From d5d3846f2c2ea15c53978bd452028e5825800e3a Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 9 Oct 2021 19:34:25 -0400 Subject: [PATCH] Small tweaks Signed-off-by: Tad --- Scripts/Common/Fix_CVE_Patchers.sh | 2 +- Scripts/LineageOS-15.1/Patch.sh | 1 - Scripts/LineageOS-16.0/Patch.sh | 1 - Scripts/LineageOS-17.1/Functions.sh | 4 ++-- Scripts/LineageOS-17.1/Patch.sh | 1 - .../CVE_Patchers/android_kernel_essential_msm8998.sh | 5 +---- .../CVE_Patchers/android_kernel_fxtec_msm8998.sh | 10 +--------- .../android_kernel_samsung_msm8930-common.sh | 2 +- Scripts/LineageOS-18.1/Functions.sh | 2 +- Scripts/LineageOS-18.1/Patch.sh | 1 + 10 files changed, 8 insertions(+), 21 deletions(-) diff --git a/Scripts/Common/Fix_CVE_Patchers.sh b/Scripts/Common/Fix_CVE_Patchers.sh index 23edb7ce..9622263e 100644 --- a/Scripts/Common/Fix_CVE_Patchers.sh +++ b/Scripts/Common/Fix_CVE_Patchers.sh @@ -72,7 +72,7 @@ commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4 commentPatches android_kernel_samsung_exynos5420.sh "CVE-2021-Misc2/3.4/0061.patch" "CVE-2021-Misc2/3.4/0062.patch"; commentPatches android_kernel_samsung_jf.sh "CVE-2019-11599"; commentPatches android_kernel_samsung_manta.sh "CVE-2021-Misc2/3.4/0055.patch" "CVE-2021-Misc2/3.4/0056.patch"; -commentPatches android_kernel_samsung_msm8930-common.sh "CVE-2017-11015/prima" "CVE-2019-11599"; +commentPatches android_kernel_samsung_msm8930-common.sh "CVE-2017-11015/prima" "CVE-2019-11599" "CVE-2021-Misc2/ANY/0031.patch"; commentPatches android_kernel_samsung_smdk4412.sh "CVE-2012-2127" "CVE-2016-8463/ANY/0001.patch"; commentPatches android_kernel_samsung_tuna.sh "CVE-2012-2127"; commentPatches android_kernel_samsung_universal8890.sh "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972" "CVE-2019-16746" "CVE-2020-0427" "CVE-2020-14381" "CVE-2020-16166"; diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index e232eb5b..48892163 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -69,7 +69,6 @@ patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #Add correct keys patch -p1 < "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv at a minimum (GrapheneOS) sed -i '57i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence -sed -i 's/2021-09-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #O_asb_2021-10 #XXX fi; if enterAndClear "build/soong"; then diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 025a3dd3..5381c1b6 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -73,7 +73,6 @@ patch -p1 < "$DOS_PATCHES/android_build/0002-Enable_fwrapv.patch"; #Use -fwrapv sed -i '74i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aapt2.mk; #Enable auto-add-overlay for packages, this allows the vendor overlay to easily work across all branches. sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/treble_common.mk; #Replace the Messaging app with Silence sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 17/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) -sed -i 's/2021-09-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #P_asb_2021-10 #XXX fi; if enterAndClear "build/soong"; then diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh index 8ce28dd0..f85666c6 100644 --- a/Scripts/LineageOS-17.1/Functions.sh +++ b/Scripts/LineageOS-17.1/Functions.sh @@ -92,9 +92,9 @@ patchWorkspace() { umask 0022; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - source build/envsetup.sh; + #source build/envsetup.sh; #repopick -it ten-firewall; - repopick -it Q_asb_2021-10; + #repopick -it Q_tzdb2021a1; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index 63aa5faf..a5fc3474 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -70,7 +70,6 @@ sed -i '75i$(my_res_package): PRIVATE_AAPT_FLAGS += --auto-add-overlay' core/aap sed -i 's/messaging/Silence/' target/product/aosp_base_telephony.mk target/product/gsi_common.mk; #Replace the Messaging app with Silence awk -i inplace '!/updatable_apex.mk/' target/product/mainline_system.mk; #Disable APEX sed -i 's/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 23/PLATFORM_MIN_SUPPORTED_TARGET_SDK_VERSION := 28/' core/version_defaults.mk; #Set the minimum supported target SDK to Pie (GrapheneOS) -sed -i 's/2021-09-05/2021-10-05/' core/version_defaults.mk; #Bump Security String #Q_asb_2021-10 #XXX fi; if enterAndClear "build/soong"; then diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_essential_msm8998.sh index f94c36f4..225c90e3 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_essential_msm8998.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_essential_msm8998.sh @@ -1,7 +1,5 @@ #!/bin/bash cd "$DOS_BUILD_BASE""kernel/essential/msm8998" -git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0285-0286.patch --exclude=Makefile -git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0286-0287.patch --exclude=Makefile git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0004.patch @@ -98,9 +96,8 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24587/qca-wifi-host-cmn/0016.patch --directory=drivers/staging/qca-wifi-host-cmn git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0005.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-0936/ANY/0011.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-1963/ANY/0003.patch -editKernelLocalversion "-dos.p102" +editKernelLocalversion "-dos.p99" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh index 26a834f7..3597b02f 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_fxtec_msm8998.sh @@ -43,19 +43,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15291/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0012.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19068/4.4/0004.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0026.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0027.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0028.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0029.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-3702/4.4/0030.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11160/4.4/0003.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14386/3.10-^4.4/0002.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/4.4/0006.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-16119/^5.10/0002.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-24587/qca-wifi-host-cmn/0016.patch --directory=drivers/staging/qca-wifi-host-cmn -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-3655/^5.13/0003.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-40490/3.9-^5.14/0001.patch -editKernelLocalversion "-dos.p57" +editKernelLocalversion "-dos.p49" cd "$DOS_BUILD_BASE" diff --git a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_msm8930-common.sh b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_msm8930-common.sh index b651d937..c88b2a39 100644 --- a/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_msm8930-common.sh +++ b/Scripts/LineageOS-18.1/CVE_Patchers/android_kernel_samsung_msm8930-common.sh @@ -388,7 +388,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0026.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0028.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0029.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0030.patch -git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0031.patch +#git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0031.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0032.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0033.patch git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-Misc2/ANY/0034.patch diff --git a/Scripts/LineageOS-18.1/Functions.sh b/Scripts/LineageOS-18.1/Functions.sh index b172c9c3..72747c0e 100644 --- a/Scripts/LineageOS-18.1/Functions.sh +++ b/Scripts/LineageOS-18.1/Functions.sh @@ -128,7 +128,7 @@ patchWorkspace() { #source build/envsetup.sh; #repopick -it eleven-firewall; - #repopick -it android-11.0.0_r46; + #repopick -it R_tzdb2021a1; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index 525f91fd..19b39544 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -328,6 +328,7 @@ fi; if enterAndClear "device/google/redbull"; then enableVerity; #Resurrect dm-verity +awk -i inplace '!/sctp/' BoardConfig-common.mk modules.load; #fix compile after hardenDefconfig fi; if enterAndClear "device/google/redfin"; then