Changes

- WebView update
- 14.1: drop osprey, tested compiling on 17.1
- comment updates
- small patcher fixes

Signed-off-by: Tad <tad@spotco.us>

Manifests/Manifest_LAOS-14.1.xml

@@ -94,11 +94,6 @@
 	<project path="device/lge/h815" name="LineageOS/android_device_lge_h815" remote="github" />
 	<project path="kernel/lge/msm8992" name="LineageOS/android_kernel_lge_msm8992" remote="github" />
 
-	<!-- Moto G 3rd Gen (osprey) -->
-	<project path="device/motorola/msm8916-common" name="LineageOS/android_device_motorola_msm8916-common" remote="github" />
-	<project path="device/motorola/osprey" name="LineageOS/android_device_motorola_osprey" remote="github" />
-	<project path="kernel/motorola/msm8916" name="LineageOS/android_kernel_motorola_msm8916" remote="github" />
-
 	<!-- Moto X Pure Edition (clark) -->
 	<project path="device/motorola/clark" name="LineageOS/android_device_motorola_clark" remote="github" />
 	<project path="kernel/motorola/msm8992" name="LineageOS/android_kernel_motorola_msm8992" remote="github" />

Scripts/Common/Fix_CVE_Patchers.sh

@@ -65,7 +65,7 @@ commentPatches android_kernel_oneplus_msm8994.sh "CVE-2018-3585/3.10/0001.patch"
 commentPatches android_kernel_oneplus_msm8996.sh "CVE-2017-13162/3.18/0001.patch" "CVE-2017-15951" "CVE-2017-16939" "CVE-2018-17972" "CVE-2019-2214" "CVE-2019-14070/ANY/0006.patch" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166";
 commentPatches android_kernel_oneplus_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-11599" "CVE-2019-19319" "CVE-2020-0305" "CVE-2020-8992" "CVE-2020-16166";
 commentPatches android_kernel_oneplus_sm7250.sh "CVE-2018-5873" "CVE-2020-1749" "CVE-2021-3444" "CVE-2021-3600";
-commentPatches android_kernel_oneplus_sm8150.sh "CVE-2019-16746" "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-8992";
+commentPatches android_kernel_oneplus_sm8150.sh "CVE-2019-16746" "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-8992" "CVE-2020-24588/4.14/0018.patch";
 commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-14070/ANY/0005.patch" "CVE-2020-16166";
 commentPatches android_kernel_samsung_jf.sh "CVE-2019-11599";
 commentPatches android_kernel_samsung_msm8930-common.sh "CVE-2017-11015/prima" "CVE-2019-11599";

Scripts/Common/Functions.sh

@@ -687,6 +687,7 @@ hardenDefconfig() {
 	#fi;
 	if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then optionsNo+=("IPA" "RMNET_IPA"); fi;
 	optionsNo+=("WIREGUARD"); #Requires root access, which we do not provide
+	#optionsNo+=("LTO_CLANG"); #Can easily require 64GB of RAM on host system to compile
 	for option in "${optionsNo[@]}"
 	do
 		sed -i 's/'"CONFIG_$option"'=y/# '"CONFIG_$option"' is not set/' $defconfigPath &>/dev/null || true;

Scripts/LineageOS-14.1/Functions.sh

@@ -18,7 +18,7 @@
 #Last verified: 2018-04-27
 
 patchAllKernels() {
-	startPatcher "kernel_amazon_hdx-common kernel_asus_grouper kernel_htc_msm8960 kernel_htc_msm8994 kernel_lge_msm8992 kernel_motorola_msm8916 kernel_motorola_msm8992 kernel_samsung_exynos5420 kernel_samsung_manta kernel_samsung_smdk4412 kernel_samsung_tuna kernel_samsung_universal8890";
+	startPatcher "kernel_amazon_hdx-common kernel_asus_grouper kernel_htc_msm8960 kernel_htc_msm8994 kernel_lge_msm8992 kernel_motorola_msm8992 kernel_samsung_exynos5420 kernel_samsung_manta kernel_samsung_smdk4412 kernel_samsung_tuna kernel_samsung_universal8890";
 }
 export -f patchAllKernels;
 
@@ -69,8 +69,6 @@ buildAll() {
 	#SD808
 	buildDevice clark; #Last version with working IMS
 	buildDevice h815;
-	#SD410
-	buildDevice osprey;
 	#SD810
 	buildDevice himaul;
 	#Exynos

Scripts/LineageOS-14.1/Patch.sh

@@ -55,7 +55,7 @@ cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BAS
 cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
 
 if enterAndClear "bootable/recovery"; then
-git revert --no-edit 3c0d796b79c7a1ee904e0cef7c0f2e20bf84c237; #remove sideload cache, breaks with large files
+git revert --no-edit 3c0d796b79c7a1ee904e0cef7c0f2e20bf84c237; #Remove sideload cache, breaks with large files
 patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-Squash_Menus.patch"; #What's a back button?
 sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' recovery.cpp; #Abort package installs if they are specific to a serial number (GrapheneOS)
 fi;
@@ -376,7 +376,6 @@ removeBuildFingerprints;
 
 #Tweaks for <2GB RAM devices
 enableLowRam "device/asus/grouper";
-enableLowRam "device/motorola/osprey";
 enableLowRam "device/samsung/i9100";
 enableLowRam "device/samsung/i9300";
 enableLowRam "device/samsung/i9305";

Scripts/LineageOS-15.1/Patch.sh

@@ -52,7 +52,7 @@ cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BAS
 cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
 
 if enterAndClear "bootable/recovery"; then
-git revert --no-edit eb98fde70a6e54a25408eb8c626caecf7841c5df; #remove sideload cache, breaks with large files
+git revert --no-edit eb98fde70a6e54a25408eb8c626caecf7841c5df; #Remove sideload cache, breaks with large files
 git revert --no-edit ac258a4f4c4b4b91640cc477ad1ac125f206db02; #Resurrect dm-verity
 sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys
 sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' recovery.cpp; #Abort package installs if they are specific to a serial number (GrapheneOS)

Scripts/LineageOS-16.0/Patch.sh

@@ -272,7 +272,7 @@ fi;
 if enter "vendor/divested"; then
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
 if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
-echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels the necessary patch
+echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
 fi;
 #
 #END OF ROM CHANGES

Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_motorola_msm8916.sh

@@ -1,9 +1,7 @@
 #!/bin/bash
 cd "$DOS_BUILD_BASE""kernel/motorola/msm8916"
 #git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.10/3.10.0050-0051.patch --exclude=Makefile
-git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.10/3.10.0052-0053.patch --exclude=Makefile
 git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.10/3.10.0053-0054.patch --exclude=Makefile
-git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/3.10/3.10.0087-0088.patch --exclude=Makefile
 git apply $DOS_PATCHES_LINUX_CVES/0002-Misc_Fixes/ANY/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/0002-Misc_Fixes/ANY/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/0002-Misc_Fixes/ANY/0007.patch
@@ -11,6 +9,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0004-No_dir-relax.patch
 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0009.patch
@@ -23,7 +22,6 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00
 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0016.patch
 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0017.patch
 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0018.patch
-git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0011.patch
 git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0012.patch
 git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0013.patch
@@ -46,6 +44,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3673/^3.17.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3687/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3688/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-3690/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-5077/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-6410/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-6416/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-6416/3.10/0004.patch
@@ -59,18 +58,14 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8134/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8159/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8369/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8480/^3.18/0001.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8559/3.10/0003.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8559/3.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8884/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9090/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9419/3.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9420/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9584/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9585/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9710/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9728/^3.18.2/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9728/^3.18.2/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9781/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-0239/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1339/^4.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1421/3.10/0002.patch
@@ -112,9 +107,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8746/^4.2.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8767/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8812/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8844/3.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8950/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8955/^4.1/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8967/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8970/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-9289/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2069/3.10/0005.patch
@@ -127,11 +119,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2782/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3137/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3157/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/3.10/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3892/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3902/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3955/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3961/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4565/3.10/0002.patch
@@ -141,15 +128,13 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4998/3.10/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-4998/3.10/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/3.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5858/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5858/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6694/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5.2/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7425/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8481/ANY/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8633/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8645/3.10/0002.patch
@@ -164,55 +149,49 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-partial-SMAP-bypass/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0453/prima/0003.patch --directory=drivers/staging/prima
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/3.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2583/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2584/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5549/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5551/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5986/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6001/^4.9.7/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9.13/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6353/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6424/prima/0001.patch --directory=drivers/staging/prima
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7261/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7273/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7294/3.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7482/3.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7541/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7645/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8067/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8068/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8069/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8824/3.10/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8924/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8925/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9723/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9984/^4.11.7/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11014/prima/0001.patch --directory=drivers/staging/prima
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11089/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11084/prima/0001.patch --directory=drivers/staging/prima
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11176/^4.11.9/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/3.10/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11600/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12762/^4.12/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13078/prima/0001.patch --directory=drivers/staging/prima
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.10/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13695/^4.12.9/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14051/3.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14106/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14489/^4.13.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15102/3.10/0002.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15817/prima/0001.patch --directory=drivers/staging/prima
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15817/prima/0002.patch --directory=drivers/staging/prima
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15837/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13.6/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13.11/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16534/3.10/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13.11/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13.11/0002.patch
@@ -224,30 +203,21 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18079/^4.12.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18203/^4.14.3/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18255/^4.11/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18360/^4.11.3/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18595/^4.14.11/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000253/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/3.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000410/3.10/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/^4.16/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-3563/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5332/^4.14.13/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5333/^4.14.13/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5390/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5750/^4.14.15/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5803/3.10/0010.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5835/prima/0001.patch --directory=drivers/staging/prima
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7492/^4.14.7/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7566/^4.15/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7755/^4.15.7/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7757/^4.15.7/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8781/^4.15/0001.patch
-#git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9514/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9515/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/^4.17/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9518/3.10/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9568/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10021/^4.16/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10087/^4.13/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10124/^4.13/0001.patch
@@ -259,14 +229,13 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10881/3.10/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11987/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-12233/^4.17.1/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/3.10/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13405/3.10/0007.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14634/3.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14734/^4.17.11/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16885/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18021/^4.18.12/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-19824/3.10/0008.patch
@@ -276,32 +245,18 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1000199/3.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/^3.10/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/3.10/0009.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2215/3.10/0011.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2331/ANY/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2341/ANY/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/3.10/0009.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3460/3.10/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2181/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/3.10/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/^5.0.17/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10491/ANY/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10497/ANY/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10519/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10639/3.10/0008.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11477/3.10/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11478/3.10/0003.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11478/3.10/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11479/3.10/0005.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11479/3.10/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11486/^5.0.8/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11833/3.10/0009.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-11884/3.10/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13631/^5.2.1/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14038/ANY/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14039/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14055/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14284/^5.2.3/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15098/^5.2.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15212/^5.1.8/0001.patch
@@ -328,20 +283,12 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19533/^5.3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19536/^5.2.9/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19965/^5.4.6/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19966/^5.1.6/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20636/^5.4.12/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0030/3.10/0006.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0429/^4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0431/^3.18/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3651/prima/0001.patch --directory=drivers/staging/prima
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8647/^5.5.2/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10773/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11115/prima/0003.patch --directory=drivers/staging/prima
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11116/prima/0003.patch --directory=drivers/staging/prima
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11118/prima/0003.patch --directory=drivers/staging/prima
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11267/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11267/ANY/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11272/prima/0002.patch --directory=drivers/staging/prima
@@ -379,5 +326,5 @@ git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/1035495_0001-cnss-Add-NULL-ch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-4002/3.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/^5.2.3/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/^5.3.11/0001.patch
-editKernelLocalversion "-dos.p379"
+editKernelLocalversion "-dos.p326"
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_sm8150.sh

@@ -294,7 +294,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16166/4.14/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24394/^5.7.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24490/4.14/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24588/4.14/0018.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24588/4.14/0018.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24588/^5.12/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25211/4.14/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25212/4.14/0005.patch

Scripts/LineageOS-17.1/Functions.sh

@@ -56,9 +56,9 @@ buildAll() {
 	if [ "$DOS_OPTIMIZE_IMAGES" = true ]; then optimizeImagesRecursive "$DOS_BUILD_BASE"; fi;
 	#SD410
 	buildDevice crackling;
-	buildDevice osprey; #needs manual patching + more - mkdir proprietary/priv-app && cp -r proprietary/system/priv-app/qcrilmsgtunnel proprietary/priv-app/
+	buildDevice osprey;
 	#SD801
-	buildDevice m8; #18.1 has issues
+	buildDevice m8; #18.1 has issues?
 	#SD808
 	buildDevice clark;
 	#SD810

Scripts/LineageOS-17.1/Patch.sh

@@ -275,7 +275,7 @@ if enter "vendor/divested"; then
 awk -i inplace '!/EtarPrebuilt/' packages.mk; #lineage-17.1 calendar is Etar fork
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
 if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
-echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels the necessary patch
+echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
 fi;
 #
 #END OF ROM CHANGES

Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_sm8150.sh

@@ -89,7 +89,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15780/^5.7.7/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16166/4.14/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24587/qca-wifi-host-cmn/0015.patch --directory=drivers/staging/qca-wifi-host-cmn
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24588/4.14/0018.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24588/4.14/0018.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24588/^5.12/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25211/4.14/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25212/4.14/0005.patch

Scripts/LineageOS-18.1/Patch.sh

@@ -258,7 +258,7 @@ awk -i inplace '!/EtarPrebuilt/' packages.mk; #lineage-17.1 calendar is Etar for
 awk -i inplace '!/_lookup/' overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove all lookup provider overrides
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then echo "PRODUCT_PACKAGES += GmsCore GsfProxy FakeStore" >> packages.mk; fi; #Include microG
 if [ "$DOS_HOSTS_BLOCKING" = false ]; then echo "PRODUCT_PACKAGES += $DOS_HOSTS_BLOCKING_APP" >> packages.mk; fi; #Include blocker app
-echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels the necessary patch
+echo "PRODUCT_PACKAGES += vendor.lineage.trust@1.0-service" >> packages.mk; #Add deny usb service, all of our kernels have the necessary patch
 echo "PRODUCT_PACKAGES += eSpeakNG" >> packages.mk; #PicoTTS needs work to compile on 18.1, use eSpeak-NG instead
 fi;
 #

Scripts/init.sh

@@ -61,7 +61,7 @@ export DOS_MICROG_INCLUDED="NLP"; #Determines inclusion of microG. Options: NLP,
 export DOS_NON_COMMERCIAL_USE_PATCHES=false; #Set true to allow inclusion of non-commercial use patches XXX: Unused, see 1dc9247
 export DOS_OPTIMIZE_IMAGES=false; #Set true to apply lossless optimizations to image resources
 export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
-alias DOS_WEBVIEW_CHERRYPICK='git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/82/313782/2';
+alias DOS_WEBVIEW_CHERRYPICK='git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/82/313782/3';
 
 #Servers
 export DOS_DEFAULT_DNS_PRESET="Quad9"; #Sets default DNS. Options: See changeDefaultDNS() in Scripts/Common/Functions.sh