New patchers

Patches/Linux_CVEs-New/CVE-2016-2185/ANY/1.patch

@@ -1,109 +0,0 @@
-From 37735ed2c8c12e9671a3742d6b9028bad43852df Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Wed, 23 Mar 2016 11:53:46 -0700
-Subject: [PATCH] Input: ati_remote2 - fix crashes on detecting device with
- invalid descriptor
-
-[ Upstream commit 950336ba3e4a1ffd2ca60d29f6ef386dd2c7351d ]
-
-The ati_remote2 driver expects at least two interfaces with one
-endpoint each. If given malicious descriptor that specify one
-interface or no endpoints, it will crash in the probe function.
-Ensure there is at least two interfaces and one endpoint for each
-interface before using it.
-
-The full disclosure: http://seclists.org/bugtraq/2016/Mar/90
-
-Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
----
- drivers/input/misc/ati_remote2.c | 36 ++++++++++++++++++++++++++++++------
- 1 file changed, 30 insertions(+), 6 deletions(-)
-
-diff --git a/drivers/input/misc/ati_remote2.c b/drivers/input/misc/ati_remote2.c
-index f63341f20b91a..e8c6a4842e91c 100644
---- a/drivers/input/misc/ati_remote2.c
-+++ b/drivers/input/misc/ati_remote2.c
-@@ -817,26 +817,49 @@ static int ati_remote2_probe(struct usb_interface *interface, const struct usb_d
- 
- 	ar2->udev = udev;
- 
-+	/* Sanity check, first interface must have an endpoint */
-+	if (alt->desc.bNumEndpoints < 1 || !alt->endpoint) {
-+		dev_err(&interface->dev,
-+			"%s(): interface 0 must have an endpoint\n", __func__);
-+		r = -ENODEV;
-+		goto fail1;
-+	}
- 	ar2->intf[0] = interface;
- 	ar2->ep[0] = &alt->endpoint[0].desc;
- 
-+	/* Sanity check, the device must have two interfaces */
- 	ar2->intf[1] = usb_ifnum_to_if(udev, 1);
-+	if ((udev->actconfig->desc.bNumInterfaces < 2) || !ar2->intf[1]) {
-+		dev_err(&interface->dev, "%s(): need 2 interfaces, found %d\n",
-+			__func__, udev->actconfig->desc.bNumInterfaces);
-+		r = -ENODEV;
-+		goto fail1;
-+	}
-+
- 	r = usb_driver_claim_interface(&ati_remote2_driver, ar2->intf[1], ar2);
- 	if (r)
- 		goto fail1;
-+
-+	/* Sanity check, second interface must have an endpoint */
- 	alt = ar2->intf[1]->cur_altsetting;
-+	if (alt->desc.bNumEndpoints < 1 || !alt->endpoint) {
-+		dev_err(&interface->dev,
-+			"%s(): interface 1 must have an endpoint\n", __func__);
-+		r = -ENODEV;
-+		goto fail2;
-+	}
- 	ar2->ep[1] = &alt->endpoint[0].desc;
- 
- 	r = ati_remote2_urb_init(ar2);
- 	if (r)
--		goto fail2;
-+		goto fail3;
- 
- 	ar2->channel_mask = channel_mask;
- 	ar2->mode_mask = mode_mask;
- 
- 	r = ati_remote2_setup(ar2, ar2->channel_mask);
- 	if (r)
--		goto fail2;
-+		goto fail3;
- 
- 	usb_make_path(udev, ar2->phys, sizeof(ar2->phys));
- 	strlcat(ar2->phys, "/input0", sizeof(ar2->phys));
-@@ -845,11 +868,11 @@ static int ati_remote2_probe(struct usb_interface *interface, const struct usb_d
- 
- 	r = sysfs_create_group(&udev->dev.kobj, &ati_remote2_attr_group);
- 	if (r)
--		goto fail2;
-+		goto fail3;
- 
- 	r = ati_remote2_input_init(ar2);
- 	if (r)
--		goto fail3;
-+		goto fail4;
- 
- 	usb_set_intfdata(interface, ar2);
- 
-@@ -857,10 +880,11 @@ static int ati_remote2_probe(struct usb_interface *interface, const struct usb_d
- 
- 	return 0;
- 
-- fail3:
-+ fail4:
- 	sysfs_remove_group(&udev->dev.kobj, &ati_remote2_attr_group);
-- fail2:
-+ fail3:
- 	ati_remote2_urb_cleanup(ar2);
-+ fail2:
- 	usb_driver_release_interface(&ati_remote2_driver, ar2->intf[1]);
-  fail1:
- 	kfree(ar2);

Patches/Linux_CVEs-New/CVE-2016-2186/ANY/1.patch

@@ -1,38 +0,0 @@
-From b684cb33d6867e10ba45375a12ef9f3ceb6f0aa7 Mon Sep 17 00:00:00 2001
-From: Josh Boyer <jwboyer@fedoraproject.org>
-Date: Mon, 14 Mar 2016 09:33:40 -0700
-Subject: [PATCH] Input: powermate - fix oops with malicious USB descriptors
-
-[ Upstream commit 9c6ba456711687b794dcf285856fc14e2c76074f ]
-
-The powermate driver expects at least one valid USB endpoint in its
-probe function.  If given malicious descriptors that specify 0 for
-the number of endpoints, it will crash.  Validate the number of
-endpoints on the interface before using them.
-
-The full report for this issue can be found here:
-http://seclists.org/bugtraq/2016/Mar/85
-
-Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
-Cc: stable <stable@vger.kernel.org>
-Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
-Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
----
- drivers/input/misc/powermate.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/drivers/input/misc/powermate.c b/drivers/input/misc/powermate.c
-index 63b539d3dabae..84909a12ff36c 100644
---- a/drivers/input/misc/powermate.c
-+++ b/drivers/input/misc/powermate.c
-@@ -307,6 +307,9 @@ static int powermate_probe(struct usb_interface *intf, const struct usb_device_i
- 	int error = -ENOMEM;
- 
- 	interface = intf->cur_altsetting;
-+	if (interface->desc.bNumEndpoints < 1)
-+		return -EINVAL;
-+
- 	endpoint = &interface->endpoint[0].desc;
- 	if (!usb_endpoint_is_int_in(endpoint))
- 		return -EIO;

Patches/Linux_CVEs-New/CVE-2017-5669/ANY/0.patch

@@ -1,70 +0,0 @@
-From e1d35d4dc7f089e6c9c080d556feedf9c706f0c7 Mon Sep 17 00:00:00 2001
-From: Davidlohr Bueso <dave@stgolabs.net>
-Date: Wed, 8 Feb 2017 10:28:24 +1100
-Subject: [PATCH] ipc/shm: Fix shmat mmap nil-page protection
-
-The issue is described here, with a nice testcase:
-
-    https://bugzilla.kernel.org/show_bug.cgi?id=192931
-
-The problem is that shmat() calls do_mmap_pgoff() with MAP_FIXED, and the
-address rounded down to 0.  For the regular mmap case, the protection
-mentioned above is that the kernel gets to generate the address --
-arch_get_unmapped_area() will always check for MAP_FIXED and return that
-address.  So by the time we do security_mmap_addr(0) things get funky for
-shmat().
-
-The testcase itself shows that while a regular user crashes, root will not
-have a problem attaching a nil-page.  There are two possible fixes to
-this.  The first, and which this patch does, is to simply allow root to
-crash as well -- this is also regular mmap behavior, ie when hacking up
-the testcase and adding mmap(...  |MAP_FIXED).  While this approach is the
-safer option, the second alternative is to ignore SHM_RND if the rounded
-address is 0, thus only having MAP_SHARED flags.  This makes the behavior
-of shmat() identical to the mmap() case.  The downside of this is
-obviously user visible, but does make sense in that it maintains semantics
-after the round-down wrt 0 address and mmap.
-
-Passes shm related ltp tests.
-
-Link: http://lkml.kernel.org/r/1486050195-18629-1-git-send-email-dave@stgolabs.net
-Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
-Reported-by: Gareth Evans <gareth.evans@contextis.co.uk>
-Cc: Manfred Spraul <manfred@colorfullife.com>
-Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
----
- ipc/shm.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/ipc/shm.c b/ipc/shm.c
-index d7805acb44fd4..06ea9ef7f54a7 100644
---- a/ipc/shm.c
-+++ b/ipc/shm.c
-@@ -1091,8 +1091,8 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
-  * "raddr" thing points to kernel space, and there has to be a wrapper around
-  * this.
-  */
--long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
--	      unsigned long shmlba)
-+long do_shmat(int shmid, char __user *shmaddr, int shmflg,
-+	      ulong *raddr, unsigned long shmlba)
- {
- 	struct shmid_kernel *shp;
- 	unsigned long addr;
-@@ -1113,8 +1113,13 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
- 		goto out;
- 	else if ((addr = (ulong)shmaddr)) {
- 		if (addr & (shmlba - 1)) {
--			if (shmflg & SHM_RND)
--				addr &= ~(shmlba - 1);	   /* round down */
-+			/*
-+			 * Round down to the nearest multiple of shmlba.
-+			 * For sane do_mmap_pgoff() parameters, avoid
-+			 * round downs that trigger nil-page and MAP_FIXED.
-+			 */
-+			if ((shmflg & SHM_RND) && addr >= shmlba)
-+				addr &= ~(shmlba - 1);
- 			else
- #ifndef __ARCH_FORCE_SHMLBA
- 				if (addr & ~PAGE_MASK)

Patches/Linux_CVEs-New/CVE-2017-6074/ANY/1.patch

@@ -1,47 +0,0 @@
-From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001
-From: Andrey Konovalov <andreyknvl@google.com>
-Date: Thu, 16 Feb 2017 17:22:46 +0100
-Subject: dccp: fix freeing skb too early for IPV6_RECVPKTINFO
-
-In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet
-is forcibly freed via __kfree_skb in dccp_rcv_state_process if
-dccp_v6_conn_request successfully returns.
-
-However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb
-is saved to ireq->pktopts and the ref count for skb is incremented in
-dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed
-in dccp_rcv_state_process.
-
-Fix by calling consume_skb instead of doing goto discard and therefore
-calling __kfree_skb.
-
-Similar fixes for TCP:
-
-fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed.
-0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now
-simply consumed
-
-Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
-Acked-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/dccp/input.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/net/dccp/input.c b/net/dccp/input.c
-index ba34718..8fedc2d 100644
---- a/net/dccp/input.c
-+++ b/net/dccp/input.c
-@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
- 			if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
- 								    skb) < 0)
- 				return 1;
--			goto discard;
-+			consume_skb(skb);
-+			return 0;
- 		}
- 		if (dh->dccph_type == DCCP_PKT_RESET)
- 			goto discard;
--- 
-cgit v1.1
-

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+cd $base"kernel/amazon/hdx-common"
+git apply $cvePatches/CVE-2012-6704/ANY/0.patch
+git apply $cvePatches/CVE-2014-1739/ANY/0.patch
+git apply $cvePatches/CVE-2014-4656/ANY/0.patch
+git apply $cvePatches/CVE-2014-9420/ANY/0.patch
+git apply $cvePatches/CVE-2014-9781/ANY/0.patch
+git apply $cvePatches/CVE-2014-9876/3.4/1.patch
+git apply $cvePatches/CVE-2014-9880/ANY/0.patch
+git apply $cvePatches/CVE-2015-1593/ANY/0.patch
+git apply $cvePatches/CVE-2016-10230/ANY/0.patch
+git apply $cvePatches/CVE-2016-2185/ANY/0.patch
+git apply $cvePatches/CVE-2016-2186/ANY/0.patch
+git apply $cvePatches/CVE-2016-2488/ANY/0.patch
+git apply $cvePatches/CVE-2016-2544/ANY/0.patch
+git apply $cvePatches/CVE-2016-3841/3.4/0.patch
+git apply $cvePatches/CVE-2016-3893/ANY/0.patch
+git apply $cvePatches/CVE-2016-6672/ANY/0.patch
+git apply $cvePatches/CVE-2016-6751/ANY/0.patch
+git apply $cvePatches/CVE-2016-6753/ANY/0.patch
+git apply $cvePatches/CVE-2016-8404/ANY/0.patch
+git apply $cvePatches/CVE-2016-8417/ANY/0.patch
+git apply $cvePatches/CVE-2016-8444/ANY/0.patch
+git apply $cvePatches/CVE-2016-9604/ANY/0.patch
+git apply $cvePatches/CVE-2017-0403/ANY/0.patch
+git apply $cvePatches/CVE-2017-0404/ANY/0.patch
+git apply $cvePatches/CVE-2017-0611/ANY/0.patch
+git apply $cvePatches/CVE-2017-0751/ANY/0.patch
+git apply $cvePatches/CVE-2017-0786/ANY/0.patch
+git apply $cvePatches/CVE-2017-10662/ANY/0.patch
+git apply $cvePatches/CVE-2017-11000/ANY/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-2671/ANY/0.patch
+git apply $cvePatches/CVE-2017-5970/ANY/0.patch
+git apply $cvePatches/CVE-2017-6074/ANY/0.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+git apply $cvePatches/CVE-2017-6951/ANY/0.patch
+git apply $cvePatches/CVE-2017-7487/ANY/0.patch
+git apply $cvePatches/CVE-2017-8247/ANY/0.patch
+git apply $cvePatches/CVE-2017-9242/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_mako.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+cd $base"kernel/lge/mako"
+git apply $cvePatches/CVE-2016-8402/3.4/1.patch
+git apply $cvePatches/CVE-2016-8404/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+cd $base"kernel/motorola/msm8992"
+git apply $cvePatches/CVE-2014-9781/ANY/0.patch
+git apply $cvePatches/CVE-2015-8019/3.10/0.patch
+git apply $cvePatches/CVE-2016-0758/ANY/0.patch
+git apply $cvePatches/CVE-2016-10200/ANY/0.patch
+git apply $cvePatches/CVE-2016-10230/ANY/0.patch
+git apply $cvePatches/CVE-2016-10231/ANY/1.patch
+git apply $cvePatches/CVE-2016-10232/3.10/1.patch
+git apply $cvePatches/CVE-2016-10233/3.10/1.patch
+git apply $cvePatches/CVE-2016-2063/ANY/0.patch
+git apply $cvePatches/CVE-2016-3070/ANY/0.patch
+git apply $cvePatches/CVE-2016-3134/3.10/0.patch
+git apply $cvePatches/CVE-2016-3672/ANY/0.patch
+git apply $cvePatches/CVE-2016-3857/3.10/0.patch
+git apply $cvePatches/CVE-2016-3865/ANY/0.patch
+git apply $cvePatches/CVE-2016-3865/ANY/1.patch
+git apply $cvePatches/CVE-2016-3867/3.10/0.patch
+git apply $cvePatches/CVE-2016-3902/ANY/0.patch
+git apply $cvePatches/CVE-2016-3907/ANY/0.patch
+git apply $cvePatches/CVE-2016-5346/ANY/0.patch
+git apply $cvePatches/CVE-2016-5347/ANY/0.patch
+git apply $cvePatches/CVE-2016-5853/ANY/0.patch
+git apply $cvePatches/CVE-2016-5859/ANY/0.patch
+git apply $cvePatches/CVE-2016-5867/ANY/0.patch
+git apply $cvePatches/CVE-2016-6672/ANY/0.patch
+git apply $cvePatches/CVE-2016-6681/ANY/0.patch
+git apply $cvePatches/CVE-2016-6751/ANY/0.patch
+git apply $cvePatches/CVE-2016-6753/ANY/0.patch
+git apply $cvePatches/CVE-2016-8417/ANY/0.patch
+git apply $cvePatches/CVE-2016-8444/ANY/0.patch
+git apply $cvePatches/CVE-2016-8479/ANY/0.patch
+git apply $cvePatches/CVE-2016-8483/3.10/1.patch
+git apply $cvePatches/CVE-2016-9604/ANY/0.patch
+git apply $cvePatches/CVE-2017-0404/ANY/0.patch
+git apply $cvePatches/CVE-2017-0427/3.10/1.patch
+git apply $cvePatches/CVE-2017-0436/ANY/0.patch
+git apply $cvePatches/CVE-2017-0457/3.10/0.patch
+git apply $cvePatches/CVE-2017-0457/3.10/1.patch
+git apply $cvePatches/CVE-2017-0459/3.10/1.patch
+git apply $cvePatches/CVE-2017-0460/3.10/1.patch
+git apply $cvePatches/CVE-2017-0463/ANY/0.patch
+git apply $cvePatches/CVE-2017-0516/ANY/0.patch
+git apply $cvePatches/CVE-2017-0523/ANY/0.patch
+git apply $cvePatches/CVE-2017-0537/ANY/0.patch
+git apply $cvePatches/CVE-2017-0604/ANY/0.patch
+git apply $cvePatches/CVE-2017-0606/ANY/0.patch
+git apply $cvePatches/CVE-2017-0611/ANY/0.patch
+git apply $cvePatches/CVE-2017-0627/ANY/0.patch
+git apply $cvePatches/CVE-2017-0631/ANY/0.patch
+git apply $cvePatches/CVE-2017-0746/ANY/0.patch
+git apply $cvePatches/CVE-2017-0748/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+git apply $cvePatches/CVE-2017-0751/ANY/0.patch
+git apply $cvePatches/CVE-2017-0794/3.10/0.patch
+git apply $cvePatches/CVE-2017-10997/ANY/0.patch
+git apply $cvePatches/CVE-2017-10998/3.10/0.patch
+git apply $cvePatches/CVE-2017-11048/3.10/0.patch
+git apply $cvePatches/CVE-2017-11056/3.10/0.patch
+git apply $cvePatches/CVE-2017-11059/3.10/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-2618/3.10/0.patch
+git apply $cvePatches/CVE-2017-2671/ANY/0.patch
+git apply $cvePatches/CVE-2017-5669/ANY/1.patch
+git apply $cvePatches/CVE-2017-5970/ANY/0.patch
+git apply $cvePatches/CVE-2017-6074/ANY/0.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+git apply $cvePatches/CVE-2017-6951/ANY/0.patch
+git apply $cvePatches/CVE-2017-7369/3.10/0.patch
+git apply $cvePatches/CVE-2017-7373/3.10/1.patch
+git apply $cvePatches/CVE-2017-7472/ANY/0.patch
+git apply $cvePatches/CVE-2017-7487/ANY/0.patch
+git apply $cvePatches/CVE-2017-8242/ANY/0.patch
+git apply $cvePatches/CVE-2017-8247/ANY/0.patch
+git apply $cvePatches/CVE-2017-8251/3.10/0.patch
+git apply $cvePatches/CVE-2017-8260/3.10/0.patch
+git apply $cvePatches/CVE-2017-8265/ANY/0.patch
+git apply $cvePatches/CVE-2017-8280/ANY/0.patch
+git apply $cvePatches/CVE-2017-9242/ANY/0.patch
+git apply $cvePatches/CVE-2017-9693/ANY/0.patch
+git apply $cvePatches/CVE-2017-9694/ANY/0.patch
+git apply $cvePatches/CVE-2017-9720/ANY/0.patch
+git apply $cvePatches/CVE-2017-9724/ANY/0.patch
+git apply $cvePatches/CVE-2017-9725/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_oneplus_msm8974.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+cd $base"kernel/oneplus/msm8974"
+git apply $cvePatches/CVE-2014-9781/ANY/0.patch
+git apply $cvePatches/CVE-2014-9876/3.4/1.patch
+git apply $cvePatches/CVE-2014-9880/ANY/0.patch
+git apply $cvePatches/CVE-2016-3672/ANY/0.patch
+git apply $cvePatches/CVE-2016-6672/ANY/0.patch
+git apply $cvePatches/CVE-2016-8404/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+git apply $cvePatches/CVE-2017-0751/ANY/0.patch
+git apply $cvePatches/CVE-2017-0786/ANY/0.patch
+git apply $cvePatches/CVE-2017-11000/ANY/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-7487/ANY/0.patch
+git apply $cvePatches/CVE-2017-8247/ANY/0.patch
+git apply $cvePatches/CVE-2017-9242/ANY/0.patch
+git apply $cvePatches/CVE-2017-9725/ANY/0.patch
+cd $base