lineage-17.1 patches incomplete

[SirRGB]

https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-08/platform_system_ca-certificates https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-07/platform_tools_apksig

These are not uploaded to gerrit due to missing forks within the lineage org.

10-2023 will require these additional non-forked repos

https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-10/platform_external_libxml2 https://github.com/Flamefire/android_device_sony_lilac/tree/lineage-17.1/patches/asb-2023-10/platform_external_webp

There might be more patches, that I missed.

[SkewedZeppelin]

Please look at the actual scripts...

[SkewedZeppelin]

• Trustcor was removed here before it was part of an ASB:
  • The mainline ca-certificates is used: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/LineageOS-17.1/Patch.sh#L401-L404
  • Trustcor is removed here https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L452-L459
• apksig is picked here: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/LineageOS-17.1/Patch.sh#L441-L444
• libxml2 is patched here: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/LineageOS-17.1/Patch.sh#L133-L135
• DivestOS was the first aftermarket Android OS to patch both the webp and libvpx zero-days, but it is now patched here by using the newer lineage-18.1 branch which includes the fix upstream: https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Manifests/Manifest_LAOS-17.1.xml#L69-L71
  • https://github.com/Divested-Mobile/DivestOS-Build/commit/cbf76ea4eb3befaf42f1cba5619f6b41eb69121f
  • https://github.com/Divested-Mobile/DivestOS-Build/commit/25f02f4177e24ff290aa2d3187c1d6f79c383d38
  • https://github.com/Divested-Mobile/DivestOS-Build/commit/fcf4f812cc12872741e018cc4dba976ad90ce69e

Please also understand I send the 17.1 ASB backports to flamefire after I do them first, ie. most of those backports were done by me:

• 2023-03-21: https://github.com/Divested-Mobile/DivestOS-Build/commit/44fa294ecab2efc981a9eff339db4fa98ca24d08
• 2023-03-30: https://github.com/Flamefire/android_device_sony_lilac/commit/679921a04c404504d6cc172b4c8d0ea1aaed6824
• 2023-04-28: https://github.com/Divested-Mobile/DivestOS-Build/commit/ab4eceb830d8ebc5f0d16e7a6377cd171c0954a4
• 2023-04-29: https://github.com/Flamefire/android_device_sony_lilac/commit/e29f4938f30366b82a8b9c814d4b49038d6fb40d
• 2023-05-07: https://github.com/Divested-Mobile/DivestOS-Build/commit/8503986acb032ce2d9db75aca17552b9a7d6f23c
• 2023-05-13: https://github.com/Flamefire/android_device_sony_lilac/commit/a585a0a516c1ea4ca82ded188f204243ed7054d3
• 2023-06-10: https://github.com/Divested-Mobile/DivestOS-Build/commit/67dd049bf623ffe1753bd81c34d166912e20e1c3
• 2023-06-13: https://github.com/Flamefire/android_device_sony_lilac/commit/b67fa13ff5c7762a9645f6810c4e411ffc9e56f9
• 2023-07-07: https://github.com/Divested-Mobile/DivestOS-Build/commit/b92655dac4c51e54970ed1c822db2a94b8e2401b
• 2023-07-26: https://github.com/Flamefire/android_device_sony_lilac/commit/4715a71df6ba8c2565726eb134a5653f1badf662
• 2023-08-08: https://github.com/Divested-Mobile/DivestOS-Build/commit/f52adb2bc57164f5f7aecac4d375fac3e21b99a1
• 2023-08-22: https://github.com/Flamefire/android_device_sony_lilac/commit/53898f705d096188bf62a32546172f13aa036590
• 2023-09-11: https://github.com/Divested-Mobile/DivestOS-Build/commit/aa4464d1c4bd2b0a4c138cdabfb1e509bbb71847
• 2023-09-15: https://github.com/Flamefire/android_device_sony_lilac/commit/4149fd69387c6a062047423ca0b635b002b1fb1c
• 2023-10-09: https://github.com/Divested-Mobile/DivestOS-Build/commit/27066c202f21a696ba8f98077b58fd05a21379f7
• 2023-10-13: https://github.com/Flamefire/android_device_sony_lilac/commit/c0786b4d9bc65ca650c33a7bd5aadd9c138f2536

I do however see this one: https://github.com/Flamefire/android_device_sony_lilac/blob/lineage-17.1/patches/asb-2023-10/android_packages_providers_MediaProvider/0001-Fix-path-traversal-vulnerabilities-in-MediaProvider.patch which I will pull in for next cycle as I usually do.

[SirRGB]

My bad, only https://review.lineageos.org/q/topic:%22CVE-2023-5217%22 is missing then. Applied fine for me without any additional patches. Thanks for the clarification and work on android 10 security patches, I really apreciate it.

[SkewedZeppelin]

CVE-2023-5217 is not missing, again, I made that backport and sent it to LineageOS on 2023-09-28:

• https://github.com/Divested-Mobile/DivestOS-Build/commit/fcf4f812cc12872741e018cc4dba976ad90ce69e < ~8 hours before it landed on LineageOS gerrit
• https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/LineageOS-17.1/Patch.sh#L129-L131

[SkewedZeppelin]

If you're going to use my patches/backports, and I do encourage/want you to, please go through the scripts, and don't hesitate to ask me where something is. Just please don't assume it is missing :slightly_smiling_face:

[SirRGB]

Just noticed this one is implemented as well, sry again