From 3e2b2e0c4fa7157f9e3c57485d7fc28bc66724cc Mon Sep 17 00:00:00 2001 From: Tavi Date: Sat, 22 Jun 2024 20:45:00 -0400 Subject: [PATCH] Reconcile picks + Fixup Fixes https://github.com/Divested-Mobile/DivestOS-Build/issues/313 Signed-off-by: Tavi --- Scripts/Common/Fix_CVE_Patchers.sh | 4 ++-- Scripts/LineageOS-19.1/Functions.sh | 3 +-- Scripts/LineageOS-19.1/Patch.sh | 5 ----- Scripts/LineageOS-20.0/Functions.sh | 3 +-- Scripts/LineageOS-20.0/Patch.sh | 4 ---- 5 files changed, 4 insertions(+), 15 deletions(-) diff --git a/Scripts/Common/Fix_CVE_Patchers.sh b/Scripts/Common/Fix_CVE_Patchers.sh index c7f924f3..0c7c3867 100644 --- a/Scripts/Common/Fix_CVE_Patchers.sh +++ b/Scripts/Common/Fix_CVE_Patchers.sh @@ -55,8 +55,8 @@ commentPatches android_kernel_google_bonito.sh "CVE-2020-0067"; commentPatches android_kernel_google_coral.sh "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992" "CVE-2021-30324"; commentPatches android_kernel_google_dragon.sh "0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch" "0008-Graphene-Kernel_Hardening-ro" "CVE-2015-4167" "CVE-2017-15951" "CVE-2016-1237" "CVE-2016-6198" "CVE-2017-7374" "CVE-2018-17972" "CVE-2019-2214" "CVE-2021-39715/ANY/0001.patch"; commentPatches android_kernel_google_crosshatch.sh "CVE-2020-0067"; -commentPatches android_kernel_google_gs101_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2023-52672" "CVE-2024-26733/5.10/0002.patch" "CVE-2023-52656/5.10" "CVE-2024-26882"; -commentPatches android_kernel_google_gs201_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2023-52672" "CVE-2024-26733/5.10/0002.patch" "CVE-2023-52656/5.10" "CVE-2024-26882"; +commentPatches android_kernel_google_gs101_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2023-52672" "CVE-2024-26733/5.10/0002.patch" "CVE-2023-52656/5.10" "CVE-2024-26882" "CVE-2024-38564"; +commentPatches android_kernel_google_gs201_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2023-52672" "CVE-2024-26733/5.10/0002.patch" "CVE-2023-52656/5.10" "CVE-2024-26882" "CVE-2024-38564"; commentPatches android_kernel_google_marlin.sh "0001-LinuxIncrementals/3.18/3.18.0098-0099.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0048.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0049.patch" "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2017-13162/3.18/0001.patch" "CVE-2017-14883" "CVE-2017-15951" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2021-39715/ANY/0001.patch" "CVE-2022-42896/4.9"; commentPatches android_kernel_google_msm.sh "CVE-2017-11015/prima" "CVE-2021-Misc2/ANY/0031.patch"; commentPatches android_kernel_google_msm-4.9.sh "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-1749" "CVE-2020-8992" "CVE-2021-30324" "CVE-2021-45469"; diff --git a/Scripts/LineageOS-19.1/Functions.sh b/Scripts/LineageOS-19.1/Functions.sh index 71b21aca..5ad1901b 100644 --- a/Scripts/LineageOS-19.1/Functions.sh +++ b/Scripts/LineageOS-19.1/Functions.sh @@ -66,9 +66,8 @@ patchWorkspaceReal() { verifyAllPlatformTags; gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview"; - source build/envsetup.sh; + #source build/envsetup.sh; #repopick -ift twelve-bt-sbc-hd-dualchannel; - repopick -it S_asb_2024-06 -e 394523,394543; sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh"; diff --git a/Scripts/LineageOS-19.1/Patch.sh b/Scripts/LineageOS-19.1/Patch.sh index fe6cea3c..835b2444 100644 --- a/Scripts/LineageOS-19.1/Patch.sh +++ b/Scripts/LineageOS-19.1/Patch.sh @@ -95,7 +95,6 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) -sed -i 's/2024-05-05/2024-06-05/' core/version_defaults.mk; #Bump Security String #S_asb_2024-06 fi; if enterAndClear "build/soong"; then @@ -395,10 +394,6 @@ if enterAndClear "system/extras"; then applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS) fi; -if enterAndClear "system/libfmq"; then -git fetch https://github.com/LineageOS/android_system_libfmq refs/changes/43/394543/1 && git cherry-pick FETCH_HEAD; #S_asb_2024-06 -fi; - if enterAndClear "system/netd"; then applyPatch "$DOS_PATCHES/android_system_netd/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS) fi; diff --git a/Scripts/LineageOS-20.0/Functions.sh b/Scripts/LineageOS-20.0/Functions.sh index eec133fe..9286f878 100644 --- a/Scripts/LineageOS-20.0/Functions.sh +++ b/Scripts/LineageOS-20.0/Functions.sh @@ -162,8 +162,7 @@ patchWorkspaceReal() { verifyAllPlatformTags; gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview"; - source build/envsetup.sh; - repopick -it T_asb_2024-06 -e 394238,394253; + #source build/envsetup.sh; sh "$DOS_SCRIPTS/Patch.sh"; sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh"; diff --git a/Scripts/LineageOS-20.0/Patch.sh b/Scripts/LineageOS-20.0/Patch.sh index 7d4e8133..ed78d159 100644 --- a/Scripts/LineageOS-20.0/Patch.sh +++ b/Scripts/LineageOS-20.0/Patch.sh @@ -395,10 +395,6 @@ if enterAndClear "system/extras"; then applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #FBE: pad filenames more (GrapheneOS) fi; -if enterAndClear "system/libfmq"; then -git fetch https://github.com/LineageOS/android_system_libfmq refs/changes/53/394253/1 && git cherry-pick FETCH_HEAD; #T_asb_2024-06 -fi; - if enterAndClear "system/sepolicy"; then applyPatch "$DOS_PATCHES/android_system_sepolicy/0002-protected_files.patch"; #Label protected_{fifos,regular} as proc_security (GrapheneOS) applyPatch "$DOS_PATCHES/android_system_sepolicy/0003-ptrace_scope-1.patch"; #Allow init to control kernel.yama.ptrace_scope (GrapheneOS)