Fixes & Churn

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-12-15 12:48:25 -05:00
parent 77e1c9c718
commit 98f17094c4
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
19 changed files with 37 additions and 38 deletions

View File

@ -135,7 +135,7 @@ external/cblas d82c5f4ae14b2a5468303985070f7dadc15d4094
external/cbor-java f81e576298790c97498311e99a0b0b34653c3dd8
external/chromium-libpac 169c93e00a00605346a68d39d3f4713735bdb61e
external/chromium-trace e524766cad26d677a9a1ec8c00c512d4cac2cf5e
external/chromium-webview 4a9cf619f77955ea20f608a193006dcdf1b21e21
external/chromium-webview 8f46a2d79931fb53d34852fbe776a5adab77bf49
external/clang 0a1c53a5d295109bd4702ad13c0f2a5510ca1b26
external/cldr 38850463abd624d5b2293be75fddc43cf6b55ae2
external/cn-cbor 696530332036f5518681d3c450cdbc3ee412004a
@ -859,7 +859,7 @@ tools/loganalysis 915dbf1d7ed0f684d2d1bc3a6be9ef417c93527d
tools/metalava 21659a2683eed66e16aeafeb8d9c40916946a51b
tools/ndkports d0ec81e4b134f4b1446d3fd5a6dfbf095475597c
tools/platform-compat b553fea7dd2aa8dcc26f4d8f91effd86e55dd72e
tools/repohooks 17bc37e59b3c332a9740b97e01b239ffa309503f
tools/repohooks 3c3e968d4776bde0c775e3eec6c9228121bc0e05
tools/security a5c3644bd83674858e0b9d5da3e6014a3cbf3ba6
tools/test/connectivity 38ccb70b61038b0be21da87ae626b01a3d162bf8
tools/test/graphicsbenchmark 7c31a9c1f32d602e1b50446951088d3beddedb84

View File

@ -1,7 +1,7 @@
From 5f7c0d2314257dbcb63a6fdb2abde785adfd0f98 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ben Wagner <bungeman@google.com>
Date: Mon, 12 Aug 2024 15:00:08 -0400
Subject: [PATCH] [pdf] Bounds check in skia_alloc_func
Subject: [PATCH] Bounds check in skia_alloc_func
The allocator callback for zlib needs to check that items * size will
fit in size_t and return nullptr if not.
@ -21,7 +21,7 @@ Change-Id: Id1a30592d435bd0de4630e7047f26b0dc17654fc
1 file changed, 8 insertions(+)
diff --git a/src/pdf/SkDeflate.cpp b/src/pdf/SkDeflate.cpp
index a8bd667cc06..f243f94b40e 100644
index a8bd667cc0..f243f94b40 100644
--- a/src/pdf/SkDeflate.cpp
+++ b/src/pdf/SkDeflate.cpp
@@ -9,6 +9,7 @@

View File

@ -1,4 +1,4 @@
From 6f447355dd4fd0cfdf7c49b688149c71390194cb Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Brian Osman <brianosman@google.com>
Date: Thu, 29 Aug 2024 12:47:48 -0400
Subject: [PATCH] RESTRICT AUTOMERGE: Check for size overflow before allocating
@ -20,7 +20,7 @@ Change-Id: I74c081a7b849f13194ec7807b7a748d1919c1bb2
1 file changed, 3 insertions(+)
diff --git a/src/core/SkBlurMF.cpp b/src/core/SkBlurMF.cpp
index bd7accae8d2..e16f6ee7698 100644
index bd7accae8d..e16f6ee769 100644
--- a/src/core/SkBlurMF.cpp
+++ b/src/core/SkBlurMF.cpp
@@ -316,6 +316,9 @@ static bool prepare_to_draw_into_mask(const SkRect& bounds, SkMask* mask) {

View File

@ -1,4 +1,4 @@
From 7f44cab6fa5bc8ff805795f88d0912612e849224 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Brian Osman <brianosman@google.com>
Date: Thu, 29 Aug 2024 11:52:35 -0400
Subject: [PATCH] Prevent overflow when growing an SkRegion's RunArray
@ -17,10 +17,10 @@ Change-Id: Iea27fe62ef97deb8a75e8dae276657d809223b57
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/core/SkRegion.cpp b/src/core/SkRegion.cpp
index 73707c2b876..275410cbd22 100644
index 73707c2b87..275410cbd2 100644
--- a/src/core/SkRegion.cpp
+++ b/src/core/SkRegion.cpp
@@ -52,8 +52,10 @@ class RunArray {
@@ -52,8 +52,10 @@ public:
/** Resize the array to a size greater-than-or-equal-to count. */
void resizeToAtLeast(int count) {
if (count > fCount) {

View File

@ -21,7 +21,7 @@ Change-Id: Id75a774ce1ed109a83c6a5bf512536c643165d71
2 files changed, 170 insertions(+)
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
index ed03f5198d6f..dfdbbe085c0f 100644
index ed03f5198d6f..03ac83fd947d 100644
--- a/core/java/android/net/ConnectivityManager.java
+++ b/core/java/android/net/ConnectivityManager.java
@@ -796,6 +796,58 @@ public class ConnectivityManager {

View File

@ -8,7 +8,7 @@ Subject: [PATCH] skip reportNetworkConnectivity() when permission is revoked
1 file changed, 8 insertions(+)
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
index dfdbbe085c0f..dc1b4f16feba 100644
index 03ac83fd947d..6e9312e52b68 100644
--- a/core/java/android/net/ConnectivityManager.java
+++ b/core/java/android/net/ConnectivityManager.java
@@ -17,6 +17,7 @@ package android.net;

View File

@ -1,4 +1,4 @@
From b958e5cbbb8982c37dcc60f076e9e71a85588c87 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pinyao Ting <pinyaoting@google.com>
Date: Thu, 29 Aug 2024 17:01:55 +0000
Subject: [PATCH] Properly handle onNullBinding() in appwidget service.
@ -15,10 +15,10 @@ Change-Id: I12fccb572e159a73785aa33a4f5204e094ccd1b7
2 files changed, 15 insertions(+)
diff --git a/core/java/android/widget/RemoteViewsAdapter.java b/core/java/android/widget/RemoteViewsAdapter.java
index e58f08a799655..d64a3b5ee16ba 100644
index e58f08a79965..d64a3b5ee16b 100644
--- a/core/java/android/widget/RemoteViewsAdapter.java
+++ b/core/java/android/widget/RemoteViewsAdapter.java
@@ -238,6 +238,11 @@ public void onServiceDisconnected(ComponentName name) {
@@ -238,6 +238,11 @@ public class RemoteViewsAdapter extends BaseAdapter implements Handler.Callback
}
}
@ -31,10 +31,10 @@ index e58f08a799655..d64a3b5ee16ba 100644
public void handleMessage(Message msg) {
RemoteViewsAdapter adapter = mAdapter.get();
diff --git a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
index f989f73b11b10..709a206a39c77 100644
index f989f73b11b1..709a206a39c7 100644
--- a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
+++ b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
@@ -1888,6 +1888,11 @@ public void onServiceConnected(ComponentName name, IBinder service) {
@@ -1888,6 +1888,11 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku
mContext.unbindService(this);
}
@ -46,7 +46,7 @@ index f989f73b11b10..709a206a39c77 100644
@Override
public void onServiceDisconnected(ComponentName name) {
// Do nothing
@@ -2028,6 +2033,11 @@ public void onServiceConnected(ComponentName name, IBinder service) {
@@ -2028,6 +2033,11 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku
mContext.unbindService(this);
}

View File

@ -1,8 +1,7 @@
From 9f73a10e0bd1ac2f6d8e3fe612fb9ff2f1839d63 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Brian Delwiche <delwiche@google.com>
Date: Mon, 8 Jul 2024 22:42:18 +0000
Subject: [PATCH] [BACKPORT] Fix OOB write in build_read_multi_rsp of
gatt_sr.cc
Subject: [PATCH] Fix OOB write in build_read_multi_rsp of gatt_sr.cc
build_read_multi_rsp is missing a bounds check, which can lead to an
OOB write when the mtu parameter is set to zero.
@ -24,7 +23,7 @@ Change-Id: Icc8209aec68873c9821a36c579cd5df05c6ec8b8
1 file changed, 8 insertions(+)
diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc
index 252732c739..9a875d742d 100644
index 252732c73..9a875d742 100644
--- a/stack/gatt/gatt_sr.cc
+++ b/stack/gatt/gatt_sr.cc
@@ -136,6 +136,14 @@ static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status,

View File

@ -1,7 +1,7 @@
From 25e48c2d290d3be724df2e7e073b661331963752 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hui Peng <phui@google.com>
Date: Thu, 27 Jul 2023 04:09:04 +0000
Subject: [PATCH] [BACKPORT] Fix an integer underflow in build_read_multi_rsp
Subject: [PATCH] Fix an integer underflow in build_read_multi_rsp
This is a backport of Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4
to sc-dev
@ -18,7 +18,7 @@ Change-Id: Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc
index 9a875d742d..c0c1486af0 100644
index 9a875d742..c0c1486af 100644
--- a/stack/gatt/gatt_sr.cc
+++ b/stack/gatt/gatt_sr.cc
@@ -21,7 +21,7 @@

View File

@ -1,7 +1,7 @@
From 425cc51af8d1662dacab60330628a6adfd1a404f Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Paw=C5=82owski?= <jpawlowski@google.com>
Date: Thu, 1 Aug 2024 14:12:58 +0000
Subject: [PATCH] [BACKPORT] Fix "GATT Read Multiple Variable Response" builder
Subject: [PATCH] Fix "GATT Read Multiple Variable Response" builder
0 length value is perfectly fine, and should result in just length
added into the packet.
@ -23,7 +23,7 @@ Change-Id: Ida4f6b566cf9fa40fc5330d8084c29669ccaa608
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc
index c0c1486af0..d94221682d 100644
index c0c1486af..d94221682 100644
--- a/stack/gatt/gatt_sr.cc
+++ b/stack/gatt/gatt_sr.cc
@@ -180,7 +180,7 @@ static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status,

View File

@ -1,4 +1,4 @@
From aff29339e466060263340cee43e16fbfc767d57f Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Brian Delwiche <delwiche@google.com>
Date: Mon, 8 Jul 2024 22:42:18 +0000
Subject: [PATCH] Fix OOB write in build_read_multi_rsp of gatt_sr.cc

View File

@ -1,4 +1,4 @@
From e0b5d40517e5f89c1570fa9726835e3fbce89e56 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hui Peng <phui@google.com>
Date: Thu, 27 Jul 2023 04:09:04 +0000
Subject: [PATCH] Fix an integer underflow in build_read_multi_rsp

View File

@ -1,4 +1,4 @@
From 2f3d8b20b8211999d7758c7bb0e868fe46eea540 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Paw=C5=82owski?= <jpawlowski@google.com>
Date: Thu, 1 Aug 2024 14:12:58 +0000
Subject: [PATCH] Fix "GATT Read Multiple Variable Response" builder

View File

@ -96,7 +96,7 @@ commentPatches android_kernel_samsung_msm8930-common.sh "CVE-2017-11015/prima" "
commentPatches android_kernel_samsung_smdk4412.sh "CVE-2012-2127" "CVE-2016-8463/ANY/0001.patch";
commentPatches android_kernel_samsung_tuna.sh "CVE-2012-2127";
commentPatches android_kernel_samsung_universal8890.sh "0008-Graphene-Kernel_Hardening-ro" "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2022-42896/4.9";
commentPatches android_kernel_samsung_exynos9810.sh "CVE-2020-1749" "CVE-2019-ctnl-addr-leak" "CVE-2019-18282" "CVE-2019-11599" "CVE-2022-20566" "CVE-2019-16746" "CVE-2021-45469" "CVE-2020-0305" "CVE-2021-3506/4.19" "CVE-2024-26934/4.19" "CVE-2024-26934" "CVE-2024-44944" "CVE-2024-44931";
commentPatches android_kernel_samsung_exynos9810.sh "CVE-2020-1749" "CVE-2019-ctnl-addr-leak" "CVE-2019-18282" "CVE-2019-11599" "CVE-2022-20566" "CVE-2019-16746" "CVE-2021-45469" "CVE-2020-0305" "CVE-2021-3506/4.19" "CVE-2024-26934/4.19" "CVE-2024-26934" "CVE-2024-44944";
commentPatches android_kernel_samsung_universal9810.sh "CVE-2020-1749";
commentPatches android_kernel_sony_sdm660.sh "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2019-19319" "CVE-2020-0305" "CVE-2020-8992" "CVE-2020-16166" "CVE-2021-30319";
commentPatches android_kernel_sony_sdm845.sh "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992";
@ -137,7 +137,7 @@ done
declare -a threeDotEighteen=("${threeDotTen[@]}" "android_kernel_samsung_universal8890.sh" "android_kernel_google_dragon.sh" "android_kernel_zte_msm8996.sh" "android_kernel_asus_msm8953.sh" "android_kernel_google_marlin.sh" "android_kernel_motorola_msm8996.sh" "android_kernel_oneplus_msm8996.sh");
for script in "${threeDotEighteen[@]}"
do
commentPatches $script "0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch" "CVE-2016-20022/3.18" "CVE-2018-16597/4.4" "CVE-2019-19319/4.4" "CVE-2020-0305/4.4" "CVE-2020-0429/4.4" "CVE-2020-8992/4.4" "CVE-2021-1048/4.4" "CVE-2021-3428/4.4" "CVE-2021-20265/4.4" "CVE-2021-47277" "CVE-2021-47320" "CVE-2022-1184/4.4/0014.patch" "CVE-2022-1184/4.9/0007.patch" "CVE-2022-40768/4.9/0007.patch" "CVE-2022-40768/4.4/0008.patch" "CVE-2022-47929/4.4" "CVE-2023-0458" "CVE-2023-52435" "CVE-2024-26889" "CVE-2024-35954/^6.9" "CVE-2021-47495/4.4" "CVE-2024-44944" "CVE-2024-42265" "CVE-2023-31083" "CVE-2024-46744";
commentPatches $script "0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch" "CVE-2016-20022/3.18" "CVE-2018-16597/4.4" "CVE-2019-19319/4.4" "CVE-2020-0305/4.4" "CVE-2020-0429/4.4" "CVE-2020-8992/4.4" "CVE-2021-1048/4.4" "CVE-2021-3428/4.4" "CVE-2021-20265/4.4" "CVE-2021-47277" "CVE-2021-47320" "CVE-2022-1184/4.4/0014.patch" "CVE-2022-1184/4.9/0007.patch" "CVE-2022-40768/4.9/0007.patch" "CVE-2022-40768/4.4/0008.patch" "CVE-2022-47929/4.4" "CVE-2023-0458" "CVE-2023-52435" "CVE-2024-26889" "CVE-2024-35954/^6.9" "CVE-2021-47495/4.4" "CVE-2024-44944" "CVE-2024-42265" "CVE-2023-31083" "CVE-2024-46744" "CVE-2024-44931";
#TODO: missing USB_SPEED_SUPER_PLUS
#sed -i 's|CVE-2016-20022/3.18|CVE-2016-20022/3.10|' $script;
done

View File

@ -1069,7 +1069,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43858/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43882/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43884/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43893/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44939/^6.9/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44944/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44947/4.4/0008.patch

View File

@ -1060,7 +1060,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43854/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43858/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43882/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43893/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44939/^6.9/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44944/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44947/4.4/0008.patch

View File

@ -874,7 +874,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43854/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43858/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43882/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43893/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44939/^6.9/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44944/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44947/4.4/0008.patch

View File

@ -895,7 +895,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43854/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43858/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43882/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43893/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44939/^6.9/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44944/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44947/4.4/0008.patch

View File

@ -883,7 +883,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43854/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43858/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43882/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43893/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44939/^6.9/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44944/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44947/4.4/0008.patch