lineage-17.1 patches incomplete
SirRGB opened this issue ยท 6 comments
https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-08/platform_system_ca-certificates
https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-07/platform_tools_apksig
These are not uploaded to gerrit due to missing forks within the lineage org.
10-2023 will require these additional non-forked repos
https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-10/platform_external_libxml2
https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-10/platform_external_webp
There might be more patches, that I missed.
Please look at the actual scripts...
- Trustcor was removed here before it was part of an ASB:
- The mainline ca-certificates is used: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/LineageOS-17.1/Patch.sh#L401-L404
- Trustcor is removed here https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L452-L459
- apksig is picked here: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/LineageOS-17.1/Patch.sh#L441-L444
- libxml2 is patched here: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/LineageOS-17.1/Patch.sh#L133-L135
- DivestOS was the first aftermarket Android OS to patch both the webp and libvpx zero-days, but it is now patched here by using the newer lineage-18.1 branch which includes the fix upstream: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Manifests/Manifest_LAOS-17.1.xml#L69-L71
Please also understand I send the 17.1 ASB backports to flamefire after I do them first, ie. most of those backports were done by me:
- 2023-03-21: 44fa294
- 2023-03-30: Flamefire/android_device_sony_lilac@679921a
- 2023-04-28: ab4eceb
- 2023-04-29: Flamefire/android_device_sony_lilac@e29f493
- 2023-05-07: 8503986
- 2023-05-13: Flamefire/android_device_sony_lilac@a585a0a
- 2023-06-10: 67dd049
- 2023-06-13: Flamefire/android_device_sony_lilac@b67fa13
- 2023-07-07: b92655d
- 2023-07-26: Flamefire/android_device_sony_lilac@4715a71
- 2023-08-08: f52adb2
- 2023-08-22: Flamefire/android_device_sony_lilac@53898f7
- 2023-09-11: aa4464d
- 2023-09-15: Flamefire/android_device_sony_lilac@4149fd6
- 2023-10-09: 27066c2
- 2023-10-13: Flamefire/android_device_sony_lilac@c0786b4
I do however see this one: https://github.com/Flamefire/android_device_sony_lilac/blob/lineage-17.1/patches/asb-2023-10/android_packages_providers_MediaProvider/0001-Fix-path-traversal-vulnerabilities-in-MediaProvider.patch
which I will pull in for next cycle as I usually do.
My bad, only
https://review.lineageos.org/q/topic:%22CVE-2023-5217%22
is missing then. Applied fine for me without any additional patches.
Thanks for the clarification and work on android 10 security patches, I really apreciate it.
CVE-2023-5217 is not missing, again, I made that backport and sent it to LineageOS on 2023-09-28:
- fcf4f81 < ~8 hours before it landed on LineageOS gerrit
- https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/LineageOS-17.1/Patch.sh#L129-L131
If you're going to use my patches/backports, and I do encourage/want you to, please go through the scripts, and don't hesitate to ask me where something is.
Just please don't assume it is missing ๐
Just noticed this one is implemented as well, sry again