Vulnerability Patching for F-Droid apps

TWIF generated on Thursday, 12 Oct 2023, Week 41

F-Droid core

Vulnerable Apps in F-Droid patched and updated for you

This week we updated and patched some apps for the 0 day vulnerability in libwebp .

Please update them as soon as possible:

More apps will be fixed in the future so please keep an eye on the Updates tab warnings notices. There are still many apps using the libwebp from Android system. If your system hasn’t got the fix yet then you may be still in danger. You should check them by yourself as we can’t fix that from our side.

Krita has released a new version with the fix but we can’t get it built correctly yet. You can switch to the upstream build (non-foss libs included) meanwhile. If you keep using the old versions please be careful to not open untrusted webp pictures.

New F-Droid Client

A new F-Droid client v1.18 is out. Some of the new updates include:

  • Fixed using repos and mirrors from External Storage on recent Android releases
  • Improved WiFi management in Nearby
  • The navigation bar now remembers its position even when F-Droid restarts
  • New Language support: Swahili is supported in this new release yay!
  • Fix downloading images for repos still using index-v1
  • Fix crashes related to swap, managing repos and more
  • The Downgrade button was removed, Android no longer allows that

We are now starting the 1.19 alpha cycle which includes a major overhaul of adding and managing repos and mirrors. It also includes the ability to automatically install updates on newer Android versions.

Community News

RadioDroid is back!

As highlighted in the TWIF last week, RadioDroid is back and is out running on V0.86. The author has been hard at work to ensure a couple of additions and changes have been included.

Some of the additions are:

  • Auto stop support for auto start-play

Changes included in this update include:

  • Enabled Android TV again
  • Sorting of entries from loaded files is now the same as the file
Reproducible builds on F-Droid published their September report mentioning F-Droid:

September saw F-Droid add ten new reproducible apps, and one existing app switched to reproducible builds. In addition, two reproducible apps were archived and one was disabled for a current total of 199 apps published with Reproducible Builds and using the upstream developer’s signature. […] In addition, an extensive blog post was posted on titled “Reproducible builds, signing keys, and binary repos”.

You can read the full report here.

Removed Apps

2 apps were removed
  • LibreAV - too many false positives, development has stalled
  • Voice Recorder Plugin - long overdue as Conversations has integrated the functionality years ago

Newly Added Apps

11 apps were newly added

Updated Apps

207 apps were updated

Thanks for reading, updates and new apps will come, some apps might be removed, but as usual the cycles continue onward.

Feel free to join the TWIF forum thread if you have any news piece from around the community, maybe it will be featured next week.