Tweaks

Signed-off-by: Tavi <tavi@divested.dev>
2025-05-06 08:24:57 -04:00 · 2024-04-22 09:44:47 -04:00 · 2024-04-22 09:44:47 -04:00 · a19f71a8b8
commit a19f71a8b8
parent 44358b5ba2
6 changed files with 10 additions and 13 deletions
--- a/Scripts/Common/Fix_CVE_Patchers.sh
+++ b/Scripts/Common/Fix_CVE_Patchers.sh
@ -55,8 +55,8 @@ commentPatches android_kernel_google_bonito.sh "CVE-2020-0067";
 commentPatches android_kernel_google_coral.sh "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992" "CVE-2021-30324";
 commentPatches android_kernel_google_dragon.sh "0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch" "0008-Graphene-Kernel_Hardening-ro" "CVE-2015-4167" "CVE-2017-15951" "CVE-2016-1237" "CVE-2016-6198" "CVE-2017-7374" "CVE-2018-17972" "CVE-2019-2214" "CVE-2021-39715/ANY/0001.patch";
 commentPatches android_kernel_google_crosshatch.sh "CVE-2020-0067";
-commentPatches android_kernel_google_gs101_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch";
-commentPatches android_kernel_google_gs201_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch";
+commentPatches android_kernel_google_gs101_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch" "CVE-2024-26882";
+commentPatches android_kernel_google_gs201_private_gs-google.sh "CVE-2021-29648/^5.11/0001.patch" "CVE-2023-6817/5.10/0002.patch" "CVE-2023-52462/5.10/0002.patch" "CVE-2024-26733/5.10/0002.patch" "CVE-2024-26882";
 commentPatches android_kernel_google_marlin.sh "0001-LinuxIncrementals/3.18/3.18.0098-0099.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0048.patch" "0006-AndroidHardening-Kernel_Hardening/3.18/0049.patch" "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2017-13162/3.18/0001.patch" "CVE-2017-14883" "CVE-2017-15951" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2021-39715/ANY/0001.patch" "CVE-2022-42896/4.9";
 commentPatches android_kernel_google_msm.sh "CVE-2017-11015/prima" "CVE-2021-Misc2/ANY/0031.patch";
 commentPatches android_kernel_google_msm-4.9.sh "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-1749" "CVE-2020-8992" "CVE-2021-30324" "CVE-2021-45469";
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs101_private_gs-google.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs101_private_gs-google.sh
@ -377,10 +377,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26833/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26839/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26843/5.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26844/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26845/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26846/5.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26849/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26852/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26855/5.10/0002.patch
@ -394,7 +392,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26874/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26877/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26880/5.10/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26882/5.10/0002.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26882/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26883/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26884/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/5.10/0004.patch
@ -409,7 +407,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27437/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26750/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26812/5.10/0004.patch
-editKernelLocalversion "-dos.p409"
+editKernelLocalversion "-dos.p407"
 else echo "kernel_google_gs101_private_gs-google is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs201_private_gs-google.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_gs201_private_gs-google.sh
@ -375,10 +375,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26833/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26839/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26840/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26843/5.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26844/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26845/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26846/5.10/0002.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26849/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26851/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26852/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26855/5.10/0002.patch
@ -392,7 +390,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26874/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26875/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26877/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26880/5.10/0004.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26882/5.10/0002.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26882/5.10/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26883/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26884/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26889/5.10/0004.patch
@ -407,7 +405,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27437/5.10/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/5.10/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26750/^6.8/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-26812/5.10/0004.patch
-editKernelLocalversion "-dos.p407"
+editKernelLocalversion "-dos.p405"
 else echo "kernel_google_gs201_private_gs-google is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-20.0/Patch.sh
+++ b/Scripts/LineageOS-20.0/Patch.sh
@ -577,6 +577,7 @@ enableAutoVarInit || true;
 changeDefaultDNS; #Change the default DNS servers
 fixupCarrierConfigs || true; #Remove silly carrier restrictions
 removeUntrustedCerts || true;
+sed -i 's/SSLv23_NO_TLSv1_2/TLSv1_2/' device/*/*/gps*xml* device/*/*/location/gps*xml* device/*/*/gnss/*/config/gps*xml*; #Enforce TLSv1.2 for SUPL on Tensor devices (GrapheneOS)
 cd "$DOS_BUILD_BASE";
 #rm -rfv device/*/*/overlay/CarrierConfigResCommon device/*/*/rro_overlays/CarrierConfigOverlay device/*/*/overlay/packages/apps/CarrierConfig/res/xml/vendor.xml;