14/19/20: November 2024 ASB Picks

Signed-off-by: Tavi <tavi@divested.dev>
2025-05-22 00:00:41 -04:00 · 2024-11-08 21:26:15 -05:00 · 2024-11-08 21:26:15 -05:00 · a245234db2
commit a245234db2
parent 5a8d90d2b1
10 changed files with 223 additions and 5 deletions
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@ -82,7 +82,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
 sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
 awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
 awk -i inplace '!/Exchange2/' target/product/core.mk;
-sed -i 's/2021-06-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-10 #XXX
+sed -i 's/2021-06-05/2024-11-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-11 #XXX
 fi;

 if enterAndClear "device/qcom/sepolicy"; then
@ -176,6 +176,10 @@ if enterAndClear "external/libxml2"; then
 applyPatch "$DOS_PATCHES/android_external_libxml2/367634.patch"; #n-asb-2023-10 malloc-fail: Fix OOB read after xmlRegGetCounter
 fi;

+if enterAndClear "external/skia"; then
+applyPatch "$DOS_PATCHES/android_external_skia/351107.patch"; #n-asb-2024-11 Avoid potential overflow when allocating 3D mask from emboss filter
+fi;
+
 if enterAndClear "external/sonivox"; then
 applyPatch "$DOS_PATCHES/android_external_sonivox/317038.patch"; #n-asb-2021-10 Fix global buffer overflow in WT_InterpolateNoLoop
 applyPatch "$DOS_PATCHES_COMMON/android_external_sonivox/391896.patch"; #n-asb-2024-05 Fix buffer overrun in eas_wtengine
@ -300,6 +304,8 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/399269.patch"; #n-asb-2024-08 R
 applyPatch "$DOS_PATCHES/android_frameworks_base/400926.patch"; #n-asb-2024-09 Sanitized uri scheme by removing scheme delimiter
 applyPatch "$DOS_PATCHES/android_frameworks_base/405038.patch"; #n-asb-2024-10 Fail parseUri if end is missing
 applyPatch "$DOS_PATCHES/android_frameworks_base/405039.patch"; #n-asb-2024-10 Update AccountManagerService checkKeyIntent.
+applyPatch "$DOS_PATCHES/android_frameworks_base/407791.patch"; #n-asb-2024-11 Remove authenticator data if it was disabled.
+applyPatch "$DOS_PATCHES/android_frameworks_base/407792.patch"; #n-asb-2024-11 Clear app-provided shortcut icons
 git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
 applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
@ -481,6 +487,7 @@ applyPatch "$DOS_PATCHES/android_packages_apps_Settings/345679.patch"; #n-asb-20
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/358738.patch"; #n-asb-2023-06 Convert argument to intent in AddAccountSettings.
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/367639.patch"; #n-asb-2023-10 Restrict ApnEditor settings
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/400927.patch"; #n-asb-2024-09 Limit wifi item edit content's max length to 500
+applyPatch "$DOS_PATCHES/android_packages_apps_Settings/407793.patch"; #n-asb-2024-11 startActivityForResult with new Intent
 git revert --no-edit 2ebe6058c546194a301c1fd22963d6be4adbf961; #Don't hide OEM unlock
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/201113.patch"; #wifi: Add world regulatory domain country code (syphyr)
 applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
--- a/Scripts/LineageOS-19.1/Functions.sh
+++ b/Scripts/LineageOS-19.1/Functions.sh
@ -68,7 +68,7 @@ patchWorkspaceReal() {

 	source build/envsetup.sh;
 	#repopick -ift twelve-bt-sbc-hd-dualchannel;
-	repopick -it S_asb_2024-10;
+	repopick -it S_asb_2024-11;

 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
--- a/Scripts/LineageOS-19.1/Patch.sh
+++ b/Scripts/LineageOS-19.1/Patch.sh
@ -95,7 +95,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_build/0001-verity-openssl3.patch"; #Fix
 sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches.
 awk -i inplace '!/updatable_apex.mk/' target/product/generic_system.mk; #Disable APEX
 sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS)
-sed -i 's/2024-09-05/2024-10-05/' core/version_defaults.mk; #Bump Security String #S_asb_2024-10
+sed -i 's/2024-10-05/2024-11-05/' core/version_defaults.mk; #Bump Security String #S_asb_2024-11
 fi;

 if enterAndClear "build/soong"; then
@ -133,6 +133,10 @@ sed -i '/LOCAL_MODULE/s/Camera/SecureCamera/' Android.mk; #Change module name
 sed -i '11iLOCAL_OVERRIDES_PACKAGES := Camera Camera2 LegacyCamera Snap OpenCamera' Android.mk; #Replace the others
 fi;

+if enterAndClear "external/skia"; then
+git fetch https://github.com/LineageOS/android_external_skia refs/changes/54/408154/1 && git cherry-pick FETCH_HEAD; #S_asb_2024-11 Avoid potential overflow when allocating 3D mask from emboss filter
+fi;
+
 if enterAndClear "frameworks/base"; then
 git revert --no-edit 83fe523914728a3674debba17a6019cb74803045; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch
 applyPatch "$DOS_PATCHES/android_frameworks_base/344888-backport.patch"; #fixup! fw/b: Add support for allowing/disallowing apps on cellular, vpn and wifi networks (CalyxOS)
--- a/Scripts/LineageOS-20.0/Functions.sh
+++ b/Scripts/LineageOS-20.0/Functions.sh
@ -162,7 +162,8 @@ patchWorkspaceReal() {
 			verifyAllPlatformTags;
 			gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";

-			#source build/envsetup.sh;
+			source build/envsetup.sh;
+			repopick -it T_asb_2024-11;

 			sh "$DOS_SCRIPTS/Patch.sh";
 			sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
--- a/Scripts/LineageOS-20.0/Patch.sh
+++ b/Scripts/LineageOS-20.0/Patch.sh
@ -125,6 +125,10 @@ sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requ
 sed -i -e '76,78d;' Android.bp; #fix compile under A13
 fi;

+if enterAndClear "external/skia"; then
+git fetch https://github.com/LineageOS/android_external_skia refs/changes/23/408123/1 && git cherry-pick FETCH_HEAD; #T_asb_2024-11 Avoid potential overflow when allocating 3D mask from emboss filter
+fi;
+
 if enterAndClear "frameworks/base"; then
 git revert --no-edit d36faad3267522c6d3ff91ba9dcca8f6274bccd1; #Reverts "JobScheduler: Respect allow-in-power-save perm" in favor of below patch
 git revert --no-edit 90d6826548189ca850d91692e71fcc1be426f453; #Reverts "Remove sensitive info from SUPL requests" in favor of below patch