[EOL] LineageOS 12.1 for Z1c with current Sec.Patches

Status
Not open for further replies.
Search This thread
New build with October ASB

Hi all,

a new build with October ASB (sec. string 2019-10-05) and updated System Webview M77 is available for download:
https://www.androidfilehost.com/?fid=1899786940962610151

Later, the test branch will be merged into the stable branch (for those of you building from source and/or use the cm12-amami GH repository as a base for other builds)

Regards, M.
 

superdragonpt

Recognized Developer
Apr 27, 2013
4,906
19,252
Lisbon / Taiwan / USA
www.caixamagica.pt
@MSe1969

So sorry for the OT

Just want to thank you for keeping the (old) cm12.1 up-to-date with the newer security bulletins

I'm building for another (old & legacy device) already started updating security bulletins, but there's so much stuff, but you did an wonderful job here, I'll switch to your repos on next releases with due credits

Thanks, for all the (hard work) :)

Sorry OT
Cheers
 
  • Like
Reactions: Rortiz2 and MSe1969

Tom1369

Member
Nov 13, 2019
20
5
Munich
Successful upgrade to LineageOS 12.1

@MSe1969, Micha_Btz, hahnjo

Thanks a lot for your initiative, commitment and all the work to keep LineageOS 12.1 up to date for Z1c.

I just completed an overdue but smooth upgrade from CM11 to LineageOS 12.1 following your instructions. TWRP is a big improvement compared to CWM, which I had used quite a lot under CM11. I even managed to install the Xposed framework and Xprivacy without any problem (other than reading a lot in other posts, of course :D).

Great job :good:
Tom
 
  • Like
Reactions: MSe1969
Could need some expert help

Hi all,

the next build is on its way and will soon be published.

I would like however to ask for some support:
If you look at the Open CVE issue (as announced already from the beginning of this thread in one of the reserved posts), you will see that there are quite a few patches, which could not be backported for various reasons. Also this month's ASB has two such patches: CVE-2019-2212 and CVE-2019-2196/CVE-2019-2198 (the latter two CVE-numbers refer to the same patches).
Whilst the majority of these patches would most probably fall into the category "does not apply" (we're simply not sure), the two a.m. from this month do apply, but I have an issue in backporting and would like to ask any C and/or Java expert following this thread for help.
I know that there are some folks using the cm12-amami repository as a base for their builds (for example @awl14 @ggow @superdragonpt @colarus) - so maybe one of you has an idea or knows somebody?

For CVE-2019-2212 [external/libcxx], I took the LineageOS 14.1 backports as base. The code changes apply without issues, but the code won't compile, because the C code requires C++11 compatibility for template aliases - simply setting the respective flag in Android.mk however won't solve, as the affected include is also used in various other repositories, which will create a "chain" of dependencies...
Code:
template <class _IntT, class _FloatT,
    bool _FloatBigger = (numeric_limits<_FloatT>::digits > numeric_limits<_IntT>::digits),
    int _Bits = (numeric_limits<_IntT>::digits - numeric_limits<_FloatT>::digits)>
_LIBCPP_INLINE_VISIBILITY
_LIBCPP_CONSTEXPR _IntT __max_representable_int_for_float() _NOEXCEPT {
So some true backporting would be required.

For CVE-2019-2196/CVE-2019-2198, the main blocking point is the below code snippet with the "double-colon" operator, as Java 7 neither supports "lambdas" nor the "double-colon".
Code:
    private void enforceStrictGrammar(@Nullable String selection, @Nullable String groupBy,
            @Nullable String having, @Nullable String sortOrder, @Nullable String limit) {
        SQLiteTokenizer.tokenize(selection, SQLiteTokenizer.OPTION_NONE,
                this::enforceStrictGrammarWhereHaving);
        SQLiteTokenizer.tokenize(groupBy, SQLiteTokenizer.OPTION_NONE,
                this::enforceStrictGrammarGroupBy);
        SQLiteTokenizer.tokenize(having, SQLiteTokenizer.OPTION_NONE,
                this::enforceStrictGrammarWhereHaving);
        SQLiteTokenizer.tokenize(sortOrder, SQLiteTokenizer.OPTION_NONE,
                this::enforceStrictGrammarOrderBy);
        SQLiteTokenizer.tokenize(limit, SQLiteTokenizer.OPTION_NONE,
                this::enforceStrictGrammarLimit);
    }

Any ideas how to backport that using Java 7 code?

I'll soon publish a new version without those patches, but would like to ask for any help (if you prefer, you can also PM me).

Thanks & regards, M.
 
  • Like
Reactions: o-l-a-v

foresto

Senior Member
Feb 13, 2010
128
46
For CVE-2019-2212 [external/libcxx], I took the LineageOS 14.1 backports as base. The code changes apply without issues, but the code won't compile, because the C code requires C++11 compatibility for template aliases -

Can you link to a repo or someplace else where the whole file is visible, along with all the files it #includes?

Can you also post the relevant warnings/errors produced by the compiler when it sees this code?

I wonder if collaboration on this would be easier someplace other than this forum, like maybe a github issue.

simply setting the respective flag in Android.mk however won't solve, as the affected include is also used in various other repositories, which will create a "chain" of dependencies...

Do you mean that you found a compiler flag that makes that code compile, but using it would require editing lots of different makefiles?
 
  • Like
Reactions: MSe1969
New build with November 2019 ASB

Hi all,

a new build with the November 2019 ASB is ready for download here:
https://www.androidfilehost.com/?fid=4349826312261635564

  • Sec. string 2019-11-05
  • System Webview updated to 78.0.3904.96

Please note the following:
- CVE-2019-2211 has been skipped - I seriously doubt that somebody builds AndroidTv with the cm-12.1 repo . . .
- CVE-2019-2212 has been moved to OpenCVE issue
- CVE-2019-2196/CVE-2019-2198 have been moved to OpenCVE issue

Information for the folks building from source: The test branch has already been merged into the stable branch.

Regards, M.
 
Can you link to a repo or someplace else where the whole file is visible, along with all the files it #includes?

Can you also post the relevant warnings/errors produced by the compiler when it sees this code?

I wonder if collaboration on this would be easier someplace other than this forum, like maybe a github issue.



Do you mean that you found a compiler flag that makes that code compile, but using it would require editing lots of different makefiles?

Hi, thanks for your feedback.
I think your idea with the Github issue is maybe best, so please look here for CVE-2019-2212
and here for CVE-2019-2196/CVE-2019-2198
I think it is best to have a look yourself . . . - many thanks in advance for anybody willing to help.
Regards, M.
 

ggow

Recognized Developer
Feb 28, 2014
3,890
10,536
Hi all,

the next build is on its way and will soon be published.

I would like however to ask for some support:
If you look at the Open CVE issue (as announced already from the beginning of this thread in one of the reserved posts), you will see that there are quite a few patches, which could not be backported for various reasons. Also this month's ASB has two such patches: CVE-2019-2212 and CVE-2019-2196/CVE-2019-2198 (the latter two CVE-numbers refer to the same patches).
Whilst the majority of these patches would most probably fall into the category "does not apply" (we're simply not sure), the two a.m. from this month do apply, but I have an issue in backporting and would like to ask any C and/or Java expert following this thread for help.
I know that there are some folks using the cm12-amami repository as a base for their builds (for example @[email protected]@[email protected]) - so maybe one of you has an idea or knows somebody?

For CVE-2019-2212 [external/libcxx], I took the LineageOS 14.1 backports as base. The code changes apply without issues, but the code won't compile, because the C code requires C++11 compatibility for template aliases - simply setting the respective flag in Android.mk however won't solve, as the affected include is also used in various other repositories, which will create a "chain" of dependencies...

So some true backporting would be required.

For CVE-2019-2196/CVE-2019-2198, the main blocking point is the below code snippet with the "double-colon" operator, as Java 7 neither supports "lambdas" nor the "double-colon".


Any ideas how to backport that using Java 7 code?

I'll soon publish a new version without those patches, but would like to ask for any help (if you prefer, you can also PM me).

Thanks & regards, M.

I am having some down time at the moment due to lack of bandwidth. When I'm back I'll look at helping out where I can.
 
  • Like
Reactions: MSe1969

foresto

Senior Member
Feb 13, 2010
128
46
For CVE-2019-2212 [external/libcxx], I took the LineageOS 14.1 backports as base. The code changes apply without issues, but the code won't compile, because the C code requires C++11 compatibility for template aliases

I submitted a fix for this one. Not sure if @MSe1969 has seen the update on github yet, but it should be easy to integrate once he gets to it.
 
  • Like
Reactions: MSe1969

foresto

Senior Member
Feb 13, 2010
128
46
For CVE-2019-2196/CVE-2019-2198, the main blocking point is the below code snippet with the "double-colon" operator, as Java 7 neither supports "lambdas" nor the "double-colon".

Any ideas how to backport that using Java 7 code?

I think I have done it. Pull request submitted at cm12-amami/android_frameworks_base.
 
  • Like
Reactions: ggow and MSe1969

remusator

Senior Member
Jul 5, 2012
404
81
Hi,
I have pulled my old Xperia Z1 Compact from drawer, put fresh battery in, and now looking for a rom.
Are there any bugs, preventing from using this as a daily driver?
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 58
    HAL-9000.png


    Hi all,

    this thread is discontinued

    this thread is dedicated to keep the LineageOS (former Cyanogen Mod) version 12.1 (Android 5.1.1) alive for the Sony Xperia Z1 compact with current security patches.

    Features
    • Enforcing SELinux (unfortunately, many ROMs for this device don't have it, but we do!)
    • Based on LineageOS sources (former CyanogenMod), branch 'cm-12.1'
    • Rebranded to LineageOS
    • Current Android security fixes included
    • Kernel 3.4.113 including Android Security Bulletin patches (frequently maintained and updated)
    • Privacy Browser as replacement of outdated AOSP Browser
    • Removed Cyngn-Tracking and Google-dependencies (same as LineageOS)
    • Support for microG available under development options
    • Current Android System Webview (M86 stable)
    • Enhanced Privacy Guard: Own switches for Wi-Fi scan, clipboard, notifications and vibrate
    • Renewed CA certificates from AOSP master branch
    • Use Cloudflare DNS 1.1.1.1 as default fallback (instead of Google)


    Download latest version with November 2020 security patches:

    release:
    https://sourceforge.net/projects/cm...e-12.1-20201112-UNOFFICIAL-amami.zip/download

    TWRP 3.2.3-1 for Z1c (amami)
    https://www.androidfilehost.com/?fid=6006931924117909119
    (Please note, that this TWRP does only support full-disk encryption (FDE) in all android releases; it does not support file-based encryption as of Nougat/Oreo)
    Older TWRP versions: https://androidfilehost.com/?w=files&flid=174382

    List of available Downloads:


    Source code and build instructions:
    Kernel: https://github.com/cm12-amami/android_kernel_sony_msm8974
    Build manifest: https://github.com/cm12-amami/android & https://github.com/cm12-amami/local_manifests
    microG-patch: Until July 2017 official microG patch, since August 2017 base and Settings patch for unified build (equivalent implementation as in OmniROM)


    Bug reports:
    If you have a problem please create a post with these information:
    Original Kernel shipped with this rom:
    Build Date:
    And try to get log as described here

    A comment about Custom CM12.1 Themes:
    CM 12.1 (Android 5.1) is meanwhile quite "aged", and maintaining it with security patches also involves back-porting stuff from newer Android versions, as well as keeping the Android Webview engine up to date. The majority of available CM 12.1 Custom Themes however is not really maintained any more. We have had one reported and one suspected case, where an active CM12.1 Custom theme which hasn't been maintained since more than two years, has caused an issue. Hence, if things crash and you use a custom theme, please try first to activate the shipped default theme. We cannot and will not put any effort to solve compatibility issues with old custom themes.

    Magisk
    It is reported that Magisk in general works up to version 19. From version 19.1 onwards, the recovery boot is broken, so do not use Magisk 19.1 and above with this ROM!
    We cannot, hence we will not, provide any support related to issues with Magisk.


    Installation instructions

    YOU ARE RESPONSIBLE SOLELY YOURSELF FOR ANY ACTIONS YOU DO WITH YOUR DEVICE !!!

    Please note - we won't explain any single aspect (e.g. how to install 'fastboot' on your PC or troubleshoot USB connectivity issues under Windows). Search the net and consult the search engine of your choice or look here in XDA, there is plenty information available.

    Pre-Requisites
    • Get familiar with the hardware keys of the Xperia Z1 compact device, especially how to enter fastboot mode and recovery mode
    • Have fastboot and adb installed on your PC and make sure, you can connect via USB to your device in fastboot mode and via adb
    • Download the most current .ZIP file of our ROM and place it to your phone's internal memory or SD card
    • If you wish to install Google apps (GApps), please refer to the GApps section further below
    • An unlocked bootloader (read the warnings carefully and backup your data!)
    • In case your device is still with the pre-delivered Sony Stock ROM: It is recommended that you have updated the Stock ROM to the latest version offered by Sony to make sure that the bootloader has the needed capabilities (see also 'trouble-shooting' below)

    Install TWRP recovery
    If you come from stock ROM and have just unlocked your boot loader, this is the next thing to do. If you have already a working custom recovery on your device, there is no necessity to replace it. However - we recommend to use the TWRP recovery linked in this thread. The following instructions are based on TWRP.
    To install TWRP, download the TWRP.img file (Note: replace "TWRP.img" in the following instructions with the real file name) from this section to your PC, connect the phone via USB to your PC, get it into 'fastboot mode' and enter the following command on your PC:
    Code:
    fastboot flash FOTAKernel TWRP.img
    Afterwards, directly boot into 'recovery mode' (enter fastboot reboot on your PC and use the right hardware keys to get into recovery mode) - we recommend not to boot the phone's Android system after having flashed TWRP. Once TWRP has been launched, you may decide to reboot your phone and install the ROM at any time later. But the first boot after flashing TWRP should be TWRP in recovery mode.
    Trouble-shooting:
    Depending on the Stock ROM you are on, you may face some difficulties to get the phone into recovery after flashing TWRP. If you are facing such difficulties (i.e. phone always boots into Stock ROM), get into fastboot mode, and manually boot into TWRP by entereing the below command:
    Code:
    fastboot boot TWRP.img
    If that also does not help you, it could be that your Stock ROM has got a too old bootloader. In that case, use the Sony flash tool (Windows only) or Androxyde's Open source flshtool to flash a more current Sony firmware image. Both approaches can also help to "unbrick" your device.


    Advanced Wipe
    ONLY perform the steps described here, if you come from Stock ROM or a different Custom ROM!

    Boot into recovery mode. In TWRP, choose "Wipe", "Advanced" and spefify "Dalvik", "System", "Cache" and "Data" to be wiped. Make sure NOT to wipe "Internal memory" or "SD Card". Swipe to confirm the deletion and get back into the main menu.

    GApps
    You do not need to install GApps, but you may wish to do so. In that case, download GApps from here and put the .ZIP also to the SD card or Internal memory of your device. Choose ARM as platform, Android 5.1 and the flavor of your choice. We recommend "pico", as this leaves you the most freedom to only install, what you really need; you can later still install all the Google products you want and do not need to live with pre-installed Google applications you have no use for.

    Install our ROM
    In the TWRP main menu, choose "Install". A file manager appears to let you navigate to your internal memory (path /sdcard) or your SD card (path /external_sd). Choose the .ZIP file of our ROM and swipe to flash.
    If you update from a previous version of our ROM, you don't need to perform a wipe. If you had GApps already installed before the update, there is no need to flash them again. They will be automatically restored during the flash process. (Note: If you wish to get rid of GApps, navigate to TWRP's file manager in the Advanced section of the main menu, go to path /system/addon.d and delete the file 70-gapps.sh, before flashing the ROM update)
    If you come from a different ROM (or stock firmware), make sure that you have performed the Wipe steps above. If you wish to install GApps, select the respective .ZIP file directly afterwards, do not boot into Android before having flashed GApps.
    When finished flashing, return to the main menu, choose "Reboot" and then "System", which will cause your phone to boot into our Lineage OS 12.1 - be patient, the first boot after flashing a new ROM takes quite long!



    This has been a joint effort of hahnjo, Micha_Btz and Mse1969, based on the LineageOS sources on GitHub (https://github.com/LineageOS). Meanwhile, hahnjo and Micha_Btz aren't active any longer in this project. Special thanks also to derf elot, who is not active any longer in this project, but he has laid the solid foundation for it.
    You can view the progress and discussion about this initiative by looking at the issues in our discussion repository https://github.com/cm12-amami/discussion - contributions and pull requests are welcome, since applying backports of the actual android security bulletins is a lot of work.


    XDA:DevDB Information
    LineageOS 12.1 for Xperia Z1 compact , ROM for the Sony Xperia Z1 Compact

    Contributors
    MSe1969, derf elot, Micha_Btz, hahnjo
    Source Code: https://github.com/cm12-amami

    ROM OS Version: 5.1.x Lollipop
    ROM Kernel: Linux 3.4.x
    ROM Firmware Required: Unlocked Bootloader
    Based On: LineageOS

    Version Information
    Status:
    Stable
    Current Stable Version: cm-12.1
    Stable Release Date: 2020-11-12

    Created 2017-05-31
    Last Updated 2020-11-29
    13
    New build with May ASB patches and 2-year anniversary

    Hi all,

    a new build with the May security patches is available for download:
    https://www.androidfilehost.com/?fid=1395089523397962395

    • ASB Security patches May 2019 (sec. string 2019-05-05)
    • Privacy Browser updated to version 3.0.1
    • Android System Webview updated to M74
    • Missing CVE-2017-0554 and CVE-2017-0840 have been backported and included

    Please note, that in the May 2019 ASB, a couple of fixes to the V8 engine have been published by Google. Those do not apply to the old V8 version used in Android 5.1 (which means that the specific vulnerability is not present). It is however a fact, that the V8 engine used in this build is an old version (which cannot easily be updated) . . .
    If one of you has an idea how to use e.g. a more recent V8 engine (e.g. from cm-14.1) in an Android 5 build tree, we will be happy to go that path.

    For those of you building from source, I will merge the test branch into the stable branch soon (will announce this in a separate post).

    Also to be mentioned, that roughly two years ago, we have started to provide these builds for the Z1c device (first by "hijacking" or "re-animating" another Z1c cm-12.1 thread) and then, on May 31st 2017, we have created this thread here. So thanks for your continued interest in these builds. :)

    Happy flashing
    M.
    12
    New release with June ASB Sec. Patches

    Hi,
    a new build with the June 2018 ASB patches is now available for download:
    https://www.androidfilehost.com/?fid=890278863836290768

    • Security string 2018-06-05
    • Privacy Browser updated to V2.10
    • Privacy-focused default setting (only at clean install): Hide sensitive information on lock screen

    The test branch has already been merged into the stable branch for those who build from source.
    Regards, M.
    11
    Change Log
    Applies to both versions, 'standard' and 'microG-patched' until July 2017 release
    Since August 2017, there is a unified build

    November 12th, 2020 - FINAL build
    - ASB November 2020 patches (sec. string 2020-11-05)
    - Addl. fix of CVE-2019-2306
    - Addl. fix of CVE-2020-15999
    - System Webview on 86.0.4240.185

    October 15th, 2020
    - ASB October 2020 patches (sec. string 2020-10-05)
    - Fix of E-Mail widget

    September 15th, 2020
    - ASB September 2020 patches (sec. string 2020-09-05)
    - Webview updated to 85.0.4183.101
    - Privacy Browser updated to version 3.5.1

    August 12th, 2020
    - ASB August 2020 patches (sec. string 2020-08-05)
    - Kernel: Upstream fixes and PR merges from @fowof
    - Webview updated to 84.0.4147.89

    June 09th, 2020
    - ASB June 2020 patches (sec. string 2020-06-05)
    - Ported missing CVE-2020-0096 ("Strandhogg") from May ASB
    - Webview updated to 81.0.4044.138

    May 13th, 2020
    - ASB May 2020 patches (sec. string 2020-05-05)
    - Webview updated to 81.0.4044.117

    April 15th, 2020
    - ASB April 2020 patches (sec. string 2020-04-05)
    - Privacy Browser updated to version 3.4.1
    - Fix for CVE-2020-8597 (external/ppp)
    - Kernel: CVE-2019-10638 siphash 128bit for IP generation

    March 15th, 2020
    - ASB March 2020 patches (sec. string 2020-03-05)
    - Webview updated to 80.0.3987.132

    February 16th, 2020
    - ASB February 2020 patches (sec. string 2020-02-01)
    - Webview updated to 79.0.3945.136

    January 14th, 2020
    - ASB January 2020 patches (sec. string 2020-01-05)
    - Privacy Browser updated to version 3.3
    - Webview updated to 79.0.3945.116

    December 09th, 2019
    - ASB December 2019 patches (sec. string 2019-12-05)
    - Webview updated to 78.0.3904.108
    - Kernel: Amongst several patches, backported CVE-2019-2215 from October 2019 ASB
    - Skipped CVE-2019-2212 from ASB 2019.11 included
    - Skipped CVE-2019-2196/CVE-2019-2198 from ASB 2019.11 included
    - Skipped CVE-2019-2117 from ASB 2019.07 included
    - DownloadProvider part of CVE-2018-9493 from ASB 2018.10 now also included

    November 17th, 2019
    - ASB November 2019 patches (sec. string 2019-11-05)
    - Webview updated to 78.0.3904.96

    October 16th, 2019
    - ASB October 2019 patches (sec. string 2019-10-05)
    - Webview updated to 77.0.3865.116

    September 10th, 2019
    - ASB September 2019 patches (sec. string 2019-09-05)
    - Implemented CVE-2018-20346 (aka "Magellan"), which was outstanding from March 2019 ASB
    - Implemented CVE-2019-2031 outstanding from April 2019 ASB
    - Webview updated to 76.0.3809.111

    August 11th, 2019
    - ASB August 2019 patches (sec. string 2019-08-05)
    - Additional (backported) security patches from AOSP branch 'nougat-mr2-security-release'
    - Privacy Browser updated to version 3.2
    - SetupWizard rebranded to LineageOS

    July 4th, 2019
    - ASB July 2019 patches (sec. string 2019-07-05)
    - System Webview M75 - updated to 75.0.3770.101

    June 16th, 2019
    - ASB June 2019 patches (sec. string 2019-06-05)
    - Privacy Browser updated to version 3.1
    - System Webview M74 - updated to 74.0.3729.157
    - Included CVE-2017-0554 and CVE-2017-0840

    May 9th, 2019
    - ASB May 2019 patches (sec. string 2019-05-05)
    - Privacy Browser updated to version 3.0.1
    - System Webview M74

    April 8th, 2019
    - ASB April 2019 patches (sec. string 2019-04-05)
    - Privacy Browser updated to version 2.17.1

    March 13th, 2019
    - ASB March 2019 patches (sec. string 2019-03-01)
    - Privacy Browser updated to version 2.17
    - Android System Webview updated to M72 (includes CVE-2019-5786)

    February 9th, 2019
    - ASB February 2019 patches (sec. string 2019-02-05)
    - Privacy Browser updated to version 2.16
    - Fix of carrier display of Telefonica Germany, part 2 (thanks to @awl14 )
    - Kernel: Additional 'spectre' mitigations

    January 13th, 2019
    - ASB January 2019 patches (sec. string 2019-01-05)
    - System Webview M71
    - Privacy Browser updated to version 2.15.1
    - Fix of carrier display of Telefonica Germany
    - App usage stats disabled by default

    December 7th, 2018
    - ASB December 2018 patches (sec. string 2018-12-05)
    - Fix of 'adb root' bug (see LineageOS announcements)
    - Addl. fix of CVE-2018-9531, CVE-2018-9536 and CVE-2018-9537 from November ASB, which are flagged Android 9 only, but also apply
    - Backport of CVE-2017-15835 (skipped in November ASB)

    November 7th, 2018
    - ASB November 2018 patches (sec. string 2018-11-05)

    October 20th, 2018
    - ASB October 2018 patches (sec. string 2018-10-01)
    - Android System Webview updated to M69
    - Indication in Settings that Security patch level is unofficial

    September 9th, 2018
    - ASB September 2018 patches (sec. string 2018-09-05)

    August 13th, 2018
    - ASB August 2018 patches (sec. string 2018-08-05)
    - Privacy Browser updated to version 2.12

    July 16th, 2018
    - ASB July 2018 patches (sec. string 2018-07-05)
    - Privacy Browser updated to version 2.11
    - Android System Webview updated to M67
    - Additional kernel fixes CVE-2018-1092 / CVE-2018-1093

    June 10th, 2018
    - ASB June 2018 patches (sec. string 2018-06-05)
    - Privacy Browser updated to version 2.10
    - Privacy-default setting (at clean install): Sensitive information is hidden on the lock screen

    May 16th, 2018
    - ASB May 2018 patches (sec. string 2018-05-05)
    - Android System Webview updated to M66
    - Privacy Browser updated to version 2.9
    - Use Cloudflare DNS 1.1.1.1 as default fallback (instead of Google's 8.8.8.8)
    - Further fix for the "Ask" topic in Privacy Guard to mimic the defined behavior

    April 20th, 2018
    - ASB April 2018 patches (sec. string 2018-04-05)
    - Android System Webview updated to M65
    - GPS https-fix (CVE-2016-5341)

    March 13, 2018
    - ASB March 2018 patches (sec. string 2018-03-05)
    - Android System Webview updated to M64
    - Privacy Browser updated to version 2.8.1
    - Renewed CA certificates from AOSP master branch

    February 11, 2018
    - ASB February 2018 patches (sec. string 2018-02-05)
    - Applied many past ASB patches flagged as "not publicly available"
    - Privacy Guard enhancements: Own switches for Wi-Fi scan, clipboard, notifications and vibrate

    January 16, 2018
    - ASB January 2018 patches (sec. string 2018-01-05)
    - Webview switched to stable M63
    - SQLite 'secure delete' feature enabled

    December 14, 2017
    - ASB December 2017 patches (sec. string 2017-12-05)
    - Privacy Browser updated to version 2.7.2
    - Backported patches for su (root app) from LineageOS 13

    November 19, 2017
    - ASB November 2017 patches (sec. string 2017-11-06)
    - Privacy Browser updated to version 2.7.1

    October 28, 2017 (interim release)
    - Fix WPA-TKIP issue after applying "krack" fix

    October 20, 2017 (interim release)
    - Fix for KRACK attack (see https://www.krackattacks.com/)
    - Android System Webview updated to M64

    October 06, 2017
    - ASB October 2017 patches (sec. string 2017-10-05)
    - Fixed 'Hardware Overlay' bug
    - Addl. kernel fix for the 'Blueborne' vulnerability

    September 26, 2017
    - ASB September 2017 patches (sec. string 2017-09-05)

    September 21, 2017 (interim release)
    - Security patch level 2017-09-01 (yet w/o September ASB kernel patches), but fixed 'Blueborne'
    - Privacy Browser updated to version 2.6

    September 2, 2017 (interim release)
    - Privacy Browser updated to version 2.5

    August 23, 2017
    - ASB August 2017 patches (sec. string 2017-08-05)
    - Unified build: microG patch included, needs to be enabled in the developer settings
    - Android System Webview updated to most current M60

    July 16, 2017
    - ASB July 2017 patches (sec. string 2017-07-05)
    - Kernel rebased and merged to release 3.4.113
    - Privacy Browser updated to version 2.4
    - Lock Clock: Removed built-in Google lib (Back port from LineageOS)
    - Settings (1): Rebranding to LineageOS, link to LineageOS privacy policy (Backport from LineageOS)
    - Settings (2): Elimination of Stats tracking (Backports from LineageOS: (1), (2), (3), (4))
    - SetupWizard (1): Removed built-in Google lib (Back port from LineageOS)
    - SetupWizard (2): Removed 'opt-out' for stats tracking (will simply be switched off by default)
    - SetupWizard (3): Added option to switch on Privacy Guard
    - Trebuchet Launcher (1): Removed 'Cyngn'-tracking (Back port from LineageOS)
    - Trebuchet Launcher (2): Show 'Privacy Browser' as default Browser on new installs

    June 11, 2017
    - ASB June 2017 patches (sec. string 2017-06-05)
    - Android System Webview updated to most current M59
    - Replaced old (and insecure) Browser app with Privacy Browser

    May 25, 2017
    - ASB May 2017 patches (sec. string 2017-05-05)
    - Lineage OS 'su hide' patch applied
    - Lineage OS Boot animation (instead of old CM)

    May 14, 2017
    - ASB April 2017 patches (sec. string 2017-04-05)
    - Removed CMUpdater from build
    11
    New version available with March patches

    Hi,

    a new version of our ROM is available for download here.

    It consists of the following:
    • AOSP patch level 2018-03-05
    • Android System Webview updated to M64
    • Renewed CA-certificates from AOSP master branch
    • Privacy Browser updated to version 2.8.1

    This build also contains the most current CA certificates from the AOSP master branch, as the certificates were partly outdated.
    Will soon update the stable branch for those of you building from source, and also update the OP.

    Regards, M.