diff --git a/Patches/Linux b/Patches/Linux index 71f7327b..19534732 160000 --- a/Patches/Linux +++ b/Patches/Linux @@ -1 +1 @@ -Subproject commit 71f7327b0d4d85a31ef3e959d63b1e52df6516f6 +Subproject commit 19534732114f5cde187cc1b3af576800d24922d2 diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh index 3e5168fc..4e87daf8 100644 --- a/Scripts/Common/Functions.sh +++ b/Scripts/Common/Functions.sh @@ -901,7 +901,18 @@ hardenDefconfig() { optionsYes+=("DEBUG_KERNEL" "DEBUG_CREDENTIALS" "DEBUG_LIST" "DEBUG_VIRTUAL"); optionsYes+=("DEBUG_RODATA" "DEBUG_SET_MODULE_RONX"); #optionsYes+=("DEBUG_SG"); #bootloops - https://patchwork.kernel.org/patch/8989981 - if [ "$DOS_USE_KSM" = true ]; then optionsYes+=("KSM"); fi; + + if [ "$DOS_USE_KSM" = true ] && [ -f "mm/ksm.c" ]; then + if [[ $kernelVersion == "3."* ]] || [[ $kernelVersion == "4.4"* ]] || [[ $kernelVersion == "4.9"* ]]; then + optionsYes+=("KSM"); + sed -i 's/unsigned int ksm_run = KSM_RUN_STOP;/unsigned int ksm_run = KSM_RUN_MERGE;/' mm/ksm.c &>/dev/null || true; + sed -i 's/unsigned long ksm_run = KSM_RUN_STOP;/unsigned long ksm_run = KSM_RUN_MERGE;/' mm/ksm.c &>/dev/null || true; + else + local ksmNotNeeded=true; + sed -i 's/unsigned int ksm_run = KSM_RUN_MERGE;/unsigned int ksm_run = KSM_RUN_STOP;/' mm/ksm.c &>/dev/null || true; + sed -i 's/unsigned long ksm_run = KSM_RUN_MERGE;/unsigned long ksm_run = KSM_RUN_STOP;/' mm/ksm.c &>/dev/null || true; + fi; + fi; if [[ $kernelVersion == "3."* ]] || [[ $kernelVersion == "4.4"* ]] || [[ $kernelVersion == "4.9"* ]]; then optionsYes+=("DEBUG_NOTIFIERS"); #(https://github.com/GrapheneOS/os-issue-tracker/issues/681) @@ -1084,7 +1095,7 @@ hardenDefconfig() { optionsNo+=("HIBERNATION"); optionsNo+=("KEXEC" "KEXEC_FILE"); optionsNo+=("UKSM"); - if [ "$DOS_USE_KSM" = false ]; then optionsNo+=("KSM"); fi; + if [ "$DOS_USE_KSM" = false ] || [ "$ksmNotNeeded" = true ]; then optionsNo+=("KSM"); fi; optionsNo+=("LIVEPATCH"); optionsNo+=("WIREGUARD"); #Requires root access, which we do not provide if [ "$DOS_DEBLOBBER_REMOVE_IPA" = true ]; then optionsNo+=("IPA" "RMNET_IPA"); fi; diff --git a/Scripts/Common/Post.sh b/Scripts/Common/Post.sh index 08a98c03..a3c91472 100644 --- a/Scripts/Common/Post.sh +++ b/Scripts/Common/Post.sh @@ -24,12 +24,12 @@ echo "Post tweaks..."; #MSM_DLOAD_MODE can't be disabled as it breaks compile sed -i 's/set_dload_mode(in_panic)/set_dload_mode(0)/' kernel/*/*/arch/arm/mach-msm/restart.c &>/dev/null || true; -if [ "$DOS_USE_KSM" = true ]; then - #Enable KSM #XXX testing only - sed -i 's/unsigned int ksm_run = KSM_RUN_STOP;/unsigned int ksm_run = KSM_RUN_MERGE;/' kernel/*/*/mm/ksm.c &>/dev/null || true; - sed -i 's/unsigned long ksm_run = KSM_RUN_STOP;/unsigned long ksm_run = KSM_RUN_MERGE;/' kernel/*/*/mm/ksm.c &>/dev/null || true; +#Increase power efficiency of KSM +sed -i 's/bool use_deferred_timer;/bool use_deferred_timer = true;/' kernel/*/*/mm/ksm.c &>/dev/null || true; +sed -i 's/unsigned int ksm_thread_sleep_millisecs = 20;/unsigned int ksm_thread_sleep_millisecs = 500;/' kernel/*/*/mm/ksm.c &>/dev/null || true; - #Enable slub/slab merging #XXX testing only +if [ "$DOS_USE_KSM" = true ]; then + #Enable slub/slab merging sed -i 's/static int slub_nomerge;/static int slub_nomerge = 0;/' kernel/*/*/mm/slub.c &>/dev/null || true; #2.6.22-3.17 sed -i 's/static int slab_nomerge;/static int slab_nomerge = 0;/' kernel/*/*/mm/slab_common.c &>/dev/null || true; #3.18-4.12 sed -i 's/static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);/static bool slab_nomerge = false;/' kernel/*/*/mm/slab_common.c &>/dev/null || true; #4.13+ diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_exynos5420.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_exynos5420.sh index 677a0927..72bcb373 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_exynos5420.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_exynos5420.sh @@ -12,6 +12,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00 #git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3225/3.4/0003.patch @@ -252,7 +253,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3161/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-23559/4.4/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-synchronization-issue-between-f_audio.patch -editKernelLocalversion "-dos.p252" +editKernelLocalversion "-dos.p253" else echo "kernel_samsung_exynos5420 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh index 6e9f7086..7855f7f6 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh @@ -6,6 +6,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00 #git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2011-4131/^3.2/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2011-4347/^3.2/0001.patch @@ -426,7 +427,7 @@ git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-sy git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p426" +editKernelLocalversion "-dos.p427" else echo "kernel_samsung_smdk4412 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_tuna.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_tuna.sh index 4deeef5d..5277eec4 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_tuna.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_tuna.sh @@ -6,6 +6,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00 #git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0043.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2011-4131/^3.2/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2011-4347/^3.2/0001.patch @@ -419,7 +420,7 @@ git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-sy git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p419" +editKernelLocalversion "-dos.p420" else echo "kernel_samsung_tuna is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh index 303a3e42..aa203202 100644 --- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh +++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_universal8890.sh @@ -34,6 +34,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-random/4.9/0006 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0027.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0031.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0005.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-7446/^4.3.3/0003.patch @@ -777,7 +778,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p777" +editKernelLocalversion "-dos.p778" else echo "kernel_samsung_universal8890 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_fugu.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_fugu.sh index 789be0f9..7816b279 100644 --- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_fugu.sh +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_asus_fugu.sh @@ -16,6 +16,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0017.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-2372/3.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6540/3.4/0003.patch @@ -668,7 +669,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p668" +editKernelLocalversion "-dos.p669" else echo "kernel_asus_fugu is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh index d4d1de3b..61502db1 100644 --- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_google_dragon.sh @@ -29,6 +29,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-random/4.9/0006 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0027.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0031.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0006.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0005.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-4312/3.18/0007.patch @@ -741,7 +742,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch -editKernelLocalversion "-dos.p741" +editKernelLocalversion "-dos.p742" else echo "kernel_google_dragon is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_htc_flounder.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_htc_flounder.sh index 08d79d31..2d926e1e 100644 --- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_htc_flounder.sh +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_htc_flounder.sh @@ -17,6 +17,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0017.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6540/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/3.4/0003.patch @@ -458,7 +459,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p458" +editKernelLocalversion "-dos.p459" else echo "kernel_htc_flounder is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_hammerhead.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_hammerhead.sh index 7bd4e313..c984e671 100644 --- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_hammerhead.sh +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_lge_hammerhead.sh @@ -16,6 +16,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-misc/4.4/0016.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-2119/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-2136/3.4/0003.patch @@ -653,7 +654,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-4002/3.4/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p653" +editKernelLocalversion "-dos.p654" else echo "kernel_lge_hammerhead is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_moto_shamu.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_moto_shamu.sh index 217e7d5b..419310da 100644 --- a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_moto_shamu.sh +++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_moto_shamu.sh @@ -17,6 +17,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0017.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0018.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6540/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/3.4/0003.patch @@ -367,7 +368,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p367" +editKernelLocalversion "-dos.p368" else echo "kernel_moto_shamu is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_yellowstone.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_yellowstone.sh index be1e8a06..fbb299b9 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_yellowstone.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_google_yellowstone.sh @@ -17,6 +17,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0016.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0017.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6540/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/3.4/0003.patch @@ -508,7 +509,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p508" +editKernelLocalversion "-dos.p509" else echo "kernel_google_yellowstone is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_hammerhead.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_hammerhead.sh index 378aaae6..a501b96c 100644 --- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_hammerhead.sh +++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_hammerhead.sh @@ -17,6 +17,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-misc/4.4/0016.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-2119/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-2136/3.4/0003.patch @@ -653,7 +654,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-4002/3.4/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p653" +editKernelLocalversion "-dos.p654" else echo "kernel_lge_hammerhead is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_lge_mako.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_lge_mako.sh index 97f12314..242c618d 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_lge_mako.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_lge_mako.sh @@ -13,6 +13,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/ANY/000 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-misc/4.4/0016.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch #git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-18193/3.18/0002.patch #git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-17972/3.18/0004.patch @@ -31,7 +32,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3141/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3159/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-3161/4.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2023-32269/4.4/0001.patch -editKernelLocalversion "-dos.p31" +editKernelLocalversion "-dos.p32" else echo "kernel_lge_mako is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_moto_shamu.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_moto_shamu.sh index 75c8234c..d4a315ee 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_moto_shamu.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_moto_shamu.sh @@ -18,6 +18,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0017.patch git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.10/0018.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0007.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6540/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3076/3.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2013-3222/3.4/0003.patch @@ -348,7 +349,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p348" +editKernelLocalversion "-dos.p349" else echo "kernel_moto_shamu is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8974.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8974.sh index 6b0f21b7..f9adec2c 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8974.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_motorola_msm8974.sh @@ -11,6 +11,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00 git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/ANY/0001.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/3.4/0007.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6544/3.4/0008.patch @@ -505,7 +506,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6752/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p505" +editKernelLocalversion "-dos.p506" else echo "kernel_motorola_msm8974 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_msm8930-common.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_msm8930-common.sh index fb3ae13c..b88afea5 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_msm8930-common.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_msm8930-common.sh @@ -15,6 +15,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/ANY/000 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-misc/4.4/0016.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slub/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/ANY/0008.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6703/^3.6/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2012-6703/^3.6/0002.patch @@ -542,7 +543,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13167/3.4/0014.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14053/3.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2022-20423/3.4/0010.patch -editKernelLocalversion "-dos.p542" +editKernelLocalversion "-dos.p543" else echo "kernel_samsung_msm8930-common is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh index fc6ce4c2..abd5e818 100644 --- a/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh +++ b/Scripts/LineageOS-20.0/CVE_Patchers/android_kernel_samsung_exynos9810.sh @@ -25,6 +25,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0009.p git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0013.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-slab/4.9/0017.patch git apply $DOS_PATCHES_LINUX_CVES/0009-rfc4941bis/4.9/0004.patch +git apply $DOS_PATCHES_LINUX_CVES/0010-ksm_deferred_timers/4.9/0005.patch git apply $DOS_PATCHES_LINUX_CVES/0090-Unknown/ANY/0004.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch @@ -590,7 +591,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0016.pat git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening-ro/4.9/0029.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/4.9/0008.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.9/0007.patch -editKernelLocalversion "-dos.p590" +editKernelLocalversion "-dos.p591" else echo "kernel_samsung_exynos9810 is unavailable, not patching."; fi; cd "$DOS_BUILD_BASE"