More patches

Patches/Linux_CVEs/CVE-2017-11015/prima/0001.patch

@@ -0,0 +1,52 @@
+From ac39bfffe109a6cffcaf3b537505130712161dce Mon Sep 17 00:00:00 2001
+From: Sridhar Selvaraj <sselvara@codeaurora.org>
+Date: Fri, 14 Jul 2017 16:08:23 +0530
+Subject: [PATCH] qcacld-2.0: Update limComputeCrc32 to pass uint16_t
+
+qcacld-3.0 to qcacld-2.0 propagation
+
+Update limComputeCrc32() to pass uint16_t as a length type.
+Currently uint8_t is being passed as length and there will be type
+mismatch when authentication frame to be encrypted will be larger
+than 255 bytes.
+
+Change-Id: Ic009197c13a2d70c9015a184acff2e82bf80eaba
+CRs-Fixed: 2072937
+---
+ drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c | 2 +-
+ drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c b/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c
+index 85f12dfb876..8f754c77e9f 100644
+--- a/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c
++++ b/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c
+@@ -609,7 +609,7 @@ limEncryptAuthFrame(tpAniSirGlobal pMac, tANI_U8 keyId, tANI_U8 *pKey, tANI_U8 *
+  */
+ 
+ void
+-limComputeCrc32(tANI_U8 *pDest, tANI_U8 * pSrc, tANI_U8 len)
++limComputeCrc32(tANI_U8 *pDest, tANI_U8 * pSrc, tANI_U16 len)
+ {
+     tANI_U32 crc;
+     int i;
+diff --git a/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h b/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h
+index 5eafbd7b747..dd097607a18 100644
+--- a/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h
++++ b/drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
++ * Copyright (c) 2011-2015, 2017 The Linux Foundation. All rights reserved.
+  *
+  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
+  *
+@@ -73,7 +73,7 @@ void               limRestoreFromAuthState(tpAniSirGlobal,
+ 
+ // Encryption/Decryption related functions
+ tCfgWepKeyEntry    *limLookUpKeyMappings(tSirMacAddr);
+-void               limComputeCrc32(tANI_U8 *, tANI_U8 *, tANI_U8);
++void               limComputeCrc32(tANI_U8 *, tANI_U8 *, tANI_U16);
+ void               limRC4(tANI_U8 *, tANI_U8 *, tANI_U8 *, tANI_U32, tANI_U16);
+ void               limEncryptAuthFrame(tpAniSirGlobal, tANI_U8, tANI_U8 *, tANI_U8 *, tANI_U8 *, tANI_U32);
+ tANI_U8                 limDecryptAuthFrame(tpAniSirGlobal, tANI_U8 *, tANI_U8 *, tANI_U8 *, tANI_U32, tANI_U16);

Patches/Linux_CVEs/CVE-2017-11015/prima/0002.patch

@@ -0,0 +1,33 @@
+From d0cd3ede7c17ee7fcf0f9b6d125d027bc28640be Mon Sep 17 00:00:00 2001
+From: Sridhar Selvaraj <sselvara@codeaurora.org>
+Date: Fri, 14 Jul 2017 15:53:09 +0530
+Subject: [PATCH] qcacld-2.0: Update SIR_MAC_AUTH_CHALLENGE_LENGTH as per IEEE
+ spec
+
+qcacld-3.0 to qcacld-2.0 propagation
+
+Update SIR_MAC_AUTH_CHALLENGE_LENGTH to 253 as per IEEE spec.
+Currently value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128.
+This may result in potential buffer overflow since frame parser
+allows challenge text of length upto 253 but driver can not handle
+challenge text longer than 128 bytes.
+
+Change-Id: I7baf860fdde51a14a6573b4f0f26817f5071193e
+CRs-Fixed: 2072937
+---
+ drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h b/drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h
+index cd548457338..7ee9a613e64 100644
+--- a/drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h
++++ b/drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h
+@@ -579,7 +579,7 @@
+ #define SIR_MAC_MAX_NUMBER_OF_RATES          12
+ #define SIR_MAC_MAX_NUM_OF_DEFAULT_KEYS      4
+ #define SIR_MAC_KEY_LENGTH                   13   // WEP Maximum key length size
+-#define SIR_MAC_AUTH_CHALLENGE_LENGTH        128
++#define SIR_MAC_AUTH_CHALLENGE_LENGTH        253
+ #define SIR_MAC_WEP_IV_LENGTH                4
+ #define SIR_MAC_WEP_ICV_LENGTH               4
+ 

Patches/Linux_CVEs/Kernel_CVE_Patch_List.txt

@@ -1447,6 +1447,8 @@ CVE-2017-11013
 CVE-2017-11014
 	Link - qcacld-3.0 - https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ec58bc99e29d89f8e164954999ef8a45cec21754
 CVE-2017-11015
+	Link - prima - https://github.com/LineageOS/lge-kernel-mako/commit/ac39bfffe109a6cffcaf3b537505130712161dce
+	Link - prima - https://github.com/LineageOS/lge-kernel-mako/commit/d0cd3ede7c17ee7fcf0f9b6d125d027bc28640be
 	Link - qcacld-3.0 - https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ec58bc99e29d89f8e164954999ef8a45cec21754
 	Link - qcacld-3.0 - https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1ef6add65a36de6c4da788f776de2b5b5c528d8e
 CVE-2017-11018

Scripts/LineageOS-14.1/Rebrand.sh

@@ -19,6 +19,9 @@
 
 echo "Rebranding..."
 
+cd $base"bootable/recovery"
+sed -i 's|Android Recovery|DivestOS Recovery|' *_ui.cpp;
+
 cd $base"build"
 sed -i 's|echo "ro.build.user=$USER"|echo "ro.build.user=emy"|' tools/buildinfo.sh; #Override build user
 sed -i 's|echo "ro.build.host=`hostname`"|echo "ro.build.host=dosbm"|' tools/buildinfo.sh; #Override build host