From a9f445ad477dc4d9aa19ca8256e0c6cb24a632d6 Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 28 Oct 2021 17:40:56 -0400 Subject: [PATCH] 16.0: add land and santoni Signed-off-by: Tad --- Manifests/Manifest_LAOS-16.0.xml | 8 + .../android_bionic/0001-HM-Use_HM.patch | 3 - .../0001-No_SerialNum_Restrictions.patch | 3 - .../0002-Remove_Logo.patch | 3 - .../android_build/0001-OTA_Keys.patch | 3 - .../android_build/0002-Enable_fwrapv.patch | 3 - .../0001-Enable_fwrapv.patch | 3 - .../0001-Camera_Fix.patch | 3 - .../0006-Disable_Analytics.patch | 3 - .../0007-Always_Restict_Serial.patch | 3 - .../0008-Browser_No_Location.patch | 3 - .../0009-SystemUI_No_Permission_Review.patch | 3 - .../0011-Sensors.patch | 3 - .../0012-Private_DNS.patch | 7 +- .../0001-Sensors.patch | 3 - .../308977.patch | 3 - .../0001-Not_Private_Banner.patch | 3 - .../0001-Remove_Analytics.patch | 3 - .../0001-Captive_Portal_Toggle.patch | 3 - .../0002-Sensors-P1.patch | 3 - .../0002-Sensors-P2.patch | 3 - .../0004-Private_DNS.patch | 11 +- .../0001-Remove_Analytics.patch | 3 - .../0001-Server.patch | 3 - .../0002-Tor_Support.patch | 3 - .../0001-PREREQ_Handle_All_Modes.patch | 3 - .../0002-More_Preferred_Network_Modes.patch | 3 - .../android_system_core/0001-Harden.patch | 3 - .../0001-ext4_pad_filenames.patch | 3 - Scripts/Common/Fix_CVE_Patchers.sh | 1 + .../android_kernel_xiaomi_msm8937.sh | 364 ++++++++++++++++++ Scripts/LineageOS-16.0/Functions.sh | 6 +- Scripts/LineageOS-16.0/Patch.sh | 5 +- 33 files changed, 387 insertions(+), 93 deletions(-) create mode 100644 Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh diff --git a/Manifests/Manifest_LAOS-16.0.xml b/Manifests/Manifest_LAOS-16.0.xml index a71263ee..69c02175 100644 --- a/Manifests/Manifest_LAOS-16.0.xml +++ b/Manifests/Manifest_LAOS-16.0.xml @@ -107,6 +107,14 @@ + + + + + + + + diff --git a/Patches/LineageOS-16.0/android_bionic/0001-HM-Use_HM.patch b/Patches/LineageOS-16.0/android_bionic/0001-HM-Use_HM.patch index cab3f91d..2f923417 100644 --- a/Patches/LineageOS-16.0/android_bionic/0001-HM-Use_HM.patch +++ b/Patches/LineageOS-16.0/android_bionic/0001-HM-Use_HM.patch @@ -122,6 +122,3 @@ index 1ea4ac1a3..c86fbdaea 100644 static constexpr MallocDispatch __libc_malloc_default_dispatch __attribute__((unused)) = { --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch b/Patches/LineageOS-16.0/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch index 868c1344..66ccb027 100644 --- a/Patches/LineageOS-16.0/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch +++ b/Patches/LineageOS-16.0/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch @@ -37,6 +37,3 @@ index db5792b8..25df53a3 100644 } if (metadata["ota-type"] != "AB") { --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_bootable_recovery/0002-Remove_Logo.patch b/Patches/LineageOS-16.0/android_bootable_recovery/0002-Remove_Logo.patch index 4994e5d5..9ddd3694 100644 --- a/Patches/LineageOS-16.0/android_bootable_recovery/0002-Remove_Logo.patch +++ b/Patches/LineageOS-16.0/android_bootable_recovery/0002-Remove_Logo.patch @@ -47,6 +47,3 @@ index ea1f5c03..6fa29b39 100644 GRSurface* ic_back; GRSurface* ic_back_sel; --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch b/Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch index 88a13d3d..8e51d562 100644 --- a/Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch +++ b/Patches/LineageOS-16.0/android_build/0001-OTA_Keys.patch @@ -40,6 +40,3 @@ index 2c3f21f1db..a300efbcf5 100644 PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER := \ $(strip $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_DEX_PREOPT_DEFAULT_COMPILER_FILTER)) PRODUCT_DEX_PREOPT_DEFAULT_FLAGS := \ --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_build/0002-Enable_fwrapv.patch b/Patches/LineageOS-16.0/android_build/0002-Enable_fwrapv.patch index 09ad885a..fde4355c 100644 --- a/Patches/LineageOS-16.0/android_build/0002-Enable_fwrapv.patch +++ b/Patches/LineageOS-16.0/android_build/0002-Enable_fwrapv.patch @@ -21,6 +21,3 @@ index d570ccda8e..b200572d32 100644 + my_cflags += -fwrapv + endif +endif --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_build_soong/0001-Enable_fwrapv.patch b/Patches/LineageOS-16.0/android_build_soong/0001-Enable_fwrapv.patch index 391aedbe..b285a12e 100644 --- a/Patches/LineageOS-16.0/android_build_soong/0001-Enable_fwrapv.patch +++ b/Patches/LineageOS-16.0/android_build_soong/0001-Enable_fwrapv.patch @@ -51,6 +51,3 @@ index de970352e..17c11f8b1 100644 if Bool(sanitize.Properties.Sanitize.Diag.Undefined) { diagSanitizers = append(diagSanitizers, "undefined") } --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch b/Patches/LineageOS-16.0/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch index 49ef36f5..bf9672d5 100644 --- a/Patches/LineageOS-16.0/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch +++ b/Patches/LineageOS-16.0/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch @@ -29,6 +29,3 @@ index ed7babb..9c1f086 100755 r_dir_file(mediaserver, sysfs_esoc) #allow mediaserver system_app_data_file:file rw_file_perms; --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch b/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch index 4caffff6..076f065c 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/0006-Disable_Analytics.patch @@ -34,6 +34,3 @@ index e0c2d2dc6dde..85a669a4a6c1 100644 } String name = sa.getNonConfigurationString( --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0007-Always_Restict_Serial.patch b/Patches/LineageOS-16.0/android_frameworks_base/0007-Always_Restict_Serial.patch index 79a5a3b6..ca18a5d5 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/0007-Always_Restict_Serial.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/0007-Always_Restict_Serial.patch @@ -28,6 +28,3 @@ index 8f1692a24d27..fd4703094780 100644 // Check if this is a secondary process that should be incorporated into some // currently active instrumentation. (Note we do this AFTER all of the profiling --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0008-Browser_No_Location.patch b/Patches/LineageOS-16.0/android_frameworks_base/0008-Browser_No_Location.patch index 5c02091c..aa45f07f 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/0008-Browser_No_Location.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/0008-Browser_No_Location.patch @@ -29,6 +29,3 @@ index 1ae59cbea452..0b8231b16693 100644 } } --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch b/Patches/LineageOS-16.0/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch index cc9f71a1..728b8327 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch @@ -21,6 +21,3 @@ index 44eff665db9d..c924effe6933 100644 --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0011-Sensors.patch b/Patches/LineageOS-16.0/android_frameworks_base/0011-Sensors.patch index ba850499..25c45a9b 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/0011-Sensors.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/0011-Sensors.patch @@ -246,6 +246,3 @@ index 95ba50246db0..a6cf19f9be8a 100644 if (DEBUG) Slog.d(TAG, "startOperation: allowing code " + code + " uid " + uid + " package " + resolvedPackageName); if (op.startNesting == 0) { --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0012-Private_DNS.patch b/Patches/LineageOS-16.0/android_frameworks_base/0012-Private_DNS.patch index e2602540..bb9d6014 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/0012-Private_DNS.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/0012-Private_DNS.patch @@ -1,4 +1,4 @@ -From 99006a7ceb6cec2e5d54c9ed25c470c809e56157 Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 21 Oct 2021 20:54:37 -0400 Subject: [PATCH] Add more 'Private DNS' options @@ -21,7 +21,7 @@ Change-Id: Id75a774ce1ed109a83c6a5bf512536c643165d71 2 files changed, 170 insertions(+) diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java -index c5cb1f5b7cf8..e74637792128 100644 +index c5cb1f5b7cf8..bcd253836663 100644 --- a/core/java/android/net/ConnectivityManager.java +++ b/core/java/android/net/ConnectivityManager.java @@ -688,6 +688,58 @@ public class ConnectivityManager { @@ -226,6 +226,3 @@ index c0beb37577fc..97efcd8ff49d 100644 return new PrivateDnsConfig(useTls); } --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_frameworks_native/0001-Sensors.patch b/Patches/LineageOS-16.0/android_frameworks_native/0001-Sensors.patch index 72fc983b..a1d9b6a2 100644 --- a/Patches/LineageOS-16.0/android_frameworks_native/0001-Sensors.patch +++ b/Patches/LineageOS-16.0/android_frameworks_native/0001-Sensors.patch @@ -154,6 +154,3 @@ index 1c3e943543..142c5a274e 100644 return true; } --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch b/Patches/LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch index 506d82c8..da34e35f 100644 --- a/Patches/LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch +++ b/Patches/LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch @@ -99,6 +99,3 @@ index 2d5b798..b0de83b 100644 + return BitmapFactory.decodeResource(res, resId, options); + } } --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_packages_apps_Dialer/0001-Not_Private_Banner.patch b/Patches/LineageOS-16.0/android_packages_apps_Dialer/0001-Not_Private_Banner.patch index 75ca903a..9c8cd482 100644 --- a/Patches/LineageOS-16.0/android_packages_apps_Dialer/0001-Not_Private_Banner.patch +++ b/Patches/LineageOS-16.0/android_packages_apps_Dialer/0001-Not_Private_Banner.patch @@ -181,6 +181,3 @@ index 269b72111..ea45c9015 100644 @android:color/transparent true --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_packages_apps_LineageParts/0001-Remove_Analytics.patch b/Patches/LineageOS-16.0/android_packages_apps_LineageParts/0001-Remove_Analytics.patch index c4c3ad44..589c48ce 100644 --- a/Patches/LineageOS-16.0/android_packages_apps_LineageParts/0001-Remove_Analytics.patch +++ b/Patches/LineageOS-16.0/android_packages_apps_LineageParts/0001-Remove_Analytics.patch @@ -138,6 +138,3 @@ index 6833cfe..d06175e 100644 Date: Thu, 21 Oct 2021 21:09:38 -0400 Subject: [PATCH] Add more 'Private DNS' options @@ -123,10 +123,10 @@ index 652bc63ae3..6106900318 100644 android:id="@+id/private_dns_mode_opportunistic" android:text="@string/private_dns_mode_opportunistic" diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml -index 7d0b80d3c0..eea0f5a219 100644 +index 1150011970..23e6f595d1 100644 --- a/res/values/cm_strings.xml +++ b/res/values/cm_strings.xml -@@ -337,6 +337,21 @@ +@@ -342,6 +342,21 @@ Scramble layout Scramble PIN layout when unlocking device @@ -239,7 +239,7 @@ index 290ffd599e..a37b535660 100644 mMode = PRIVATE_DNS_MODE_OPPORTUNISTIC; break; diff --git a/src/com/android/settings/network/PrivateDnsPreferenceController.java b/src/com/android/settings/network/PrivateDnsPreferenceController.java -index 6f38569673..956e16a826 100644 +index 6f38569673..d24f9563f5 100644 --- a/src/com/android/settings/network/PrivateDnsPreferenceController.java +++ b/src/com/android/settings/network/PrivateDnsPreferenceController.java @@ -17,6 +17,19 @@ @@ -321,6 +321,3 @@ index 6f38569673..956e16a826 100644 case PRIVATE_DNS_MODE_OPPORTUNISTIC: // TODO (b/79122154) : create a string specifically for this, instead of // hijacking a string from notifications. This is necessary at this time --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch b/Patches/LineageOS-16.0/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch index b17fe14d..22bbfb8c 100644 --- a/Patches/LineageOS-16.0/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch +++ b/Patches/LineageOS-16.0/android_packages_apps_SetupWizard/0001-Remove_Analytics.patch @@ -182,6 +182,3 @@ index 1a9318d..e362841 100644 public static final String DISABLE_NAV_KEYS = "disable_nav_keys"; public static final String KEY_BUTTON_BACKLIGHT = "pre_navbar_button_backlight"; public static final String KEY_PRIVACY_GUARD = "privacy_guard_default"; --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_packages_apps_Updater/0001-Server.patch b/Patches/LineageOS-16.0/android_packages_apps_Updater/0001-Server.patch index 09c5e234..dd59422f 100644 --- a/Patches/LineageOS-16.0/android_packages_apps_Updater/0001-Server.patch +++ b/Patches/LineageOS-16.0/android_packages_apps_Updater/0001-Server.patch @@ -31,6 +31,3 @@ index eed4d56..f7f62e4 100644 } public static String getUpgradeBlockedURL(Context context) { --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_packages_apps_Updater/0002-Tor_Support.patch b/Patches/LineageOS-16.0/android_packages_apps_Updater/0002-Tor_Support.patch index 0d90e271..706f9f99 100644 --- a/Patches/LineageOS-16.0/android_packages_apps_Updater/0002-Tor_Support.patch +++ b/Patches/LineageOS-16.0/android_packages_apps_Updater/0002-Tor_Support.patch @@ -380,6 +380,3 @@ index f7f62e4..95b9acc 100644 return server + "?base=LineageOS&device=" + device + "&inc=" + incrementalVersion; } --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch b/Patches/LineageOS-16.0/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch index e8a4f4c6..9692f326 100644 --- a/Patches/LineageOS-16.0/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch +++ b/Patches/LineageOS-16.0/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch @@ -136,6 +136,3 @@ index f128f9a98..36b65e77c 100644 } @Override --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch b/Patches/LineageOS-16.0/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch index 4e42a0c9..e4f0d57d 100644 --- a/Patches/LineageOS-16.0/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch +++ b/Patches/LineageOS-16.0/android_packages_services_Telephony/0002-More_Preferred_Network_Modes.patch @@ -257,6 +257,3 @@ index 36b65e77c..968ec96bc 100644 } else { mButtonEnabledNetworks.setSummary(R.string.network_global); } --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_system_core/0001-Harden.patch b/Patches/LineageOS-16.0/android_system_core/0001-Harden.patch index 787306d6..00278816 100644 --- a/Patches/LineageOS-16.0/android_system_core/0001-Harden.patch +++ b/Patches/LineageOS-16.0/android_system_core/0001-Harden.patch @@ -53,6 +53,3 @@ index 9ad628b4e..4ed148857 100644 write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" --- -2.31.1 - diff --git a/Patches/LineageOS-16.0/android_system_extras/0001-ext4_pad_filenames.patch b/Patches/LineageOS-16.0/android_system_extras/0001-ext4_pad_filenames.patch index 885de05f..8eceaceb 100644 --- a/Patches/LineageOS-16.0/android_system_extras/0001-ext4_pad_filenames.patch +++ b/Patches/LineageOS-16.0/android_system_extras/0001-ext4_pad_filenames.patch @@ -64,6 +64,3 @@ index 95b67a1c..35bd1663 100644 LOG(ERROR) << "Failed to find matching encryption policy for " << directory; return false; } --- -2.31.1 - diff --git a/Scripts/Common/Fix_CVE_Patchers.sh b/Scripts/Common/Fix_CVE_Patchers.sh index 84aa094d..08c9b0ee 100644 --- a/Scripts/Common/Fix_CVE_Patchers.sh +++ b/Scripts/Common/Fix_CVE_Patchers.sh @@ -80,6 +80,7 @@ commentPatches android_kernel_samsung_smdk4412.sh "CVE-2012-2127" "CVE-2016-8463 commentPatches android_kernel_samsung_tuna.sh "CVE-2012-2127"; commentPatches android_kernel_samsung_universal8890.sh "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166"; commentPatches android_kernel_samsung_universal9810.sh "CVE-2020-1749"; +commentPatches android_kernel_xiaomi_msm8937.sh "CVE-2017-13162" "CVE-2019-14070" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-16166"; commentPatches android_kernel_xiaomi_sm8150.sh "CVE-2020-24588/4.14/0018.patch"; commentPatches android_kernel_xiaomi_sm8250.sh "CVE-2018-5873" "CVE-2020-1749" "CVE-2021-3444" "CVE-2021-3600"; commentPatches android_kernel_yandex_sdm660.sh "CVE-2019-11599" "CVE-2019-14070/ANY/0005.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992" "CVE-2020-16166"; diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh new file mode 100644 index 00000000..dd900011 --- /dev/null +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_xiaomi_msm8937.sh @@ -0,0 +1,364 @@ +#!/bin/bash +cd "$DOS_BUILD_BASE""kernel/xiaomi/msm8937" +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0019.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0028.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0029.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0030.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0031.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0032.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0033.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0034.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0035.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0036.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0037.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0040.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0041.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0042.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0045.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0046.patch +git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0050.patch +git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-0571/qcacld-2.0/0004.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-0571/qcacld-2.0/0006.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-0571/qcacld-2.0/0007.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-0571/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1339/^4.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7833/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7884/^4.3.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7885/^4.3.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8104/^4.2.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8553/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8709/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8844/^4.3.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8845/^4.4.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8953/^4.2.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2069/3.18/0013.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2069/3.18/0014.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2184/3.18/0011.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6130/^4.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6197/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6198/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6198/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8630/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8646/^4.3.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9756/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10741/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-10906/^4.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0627/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-2583/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5549/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5551/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5669/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6001/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7273/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7518/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9605/^4.11.4/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-10911/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11031/3.18/0001.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.18/0010.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13220/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15951/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16536/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16644/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16994/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16995/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-17741/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18216/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18509/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000370/^4.11.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1066/3.18/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5825/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8087/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10323/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13094/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13914/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-14612/3.18/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18690/3.18/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-20856/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-21008/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2213/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2214/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3846/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3882/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10536/qcacld-2.0/0001.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10555/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10567/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12614/^5.1.6/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12881/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13631/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13648/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14038/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14039/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0002.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14070/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14284/3.18/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14814/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14821/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14835/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14895/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14896/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14901/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15098/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15117/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15118/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15211/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15215/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15217/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15220/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15505/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16232/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16233/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16413/3.18/0007.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16746/3.18/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17053/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17054/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17055/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17056/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17075/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17133/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17666/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18683/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/3.18/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/^5.3.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/^5.3.11/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19052/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19054/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19056/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19057/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19060/3.18/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19061/3.18/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19062/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19063/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19227/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19318/3.18/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19332/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19447/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19448/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19524/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19528/^5.3.7/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19528/^5.3.7/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19530/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19531/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19532/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19533/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19534/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19536/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19537/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19813/3.18/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19947/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19965/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20636/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20810/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20812/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-25045/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0009/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0040/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0255/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0404/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0423/3.18/0006.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0427/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0429/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0431/^3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0444/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0465/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3610/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3625/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3699/qcacld-2.0/0001.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8647/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8648/3.18/0010.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8648/3.18/0011.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8648/3.18/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8694/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10711/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10732/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10773/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-10942/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11116/qcacld-2.0/0002.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11131/qcacld-2.0/0001.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11160/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11239/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11261/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11267/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11267/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11282/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11286/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11309/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11494/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11565/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11609/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11668/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/3.6-^5.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0011.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12652/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12654/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12656/^5.6.10/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12770/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12771/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12826/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-13143/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-13974/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14314/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14331/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14351/3.18/0009.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14381/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14390/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14416/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15436/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.14/0003.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16166/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25211/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25212/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25284/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25285/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25643/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25668/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25669/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25671/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25672/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-25673/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26088/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26139/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26146/qcacld-2.0/0002.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26147/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27066/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27068/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27675/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27815/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27825/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-28097/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-28915/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-28915/3.18/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-28915/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-28974/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29371/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29661/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-35508/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-35519/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36158/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-36312/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0399/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0512/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0605/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0695/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3178/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3428/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3483/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3564/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3573/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3612/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3655/^5.13/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3659/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3715/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3896/^5.15/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-20321/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-23133/3.18/0015.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-23133/3.18/0016.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-23133/3.18/0017.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-26930/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-27363/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-27365/3.18/0015.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-27365/3.18/0016.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28660/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28688/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28964/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-28972/3.18/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-29650/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-30002/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-31916/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-32399/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-33909/3.18/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-34693/3.18/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-38204/^5.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-40490/3.9-^5.14/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0002.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0005.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0013.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0014.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0015.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0016.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0017.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0018.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0019.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0043.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0 +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch +editKernelLocalversion "-dos.p360" +cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index 4dcebb8d..ea3aa913 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -19,7 +19,7 @@ umask 0022; #Last verified: 2021-10-16 patchAllKernels() { - startPatcher "kernel_asus_fugu kernel_asus_msm8953 kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_google_yellowstone kernel_lge_hammerhead"; + startPatcher "kernel_asus_fugu kernel_asus_msm8953 kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_google_yellowstone kernel_lge_hammerhead kernel_xiaomi_msm8937"; } export -f patchAllKernels; @@ -63,6 +63,10 @@ buildAll() { buildDevice kipper; #SD625 buildDevice zenfone3; #broken - ninja: error: 'android.hidl.base@1.0.so', missing and no known rule to make it + #SD430 + buildDevice land; + #SD435 + buildDevice santoni; #Intel buildDevice fugu; #broken - ninja: error: 'libpcre2.so' missing and no known rule to make it #Tegra diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 0781e6e5..37fe95c4 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -113,7 +113,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then applyPatch "$DOS_PATCHES/android_framew applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; #Permission for sensors access (MSe1969) -applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) +#applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG) if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service @@ -207,7 +207,7 @@ git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM u applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P1.patch"; #Permission for sensors access (MSe1969) applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch"; -applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) +#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #TODO: Needs work sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options @@ -318,6 +318,7 @@ removeBuildFingerprints; #Fix broken options enabled by hardenDefconfig() sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/asus/msm8953/arch/arm64/configs/*_defconfig; #Breaks on compile sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/yellowstone/arch/arm*/configs/*_defconfig; #Breaks on compile +sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/xiaomi/msm8937/arch/arm64/configs/*_defconfig; #Breaks on compile sed -i 's/^YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10 rm -v kernel/*/*/drivers/staging/greybus/tools/Android.mk || true;