From 19d5b660979fd7efa34333122a9ca5feab4480f6 Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 7 Sep 2019 09:56:47 -0400 Subject: [PATCH] Many changes - ASB chery picks - 16.0: recovery: fix sideload - Restore releasetools for some devices - Only include Backup where supported - Change some small defaults - z00t: 14.1 -> 15.1 - himaul: 14.1 -> 15.1 - i9100: 14.1 -> 15.1+16.0 - flo: 15.1 -> 16.0, disabled - flounder: 15.1 disabled, enable 14.1 --- .gitignore | 2 +- Manifests/Manifest_LAOS-14.1.xml | 4 +- Manifests/Manifest_LAOS-15.1.xml | 18 +- Manifests/Manifest_LAOS-16.0.xml | 14 +- .../SettingsProvider/res/values/defaults.xml | 4 + .../android_vendor_divested/packages.mk | 1 - Scripts/Common/Functions.sh | 10 + Scripts/LineageOS-11.0/Functions.sh | 6 +- Scripts/LineageOS-14.1/Functions.sh | 20 +- Scripts/LineageOS-14.1/Patch.sh | 7 + .../android_kernel_asus_msm8916.sh | 170 ++++++++++++ .../android_kernel_htc_msm8994.sh | 262 ++++++++++++++++++ .../android_kernel_samsung_smdk4412.sh | 155 +++++++++++ Scripts/LineageOS-15.1/Functions.sh | 21 +- Scripts/LineageOS-15.1/Patch.sh | 11 + .../android_kernel_google_marlin.sh | 1 - .../CVE_Patchers/android_kernel_lge_mako.sh | 4 +- Scripts/LineageOS-16.0/Functions.sh | 12 +- Scripts/LineageOS-16.0/Patch.sh | 23 +- 19 files changed, 711 insertions(+), 34 deletions(-) create mode 100644 Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_msm8916.sh create mode 100644 Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_htc_msm8994.sh create mode 100644 Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh diff --git a/.gitignore b/.gitignore index 520c1d6f..6f96dfa4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ - +.Signing_Keys/ Signing_Keys/ Signing_Keys-New/ Signing_Keys-Old/ diff --git a/Manifests/Manifest_LAOS-14.1.xml b/Manifests/Manifest_LAOS-14.1.xml index bbbc2f5b..bc620e82 100644 --- a/Manifests/Manifest_LAOS-14.1.xml +++ b/Manifests/Manifest_LAOS-14.1.xml @@ -65,8 +65,8 @@ - - + diff --git a/Manifests/Manifest_LAOS-15.1.xml b/Manifests/Manifest_LAOS-15.1.xml index e8bf97db..97aa66e5 100644 --- a/Manifests/Manifest_LAOS-15.1.xml +++ b/Manifests/Manifest_LAOS-15.1.xml @@ -72,8 +72,8 @@ - - + @@ -92,6 +92,11 @@ + + + + + @@ -121,10 +126,10 @@ - - --> + @@ -206,6 +211,11 @@ + + + + + diff --git a/Manifests/Manifest_LAOS-16.0.xml b/Manifests/Manifest_LAOS-16.0.xml index be1f0f71..51bdc873 100644 --- a/Manifests/Manifest_LAOS-16.0.xml +++ b/Manifests/Manifest_LAOS-16.0.xml @@ -58,6 +58,9 @@ + + @@ -72,7 +75,7 @@ - + @@ -87,6 +90,7 @@ + @@ -148,6 +152,9 @@ + + + @@ -177,6 +184,11 @@ + + + + + diff --git a/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml b/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml index 9e7ea892..0ff8c91e 100644 --- a/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml +++ b/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/packages/SettingsProvider/res/values/defaults.xml @@ -1,6 +1,10 @@ + false + false + false + false diff --git a/Patches/Common/android_vendor_divested/packages.mk b/Patches/Common/android_vendor_divested/packages.mk index 6b72f0af..25b2e84c 100644 --- a/Patches/Common/android_vendor_divested/packages.mk +++ b/Patches/Common/android_vendor_divested/packages.mk @@ -20,7 +20,6 @@ PRODUCT_PACKAGES += \ # Others PRODUCT_PACKAGES += \ - Backup \ LocalCalendar # Notes diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 56a21cfa..3e53b983 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -154,6 +154,8 @@ processRelease() { ARCHIVE="$DOS_BUILDS/$DOS_VERSION/release_keys/"; OUT_DIR="$DOS_BUILD_BASE/out/target/product/$DEVICE/"; + echo -e "\e[0;32mProcessing release for $DEVICE\e[0m"; + #Arguments if [ "$BLOCK" != false ]; then BLOCK_SWITCHES="--block"; @@ -162,15 +164,18 @@ processRelease() { VERITY_SWITCHES=(--replace_verity_public_key "$KEY_DIR/verity_key.pub" \ --replace_verity_private_key "$KEY_DIR/verity" \ --replace_verity_keyid "$KEY_DIR/verity.x509.pem"); + echo -e "\e[0;32m\t+ Verified Boot 1.0\e[0m"; elif [[ "$VERITY" == "avb" ]]; then VERITY_SWITCHES=(--avb_vbmeta_key "$KEY_DIR/avb.pem" \ --avb_vbmeta_algorithm SHA256_RSA2048 \ --avb_system_key "$KEY_DIR/avb.pem" \ --avb_system_algorithm SHA256_RSA2048); AVB_PKMD="$KEY_DIR/avb_pkmd.bin"; + echo -e "\e[0;32m\t+ Verified Boot 2.0\e[0m"; fi; #Target Files + echo -e "\e[0;32mSigning target files\e[0m"; build/tools/releasetools/sign_target_files_apks -o -d "$KEY_DIR" \ "${VERITY_SWITCHES[@]}" \ $OUT_DIR/obj/PACKAGING/target_files_intermediates/*$DEVICE-target_files-*.zip \ @@ -179,10 +184,12 @@ processRelease() { echo $INCREMENTAL_ID > $OUT_DIR/$PREFIX-target_files.zip.id; #Image + #echo -e "\e[0;32mCreating fastboot image\e[0m"; #build/tools/releasetools/img_from_target_files $OUT_DIR/$PREFIX-target_files.zip \ # $OUT_DIR/$PREFIX-img.zip || exit 1; #OTA + echo -e "\e[0;32mCreating OTA\e[0m"; build/tools/releasetools/ota_from_target_files $BLOCK_SWITCHES -t 8 -k "$KEY_DIR/releasekey" \ $OUT_DIR/$PREFIX-target_files.zip \ $OUT_DIR/$PREFIX-ota.zip; @@ -193,6 +200,7 @@ processRelease() { for LAST_TARGET_FILES in $ARCHIVE/target_files/$DOS_BRANDING_ZIP_PREFIX-$VERSION-*-dos-$DEVICE-target_files.zip; do if [[ -f "$LAST_TARGET_FILES.id" ]]; then LAST_INCREMENTAL_ID=$(cat "$LAST_TARGET_FILES.id"); + echo -e "\e[0;32mGenerating incremental OTA against $LAST_INCREMENTAL_ID\e[0m"; build/tools/releasetools/ota_from_target_files $BLOCK_SWITCHES -t 8 -k "$KEY_DIR/releasekey" -i \ "$LAST_TARGET_FILES" \ $OUT_DIR/$PREFIX-target_files.zip \ @@ -204,6 +212,7 @@ processRelease() { #Copy to archive if [ "$DOS_AUTO_ARCHIVE_BUILDS" = true ]; then + echo -e "\e[0;32mCopying files to archive\e[0m"; mkdir -vp $ARCHIVE; mkdir -vp $ARCHIVE/target_files; mkdir -vp $ARCHIVE/incrementals; @@ -212,6 +221,7 @@ processRelease() { cp -v $OUT_DIR/$PREFIX-ota.zip* $ARCHIVE/; cp -v $OUT_DIR/$PREFIX-incremental_*.zip* $ARCHIVE/incrementals/; fi; + echo -e "\e[0;32mRelease processing complete\e[0m"; } export -f processRelease; diff --git a/Scripts/LineageOS-11.0/Functions.sh b/Scripts/LineageOS-11.0/Functions.sh index 15caa4a8..680c710e 100644 --- a/Scripts/LineageOS-11.0/Functions.sh +++ b/Scripts/LineageOS-11.0/Functions.sh @@ -48,7 +48,7 @@ export -f buildDeviceDebug; buildAll() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; - brunch lineage_nex-user && processRelease nex false; + brunch lineage_nex-user && processRelease nex false; #broken encryption } export -f buildAll; @@ -58,8 +58,8 @@ patchWorkspace() { source build/envsetup.sh; repopick -it asb-2018.09-cm11-qcom; repopick -i 230054 230392; #asb disclaimer - #repopick -it asb-2019.03-cm11; #merged, execpt for level - repopick -it asb-2019.04-cm11 -e 246293; + repopick -it asb-2019.03-cm11; + #repopick -it asb-2019.04-cm11 -e 246293; repopick -it asb-2019.05-cm11; repopick -it asb-2019.06-cm11; repopick -it asb-2019.07-cm11; diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index 50145b5a..8eb6b123 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -55,14 +55,11 @@ buildAll() { if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; #Select devices are userdebug due to SELinux policy issues buildDevice osprey; - buildDeviceUserDebug thor; - buildDevice Z00T; + buildDeviceUserDebug thor; #broken encryption buildDevice clark; - buildDevice h815; - buildDevice himaul; + buildDevice h815; #broken buildDevice manta; - buildDevice n7100; #device/samsung/n7100/selinux/device.te:5:ERROR 'duplicate declaration of type/attribute' at token ';': type hpd_device, dev_type; type mfc_device, dev_type; - buildDeviceUserDebug i9100; + buildDevice n7100; #broken sepolicy buildDeviceUserDebug i9300; buildDevice i9305; buildDevice n5110; @@ -72,8 +69,12 @@ buildAll() { buildDevice toroplus; buildDevice grouper; #needs manual patching - one-repo vendor blob patch - #The following are all superseded, and should only be enabled if the newer version is broken (not building/booting/etc.) + buildDevice himaul; + buildDevice Z00T; + buildDevice flounder verity; + buildDevice axon7; + buildDevice h850; if [ "$DOS_BUILDALL_SUPERSEDED" = true ]; then buildDevice flo; buildDevice mako; @@ -94,15 +95,13 @@ buildAll() { buildDevice ether; buildDevice angler verity; buildDevice kipper; - buildDevice axon7; buildDevice griffin; - buildDevice h850; buildDevice us996; buildDevice marlin verity; buildDevice sailfish verity; buildDevice us997; - buildDevice flounder verity; buildDevice dragon verity; + buildDeviceUserDebug i9100; buildDevice fugu; fi; } @@ -125,6 +124,7 @@ patchWorkspace() { repopick 248600 248649; #/proc hardening repopick -it nougat-mr2-security-release-residue; repopick 255328; #update webview + repopick -it N_asb_2019-09; export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index c9b8cbed..e85e94eb 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -161,6 +161,9 @@ git revert 0217dddeb5c16903c13ff6c75213619b79ea622b d7aa1231b6a0631f506c0c23816f patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS) if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) +enterAndClear "system/gatekeeper"; +git pull "https://github.com/LineageOS/android_system_gatekeeper" refs/changes/85/252985/1; #N_asb_2019-09 + enterAndClear "system/sepolicy"; patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices @@ -232,11 +235,15 @@ rm board-info.txt; #Never restrict installation enterAndClear "device/oneplus/bacon"; sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/ +enterAndClear "device/samsung/manta"; +git revert e55bbff1c8aa50e25ffe39c8936ea3dc92a4a575; #restore releasetools + enterAndClear "device/samsung/toroplus"; awk -i inplace '!/additional_system_update/' overlay/packages/apps/Settings/res/values*/*.xml; enableLowRam "device/samsung/tuna"; enterAndClear "device/samsung/tuna"; +git revert e53eea6426da49dfb542929d5aa686667f4d416f; #restore releasetools rm setup-makefiles.sh; #broken, deblobber will still function sed -i 's|vendor/maguro/|vendor/|' libgps-shim/gps.c; #fix dlopen not found #See: https://review.lineageos.org/q/topic:%22tuna-sepolicies diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_msm8916.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_msm8916.sh new file mode 100644 index 00000000..b14f4e7b --- /dev/null +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_msm8916.sh @@ -0,0 +1,170 @@ +#!/bin/bash +cd "$DOS_BUILD_BASE""kernel/asus/msm8916" +git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0004-No_dir-relax.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0010.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0011.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0013.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0014.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0015.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0016.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0017.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0018.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0011.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0013.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-2898/^3.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4129/^3.10.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4129/^3.10.3/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9730/^3.18.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1339/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-5307/^4.2.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8481/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000410/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-10663/^4.12.4/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11033/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11600/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13163/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13168/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13174/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13216/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15837/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16531/^4.13.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16534/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16643/3.5-^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16645/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16939/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18241/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18255/^4.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9711/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9723/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1000199/^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10877/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.10/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10881/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1092/^4.15.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11273/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11286/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11918/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11987/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13913/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14734/^4.17.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18021/^4.18.12/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20836/^4.20/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3563/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5858/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5904/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9383/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9515/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9518/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10519/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11486/^5.0.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11884/^5.0.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13631/^5.2.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15098/^5.2.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2331/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/1035495_0001-cnss-Add-NULL-check-for-PM-related-APIs.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch +editKernelLocalversion "-dos.p166" +cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_htc_msm8994.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_htc_msm8994.sh new file mode 100644 index 00000000..acaaf763 --- /dev/null +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_htc_msm8994.sh @@ -0,0 +1,262 @@ +#!/bin/bash +cd "$DOS_BUILD_BASE""kernel/htc/msm8994" +git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.10/3.10.0088-0089.patch --exclude=Makefile +git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.10/3.10.0093-0094.patch --exclude=Makefile +git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0004-No_dir-relax.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0010.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0011.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0013.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0014.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0015.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0016.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0017.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.10/0018.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0011.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-2898/^3.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4129/^3.10.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4129/^3.10.3/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9781/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9903/^3.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9904/^3.17/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1339/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-4170/3.10-^3.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-4177/^4.0.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-5257/^4.2.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-5283/^4.2.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-5307/^4.2.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6252/^4.1.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7550/^4.3.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7799/^4.2.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7799/^4.2.3/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8569/^4.3.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8709/^4.4.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8844/^4.3.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-9289/^4.1.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0843/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10208/3.10-^3.16/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2117/^4.5.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2187/^4.5.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/^4.5.1/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2384/^4.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2545/^4.4.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2782/^4.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3070/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3136/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3137/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3140/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3689/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3951/^4.5/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5.2/0002.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8633/^4.8.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8646/^4.3.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9083/^4.8.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9178/^4.7.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/^4.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0445/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0862/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000365/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11033/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11600/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13166/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13168/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13216/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15837/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.10/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.10/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16531/^4.13.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16534/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16643/3.5-^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16645/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16939/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18165/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18255/^4.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18306/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2618/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2671/^4.10.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5669/^4.9.12/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6951/^3.14.79/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7261/^4.10.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7308/^4.10.6/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7373/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7472/^4.10.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7541/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8243/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8890/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8925/^4.10.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9711/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9723/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1000199/^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10877/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.10/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10881/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10902/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1092/^4.15.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11265/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11273/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11286/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11919/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11987/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-12011/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13913/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14734/^4.17.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18021/^4.18.12/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20836/^4.20/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3563/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3584/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3585/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3597/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5825/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5858/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5904/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5908/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9383/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9514/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9515/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9518/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10519/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11486/^5.0.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11884/^5.0.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13631/^5.2.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15098/^5.2.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2331/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0004/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch +editKernelLocalversion "-dos.p258" +cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh new file mode 100644 index 00000000..6226869e --- /dev/null +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh @@ -0,0 +1,155 @@ +#!/bin/bash +cd "$DOS_BUILD_BASE""kernel/samsung/smdk4412" +git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2011-5327/^3.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-2375/^3.3.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-3375/^3.2.24/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6545/^3.6/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4299/^3.11.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4345/^3.11.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4470/^3.12/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4587/^3.12.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-6378/^3.12.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-6380/^3.12.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-6381/^3.12.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-6383/^3.11.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-7027/^3.11.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-7339/^3.12.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-7470/^3.11.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-0077/^3.13.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-0101/^3.13.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1444/^3.11.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1445/^3.11.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1446/^3.12.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1737/^3.14.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1738/^3.14.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-1739/^3.13.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-2678/^3.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3153/^3.14.5/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3601/^3.16.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3687/^3.17.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/^3.17.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4652/^3.15.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4656/^3.15.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4656/^3.15.2/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4667/^3.15.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4699/^3.15.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-5077/^3.15.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-5471/^3.16.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7841/^3.17.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-7975/^3.17/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8133/^3.18.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8134/^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9420/^3.18.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9584/^3.18.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9728/^3.18.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9781/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9870/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9895/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1421/^3.18.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-3331/^3.19.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-5156/^4.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6252/^4.1.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6640/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-6937/^4.2.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7566/^4.4.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7799/^4.2.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/^4.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8944/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/^4.5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2544/^4.4.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6753/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5.2/0002.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8463/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8646/^4.3.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/^4.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0403/3.0-^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0430/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0706/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/^4.13.3/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13292/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/^3.19/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2618/^4.9.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6074/^4.9.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/^4.10.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/^4.10.6/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7308/^4.10.6/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/^4.11.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20511/^4.18.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/772877_0001-usb-core-Fix-use-after-free-for-hub-usb-device.patch +git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9781/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch +editKernelLocalversion "-dos.p151" +cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index dc10fe3b..d8d5d208 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -18,7 +18,7 @@ #Last verified: 2018-04-27 patchAllKernels() { - startPatcher "kernel_asus_fugu kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_dragon kernel_google_marlin kernel_google_msm kernel_google_wahoo kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974 kernel_samsung_universal9810 kernel_zte_msm8996"; + startPatcher "kernel_asus_fugu kernel_asus_msm8916 kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_dragon kernel_google_marlin kernel_google_msm kernel_google_wahoo kernel_htc_flounder kernel_htc_msm8974 kernel_htc_msm8994 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974 kernel_samsung_smdk4412 kernel_samsung_universal9810 kernel_zte_msm8996"; } export -f patchAllKernels; @@ -39,6 +39,11 @@ buildDevice() { } export -f buildDevice; +buildDeviceUserDebug() { + brunch "lineage_$1-userdebug" && processRelease $1 true $2; +} +export -f buildDeviceUserDebug; + buildDeviceDebug() { unset SIGNING_KEY_DIR; brunch "lineage_$1-eng"; @@ -48,18 +53,20 @@ export -f buildDeviceDebug; buildAll() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; - buildDevice flo; buildDevice bullhead verity; + #buildDevice himaul; #broken - needs vendor bits buildDevice angler verity; - buildDevice axon7; #broken - buildDevice h850; + buildDevice Z00T; #broken - needs vendor patching + buildDevice axon7; #broken - needs vendor patching + buildDevice h850; #broken buildDevice us996; buildDevice us997; - buildDevice flounder verity; + #buildDevice flounder verity; #broken encryption buildDevice dragon verity; buildDevice starlte; #broken - device/samsung/universal9810-common/audio: MODULE.TARGET.SHARED_LIBRARIES.libshim_audio_32 already defined by device/samsung/star-common/audio #The following are all superseded, and should only be enabled if the newer version is broken (not building/booting/etc.) + buildDevice flo; #broken camera? buildDevice hammerhead; buildDevice fugu; if [ "$DOS_BUILDALL_SUPERSEDED" = true ]; then @@ -83,6 +90,7 @@ buildAll() { buildDevice mata verity; buildDevice taimen avb; buildDevice walleye avb; + buildDeviceUserDebug i9100; fi; } export -f buildAll; @@ -92,6 +100,9 @@ patchWorkspace() { source build/envsetup.sh; repopick 255328; #update webview + repopick -it O_asb_2019-09; + + export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Defaults.sh"; diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 48906a1e..433438e2 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -77,6 +77,9 @@ git revert c9b0d95630b82cd0ad1a0fc633c6d59c2cb8aad7 37422f7df389f3ae5a34ee3d6dd9 enterAndClear "device/qcom/sepolicy"; patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH +enterAndClear "external/libcups"; +git pull "https://github.com/LineageOS/android_external_libcups" refs/changes/66/255866/1; #O_asb_2019-09 + enterAndClear "external/svox"; git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles @@ -187,6 +190,7 @@ if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYP echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations enter "vendor/divested"; +echo "PRODUCT_PACKAGES += Backup" >> packages.mk; if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; # @@ -196,6 +200,9 @@ if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_ # #START OF DEVICE CHANGES # +enterAndClear "device/asus/msm8916-common"; +rm -rf Android.bp sensors; #already included in asus/flo + enterAndClear "device/google/marlin"; patch -p1 < "$DOS_PATCHES/android_device_google_marlin/0001-Fix_MediaProvider_Deadlock.patch"; #Fix MediaProvider using 100% CPU (due to broken ppoll on functionfs?) @@ -211,8 +218,12 @@ enterAndClear "device/lge/msm8996-common"; sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te; enterAndClear "device/lge/mako"; +git revert e277722bb3f10dad7a6078aa0dba7b78738e6071; #restore releasetools echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot +enterAndClear "device/moto/shamu"; +#git revert 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO + enterAndClear "device/oppo/msm8974-common"; sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/ diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh index 537503c6..cf6bc9d3 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh @@ -2,7 +2,6 @@ cd "$DOS_BUILD_BASE""kernel/google/marlin" git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/0005-Copperhead-Deny_USB/3.18/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0019.patch git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0020.patch git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0021.patch diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh index a47d19d3..bf10cd4b 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh @@ -47,8 +47,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/^4.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9793/^4.8.14/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9794/^4.7/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch @@ -126,5 +124,5 @@ git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-5d89eb01c93d8a git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-7be3e08d7a523207486701b2d34607137558066f.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch -editKernelLocalversion "-dos.p127" +editKernelLocalversion "-dos.p124" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index b788f5aa..365e679d 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -18,7 +18,7 @@ #Last verified: 2018-04-27 patchAllKernels() { - startPatcher "kernel_asus_fugu kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_bonito kernel_google_crosshatch kernel_google_marlin kernel_google_wahoo kernel_htc_msm8974 kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_razer_msm8998 kernel_samsung_jf kernel_samsung_msm8974 kernel_zuk_msm8996"; + startPatcher "kernel_asus_fugu kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_bonito kernel_google_crosshatch kernel_google_marlin kernel_google_msm kernel_google_wahoo kernel_htc_msm8974 kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_razer_msm8998 kernel_samsung_jf kernel_samsung_msm8974 kernel_samsung_smdk4412 kernel_zuk_msm8996"; } export -f patchAllKernels; @@ -39,6 +39,11 @@ buildDevice() { } export -f buildDevice; +buildDeviceUserDebug() { + brunch "lineage_$1-userdebug" && processRelease $1 true $2; +} +export -f buildDeviceUserDebug; + buildDeviceDebug() { unset SIGNING_KEY_DIR; brunch "lineage_$1-eng"; @@ -49,6 +54,7 @@ buildAll() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi; #SDS4P + #buildDevice flo; #broken encryption buildDevice mako; #SD410 buildDevice crackling; #broken @@ -89,6 +95,8 @@ buildAll() { #SD670 buildDevice bonito avb; buildDevice sargo avb; + #Samsung + buildDeviceUserDebug i9100; #Intel buildDevice fugu; #broken } @@ -99,7 +107,7 @@ patchWorkspace() { source build/envsetup.sh; repopick -f 254249; #g3 nfc - repopick 255360; #fp2 fix + #repopick -it hh-cleanup; repopick 255328; #update webview repopick -it P_asb_2019-09; diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 4d7f95b0..2608e4ce 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -64,16 +64,26 @@ enterAndClear "bionic"; if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS) enterAndClear "bootable/recovery"; +git revert 4d361ff13b5bd61d5a6a5e95063b24b8a37a24ab 37d729bf; #fix sideload #git revert fe2901b144c515c5a90b547198aed37c209b5a82; #Resurrect dm-verity enterAndClear "build/make"; git revert 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; +#enterAndClear "device/lineage/sepolicy"; +#echo "recovery_only('allow init rootfs:file create;')" >> common/private/init.te; #Fix sideload in recovery (alternative) + enterAndClear "device/qcom/sepolicy-legacy"; patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH echo "SELINUX_IGNORE_NEVERALLOWS := true" >> sepolicy.mk; #necessary for -user builds of legacy devices +enterAndClear "external/libcups"; +git pull "https://github.com/LineageOS/android_external_libcups" refs/changes/96/255696/1; #P_asb_2019-09 + +enterAndClear "external/libhevc"; +git pull "https://github.com/LineageOS/android_external_libhevc" refs/changes/97/255697/1; #P_asb_2019-09 + enterAndClear "external/svox"; git revert 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles sed -i '12iLOCAL_SDK_VERSION := current' pico/Android.mk; #Fix build under Pie @@ -127,6 +137,7 @@ rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml patch -p1 < "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics enterAndClear "packages/apps/Settings"; +git revert c240992b4c86c7f226290807a2f41f2619e7e5e8; #don't hide oem unlock sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options @@ -156,10 +167,14 @@ patch -p1 < "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; enterAndClear "system/core"; if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file -#git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery XXX: recovery doesn't boot +git revert b3609d82999d23634c5e6db706a3ecbc5348309a; #Always update recovery patch -p1 < "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysfs changes (GrapheneOS) if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES_COMMON/android_system_core/0001-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) +enterAndClear "system/nfc"; +git pull "https://github.com/LineageOS/android_system_nfc" refs/changes/93/255693/1; #P_asb_2019-09 +git pull "https://github.com/LineageOS/android_system_nfc" refs/changes/94/255694/1; + enterAndClear "system/sepolicy"; patch -p1 < "$DOS_PATCHES/android_system_sepolicy/0001-LGE_Fixes.patch"; #Fix -user builds for LGE devices awk -i inplace '!/true cannot be used in user builds/' Android.mk; #Allow ignoring neverallows under -user @@ -180,6 +195,7 @@ if [ "$DOS_NON_COMMERCIAL_USE_PATCHES" = true ]; then sed -i 's/LINEAGE_BUILDTYP echo 'include vendor/divested/divestos.mk' >> config/common.mk; #Include our customizations enter "vendor/divested"; +echo "PRODUCT_PACKAGES += Backup" >> packages.mk; if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #All of our kernels have deny USB patch added @@ -208,12 +224,16 @@ git revert 9a5739e66d0a44347881807c0cc44d7c318c02b8; #fix nfc path enterAndClear "device/lge/mako"; git revert 218f7442874f7b7d494f265286a2151e2f81bb6e; #disable dexpreopt full and switch back to -mini +#git revert ; #restore releasetools #TODO echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot echo "allow system_server sensors_data_file:dir search;" >> sepolicy/system_server.te; #Fix qcom_sensors log spam echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/system_server.te; sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 40M free awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk; +enterAndClear "device/moto/shamu"; +#git revert 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO + enterAndClear "device/oppo/msm8974-common"; sed -i "s/TZ.BF.2.0-2.0.0134/TZ.BF.2.0-2.0.0134|TZ.BF.2.0-2.0.0137/" board-info.txt; #Suport new TZ firmware https://review.lineageos.org/#/c/178999/ @@ -234,6 +254,7 @@ find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} cd "$DOS_BUILD_BASE"; #Fix broken options enabled by hardenDefconfig() +sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/lge/mako/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/motorola/msm8974/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8996/arch/arm64/configs/*_defconfig; #Breaks on compile