mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-06-26 14:42:13 +00:00
Small updates
- recovery: abort on serial number specific updates, credit: GrapheneOS - Add lists of missing CVEs - Update cherrypicks
This commit is contained in:
Tad
parent
0808ac1fd0
commit
bca6af1516
32
Misc/Missing_CVEs.txt
Normal file
32
Misc/Missing_CVEs.txt
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
https://github.com/bobfuzzer/CVE
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2017-6247
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2017-6248
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2019-12881
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2019-15126
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2019-20794
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2019-9501
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2019-9502
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-0068
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-0220
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-0221
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-0261
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-10708
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-10774
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-11201
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-11202
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-11206
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-11207
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-11208
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-11211
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-24394
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-3623
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-3625
|
||||
https://nvd.nist.gov/vuln/detail/CVE-2020-3648
|
||||
|
||||
andi34 cve typos
|
||||
CVE-2014-0169 -> CVE-2014-0196
|
||||
CVE-2015-0565 -> CVE-2015-0569
|
||||
CVE-2015-8492 -> CVE-2015-8942
|
||||
CVE-2016-0430 -> CVE-2017-0430
|
||||
CVE-2016-0510 -> CVE-2017-0510
|
||||
CVE-2016-0525 -> CVE-2017-0525
|
||||
11
Misc/Potentially_Missed_CVEs.txt
Normal file
11
Misc/Potentially_Missed_CVEs.txt
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
CVE-2017-15841
|
||||
CVE-2017-18131
|
||||
CVE-2017-18157
|
||||
CVE-2017-18173
|
||||
CVE-2017-18274
|
||||
CVE-2017-18275
|
||||
CVE-2017-18276
|
||||
CVE-2017-18278
|
||||
CVE-2017-18279
|
||||
|
||||
https://source.android.com/security/bulletin/pixel/2019-09-01
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
From 1b25d8a9ffb75767419cc0ab80569f44155bb166 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 19 Aug 2020 09:31:04 -0400
|
||||
Subject: [PATCH] reject updates with serialno constraints
|
||||
|
||||
---
|
||||
install.cpp | 17 ++---------------
|
||||
1 file changed, 2 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/install.cpp b/install.cpp
|
||||
index db5792b8..25df53a3 100644
|
||||
--- a/install.cpp
|
||||
+++ b/install.cpp
|
||||
@@ -159,23 +159,10 @@ static int check_newer_ab_build(ZipArchiveHandle zip) {
|
||||
return INSTALL_ERROR;
|
||||
}
|
||||
|
||||
- // We allow the package to not have any serialno; and we also allow it to carry multiple serial
|
||||
- // numbers split by "|"; e.g. serialno=serialno1|serialno2|serialno3 ... We will fail the
|
||||
- // verification if the device's serialno doesn't match any of these carried numbers.
|
||||
- value = android::base::GetProperty("ro.serialno", "");
|
||||
const std::string& pkg_serial_no = metadata["serialno"];
|
||||
if (!pkg_serial_no.empty()) {
|
||||
- bool match = false;
|
||||
- for (const std::string& number : android::base::Split(pkg_serial_no, "|")) {
|
||||
- if (value == android::base::Trim(number)) {
|
||||
- match = true;
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- if (!match) {
|
||||
- LOG(ERROR) << "Package is for serial " << pkg_serial_no;
|
||||
- return INSTALL_ERROR;
|
||||
- }
|
||||
+ LOG(ERROR) << "Serial number constraint not permitted: " << pkg_serial_no;
|
||||
+ return INSTALL_ERROR;
|
||||
}
|
||||
|
||||
if (metadata["ota-type"] != "AB") {
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From 9412877c6f5303f9e658144e99eadde604dafbd0 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Wed, 19 Aug 2020 09:31:04 -0400
|
||||
Subject: [PATCH] reject updates with serialno constraints
|
||||
|
||||
---
|
||||
install/install.cpp | 16 ++--------------
|
||||
1 file changed, 2 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/install/install.cpp b/install/install.cpp
|
||||
index 9203ef0e..308aca49 100644
|
||||
--- a/install/install.cpp
|
||||
+++ b/install/install.cpp
|
||||
@@ -205,22 +205,10 @@ int CheckPackageMetadata(const std::map<std::string, std::string>& metadata, Ota
|
||||
return INSTALL_ERROR;
|
||||
}
|
||||
|
||||
- // We allow the package to not have any serialno; and we also allow it to carry multiple serial
|
||||
- // numbers split by "|"; e.g. serialno=serialno1|serialno2|serialno3 ... We will fail the
|
||||
- // verification if the device's serialno doesn't match any of these carried numbers.
|
||||
auto pkg_serial_no = get_value(metadata, "serialno");
|
||||
if (!pkg_serial_no.empty()) {
|
||||
- auto device_serial_no = android::base::GetProperty("ro.serialno", "");
|
||||
- bool serial_number_match = false;
|
||||
- for (const auto& number : android::base::Split(pkg_serial_no, "|")) {
|
||||
- if (device_serial_no == android::base::Trim(number)) {
|
||||
- serial_number_match = true;
|
||||
- }
|
||||
- }
|
||||
- if (!serial_number_match) {
|
||||
- LOG(ERROR) << "Package is for serial " << pkg_serial_no;
|
||||
- return INSTALL_ERROR;
|
||||
- }
|
||||
+ LOG(ERROR) << "Serial number constraint not permitted: " << pkg_serial_no;
|
||||
+ return INSTALL_ERROR;
|
||||
}
|
||||
|
||||
if (ota_type == OtaType::AB) {
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit 88a1dd1db25f2cf5cb6bf089b72d03a472e037c7
|
||||
Subproject commit 369d4837cfd82cf158eafef111430dd47b5902f6
|
||||
|
|
@ -33,7 +33,7 @@ commentPatches android_kernel_asus_grouper.sh "CVE-2017-15868";
|
|||
commentPatches android_kernel_asus_msm8916.sh "CVE-2018-13913/ANY/0001.patch";
|
||||
commentPatches android_kernel_asus_msm8953.sh "CVE-2017-13162/3.18/0001.patch";
|
||||
commentPatches android_kernel_cyanogen_msm8916.sh "CVE-2018-13913/ANY/0001.patch";
|
||||
commentPatches android_kernel_essential_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0018.patch" "CVE-2017-13218/4.4/0026.patch" "CVE-2019-14047/ANY/0002.patch";
|
||||
commentPatches android_kernel_essential_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2017-13218/4.4/0026.patch" "CVE-2019-14047/ANY/0002.patch";
|
||||
commentPatches android_kernel_fxtec_msm8998.sh "CVE-2019-11599" "CVE-2019-16746" "CVE-2019-18282" "CVE-2019-19319" "CVE-2019-ctnl-addr-leak" "CVE-2020-1749" "CVE-2020-8992";
|
||||
commentPatches android_kernel_google_bonito.sh "CVE-2020-0067";
|
||||
commentPatches android_kernel_google_dragon.sh "CVE-2015-4167/^3.19.1/0001.patch";
|
||||
|
|
@ -52,12 +52,12 @@ commentPatches android_kernel_motorola_msm8996.sh "0001-LinuxIncrementals/3.18/3
|
|||
commentPatches android_kernel_nextbit_msm8992.sh "CVE-2018-3585/3.10/0001.patch";
|
||||
commentPatches android_kernel_oneplus_msm8994.sh "CVE-2018-3585/3.10/0001.patch";
|
||||
commentPatches android_kernel_oneplus_msm8996.sh "CVE-2017-13162/3.18/0001.patch" "CVE-2019-14070/ANY/0006.patch";
|
||||
commentPatches android_kernel_oneplus_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0010.patch" "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0013.patch" "0008-Graphene-Kernel_Hardening/4.4/0018.patch" "CVE-2019-11599";
|
||||
commentPatches android_kernel_oneplus_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-11599";
|
||||
commentPatches android_kernel_oneplus_sm8150.sh "CVE-2019-16746" "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-8992";
|
||||
commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0010.patch" "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0013.patch" "CVE-2019-14070/ANY/0005.patch";
|
||||
commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "CVE-2019-14070/ANY/0005.patch";
|
||||
commentPatches android_kernel_samsung_smdk4412.sh "CVE-2016-8463/ANY/0001.patch";
|
||||
commentPatches android_kernel_samsung_universal8890.sh "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972";
|
||||
commentPatches android_kernel_samsung_universal9810.sh "CVE-2020-1749";
|
||||
commentPatches android_kernel_yandex_sdm660.sh "CVE-2019-11599" "CVE-2019-14070/ANY/0005.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992";
|
||||
commentPatches android_kernel_zte_msm8930.sh "CVE-2015-2922/^3.19.6/0001.patch" "CVE-2017-11015/prima";
|
||||
commentPatches android_kernel_zuk_msm8996.sh "0008-Graphene-Kernel_Hardening/4.4/0010.patch" "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0013.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992";
|
||||
commentPatches android_kernel_zuk_msm8996.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992";
|
||||
|
|
|
|||
|
|
@ -141,8 +141,8 @@ audit2allowADB() {
|
|||
export -f audit2allowADB;
|
||||
|
||||
processRelease() {
|
||||
#Credit: GrapheneOS
|
||||
#https://github.com/GrapheneOS/script/blob/pie/release.sh
|
||||
#Partial Credit: GrapheneOS
|
||||
#https://github.com/GrapheneOS/script/blob/10/release.sh
|
||||
local DEVICE="$1";
|
||||
local BLOCK="$2";
|
||||
local VERITY="$3";
|
||||
|
|
@ -166,6 +166,7 @@ processRelease() {
|
|||
--replace_verity_keyid "$KEY_DIR/verity.x509.pem");
|
||||
echo -e "\e[0;32m\t+ Verified Boot 1.0\e[0m";
|
||||
elif [[ "$VERITY" == "avb" ]]; then
|
||||
#TODO: Verify if both SHA512 and RSA4096 is always supported
|
||||
local VERITY_SWITCHES=(--avb_vbmeta_key "$KEY_DIR/avb.pem" \
|
||||
--avb_vbmeta_algorithm SHA512_RSA4096 \
|
||||
--avb_system_key "$KEY_DIR/avb.pem" \
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bio
|
|||
enterAndClear "bootable/recovery";
|
||||
git revert --no-edit 3c0d796b79c7a1ee904e0cef7c0f2e20bf84c237; #remove sideload cache, breaks with large files
|
||||
patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-Squash_Menus.patch"; #What's a back button?
|
||||
sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' recovery.cpp; #Abort on serial number specific packages (GrapheneOS)
|
||||
|
||||
enterAndClear "build";
|
||||
patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@ enterAndClear "bootable/recovery";
|
|||
git revert --no-edit eb98fde70a6e54a25408eb8c626caecf7841c5df; #remove sideload cache, breaks with large files
|
||||
git revert --no-edit ac258a4f4c4b4b91640cc477ad1ac125f206db02; #Resurrect dm-verity
|
||||
sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' recovery.cpp; #Abort on serial number specific packages (GrapheneOS)
|
||||
|
||||
enterAndClear "build/make";
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@ git revert --no-edit 3f55a863ac34969f95bfb38641747d2fd9939630 865c6c770816f6e809
|
|||
git revert --no-edit 37d729bf; #Fix USB on most devices
|
||||
git revert --no-edit fe2901b144c515c5a90b547198aed37c209b5a82; #Resurrect dm-verity
|
||||
sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys
|
||||
patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch"; #Abort on serial number specific packages (GrapheneOS)
|
||||
|
||||
enterAndClear "build/make";
|
||||
git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
|
||||
|
|
|
|||
|
|
@ -15,7 +15,8 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0003.patch
|
||||
|
|
@ -90,5 +91,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0010.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0005.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
|
||||
editKernelLocalversion "-dos.p90"
|
||||
editKernelLocalversion "-dos.p91"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
|
||||
|
|
|
|||
|
|
@ -3,14 +3,15 @@ cd "$DOS_BUILD_BASE""kernel/zuk/msm8996"
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0209-0210.patch --exclude=Makefile
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0003.patch
|
||||
|
|
@ -117,5 +118,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14416/4.4/0005.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/4.4/0004.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-UNKNOWN/ANY/0001.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-UNKNOWN/ANY/0002.patch
|
||||
editKernelLocalversion "-dos.p117"
|
||||
editKernelLocalversion "-dos.p118"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -117,7 +117,8 @@ patchWorkspace() {
|
|||
|
||||
source build/envsetup.sh;
|
||||
repopick -i 285265; #update webview
|
||||
#repopick -i 285125; #HOSTS cache
|
||||
repopick -i 285125; #HOSTS cache
|
||||
repopick -i 285363; #fix building kernels with a much newer host kernel
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
|
||||
|
|
|
|||
|
|
@ -56,6 +56,10 @@ gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packa
|
|||
cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
|
||||
cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
|
||||
|
||||
enterAndClear "bootable/recovery";
|
||||
git checkout 53fd25482; #XXX: TEMPORARY!
|
||||
patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch"; #Abort on serial number specific packages (GrapheneOS)
|
||||
|
||||
enterAndClear "bionic";
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0002-Symbol_Ordering.patch"; fi; #(GrapheneOS)
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@
|
|||
echo "Rebranding...";
|
||||
|
||||
enter "bootable/recovery";
|
||||
git checkout 53fd25482; #XXX: TEMPORARY!
|
||||
git revert --no-edit 2e0e35734f65035d24014dcce7aceda6e4b1e222 1423e5792837f204e535efd75fd44a2970899a7d 7e46bc14b15fdeabfd16871137f403f89486b83c;
|
||||
sed -i 's/if (lineage_logo_/if (false/' recovery_ui/*ui.cpp;
|
||||
mogrify -format png -fill "#FF5722" -opaque "#167C80" -fuzz 10% res-*/images/*sel.png; #Recolor icons
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user