From 9af1881a89dbff0076bbb3b2bd55d6d06088183c Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 19 Jul 2018 22:15:20 -0400 Subject: [PATCH] Many changes - 15.1: Fix build - 15.1: Add jfltexx - 15.1: Add CVE patchers for jf and fugu - Manifests: Add Intel repos back - Overlay: Add more default apps to launcher - Remove more blobs --- Manifests/Manifest_AOSP-8.1.xml | 14 -- Manifests/Manifest_LAOS-14.1.xml | 13 -- Manifests/Manifest_LAOS-15.1.xml | 9 +- .../packages/SystemUI/res/values/config.xml | 3 - .../apps/Settings/res/values/config.xml | 6 - .../res/xml/default_workspace_4x4.xml | 20 ++- .../res/xml/default_workspace_5x5.xml | 20 ++- .../res/xml/default_workspace_5x6.xml | 20 ++- Scripts/Common/Deblob.sh | 4 +- Scripts/Common/Functions.sh | 2 +- Scripts/LineageOS-14.1/Functions.sh | 5 +- .../CVE_Patchers/android_kernel_asus_fugu.sh | 131 ++++++++++++++++++ .../CVE_Patchers/android_kernel_samsung_jf.sh | 63 +++++++++ Scripts/LineageOS-15.1/Functions.sh | 5 +- Scripts/LineageOS-15.1/Patch.sh | 1 + 15 files changed, 265 insertions(+), 51 deletions(-) create mode 100644 Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_fugu.sh create mode 100644 Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_jf.sh diff --git a/Manifests/Manifest_AOSP-8.1.xml b/Manifests/Manifest_AOSP-8.1.xml index 2f800675..964c0726 100644 --- a/Manifests/Manifest_AOSP-8.1.xml +++ b/Manifests/Manifest_AOSP-8.1.xml @@ -8,20 +8,6 @@ - - - - - - - - - - - - - - diff --git a/Manifests/Manifest_LAOS-14.1.xml b/Manifests/Manifest_LAOS-14.1.xml index c04bed56..abe59b73 100644 --- a/Manifests/Manifest_LAOS-14.1.xml +++ b/Manifests/Manifest_LAOS-14.1.xml @@ -21,14 +21,6 @@ - - - - - - - - @@ -59,11 +51,6 @@ - - - - - diff --git a/Manifests/Manifest_LAOS-15.1.xml b/Manifests/Manifest_LAOS-15.1.xml index 0baaa4c9..bad1a3a4 100644 --- a/Manifests/Manifest_LAOS-15.1.xml +++ b/Manifests/Manifest_LAOS-15.1.xml @@ -46,11 +46,6 @@ - - - - - @@ -198,6 +193,10 @@ + + + + diff --git a/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/packages/SystemUI/res/values/config.xml b/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/packages/SystemUI/res/values/config.xml index d93b0f49..5dfb4740 100644 --- a/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/packages/SystemUI/res/values/config.xml +++ b/Patches/Common/android_vendor_divested/overlay/common/frameworks/base/packages/SystemUI/res/values/config.xml @@ -26,7 +26,4 @@ false - - false - diff --git a/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Settings/res/values/config.xml b/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Settings/res/values/config.xml index 0132b111..2f71f180 100644 --- a/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Settings/res/values/config.xml +++ b/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Settings/res/values/config.xml @@ -10,10 +10,4 @@ true - - false - - - false - diff --git a/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_4x4.xml b/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_4x4.xml index fca97b26..b99cab45 100644 --- a/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_4x4.xml +++ b/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_4x4.xml @@ -17,7 +17,7 @@ - + + + + + + + diff --git a/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_5x5.xml b/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_5x5.xml index fca97b26..b99cab45 100644 --- a/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_5x5.xml +++ b/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_5x5.xml @@ -17,7 +17,7 @@ - + + + + + + + diff --git a/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_5x6.xml b/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_5x6.xml index 39c8d350..e22af4dc 100644 --- a/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_5x6.xml +++ b/Patches/Common/android_vendor_divested/overlay/common/packages/apps/Trebuchet/res/xml/default_workspace_5x6.xml @@ -17,7 +17,7 @@ - + + + + + + + diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh index abcd6a1f..bcde108f 100755 --- a/Scripts/Common/Deblob.sh +++ b/Scripts/Common/Deblob.sh @@ -22,7 +22,7 @@ # #Device Status (Tested under LineageOS 14.1 and 15.1) # -#Functioning as Expected: bacon, clark, d852, mako, marlin, thor +#Functioning as Expected: bacon, clark, d852, grouper, mako, marlin, thor #Partially working: #Not booting: @@ -229,7 +229,7 @@ echo "Deblobbing..." blobs=$blobs"|libQtiTether.so|QtiTetherService.apk"; #RCS (Proprietary messaging protocol) - blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk"; #RCS + blobs=$blobs"|rcsimssettings.jar|rcsimssettings.xml|rcsservice.jar|rcsservice.xml|lib-imsrcscmclient.so|lib-ims-rcscmjni.so|lib-imsrcscmservice.so|lib-imsrcscm.so|lib-imsrcs.so|lib-rcsimssjni.so|lib-rcsjni.so|RCSBootstraputil.apk|RcsImsBootstraputil.apk|uceShimService.apk"; #RCS makes=$makes"|rcs_service.*"; #SecProtect [Qualcomm] diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 6b149d00..5a0fe361 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -213,7 +213,7 @@ changeDefaultDNS() { dnsSecondary="1.1.1.1"; dnsSecondaryV6="2606:4700:4700::1111"; elif [[ "$DOS_DEFAULT_DNS_PRESET" == "OpenNIC" ]]; then #https://servers.opennicproject.org/edit.php?srv=ns3.any.dns.opennic.glue - dnsPrimary="169.239.202.202"; + dnsPrimary="169.239.202.202"; #RIP dnsPrimaryV6="2a05:dfc7:5353::53"; dnsSecondary="185.121.177.177"; dnsSecondaryV6="2a05:dfc7:5::53"; diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index b4f001c5..74d36952 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -50,7 +50,6 @@ buildAll() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanWorkspaceForMalware; fi; #Select devices are userdebug due to SELinux policy issues #TODO: Add athene, pme, t0lte, hlte, sumire, dogo, espresso - brunch lineage_thor-userdebug; #deprecated brunch lineage_clark-user; brunch lineage_FP2-user; brunch lineage_grouper-user; #deprecated @@ -63,6 +62,7 @@ buildAll() { brunch lineage_manta-user; #deprecated brunch lineage_n5110-user; brunch lineage_osprey-user; + brunch lineage_thor-userdebug; #deprecated brunch lineage_Z00T-user; #The following are all superseded, and should only be enabled if the newer version is broken (not building/booting/etc.) @@ -94,7 +94,8 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/cm"; fi; - #source build/envsetup.sh; + source build/envsetup.sh; + repopick -t n_asb_07-2018; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Defaults.sh"; diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_fugu.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_fugu.sh new file mode 100644 index 00000000..49cd143b --- /dev/null +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_fugu.sh @@ -0,0 +1,131 @@ +#!/bin/bash +cd "$DOS_BUILD_BASE""kernel/asus/fugu" +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0010.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0011.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0013.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0014.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0015.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0016.patch +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/3.10/0017.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-Accelerated_AES/3.10+/0011.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-Accelerated_AES/3.10+/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/0013-syskaller-Misc/ANY/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-2523/^3.13/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-4943/^3.15/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8160/^3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-8173/3.9-^3.12/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9420/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9683/^3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9715/^3.14/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9892/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1420/3.2-^3.19/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7550/^4.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8215/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8944/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8955/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8967/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0758/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10208/3.10-^3.16/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2187/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2188/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2384/^4.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2438/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2544/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2545/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3070/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3136/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3137/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3138/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3140/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3689/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8453/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8464/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8650/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9576/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9604/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0449/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0537/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0564/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0824/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0862/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000251/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000365/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000410/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11089/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11600/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.10/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13168/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13216/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13273/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13292/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15868/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16531/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16534/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16538/^4.13/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16643/3.5+/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16645/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16939/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2618/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2671/^4.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5669/^4.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6345/^4.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6951/^3.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7472/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7533/3.10/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7541/3.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1092/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch +editKernelLocalversion "-dos.p127" +cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_jf.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_jf.sh new file mode 100644 index 00000000..fa81d330 --- /dev/null +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_samsung_jf.sh @@ -0,0 +1,63 @@ +#!/bin/bash +cd "$DOS_BUILD_BASE""kernel/samsung/jf" +git apply $DOS_PATCHES_LINUX_CVES/0007-Copperhead-Kernel_Hardening/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-Accelerated_AES/3.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/0012-Copperhead-Deny_USB/3.4/3.4-Backport.patch +git apply $DOS_PATCHES_LINUX_CVES/0013-syskaller-Misc/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0013-syskaller-Misc/ANY/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-0801/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10233/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3854/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6791/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7117/^4.5/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0430/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0573/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0706/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0791/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11089/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11090/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-12153/3.2-^3.16/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13080/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13215/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13292/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15265/^4.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16525/^4.13/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16526/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16532/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16533/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16535/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16537/^4.13/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17558/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17806/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch +editKernelLocalversion "-dos.p59" +cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 1ecf69c3..6cf66618 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -18,7 +18,7 @@ #Last verified: 2018-04-27 patchAllKernels() { - startPatcher "kernel_asus_fugu kernel_essential_msm8998 kernel_google_dragon kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974 kernel_samsung_universal9810"; + startPatcher "kernel_asus_fugu kernel_essential_msm8998 kernel_google_dragon kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_jf kernel_samsung_msm8974 kernel_samsung_universal9810"; } export -f patchAllKernels; @@ -56,7 +56,7 @@ buildAll() { brunch lineage_bullhead-user; #brunch lineage_clark-eng; brunch lineage_d802-user; - brunch lineage_d855-user; #broken upstream - recovery updater + #brunch lineage_d855-user; #broken upstream - recovery updater brunch lineage_dragon-user; brunch lineage_ether-user; brunch lineage_flo-user; @@ -65,6 +65,7 @@ buildAll() { brunch lineage_griffin-user; brunch lineage_h850-user; brunch lineage_hammerhead-user; + #brunch lineage_jfltexx-user; #still in bringup brunch lineage_klte-user; brunch lineage_m8-user; brunch lineage_marlin-user; diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 51dfffdd..027ffa65 100755 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -67,6 +67,7 @@ awk -i inplace '!/PRODUCT_EXTRA_RECOVERY_KEYS/' core/product.mk; sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; enterAndClear "device/lineage/sepolicy"; +git revert f1ad32105599a0b71702f840b2deeb6849f1ae80; #neverallow violation git revert c9b0d95630b82cd0ad1a0fc633c6d59c2cb8aad7 37422f7df389f3ae5a34ee3d6dd9354217f9c536; #neverallow violation enterAndClear "device/qcom/sepolicy";