From c26b3e95c7d2e4c5d4942248d674b75c94c7819d Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 5 Apr 2020 14:05:17 -0400 Subject: [PATCH] Minor tweaks - Cherry pick PPP/CVE-2020-8597 patches - Add some more DNS providers - Switch default DNS to Cloudflare's new malware blocking provider - GCC 10 build fix - Update CVE patchers (select) --- Patches/Linux | 2 +- PrebuiltApps | 2 +- Scripts/Common/Functions.sh | 22 ++++++++++++++++++- .../android_kernel_motorola_msm8992.sh | 3 ++- Scripts/LineageOS-14.1/Functions.sh | 1 - Scripts/LineageOS-14.1/Patch.sh | 6 +++++ Scripts/LineageOS-15.1/Functions.sh | 3 +-- Scripts/LineageOS-15.1/Patch.sh | 6 +++++ .../android_kernel_essential_msm8998.sh | 2 +- .../android_kernel_google_marlin.sh | 3 ++- .../CVE_Patchers/android_kernel_moto_shamu.sh | 5 +++-- .../android_kernel_oneplus_msm8998.sh | 3 ++- .../android_kernel_samsung_msm8974.sh | 9 +++----- Scripts/LineageOS-16.0/Functions.sh | 3 +-- Scripts/LineageOS-16.0/Patch.sh | 8 ++++++- Scripts/init.sh | 5 +---- 16 files changed, 58 insertions(+), 25 deletions(-) diff --git a/Patches/Linux b/Patches/Linux index e228ea60..7a9c4afb 160000 --- a/Patches/Linux +++ b/Patches/Linux @@ -1 +1 @@ -Subproject commit e228ea60cc28d624a4de3b378377a4313098a78f +Subproject commit 7a9c4afb7c2de10b84e89421ca96a0b27f2fd165 diff --git a/PrebuiltApps b/PrebuiltApps index 93702842..560bcf83 160000 --- a/PrebuiltApps +++ b/PrebuiltApps @@ -1 +1 @@ -Subproject commit 93702842d86914e6917ae7665c8a932db023710a +Subproject commit 560bcf83f466b8841cb5456ba38ada91bdec65e1 diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 77c99a48..de1a058a 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -464,7 +464,17 @@ changeDefaultDNS() { local dnsSecondary=""; local dnsSecondaryV6=""; if [ -z "$DNS_PRESET" ]; then - if [[ "$DOS_DEFAULT_DNS_PRESET" == "CensurfriDNS" ]]; then #https://uncensoreddns.org + if [[ "$DOS_DEFAULT_DNS_PRESET" == "AdGuard" ]]; then #https://adguard.com/en/adguard-dns/overview.html + dnsPrimary="176.103.130.130"; + dnsPrimaryV6="2a00:5a60::ad1:0ff"; + dnsSecondary="176.103.130.131"; + dnsSecondaryV6="2a00:5a60::ad2:0ff"; + elif [[ "$DOS_DEFAULT_DNS_PRESET" == "AdGuard-NOBL" ]]; then #https://adguard.com/en/adguard-dns/overview.html + dnsPrimary="176.103.130.136"; + dnsPrimaryV6="2a00:5a60::01:ff"; + dnsSecondary="176.103.130.137"; + dnsSecondaryV6="2a00:5a60::02:ff"; + elif [[ "$DOS_DEFAULT_DNS_PRESET" == "CensurfriDNS" ]]; then #https://uncensoreddns.org dnsPrimary="91.239.100.100"; dnsPrimaryV6="2001:67c:28a4::"; dnsSecondary="89.233.43.71"; @@ -474,6 +484,11 @@ changeDefaultDNS() { dnsPrimaryV6="2606:4700:4700::1001"; dnsSecondary="1.1.1.1"; dnsSecondaryV6="2606:4700:4700::1111"; + elif [[ "$DOS_DEFAULT_DNS_PRESET" == "Cloudflare-BL" ]]; then #https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy + dnsPrimary="1.0.0.2"; + dnsPrimaryV6="2606:4700:4700::1002"; + dnsSecondary="1.1.1.2"; + dnsSecondaryV6="2606:4700:4700::1112"; elif [[ "$DOS_DEFAULT_DNS_PRESET" == "OpenNIC" ]]; then #https://servers.opennicproject.org/edit.php?srv=ns3.any.dns.opennic.glue dnsPrimary="169.239.202.202"; #FIXME dnsPrimaryV6="2a05:dfc7:5353::53"; @@ -499,6 +514,11 @@ changeDefaultDNS() { dnsPrimaryV6="2610:a1:1018::5"; dnsSecondary="156.154.71.5"; dnsSecondaryV6="2610:a1:1019::5"; + elif [[ "$DOS_DEFAULT_DNS_PRESET" == "NixNet" ]]; then #https://docs.nixnet.services/DNS + dnsPrimary="198.251.90.114"; + dnsPrimaryV6="2605:6400:20:e6d::1"; + dnsSecondary="198.251.90.114"; + dnsSecondaryV6="2605:6400:30:f881::1"; elif [[ "$DOS_DEFAULT_DNS_PRESET" == "OpenDNS" ]]; then #https://www.cisco.com/c/en/us/about/legal/privacy-full.html dnsPrimary="208.67.222.222"; dnsPrimaryV6="2620:0:ccc::2"; diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh index 196a1994..1e9212f3 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh @@ -332,6 +332,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2101/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2331/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch @@ -339,5 +340,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-15845/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8281/3.10/0003.patch -editKernelLocalversion "-dos.p339" +editKernelLocalversion "-dos.p340" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index 0d8e567c..83ad114e 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -121,7 +121,6 @@ patchWorkspace() { repopick -it n-netd; repopick -i 268803 268804; #sqlite vulns repopick -it n-asb-2020-03; - repopick -it CVE-2020-8597_cm-14.1; export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 7360f427..1955bf0b 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -75,6 +75,10 @@ enterAndClear "device/qcom/sepolicy"; patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/248649.patch"; #msm_irqbalance: Allow read for stats and interrupts patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #Fix camera on user builds XXX: REMOVE THIS TRASH +enterAndClear "external/ppp"; +git fetch "https://github.com/LineageOS/android_external_ppp" refs/changes/64/270364/1 && git cherry-pick FETCH_HEAD; #CVE-2020-8597_cm-14.1 +git fetch "https://github.com/LineageOS/android_external_ppp" refs/changes/65/270365/1 && git cherry-pick FETCH_HEAD; + enterAndClear "external/sqlite"; patch -p1 < "$DOS_PATCHES/android_external_sqlite/0001-Secure_Delete.patch"; #Enable secure_delete by default (CopperheadOS-13.0) @@ -306,6 +310,8 @@ sed -i "s/CONFIG_ARM_SMMU=y/# CONFIG_ARM_SMMU is not set/" kernel/motorola/msm89 awk -i inplace '!/nfc_enhanced.mk/' device/samsung/toro*/lineage.mk; awk -i inplace '!/TARGET_RECOVERY_UPDATER_LIBS/' device/samsung/toro*/BoardConfig.mk; awk -i inplace '!/TARGET_RELEASETOOLS_EXTENSIONS/' device/samsung/toro*/BoardConfig.mk; + +sed -i 's/YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10 # #END OF DEVICE CHANGES # diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 5a033d9c..5342ed1d 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -104,8 +104,7 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - source build/envsetup.sh; - repopick -it CVE-2020-8597_lineage-15.1; + #source build/envsetup.sh; export DOS_GRAPHENE_MALLOC=false; #patches apply, compile fails diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index ec5c5f73..d0e820fb 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -81,6 +81,10 @@ git revert --no-edit c9b0d95630b82cd0ad1a0fc633c6d59c2cb8aad7 37422f7df389f3ae5a enterAndClear "device/qcom/sepolicy"; patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH +enterAndClear "external/ppp"; +git fetch "https://github.com/LineageOS/android_external_ppp" refs/changes/62/270362/1 && git cherry-pick FETCH_HEAD; #CVE-2020-8597_lineage-15.1 +git fetch "https://github.com/LineageOS/android_external_ppp" refs/changes/63/270363/1 && git cherry-pick FETCH_HEAD; + enterAndClear "external/svox"; git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles @@ -266,6 +270,8 @@ sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" ker sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/motorola/msm8974/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8996/arch/arm64/configs/*_defconfig; #Breaks on compile sed -i "s/CONFIG_RANDOMIZE_BASE=y/# CONFIG_RANDOMIZE_BASE is not set/" kernel/samsung/universal9810/arch/arm64/configs/*_defconfig; #Breaks on compile + +sed -i 's/YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10 # #END OF DEVICE CHANGES # diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_essential_msm8998.sh index f7515b3a..9e3eb2cf 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_essential_msm8998.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_essential_msm8998.sh @@ -2,7 +2,6 @@ cd "$DOS_BUILD_BASE""kernel/essential/msm8998" git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch -git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0004.patch @@ -18,6 +17,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch +git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh index 64531a5f..3c4ccb10 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_marlin.sh @@ -163,6 +163,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2290/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3460/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0002-ozwpan-Use-unsigned-ints-to-prevent-heap-overflow.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0005-tcp-fix-zero-cwnd-in-tcp_cwnd_reduction.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5853/3.18/0002.patch @@ -171,5 +172,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch -editKernelLocalversion "-dos.p171" +editKernelLocalversion "-dos.p172" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_moto_shamu.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_moto_shamu.sh index 4a60e5aa..d7a558a7 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_moto_shamu.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_moto_shamu.sh @@ -115,7 +115,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17133/^5.3.2/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch @@ -126,6 +125,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19966/^5.1.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/LVT-2017-0003/3.10/0001.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/1035495_0001-cnss-Add-NULL-check-for-PM-related-APIs.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch @@ -133,5 +134,5 @@ git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-ch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch -editKernelLocalversion "-dos.p133" +editKernelLocalversion "-dos.p134" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh index 884afe27..09ae1a82 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oneplus_msm8998.sh @@ -112,9 +112,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-3459/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-7222/^4.20.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13096/^4.17.3/0001.patch -editKernelLocalversion "-dos.p116" +editKernelLocalversion "-dos.p117" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_msm8974.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_msm8974.sh index 537221ae..27b2fa11 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_msm8974.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_msm8974.sh @@ -1,8 +1,6 @@ #!/bin/bash cd "$DOS_BUILD_BASE""kernel/samsung/msm8974" git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0009.patch -git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/^3.6/0003.patch @@ -76,19 +74,18 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10142/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15216/^5.0.14/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-18806/^5.3.5/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19066/^5.3.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19073/^5.3.11/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19074/^5.3.11/0001.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19527/^5.2.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20054/^5.0.6/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-20096/^5.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2054/ANY/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8649/^5.5.2/0001.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-9383/^5.5.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch -editKernelLocalversion "-dos.p90" +editKernelLocalversion "-dos.p87" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh index 1620eef2..f7ee70df 100644 --- a/Scripts/LineageOS-16.0/Functions.sh +++ b/Scripts/LineageOS-16.0/Functions.sh @@ -117,8 +117,7 @@ export -f buildAll; patchWorkspace() { if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - source build/envsetup.sh; - repopick -it CVE-2020-8597_lineage-16.0; + #source build/envsetup.sh; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS/Defaults.sh"; diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index cb4b738f..e85ac5b7 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -65,7 +65,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bio enterAndClear "bootable/recovery"; git revert --no-edit 4d361ff13b5bd61d5a6a5e95063b24b8a37a24ab; #Always enforcing -git revert --no-edit 865c6c770816f6e8099d6d93e04aeea35091a9d6; #Remove sideload cache, breaks with large files +git revert --no-edit 3f55a863ac34969f95bfb38641747d2fd9939630 865c6c770816f6e8099d6d93e04aeea35091a9d6; #Remove sideload cache, breaks with large files git revert --no-edit 37d729bf; #Fix USB on most devices git revert --no-edit fe2901b144c515c5a90b547198aed37c209b5a82; #Resurrect dm-verity sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys @@ -82,6 +82,10 @@ enterAndClear "device/qcom/sepolicy-legacy"; patch -p1 < "$DOS_PATCHES/android_device_qcom_sepolicy-legacy/0001-Camera_Fix.patch"; #Fix camera on -user builds XXX: REMOVE THIS TRASH echo "SELINUX_IGNORE_NEVERALLOWS := true" >> sepolicy.mk; #necessary for -user builds of legacy devices +enterAndClear "external/ppp"; +git fetch "https://github.com/LineageOS/android_external_ppp" refs/changes/60/270360/1 && git cherry-pick FETCH_HEAD; #CVE-2020-8597_lineage-16.0 +git fetch "https://github.com/LineageOS/android_external_ppp" refs/changes/61/270361/1 && git cherry-pick FETCH_HEAD; + enterAndClear "external/svox"; git revert --no-edit 1419d63b4889a26d22443fd8df1f9073bf229d3d; #Add back Makefiles sed -i '12iLOCAL_SDK_VERSION := current' pico/Android.mk; #Fix build under Pie @@ -314,6 +318,8 @@ sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/lge/ma sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/motorola/msm8974/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/motorola/msm8996/arch/arm64/configs/*_defconfig; #Breaks on compile sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/oneplus/msm8996/arch/arm64/configs/lineageos_*_defconfig; #Breaks on compile + +sed -i 's/YYLTYPE yylloc;/extern YYLTYPE yylloc;/' kernel/*/*/scripts/dtc/dtc-lexer.l*; #Fix builds with GCC 10 # #END OF DEVICE CHANGES # diff --git a/Scripts/init.sh b/Scripts/init.sh index c57cb9fd..3c033cff 100644 --- a/Scripts/init.sh +++ b/Scripts/init.sh @@ -60,7 +60,7 @@ export DOS_STRONG_ENCRYPTION_ENABLED=false; #Switch to true to enable AES-256bit export DOS_WIREGUARD_INCLUDED=false; #Switch to true to enable WireGuard kernel module inclusion #Servers -export DOS_DEFAULT_DNS_PRESET="Cloudflare"; #Sets default DNS. Options: CensurfriDNS, Cloudflare, OpenNIC, DNSWATCH, Google, Neustar(-NOBL), OpenDNS, Quad9(-NOBL), Verisign, Yandex(-NOBL) +export DOS_DEFAULT_DNS_PRESET="Cloudflare-BL"; #Sets default DNS. Options: See changeDefaultDNS() in Scripts/Common/Functions.sh export DOS_GPS_NTP_SERVER="1.android.pool.ntp.org"; #Options: Any NTP pool export DOS_GPS_SUPL_HOST="supl.google.com"; #Options: supl.{google,vodafone,sonyericsson}.com @@ -125,9 +125,6 @@ if [ ! -d "$DOS_BUILD_BASE" ]; then return 1; fi; -mkdir $DOS_BUILD_BASE"/out"; -chattr -f -c $DOS_BUILD_BASE"/out"; - export DOS_TMP_DIR="/tmp/dos_tmp"; mkdir -p "$DOS_TMP_DIR"; export DOS_HOSTS_FILE="$DOS_TMP_DIR/hosts";