Tweaks

Signed-off-by: Tavi <tavi@divested.dev>

Logs/resetWorkspace-LineageOS-20.0.txt

@@ -198,7 +198,7 @@ external/catch2 5f8628024c5a9219caa004d6a9547aacd9ba94c1
 external/cblas 4fdeda64177f60e1b226349885b3c0ea016f3068
 external/cbor-java 6b4b6adc5ff8f91e2ddef14adf510e14aaf90204
 external/chromium-trace 9456b95a6d4b95c765c9f2264a71b0334f6cf8d7
-external/chromium-webview 48479596950b807dd47b4a20f330c6351658ee70
+external/chromium-webview dc87c4cfb6a0df1c9f80dc160ff00a5527e1a631
 external/clang 9fae335badf26813486d207b69928d38b979e522
 external/cldr 7518f37169bd87d6977244e4d7471bc48fcd62e0
 external/cn-cbor 7b581886d1830f50c3ab104a56b7ab931779466f
@@ -1013,7 +1013,7 @@ kernel/prebuilts/common-modules/virtual-device/mainline/x86-64 3e167c39dd51744d8
 kernel/prebuilts/mainline/arm64 9540c4e81f937973970c3a60c82e4896d5a0287b
 kernel/prebuilts/mainline/x86_64 71bf770c97cd6e3dadbfd49a90b983685daf3e41
 kernel/razer/msm8998 f72e9e04a0c29e64fc621090e7a6169a3327f886
-kernel/razer/sdm845 bfa5c65ed9744ce08266a05de3223e0701a43437
+kernel/razer/sdm845 b022d6171b21e25def860985f43043262c5972fa
 kernel/samsung/exynos9810 6a9461f9460ca51d1217e5069a5d5556fcc79e63
 kernel/sony/sdm660 3e2dae044d515ec25c87cd3b02a2831be858c6fc
 kernel/sony/sdm845 4ee668ab2da1095a1373ba5dee5762a43bbe1bc3

Patches/Linux

@@ -1 +1 @@
-Subproject commit 9870a9389372c31d94cc9bf4a77954af480b104b
+Subproject commit aed642192aef478a0b15e0a368de0b363780323d

Scripts/Common/Fix_CVE_Patchers.sh

@@ -55,8 +55,8 @@ commentPatches android_kernel_google_bonito.sh "CVE-2020-0067";
 commentPatches android_kernel_google_coral.sh "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992" "CVE-2021-30324";
 commentPatches android_kernel_google_dragon.sh "0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch" "0008-Graphene-Kernel_Hardening-ro" "CVE-2015-4167" "CVE-2017-15951" "CVE-2016-1237" "CVE-2016-6198" "CVE-2017-7374" "CVE-2018-17972" "CVE-2019-2214" "CVE-2021-39715/ANY/0001.patch";
 commentPatches android_kernel_google_crosshatch.sh "CVE-2020-0067";
-commentPatches android_kernel_google_gs101_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch";
-commentPatches android_kernel_google_gs201_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch";
+commentPatches android_kernel_google_gs101_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch" "CVE-2024-26882";
+commentPatches android_kernel_google_gs201_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch" "CVE-2024-26882";
 commentPatches android_kernel_google_marlin.sh "0001-LinuxIncrementals/3.18/3.18.0098-0099.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0048.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0049.patch" "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2017-13162/3.18/0001.patch" "CVE-2017-14883" "CVE-2017-15951" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2021-39715/ANY/0001.patch" "CVE-2022-42896/4.9";
 commentPatches android_kernel_google_msm.sh "CVE-2017-11015/prima" "CVE-2021-Misc2/ANY/0031.patch";
 commentPatches android_kernel_google_msm-4.9.sh "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-1749" "CVE-2020-8992" "CVE-2021-30324" "CVE-2021-45469";

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs101_private_gs-google.sh

@@ -377,10 +377,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26833/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26839/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26843/5.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26844/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26845/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26846/5.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26849/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26852/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26855/5.10/0002.patch
@@ -394,7 +392,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26874/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26877/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26880/5.10/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26882/5.10/0002.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26882/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26883/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26884/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/5.10/0004.patch
@@ -409,7 +407,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27437/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26750/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26812/5.10/0004.patch
-editKernelLocalversion "-dos.p409"
+editKernelLocalversion "-dos.p407"
 else echo "kernel_google_gs101_private_gs-google is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs201_private_gs-google.sh

@@ -375,10 +375,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26833/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26839/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26843/5.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26844/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26845/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26846/5.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26849/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26852/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26855/5.10/0002.patch
@@ -392,7 +390,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26874/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26877/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26880/5.10/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26882/5.10/0002.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26882/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26883/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26884/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/5.10/0004.patch
@@ -407,7 +405,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27437/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26750/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26812/5.10/0004.patch
-editKernelLocalversion "-dos.p407"
+editKernelLocalversion "-dos.p405"
 else echo "kernel_google_gs201_private_gs-google is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"

Scripts/LineageOS-20.0/Patch.sh

@@ -577,6 +577,7 @@ enableAutoVarInit || true;
 changeDefaultDNS; #Change the default DNS servers
 fixupCarrierConfigs || true; #Remove silly carrier restrictions
 removeUntrustedCerts || true;
+sed -i 's/SSLv23_NO_TLSv1_2/TLSv1_2/' device/*/*/gps*xml* device/*/*/location/gps*xml* device/*/*/gnss/*/config/gps*xml*; #Enforce TLSv1.2 for SUPL on Tensor devices (GrapheneOS)
 cd "$DOS_BUILD_BASE";
 #rm -rfv device/*/*/overlay/CarrierConfigResCommon device/*/*/rro_overlays/CarrierConfigOverlay device/*/*/overlay/packages/apps/CarrierConfig/res/xml/vendor.xml;