15.1: Update CVE patchers + build fixes

2025-03-25 15:08:16 -04:00 · 2018-06-11 20:33:16 -04:00 · 2018-06-11 20:33:16 -04:00 · 7005ff0073
commit 7005ff0073
parent 8eeafdd09f
10 changed files with 12 additions and 17 deletions
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@ -190,7 +190,7 @@ hardenDefconfig() {

 	#Enable supported options
 	#Disabled: CONFIG_DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
-	declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_KAISER" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PAGE_TABLE_ISOLATION" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_RETPOLINE" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP" "CONFIG_SECCOMP_FILTER" "CONFIG_SECURITY" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_UNMAP_KERNEL_AT_EL0" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_DMESG_RESTRICT" "CONFIG_SLAB_FREELIST_HARDENED" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_PARTIALRESUME" "CONFIG_CRYPTO_DEV_QCRYPTO" "CONFIG_CRYPTO_PCRYPT")
+	declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_KAISER" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PAGE_TABLE_ISOLATION" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_RETPOLINE" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP" "CONFIG_SECCOMP_FILTER" "CONFIG_SECURITY" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_UNMAP_KERNEL_AT_EL0" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_DMESG_RESTRICT" "CONFIG_SLAB_FREELIST_HARDENED" "CONFIG_GCC_PLUGINS" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE" "CONFIG_WLAN_FEATURE_MEMDUMP" "CONFIG_PARTIALRESUME" "CONFIG_CRYPTO_DEV_QCRYPTO" "CONFIG_CRYPTO_PCRYPT")
 	for option in "${optionsYes[@]}"
 	do
 		sed -i 's/# '$option' is not set/'$option'=y/' $defconfigPath &>/dev/null || true;
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@ -71,8 +71,7 @@ export -f buildAll;

 patchWorkspace() {
 	if [ "$MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$prebuiltApps $base/build $base/device $base/vendor/cm"; fi;
-	source build/envsetup.sh;
-	repopick -t n_asb_06-2018;
+	#source build/envsetup.sh;

 	source $scripts/Patch.sh;
 	source $scripts/Defaults.sh;
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@ -234,8 +234,8 @@ cd $base;

 #Fixes
 #Fix broken options enabled by hardenDefconfig()
-sed -i "s/CONFIG_PARTIALRESUME=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8992/arch/arm64/configs/*defconfig; #Breaks on compile
 sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
+sed -i "s/CONFIG_PARTIALRESUME=y/# CONFIG_PARTIALRESUME is not set/" kernel/motorola/msm8992/arch/arm64/configs/*defconfig; #Breaks on compile
 #
 #END OF DEVICE CHANGES
 #
--- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_marlin.sh
+++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_marlin.sh
@ -90,8 +90,6 @@ git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0003.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0009.patch
-git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch
-git apply $cvePatchesLinux/CVE-2017-17806/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-18150/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-18161/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-18165/ANY/0001.patch
@ -101,7 +99,6 @@ git apply $cvePatchesLinux/CVE-2017-6348/^4.9/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7371/3.18/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7372/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-9707/ANY/0001.patch
-git apply $cvePatchesLinux/CVE-2018-5831/ANY/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0002-ozwpan-Use-unsigned-ints-to-prevent-heap-overflow.patch
 git apply $cvePatchesLinux/Untracked/ANY/0005-tcp-fix-zero-cwnd-in-tcp_cwnd_reduction.patch
 git apply $cvePatchesLinux/CVE-2016-5853/3.18/0002.patch
@ -110,5 +107,5 @@ git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-14883/ANY/0001.patch
-editKernelLocalversion "-dos.p110"
+editKernelLocalversion "-dos.p107"
 cd $base
--- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_huawei_angler.sh
+++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_huawei_angler.sh
@ -90,7 +90,6 @@ git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
 git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch
-git apply $cvePatchesLinux/CVE-2017-17806/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-18161/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-18165/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-2618/3.10/0001.patch
@ -113,5 +112,5 @@ git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-15845/ANY/0001.patch
-editKernelLocalversion "-dos.p113"
+editKernelLocalversion "-dos.p112"
 cd $base
--- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_bullhead.sh
+++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_bullhead.sh
@ -83,7 +83,6 @@ git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
 git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch
-git apply $cvePatchesLinux/CVE-2017-17806/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-18161/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-18165/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-2618/3.10/0001.patch
@ -102,5 +101,5 @@ git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
-editKernelLocalversion "-dos.p102"
+editKernelLocalversion "-dos.p101"
 cd $base
--- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_moto_shamu.sh
+++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_moto_shamu.sh
@ -13,7 +13,6 @@ git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0015.patch
 git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0016.patch
 git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0017.patch
 git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.10/0018.patch
-git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/ANY/0003.patch
 git apply $cvePatchesLinux/CVE-2015-1420/3.2-^3.19/0001.patch
 git apply $cvePatchesLinux/CVE-2015-7515/^4.4/0002.patch
 git apply $cvePatchesLinux/CVE-2015-8215/ANY/0001.patch
@ -63,5 +62,5 @@ git apply $cvePatchesLinux/CVE-2018-3584/ANY/0001.patch
 git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p63"
+editKernelLocalversion "-dos.p62"
 cd $base
--- a/Scripts/LineageOS-15.1/Functions.sh
+++ b/Scripts/LineageOS-15.1/Functions.sh
@ -56,14 +56,14 @@ buildAll() {
 	#brunch lineage_clark-user; #requires blobs from https://androidfilehost.com/?w=files&flid=244563 and permissive and broken
 	brunch lineage_angler-user;
 	brunch lineage_bullhead-user;
-	brunch lineage_d802-user;
-	brunch lineage_d855-user;
+	brunch lineage_d802-user; #broken upstream - error: 'vendor/lge/g2-common/proprietary/vendor/etc/acdbdata/Bluetooth_cal.acdb'
+	brunch lineage_d855-user; #broken upstream - recovery updater
 	brunch lineage_ether-user;
 	brunch lineage_flo-user;
 	brunch lineage_flounder-user;
 	brunch lineage_griffin-user;
 	#brunch lineage_h850-userdebug;
-	brunch lineage_hammerhead-user;
+	brunch lineage_hammerhead-user; #broken upstream - fatal error: 'linux/msm_audio_calibration.h' file not found
 	brunch lineage_marlin-user;
 	brunch lineage_m8-user;
 	brunch lineage_sailfish-user;
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@ -236,6 +236,7 @@ cd $base;

 #Fix broken options enabled by hardenDefconfig()
 sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
+sed -i "s/CONFIG_CRYPTO_DEV_QCRYPTO=y/# CONFIG_CRYPTO_DEV_QCRYPTO is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
 sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/lge/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile
 sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8996/arch/arm64/configs/*_defconfig; #Breaks on compile
 #
--- a/Scripts/LineageOS-15.1/Rebrand.sh
+++ b/Scripts/LineageOS-15.1/Rebrand.sh
@ -21,6 +21,7 @@
 echo "Rebranding...";

 enter "bootable/recovery";
+git revert 6ac3bb48f9d10e604d4b2d6c4152be9d35d17ea0;
 patch -p1 < $patches"android_bootable_recovery/0001-Remove_Logo.patch"; #Remove logo rendering code
 rm res*/images/logo_image.png; #Remove logo images
 sed -i 's|Android Recovery|DivestOS Recovery|' *_ui.cpp;