Many changes

15.1: Update CVE patchers
15.1: Add back automated build signing
14.1: Disable herolte (broken)
14.1: March 2018 Security Bulletin

Scripts/LineageOS-14.1/Functions.sh

@@ -69,7 +69,7 @@ buildAll() {
 #	brunch lineage_h815-user; - (UPSTREAM) drivers/input/touchscreen/DS5/RefCode_CustomerImplementation.c:147:1: warning: the frame size of 2064 bytes is larger than 2048 bytes
 	brunch lineage_h850-userdebug;
 	brunch lineage_hammerhead-user;
-	brunch lineage_herolte-user;
+#	brunch lineage_herolte-user; - net/netfilter/nfnetlink.c:328:14: error: 'NFNL_BATCH_FAILURE' undeclared (first use in this function)
 	brunch lineage_himaul-user;
 	brunch lineage_i9100-userdebug;
 	brunch lineage_i9305-user;

Scripts/LineageOS-14.1/Patch.sh

@@ -34,6 +34,8 @@
 #Generate firmware deblobber
 #mka firmware_deblobber
 
+#repopick -t n_asb_03-2018
+
 #
 #START OF PREPRATION
 #

Scripts/LineageOS-15.1/00init.sh

@@ -20,6 +20,9 @@
 export androidWorkspace="/mnt/Drive-3/";
 export base=$androidWorkspace"Build/LineageOS-15.1/";
 
+export SIGNING_KEY_DIR=$androidWorkspace"Signing_Keys";
+export OTA_PACKAGE_SIGNING_KEY=$SIGNING_KEY_DIR"/releasekey"
+
 export patches=$androidWorkspace"Patches/LineageOS-15.1/";
 export cvePatchesLinux=$androidWorkspace"Patches/Linux/";
 export cvePatchesAndroid=$androidWorkspace"Patches/Android/";

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh

@@ -8,6 +8,7 @@ git apply $cvePatchesLinux/CVE-2016-0774/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-7117/^4.5/0002.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0786/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-1000111/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-11473/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-12153/3.2-^3.16/0001.patch
 git apply $cvePatchesLinux/CVE-2017-13080/ANY/0002.patch
@@ -30,5 +31,5 @@ git apply $cvePatchesLinux/CVE-2017-6348/^4.9/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7533/3.4/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p30"
+editKernelLocalversion "-dos.p31"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_marlin.sh

@@ -71,6 +71,8 @@ git apply $cvePatchesLinux/CVE-2017-0627/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0866/3.18/0001.patch
 git apply $cvePatchesLinux/CVE-2017-14883/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-15649/ANY/0002.patch
+git apply $cvePatchesLinux/CVE-2017-15834/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16525/^4.13/0002.patch
 git apply $cvePatchesLinux/CVE-2017-16526/^4.13/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16530/^4.13/0001.patch
@@ -104,5 +106,5 @@ git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-14883/ANY/0001.patch
-editKernelLocalversion "-dos.p104"
+editKernelLocalversion "-dos.p106"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_msm.sh

@@ -13,6 +13,7 @@ git apply $cvePatchesLinux/CVE-2017-0710/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0751/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0786/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-1000111/ANY/0001.patch
 #git apply $cvePatchesLinux/CVE-2017-11015/prima/0001.patch
 #git apply $cvePatchesLinux/CVE-2017-11015/prima/0002.patch
 git apply $cvePatchesLinux/CVE-2017-11473/ANY/0001.patch
@@ -36,5 +37,5 @@ git apply $cvePatchesLinux/CVE-2017-8254/3.4/0001.patch
 git apply $cvePatchesLinux/CVE-2017-8254/3.4/0002.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p36"
+editKernelLocalversion "-dos.p37"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_htc_flounder.sh

@@ -63,9 +63,10 @@ git apply $cvePatchesLinux/CVE-2017-6348/^4.9/0001.patch
 git apply $cvePatchesLinux/CVE-2017-6951/^3.14/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7472/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7533/3.10/0002.patch
+git apply $cvePatchesLinux/CVE-2017-7533/3.10/0003.patch
 git apply $cvePatchesLinux/CVE-2017-9242/^4.11/0001.patch
 git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
-editKernelLocalversion "-dos.p67"
+editKernelLocalversion "-dos.p68"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_huawei_angler.sh

@@ -75,10 +75,7 @@ git apply $cvePatchesLinux/CVE-2017-11600/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-12153/3.2-^3.16/0001.patch
 git apply $cvePatchesLinux/CVE-2017-14877/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16526/^4.13/0001.patch
-git apply $cvePatchesLinux/CVE-2017-16531/^4.13/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16532/^4.13/0001.patch
-git apply $cvePatchesLinux/CVE-2017-16533/^4.13/0001.patch
-git apply $cvePatchesLinux/CVE-2017-16535/^4.13/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16537/^4.13/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch
@@ -99,6 +96,7 @@ git apply $cvePatchesLinux/CVE-2017-6348/^4.9/0001.patch
 git apply $cvePatchesLinux/CVE-2017-6951/^3.14/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7472/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7487/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-7533/3.10/0003.patch
 git apply $cvePatchesLinux/CVE-2017-8269/3.10/0002.patch
 git apply $cvePatchesLinux/CVE-2017-8280/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-9242/^4.11/0001.patch
@@ -108,5 +106,5 @@ git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-15845/ANY/0001.patch
-editKernelLocalversion "-dos.p108"
+editKernelLocalversion "-dos.p106"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_bullhead.sh

@@ -68,10 +68,7 @@ git apply $cvePatchesLinux/CVE-2017-11600/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-12153/3.2-^3.16/0001.patch
 git apply $cvePatchesLinux/CVE-2017-14877/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16526/^4.13/0001.patch
-git apply $cvePatchesLinux/CVE-2017-16531/^4.13/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16532/^4.13/0001.patch
-git apply $cvePatchesLinux/CVE-2017-16533/^4.13/0001.patch
-git apply $cvePatchesLinux/CVE-2017-16535/^4.13/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16537/^4.13/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch
@@ -92,11 +89,12 @@ git apply $cvePatchesLinux/CVE-2017-6348/^4.9/0001.patch
 git apply $cvePatchesLinux/CVE-2017-6951/^3.14/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7472/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7487/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-7533/3.10/0003.patch
 git apply $cvePatchesLinux/CVE-2017-8269/3.10/0002.patch
 git apply $cvePatchesLinux/CVE-2017-9242/^4.11/0001.patch
 git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
-editKernelLocalversion "-dos.p98"
+editKernelLocalversion "-dos.p96"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_g3.sh

@@ -13,6 +13,7 @@ git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0611/3.4/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0786/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-1000111/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-11090/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-11473/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-13215/ANY/0001.patch
@@ -31,5 +32,5 @@ git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-8246/3.4/0002.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p31"
+editKernelLocalversion "-dos.p32"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_hammerhead.sh

@@ -14,6 +14,7 @@ git apply $cvePatchesLinux/CVE-2017-0710/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0751/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0786/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-1000111/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-11089/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-11090/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-11473/ANY/0001.patch
@@ -42,5 +43,5 @@ git apply $cvePatchesLinux/CVE-2017-9242/^4.11/0001.patch
 git apply $cvePatchesLinux/CVE-2017-9684/ANY/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p42"
+editKernelLocalversion "-dos.p43"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_msm8974.sh

@@ -9,6 +9,7 @@ git apply $cvePatchesLinux/CVE-2016-0806/prima/0010.patch
 git apply $cvePatchesLinux/CVE-2016-6751/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0648/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-1000111/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-11473/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16525/^4.13/0002.patch
 git apply $cvePatchesLinux/CVE-2017-16526/^4.13/0001.patch
@@ -23,5 +24,5 @@ git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
 git apply $cvePatchesLinux/CVE-2017-7487/ANY/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p23"
+editKernelLocalversion "-dos.p24"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_moto_shamu.sh

@@ -62,10 +62,11 @@ git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-5972/ANY/0002.patch
 git apply $cvePatchesLinux/CVE-2017-6345/^4.9/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7487/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-7533/3.10/0003.patch
 git apply $cvePatchesLinux/CVE-2017-8269/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-9242/^4.11/0001.patch
 git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2016-2475/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p67"
+editKernelLocalversion "-dos.p68"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh

@@ -55,6 +55,7 @@ git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-17762/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-6345/^4.9/0001.patch
 git apply $cvePatchesLinux/CVE-2017-7533/3.10/0002.patch
+git apply $cvePatchesLinux/CVE-2017-7533/3.10/0003.patch
 git apply $cvePatchesLinux/CVE-2017-8243/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-8281/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-8281/3.10/0003.patch
@@ -63,5 +64,5 @@ git apply $cvePatchesLinux/LVT-2017-0003/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p63"
+editKernelLocalversion "-dos.p64"
 cd $base

Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_oppo_msm8974.sh

@@ -18,6 +18,7 @@ git apply $cvePatchesLinux/CVE-2017-0648/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0751/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-0786/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-1000111/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-1000380/^4.11/0001.patch
 git apply $cvePatchesLinux/CVE-2017-11000/ANY/0002.patch
 git apply $cvePatchesLinux/CVE-2017-11019/ANY/0001.patch
@@ -47,5 +48,5 @@ git apply $cvePatchesLinux/CVE-2017-9684/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-9706/ANY/0001.patch
 git apply $cvePatchesLinux/Untracked/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p47"
+editKernelLocalversion "-dos.p48"
 cd $base

Scripts/LineageOS-15.1/Patch.sh

@@ -61,7 +61,7 @@ cp -r $patches"Fennec_DOS-Shim" $base"packages/apps/"; #Add a shim to install Fe
 #optipng -strip all res*/images/*.png;
 
 enterAndClear "build/make"
-#patch -p1 < $patches"android_build/0001-Automated_Build_Signing.patch" #Automated build signing. Disclaimer: From CopperheadOS 13.0 #TODO: Rebase
+patch -p1 < $patches"android_build/0001-Automated_Build_Signing.patch" #Automated build signing. Disclaimer: From CopperheadOS 13.0
 sed -i 's/messaging/Silence/' target/product/*.mk; #Replace AOSP Messaging app with Silence
 
 enterAndClear "device/qcom/sepolicy"