Misc changes

2025-01-11 23:49:34 -05:00 · 2018-01-03 21:55:04 -05:00 · 2018-01-03 21:55:04 -05:00 · e5cbc542ea
commit e5cbc542ea
parent 9e24a92b89
6 changed files with 16 additions and 2 deletions
--- a/Manifests/Manifest_LAOS-14.1.xml
+++ b/Manifests/Manifest_LAOS-14.1.xml
@ -23,6 +23,7 @@
 	<remove-project name="LineageOS/android_packages_apps_LockClock" />
 	<remove-project name="LineageOS/android_packages_apps_ManagedProvisioning" />
 	<remove-project name="LineageOS/android_packages_apps_OpenWeatherMapProvider" />
+	<remove-project name="LineageOS/android_packages_apps_Snap" />
 	<remove-project name="LineageOS/android_packages_apps_Stk" />
 	<remove-project name="LineageOS/android_packages_apps_Terminal" />
 	<remove-project name="LineageOS/android_packages_apps_TV" />
--- a/Misc/Spectre.txt
+++ b/Misc/Spectre.txt
@ -0,0 +1,11 @@
+0001-BACKPORT-arm64-Add-CNTVCT_EL0-trap-handler.patch
+BACKPORT: arm64: Add CNTVCT_EL0 trap handler
+
+0002-BACKPORT-arm64-Add-CNTFRQ_EL0-trap-handler.patch
+BACKPORT: arm64: Add CNTFRQ_EL0 trap handler
+
+0003-arm64-issue-isb-when-trapping-CNTVCT_EL0-access.patch
+arm64: issue isb when trapping CNTVCT_EL0 access
+
+0004-clocksource-arch_timer-make-virtual-counter-access-c.patch
+clocksource: arch_timer: make virtual counter access-c
--- a/Patches/Linux
+++ b/Patches/Linux
@ -1 +1 @@
-Subproject commit a815f2aa1c5f0d18981412b01feb21957c737867
+Subproject commit dc61bc4827bcaf29c0f06397585b11a94814e5e4
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8992.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8992.sh
@ -104,6 +104,7 @@ git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch
 git apply $cvePatchesLinux/CVE-2017-16643/3.5+/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16645/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16650/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16939/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh
@ -121,6 +121,7 @@ git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch
 git apply $cvePatchesLinux/CVE-2017-16643/3.5+/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16645/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16650/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16939/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@ -119,7 +119,7 @@ hardenDefconfig() {

 	#Enable supported options
 	#Disabled: CONFIG_DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
-	declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_BUG" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGINS" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP_FILTER" "CONFIG_SECCOMP" "CONFIG_SECURITY" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT")
+	declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_BUG" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGINS" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP_FILTER" "CONFIG_SECCOMP" "CONFIG_SECURITY" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT" "CONFIG_PAGE_TABLE_ISOLATION" "CONFIG_UNMAP_KERNEL_AT_EL0" "CONFIG_KAISER")
 	for option in "${optionsYes[@]}"
 	do
 		sed -i 's/# '$option' is not set/'$option'=y/' $defconfigPath &>/dev/null || true;