Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-05-06 08:24:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

18.1+: patch CVE-2023-4863

Browse source 
TODO:
- 17.1 uses v1.0.2, needs backport
  patch for v1.0.3: 8d9916da90

Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad 2023-09-15 14:36:07 -04:00
parent cbc5a339e6
commit cbf76ea4eb
No known key found for this signature in database
GPG key ID: B286E9F57A07424B
6 changed files with 1089 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Scripts/LineageOS-18.1/Patch.sh
View file

@ -123,6 +123,10 @@ applyPatch "$DOS_PATCHES/android_external_hardened_malloc/0001-Broken_Cameras.pa
fi;
fi;
if enterAndClear "external/webp"; then
applyPatch "$DOS_PATCHES/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
fi;
if enterAndClear "frameworks/base"; then
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)

4
Scripts/LineageOS-19.1/Patch.sh
View file

@ -126,6 +126,10 @@ sed -i '/LOCAL_MODULE/s/Camera/SecureCamera/' Android.mk; #Change module name
sed -i '11iLOCAL_OVERRIDES_PACKAGES := Camera Camera2 LegacyCamera Snap OpenCamera' Android.mk; #Replace the others
fi;
if enterAndClear "external/webp"; then
applyPatch "$DOS_PATCHES/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
fi;
if enterAndClear "frameworks/base"; then
applyPatch "$DOS_PATCHES/android_frameworks_base/344888-backport.patch"; #fixup! fw/b: Add support for allowing/disallowing apps on cellular, vpn and wifi networks (CalyxOS)
applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS)

4
Scripts/LineageOS-20.0/Patch.sh
View file

@ -123,6 +123,10 @@ sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requ
fi;
fi;
if enterAndClear "external/webp"; then
applyPatch "$DOS_PATCHES/android_external_webp/CVE-2023-4863.patch"; #Fix OOB write in BuildHuffmanTable.
fi;
if enterAndClear "frameworks/av"; then
git am $DOS_PATCHES/ASB2023-09/av-*.patch;
fi;