Better patching of CVE-2024-43047

All 4.9 and higher Qualcomm devices are now patched Signed-off-by: Tavi <tavi@divested.dev>
2025-01-12 16:09:36 -05:00 · 2024-10-10 21:33:33 -04:00 · 2024-10-10 21:33:33 -04:00 · b060b68316
commit b060b68316
parent 4256660b1a
7 changed files with 23 additions and 15 deletions
--- a/Logs/resetWorkspace-LineageOS-19.1.txt
+++ b/Logs/resetWorkspace-LineageOS-19.1.txt
@ -5,7 +5,7 @@ bootable/libbootloader b44eeefd365e023a96ea36682cc60b46827a47cc
 bootable/recovery 7c1eb300fbcf789024da690c96adb167d31aa5a5
 build/bazel f3015c3bbd520d95216123e6761a2860e17acebf
 build/blueprint c24408d5ae37cbcbec15205a02812b7d6c563b90
-build/make 9ce529efc10432da0fe7468848ee703726ce969d
+build/make 337e73b8ec838302c021e651bf9cb11a4abb1242
 build/pesto 0f35caa8191635ace102f6d8c96318c5ed52dfe3
 build/soong 59d5b37cce358e0d300392676d64191d3938608f
 compatibility/cdd 43611a0b6d2c62ae1d08d951fccf8f2ab8dc60c6
@ -620,8 +620,8 @@ external/zlib a6339944368306c93d2d505e2f62d6b58f8d2fb4
 external/zopfli 8637d0c2c9bad61506e1633cb221a418421c9f02
 external/zstd 72b884f7fb33ebdebc0f61b5d0fb00fd6ca4713f
 external/zxing c52e3ef5b428edbd4d4b2d51f67e673fe04ce09e
-frameworks/av e9b312c236408b1d33cb9209fb0686c7ae4171a1
+frameworks/av 192b10501d328aacddf2a2e109f59d79310b5bfd
-frameworks/base ef50b9e77a439f30cb01b0a557c06d57434c76f4
+frameworks/base 1c3880c82cd574b577770910ea42a36e4ee5c596
 frameworks/compile/libbcc 879916155c7757ba3a77c880ab1e949e8c6ed74b
 frameworks/compile/mclinker 3f42d04145e3c2f6bd6f236bc4eb4630d84fb3b7
 frameworks/compile/slang 5ad64063eeff6dd6c6affce457ed169e0e7b2a03
@ -860,7 +860,7 @@ packages/apps/RemoteProvisioner 6e8aab132163250f8cde77004aee24756312ef01
 packages/apps/SafetyRegulatoryInfo 6264264eb9b2d2dfa2ac7b7a8e07a231c3d2147e
 packages/apps/SecureElement d052b0b1d1abda205590db2e7db08b377a8e0cb0
 packages/apps/Seedvault 2b2bf5ba8844f54ca685a3db831e8c4053015280
-packages/apps/Settings 9c137c4f7f85dbf9999fcff322efb748eab421f5
+packages/apps/Settings 8aa035ef1c5c1b957068213f241ca5af0f927b34
 packages/apps/SettingsIntelligence a0ae307ead24614b2d5c8a6cc5966bc5f8454145
 packages/apps/SetupWizard 2a007324a9e710b969de8faa5d1bd82d6ff5c2ea
 packages/apps/SimpleDeviceConfig 82d31b18dd2550e05f89248f128cb571eecc863a
@ -896,7 +896,7 @@ packages/modules/ModuleMetadata 44ecc35f0f54fb524ff964b9e3f475e06e1768fa
 packages/modules/NetworkPermissionConfig a3d6942d48cd795419e96efa63c1e45cd7ff5c6b
 packages/modules/NetworkStack adfbdeedd0072d9a544d079faecc9f65de3d219d
 packages/modules/NeuralNetworks 9e49b2041e6cb2255174089b3989f4742276dc77
-packages/modules/Permission d18fe94fdd8d38f2b801c43f92a4f2566d69b4ef
+packages/modules/Permission 226a14247a73d32a35efaf729793c61b1f9eb9c5
 packages/modules/RuntimeI18n 2ce6cc4e8d868fd9b87b5a180086359b5cb2266e
 packages/modules/Scheduling c525da7006edd882bd18065af7b2ce5b72222edd
 packages/modules/SdkExtensions 157c361197f1902b4432533e9f9f63c497f28cee
@ -928,7 +928,7 @@ packages/services/Car ea61de5da690e232704c16fe60917d6d973600b0
 packages/services/Iwlan 0155305af7916e8c459e9df3bdd7a813fa24869d
 packages/services/Mms 5e55f99e5e7a2bd42b1c6a7d5be8e590f8d2f923
 packages/services/Mtp 89646079f88772f19a02c6611ab103c0e8b09bff
-packages/services/Telecomm 60fac7ba1f9edf00da925f57c91e8838ac595440
+packages/services/Telecomm dff9c5222400e195cc9a61c92c797e1626d61cf4
 packages/services/Telephony 0395f1beb8864f31bddc096e50e2f3e0fb6aa4df
 packages/wallpapers/ImageWallpaper 0a1680f07b09889c7642a775b6bb69d1b27f9b09
 packages/wallpapers/LivePicker f55523ca920efcff9c5c114ec925c9dcbd5b7dd6
@ -996,7 +996,7 @@ sdk b3f92fe65cc033dc02107cc127e0ae0e2a50a967
 system/apex e0731e932301591d3e86c7927fd8fa08bb585ae9
 system/bpf bb1485f836d496570a337f6d7b809a3e44191f71
 system/bpfprogs ed0aa6f1dac65b12a3eb1c3ee72947c9cb308aa4
-system/bt dd99e2366adbdac7f05aa1c162f887555d2afa78
+system/bt 58c3eecd7d4edd3b5ff0d6f7332d28496c1bbb56
 system/ca-certificates 595badb2fb42aba9a55d78ce40be36856b4a0f78
 system/chre daa9b56497b0c114dbfcf7ab758142a20eaeed9c
 system/connectivity/wificond 17bbcb27838fe84bfc2e830cab54a6bd8a41fa55
@ -1033,7 +1033,7 @@ system/nfc 4514f6081f3a7ffabfacd83c0330ddbc774a77d5
 system/nvram 2606a9702689543b7aa8175128ab95ae99bb4e49
 system/qcom ddd4779b4684d61dd63a6e71f3be00820ea831fd
 system/security d8fbb1f86c7405ddaa55dce780f18f5ec19f0422
-system/sepolicy 13d7037d6b7d2a8ab479f8ded85332890e96a2e6
+system/sepolicy cb1f87efbf8d56f92fe9e02eb982135395992003
 system/server_configurable_flags 08d7fdb43259537b7c1546a0b634114a7f77006b
 system/teeui 792b154128b773efae04b0395413bf0752a7a2b8
 system/testing/gtest_extras b6cb0358e15fef6377c6bd3dea30fdf2b419705e
--- a/Patches/Linux
+++ b/Patches/Linux
@ -1 +1 @@
-Subproject commit 0cda65068bc6d50ebbe4b1526de4f89770ee532f
+Subproject commit e3cb0f68d8774b58b805aae257cd512fcb72a6e6
--- a/Scripts/LineageOS-19.1/CVE_Patchers/android_kernel_xiaomi_sm8150.sh
+++ b/Scripts/LineageOS-19.1/CVE_Patchers/android_kernel_xiaomi_sm8150.sh
@ -805,6 +805,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31085/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33031/audio-kernel/0001.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33059/audio-kernel/0002.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33063/4.14/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33065/audio-kernel/0001.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33068/audio-kernel/0001.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33070/ANY/0001.patch
@ -1171,6 +1172,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42309/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42310/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42311/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42313/4.14/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43047-prereq/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43839/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43853/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43854/4.19/0005.patch
@ -1227,11 +1229,13 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47222/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33063/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.14/0009.patch
-editKernelLocalversion "-dos.p1231"
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43047-upstream/4.14/0007.patch
 editKernelLocalversion "-dos.p1235"
 else echo "kernel_xiaomi_sm8150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-19.1/Functions.sh
+++ b/Scripts/LineageOS-19.1/Functions.sh
@ -66,9 +66,8 @@ patchWorkspaceReal() {
 	verifyAllPlatformTags;
 	gpgVerifyGitHead "$DOS_BUILD_BASE/external/chromium-webview";
-	source build/envsetup.sh;
+	#source build/envsetup.sh;
 	#repopick -ift twelve-bt-sbc-hd-dualchannel;
 	repopick -it S_asb_2024-09;
 	sh "$DOS_SCRIPTS/Patch.sh";
 	sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_fairphone_sdm632.sh
@ -494,7 +494,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.14/0009.patch
-editKernelLocalversion "-dos.p494"
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43047-alt/4.9/0001.patch
 editKernelLocalversion "-dos.p495"
 else echo "kernel_fairphone_sdm632 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_google_redbull.sh
@ -221,7 +221,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32233/4.19/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33031/audio-kernel/0001.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33055/audio-kernel/0001.patch --directory=techpack/audio
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33063/4.19/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33063/4.19/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33065/audio-kernel/0001.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33079/audio-kernel/0001.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33090/audio-kernel/0001.patch --directory=techpack/audio
--- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh
+++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_oneplus_sm8150.sh
@ -761,6 +761,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-31085/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33031/audio-kernel/0001.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33059/audio-kernel/0002.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33063/4.14/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33065/audio-kernel/0001.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33068/audio-kernel/0001.patch --directory=techpack/audio
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33070/ANY/0001.patch
@ -1126,6 +1127,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42309/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42310/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42311/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42313/4.14/0008.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43047-prereq/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43839/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43853/4.19/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43854/4.19/0005.patch
@ -1181,11 +1183,13 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/4.14/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24586/4.14/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-27830/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-47222/4.14/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-33063/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-52601/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27424/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-27425/4.14/0009.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-42104/4.14/0009.patch
-editKernelLocalversion "-dos.p1185"
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43047-upstream/4.14/0007.patch
 editKernelLocalversion "-dos.p1189"
 else echo "kernel_oneplus_sm8150 is unavailable, not patching.";
 fi;
 cd "$DOS_BUILD_BASE"
		`@ -1 +1 @@`
			`Subproject commit 0cda65068bc6d50ebbe4b1526de4f89770ee532f`				`Subproject commit e3cb0f68d8774b58b805aae257cd512fcb72a6e6`