diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 88bd1ff8..c8414868 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -297,7 +297,6 @@ export -f pushToServer; removeBuildFingerprints() { #Removes the stock/vendor fingerprint, allowing one to be generated instead - #XXX: Breaks existing installs! find device -maxdepth 3 -name "lineage*.mk" -type f -exec sh -c "awk -i inplace '!/BUILD_FINGERPRINT/' {}" \; find device -maxdepth 3 -name "lineage*.mk" -type f -exec sh -c "awk -i inplace '!/PRIVATE_BUILD_DESC/' {}" \; echo "Removed stock build fingerprints"; diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 1106a370..c4b1212c 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -303,6 +303,7 @@ if [ "$DOS_STRONG_ENCRYPTION_ENABLED" = true ]; then find "device" -maxdepth 2 - find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"'; cd "$DOS_BUILD_BASE"; deblobAudio; +removeBuildFingerprints; #Fixes #Fix broken options enabled by hardenDefconfig() diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 0d7893a7..7a4bba39 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -254,6 +254,7 @@ if [ "$DOS_STRONG_ENCRYPTION_ENABLED" = true ]; then find "device" -maxdepth 2 - find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"'; cd "$DOS_BUILD_BASE"; deblobAudio; +removeBuildFingerprints; #Fix broken options enabled by hardenDefconfig() sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 1f4ed489..3a987c1c 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -289,6 +289,7 @@ if [ "$DOS_STRONG_ENCRYPTION_ENABLED" = true ]; then find "device" -maxdepth 2 - find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"'; cd "$DOS_BUILD_BASE"; deblobAudio; +removeBuildFingerprints; #Fix broken options enabled by hardenDefconfig() sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/asus/msm8953/arch/arm64/configs/*_defconfig; #Breaks on compile diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh index 73be0767..4daa69e9 100644 --- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh +++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh @@ -89,10 +89,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch +git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-12352/ANY/0011.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch -editKernelLocalversion "-dos.p94" +editKernelLocalversion "-dos.p95" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index 204572f2..e66ae00d 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -84,7 +84,6 @@ enterAndClear "frameworks/av"; if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_av/0001-HM_A2DP_Fix.patch"; fi; #(GrapheneOS) enterAndClear "frameworks/base"; -git revert --no-edit 2fb8dda77a5942ebef1ecc70df7b5e506cbb5681; hardenLocationFWB "$DOS_BUILD_BASE"; #XXX 17REBASE hardenLocationConf services/core/java/com/android/server/location/gps_debug.conf; sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox @@ -103,7 +102,7 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS) patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #don't send IMSI to SUPL (MSe) patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #enable fingerprint failed lockout after 5 attempts (GrapheneOS) -#sed -i '295i\ packageList.add("net.sourceforge.opencamera");' core/java/android/hardware/Camera.java; #add Open Camera to aux camera whitelist +#sed -i '295i\ packageList.add("net.sourceforge.opencamera");' core/java/android/hardware/Camera.java; #add Open Camera to aux camera whitelist #XXX: breaks boot? if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS) rm -rf packages/OsuLogin; #Automatic Wi-Fi connection non-sense rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps @@ -308,6 +307,7 @@ if [ "$DOS_STRONG_ENCRYPTION_ENABLED" = true ]; then find "device" -maxdepth 2 - find "kernel" -maxdepth 2 -mindepth 2 -type d -print0 | xargs -0 -n 1 -P 4 -I {} bash -c 'hardenDefconfig "{}"'; cd "$DOS_BUILD_BASE"; deblobAudio; +removeBuildFingerprints; #Fix broken options enabled by hardenDefconfig() sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile