18.1: switch to latest hardened_malloc revision

+ other fixes Signed-off-by: Tavi <tavi@divested.dev>
2025-05-06 08:24:57 -04:00 · 2024-05-06 14:54:08 -04:00 · 2024-05-06 14:54:08 -04:00 · 11b5815f14
commit 11b5815f14
parent 2c90c48637
14 changed files with 155 additions and 13 deletions
--- a/Scripts/Common/Fix_CVE_Patchers.sh
+++ b/Scripts/Common/Fix_CVE_Patchers.sh
@ -133,7 +133,7 @@ done
 declare -a threeDotEighteen=("${threeDotTen[@]}" "android_kernel_samsung_universal8890.sh" "android_kernel_google_dragon.sh" "android_kernel_zte_msm8996.sh" "android_kernel_asus_msm8953.sh" "android_kernel_google_marlin.sh" "android_kernel_motorola_msm8996.sh" "android_kernel_oneplus_msm8996.sh");
 for script in "${threeDotEighteen[@]}"
 do
-	commentPatches $script "0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch" "CVE-2018-16597/4.4" "CVE-2019-19319/4.4" "CVE-2020-0305/4.4" "CVE-2020-0429/4.4" "CVE-2020-8992/4.4" "CVE-2021-1048/4.4" "CVE-2021-3428/4.4" "CVE-2021-20265/4.4" "CVE-2022-1184/4.4/0014.patch" "CVE-2022-1184/4.9/0007.patch" "CVE-2022-40768/4.9/0007.patch" "CVE-2022-40768/4.4/0008.patch" "CVE-2022-47929/4.4" "CVE-2023-0458";
+	commentPatches $script "0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch" "CVE-2018-16597/4.4" "CVE-2019-19319/4.4" "CVE-2020-0305/4.4" "CVE-2020-0429/4.4" "CVE-2020-8992/4.4" "CVE-2021-1048/4.4" "CVE-2021-3428/4.4" "CVE-2021-20265/4.4" "CVE-2022-1184/4.4/0014.patch" "CVE-2022-1184/4.9/0007.patch" "CVE-2022-40768/4.9/0007.patch" "CVE-2022-40768/4.4/0008.patch" "CVE-2022-47929/4.4" "CVE-2023-0458" "CVE-2024-26889";
 done
 #4.4
 declare -a fourDotFour=("${threeDotEighteen[@]}" "android_kernel_essential_msm8998.sh" "android_kernel_fxtec_msm8998.sh" "android_kernel_lge_msm8996.sh" "android_kernel_zuk_msm8996.sh" "android_kernel_xiaomi_sdm660.sh" "android_kernel_sony_sdm660.sh" "android_kernel_razer_msm8998.sh" "android_kernel_oneplus_msm8998.sh" "android_kernel_google_wahoo.sh" "android_kernel_yandex_sdm660.sh" "android_kernel_zuk_msm8996.sh");
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh
@ -860,7 +860,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch
--- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh
+++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh
@ -822,7 +822,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch
--- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_zte_msm8996.sh
+++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_zte_msm8996.sh
@ -812,7 +812,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_marlin.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_marlin.sh
@ -629,7 +629,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8996.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8996.sh
@ -645,7 +645,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch
--- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8996.sh
+++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8996.sh
@ -633,7 +633,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26816/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/4.4/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26894/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26901/4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26955/4.4/0001.patch
--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@ -120,7 +120,14 @@ fi;

 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
 if enterAndClear "external/hardened_malloc"; then
-applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
+applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
+applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras-2.patch"; #Expand workaround to all camera executables (DivestOS)
+applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0002-Broken_Displays.patch"; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS)
+sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement
+sed -i -e '76,78d;' Android.bp; #fix compile under A13
+sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12
+awk -i inplace '!/vendor_ramdisk_available/' Android.bp; #fix compile under A11
+rm -rfv androidtest;
 fi;
 fi;

--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@ -205,3 +205,5 @@ source "$DOS_SCRIPTS/Functions.sh";

 [[ -f "$DOS_BUILD_BASE/.repo/local_manifests/roomservice.xml" ]] && echo "roomservice manifest found! Please fix your manifests before continuing!";
 [[ -f "$DOS_BUILD_BASE/DOS_PATCHED_FLAG" ]] && echo "NOTE: THIS WORKSPACE IS ALREADY PATCHED, PLEASE RESET BEFORE PATCHING AGAIN!";
+
+if grep -sq "orphan_file" "/etc/mke2fs.conf"; then echo "NOTE: YOU MUST REMOVE orphan_file AND metadata_csum_seed FROM /etc/mke2fs.conf"; fi;