From a812869b6ca91a86d1dba0a48998f4a4a4aa05b9 Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 4 Jun 2017 22:12:03 -0400 Subject: [PATCH] Fix some kernel CVEs using using raymanfxs android-cve-checker --- .../cve_fix.sh | 25 ++++++++ .../cve_fix.sh | 61 +++++++++++++++++++ Scripts/LAOS-14.1_Patches.sh | 2 + 3 files changed, 88 insertions(+) create mode 100644 Patches/LineageOS-14.1/android_kernel_motorola_msm8916/cve_fix.sh create mode 100644 Patches/LineageOS-14.1/android_kernel_motorola_msm8992/cve_fix.sh diff --git a/Patches/LineageOS-14.1/android_kernel_motorola_msm8916/cve_fix.sh b/Patches/LineageOS-14.1/android_kernel_motorola_msm8916/cve_fix.sh new file mode 100644 index 00000000..e72ac4ac --- /dev/null +++ b/Patches/LineageOS-14.1/android_kernel_motorola_msm8916/cve_fix.sh @@ -0,0 +1,25 @@ +#Created using raymanfx's android-cve-checker +kernelPath="/mnt/Drive-1/Development/Other/Android_ROMs/Build/LineageOS-14.1/kernel/motorola/msm8916"; +cvePatch="/home/spotcomms/Development/Other/Android_ROMs/Repos/android-cve-checker/patches/3.10/"; +git -C $kernelPath apply --3way $cvePatch"CVE-2014-3601.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2014-9420.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2015-7515.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2015-8967.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-10153.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-1583.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-3843.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-3894.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-5829.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-5858.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-5859.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-5867.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-8483.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-9576.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0457.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-2636.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-2647.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-5986.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6074.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6345.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6346.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6348.patch" diff --git a/Patches/LineageOS-14.1/android_kernel_motorola_msm8992/cve_fix.sh b/Patches/LineageOS-14.1/android_kernel_motorola_msm8992/cve_fix.sh new file mode 100644 index 00000000..578db9b2 --- /dev/null +++ b/Patches/LineageOS-14.1/android_kernel_motorola_msm8992/cve_fix.sh @@ -0,0 +1,61 @@ +#Created using raymanfx's android-cve-checker +kernelPath="/mnt/Drive-1/Development/Other/Android_ROMs/Build/LineageOS-14.1/kernel/motorola/msm8992"; +cvePatch="/home/spotcomms/Development/Other/Android_ROMs/Repos/android-cve-checker/patches/3.10/"; +git -C $kernelPath apply --3way $cvePatch"CVE-2014-9940.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2015-8961.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2015-8966.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2015-9004.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-10200.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-10229.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-1583.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-3070.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-3894.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-5858.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-5859.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-5867.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-6690.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-8405.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-8417.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-8477.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-8479.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-8481.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-8650.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-9120.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-9576.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2016-9604.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0404.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0427.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0451.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0452.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0456.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0457.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0460.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0463.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0507.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0516.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0537.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0604.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0605.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0606.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0610.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0611.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0626.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-0631.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-2618.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-2636.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-2647.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-5669.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-5972.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-5986.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6074.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6214.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6345.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6346.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6348.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-6951.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-7184.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-7187.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-7308.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-7472.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-7616.patch" +git -C $kernelPath apply --3way $cvePatch"CVE-2017-7889.patch" diff --git a/Scripts/LAOS-14.1_Patches.sh b/Scripts/LAOS-14.1_Patches.sh index a5f2f209..36c26a78 100755 --- a/Scripts/LAOS-14.1_Patches.sh +++ b/Scripts/LAOS-14.1_Patches.sh @@ -157,6 +157,7 @@ enableDexPreOpt enter "kernel/motorola/msm8992" patch -p1 < $patches"android_kernel_common_msm8992/0001-OverUnderClock.patch" #a57: 1.82Ghz -> 2.01Ghz, a53 1.44Ghz -> 1.63Ghz, 384Mhz -> 300Mhz =+1.14Ghz TODO: Enable by default patch -p1 < $patches"android_kernel_common_msm8992/0002-MMC_Tweak.patch" #Improves MMC performance +source $patches"android_kernel_motorola_msm8992/cve_fix.sh" enter "device/oneplus/bacon" enableDexPreOpt @@ -183,6 +184,7 @@ patch -p1 < $patches"android_kernel_common_msm8992/0002-MMC_Tweak.patch" #Improv enter "kernel/motorola/msm8916" patch -p1 < $patches"android_kernel_motorola_msm8916/0001-Overclock.patch" #1.36Ghz -> 1.88Ghz =+ 2.07Ghz +source $patches"android_kernel_motorola_msm8916/cve_fix.sh" enter "kernel/nextbit/msm8992" patch -p1 < $patches"android_kernel_common_msm8992/0001-OverUnderClock.patch" #a57: 1.82Ghz -> 2.01Ghz, a53 1.44Ghz -> 1.63Ghz, 384Mhz -> 300Mhz =+1.14Ghz TODO: Enable by default