWX" "STRICT_MODULE_RWX" "SYN_COOKIES" "SYSTEM_TRUSTED_KEYRING" "THREAD_INFO_IN_TASK" "UNMAP_KERNEL_AT_EL0" "VMAP_STACK" "X509_CERTIFICATE_PARSER")
|
||||||
#optionsYes+="GCC_PLUGINS" "GCC_PLUGIN_LATENT_ENTROPY" "GCC_PLUGIN_RANDSTRUCT" "GCC_PLUGIN_STRUCTLEAK" "GCC_PLUGIN_STRUCTLEAK_BYREF_ALL");
|
#optionsYes+="GCC_PLUGINS" "GCC_PLUGIN_LATENT_ENTROPY" "GCC_PLUGIN_RANDSTRUCT" "GCC_PLUGIN_STRUCTLEAK" "GCC_PLUGIN_STRUCTLEAK_BYREF_ALL");
|
||||||
optionsYes+=("PAGE_SANITIZE" "PAGE_SANITIZE_VERIFY" "SLAB_CANARY" "SLAB_SANITIZE" "SLAB_SANITIZE_VERIFY");
|
optionsYes+=("PAGE_SANITIZE" "PAGE_SANITIZE_VERIFY" "SLAB_CANARY" "SLAB_SANITIZE" "SLAB_SANITIZE_VERIFY");
|
||||||
#if [ "$DOS_DEBLOBBER_REPLACE_TIME" = true ]; then optionsYes+=("RTC_DRV_MSM" "RTC_DRV_PM8XXX" "RTC_DRV_MSM7X00A" "RTC_DRV_QPNP"); fi;
|
#if [ "$DOS_DEBLOBBER_REPLACE_TIME" = true ]; then optionsYes+=("RTC_DRV_MSM" "RTC_DRV_PM8XXX" "RTC_DRV_MSM7X00A" "RTC_DRV_QPNP"); fi;
|
||||||
@ -640,9 +642,9 @@ hardenDefconfig() {
|
|||||||
#Disable supported options
|
#Disable supported options
|
||||||
#Disabled: MSM_SMP2P_TEST, MAGIC_SYSRQ (breaks compile on many kernels), KALLSYMS (breaks boot on select devices), IKCONFIG (breaks recovery)
|
#Disabled: MSM_SMP2P_TEST, MAGIC_SYSRQ (breaks compile on many kernels), KALLSYMS (breaks boot on select devices), IKCONFIG (breaks recovery)
|
||||||
declare -a optionsNo=("ACPI_APEI_EINJ" "ACPI_CUSTOM_METHOD" "ACPI_TABLE_UPGRADE" "BINFMT_AOUT" "BINFMT_MISC" "CHECKPOINT_RESTORE" "COMPAT_BRK" "COMPAT_VDSO" "CP_ACCESS64" "DEBUG_KMEMLEAK" "DEVKMEM" "DEVMEM" "DEVPORT" "EARJACK_DEBUGGER" "GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "HARDENED_USERCOPY_FALLBACK" "HIBERNATION" "HWPOISON_INJECT" "IA32_EMULATION" "IOMMU_NON_SECURE" "INPUT_EVBUG" "IP_DCCP" "IP_SCTP" "KEXEC" "KEXEC_FILE" "KSM" "LDISC_AUTOLOAD" "LEGACY_PTYS" "LIVEPATCH" "MEM_SOFT_DIRTY" "MMIOTRACE" "MMIOTRACE_TEST" "MODIFY_LDT_SYSCALL" "MSM_BUSPM_DEV" "NEEDS_SYSCALL_FOR_CMPXCHG" "NOTIFIER_ERROR_INJECTION" "OABI_COMPAT" "PAGE_OWNER" "PROC_KCORE" "PROC_PAGE_MONITOR" "PROC_VMCORE" "RDS" "RDS_TCP" "SECURITY_SELINUX_DISABLE" "SECURITY_WRITABLE_HOOKS" "SLAB_MERGE_DEFAULT" "STACKLEAK_METRICS" "STACKLEAK_RUNTIME_DISABLE" "TIMER_STATS" "TSC" "TSPP2" "UKSM" "UPROBES" "USELIB" "USERFAULTFD" "VIDEO_VIVID" "WLAN_FEATURE_MEMDUMP" "X86_IOPL_IOPERM" "X86_PTDUMP" "X86_VSYSCALL_EMULATION" "ZSMALLOC_STAT");
|
declare -a optionsNo=("ACPI_APEI_EINJ" "ACPI_CUSTOM_METHOD" "ACPI_TABLE_UPGRADE" "BINFMT_AOUT" "BINFMT_MISC" "CHECKPOINT_RESTORE" "COMPAT_BRK" "COMPAT_VDSO" "CP_ACCESS64" "DEBUG_KMEMLEAK" "DEVKMEM" "DEVMEM" "DEVPORT" "EARJACK_DEBUGGER" "GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "HARDENED_USERCOPY_FALLBACK" "HIBERNATION" "HWPOISON_INJECT" "IA32_EMULATION" "IOMMU_NON_SECURE" "INPUT_EVBUG" "IP_DCCP" "IP_SCTP" "KEXEC" "KEXEC_FILE" "KSM" "LDISC_AUTOLOAD" "LEGACY_PTYS" "LIVEPATCH" "MEM_SOFT_DIRTY" "MMIOTRACE" "MMIOTRACE_TEST" "MODIFY_LDT_SYSCALL" "MSM_BUSPM_DEV" "NEEDS_SYSCALL_FOR_CMPXCHG" "NOTIFIER_ERROR_INJECTION" "OABI_COMPAT" "PAGE_OWNER" "PROC_KCORE" "PROC_PAGE_MONITOR" "PROC_VMCORE" "RDS" "RDS_TCP" "SECURITY_SELINUX_DISABLE" "SECURITY_WRITABLE_HOOKS" "SLAB_MERGE_DEFAULT" "STACKLEAK_METRICS" "STACKLEAK_RUNTIME_DISABLE" "TIMER_STATS" "TSC" "TSPP2" "UKSM" "UPROBES" "USELIB" "USERFAULTFD" "VIDEO_VIVID" "WLAN_FEATURE_MEMDUMP" "X86_IOPL_IOPERM" "X86_PTDUMP" "X86_VSYSCALL_EMULATION" "ZSMALLOC_STAT");
|
||||||
if [[ "$1" != *"kernel/htc/msm8994"* ]] && [[ "$1" != *"kernel/samsung/smdk4412"* ]] && [[ "$1" != *"kernel/htc/flounder"* ]] && [[ "$1" != *"kernel/amazon/hdx-common"* ]] && [[ "$1" != *"msm899"* ]] && [[ "$1" != *"sdm8"* ]] && [[ "$1" != *"sdm6"* ]]; then
|
#if [[ "$1" != *"kernel/htc/msm8994"* ]] && [[ "$1" != *"kernel/samsung/smdk4412"* ]] && [[ "$1" != *"kernel/htc/flounder"* ]] && [[ "$1" != *"kernel/amazon/hdx-common"* ]] && [[ "$1" != *"msm899"* ]] && [[ "$1" != *"sdm8"* ]] && [[ "$1" != *"sdm6"* ]]; then
|
||||||
optionsNo+=("DIAG_CHAR" "DIAG_OVER_USB" "USB_QCOM_DIAG_BRIDGE" "DIAGFWD_BRIDGE_CODE" "DIAG_SDIO_PIPE" "DIAG_HSIC_PIPE");
|
#optionsNo+=("DIAG_CHAR" "DIAG_OVER_USB" "USB_QCOM_DIAG_BRIDGE" "DIAGFWD_BRIDGE_CODE" "DIAG_SDIO_PIPE" "DIAG_HSIC_PIPE");
|
||||||
fi;
|
#fi;
|
||||||
if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then optionsNo+=("IPA" "RMNET_IPA"); fi;
|
if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then optionsNo+=("IPA" "RMNET_IPA"); fi;
|
||||||
for option in "${optionsNo[@]}"
|
for option in "${optionsNo[@]}"
|
||||||
do
|
do
|
||||||
|
@ -61,7 +61,6 @@ buildAll() {
|
|||||||
buildDevice hammerhead; #broken sepolicy?
|
buildDevice hammerhead; #broken sepolicy?
|
||||||
#SD801
|
#SD801
|
||||||
buildDevice ham;
|
buildDevice ham;
|
||||||
buildDevice klte;
|
|
||||||
#SD615
|
#SD615
|
||||||
buildDevice kipper;
|
buildDevice kipper;
|
||||||
#SD625
|
#SD625
|
||||||
@ -89,6 +88,7 @@ buildAll() {
|
|||||||
buildDevice d852;
|
buildDevice d852;
|
||||||
buildDevice d855;
|
buildDevice d855;
|
||||||
buildDevice FP2;
|
buildDevice FP2;
|
||||||
|
buildDevice klte;
|
||||||
buildDevice m8;
|
buildDevice m8;
|
||||||
buildDevice victara;
|
buildDevice victara;
|
||||||
#SD805
|
#SD805
|
||||||
|
@ -0,0 +1,142 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
cd "$DOS_BUILD_BASE""kernel/google/coral"
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0008.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0051.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0052.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0053.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0054.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0055.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0056.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0057.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0058.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0059.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0060.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0062.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0063.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0064.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0065.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0066.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0067.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0068.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0069.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0070.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0071.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0072.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0073.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0075.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0076.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0077.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0078.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0079.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0080.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0081.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.14/0082.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3695/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18232/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10323/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20669/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20855/^4.18.7/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-0145/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3874/ANY/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-9444/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10494/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10520/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10555/ANY/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10564/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10585/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10621/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11191/^5.0.7/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12455/^5.1.5/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14034/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14122/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16233/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16234/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16921/^4.17/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18808/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.14/0006.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19054/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19061/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19318/^5.3.11/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.14/0009.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.14/0010.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.14/0011.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19319/4.14/0012.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19448/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19462/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19602/^5.4.2/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19947/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20810/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20908/^5.4/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0404/4.14/0005.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0423/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.14/0008.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.14/0009.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0433/4.14/0010.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.14/0011.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.14/0012.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.14/0013.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.14/0014.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0543/4.14/0015.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-1749/4.14/0005.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-2732/4.14/0007.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3693/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3694/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8992/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10711/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10732/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10757/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10766/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10781/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10942/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11125/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11125/ANY/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11162/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11494/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11565/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11609/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11668/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11669/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12653/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12654/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/4.14/0005.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12657/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12770/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12771/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12826/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-13143/4.14/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-13974/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14314/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14331/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14381/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14390/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15780/^5.7.7/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16166/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24394/^5.7.8/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25212/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25284/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25285/4.14/0004.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25641/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25643/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26088/4.14/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-UNKNOWN/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-UNKNOWN/ANY/0002.patch
|
||||||
|
editKernelLocalversion "-dos.p138"
|
||||||
|
cd "$DOS_BUILD_BASE"
|
@ -0,0 +1,105 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
cd "$DOS_BUILD_BASE""kernel/samsung/msm8974"
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/^3.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/^3.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3227/^3.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3228/^3.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3229/^3.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3231/^3.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8553/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4578/^4.6/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10318/^4.7.4/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.4/0012.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7566/^4.15/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7755/^4.15.7/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0003.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-12233/^4.17.1/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/^5.0.17/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/^5.3.11/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19528/^5.3.7/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19528/^5.3.7/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0431/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10773/ANY/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11565/^5.6.2/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/^5.6.10/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-13974/^5.7.1/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14314/^5.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/^5.7.6/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25643/^5.9/0001.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
|
||||||
|
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/^5.3.11/0001.patch
|
||||||
|
editKernelLocalversion "-dos.p101"
|
||||||
|
cd "$DOS_BUILD_BASE"
|
@ -18,7 +18,7 @@
|
|||||||
#Last verified: 2020-04-14
|
#Last verified: 2020-04-14
|
||||||
|
|
||||||
patchAllKernels() {
|
patchAllKernels() {
|
||||||
startPatcher "kernel_cyanogen_msm8916 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_marlin kernel_google_msm kernel_google_msm-4.9 kernel_google_wahoo kernel_htc_msm8974 kernel_lge_g3 kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8916 kernel_motorola_msm8974 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oneplus_msm8994 kernel_oneplus_msm8996 kernel_oneplus_msm8998 kernel_oneplus_sdm845 kernel_oneplus_sm8150 kernel_oppo_msm8974 kernel_razer_msm8998 kernel_samsung_jf kernel_samsung_universal9810 kernel_xiaomi_sdm845 kernel_yandex_sdm660 kernel_zuk_msm8996";
|
startPatcher "kernel_cyanogen_msm8916 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_coral kernel_google_marlin kernel_google_msm kernel_google_msm-4.9 kernel_google_wahoo kernel_htc_msm8974 kernel_lge_g3 kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8916 kernel_motorola_msm8974 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oneplus_msm8994 kernel_oneplus_msm8996 kernel_oneplus_msm8998 kernel_oneplus_sdm845 kernel_oneplus_sm8150 kernel_oppo_msm8974 kernel_razer_msm8998 kernel_samsung_jf kernel_samsung_msm8974 kernel_samsung_universal9810 kernel_xiaomi_sdm845 kernel_yandex_sdm660 kernel_zuk_msm8996";
|
||||||
}
|
}
|
||||||
export -f patchAllKernels;
|
export -f patchAllKernels;
|
||||||
|
|
||||||
@ -69,6 +69,7 @@ buildAll() {
|
|||||||
buildDevice d852;
|
buildDevice d852;
|
||||||
buildDevice d855;
|
buildDevice d855;
|
||||||
buildDevice FP2;
|
buildDevice FP2;
|
||||||
|
buildDevice klte;
|
||||||
buildDevice m8;
|
buildDevice m8;
|
||||||
buildDevice victara; #error: +out/target/product/victara/recovery.img too large (10522624 > 10485760)
|
buildDevice victara; #error: +out/target/product/victara/recovery.img too large (10522624 > 10485760)
|
||||||
#SD805
|
#SD805
|
||||||
@ -102,6 +103,8 @@ buildAll() {
|
|||||||
#SD855
|
#SD855
|
||||||
buildDevice guacamole avb;
|
buildDevice guacamole avb;
|
||||||
buildDevice guacamoleb avb;
|
buildDevice guacamoleb avb;
|
||||||
|
#buildDevice coral;
|
||||||
|
#buildDevice flame;
|
||||||
#SD660
|
#SD660
|
||||||
buildDevice Amber verity;
|
buildDevice Amber verity;
|
||||||
#SD670
|
#SD670
|
||||||
|
@ -193,7 +193,7 @@ if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYP
|
|||||||
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations
|
||||||
|
|
||||||
enter "vendor/divested";
|
enter "vendor/divested";
|
||||||
awk -i inplace '!/Etar/' packages.mk; #lineage-17.1 calendar is Etar fork
|
awk -i inplace '!/EtarPrebuilt/' packages.mk; #lineage-17.1 calendar is Etar fork
|
||||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi;
|
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi;
|
||||||
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi;
|
if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi;
|
||||||
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #All of our kernels have deny USB patch added
|
echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #All of our kernels have deny USB patch added
|
||||||
@ -264,6 +264,9 @@ enterAndClear "device/oppo/msm8974-common";
|
|||||||
sed -i 's/libinit_msm8974/libinit_msm8974-oppo/' BoardConfigCommon.mk init/Android.bp; #Fix name conflict
|
sed -i 's/libinit_msm8974/libinit_msm8974-oppo/' BoardConfigCommon.mk init/Android.bp; #Fix name conflict
|
||||||
sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
|
sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/
|
||||||
|
|
||||||
|
enterAndClear "device/samsung/msm8974-common";
|
||||||
|
echo "TARGET_RECOVERY_DENSITY := hdpi" >> BoardConfigCommon.mk;
|
||||||
|
|
||||||
enterAndClear "device/zuk/msm8996-common";
|
enterAndClear "device/zuk/msm8996-common";
|
||||||
awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage
|
awk -i inplace '!/WfdCommon/' msm8996.mk; #fix breakage
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user