Vulnerability Patching for F-Droid apps
Posted on Oct 12, 2023 by
paulali
TWIF generated on Thursday, 12 Oct 2023, Week 41
F-Droid core
Vulnerable Apps in F-Droid patched and updated for you
This week we updated and patched some apps for the 0 day vulnerability in libwebp .
Please update them as soon as possible:
- Telegram FOSS
- Godot Editor 3
- Nekogram X
- SchildiChat
- Falling Blocks
- Librera Reader
- LibreOffice Viewer
More apps will be fixed in the future so please keep an eye on the Updates tab warnings notices. There are still many apps using the libwebp from Android system. If your system hasn’t got the fix yet then you may be still in danger. You should check them by yourself as we can’t fix that from our side.
Krita has released a new version with the fix but we can’t get it built correctly yet. You can switch to the upstream build (non-foss libs included) meanwhile. If you keep using the old versions please be careful to not open untrusted webp pictures.
New F-Droid Client
A new F-Droid client v1.18 is out. Some of the new updates include:
- Fixed using repos and mirrors from External Storage on recent Android releases
- Improved WiFi management in Nearby
- The navigation bar now remembers its position even when F-Droid restarts
- New Language support: Swahili is supported in this new release yay!
- Fix downloading images for repos still using index-v1
- Fix crashes related to swap, managing repos and more
- The Downgrade button was removed, Android no longer allows that
We are now starting the 1.19 alpha cycle which includes a major overhaul of adding and managing repos and mirrors. It also includes the ability to automatically install updates on newer Android versions.
Community News
RadioDroid is back!
As highlighted in the TWIF last week, RadioDroid is back and is out running on V0.86. The author has been hard at work to ensure a couple of additions and changes have been included.
Some of the additions are:
- Auto stop support for auto start-play
Changes included in this update include:
- Enabled Android TV again
- Sorting of entries from loaded files is now the same as the file
Reproducible builds on F-Droid
reproducible-builds.org published their September report mentioning F-Droid:
September saw F-Droid add ten new reproducible apps, and one existing app switched to reproducible builds. In addition, two reproducible apps were archived and one was disabled for a current total of 199 apps published with Reproducible Builds and using the upstream developer’s signature. […] In addition, an extensive blog post was posted on f-droid.org titled “Reproducible builds, signing keys, and binary repos”.
You can read the full report here.
Removed Apps
2 apps were removed
- LibreAV - too many false positives, development has stalled
- Voice Recorder Plugin - long overdue as Conversations has integrated the functionality years ago
Newly Added Apps
11 apps were newly added
- BiliYou
- DataBackup
- Dungeon Crawl: Stone Soup for Android
- Elfeed Mobile
- Fast Draw
- Forkyz Scanner
- Inner Breeze
- Ladefuchs
- Osram Remote
- Tip Calculator
- WallFlow Plus
Updated Apps
207 apps were updated
- 10-bit Clock Widget was updated from 2.1-4 to 2.2-1
- 2048 (Privacy Friendly) was updated from 1.2 to 1.3
- AAAAXY was updated from 1.4.45+20230904.3064.9129c289 to 1.4.50+20230927.3069.edb8f108
- Acode editor - Android code editor was updated from 1.8.7 to 1.8.7
- Activity Manager was updated from 5.4.4 to 5.4.5
- AgoraDesk: buy BTC anonymously was updated from 1.1.12 to 1.1.13
- Amarok was updated from 0.8.4b1 to 0.8.5b2
- Amethyst was updated from 0.78.1 to 0.79.3
- App Manager - Android package manager was updated from 3.1.2 to 3.1.3
- Aria2App was updated from 5.9.13 to 5.9.14
- Audio Share was updated from 0.0.8 to 0.0.9
- Audio Spectrum Analyzer was updated from 2.4 to 2.5
- Baby Phone was updated from 1.1.2 to 1.1.3
- Ball2Box was updated from 2.3.7 to 4.0.0
- Barcode Scanner was updated from 1.17.0 to 1.18.0
- BiglyBT, Torrent Downloader was updated from 1.3.3 to 1.3.4.3
- BitBanana was updated from 0.6.6 to 0.6.7
- Blood pressure monitor was updated from 1.5.2 to 1.5.3
- Boardgame Clock (Privacy Friendly) was updated from 1.0 to 1.1
- BoltOn was updated from 5 to 6
- Briar was updated from 1.5.6 to 1.5.7
- Bubble was updated from 2.5 to 2.6
- Casio G-Shock Smart Sync was updated from 10.3 to 10.5
- CatBox was updated from 1.2.4 to 1.2.6
- Chaldea was updated from 2.4.15 to 2.4.17
- Chip Defense was updated from 1.19 to 1.21
- Classical Music Tagger was updated from 1.9 to 1.9.2
- Clipious was updated from 1.16.2 to 1.16.4
- Cofi - Brew Timer was updated from 1.20.0 to 1.20.1
- Conversations was updated from 2.12.9+free to 2.12.11+free
- Copy SMS Code - OTP Helper was updated from 1.0.0 to 1.2.0
- Crossword was updated from 1.21 to 1.22
- Cuppa - Tea Timer was updated from 2.1.0 to 2.2.0
- Currency was updated from 1.54 to 1.55
- Daily Dozen was updated from 23 to 23.1
- Dash Wallet was updated from 8.1.3 to 9.0.6
- Delta Icon Pack was updated from 1.8.3 to 1.8.4
- Drinkable was updated from 1.37.0 to 1.38.0
- Droid-ify was updated from 0.5.8.3 to 0.5.9 Patch 1
- DroidFS was updated from 2.1.2 to 2.1.3
- ETH & UZH canteens Zürich was updated from 1.7.2 to 1.8.2
- Easter Eggs was updated from 1.9.7 to 2.0.0
- Easy Xkcd was updated from 8.3.1 to 8.4
- Editor was updated from 1.87 to 1.88
- Element - Secure Messenger was updated from 1.6.5 to 1.6.6
- Emacs was updated from 30.0.50 to 30.0.50
- Encointerwallet was updated from 1.9.2 to 1.11.0
- Endless Sky was updated from 0.10.2-37 to 0.10.3-38
- Every Door was updated from 3.1.0 to 4.0.0
- FFUpdater was updated from 78.1.7 to 78.2.4
- FairEmail was updated from 1.2105 to 1.2107
- Falling Blocks was updated from 1.7.1 to 1.7.2
- Feeder was updated from 2.6.4 to 2.6.5
- Fennec F-Droid was updated from 117.1.0 to 118.1.0
- Feudal Tactics was updated from 1.2.0 to 1.2.1
- Finance Manager (PFA) was updated from 2.2.0 to 2.3.0
- FluffyChat was updated from 1.14.2 to 1.14.4
- Forkyz was updated from 45 to 47
- Fulguris Web Browser was updated from 1.9.13 to 1.9.15
- GitNex for Forgejo and Gitea was updated from 5.2.0 to 5.2.1
- Graded - Grade tracker was updated from 2.4.0 to 2.4.1
- GraphHopper Maps was updated from 1.2.0 to 1.3.0
- Gridle was updated from 1.13 to 1.14
- Guileless Bopomofo Keyboard was updated from 1.9.35 to 1.9.36
- Habits was updated from 1.1.0 to 1.2.0
- Hacki for Hacker News was updated from 1.9.2 to 1.9.3
- Harmony Music was updated from 1.4.0 to 1.5.0
- HexViewer was updated from 1.45 to 1.46
- IR Remote was updated from 1.5.5 to 1.5.5
- ImgurViewer was updated from 2.3.6 to 2.3.7
- Immich was updated from 1.79.1 to 1.81.0
- Infinity for Reddit was updated from 6.2.5 to 6.3.1
- Inflation Calculator was updated from 2.15 to 2.16
- Infomaniak Mail was updated from 1.0.14 to 1.0.15
- Insigno was updated from 1.2.0 to 1.3.1
- Interval Timer (Privacy Friendly) was updated from 1.2 to 1.3
- Inure App Manager (Trial) was updated from build93 to Build94
- Jami was updated from 20230925-01 to 20231006-01
- Jerboa for Lemmy was updated from 0.0.47 to 0.0.48
- Just Another Workout Timer was updated from 1.12.0 to 1.13.0
- K-9 Mail was updated from 6.710 to 6.711
- Kanji Dojo was updated from 1.2 to 1.6
- Keep Screen On was updated from 1.10.0 to 1.11.0
- Keep it up was updated from 1.1.0 to 1.2.0
- Key Mapper was updated from 2.5.0 to 2.6.0
- Keyoxide was updated from 1.5.1 to 1.6.0
- Kolab Notes was updated from 5.0.0 to 5.0.1
- Kotatsu was updated from 6.1.3 to 6.1.6
- Kvaesitso was updated from 1.26.4-fdroid to 1.27.1-fdroid
- Les Pas - Photo Album for Nextcloud was updated from 2.9.2 to 2.9.5
- Lexica was updated from 3.8.0 to 3.10.0
- LibreOffice Viewer was updated from 7.6.0.3/69edd8b8ebc4/F-Droid-editing to 7.6.2.1/56f768401134/F-Droid-editing
- Librera Reader was updated from 8.9.32-fdroid to 8.9.46-fdroid
- Linphone - open source SIP client was updated from 5.1.2 to 5.1.3
- Linux Command Library was updated from 3.2.1 to 3.2.2
- Linwood Butterfly was updated from 2.0.0-beta.7 to 2.0.0-beta.9
- Little File Explorer was updated from 4.12 to 4.13
- LocalMonero: buy XMR privately was updated from 1.1.12 to 1.1.13
- Locus was updated from 0.14.3 to 0.15.1
- LogFox was updated from 1.4.0 to 1.4.4
- Ludo (Privacy Friendly) was updated from 2.2 to 2.3
- Léon – The URL Cleaner was updated from 34 to 35
- MIFARE Classic Tool was updated from 4.0.5 to 4.1.0
- MPD was updated from 0.23.12 to 0.23.14
- Markdownr was updated from 1.5.0 to 1.5.1
- Mastodon was updated from 2.1.2 to 2.1.6
- Mattermost Beta was updated from 2.8.0 to 2.8.1
- Memo Game (Privacy Friendly) was updated from 1.0.5 to 1.1
- Meshenger was updated from 4.2.3 to 4.2.4
- Metronome was updated from 4.10.0 to 4.11.0
- Mill was updated from 3.6.3 to 3.7.0
- MinCal Widget was updated from 2.12.6 to 2.12.7
- Minesweeper - Antimine was updated from 17.4.0 F to 17.5.0 F
- Miru was updated from 1.7.0 to 1.7.1
- Mull was updated from 117.1.0 to 118.1.0
- Mullvad VPN: privacy is a universal right was updated from 2023.5 to 2023.6
- MultiVNC was updated from 2.1.2 to 2.1.3
- Musify was updated from 6.4.0 to 6.5.2
- My Expenses was updated from 3.6.4 to 3.6.5.2
- MyHackerspace (New) was updated from 2.1.1 to 2.1.2
- Nekogram X was updated from 9.3.3 to 9.3.3
- NetGuard was updated from 2.313 to 2.322
- Nextcloud was updated from 3.25.0 to 3.26.0
- Nextcloud Bookmarks was updated from 1.23 to 1.24
- Nextcloud Deck was updated from 1.23.3 to 1.23.4
- Nextcloud Dev was updated from 20230925 to 20231008
- Nextcloud News was updated from 0.9.9.81 to 0.9.9.82
- Noice: Natural calming noise was updated from 2.5.2 to 2.5.3
- Notesnook - Private notes app was updated from 2.6.6 to 2.6.7
- Notification Dictionary was updated from 0.0.18 to 0.0.22
- OSM Dashboard Offline for OpenTracks was updated from 2.22.2 to 3.1.0
- OSM Dashboard for OpenTracks was updated from 2.22.2 to 3.1.0
- Odysee was updated from 0.0.69 to 0.0.83
- Olauncher was updated from v4.1.2 to v4.1.4
- OneTwo was updated from 1.1.7 to 1.1.9
- Open Stable Diffusion was updated from 1.4 to 1.6
- OpenCanteen was updated from 1.9.0 to 1.9.1
- OpenTracks was updated from v4.8.4 to v4.9.0
- Overload was updated from 0.10.1 to 0.11.0
- PINcredible - Secure PIN vault was updated from 0.7.0 to 0.7.1
- Pachli was updated from 1.1 to 1.2.1
- Pagan Opus Editor was updated from 1.1.2 to 1.1.17
- Peercoin Wallet was updated from 1.2.1 to 1.2.2
- Periodical was updated from 1.73 to 1.74
- Petals was updated from 3.14.1 to 3.15.0
- Phonograph Plus was updated from 1.2.0 to 1.3.1
- PhotoChiotte was updated from 1.42 to 1.43
- PlainApp: File & Web Access was updated from 1.2.8 to 1.2.9
- Pocket Broomball was updated from 5.0.3 to 5.0.4
- QRAlarm was updated from 1.5.4 to 1.5.5
- QuickWeather was updated from 2.5.3 to 2.5.4
- Quicksy was updated from 2.12.9+free to 2.12.11+free
- RadioDroid was updated from 0.84 to 0.86
- Really Basic Vocab was updated from 3.3.1 to 3.3.2
- Reckoning Skills (Privacy Friendly) was updated from 1.0.2 to 1.1
- Revengate was updated from 0.9.4 to 0.10.0
- Rocket.Chat was updated from 4.40.0 to 4.41.0
- Saber was updated from 0.15.5 to 0.16.1
- SauceNAO was updated from 1.21 to 1.22
- SaverTuner was updated from 1.0.5 to 1.1.0
- SchildiChat was updated from 1.6.5.sc71 to 1.6.5.sc72
- Shitter was updated from 3.4.2 to 3.4.3
- Signal Generator was updated from 1.31 to 1.33
- Simple Bitcoin Wallet was updated from 2.5.3 to 2.5.4
- Simple Calendar Pro was updated from 6.23.0 to 6.23.1
- Simple Gallery Pro was updated from 6.27.2 to 6.28.0
- Simple MP (Simple Music Player) was updated from BETA-1.7.1 to BETA-1.8.0
- Simple SMS Messenger was updated from 5.19.1 to 5.19.3
- Simple Sudoku Game was updated from 0.1.11 to 0.1.12
- Solitaire (Privacy Friendly) was updated from 1.0.2 to 1.1
- Souvenirs was updated from 2.8.1 to 2.8.2
- Specie was updated from 1.11 to 1.12
- StreetComplete was updated from 54.0 to 54.1
- Stroke Input Method (筆畫輸入法) was updated from 1.2.4 to 1.2.5
- Sudoku (Privacy Friendly) was updated from 3.0.3 to 3.1
- Super Retro Mega Wars was updated from 0.31.10 to 0.31.11
- TRIfA was updated from 1.0.212 to 1.0.219
- Taler Wallet was updated from 0.9.3+p6 to 0.9.3+p7
- Tape Measure (Privacy Friendly) was updated from 1.0.3 to 1.1
- Tasky was updated from 2.3.6 to 2.3.7
- Telegram FOSS was updated from 10.0.9 to 10.0.9
- Thumb-Key was updated from 1.13.0 to 2.2.0
- Timer +X was updated from 1.3.0 to 1.4.1
- TorrServe was updated from MatriX.125.1.F-Droid to MatriX.125.2.F-Droid
- Tower Collector was updated from 2.14.3 to 2.14.4
- Tutanota was updated from 3.118.12 to 3.118.13
- Ubuntu Countdown Widget was updated from v23.10 to 2.0.3
- Unciv was updated from 4.8.7 to 4.8.12
- Unitto — calculator and unit converter was updated from Nadeshiko Pink to Nadeshiko Pink
- Unstoppable Wallet was updated from 0.35.0 to 0.35.1
- WG Tunnel was updated from 3.0.2 to 3.0.3
- Waistline was updated from 3.7.2 to 3.7.3
- WallFlow was updated from 1.3.1 to 1.5.0
- WallmeWallpaper:Wallpaper app was updated from 2.8 to 2.9
- Wulkanowy was updated from 2.1.0 to 2.2.1
- Xtra was updated from 2.25.1 to 2.25.2
- Zulip was updated from 27.213 to 27.214
- baresip was updated from 57.2.0 to 58.0.0
- baresip+ was updated from 44.2.0 to 45.0.0
- ente Authenticator was updated from 2.0.4 to 2.0.6
- idTech4A++ was updated from 1.1.0harmattan32natasha to 1.1.0harmattan33natasha
- jtx Board journals notes tasks was updated from 2.05.06.ose to 2.06.00.ose
- monocles chat was updated from 1.7.3 to 1.7.4
- openHAB Beta was updated from 3.7.5-beta to 3.7.6-beta
- plees-tracker was updated from 7.6.1 to 7.6.2
- wX was updated from 55826 to 55835
- yetCalc was updated from 1.0.9 to 1.1.0
Thanks for reading, updates and new apps will come, some apps might be removed, but as usual the cycles continue onward.
Feel free to join the TWIF forum thread if you have any news piece from around the community, maybe it will be featured next week.
