Want the Universe?
Posted on May 30, 2024 by
paulali
TWIF generated on Thursday, 30 May 2024, Week 22
F-Droid core
Back in October 2023, we’ve talked about vulnerability patching and listed some 7 apps that might have been affected. Truth is, there were not one but three separate issues, with their own CVE identifiers, that needed to be looked into. And the apps list is too long to print here, about 130 apps were investigated.
In no particular order:
- CVE-2023-4863: Heap buffer overflow in libwebp
- CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx
- CVE-2023-38545: SOCKS5 heap buffer overflow
Most of the apps were fixed, but there are still apps that were never tackled, we recommend you to peruse the lists and check your devices, auto updates since F-Droid Client 1.19 should have you up to date, but it never hurts to check and manually update the outliers.
What if an app you depend on is still not fixed? We also linked to the upstream issues, feel free to give your 👍 there for the developers to see and hopefully expedite a fix.
As with past TWIFs, we ask you to please update your Android too. While the VP8 and SOCKS5 vulnerabilities were fixable by a library update in the apps, the Android system itself has a WEBP library included and that was vulnerable too, it can’t be updated by us or apps devs, but only via a full Android OS update.
Community News
While manufacturers boast how their smart devices can hold the whole world inside, they are mostly just talking about running a browser to connect to the Internet. So here comes Celestia, a 3D interactive planetarium, which truly brings the Universe to your pocket, with moons, stars and everything (known so far). The app package is huge, as expected, at more than 380Mb, so make sure you have enough system storage space to install. It can even get more space objects from the Internet so you can always explore the latest ‘world’ out there. Currently the app description and pics are missing, a fix is already submitted.
Can you recall companies trying to add screen recording or scanning features? Where those free software or open source? Would you trust their promises? We digressed, anyway, Hypatia, A real-time malware scanner, was updated to 3.12 adding, besides the usual translations and database updates, a new ability: scan screen content for malicious links. The developer explained a bit how this works in a Fedi post. It uses the Accessibility Services, which are rather sensitive as they can record your screen and more, so to enable this feature for Hypatia on newer Android versions, you need to first go to Android Settings, Apps, Hypatia, upper right three-dot menu, Allow restricted settings. Then in the app, open upper right menu, toggle “Link Scanner” on and follow the dialogues. Note: Depending on Android version, in our testing, you might need to visit these screens several times until the restricted menu is visible and the permission is granted so the accessibility service can be activated for Hypatia. 🤷
Developers of wallabag were quick to react after the downgrading so the app is back up to date again at version 2.5.3.
Newly Added Apps
7 more apps were newly added
- Easy Notes - A simple modern notes app with material design
- Jigsaw - A Jigsaw Puzzle Game
- Mixer Controller - Access digital audio mixer’s via WebUI
- Password Monitor - Ensure your password safety by scanning for potential breaches
- Plant-it - Client app for the self-hostable Plant-it Server
- RTTT - Recursive Tic-Tac-Toe game
- TicTacToe - Classic game. Play offline, with friends
Updated Apps
128 more apps were updated
- AnkiDroid was updated from
2.18.0to2.18.1 - Apollo was updated from
1.4.9to1.5 - Aria for Misskey was updated from
0.9.1to0.9.5 - Aster Launcher was updated from
1.0.7to1.0.8.1 - Audio Spectrum Analyzer was updated from
2.5to2.6 - Auth was updated from
3.0.1to3.0.4 - Automation was updated from
1.8to1.8.1 - Bimba was updated from
3.3.0to3.3.2 - BitBanana was updated from
0.7.5to0.8.1 - Bitmask was updated from
1.2.0to1.3.1 - Blazed Cloud - Encrypted Storage was updated from
1.5.2to1.5.4 - Blitz: Fischer Chess Clock was updated from
1.8.7to1.9.0 - Bluetooth Remote was updated from
1.0.0to1.1.0 - Bubble was updated from
2.9to3.0 - Cache Cleaner was updated from
1.11.2to1.11.3 - Calyx VPN was updated from
1.3.0RC1to1.3.1 - Carrion was updated from
1.19to1.20 - Casio G-Shock Smart Sync was updated from
12.7to13.0 - Ceno Browser: Share the Web was updated from
2.1.1to2.1.4 - ChatLaunch for WhatsApp was updated from
0.4.0to0.4.2 - Cheogram was updated from
2.13.4-1+freeto2.15.3-1+free - Chrono was updated from
0.5.0-beta2to0.5.1 - Cirrus was updated from
2.5to2.6 - Clipious was updated from
1.19.7to1.19.10 - Clock was updated from
2.2to2.3 - Conversations was updated from
2.16.0+freeto2.16.2+free - croc was updated from
1.10.14to1.11.0 - Currencies: Exchange Rate Calculator was updated from
1.22.1to1.22.2 - Dollphone Icon Pack was updated from
1.1.0to1.1.2 - EasyLauncher - Minimal launcher was updated from
0.0.5to0.0.8 - EinkBro was updated from
11.7.0to11.8.0 - Endless Sky was updated from
0.10.6-42to0.10.7-43 - EP Mobile was updated from
2.30.1to2.32.0 - EVMap - EV chargers was updated from
1.9.0to1.9.1 - FairEmail was updated from
1.2182to1.2187 - FFUpdater was updated from
79.2.0to79.2.3 - FitBook was updated from
1.0.11to1.0.14 - Flexify was updated from
1.0.86to1.0.96 - Flipper Mobile App was updated from
1.6.8to1.6.9 - floccus bookmark sync was updated from
5.1.3to5.1.4 - Freebloks was updated from
1.5.6to1.5.7 - freeDictionaryApp was updated from
1.6.4to1.6.5 - GCompris was updated from
4.0to4.1 - Geto was updated from
1.15.6to1.15.7 - GitNex for Forgejo and Gitea was updated from
5.4.0to5.5.0 - GreenStash: Track Your Savings was updated from
3.6.0to3.7.0 - Guileless Bopomofo Keyboard was updated from
1.9.48to1.9.51 - Hacki for Hacker News was updated from
2.7.2to2.7.3 - HTTP Request Shortcuts was updated from
3.13.0to3.14.0 - ImapNotes3 was updated from
v1.3-06tov1.3-07 - INSTEAD was updated from
0.9to0.9.1 - Jami was updated from
20240507-02to20240521-01 - jtx Board journals¬es&tasks was updated from
2.07.06.oseto2.07.08.ose - KeePassVault was updated from
1.5.0to1.6.1 - Kepler-App was updated from
2.1.4to2.2.1 - Kotatsu was updated from
7.0.1to7.1.1 - Linwood Butterfly Nightly was updated from
2.1.1-rc.0to2.1.1-rc.1 - Markor was updated from
2.12.1to2.12.2 - Massive was updated from
2.35to2.36 - MedTimer was updated from
1.8.3to1.8.4 - mensen was updated from
1.1.0to1.1.1 - Menu Generator was updated from
1.1.0to1.1.1 - Mercurygram was updated from
10.10.1.2to10.12.0.0 - Mines3D was updated from
1.4.4to1.5.1 - mLauncher - Minimal and Clutter Free launcher was updated from
1.6.0to1.6.1 - Movie DB was updated from
0.5to0.6 - mpv-android was updated from
2024-05-04-releaseto2024-05-24-release - MRepo was updated from
2.4.8to2.4.10 - My Leaf was updated from
2.3.2to2.3.3 - NeoStumbler was updated from
1.2.0to1.2.1 - Nextcloud Dev was updated from
20240519to20240524 - Nextcloud Talk was updated from
19.0.0to19.0.1 - Nihonoari: Hiragana & Katakana was updated from
1.7.2to1.8.0 - Notesnook - Private notes app was updated from
3.0.7to3.0.8 - ntodotxt was updated from
0.9.0to0.9.1 - Obtainium was updated from
1.1.9to1.1.10 - Odin was updated from
3.3.4to3.3.6 - OpenCalc was updated from
3.0.0to3.0.1 - OpenTracks was updated from
v4.12.3tov4.12.4 - Orgzly Revived was updated from
1.8.21to1.8.22 - Orion Viewer - Pdf & Djvu was updated from
0.92.4to0.93.1 - OSMBugs was updated from
1-4-0to1-4-1 - OUI Lookup and Database was updated from
1.6.2to1.6.3 - Peercoin Wallet was updated from
1.2.6to1.2.7 - Peristyle was updated from
1.45_betato1.46_beta - Petals was updated from
3.23.0to3.23.1 - PiliPalaX was updated from
1.0.20to1.0.20 - PipePanic was updated from
0.19to0.21 - PlainApp: File & Web Access was updated from
1.2.51to1.2.53 - Podcini - Podcast instrument was updated from
5.4.0to5.4.1 - Power Ampache 2 was updated from
1.00-55-fdroidto1.00-56-fdroid - Proton Pass: Password Manager was updated from
1.21.3to1.21.4 - Pushie was updated from
2.2.1to2.3.0 - QRAlarm was updated from
1.6.1to1.7 - Quicksy was updated from
2.16.0+freeto2.16.2+free - Remote Video Camera was updated from
3.0to3.1 - Rethink: DNS + Firewall + VPN was updated from
v0.5.5jtov0.5.5l - Revengate was updated from
0.12.6to0.12.7 - Ricochlime was updated from
1.5.0to1.5.1 - RiMusic was updated from
0.6.35to0.6.36 - Riseup VPN was updated from
1.2.0to1.3.1 - Robot36 - SSTV Image Decoder was updated from
2.9to2.11 - Sapio was updated from
1.4.1to1.4.2 - SauceNAO was updated from
1.22to1.23 - Session F-Droid was updated from
1.18.2to1.18.3 - Shattered Pixel Dungeon was updated from
2.4.0to2.4.1 - Shiori was updated from
1.31to1.31.01 - Simple Counter was updated from
1.2.1to1.2.3 - SimpleTextEditor was updated from
1.25.0to1.26.0 - SimpleX Chat was updated from
5.7.3to5.7.4 - SpamBlocker (Call & SMS) was updated from
1.7to1.8 - Standard Notes was updated from
3.194.6to3.194.7 - Tasks.org: Open-source To-Do Lists & Reminders was updated from
13.8.1to13.9.7 - Thor was updated from
1.6.1to1.6.3 - Thumb-Key was updated from
3.1.5to3.1.9 - Traditional T9 was updated from
31.0to32.0 - Träwelldroid was updated from
2.7.4to2.7.5 - Unciv was updated from
4.11.13to4.11.14-patch1 - Voyager for Lemmy was updated from
2.11.0to2.11.1 - Welefon was updated from
1.4.0to1.5.0 - WiFi Widget was updated from
1.5.01to1.5.02 - Wikipedia was updated from
r/2.7.50484-r-2024-04-19tor/2.7.50489-r-2024-05-20 - words.hk 粵典 was updated from
3.2.3to3.2.4 - Wulkanowy was updated from
2.6.9to2.6.13 - wX was updated from
55892to55893 - Xray was updated from
6.7.0to6.8.0 - Xtra was updated from
2.31.3to2.32.0 - 拷贝漫画 was updated from
2.3.2to2.3.3
Thank you for reading this week’s TWIF 🙂
Please subscribe to the RSS feed in your favourite RSS application to be updated of new TWIFs when they come up.
You are welcome to join the TWIF forum thread. If you have any news from the community, post it there, maybe it will be featured next week 😉
