diff --git a/Patches/LineageOS-14.1/android_frameworks_av/212799.patch b/Patches/LineageOS-14.1/android_frameworks_av/212799.patch new file mode 100644 index 00000000..08d6b90a --- /dev/null +++ b/Patches/LineageOS-14.1/android_frameworks_av/212799.patch @@ -0,0 +1,59 @@ +From 351c3c0113c10ee221a98c07e4f3f6f5ebcc83d5 Mon Sep 17 00:00:00 2001 +From: Robert Shih +Date: Mon, 24 Oct 2016 11:38:31 -0700 +Subject: [PATCH] [BACKPORT] FLACExtractor: copy protect mWriteBuffer + +Bug: 30895578 +AOSP-Change-Id: I4cba36bbe3502678210e5925181683df9726b431 + +CVE-2017-0592 + +Change-Id: I9207b68152fd91efe6ace51fb0fae0f2e29961c5 +--- + media/libstagefright/FLACExtractor.cpp | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/media/libstagefright/FLACExtractor.cpp b/media/libstagefright/FLACExtractor.cpp +index 4dfd86a0b3..82a962bc73 100644 +--- a/media/libstagefright/FLACExtractor.cpp ++++ b/media/libstagefright/FLACExtractor.cpp +@@ -77,6 +77,10 @@ class FLACParser : public RefBase { + friend class FLACSource; + + public: ++ enum { ++ kMaxChannels = 8, ++ }; ++ + FLACParser( + const sp &dataSource, + // If metadata pointers aren't provided, we don't fill them +@@ -145,7 +149,7 @@ friend class FLACSource; + bool mWriteRequested; + bool mWriteCompleted; + FLAC__FrameHeader mWriteHeader; +- const FLAC__int32 * mWriteBuffer[FLAC__MAX_CHANNELS]; ++ FLAC__int32 const * mWriteBuffer[kMaxChannels]; + + // most recent error reported by libFLAC parser + FLAC__StreamDecoderErrorStatus mErrorStatus; +@@ -329,9 +333,7 @@ FLAC__StreamDecoderWriteStatus FLACParser::writeCallback( + mWriteRequested = false; + // FLAC parser doesn't free or realloc buffer until next frame or finish + mWriteHeader = frame->header; +- for(unsigned channel = 0; channel < frame->header.channels; channel++) { +- mWriteBuffer[channel] = buffer[channel]; +- } ++ memmove(mWriteBuffer, buffer, sizeof(const FLAC__int32 * const) * getChannels()); + mWriteCompleted = true; + return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE; + } else { +@@ -493,7 +495,7 @@ status_t FLACParser::init() + } + if (mStreamInfoValid) { + // check channel count +- if (getChannels() == 0 || getChannels() > 8) { ++ if (getChannels() == 0 || getChannels() > kMaxChannels) { + ALOGE("unsupported channel count %u", getChannels()); + return NO_INIT; + } diff --git a/Patches/Linux b/Patches/Linux index e6f421a4..8345a2aa 160000 --- a/Patches/Linux +++ b/Patches/Linux @@ -1 +1 @@ -Subproject commit e6f421a4b7358b165a6ffcfabe8949788daa84e9 +Subproject commit 8345a2aa78448c508dd9d384ecaf4c2f440bd3ef diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 81473d97..c3da9d8d 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -200,7 +200,7 @@ processRelease() { #OTA echo -e "\e[0;32mCreating OTA\e[0m"; - build/tools/releasetools/ota_from_target_files $BLOCK_SWITCHES -t 8 -k "$KEY_DIR/releasekey" \ + build/tools/releasetools/ota_from_target_files $BLOCK_SWITCHES -k "$KEY_DIR/releasekey" \ $OUT_DIR/$PREFIX-target_files.zip \ $OUT_DIR/$PREFIX-ota.zip; md5sum $OUT_DIR/$PREFIX-ota.zip > $OUT_DIR/$PREFIX-ota.zip.md5sum; diff --git a/Scripts/LineageOS-11.0/Patch.sh b/Scripts/LineageOS-11.0/Patch.sh index 9d7ba44b..a93fefcd 100644 --- a/Scripts/LineageOS-11.0/Patch.sh +++ b/Scripts/LineageOS-11.0/Patch.sh @@ -141,7 +141,7 @@ patch -p1 < "$DOS_PATCHES/android_kernel_zte_msm8930/0001-MDP-Fix.patch"; #Make changes to all devices cd "$DOS_BUILD_BASE"; -find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"';; +find "hardware/qcom/gps" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"'; find "device" -name "gps\.conf" -type f -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationConf "{}"'; find "device" -type d -name "overlay" -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenLocationFWB "{}"'; find "device" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 8 -I {} bash -c 'hardenUserdata "{}"'; diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index ad1e7dbb..48b42b36 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -113,12 +113,11 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi; source build/envsetup.sh; - #repopick 212799; #alt: 212827 flac extractor CVE-2017-0592 #repopick 214125; #spellchecker: enable more wordlists repopick -it n_asb_09-2018-qcom; repopick -it ibss-mode-nougat; - repopick -it n-unzip; repopick -it n-netd; + repopick 264489; #update chromium export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 6c783179..68745ca9 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -78,6 +78,7 @@ enterAndClear "external/sqlite"; patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0) enterAndClear "frameworks/av"; +patch -p1 < "$DOS_PATCHES/android_frameworks_av/212799.patch"; #FLAC extractor CVE-2017-0592. alt: 212827/174106 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS) enterAndClear "frameworks/base"; diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 388bd2cc..4cd43df3 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -100,7 +100,8 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - #source build/envsetup.sh; + source build/envsetup.sh; + repopick 264489; #update chromium export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index 43376300..a6675950 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -112,7 +112,8 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - #source build/envsetup.sh; + source build/envsetup.sh; + repopick 264489; #update chromium source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Defaults.sh";