diff --git a/Patches/Linux b/Patches/Linux index 3186cf8a..1597ef48 160000 --- a/Patches/Linux +++ b/Patches/Linux @@ -1 +1 @@ -Subproject commit 3186cf8add09878e16a2f8b48c7094cacfda5a0f +Subproject commit 1597ef4834e603a695be77f7bb54cf473bf3a20f diff --git a/PrebuiltApps b/PrebuiltApps index 8fb91bdd..849a37e0 160000 --- a/PrebuiltApps +++ b/PrebuiltApps @@ -1 +1 @@ -Subproject commit 8fb91bddf49d7f0c7550f8b2336d1c0a53cde7d3 +Subproject commit 849a37e021f84355a75df6bf95c3587503bef065 diff --git a/Scripts/LineageOS-11.0/Functions.sh b/Scripts/LineageOS-11.0/Functions.sh index 0a4696e6..f5d93126 100644 --- a/Scripts/LineageOS-11.0/Functions.sh +++ b/Scripts/LineageOS-11.0/Functions.sh @@ -64,6 +64,7 @@ patchWorkspace() { repopick -it asb-2019.04-cm11 -e 246293; repopick -it asb-2019.05-cm11; repopick -it asb-2019.06-cm11; + repopick -it asb-2019.07-cm11; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Defaults.sh"; diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index e6e81dce..96d2718b 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -113,9 +113,7 @@ patchWorkspace() { repopick -it CVE-2019-2033; repopick 248599; #restrict SET_TIME_ZONE permission repopick 248600 248649; #/proc hardening - #repopick 249553; #bluetooth: drop connections with weak encryption keys - repopick 250940; #update webview - repopick -it n-asb-2019-07; + repopick -it n-tzdata-2019b; export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 3357531b..9912562d 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -84,10 +84,7 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - source build/envsetup.sh; - #repopick 219020; #ab-neverallow-user - #repopick 249549; #bluetooth: drop connections with weak encryption keys - repopick -it O_asb_2019-07; + #source build/envsetup.sh; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Defaults.sh"; diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_fairphone_msm8974.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_fairphone_msm8974.sh index fbcbde6d..8f7eb691 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_fairphone_msm8974.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_fairphone_msm8974.sh @@ -3,7 +3,6 @@ cd "$DOS_BUILD_BASE""kernel/fairphone/msm8974" git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.4/3.4.0046-0047.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.4/3.4.0077-0078.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.4/3.4.0089-0090.patch --exclude=Makefile -git apply $DOS_PATCHES_LINUX_CVES/0005-Copperhead-Deny_USB/3.4/3.4-Backport.patch git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-2373/^3.4.5/0001.patch @@ -176,7 +175,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch @@ -194,12 +192,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/772877_0001-usb-core-Fix-use-after-free-for-hub-usb-device.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch -editKernelLocalversion "-dos.p201" +editKernelLocalversion "-dos.p197" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh index eb0892e4..e4065908 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh @@ -1,9 +1,7 @@ #!/bin/bash cd "$DOS_BUILD_BASE""kernel/lge/mako" -git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0008.patch git apply $DOS_PATCHES_LINUX_CVES/0003-syskaller-Misc/ANY/0009.patch git apply $DOS_PATCHES_LINUX_CVES/0005-Copperhead-Deny_USB/3.4/3.4-Backport.patch -git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6704/^3.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/^3.9/0001.patch @@ -29,11 +27,9 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/^4.5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/^4.5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2384/^4.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2544/^4.4.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/^4.5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4485/^4.5.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4580/^4.5.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4913/^4.5.5/0001.patch @@ -41,24 +37,16 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5829/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6753/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6791/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6828/^4.7.5/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7910/^4.7.1/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7915/^4.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8399/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8406/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8463/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8650/^4.8.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/^4.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9793/^4.8.14/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9794/^4.7/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0403/3.0-^3.18/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch @@ -66,15 +54,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/^4.12.2/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/^4.12/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16525/^4.13.8/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13.8/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13.10/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch @@ -83,19 +67,13 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17450/^4.14.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/^4.14.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17805/^4.14.8/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/^4.14.8/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2671/^4.10.8/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6074/^4.9.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6951/^3.14.79/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/^4.10.6/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/^4.10.6/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7308/^4.10.6/0003.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/^4.11.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/^4.10.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch @@ -103,14 +81,12 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8247/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/^4.14.3/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8890/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10675/^4.12.9/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch @@ -132,7 +108,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9439/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch @@ -140,13 +116,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0004/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-5d89eb01c93d8a62998e3bdccae28a7732e3bd51.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-7be3e08d7a523207486701b2d34607137558066f.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch -editKernelLocalversion "-dos.p148" +editKernelLocalversion "-dos.p122" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index bad271ca..6248c2e1 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -63,9 +63,7 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - source build/envsetup.sh; - repopick 249538; #update webview - repopick -it P_asb_2019-07; + #source build/envsetup.sh; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Defaults.sh"; diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 33d9bb37..91947be0 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -159,6 +159,7 @@ enterAndClear "packages/inputmethods/LatinIME"; patch -p1 < "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voice.patch"; #Remove voice input key enterAndClear "packages/services/Telephony"; +git revert 99564aaf0417c9ddf7d6aeb10d326e5b24fa8f55; patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch"; patch -p1 < "$DOS_PATCHES/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch"; @@ -205,7 +206,7 @@ git revert 218f7442874f7b7d494f265286a2151e2f81bb6e; #disable dexpreopt full and echo "allow kickstart usbfs:dir search;" >> sepolicy/kickstart.te; #Fix forceencrypt on first boot echo "allow system_server sensors_data_file:dir search;" >> sepolicy/system_server.te; #Fix qcom_sensors log spam echo "allow system_server sensors_data_file:dir r_file_perms;" >> sepolicy/system_server.te; -sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 75M free +sed -i 's/1333788672/880803840/' BoardConfig.mk; #don't touch partitions! DOS -user fits with 40M free awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' BoardConfig.mk; enterAndClear "device/oppo/msm8974-common";