14.1 though 17.1: patch CVE-2023-4863, thanks to @syphyr

run tested on 14.1, 15.1, and 17.1
compile tested on 16.0

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2023-09-19 20:27:58 -04:00
parent de7d2a2a62
commit 25f02f4177
No known key found for this signature in database
GPG Key ID: B286E9F57A07424B
11 changed files with 226 additions and 1 deletions

View File

@ -74,6 +74,8 @@
<project path="external/aac" name="LineageOS/android_external_aac" remote="github" revision="lineage-17.1" />
<remove-project name="LineageOS/android_external_freetype" />
<project path="external/freetype" name="LineageOS/android_external_freetype" remote="github" revision="lineage-18.1" />
<remove-project name="platform/external/webp" />
<project path="external/webp" name="LineageOS/android_external_webp" remote="github" revision="lineage-18.1" />
<!-- @syphyr's security backport branches -->
<remove-project name="LineageOS/android_external_boringssl" />

View File

@ -74,6 +74,8 @@
<!-- use newer branches -->
<remove-project name="LineageOS/android_external_aac" />
<project path="external/aac" name="LineageOS/android_external_aac" remote="github" revision="lineage-17.1" />
<remove-project name="platform/external/webp" />
<project path="external/webp" name="LineageOS/android_external_webp" remote="github" revision="lineage-18.1" />
<!-- END OF BRANCH SWITCHING -->
<!-- START OF ADDITIONAL REPOS -->

View File

@ -72,6 +72,8 @@
<!-- use newer branches -->
<remove-project name="LineageOS/android_external_aac" />
<project path="external/aac" name="LineageOS/android_external_aac" remote="github" revision="lineage-17.1" />
<remove-project name="platform/external/webp" />
<project path="external/webp" name="LineageOS/android_external_webp" remote="github" revision="lineage-18.1" />
<!-- END OF BRANCH SWITCHING -->
<!-- START OF ADDITIONAL REPOS -->

View File

@ -65,6 +65,10 @@
<!-- Switch to the Mulch WebView -->
<remove-project name="LineageOS/android_external_chromium-webview" />
<project path="external/chromium-webview" name="divested-mobile/mulch" groups="pdk" clone-depth="1" remote="gitlab" revision="master" />
<!-- use newer branches -->
<remove-project name="platform/external/webp" />
<project path="external/webp" name="LineageOS/android_external_webp" remote="github" revision="lineage-18.1" />
<!-- END OF BRANCH SWITCHING -->
<!-- START OF ADDITIONAL REPOS -->

View File

@ -0,0 +1,197 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Vasyl Gello <vasek.gello@gmail.com>
Date: Tue, 19 Sep 2023 10:36:06 +0000
Subject: [PATCH] Bring back Android.mk
Change-Id: I158057f8215a32005390272d14d3f04db0c26ac8
Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>
---
Android.mk | 1 +
src/Android.mk | 170 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 171 insertions(+)
create mode 100644 Android.mk
create mode 100644 src/Android.mk
diff --git a/Android.mk b/Android.mk
new file mode 100644
index 0000000..5053e7d
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1 @@
+include $(call all-subdir-makefiles)
diff --git a/src/Android.mk b/src/Android.mk
new file mode 100644
index 0000000..4997695
--- /dev/null
+++ b/src/Android.mk
@@ -0,0 +1,170 @@
+# Copyright 2010 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH:= $(call my-dir)
+
+###############################################
+include $(CLEAR_VARS)
+LOCAL_SRC_FILES := \
+ dsp/cost.c \
+ dsp/cost_mips32.c \
+ dsp/cost_mips_dsp_r2.c \
+ dsp/cost_neon.c \
+ dsp/cost_sse2.c \
+ dsp/cpu.c \
+ dsp/enc.c \
+ dsp/enc_mips32.c \
+ dsp/enc_mips_dsp_r2.c \
+ dsp/enc_msa.c \
+ dsp/enc_neon.c \
+ dsp/enc_sse2.c \
+ dsp/enc_sse41.c \
+ dsp/lossless_enc.c \
+ dsp/lossless_enc_mips32.c \
+ dsp/lossless_enc_mips_dsp_r2.c \
+ dsp/lossless_enc_msa.c \
+ dsp/lossless_enc_neon.c \
+ dsp/lossless_enc_sse2.c \
+ dsp/lossless_enc_sse41.c \
+ dsp/ssim.c \
+ dsp/ssim_sse2.c \
+ enc/alpha_enc.c \
+ enc/analysis_enc.c \
+ enc/backward_references_cost_enc.c \
+ enc/backward_references_enc.c \
+ enc/config_enc.c \
+ enc/cost_enc.c \
+ enc/filter_enc.c \
+ enc/frame_enc.c \
+ enc/histogram_enc.c \
+ enc/iterator_enc.c \
+ enc/near_lossless_enc.c \
+ enc/picture_csp_enc.c \
+ enc/picture_enc.c \
+ enc/picture_psnr_enc.c \
+ enc/picture_rescale_enc.c \
+ enc/picture_tools_enc.c \
+ enc/predictor_enc.c \
+ enc/quant_enc.c \
+ enc/syntax_enc.c \
+ enc/token_enc.c \
+ enc/tree_enc.c \
+ enc/vp8l_enc.c \
+ enc/webp_enc.c \
+ mux/anim_encode.c \
+ mux/muxedit.c \
+ mux/muxinternal.c \
+ mux/muxread.c \
+ utils/bit_writer_utils.c \
+ utils/filters_utils.c \
+ utils/huffman_encode_utils.c \
+ utils/quant_levels_utils.c
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS := -O2 -DANDROID -DWEBP_SWAP_16BIT_CSP -DWEBP_USE_THREAD
+
+LOCAL_C_INCLUDES += \
+ $(LOCAL_PATH)/enc \
+ $(LOCAL_PATH)/../ \
+ $(LOCAL_PATH)/../include
+
+LOCAL_MODULE := libwebp-encode
+
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
+
+include $(BUILD_STATIC_LIBRARY)
+
+###############################################
+
+include $(CLEAR_VARS)
+LOCAL_SRC_FILES := \
+ dec/alpha_dec.c \
+ dec/buffer_dec.c \
+ dec/frame_dec.c \
+ dec/idec_dec.c \
+ dec/io_dec.c \
+ dec/quant_dec.c \
+ dec/tree_dec.c \
+ dec/vp8_dec.c \
+ dec/vp8l_dec.c \
+ dec/webp_dec.c \
+ demux/anim_decode.c \
+ demux/demux.c \
+ dsp/alpha_processing.c \
+ dsp/alpha_processing_mips_dsp_r2.c \
+ dsp/alpha_processing_neon.c \
+ dsp/alpha_processing_sse2.c \
+ dsp/alpha_processing_sse41.c \
+ dsp/cpu.c \
+ dsp/dec.c \
+ dsp/dec_clip_tables.c \
+ dsp/dec_mips32.c \
+ dsp/dec_mips_dsp_r2.c \
+ dsp/dec_msa.c \
+ dsp/dec_neon.c \
+ dsp/dec_sse2.c \
+ dsp/dec_sse41.c \
+ dsp/filters.c \
+ dsp/filters_mips_dsp_r2.c \
+ dsp/filters_msa.c \
+ dsp/filters_neon.c \
+ dsp/filters_sse2.c \
+ dsp/lossless.c \
+ dsp/lossless_mips_dsp_r2.c \
+ dsp/lossless_msa.c \
+ dsp/lossless_neon.c \
+ dsp/lossless_sse2.c \
+ dsp/rescaler.c \
+ dsp/rescaler_mips32.c \
+ dsp/rescaler_mips_dsp_r2.c \
+ dsp/rescaler_msa.c \
+ dsp/rescaler_neon.c \
+ dsp/rescaler_sse2.c \
+ dsp/upsampling.c \
+ dsp/upsampling_mips_dsp_r2.c \
+ dsp/upsampling_msa.c \
+ dsp/upsampling_neon.c \
+ dsp/upsampling_sse2.c \
+ dsp/upsampling_sse41.c \
+ dsp/yuv.c \
+ dsp/yuv_mips32.c \
+ dsp/yuv_mips_dsp_r2.c \
+ dsp/yuv_neon.c \
+ dsp/yuv_sse2.c \
+ dsp/yuv_sse41.c \
+ utils/bit_reader_utils.c \
+ utils/color_cache_utils.c \
+ utils/filters_utils.c \
+ utils/huffman_utils.c \
+ utils/quant_levels_dec_utils.c \
+ utils/random_utils.c \
+ utils/rescaler_utils.c \
+ utils/thread_utils.c \
+ utils/utils.c
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS := -O2 -DANDROID -DWEBP_SWAP_16BIT_CSP -DWEBP_USE_THREAD
+
+LOCAL_C_INCLUDES += \
+ $(LOCAL_PATH)/dec \
+ $(LOCAL_PATH)/../ \
+ $(LOCAL_PATH)/../include
+
+LOCAL_SDK_VERSION := 9
+
+LOCAL_MODULE := libwebp-decode
+
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
+
+include $(BUILD_STATIC_LIBRARY)

View File

@ -147,6 +147,11 @@ if enterAndClear "external/tremolo"; then
applyPatch "$DOS_PATCHES/android_external_tremolo/319986.patch"; #n-asb-2021-12 handle cases where order isn't a multiple of dimension
fi;
if enterAndClear "external/webp"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
applyPatch "$DOS_PATCHES/android_external_webp/0001-makefile.patch"; #Add Android.mk for legacy builds (syphyr)
fi;
if enterAndClear "external/zlib"; then
applyPatch "$DOS_PATCHES/android_external_zlib/351107.patch"; #n-asb-2023-03 Fix a bug when getting a gzip header extra field with inflate().
fi;

View File

@ -131,6 +131,11 @@ if enterAndClear "external/svox"; then
git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles
fi;
if enterAndClear "external/webp"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
sed -i '85i\ \ \ \ \ \ \ \ "src/utils/filters_utils.c",' Android.bp; #Fixup
fi;
if enterAndClear "external/zlib"; then
applyPatch "$DOS_PATCHES/android_external_zlib/351909.patch"; #P_asb_2023-03 Fix a bug when getting a gzip header extra field with inflate().
fi;

View File

@ -157,6 +157,10 @@ sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUnin
awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
fi;
if enterAndClear "external/webp"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
fi;
if enterAndClear "frameworks/av"; then
applyPatch "$DOS_PATCHES/android_frameworks_av/365962.patch"; #R_asb_2023-09 Fix Segv on unknown address error flagged by fuzzer test.
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)

View File

@ -142,6 +142,10 @@ sed -i 's/about to delete/unable to delete/' pico/src/com/svox/pico/LangPackUnin
awk -i inplace '!/deletePackage/' pico/src/com/svox/pico/LangPackUninstaller.java;
fi;
if enterAndClear "external/webp"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
fi;
if enterAndClear "external/zlib"; then
git fetch https://github.com/LineageOS/android_external_zlib refs/changes/70/352570/1 && git cherry-pick FETCH_HEAD; #Q_asb_2023-03
fi;

View File

@ -124,7 +124,7 @@ fi;
fi;
if enterAndClear "external/webp"; then
applyPatch "$DOS_PATCHES/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
applyPatch "$DOS_PATCHES_COMMON/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
fi;
if enterAndClear "frameworks/base"; then