diff --git a/Patches/Linux b/Patches/Linux index 343b64b7..a2b5b739 160000 --- a/Patches/Linux +++ b/Patches/Linux @@ -1 +1 @@ -Subproject commit 343b64b700619f38daf74d11cbfbc2d4363a6a28 +Subproject commit a2b5b73994a0b69d4f66cb7d85cf3bb76d9223ed diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh index 9a0987c0..7e265cc9 100644 --- a/Scripts/LineageOS-14.1/Functions.sh +++ b/Scripts/LineageOS-14.1/Functions.sh @@ -36,6 +36,7 @@ scanWorkspaceForMalware() { export -f scanWorkspaceForMalware; buildDevice() { + pkill java && sleep 10; #XXX: ugly hack cd "$DOS_BUILD_BASE"; export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1"; breakfast "lineage_$1-user" && mka target-files-package otatools && processRelease $1 true $2; @@ -43,6 +44,7 @@ buildDevice() { export -f buildDevice; buildDeviceUserDebug() { + pkill java && sleep 10; #XXX: ugly hack cd "$DOS_BUILD_BASE"; export OTA_KEY_OVERRIDE_DIR="$DOS_SIGNING_KEYS/$1"; breakfast "lineage_$1-userdebug" && mka target-files-package otatools && processRelease $1 true $2; @@ -98,6 +100,7 @@ patchWorkspace() { repopick -i 315718; #CVE-2021-1957 repopick -it n-asb-2021-09; repopick -it n-asb-2021-10; + repopick -it tzdb2021c_N; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index d4c6fa3d..90cc68c2 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -71,7 +71,7 @@ patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys sed -i '50i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. sed -i '296iLOCAL_AAPT_FLAGS += --auto-add-overlay' core/package_internal.mk; sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk; #Replace the Messaging app with Silence -sed -i 's/2021-06-05/2021-09-05/' core/version_defaults.mk; #Bump Security String #n-asb-2021-08 #n-asb-2021-09 #XXX +sed -i 's/2021-06-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #n-asb-2021-10 #XXX fi; if enterAndClear "device/qcom/sepolicy"; then @@ -346,6 +346,10 @@ if enterAndClear "device/samsung/exynos5420-common"; then awk -i inplace '!/shell su/' sepolicy/shell.te; #neverallow fi; +if enterAndClear "device/samsung/i9100"; then +smallerSystem; +fi; + if enterAndClear "device/samsung/manta"; then #git revert --no-edit e55bbff1c8aa50e25ffe39c8936ea3dc92a4a575; #restore releasetools #TODO echo "allow audioserver sensorservice_service:service_manager find;" >> sepolicy/audioserver.te; diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 48892163..e232eb5b 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -69,6 +69,7 @@ patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys patch -p1 < "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS) sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence +sed -i 's/2021-09-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #O_asb_2021-10 #XXX fi; if enterAndClear "build/soong"; then diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 5381c1b6..025a3dd3 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -73,6 +73,7 @@ patch -p1 < "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) +sed -i 's/2021-09-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #P_asb_2021-10 #XXX fi; if enterAndClear "build/soong"; then diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index a5fc3474..63aa5faf 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -70,6 +70,7 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/gsi_common.mk; #Replace the Messaging app with Silence awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) +sed -i 's/2021-09-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #Q_asb_2021-10 #XXX fi; if enterAndClear "build/soong"; then diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_essential_msm8998.sh index 1c1dbb87..f94c36f4 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_essential_msm8998.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_essential_msm8998.sh @@ -1,6 +1,7 @@ #!/bin/bash cd "$DOS_BUILD_BASE""kernel/essential/msm8998" git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0285-0286.patch --exclude=Makefile +git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0286-0287.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0004.patch @@ -101,5 +102,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24587/qca-wifi-host-cmn/0016.patch -- git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0005.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0011.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0003.patch -editKernelLocalversion "-dos.p101" +editKernelLocalversion "-dos.p102" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh index d8fe927e..26a834f7 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh @@ -1,6 +1,7 @@ #!/bin/bash cd "$DOS_BUILD_BASE""kernel/fxtec/msm8998" git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0285-0286.patch --exclude=Makefile +git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0286-0287.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch @@ -56,5 +57,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24587/qca-wifi-host-cmn/0016.patch --directory=drivers/staging/qca-wifi-host-cmn git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3655/^5.13/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-40490/3.9-^5.14/0001.patch -editKernelLocalversion "-dos.p56" +editKernelLocalversion "-dos.p57" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_wahoo.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_wahoo.sh index f2154d97..bdb0e975 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_wahoo.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_google_wahoo.sh @@ -1,6 +1,7 @@ #!/bin/bash cd "$DOS_BUILD_BASE""kernel/google/wahoo" git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0285-0286.patch --exclude=Makefile +git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0286-0287.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/ANY/0001.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0003.patch @@ -75,5 +76,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3655/^5.13/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-40490/3.9-^5.14/0001.patch -editKernelLocalversion "-dos.p75" +editKernelLocalversion "-dos.p76" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh index 1438a78e..df59f45f 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh @@ -2,6 +2,7 @@ cd "$DOS_BUILD_BASE""kernel/oneplus/msm8998" git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0284-0285.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0285-0286.patch --exclude=Makefile +git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0286-0287.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch @@ -52,5 +53,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1941/qca-wifi-host-cmn/0001.patch --directory=drivers/staging/qca-wifi-host-cmn git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1945/qca-wifi-host-cmn/0001.patch --directory=drivers/staging/qca-wifi-host-cmn -editKernelLocalversion "-dos.p52" +editKernelLocalversion "-dos.p53" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_razer_msm8998.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_razer_msm8998.sh index eb07a686..77698c60 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_razer_msm8998.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_razer_msm8998.sh @@ -1,6 +1,7 @@ #!/bin/bash cd "$DOS_BUILD_BASE""kernel/razer/msm8998" git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0285-0286.patch --exclude=Makefile +git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0286-0287.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch @@ -54,5 +55,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3655/^5.13/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-40490/3.9-^5.14/0001.patch -editKernelLocalversion "-dos.p54" +editKernelLocalversion "-dos.p55" cd "$DOS_BUILD_BASE"