Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-05-25 01:21:27 -04:00
Code Issues Projects Releases Packages Wiki Activity

14.1: December 2024 ASB picks

Browse source 
Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-12-09 18:22:03 -05:00
parent 639719210a
commit b22ab2f4a5
No known key found for this signature in database
GPG key ID: E599F62ECBAEAF2E
14 changed files with 287 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Scripts/Common/Fix_CVE_Patchers.sh
View file

@ -96,7 +96,7 @@ commentPatches android_kernel_samsung_msm8930-common.sh "CVE-2017-11015/prima" "
commentPatches android_kernel_samsung_smdk4412.sh "CVE-2012-2127" "CVE-2016-8463/ANY/0001.patch";
commentPatches android_kernel_samsung_tuna.sh "CVE-2012-2127";
commentPatches android_kernel_samsung_universal8890.sh "0008-Graphene-Kernel_Hardening-ro" "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166" "CVE-2022-42896/4.9";
commentPatches android_kernel_samsung_exynos9810.sh "CVE-2020-1749" "CVE-2019-ctnl-addr-leak" "CVE-2019-18282" "CVE-2019-11599" "CVE-2022-20566" "CVE-2019-16746" "CVE-2021-45469" "CVE-2020-0305" "CVE-2021-3506/4.19" "CVE-2024-26934/4.19" "CVE-2024-26934" "CVE-2024-44944";
commentPatches android_kernel_samsung_exynos9810.sh "CVE-2020-1749" "CVE-2019-ctnl-addr-leak" "CVE-2019-18282" "CVE-2019-11599" "CVE-2022-20566" "CVE-2019-16746" "CVE-2021-45469" "CVE-2020-0305" "CVE-2021-3506/4.19" "CVE-2024-26934/4.19" "CVE-2024-26934" "CVE-2024-44944" "CVE-2024-44931";
commentPatches android_kernel_samsung_universal9810.sh "CVE-2020-1749";
commentPatches android_kernel_sony_sdm660.sh "0008-Graphene-Kernel_Hardening-canaries/4.4/0002.patch" "CVE-2019-19319" "CVE-2020-0305" "CVE-2020-8992" "CVE-2020-16166" "CVE-2021-30319";
commentPatches android_kernel_sony_sdm845.sh "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992";

2
Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh
View file

@ -1098,7 +1098,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43854/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43858/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43882/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-43893/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44931/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44939/^6.9/0001.patch
#git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44944/4.4/0008.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2024-44947/4.4/0008.patch

8
Scripts/LineageOS-14.1/Patch.sh
View file

@ -82,7 +82,7 @@ sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap
sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk;
awk -i inplace '!/Email/' target/product/core.mk; #Remove Email
awk -i inplace '!/Exchange2/' target/product/core.mk;
sed -i 's/2021-06-05/2024-11-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-11 #XXX
sed -i 's/2021-06-05/2024-12-05/' core/version_defaults.mk; #Bump Security String #n-asb-2024-12 #XXX
fi;
if enterAndClear "device/qcom/sepolicy"; then
@ -178,6 +178,8 @@ fi;
if enterAndClear "external/skia"; then
applyPatch "$DOS_PATCHES/android_external_skia/407794.patch"; #n-asb-2024-11 Avoid potential overflow when allocating 3D mask from emboss filter
applyPatch "$DOS_PATCHES/android_external_skia/410675.patch"; #n-asb-2024-12 [pdf] Bounds check in skia_alloc_func
applyPatch "$DOS_PATCHES/android_external_skia/410676.patch"; #n-asb-2024-12 Check for size overflow before allocating SkMask data
fi;
if enterAndClear "external/sonivox"; then
@ -613,6 +615,10 @@ applyPatch "$DOS_PATCHES/android_system_bt/385238.patch"; #n-asb-2024-03 Fix an
applyPatch "$DOS_PATCHES/android_system_bt/385239.patch"; #n-asb-2024-03 Fix a security bypass issue in access_secure_service_from_temp_bond
applyPatch "$DOS_PATCHES/android_system_bt/396612.patch"; #n-asb-2024-07 Fix an authentication bypass bug in SMP
applyPatch "$DOS_PATCHES/android_system_bt/399271.patch"; #n-asb-2024-08 Fix heap-buffer overflow in sdp_utils.cc
applyPatch "$DOS_PATCHES/android_system_bt/410678.patch"; #n-asb-2024-12 Fix OOB write in build_read_multi_rsp of gatt_sr.cc
applyPatch "$DOS_PATCHES/android_system_bt/410679.patch"; #n-asb-2024-12 Fix an integer underflow in build_read_multi_rsp
applyPatch "$DOS_PATCHES/android_system_bt/410680.patch"; #n-asb-2024-12 Fix an OOB bug in btif_to_bta_response and attp_build_value_cmd
applyPatch "$DOS_PATCHES/android_system_bt/410681.patch"; #n-asb-2024-12 Fix "GATT Read Multiple Variable Response" builder
applyPatch "$DOS_PATCHES/android_system_bt/229574.patch"; #bt-sbc-hd-dualchannel-nougat: Increase maximum Bluetooth SBC codec bitrate for SBC HD (ValdikSS)
applyPatch "$DOS_PATCHES/android_system_bt/229575.patch"; #bt-sbc-hd-dualchannel-nougat: Explicit SBC Dual Channel (SBC HD) support (ValdikSS)
applyPatch "$DOS_PATCHES/android_system_bt/242134.patch"; #avrc_bld_get_attrs_rsp - fix attribute length position off by one (cprhokie)

4
Scripts/LineageOS-19.1/Patch.sh
View file

@ -132,10 +132,6 @@ sed -i '/LOCAL_MODULE/s/Camera/SecureCamera/' Android.mk; #Change module name
sed -i '11iLOCAL_OVERRIDES_PACKAGES := Camera Camera2 LegacyCamera Snap OpenCamera' Android.mk; #Replace the others
fi;
if enterAndClear "external/skia"; then
git fetch https://github.com/LineageOS/android_external_skia refs/changes/54/408154/1 && git cherry-pick FETCH_HEAD; #S_asb_2024-11 Avoid potential overflow when allocating 3D mask from emboss filter
fi;
if enterAndClear "frameworks/base"; then
git revert --no-edit 83fe523914728a3674debba17a6019cb74803045; #Reverts "Allow signature spoofing for microG Companion/Services" in favor of below patch
applyPatch "$DOS_PATCHES/android_frameworks_base/344888-backport.patch"; #fixup! fw/b: Add support for allowing/disallowing apps on cellular, vpn and wifi networks (CalyxOS)