From f3d02b9c46e7e7cb920d3ef9dbbdd4fb5df8bd1d Mon Sep 17 00:00:00 2001 From: Tavi Date: Wed, 18 Dec 2024 10:59:40 -0500 Subject: [PATCH] 16.0: Reconcile picks no effective change Signed-off-by: Tavi --- .../{410675-backport.patch => 411932.patch} | 6 +++--- .../{410676-backport.patch => 411933.patch} | 8 +++----- .../{411487.patch => 411934.patch} | 12 ++++++------ .../android_system_bt/{411488.patch => 411935.patch} | 7 ++++--- .../{411489-backport.patch => 411936.patch} | 6 +++--- .../android_system_bt/{411490.patch => 411937.patch} | 6 +++--- Scripts/LineageOS-16.0/Patch.sh | 12 ++++++------ 7 files changed, 28 insertions(+), 29 deletions(-) rename Patches/LineageOS-16.0/android_external_skia/{410675-backport.patch => 411932.patch} (90%) rename Patches/LineageOS-16.0/android_external_skia/{410676-backport.patch => 411933.patch} (87%) rename Patches/LineageOS-16.0/android_frameworks_base/{411487.patch => 411934.patch} (83%) rename Patches/LineageOS-16.0/android_system_bt/{411488.patch => 411935.patch} (89%) rename Patches/LineageOS-16.0/android_system_bt/{411489-backport.patch => 411936.patch} (93%) rename Patches/LineageOS-16.0/android_system_bt/{411490.patch => 411937.patch} (87%) diff --git a/Patches/LineageOS-16.0/android_external_skia/410675-backport.patch b/Patches/LineageOS-16.0/android_external_skia/411932.patch similarity index 90% rename from Patches/LineageOS-16.0/android_external_skia/410675-backport.patch rename to Patches/LineageOS-16.0/android_external_skia/411932.patch index 457c1962..36b25d72 100644 --- a/Patches/LineageOS-16.0/android_external_skia/410675-backport.patch +++ b/Patches/LineageOS-16.0/android_external_skia/411932.patch @@ -1,7 +1,7 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 8c22b48c6c718fe5428d2c2ae77d47fec26ff6ab Mon Sep 17 00:00:00 2001 From: Ben Wagner Date: Mon, 12 Aug 2024 15:00:08 -0400 -Subject: [PATCH] Bounds check in skia_alloc_func +Subject: [PATCH] [pdf] Bounds check in skia_alloc_func The allocator callback for zlib needs to check that items * size will fit in size_t and return nullptr if not. @@ -21,7 +21,7 @@ Change-Id: Id1a30592d435bd0de4630e7047f26b0dc17654fc 1 file changed, 8 insertions(+) diff --git a/src/pdf/SkDeflate.cpp b/src/pdf/SkDeflate.cpp -index 6952ec4f11..8ae2102c0e 100644 +index 6952ec4f11a..8ae2102c0e8 100644 --- a/src/pdf/SkDeflate.cpp +++ b/src/pdf/SkDeflate.cpp @@ -10,6 +10,7 @@ diff --git a/Patches/LineageOS-16.0/android_external_skia/410676-backport.patch b/Patches/LineageOS-16.0/android_external_skia/411933.patch similarity index 87% rename from Patches/LineageOS-16.0/android_external_skia/410676-backport.patch rename to Patches/LineageOS-16.0/android_external_skia/411933.patch index 536f946f..be7d1727 100644 --- a/Patches/LineageOS-16.0/android_external_skia/410676-backport.patch +++ b/Patches/LineageOS-16.0/android_external_skia/411933.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From b3b1bdbd13e9207bd04b26254875f87d52fac91c Mon Sep 17 00:00:00 2001 From: Brian Osman Date: Thu, 29 Aug 2024 12:47:48 -0400 Subject: [PATCH] RESTRICT AUTOMERGE: Check for size overflow before allocating @@ -12,17 +12,15 @@ Reviewed-by: Ben Wagner Auto-Submit: Brian Osman (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1fa94ff39bee75fe3a4abf061c09b972e2ffd0fa) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cbf6a5953623cdb0ef200bcba00bc43986b16c91) -(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a96bda269af74d90cf3993c4429ce9e673a5fc36) +(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:767ef0ae44902bb84ef0bf6f6beb601c283ade01) Merged-In: I74c081a7b849f13194ec7807b7a748d1919c1bb2 Change-Id: I74c081a7b849f13194ec7807b7a748d1919c1bb2 - -Change-Id: I4e5330532e3981a15f6eee8e65fe74e7da50f719 --- src/effects/SkBlurMaskFilter.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/effects/SkBlurMaskFilter.cpp b/src/effects/SkBlurMaskFilter.cpp -index 9d7df43d62..b37b84b168 100644 +index 9d7df43d622..b37b84b1688 100644 --- a/src/effects/SkBlurMaskFilter.cpp +++ b/src/effects/SkBlurMaskFilter.cpp @@ -349,6 +349,9 @@ static bool prepare_to_draw_into_mask(const SkRect& bounds, SkMask* mask) { diff --git a/Patches/LineageOS-16.0/android_frameworks_base/411487.patch b/Patches/LineageOS-16.0/android_frameworks_base/411934.patch similarity index 83% rename from Patches/LineageOS-16.0/android_frameworks_base/411487.patch rename to Patches/LineageOS-16.0/android_frameworks_base/411934.patch index 02ed6bb2..7b6fd30c 100644 --- a/Patches/LineageOS-16.0/android_frameworks_base/411487.patch +++ b/Patches/LineageOS-16.0/android_frameworks_base/411934.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 5052b6ded1d3b0451c59a3b7537ab8e87274991b Mon Sep 17 00:00:00 2001 From: Pinyao Ting Date: Thu, 29 Aug 2024 17:01:55 +0000 Subject: [PATCH] Properly handle onNullBinding() in appwidget service. @@ -15,10 +15,10 @@ Change-Id: I12fccb572e159a73785aa33a4f5204e094ccd1b7 2 files changed, 15 insertions(+) diff --git a/core/java/android/widget/RemoteViewsAdapter.java b/core/java/android/widget/RemoteViewsAdapter.java -index e5ae0ca0070c..797689beb582 100644 +index e5ae0ca0070c3..797689beb5825 100644 --- a/core/java/android/widget/RemoteViewsAdapter.java +++ b/core/java/android/widget/RemoteViewsAdapter.java -@@ -229,6 +229,11 @@ public class RemoteViewsAdapter extends BaseAdapter implements Handler.Callback +@@ -229,6 +229,11 @@ public void onServiceDisconnected(ComponentName name) { } } @@ -31,10 +31,10 @@ index e5ae0ca0070c..797689beb582 100644 public void handleMessage(Message msg) { RemoteViewsAdapter adapter = mAdapter.get(); diff --git a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java -index 9c18029ec693..ba1eacad3935 100644 +index 9c18029ec693e..ba1eacad39352 100644 --- a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java +++ b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java -@@ -1872,6 +1872,11 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku +@@ -1872,6 +1872,11 @@ public void onServiceConnected(ComponentName name, IBinder service) { mContext.unbindService(this); } @@ -46,7 +46,7 @@ index 9c18029ec693..ba1eacad3935 100644 @Override public void onServiceDisconnected(ComponentName name) { // Do nothing -@@ -2013,6 +2018,11 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku +@@ -2013,6 +2018,11 @@ public void onServiceConnected(ComponentName name, IBinder service) { mContext.unbindService(this); } diff --git a/Patches/LineageOS-16.0/android_system_bt/411488.patch b/Patches/LineageOS-16.0/android_system_bt/411935.patch similarity index 89% rename from Patches/LineageOS-16.0/android_system_bt/411488.patch rename to Patches/LineageOS-16.0/android_system_bt/411935.patch index b811eb8e..7cc1e8e7 100644 --- a/Patches/LineageOS-16.0/android_system_bt/411488.patch +++ b/Patches/LineageOS-16.0/android_system_bt/411935.patch @@ -1,7 +1,8 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 4b72e7c1522845c3d7c9a9f7c49c5061651edd06 Mon Sep 17 00:00:00 2001 From: Brian Delwiche Date: Mon, 8 Jul 2024 22:42:18 +0000 -Subject: [PATCH] Fix OOB write in build_read_multi_rsp of gatt_sr.cc +Subject: [PATCH] [BACKPORT] Fix OOB write in build_read_multi_rsp of + gatt_sr.cc build_read_multi_rsp is missing a bounds check, which can lead to an OOB write when the mtu parameter is set to zero. @@ -23,7 +24,7 @@ Change-Id: Icc8209aec68873c9821a36c579cd5df05c6ec8b8 1 file changed, 8 insertions(+) diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc -index d4e3c046b..28e7d3415 100644 +index d4e3c046b4..28e7d34158 100644 --- a/stack/gatt/gatt_sr.cc +++ b/stack/gatt/gatt_sr.cc @@ -135,6 +135,14 @@ static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status, diff --git a/Patches/LineageOS-16.0/android_system_bt/411489-backport.patch b/Patches/LineageOS-16.0/android_system_bt/411936.patch similarity index 93% rename from Patches/LineageOS-16.0/android_system_bt/411489-backport.patch rename to Patches/LineageOS-16.0/android_system_bt/411936.patch index e7dbbd98..094851dd 100644 --- a/Patches/LineageOS-16.0/android_system_bt/411489-backport.patch +++ b/Patches/LineageOS-16.0/android_system_bt/411936.patch @@ -1,7 +1,7 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From e2da2a67aa6fbf2eb0c2a9435b3838e78b974b6c Mon Sep 17 00:00:00 2001 From: Hui Peng Date: Thu, 27 Jul 2023 04:09:04 +0000 -Subject: [PATCH] Fix an integer underflow in build_read_multi_rsp +Subject: [PATCH] [BACKPORT] Fix an integer underflow in build_read_multi_rsp This is a backport of Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4 to sc-dev @@ -18,7 +18,7 @@ Change-Id: Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc -index 28e7d3415..e80070b05 100644 +index 28e7d34158..e80070b051 100644 --- a/stack/gatt/gatt_sr.cc +++ b/stack/gatt/gatt_sr.cc @@ -23,6 +23,7 @@ diff --git a/Patches/LineageOS-16.0/android_system_bt/411490.patch b/Patches/LineageOS-16.0/android_system_bt/411937.patch similarity index 87% rename from Patches/LineageOS-16.0/android_system_bt/411490.patch rename to Patches/LineageOS-16.0/android_system_bt/411937.patch index b06fe359..5e198d8e 100644 --- a/Patches/LineageOS-16.0/android_system_bt/411490.patch +++ b/Patches/LineageOS-16.0/android_system_bt/411937.patch @@ -1,7 +1,7 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From ef894d2f902d5018fdd2d1fd0395a1af9a5c85c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Paw=C5=82owski?= Date: Thu, 1 Aug 2024 14:12:58 +0000 -Subject: [PATCH] Fix "GATT Read Multiple Variable Response" builder +Subject: [PATCH] [BACKPORT] Fix "GATT Read Multiple Variable Response" builder 0 length value is perfectly fine, and should result in just length added into the packet. @@ -23,7 +23,7 @@ Change-Id: Ida4f6b566cf9fa40fc5330d8084c29669ccaa608 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/gatt/gatt_sr.cc b/stack/gatt/gatt_sr.cc -index e80070b05..1cfa1796a 100644 +index e80070b051..1cfa1796ab 100644 --- a/stack/gatt/gatt_sr.cc +++ b/stack/gatt/gatt_sr.cc @@ -180,7 +180,7 @@ static bool process_read_multi_rsp(tGATT_SR_CMD* p_cmd, tGATT_STATUS status, diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index bbde45c7..c522aaf3 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -180,8 +180,8 @@ fi; if enterAndClear "external/skia"; then applyPatch "$DOS_PATCHES/android_external_skia/408506.patch"; #P_asb_2024-11 Avoid potential overflow when allocating 3D mask from emboss filter -applyPatch "$DOS_PATCHES/android_external_skia/410675-backport.patch"; #n-asb-2024-12 [pdf] Bounds check in skia_alloc_func -applyPatch "$DOS_PATCHES/android_external_skia/410676-backport.patch"; #n-asb-2024-12 Check for size overflow before allocating SkMask data +applyPatch "$DOS_PATCHES/android_external_skia/411932.patch"; #P_asb_2024-12 [pdf] Bounds check in skia_alloc_func +applyPatch "$DOS_PATCHES/android_external_skia/411933.patch"; #P_asb_2024-12 Check for size overflow before allocating SkMask data fi; if enterAndClear "external/sonivox"; then @@ -351,7 +351,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/408507.patch"; #P_asb_2024-11 R applyPatch "$DOS_PATCHES/android_frameworks_base/408508.patch"; #P_asb_2024-11 RingtoneManager: allow video ringtone URI applyPatch "$DOS_PATCHES/android_frameworks_base/408509.patch"; #P_asb_2024-11 Disallow device admin package and protected packages to be reinstalled as instant. applyPatch "$DOS_PATCHES/android_frameworks_base/408510.patch"; #P_asb_2024-11 Clear app-provided shortcut icons -applyPatch "$DOS_PATCHES/android_frameworks_base/411487.patch"; #R_asb_2024-12 Properly handle onNullBinding() in appwidget service. +applyPatch "$DOS_PATCHES/android_frameworks_base/411934.patch"; #P_asb_2024-12 Properly handle onNullBinding() in appwidget service. applyPatch "$DOS_PATCHES/android_frameworks_base/0007-Always_Restict_Serial.patch"; #Always restrict access to Build.SERIAL (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) @@ -697,9 +697,9 @@ applyPatch "$DOS_PATCHES/android_system_bt/397596.patch"; #P_asb_2024-07 Fix an applyPatch "$DOS_PATCHES/android_system_bt/399772.patch"; #P_asb_2024-08 Fix heap-buffer overflow in sdp_utils.cc applyPatch "$DOS_PATCHES/android_system_bt/405833.patch"; #P_asb_2024-10 Add btif/include/btif_hh::btif_hh_status_text applyPatch "$DOS_PATCHES/android_system_bt/405834.patch"; #P_asb_2024-10 Disallow unexpected incoming HID connections 1/2 -applyPatch "$DOS_PATCHES/android_system_bt/411488.patch"; #R_asb_2024-12 Fix OOB write in build_read_multi_rsp of gatt_sr.cc -applyPatch "$DOS_PATCHES/android_system_bt/411489-backport.patch"; #R_asb_2024-12 Fix an integer underflow in build_read_multi_rsp -applyPatch "$DOS_PATCHES/android_system_bt/411490.patch"; #R_asb_2024-12 Fix "GATT Read Multiple Variable Response" builder +applyPatch "$DOS_PATCHES/android_system_bt/411935.patch"; #P_asb_2024-12 Fix OOB write in build_read_multi_rsp of gatt_sr.cc +applyPatch "$DOS_PATCHES/android_system_bt/411936.patch"; #P_asb_2024-12 Fix an integer underflow in build_read_multi_rsp +applyPatch "$DOS_PATCHES/android_system_bt/411937.patch"; #P_asb_2024-12 Fix "GATT Read Multiple Variable Response" builder #applyPatch "$DOS_PATCHES_COMMON/android_system_bt/0001-alloc_size.patch"; #Add alloc_size attributes to the allocator (GrapheneOS) fi;