From 83cbcfa39b871071b009409da2fc7b63cdb1b1ce Mon Sep 17 00:00:00 2001 From: Tad Date: Fri, 7 Jul 2023 19:59:49 -0400 Subject: [PATCH] Churn Signed-off-by: Tad --- .../android_external_freetype/360899.patch | 2 +- .../android_external_libnfc-nci/360898.patch | 2 +- .../android_frameworks_base/360893.patch | 8 ++++---- .../android_frameworks_base/360894.patch | 10 +++++----- .../android_frameworks_base/360895.patch | 14 +++++++------- .../LineageOS-14.1/android_system_bt/360892.patch | 4 ++-- .../0021-Hardened-signature-spoofing.patch | 2 +- .../android_frameworks_base/360962-backport.patch | 2 +- .../0014-signature_spoofing_toggle.patch | 2 +- .../0001-Random_MAC.patch | 2 +- .../0015-signature_spoofing_toggle.patch | 2 +- Scripts/LineageOS-18.1/Patch.sh | 8 ++++++++ Scripts/init.sh | 2 +- 13 files changed, 34 insertions(+), 26 deletions(-) diff --git a/Patches/LineageOS-14.1/android_external_freetype/360899.patch b/Patches/LineageOS-14.1/android_external_freetype/360899.patch index f045b275..c90467e0 100644 --- a/Patches/LineageOS-14.1/android_external_freetype/360899.patch +++ b/Patches/LineageOS-14.1/android_external_freetype/360899.patch @@ -1,4 +1,4 @@ -From 82159c4fb4f274c5f0b21c987f44cb48cf3b28a3 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Sat, 19 Mar 2022 06:40:17 +0100 Subject: [PATCH] DO NOT MERGE - Cherry-pick two upstream changes diff --git a/Patches/LineageOS-14.1/android_external_libnfc-nci/360898.patch b/Patches/LineageOS-14.1/android_external_libnfc-nci/360898.patch index 2d7b266f..ebbfb37a 100644 --- a/Patches/LineageOS-14.1/android_external_libnfc-nci/360898.patch +++ b/Patches/LineageOS-14.1/android_external_libnfc-nci/360898.patch @@ -1,4 +1,4 @@ -From f73e2d95da050a0b08e3ed5ae8c04968e8297230 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Alisher Alikhodjaev Date: Tue, 2 May 2023 14:20:57 -0700 Subject: [PATCH] OOBW in rw_i93_send_to_upper() diff --git a/Patches/LineageOS-14.1/android_frameworks_base/360893.patch b/Patches/LineageOS-14.1/android_frameworks_base/360893.patch index 17db6379..aee94d1d 100644 --- a/Patches/LineageOS-14.1/android_frameworks_base/360893.patch +++ b/Patches/LineageOS-14.1/android_frameworks_base/360893.patch @@ -1,4 +1,4 @@ -From 2f780d815579ec2500046fadd4a3c7b09aa0bf62 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Lucas Lin Date: Fri, 3 Mar 2023 08:13:50 +0000 Subject: [PATCH] Sanitize VPN label to prevent HTML injection @@ -30,7 +30,7 @@ Change-Id: Ieb148594d8e9a6505567f80d78810f687bb6e489 2 files changed, 77 insertions(+), 5 deletions(-) diff --git a/packages/VpnDialogs/res/values/strings.xml b/packages/VpnDialogs/res/values/strings.xml -index 406bcc34a1015..7389f765c717d 100644 +index 406bcc34a101..7389f765c717 100644 --- a/packages/VpnDialogs/res/values/strings.xml +++ b/packages/VpnDialogs/res/values/strings.xml @@ -50,4 +50,33 @@ @@ -68,7 +68,7 @@ index 406bcc34a1015..7389f765c717d 100644 + diff --git a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java -index 09339743db5c5..43d18df3a10dd 100644 +index 09339743db5c..43d18df3a10d 100644 --- a/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java +++ b/packages/VpnDialogs/src/com/android/vpndialogs/ConfirmDialog.java @@ -42,10 +42,52 @@ public class ConfirmDialog extends AlertActivity @@ -124,7 +124,7 @@ index 09339743db5c5..43d18df3a10dd 100644 @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); -@@ -68,15 +110,16 @@ protected void onCreate(Bundle savedInstanceState) { +@@ -68,15 +110,16 @@ public class ConfirmDialog extends AlertActivity finish(); return; } diff --git a/Patches/LineageOS-14.1/android_frameworks_base/360894.patch b/Patches/LineageOS-14.1/android_frameworks_base/360894.patch index c243c211..c142669e 100644 --- a/Patches/LineageOS-14.1/android_frameworks_base/360894.patch +++ b/Patches/LineageOS-14.1/android_frameworks_base/360894.patch @@ -1,4 +1,4 @@ -From 0459c2c0db0c0187a8d9a3074534a34c1cbf2ccc Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Michael Groover Date: Fri, 31 Mar 2023 21:31:22 +0000 Subject: [PATCH] Limit the number of supported v1 and v2 signers @@ -22,7 +22,7 @@ Change-Id: I6aa86b615b203cdc69d58a593ccf8f18474ca091 2 files changed, 21 insertions(+) diff --git a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java -index 78d3b7bf81d28..f4631c68832b2 100644 +index 78d3b7bf81d2..f4631c68832b 100644 --- a/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java +++ b/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java @@ -79,6 +79,11 @@ public class ApkSignatureSchemeV2Verifier { @@ -37,7 +37,7 @@ index 78d3b7bf81d28..f4631c68832b2 100644 /** * Returns {@code true} if the provided APK contains an APK Signature Scheme V2 signature. * -@@ -219,6 +224,11 @@ private static X509Certificate[][] verify( +@@ -219,6 +224,11 @@ public class ApkSignatureSchemeV2Verifier { } while (signers.hasRemaining()) { signerCount++; @@ -50,7 +50,7 @@ index 78d3b7bf81d28..f4631c68832b2 100644 ByteBuffer signer = getLengthPrefixedSlice(signers); X509Certificate[] certs = verifySigner(signer, contentDigests, certFactory); diff --git a/core/java/android/util/jar/StrictJarVerifier.java b/core/java/android/util/jar/StrictJarVerifier.java -index cb71ecc1da8b3..1ce078704be32 100644 +index cb71ecc1da8b..1ce078704be3 100644 --- a/core/java/android/util/jar/StrictJarVerifier.java +++ b/core/java/android/util/jar/StrictJarVerifier.java @@ -70,6 +70,11 @@ class StrictJarVerifier { @@ -65,7 +65,7 @@ index cb71ecc1da8b3..1ce078704be32 100644 private final String jarName; private final StrictJarManifest manifest; private final HashMap metaEntries; -@@ -285,10 +290,16 @@ synchronized boolean readCertificates() { +@@ -285,10 +290,16 @@ class StrictJarVerifier { return false; } diff --git a/Patches/LineageOS-14.1/android_frameworks_base/360895.patch b/Patches/LineageOS-14.1/android_frameworks_base/360895.patch index 6d791ee8..e53f8f3b 100644 --- a/Patches/LineageOS-14.1/android_frameworks_base/360895.patch +++ b/Patches/LineageOS-14.1/android_frameworks_base/360895.patch @@ -1,4 +1,4 @@ -From 303a97a99b75bae716c109b810e6bccb732483df Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Kurucz?= Date: Fri, 21 Apr 2023 09:45:07 +0000 Subject: [PATCH] Truncate ShortcutInfo Id @@ -18,7 +18,7 @@ Change-Id: I2617de6f9e8a7dbfd8fbeff589a7d592f00d87c5 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/core/java/android/content/pm/ShortcutInfo.java b/core/java/android/content/pm/ShortcutInfo.java -index a854b899a82af..3ac20ff39327b 100644 +index a854b899a82a..3ac20ff39327 100644 --- a/core/java/android/content/pm/ShortcutInfo.java +++ b/core/java/android/content/pm/ShortcutInfo.java @@ -128,6 +128,12 @@ public final class ShortcutInfo implements Parcelable { @@ -44,7 +44,7 @@ index a854b899a82af..3ac20ff39327b 100644 // Note we can't do other null checks here because SM.updateShortcuts() takes partial // information. -@@ -309,6 +314,14 @@ private static PersistableBundle[] clonePersistableBundle(PersistableBundle[] bu +@@ -309,6 +314,14 @@ public final class ShortcutInfo implements Parcelable { return ret; } @@ -59,7 +59,7 @@ index a854b899a82af..3ac20ff39327b 100644 /** * Throws if any of the mandatory fields is not set. * -@@ -1602,7 +1615,8 @@ private ShortcutInfo(Parcel source) { +@@ -1602,7 +1615,8 @@ public final class ShortcutInfo implements Parcelable { final ClassLoader cl = getClass().getClassLoader(); mUserId = source.readInt(); @@ -70,10 +70,10 @@ index a854b899a82af..3ac20ff39327b 100644 mActivity = source.readParcelable(cl); mFlags = source.readInt(); diff --git a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java -index d25923c019cac..6b86ef0e0704c 100644 +index d25923c019ca..6b86ef0e0704 100644 --- a/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java +++ b/services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java -@@ -53,6 +53,7 @@ +@@ -53,6 +53,7 @@ import java.io.IOException; import java.io.PrintWriter; import java.io.StringWriter; import java.io.Writer; @@ -81,7 +81,7 @@ index d25923c019cac..6b86ef0e0704c 100644 import java.util.Locale; /** -@@ -223,6 +224,15 @@ public void testShortcutInfoMissingMandatoryFields() { +@@ -223,6 +224,15 @@ public class ShortcutManagerTest2 extends BaseShortcutManagerTest { }); } diff --git a/Patches/LineageOS-14.1/android_system_bt/360892.patch b/Patches/LineageOS-14.1/android_system_bt/360892.patch index fc6a16f0..c08afcb8 100644 --- a/Patches/LineageOS-14.1/android_system_bt/360892.patch +++ b/Patches/LineageOS-14.1/android_system_bt/360892.patch @@ -1,4 +1,4 @@ -From fa5c4429ae75e687b87313b79512c4a90f90ee3b Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: tyiu Date: Tue, 28 Mar 2023 18:40:51 +0000 Subject: [PATCH] Fix gatt_end_operation buffer overflow @@ -26,7 +26,7 @@ Change-Id: I49e2797cd9300ee4cd69f2c7fa5f0073db78b873 1 file changed, 8 insertions(+) diff --git a/stack/gatt/gatt_utils.c b/stack/gatt/gatt_utils.c -index 4582b5ae477..e56c1a4e793 100644 +index 4582b5ae4..e56c1a4e7 100644 --- a/stack/gatt/gatt_utils.c +++ b/stack/gatt/gatt_utils.c @@ -2190,6 +2190,14 @@ void gatt_end_operation(tGATT_CLCB *p_clcb, tGATT_STATUS status, void *p_data) diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0021-Hardened-signature-spoofing.patch b/Patches/LineageOS-17.1/android_frameworks_base/0021-Hardened-signature-spoofing.patch index d6a7a767..75ce1135 100644 --- a/Patches/LineageOS-17.1/android_frameworks_base/0021-Hardened-signature-spoofing.patch +++ b/Patches/LineageOS-17.1/android_frameworks_base/0021-Hardened-signature-spoofing.patch @@ -79,7 +79,7 @@ index a84d23b624bf..1ab293758ee7 100644 diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java -index 9483f266b1fa..7e5a46cfd72f 100644 +index 9483f266b1fa..eb2b66d5ce03 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -4203,8 +4203,20 @@ public class PackageManagerService extends IPackageManager.Stub diff --git a/Patches/LineageOS-17.1/android_frameworks_base/360962-backport.patch b/Patches/LineageOS-17.1/android_frameworks_base/360962-backport.patch index 9282566d..8d122737 100644 --- a/Patches/LineageOS-17.1/android_frameworks_base/360962-backport.patch +++ b/Patches/LineageOS-17.1/android_frameworks_base/360962-backport.patch @@ -18,7 +18,7 @@ Change-Id: I2617de6f9e8a7dbfd8fbeff589a7d592f00d87c5 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/core/java/android/content/pm/ShortcutInfo.java b/core/java/android/content/pm/ShortcutInfo.java -index 58aacc2c36c7..4bd28aefc0a9 100644 +index 58aacc2c36c7..a50b321f6827 100644 --- a/core/java/android/content/pm/ShortcutInfo.java +++ b/core/java/android/content/pm/ShortcutInfo.java @@ -236,6 +236,12 @@ public final class ShortcutInfo implements Parcelable { diff --git a/Patches/LineageOS-17.1/android_packages_apps_Settings/0014-signature_spoofing_toggle.patch b/Patches/LineageOS-17.1/android_packages_apps_Settings/0014-signature_spoofing_toggle.patch index 78bb0297..fa2b8308 100644 --- a/Patches/LineageOS-17.1/android_packages_apps_Settings/0014-signature_spoofing_toggle.patch +++ b/Patches/LineageOS-17.1/android_packages_apps_Settings/0014-signature_spoofing_toggle.patch @@ -16,7 +16,7 @@ Signed-off-by: Tad create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java diff --git a/res/values/strings.xml b/res/values/strings.xml -index a5aab8e5d0..eb346bd8eb 100644 +index a5aab8e5d0..59c4e0aa57 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -11330,6 +11330,9 @@ diff --git a/Patches/LineageOS-18.1/android_frameworks_opt_net_wifi/0001-Random_MAC.patch b/Patches/LineageOS-18.1/android_frameworks_opt_net_wifi/0001-Random_MAC.patch index 2aaa9269..8bd693f8 100644 --- a/Patches/LineageOS-18.1/android_frameworks_opt_net_wifi/0001-Random_MAC.patch +++ b/Patches/LineageOS-18.1/android_frameworks_opt_net_wifi/0001-Random_MAC.patch @@ -156,7 +156,7 @@ index f40d65624..7276bfb44 100644 } diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java -index 336d97810..9c3e074ae 100644 +index 7273da333..2ffe547b1 100644 --- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java +++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java @@ -203,7 +203,7 @@ public class WifiConfigurationUtil { diff --git a/Patches/LineageOS-18.1/android_packages_apps_Settings/0015-signature_spoofing_toggle.patch b/Patches/LineageOS-18.1/android_packages_apps_Settings/0015-signature_spoofing_toggle.patch index cebadc1d..4d67c30a 100644 --- a/Patches/LineageOS-18.1/android_packages_apps_Settings/0015-signature_spoofing_toggle.patch +++ b/Patches/LineageOS-18.1/android_packages_apps_Settings/0015-signature_spoofing_toggle.patch @@ -16,7 +16,7 @@ Signed-off-by: Tad create mode 100644 src/com/android/settings/security/SigSpoofPreferenceController.java diff --git a/res/values/strings.xml b/res/values/strings.xml -index c597570f35..f04d49d6f1 100644 +index c597570f35..2fe1eda202 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -11978,6 +11978,9 @@ diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 1cc12fe6..dbeadd14 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -117,6 +117,10 @@ if enterAndClear "external/conscrypt"; then if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_external_conscrypt/0001-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS) fi; +if enterAndClear "external/freetype"; then +git fetch https://github.com/LineageOS/android_external_freetype refs/changes/51/360951/1 && git cherry-pick FETCH_HEAD; #R_asb_2023-07 +fi; + if [ "$DOS_GRAPHENE_MALLOC" = true ]; then if enterAndClear "external/hardened_malloc"; then applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS) @@ -421,6 +425,10 @@ if enterAndClear "system/vold"; then git revert --no-edit 3461ff5c9ad334c96780f3da14f1d23fcbee63ad; #breaks mako first boot fi; +if enterAndClear "tools/apksig"; then +git fetch https://github.com/LineageOS/android_tools_apksig refs/changes/73/360973/1 && git cherry-pick FETCH_HEAD; #R_asb_2023-07 +fi; + if enterAndClear "vendor/lineage"; then rm build/target/product/security/lineage.x509.pem; #Remove Lineage keys rm -rf overlay/common/lineage-sdk/packages/LineageSettingsProvider/res/values/defaults.xml; #Remove analytics diff --git a/Scripts/init.sh b/Scripts/init.sh index a095be42..bbbae481 100644 --- a/Scripts/init.sh +++ b/Scripts/init.sh @@ -65,7 +65,7 @@ export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory all export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1+20.0 export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be in the format "127.0.0.1 bad.domain.tld" -export DOS_MICROG_SUPPORT=false; #Opt-in unprivileged microG support on 17.1+18.1+19.1+20.0 +export DOS_MICROG_SUPPORT=true; #Opt-in unprivileged microG support on 17.1+18.1+19.1+20.0 export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1 #XXX: can break things like camera export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS! export DOS_WEBVIEW_LFS=true; #Whether to `git lfs pull` in the WebView repository