[ROM][UNOFFICIAL][LineageOS 14.1][T813] [T713] Delta Nougat

Search This thread

Androilala

Member
Apr 30, 2015
16
4
no, dnscrypt does not require an internet connection to run the iptables script. In fact, when tor is enabled, dnscrypt just waits until tor starts up.
Okay, i will try tor in termux when it happens again.
Thank you verry much for the support and the great ROM.
 

Concept48

Senior Member
Dec 26, 2021
212
99
Sony Xperia M
This is an unofficial version of LineageOS 14.1 for Samsung Galaxy S2 (T813 and T713) with extra security features.

- Vendor has been updated using latest release from Samsung (T813XXS2BSJ3 and T713XXS2BSG1)
- Kernel has been updated using latest CAF, Google, and kernel.org sources
- SDcardfs has been backported from Oreo
- Wifi driver (qcacld-2.0) has been updated from latest CAF repos
- Fixed random wifi disconnects
- Proc has been hardened with updated selinux policy
- Use correct ANT+ wireless driver (qualcomm-uart)
- Added blur effect
- Enabled burnIn protection support
- Only light up capacitive hardware keys when pressed
- Lowmemory killer has been optimized using latest upstream Google sources
- Stability and power usage improvements
- MicroG support has been added to framework (signature spoofing)
- Add menu option to switch off captive portal (to stop pinging google servers)
- Latest Wireguard kernel support added
- Integrated superuser support added
- Added per-app VPN data restrictions
- Add Privacy-Friendly Network Monitor
- Restrict untrusted apps from /proc/net
- Added per-app sensor block in privacy guard
- DNSCrypt Proxy support for encrypted DNS and integrated ad blocker
- Support for DNSCrypt Proxy requests through Tor for total DNS privacy (requires Tor to be installed separately)
- Bromite system webview that can be updated from official Bromite website and FDroid.

T813: lineage-14.1-20220509-NIGHTLY-gts210vewifi.zip
Supported Bootloader versions:
T813XXU2BSB1|T813ZCU2BSB1|T813XXS2BSG1|T813XXS2BSG3|T813XXU2BSI2|T813ZCU2BSI3|T813XXS2BSJ3

T713: lineage-14.1-20220509-NIGHTLY-gts28vewifi.zip
Supported Bootloader versions:
T713XXU2BRF4|T713XXS2BRI1|T713XXU2BSB1|T713XXU2BSA1|T713XXS2BSG3|T713XXS2BSG1|T713ZCU2BSI3

Security Patch Level: May 2022

T813 Recovery: twrp-3.2.3-1-gts210vewifi-20190418-1-recovery.img
md5sum: ce7f264cf2fdef9da0d812eec293396e

T713 Recovery: twrp-3.2.3-0-gts28vewifi.img
md5sum: twrp-3.2.3-0-gts28vewifi.img.md5

Note: TWRP 3.2.3 is only version that works properly with encryption on Nougat because newer versions of TWRP do not format the data partition correctly. The data partition must be formatted with TWRP 3.2.3 in order to create proper encryption footers.

Recommended Gapps: gapps-base-arm64-7.1.2-20180730-1-signed.zip

TWRP Device Repo: https://github.com/syphyr/android_device_samsung_gts210vewifi-teamwin/commits/android-7.1

Local Manifest: local_manifests_laos_S2-14.1.xml
Very nice a updated Nougat .I,m on Pie atm . Can you make a short tuto how to add microG to this Rom?
 

Deltadroid

Recognized Contributor
Apr 19, 2013
3,823
9,991
Last edited:
  • Like
Reactions: Concept48

Concept48

Senior Member
Dec 26, 2021
212
99
Sony Xperia M
Last edited:

Concept48

Senior Member
Dec 26, 2021
212
99
Sony Xperia M

Deltadroid

Recognized Contributor
Apr 19, 2013
3,823
9,991
I added microg to the rom and it works good , apps that cry for GS are working here now ..where can I send you the MicroG release?
Would to give me some more details as to what you created? Are you referring to a microg addon to flash to the system partition with backup scripts? Perhaps the best solution is to create a new thread for what you created and link it here.
 

Concept48

Senior Member
Dec 26, 2021
212
99
Sony Xperia M
Would to give me some more details as to what you created? Are you referring to a microg addon to flash to the system partition with backup scripts? Perhaps the best solution is to create a new thread for what you created and link it here.
No no , I just added MicroG to Your Rom , I dont want to make a thread i,m not a developer only a dressman .
 

Concept48

Senior Member
Dec 26, 2021
212
99
Sony Xperia M
I'm still not sure what you are asking me
Look , your Rom is microG ready , signature spoofing , so I asked you , how to add microg properly , you said private app etc , so I did a cooking and added the MicroG elements to Your Rom , testing it and it runs the way it should , so I was like , let me send you the rom so you can add it to your collection , but maybe i,m thinking wrong . , apologies for that .
 

Deltadroid

Recognized Contributor
Apr 19, 2013
3,823
9,991
Look , your Rom is microG ready , signature spoofing , so I asked you , how to add microg properly , you said private app etc , so I did a cooking and added the MicroG elements to Your Rom , testing it and it runs the way it should , so I was like , let me send you the rom so you can add it to your collection , but maybe i,m thinking wrong . , apologies for that .
No problem. I would like to leave it optional so users can choose between regular gapps and microg.
 

Deltadroid

Recognized Contributor
Apr 19, 2013
3,823
9,991
T813: lineage-14.1-20220610-NIGHTLY-gts210vewifi.zip
T713: lineage-14.1-20220610-NIGHTLY-gts28vewifi.zip

Security Patch Level: June 2022

Notes:

- Update ca-certifacates from Android 12.
- Fix many many ffmpeg bugs/cve.
- Randomize source ports on connect to prevent distinguishing between different users
behind a VPN based on distinct source port ranges, tracking users over time across multiple
networks, tracking what applications are running on a computer based on the pattern of how
fast source ports are getting incremented, and covert communication channels between
different browsers/browser profiles running on the same computer.
- Increase wifi stability with higher missed beacon count threshold.
- Convert secure network calls from MD5 to SipHash.


Code:
android

    dbf1488 (8 days ago) manifest: Track android12-release for system/ca-certificates (syphyr)

build

    853ebc61cd (3 days ago) Bump Security String to 2022-06-05 (syphyr)

device/samsung/msm8976-common

    c87c3de (3 days ago) msm8976-common: wifi: Increase beacon missed count threshold (syphyr)

external/bromite-webview

    6cde32b (5 days ago) Bromite System Webview 102.0.5005.92 (syphyr)
    1075523 (3 weeks ago) Bromite System Webview 101.0.4951.69 (syphyr)

external/dhcpcd-6.8.2

    b388690 (5 days ago) Really disable IPv6 RA processing in dhcpcd. (Pierre Imai)

external/dnscrypt-proxy

    45800b6 (3 days ago) Update blocked names, resolvers and configs (syphyr)
    8a1ca54 (8 days ago) Update blocked names and resolvers (syphyr)
    54d69f5 (2 weeks ago) Update blocked names and relays (syphyr)
    6fbc59d (3 weeks ago) Fix negative rtt, update blocked names and resolvers (syphyr)
    a56d907 (4 weeks ago) Add another tracker to allowed names (syphyr)
    2af09d7 (4 weeks ago) Update blocked names and resolvers (syphyr)
    3a9442f (4 weeks ago) Add tracker to allowed names (syphyr)
    d457ef3 (4 weeks ago) Update to golang 1.18.2, blocked names and resolvers (syphyr)

external/ffmpeg

    072954eeb0 (2 weeks ago) avformat: Fix max value of AV_OPT_TYPE_VIDEO_RATE (Michael Niedermayer)
    732f239249 (2 weeks ago) avformat/rmdec: Clear extradata when extradata_size is cleared (Michael Niedermayer)
    5ff16c561c (2 weeks ago) avformat/rmdec: Check remaining space in debug av_log() loop (Michael Niedermayer)
    5321af71f7 (2 weeks ago) avformat/rmdec: Initialize and sanity check offset in ivr_read_header() (Michael Niedermayer)
    f515bea6e3 (2 weeks ago) lavf/rmdec: Do not return EIO on EOF. (Carl Eugen Hoyos)
    a560f14c18 (2 weeks ago) rmdec: validate block alignment (Andreas Cadhalpun)
    a563791332 (2 weeks ago) avformat/mxfdec: Clear metadata_sets_count in mxf_read_close() (Michael Niedermayer)
    bb4da38a34 (2 weeks ago) avformat/aqtitledec: Fix memleak upon read header failure (Andreas Rheinhardt)
    99cbe54ae2 (2 weeks ago) avcodec/vqavideo: Set video size (Michael Niedermayer)
    28969993f2 (2 weeks ago) avcodec/g729dec: require buf_size to be non 0 (Michael Niedermayer)
    3f6b7f24f3 (2 weeks ago) avcodec/g729dec: Use 64bit and clip in scalar product (Michael Niedermayer)
    92e30cb0f8 (2 weeks ago) avcodec/alacdsp: Fix invalid shift in append_extra_bits() (Michael Niedermayer)
    1d03b61542 (2 weeks ago) avcodec/ac3enc: Fix invalid shift (Andreas Rheinhardt)
    d2839567a2 (2 weeks ago) avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going to be written (James Almer)
    bd22c20ff3 (2 weeks ago) avcodec/diracdec: avoid signed integer overflow in global mv (Michael Niedermayer)
    585293dd4c (2 weeks ago) avcodec/diracdec: Fix integer overflow in global_mv() (Michael Niedermayer)
    5ca1372417 (2 weeks ago) avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation (Michael Niedermayer)
    8082cd9917 (2 weeks ago) avcodec/takdsp: Fix integer overflow in decorrelate_sf() (Michael Niedermayer)
    d954053636 (2 weeks ago) avcodec/takdsp: Fix negative shift in decorrelate_sf() (Michael Niedermayer)
    506f7c353d (2 weeks ago) avformat/avidec: Check height (Michael Niedermayer)
    da4bbefddd (2 weeks ago) avformat/aiffdec: Check sample_rate (Michael Niedermayer)
    687770734f (2 weeks ago) avformat/aiffdec: Check size before subtraction in get_aiff_header() (Michael Niedermayer)
    2ee310d281 (2 weeks ago) aformat/movenc: add missing padding to output track extradata (James Almer)
    665c843444 (2 weeks ago) avcodec/ac3enc: Fix memleak (Andreas Rheinhardt)
    7f84c3480f (2 weeks ago) avfilter/vf_random: fix memory leaks (Paul B Mahol)
    7630d9d1d6 (2 weeks ago) fftools/ffmpeg_opt: Fix leak of options when parsing options fails (Andreas Rheinhardt)
    6cc642a96c (2 weeks ago) avfilter/vf_edgedetect: fix heap-buffer overflow (Paul B Mahol)
    2d83792a9f (2 weeks ago) avfilter/vf_w3fdif: deny processing small videos (Paul B Mahol)
    154b3c97a7 (2 weeks ago) avfilter/af_tremolo: fix heap-buffer overflow (Paul B Mahol)
    51bf76018f (2 weeks ago) avfilter/vf_edgedetect: check if height is big enough (Paul B Mahol)
    dccddadcd3 (2 weeks ago) avfilter/vf_fieldorder: fix heap-buffer overflow (Paul B Mahol)
    525f615fe3 (2 weeks ago) avfilter/vf_fieldmatch: fix heap-buffer overflow (Paul B Mahol)
    e12c6f2fee (2 weeks ago) avcodec/pngenc: remove monowhite from apng formats (Paul B Mahol)
    d64ce1dd76 (2 weeks ago) avfilter/vf_lenscorrection: make width/height int (Paul B Mahol)
    44e2484e69 (2 weeks ago) avcodec/apedec: fix a integer overflow in long_filter_high_3800() (Michael Niedermayer)
    35c8c99967 (2 weeks ago) avformat/aqtitledec: Skip unrepresentable durations (Michael Niedermayer)
    340e4fa322 (2 weeks ago) avformat/cafdec: Do not store empty keys in read_info_chunk() (Michael Niedermayer)
    338744b6bf (2 weeks ago) avformat/matroskadec: Check pre_ns (Michael Niedermayer)
    b84c7af8a8 (2 weeks ago) avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior (Michael Niedermayer)
    7253a121b3 (2 weeks ago) avformat/matroskadec: Use rounded down duration in get_cue_desc() check (Michael Niedermayer)
    afb24dc591 (2 weeks ago) avformat/rmdec: Better duplicate tags check (Michael Niedermayer)
    3a0f1ab6bd (3 weeks ago) avformat/mov: Disallow empty sidx (Michael Niedermayer)
    db20bf2855 (3 weeks ago) avformat/matroskadec: Check duration (Michael Niedermayer)
    9957d1bcb2 (3 weeks ago) avcodec/jpeglsdec: Fix if( code style (Michael Niedermayer)
    c3ab6f9426 (3 weeks ago) avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error (Michael Niedermayer)
    09c034f76d (3 weeks ago) avcodec/motion_est: fix indention of ff_get_best_fcode() (Michael Niedermayer)
    03d818aa8e (3 weeks ago) avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode() (Michael Niedermayer)
    e6952a6b19 (3 weeks ago) avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned (Michael Niedermayer)
    6c8ee1053f (3 weeks ago) avformat/matroskadec: Check desc_bytes (Michael Niedermayer)
    57d5ea5baf (3 weeks ago) avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value() (Michael Niedermayer)
    7678e2c6ad (3 weeks ago) avformat/matroskadec: Fix infinite loop with bz decompression (Michael Niedermayer)
    2e26b8c9ae (3 weeks ago) avformat/mov: Check size before subtraction (Michael Niedermayer)
    a7db9ce19d (3 weeks ago) avcodec/apedec: Fix integer overflows in predictor_update_3930() (Michael Niedermayer)
    0320f78a7b (3 weeks ago) avcodec/apedec: fix integer overflow in 8bit samples (Michael Niedermayer)
    e65c03ff5e (3 weeks ago) avformat/flvdec: timestamps cannot use the full int64 range (Michael Niedermayer)
    9b2e525896 (3 weeks ago) avcodec/vqavideo: reset accounting on error (Michael Niedermayer)
    aed7ae9c2a (3 weeks ago) avcodec/alacdsp: fix integer overflow in decorrelate_stereo() (Michael Niedermayer)
    8370bae9f4 (3 weeks ago) avformat/4xm: Check for duplicate track ids (Michael Niedermayer)
    6f20c44f89 (3 weeks ago) avformat/4xm: Consider max_streams on reallocating tracks array (Michael Niedermayer)
    a07b7d445c (3 weeks ago) avformat/mov: Check next offset in mov_read_dref() (Michael Niedermayer)
    5ac23018f4 (3 weeks ago) avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() (Michael Niedermayer)
    be041a9eba (3 weeks ago) avcodec/apedec: Change avg to uint32_t (Michael Niedermayer)
    cfd813cbcb (3 weeks ago) avformat/mov: Check for EOF in mov_read_glbl() (Michael Niedermayer)
    877bbb4a94 (3 weeks ago) avfilter/vf_lenscorrection: fix division by zero (Paul B Mahol)
    9406e561b3 (3 weeks ago) avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum() (Michael Niedermayer)
    5bbb980f1f (3 weeks ago) avformat/movenc: Fix segfault when remuxing rtp hint stream (Andreas Rheinhardt)
    89c76d8b21 (3 weeks ago) avformat/tty: add probe function (Paul B Mahol)
    14dae6b3b3 (3 weeks ago) avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE (Michael Niedermayer)
    6740ce3c84 (3 weeks ago) avcodec/ttadsp: Fix integer overflows in tta_filter_process_c() (Michael Niedermayer)

external/libnfc-nci

    67be0f7 (2 days ago) Double Free in ce_t4t_data_cback (Alisher Alikhodjaev)
    551ccd5 (3 days ago) OOBR in nfc_ncif_proc_ee_discover_req() (Alisher Alikhodjaev)
    93b651c (3 days ago) Out of Bounds Read in nfa_dm_check_set_config (Alisher Alikhodjaev)

frameworks/base

    3e5f0e5c8459 (15 minutes ago) DO NOT MERGE Add an OEM configurable limit for zen rules (Julia Reynolds)
    c6d34cf08246 (3 days ago) limit TelecomManager#registerPhoneAccount to 10; api doc update (Thomas Stuart)
    72f7d7e504f9 (3 days ago) RESTRICT AUTOMERGE Prevent non-admin users from deleting system apps. (Oli Lan)
    51cc5080993e (3 days ago) Update GeofenceHardwareRequestParcelable to match parcel/unparcel format. (David Christie)
    b09a9d8308f5 (3 days ago) Fix security hole in GateKeeperResponse (Ayush Sharma)
    a099f266c816 (7 days ago) Fixed a concurrent modification crash (Selim Cinek)

kernel/samsung/msm8976

    7117745ed507e (4 days ago) usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter)
    270102aecc922 (4 days ago) usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman)
    5cfc91135bb1f (4 days ago) usb: gadget: clear related members when goto fail (Hangyu Hua)
    5ea33042c172e (4 days ago) usb: gadget: don't release an existing dev->buf (Hangyu Hua)
    da0cc8e1f5839 (4 days ago) USB: gadgetfs: Fix a potential memory leak in 'dev_config()' (Christophe JAILLET)
    33e63f1f344b1 (10 days ago) tcp: resalt the secret every 10 seconds (Eric Dumazet)
    c1fac3385652b (11 days ago) secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau)
    e166e626c9845 (11 days ago) tcp: connect() from bound sockets can be faster (Eric Dumazet)
    f16f9a49132e1 (11 days ago) secure_seq: fix sparse errors (Eric Dumazet)
    05c7240e70024 (11 days ago) secure_seq: use SipHash in place of MD5 (Jason A. Donenfeld)
    95e0e4979da03 (11 days ago) net: switch net_secret key generation to net_get_random_once (Hannes Frederic Sowa)
    a238074f11533 (11 days ago) BACKPORT: tcp: change source port randomizarion at connect() time (Eric Dumazet)
    276cc1f78f544 (2 weeks ago) net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang)
    93a5fe73f08b7 (3 weeks ago) netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet)
    e6f9cae4e1cdb (3 weeks ago) netlink: reset network and mac headers in netlink_dump() (Eric Dumazet)
    bb78e3f84a655 (4 weeks ago) net: sched: prevent UAF on tc_ctl_tfilter when temporarily dropping rtnl_lock (Thadeu Lima de Souza Cascardo)
    9fb40ce4cb1e4 (4 weeks ago) net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet)
    6b41561876d3e (4 weeks ago) qcacld-2.0: Possible OOB read in process_fw_diag_event_data (abhinav kumar)
    04acbf77f3fc9 (4 weeks ago) Asoc: check for invalid voice session id (Lakshman Chaluvaraju)
    4648031b0b7fc (4 weeks ago) asoc: Add check to handle negative value passed for num_app_cfg_type (Harshal Ahire)
    67d101c021ea7 (4 weeks ago) asoc: add missing null check for pcm pointer of snd_pcm_volume (xsang)
    478cc452abde0 (4 weeks ago) asoc: add null check for pcm pointer of snd_pcm_volume (xsang)

packages/apps/Bluetooth

    9b161a5df (3 days ago) Removes app access to BluetoothAdapter#setDiscoverableTimeout by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)
    e92d6785f (3 days ago) Removes app access to BluetoothAdapter#setScanMode by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)

packages/apps/Contacts

    c7774bc8c (3 days ago) No longer export CallSubjectDialog (John Shao)

packages/apps/Dialer

    2f6726c8e (3 days ago) No longer export CallSubjectDialog (Tatsuaki Machida)

packages/apps/Nfc

    4d27cb3b (3 days ago) OOB read in phNciNfc_RecvMfResp() (Alisher Alikhodjaev)

packages/services/Telecomm

    de446cd1a (3 days ago) limit TelecomManager#registerPhoneAccount to 10 (Thomas Stuart)

system/ca-certificates

    1398a9b (8 days ago) Backport Android.mk from P (syphyr)

system/core

    ae76011a9 (3 days ago) Backport of Win-specific suppression of potentially rogue construct that can engage (Shaju Mathew)
 

Concept48

Senior Member
Dec 26, 2021
212
99
Sony Xperia M
T813: lineage-14.1-20220610-NIGHTLY-gts210vewifi.zip
T713: lineage-14.1-20220610-NIGHTLY-gts28vewifi.zip

Security Patch Level: June 2022

Notes:

- Update ca-certifacates from Android 12.
- Fix many many ffmpeg bugs/cve.
- Randomize source ports on connect to prevent distinguishing between different users
behind a VPN based on distinct source port ranges, tracking users over time across multiple
networks, tracking what applications are running on a computer based on the pattern of how
fast source ports are getting incremented, and covert communication channels between
different browsers/browser profiles running on the same computer.
- Increase wifi stability with higher missed beacon count threshold.
- Convert secure network calls from MD5 to SipHash.


Code:
android

    dbf1488 (8 days ago) manifest: Track android12-release for system/ca-certificates (syphyr)

build

    853ebc61cd (3 days ago) Bump Security String to 2022-06-05 (syphyr)

device/samsung/msm8976-common

    c87c3de (3 days ago) msm8976-common: wifi: Increase beacon missed count threshold (syphyr)

external/bromite-webview

    6cde32b (5 days ago) Bromite System Webview 102.0.5005.92 (syphyr)
    1075523 (3 weeks ago) Bromite System Webview 101.0.4951.69 (syphyr)

external/dhcpcd-6.8.2

    b388690 (5 days ago) Really disable IPv6 RA processing in dhcpcd. (Pierre Imai)

external/dnscrypt-proxy

    45800b6 (3 days ago) Update blocked names, resolvers and configs (syphyr)
    8a1ca54 (8 days ago) Update blocked names and resolvers (syphyr)
    54d69f5 (2 weeks ago) Update blocked names and relays (syphyr)
    6fbc59d (3 weeks ago) Fix negative rtt, update blocked names and resolvers (syphyr)
    a56d907 (4 weeks ago) Add another tracker to allowed names (syphyr)
    2af09d7 (4 weeks ago) Update blocked names and resolvers (syphyr)
    3a9442f (4 weeks ago) Add tracker to allowed names (syphyr)
    d457ef3 (4 weeks ago) Update to golang 1.18.2, blocked names and resolvers (syphyr)

external/ffmpeg

    072954eeb0 (2 weeks ago) avformat: Fix max value of AV_OPT_TYPE_VIDEO_RATE (Michael Niedermayer)
    732f239249 (2 weeks ago) avformat/rmdec: Clear extradata when extradata_size is cleared (Michael Niedermayer)
    5ff16c561c (2 weeks ago) avformat/rmdec: Check remaining space in debug av_log() loop (Michael Niedermayer)
    5321af71f7 (2 weeks ago) avformat/rmdec: Initialize and sanity check offset in ivr_read_header() (Michael Niedermayer)
    f515bea6e3 (2 weeks ago) lavf/rmdec: Do not return EIO on EOF. (Carl Eugen Hoyos)
    a560f14c18 (2 weeks ago) rmdec: validate block alignment (Andreas Cadhalpun)
    a563791332 (2 weeks ago) avformat/mxfdec: Clear metadata_sets_count in mxf_read_close() (Michael Niedermayer)
    bb4da38a34 (2 weeks ago) avformat/aqtitledec: Fix memleak upon read header failure (Andreas Rheinhardt)
    99cbe54ae2 (2 weeks ago) avcodec/vqavideo: Set video size (Michael Niedermayer)
    28969993f2 (2 weeks ago) avcodec/g729dec: require buf_size to be non 0 (Michael Niedermayer)
    3f6b7f24f3 (2 weeks ago) avcodec/g729dec: Use 64bit and clip in scalar product (Michael Niedermayer)
    92e30cb0f8 (2 weeks ago) avcodec/alacdsp: Fix invalid shift in append_extra_bits() (Michael Niedermayer)
    1d03b61542 (2 weeks ago) avcodec/ac3enc: Fix invalid shift (Andreas Rheinhardt)
    d2839567a2 (2 weeks ago) avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going to be written (James Almer)
    bd22c20ff3 (2 weeks ago) avcodec/diracdec: avoid signed integer overflow in global mv (Michael Niedermayer)
    585293dd4c (2 weeks ago) avcodec/diracdec: Fix integer overflow in global_mv() (Michael Niedermayer)
    5ca1372417 (2 weeks ago) avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation (Michael Niedermayer)
    8082cd9917 (2 weeks ago) avcodec/takdsp: Fix integer overflow in decorrelate_sf() (Michael Niedermayer)
    d954053636 (2 weeks ago) avcodec/takdsp: Fix negative shift in decorrelate_sf() (Michael Niedermayer)
    506f7c353d (2 weeks ago) avformat/avidec: Check height (Michael Niedermayer)
    da4bbefddd (2 weeks ago) avformat/aiffdec: Check sample_rate (Michael Niedermayer)
    687770734f (2 weeks ago) avformat/aiffdec: Check size before subtraction in get_aiff_header() (Michael Niedermayer)
    2ee310d281 (2 weeks ago) aformat/movenc: add missing padding to output track extradata (James Almer)
    665c843444 (2 weeks ago) avcodec/ac3enc: Fix memleak (Andreas Rheinhardt)
    7f84c3480f (2 weeks ago) avfilter/vf_random: fix memory leaks (Paul B Mahol)
    7630d9d1d6 (2 weeks ago) fftools/ffmpeg_opt: Fix leak of options when parsing options fails (Andreas Rheinhardt)
    6cc642a96c (2 weeks ago) avfilter/vf_edgedetect: fix heap-buffer overflow (Paul B Mahol)
    2d83792a9f (2 weeks ago) avfilter/vf_w3fdif: deny processing small videos (Paul B Mahol)
    154b3c97a7 (2 weeks ago) avfilter/af_tremolo: fix heap-buffer overflow (Paul B Mahol)
    51bf76018f (2 weeks ago) avfilter/vf_edgedetect: check if height is big enough (Paul B Mahol)
    dccddadcd3 (2 weeks ago) avfilter/vf_fieldorder: fix heap-buffer overflow (Paul B Mahol)
    525f615fe3 (2 weeks ago) avfilter/vf_fieldmatch: fix heap-buffer overflow (Paul B Mahol)
    e12c6f2fee (2 weeks ago) avcodec/pngenc: remove monowhite from apng formats (Paul B Mahol)
    d64ce1dd76 (2 weeks ago) avfilter/vf_lenscorrection: make width/height int (Paul B Mahol)
    44e2484e69 (2 weeks ago) avcodec/apedec: fix a integer overflow in long_filter_high_3800() (Michael Niedermayer)
    35c8c99967 (2 weeks ago) avformat/aqtitledec: Skip unrepresentable durations (Michael Niedermayer)
    340e4fa322 (2 weeks ago) avformat/cafdec: Do not store empty keys in read_info_chunk() (Michael Niedermayer)
    338744b6bf (2 weeks ago) avformat/matroskadec: Check pre_ns (Michael Niedermayer)
    b84c7af8a8 (2 weeks ago) avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior (Michael Niedermayer)
    7253a121b3 (2 weeks ago) avformat/matroskadec: Use rounded down duration in get_cue_desc() check (Michael Niedermayer)
    afb24dc591 (2 weeks ago) avformat/rmdec: Better duplicate tags check (Michael Niedermayer)
    3a0f1ab6bd (3 weeks ago) avformat/mov: Disallow empty sidx (Michael Niedermayer)
    db20bf2855 (3 weeks ago) avformat/matroskadec: Check duration (Michael Niedermayer)
    9957d1bcb2 (3 weeks ago) avcodec/jpeglsdec: Fix if( code style (Michael Niedermayer)
    c3ab6f9426 (3 weeks ago) avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error (Michael Niedermayer)
    09c034f76d (3 weeks ago) avcodec/motion_est: fix indention of ff_get_best_fcode() (Michael Niedermayer)
    03d818aa8e (3 weeks ago) avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode() (Michael Niedermayer)
    e6952a6b19 (3 weeks ago) avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned (Michael Niedermayer)
    6c8ee1053f (3 weeks ago) avformat/matroskadec: Check desc_bytes (Michael Niedermayer)
    57d5ea5baf (3 weeks ago) avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value() (Michael Niedermayer)
    7678e2c6ad (3 weeks ago) avformat/matroskadec: Fix infinite loop with bz decompression (Michael Niedermayer)
    2e26b8c9ae (3 weeks ago) avformat/mov: Check size before subtraction (Michael Niedermayer)
    a7db9ce19d (3 weeks ago) avcodec/apedec: Fix integer overflows in predictor_update_3930() (Michael Niedermayer)
    0320f78a7b (3 weeks ago) avcodec/apedec: fix integer overflow in 8bit samples (Michael Niedermayer)
    e65c03ff5e (3 weeks ago) avformat/flvdec: timestamps cannot use the full int64 range (Michael Niedermayer)
    9b2e525896 (3 weeks ago) avcodec/vqavideo: reset accounting on error (Michael Niedermayer)
    aed7ae9c2a (3 weeks ago) avcodec/alacdsp: fix integer overflow in decorrelate_stereo() (Michael Niedermayer)
    8370bae9f4 (3 weeks ago) avformat/4xm: Check for duplicate track ids (Michael Niedermayer)
    6f20c44f89 (3 weeks ago) avformat/4xm: Consider max_streams on reallocating tracks array (Michael Niedermayer)
    a07b7d445c (3 weeks ago) avformat/mov: Check next offset in mov_read_dref() (Michael Niedermayer)
    5ac23018f4 (3 weeks ago) avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() (Michael Niedermayer)
    be041a9eba (3 weeks ago) avcodec/apedec: Change avg to uint32_t (Michael Niedermayer)
    cfd813cbcb (3 weeks ago) avformat/mov: Check for EOF in mov_read_glbl() (Michael Niedermayer)
    877bbb4a94 (3 weeks ago) avfilter/vf_lenscorrection: fix division by zero (Paul B Mahol)
    9406e561b3 (3 weeks ago) avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum() (Michael Niedermayer)
    5bbb980f1f (3 weeks ago) avformat/movenc: Fix segfault when remuxing rtp hint stream (Andreas Rheinhardt)
    89c76d8b21 (3 weeks ago) avformat/tty: add probe function (Paul B Mahol)
    14dae6b3b3 (3 weeks ago) avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE (Michael Niedermayer)
    6740ce3c84 (3 weeks ago) avcodec/ttadsp: Fix integer overflows in tta_filter_process_c() (Michael Niedermayer)

external/libnfc-nci

    67be0f7 (2 days ago) Double Free in ce_t4t_data_cback (Alisher Alikhodjaev)
    551ccd5 (3 days ago) OOBR in nfc_ncif_proc_ee_discover_req() (Alisher Alikhodjaev)
    93b651c (3 days ago) Out of Bounds Read in nfa_dm_check_set_config (Alisher Alikhodjaev)

frameworks/base

    3e5f0e5c8459 (15 minutes ago) DO NOT MERGE Add an OEM configurable limit for zen rules (Julia Reynolds)
    c6d34cf08246 (3 days ago) limit TelecomManager#registerPhoneAccount to 10; api doc update (Thomas Stuart)
    72f7d7e504f9 (3 days ago) RESTRICT AUTOMERGE Prevent non-admin users from deleting system apps. (Oli Lan)
    51cc5080993e (3 days ago) Update GeofenceHardwareRequestParcelable to match parcel/unparcel format. (David Christie)
    b09a9d8308f5 (3 days ago) Fix security hole in GateKeeperResponse (Ayush Sharma)
    a099f266c816 (7 days ago) Fixed a concurrent modification crash (Selim Cinek)

kernel/samsung/msm8976

    7117745ed507e (4 days ago) usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter)
    270102aecc922 (4 days ago) usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman)
    5cfc91135bb1f (4 days ago) usb: gadget: clear related members when goto fail (Hangyu Hua)
    5ea33042c172e (4 days ago) usb: gadget: don't release an existing dev->buf (Hangyu Hua)
    da0cc8e1f5839 (4 days ago) USB: gadgetfs: Fix a potential memory leak in 'dev_config()' (Christophe JAILLET)
    33e63f1f344b1 (10 days ago) tcp: resalt the secret every 10 seconds (Eric Dumazet)
    c1fac3385652b (11 days ago) secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau)
    e166e626c9845 (11 days ago) tcp: connect() from bound sockets can be faster (Eric Dumazet)
    f16f9a49132e1 (11 days ago) secure_seq: fix sparse errors (Eric Dumazet)
    05c7240e70024 (11 days ago) secure_seq: use SipHash in place of MD5 (Jason A. Donenfeld)
    95e0e4979da03 (11 days ago) net: switch net_secret key generation to net_get_random_once (Hannes Frederic Sowa)
    a238074f11533 (11 days ago) BACKPORT: tcp: change source port randomizarion at connect() time (Eric Dumazet)
    276cc1f78f544 (2 weeks ago) net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang)
    93a5fe73f08b7 (3 weeks ago) netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet)
    e6f9cae4e1cdb (3 weeks ago) netlink: reset network and mac headers in netlink_dump() (Eric Dumazet)
    bb78e3f84a655 (4 weeks ago) net: sched: prevent UAF on tc_ctl_tfilter when temporarily dropping rtnl_lock (Thadeu Lima de Souza Cascardo)
    9fb40ce4cb1e4 (4 weeks ago) net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet)
    6b41561876d3e (4 weeks ago) qcacld-2.0: Possible OOB read in process_fw_diag_event_data (abhinav kumar)
    04acbf77f3fc9 (4 weeks ago) Asoc: check for invalid voice session id (Lakshman Chaluvaraju)
    4648031b0b7fc (4 weeks ago) asoc: Add check to handle negative value passed for num_app_cfg_type (Harshal Ahire)
    67d101c021ea7 (4 weeks ago) asoc: add missing null check for pcm pointer of snd_pcm_volume (xsang)
    478cc452abde0 (4 weeks ago) asoc: add null check for pcm pointer of snd_pcm_volume (xsang)

packages/apps/Bluetooth

    9b161a5df (3 days ago) Removes app access to BluetoothAdapter#setDiscoverableTimeout by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)
    e92d6785f (3 days ago) Removes app access to BluetoothAdapter#setScanMode by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)

packages/apps/Contacts

    c7774bc8c (3 days ago) No longer export CallSubjectDialog (John Shao)

packages/apps/Dialer

    2f6726c8e (3 days ago) No longer export CallSubjectDialog (Tatsuaki Machida)

packages/apps/Nfc

    4d27cb3b (3 days ago) OOB read in phNciNfc_RecvMfResp() (Alisher Alikhodjaev)

packages/services/Telecomm

    de446cd1a (3 days ago) limit TelecomManager#registerPhoneAccount to 10 (Thomas Stuart)

system/ca-certificates

    1398a9b (8 days ago) Backport Android.mk from P (syphyr)

system/core

    ae76011a9 (3 days ago) Backport of Win-specific suppression of potentially rogue construct that can engage (Shaju Mathew)
Your da Man !!!!!
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    T813: lineage-14.1-20220610-NIGHTLY-gts210vewifi.zip
    T713: lineage-14.1-20220610-NIGHTLY-gts28vewifi.zip

    Security Patch Level: June 2022

    Notes:

    - Update ca-certifacates from Android 12.
    - Fix many many ffmpeg bugs/cve.
    - Randomize source ports on connect to prevent distinguishing between different users
    behind a VPN based on distinct source port ranges, tracking users over time across multiple
    networks, tracking what applications are running on a computer based on the pattern of how
    fast source ports are getting incremented, and covert communication channels between
    different browsers/browser profiles running on the same computer.
    - Increase wifi stability with higher missed beacon count threshold.
    - Convert secure network calls from MD5 to SipHash.


    Code:
    android
    
        dbf1488 (8 days ago) manifest: Track android12-release for system/ca-certificates (syphyr)
    
    build
    
        853ebc61cd (3 days ago) Bump Security String to 2022-06-05 (syphyr)
    
    device/samsung/msm8976-common
    
        c87c3de (3 days ago) msm8976-common: wifi: Increase beacon missed count threshold (syphyr)
    
    external/bromite-webview
    
        6cde32b (5 days ago) Bromite System Webview 102.0.5005.92 (syphyr)
        1075523 (3 weeks ago) Bromite System Webview 101.0.4951.69 (syphyr)
    
    external/dhcpcd-6.8.2
    
        b388690 (5 days ago) Really disable IPv6 RA processing in dhcpcd. (Pierre Imai)
    
    external/dnscrypt-proxy
    
        45800b6 (3 days ago) Update blocked names, resolvers and configs (syphyr)
        8a1ca54 (8 days ago) Update blocked names and resolvers (syphyr)
        54d69f5 (2 weeks ago) Update blocked names and relays (syphyr)
        6fbc59d (3 weeks ago) Fix negative rtt, update blocked names and resolvers (syphyr)
        a56d907 (4 weeks ago) Add another tracker to allowed names (syphyr)
        2af09d7 (4 weeks ago) Update blocked names and resolvers (syphyr)
        3a9442f (4 weeks ago) Add tracker to allowed names (syphyr)
        d457ef3 (4 weeks ago) Update to golang 1.18.2, blocked names and resolvers (syphyr)
    
    external/ffmpeg
    
        072954eeb0 (2 weeks ago) avformat: Fix max value of AV_OPT_TYPE_VIDEO_RATE (Michael Niedermayer)
        732f239249 (2 weeks ago) avformat/rmdec: Clear extradata when extradata_size is cleared (Michael Niedermayer)
        5ff16c561c (2 weeks ago) avformat/rmdec: Check remaining space in debug av_log() loop (Michael Niedermayer)
        5321af71f7 (2 weeks ago) avformat/rmdec: Initialize and sanity check offset in ivr_read_header() (Michael Niedermayer)
        f515bea6e3 (2 weeks ago) lavf/rmdec: Do not return EIO on EOF. (Carl Eugen Hoyos)
        a560f14c18 (2 weeks ago) rmdec: validate block alignment (Andreas Cadhalpun)
        a563791332 (2 weeks ago) avformat/mxfdec: Clear metadata_sets_count in mxf_read_close() (Michael Niedermayer)
        bb4da38a34 (2 weeks ago) avformat/aqtitledec: Fix memleak upon read header failure (Andreas Rheinhardt)
        99cbe54ae2 (2 weeks ago) avcodec/vqavideo: Set video size (Michael Niedermayer)
        28969993f2 (2 weeks ago) avcodec/g729dec: require buf_size to be non 0 (Michael Niedermayer)
        3f6b7f24f3 (2 weeks ago) avcodec/g729dec: Use 64bit and clip in scalar product (Michael Niedermayer)
        92e30cb0f8 (2 weeks ago) avcodec/alacdsp: Fix invalid shift in append_extra_bits() (Michael Niedermayer)
        1d03b61542 (2 weeks ago) avcodec/ac3enc: Fix invalid shift (Andreas Rheinhardt)
        d2839567a2 (2 weeks ago) avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going to be written (James Almer)
        bd22c20ff3 (2 weeks ago) avcodec/diracdec: avoid signed integer overflow in global mv (Michael Niedermayer)
        585293dd4c (2 weeks ago) avcodec/diracdec: Fix integer overflow in global_mv() (Michael Niedermayer)
        5ca1372417 (2 weeks ago) avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation (Michael Niedermayer)
        8082cd9917 (2 weeks ago) avcodec/takdsp: Fix integer overflow in decorrelate_sf() (Michael Niedermayer)
        d954053636 (2 weeks ago) avcodec/takdsp: Fix negative shift in decorrelate_sf() (Michael Niedermayer)
        506f7c353d (2 weeks ago) avformat/avidec: Check height (Michael Niedermayer)
        da4bbefddd (2 weeks ago) avformat/aiffdec: Check sample_rate (Michael Niedermayer)
        687770734f (2 weeks ago) avformat/aiffdec: Check size before subtraction in get_aiff_header() (Michael Niedermayer)
        2ee310d281 (2 weeks ago) aformat/movenc: add missing padding to output track extradata (James Almer)
        665c843444 (2 weeks ago) avcodec/ac3enc: Fix memleak (Andreas Rheinhardt)
        7f84c3480f (2 weeks ago) avfilter/vf_random: fix memory leaks (Paul B Mahol)
        7630d9d1d6 (2 weeks ago) fftools/ffmpeg_opt: Fix leak of options when parsing options fails (Andreas Rheinhardt)
        6cc642a96c (2 weeks ago) avfilter/vf_edgedetect: fix heap-buffer overflow (Paul B Mahol)
        2d83792a9f (2 weeks ago) avfilter/vf_w3fdif: deny processing small videos (Paul B Mahol)
        154b3c97a7 (2 weeks ago) avfilter/af_tremolo: fix heap-buffer overflow (Paul B Mahol)
        51bf76018f (2 weeks ago) avfilter/vf_edgedetect: check if height is big enough (Paul B Mahol)
        dccddadcd3 (2 weeks ago) avfilter/vf_fieldorder: fix heap-buffer overflow (Paul B Mahol)
        525f615fe3 (2 weeks ago) avfilter/vf_fieldmatch: fix heap-buffer overflow (Paul B Mahol)
        e12c6f2fee (2 weeks ago) avcodec/pngenc: remove monowhite from apng formats (Paul B Mahol)
        d64ce1dd76 (2 weeks ago) avfilter/vf_lenscorrection: make width/height int (Paul B Mahol)
        44e2484e69 (2 weeks ago) avcodec/apedec: fix a integer overflow in long_filter_high_3800() (Michael Niedermayer)
        35c8c99967 (2 weeks ago) avformat/aqtitledec: Skip unrepresentable durations (Michael Niedermayer)
        340e4fa322 (2 weeks ago) avformat/cafdec: Do not store empty keys in read_info_chunk() (Michael Niedermayer)
        338744b6bf (2 weeks ago) avformat/matroskadec: Check pre_ns (Michael Niedermayer)
        b84c7af8a8 (2 weeks ago) avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior (Michael Niedermayer)
        7253a121b3 (2 weeks ago) avformat/matroskadec: Use rounded down duration in get_cue_desc() check (Michael Niedermayer)
        afb24dc591 (2 weeks ago) avformat/rmdec: Better duplicate tags check (Michael Niedermayer)
        3a0f1ab6bd (3 weeks ago) avformat/mov: Disallow empty sidx (Michael Niedermayer)
        db20bf2855 (3 weeks ago) avformat/matroskadec: Check duration (Michael Niedermayer)
        9957d1bcb2 (3 weeks ago) avcodec/jpeglsdec: Fix if( code style (Michael Niedermayer)
        c3ab6f9426 (3 weeks ago) avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error (Michael Niedermayer)
        09c034f76d (3 weeks ago) avcodec/motion_est: fix indention of ff_get_best_fcode() (Michael Niedermayer)
        03d818aa8e (3 weeks ago) avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode() (Michael Niedermayer)
        e6952a6b19 (3 weeks ago) avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned (Michael Niedermayer)
        6c8ee1053f (3 weeks ago) avformat/matroskadec: Check desc_bytes (Michael Niedermayer)
        57d5ea5baf (3 weeks ago) avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value() (Michael Niedermayer)
        7678e2c6ad (3 weeks ago) avformat/matroskadec: Fix infinite loop with bz decompression (Michael Niedermayer)
        2e26b8c9ae (3 weeks ago) avformat/mov: Check size before subtraction (Michael Niedermayer)
        a7db9ce19d (3 weeks ago) avcodec/apedec: Fix integer overflows in predictor_update_3930() (Michael Niedermayer)
        0320f78a7b (3 weeks ago) avcodec/apedec: fix integer overflow in 8bit samples (Michael Niedermayer)
        e65c03ff5e (3 weeks ago) avformat/flvdec: timestamps cannot use the full int64 range (Michael Niedermayer)
        9b2e525896 (3 weeks ago) avcodec/vqavideo: reset accounting on error (Michael Niedermayer)
        aed7ae9c2a (3 weeks ago) avcodec/alacdsp: fix integer overflow in decorrelate_stereo() (Michael Niedermayer)
        8370bae9f4 (3 weeks ago) avformat/4xm: Check for duplicate track ids (Michael Niedermayer)
        6f20c44f89 (3 weeks ago) avformat/4xm: Consider max_streams on reallocating tracks array (Michael Niedermayer)
        a07b7d445c (3 weeks ago) avformat/mov: Check next offset in mov_read_dref() (Michael Niedermayer)
        5ac23018f4 (3 weeks ago) avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() (Michael Niedermayer)
        be041a9eba (3 weeks ago) avcodec/apedec: Change avg to uint32_t (Michael Niedermayer)
        cfd813cbcb (3 weeks ago) avformat/mov: Check for EOF in mov_read_glbl() (Michael Niedermayer)
        877bbb4a94 (3 weeks ago) avfilter/vf_lenscorrection: fix division by zero (Paul B Mahol)
        9406e561b3 (3 weeks ago) avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum() (Michael Niedermayer)
        5bbb980f1f (3 weeks ago) avformat/movenc: Fix segfault when remuxing rtp hint stream (Andreas Rheinhardt)
        89c76d8b21 (3 weeks ago) avformat/tty: add probe function (Paul B Mahol)
        14dae6b3b3 (3 weeks ago) avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE (Michael Niedermayer)
        6740ce3c84 (3 weeks ago) avcodec/ttadsp: Fix integer overflows in tta_filter_process_c() (Michael Niedermayer)
    
    external/libnfc-nci
    
        67be0f7 (2 days ago) Double Free in ce_t4t_data_cback (Alisher Alikhodjaev)
        551ccd5 (3 days ago) OOBR in nfc_ncif_proc_ee_discover_req() (Alisher Alikhodjaev)
        93b651c (3 days ago) Out of Bounds Read in nfa_dm_check_set_config (Alisher Alikhodjaev)
    
    frameworks/base
    
        3e5f0e5c8459 (15 minutes ago) DO NOT MERGE Add an OEM configurable limit for zen rules (Julia Reynolds)
        c6d34cf08246 (3 days ago) limit TelecomManager#registerPhoneAccount to 10; api doc update (Thomas Stuart)
        72f7d7e504f9 (3 days ago) RESTRICT AUTOMERGE Prevent non-admin users from deleting system apps. (Oli Lan)
        51cc5080993e (3 days ago) Update GeofenceHardwareRequestParcelable to match parcel/unparcel format. (David Christie)
        b09a9d8308f5 (3 days ago) Fix security hole in GateKeeperResponse (Ayush Sharma)
        a099f266c816 (7 days ago) Fixed a concurrent modification crash (Selim Cinek)
    
    kernel/samsung/msm8976
    
        7117745ed507e (4 days ago) usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter)
        270102aecc922 (4 days ago) usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman)
        5cfc91135bb1f (4 days ago) usb: gadget: clear related members when goto fail (Hangyu Hua)
        5ea33042c172e (4 days ago) usb: gadget: don't release an existing dev->buf (Hangyu Hua)
        da0cc8e1f5839 (4 days ago) USB: gadgetfs: Fix a potential memory leak in 'dev_config()' (Christophe JAILLET)
        33e63f1f344b1 (10 days ago) tcp: resalt the secret every 10 seconds (Eric Dumazet)
        c1fac3385652b (11 days ago) secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau)
        e166e626c9845 (11 days ago) tcp: connect() from bound sockets can be faster (Eric Dumazet)
        f16f9a49132e1 (11 days ago) secure_seq: fix sparse errors (Eric Dumazet)
        05c7240e70024 (11 days ago) secure_seq: use SipHash in place of MD5 (Jason A. Donenfeld)
        95e0e4979da03 (11 days ago) net: switch net_secret key generation to net_get_random_once (Hannes Frederic Sowa)
        a238074f11533 (11 days ago) BACKPORT: tcp: change source port randomizarion at connect() time (Eric Dumazet)
        276cc1f78f544 (2 weeks ago) net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang)
        93a5fe73f08b7 (3 weeks ago) netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet)
        e6f9cae4e1cdb (3 weeks ago) netlink: reset network and mac headers in netlink_dump() (Eric Dumazet)
        bb78e3f84a655 (4 weeks ago) net: sched: prevent UAF on tc_ctl_tfilter when temporarily dropping rtnl_lock (Thadeu Lima de Souza Cascardo)
        9fb40ce4cb1e4 (4 weeks ago) net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet)
        6b41561876d3e (4 weeks ago) qcacld-2.0: Possible OOB read in process_fw_diag_event_data (abhinav kumar)
        04acbf77f3fc9 (4 weeks ago) Asoc: check for invalid voice session id (Lakshman Chaluvaraju)
        4648031b0b7fc (4 weeks ago) asoc: Add check to handle negative value passed for num_app_cfg_type (Harshal Ahire)
        67d101c021ea7 (4 weeks ago) asoc: add missing null check for pcm pointer of snd_pcm_volume (xsang)
        478cc452abde0 (4 weeks ago) asoc: add null check for pcm pointer of snd_pcm_volume (xsang)
    
    packages/apps/Bluetooth
    
        9b161a5df (3 days ago) Removes app access to BluetoothAdapter#setDiscoverableTimeout by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)
        e92d6785f (3 days ago) Removes app access to BluetoothAdapter#setScanMode by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)
    
    packages/apps/Contacts
    
        c7774bc8c (3 days ago) No longer export CallSubjectDialog (John Shao)
    
    packages/apps/Dialer
    
        2f6726c8e (3 days ago) No longer export CallSubjectDialog (Tatsuaki Machida)
    
    packages/apps/Nfc
    
        4d27cb3b (3 days ago) OOB read in phNciNfc_RecvMfResp() (Alisher Alikhodjaev)
    
    packages/services/Telecomm
    
        de446cd1a (3 days ago) limit TelecomManager#registerPhoneAccount to 10 (Thomas Stuart)
    
    system/ca-certificates
    
        1398a9b (8 days ago) Backport Android.mk from P (syphyr)
    
    system/core
    
        ae76011a9 (3 days ago) Backport of Win-specific suppression of potentially rogue construct that can engage (Shaju Mathew)
  • 19
    This is an unofficial version of LineageOS 14.1 for Samsung Galaxy S2 (T813 and T713) with extra security features.

    - Vendor has been updated using latest release from Samsung (T813XXS2BSJ3 and T713XXS2BSG1)
    - Kernel has been updated using latest CAF, Google, and kernel.org sources
    - SDcardfs has been backported from Oreo
    - Wifi driver (qcacld-2.0) has been updated from latest CAF repos
    - Fixed random wifi disconnects
    - Proc has been hardened with updated selinux policy
    - Use correct ANT+ wireless driver (qualcomm-uart)
    - Added blur effect
    - Enabled burnIn protection support
    - Only light up capacitive hardware keys when pressed
    - Lowmemory killer has been optimized using latest upstream Google sources
    - Stability and power usage improvements
    - MicroG support has been added to framework (signature spoofing)
    - Add menu option to switch off captive portal (to stop pinging google servers)
    - Latest Wireguard kernel support added
    - Integrated superuser support added
    - Added per-app VPN data restrictions
    - Add Privacy-Friendly Network Monitor
    - Restrict untrusted apps from /proc/net
    - Added per-app sensor block in privacy guard
    - DNSCrypt Proxy support for encrypted DNS and integrated ad blocker
    - Support for DNSCrypt Proxy requests through Tor for total DNS privacy (requires Tor to be installed separately)
    - Bromite system webview that can be updated from official Bromite website and FDroid.

    T813: lineage-14.1-20220610-NIGHTLY-gts210vewifi.zip
    Supported Bootloader versions:
    T813XXU2BSB1|T813ZCU2BSB1|T813XXS2BSG1|T813XXS2BSG3|T813XXU2BSI2|T813ZCU2BSI3|T813XXS2BSJ3

    T713: lineage-14.1-20220610-NIGHTLY-gts28vewifi.zip
    Supported Bootloader versions:
    T713XXU2BRF4|T713XXS2BRI1|T713XXU2BSB1|T713XXU2BSA1|T713XXS2BSG3|T713XXS2BSG1|T713ZCU2BSI3

    Security Patch Level: June 2022

    T813 Recovery: twrp-3.2.3-1-gts210vewifi-20190418-1-recovery.img
    md5sum: ce7f264cf2fdef9da0d812eec293396e

    T713 Recovery: twrp-3.2.3-0-gts28vewifi.img
    md5sum: twrp-3.2.3-0-gts28vewifi.img.md5

    Note: TWRP 3.2.3 is only version that works properly with encryption on Nougat because newer versions of TWRP do not format the data partition correctly. The data partition must be formatted with TWRP 3.2.3 in order to create proper encryption footers.

    Recommended Gapps: gapps-base-arm64-7.1.2-20180730-1-signed.zip

    TWRP Device Repo: https://github.com/syphyr/android_device_samsung_gts210vewifi-teamwin/commits/android-7.1

    Local Manifest: local_manifests_laos_S2-14.1.xml
    6
    Android security level: June 2019
    lineage-14.1-20190607-NIGHTLY-gts210vewifi.zip

    Additional features:
    Added enhanced privacy guard feature that controls access to motion sensors (can be used to prevent sensor calibration attack in web browsers).
    Use Cloudflare DNS instead of Google DNS because of privacy policy
    Apps having the PACKAGE_USAGE_STATS permission now appear by default as "not allowed" in privacy guard
    Don't send IMSI or phone number to Gnss Location Provider
    Stop automatically granting the standard browsing app runtime permission for location
    6
    T813: lineage-14.1-20210408-NIGHTLY-gts210vewifi.zip

    T713: lineage-14.1-20210408-NIGHTLY-gts28vewifi.zip

    Security Patch Level: April 2021

    Code:
    build
    
        391433f33 (2 days ago) Bump Security String to 2021-04-05 (Vasyl Gello)
    
    external/bromite-webview
    
        a28caf5 (29 minutes ago) Bromite System Webview 90.0.4430.59 (syphyr)
        a6d846c (3 days ago) Bromite System Webview 89.0.4389.117 (syphyr)
    
    external/chromium-webview
    
        dcdf525 (13 days ago) Update Chromium Webview to 89.0.4389.105 (Kevin F. Haggerty)
    
    external/dnscrypt-proxy
    
        150f476 (11 minutes ago) Update blocked names and resolvers (syphyr)
        4638491 (3 days ago) Update binary, block list, and resolvers (syphyr)
        4d358ab (9 days ago) Update binary, blocked names, and resolvers (syphyr)
        080a224 (2 weeks ago) Update blocked names and resolvers (syphyr)
        95523aa (2 weeks ago) Update binary deps and blocked names (syphyr)
        c9a12b4 (2 weeks ago) Update blocked names and resolvers (syphyr)
        266af17 (4 weeks ago) Update config example (syphyr)
        851f5cd (4 weeks ago) Update blocked names and resolver list (syphyr)
        21cffd4 (4 weeks ago) Update binary, blocked names, and resolvers (syphyr)
    
    frameworks/base
    
        be00da591fdd (20 minutes ago) Close screenshot process on user switched (Miranda Kephart)
        8971ebf465ba (20 minutes ago) DO NOT MERGE: WM: Only allow system to use NO_INPUT_CHANNEL. (Robert Carr)
    
    kernel/samsung/msm8976
    
        837e72e7b7733 (52 minutes ago) crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned (Jia-Ju Bai)
        421e6ede64f51 (20 hours ago) staging: ion: msm: Apply d82ad70e8aff to msm_ion_custom_ioctl (Nathan Chancellor)
        e86aa7be95afa (20 hours ago) staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free (Greg Hackmann)
        c670579e617ca (20 hours ago) BACKPORT: staging: android: ion: Pull out ion ioctls to a separate file (Laura Abbott)
        d0854fad0d338 (4 days ago) genirq: Disable interrupts for force threaded handlers (Thomas Gleixner)
        b9bee85a476b8 (4 days ago) genirq: Fix race on spurious interrupt detection (Lukas Wunner)
        c973919b0bdc7 (5 days ago) ext4: don't allow overlapping system zones (Jan Kara)
        3f332f78f0218 (5 days ago) ext4: handle error of ext4_setup_system_zone() on remount (Jan Kara)
        c3e408ce08b50 (5 days ago) ext4: fix potential error in ext4_do_update_inode (Shijie Luo)
        2af26f73868db (6 days ago) net: drop write-only stack variable (David Herrmann)
        dc6865481c7bd (9 days ago) Revert "mm, slub: consider rest of partial list if acquire_slab() fails" (Linus Torvalds)
        d9ccdde9f33d1 (9 days ago) netfilter: x_tables: gpf inside xt_find_revision() (Vasily Averin)
        d698e97be22f8 (9 days ago) netfilter: don't use mutex_lock_interruptible() (Pablo Neira Ayuso)
        897309aa0aa39 (11 days ago) uapi: nfnetlink_cthelper.h: fix userspace compilation error (Dmitry V. Levin)
        987e474b84a63 (13 days ago) ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (Eric Dumazet)
        71e678407a6ed (13 days ago) arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" (Miguel Ojeda)
        6ec096c9f7b89 (3 weeks ago) clk: Don't show the incorrect clock phase (Shawn Lin)
        89ecf571302bf (3 weeks ago) selinux: use GFP_NOWAIT in the AVC kmem_caches (Michal Hocko)
        2a5db6d593fd3 (3 weeks ago) locking/rwsem-xadd: Fix missed wakeup due to reordering of load (Prateek Sood)
        5b9c607a2649a (3 weeks ago) genirq: Delay incrementing interrupt count if it's disabled/pending (Sudeep Holla)
        7111d5e0836f8 (3 weeks ago) tcp: do not restart timewait timer on rst reception (Florian Westphal)
        a8916fc36d2c7 (3 weeks ago) media: v4l: ioctl: Fix memory leak in video_usercopy (Sakari Ailus)
        313f35fa25ebd (3 weeks ago) [media] v4l2-ioctl.c: fix sparse __user-related warnings (Hans Verkuil)
        f2f2347f587a7 (3 weeks ago) media: uvcvideo: Allow entities with no pads (Ricardo Ribalda)
        f2c89dc347dc0 (3 weeks ago) Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (Gopal Tiwari)
        918bf8e3dfe0b (3 weeks ago) net: fix up truesize of cloned skb in skb_prepare_for_shift() (Marco Elver)
        53ede3c67777f (3 weeks ago) qcacld-2.0: Adjust vos mem for roam_info (syphyr)
        21966b40912c7 (3 weeks ago) qcacld-2.0: fix Tx failed after candidate channel switch (Miaoqing Pan)
        990a9ae36a1d9 (3 weeks ago) qcacld-2.0: Clean up local variable of csr_roam_info (bings)
        2b58836ea2908 (4 weeks ago) HID: core: detect and skip invalid inputs to snto32() (Randy Dunlap)
        7000b98dd9ecd (4 weeks ago) media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (Laurent Pinchart)
        d1bf4b42eb88a (4 weeks ago) Bluetooth: Put HCI device if inquiry procedure interrupts (Pan Bian)
        23cc03ccdc95f (4 weeks ago) Bluetooth: drop HCI device reference before return (Pan Bian)
        3235f68f1ca1e (4 weeks ago) Bluetooth: Fix initializing response id after clearing struct (Christopher William Snowhill)
        92a1835e30006 (4 weeks ago) HID: make arrays usage and value to be the same (Will McVicker)
        f3acb3d472de7 (4 weeks ago) net: watchdog: hold device global xmit lock during tx disable (Edwin Peer)
        9cdbb423bb708 (4 weeks ago) netfilter: xt_recent: Fix attempt to update deleted entry (Jozsef Kadlecsik)
        2a92da7a3975f (4 weeks ago) af_key: relax availability checks for skb size calculation (Cong Wang)
        8f53f717bc25d (4 weeks ago) tcp: Fix missing range_truesize enlargement in the backport (Takashi Iwai)
    
    kernel/samsung/msm8976/net/wireguard
    
        122f06b (4 weeks ago) compat: icmp_ndo_send functions were backported extensively (Jason A. Donenfeld)
    
    packages/apps/Settings
    
        f410ff105b (18 minutes ago) RESTRICT AUTOMERGE Update String (Hugh Chen)
        7f5742461b (19 minutes ago) RESTRICT AUTOMERGE Fix phishing attacks over Bluetooth due to unclear warning message (Hugh Chen)
    
    system/bt
    
        73bacf640 (17 minutes ago) avrc_copy_packet: Zero initialize packet (Hansong Zhang)
        c9bb73372 (17 minutes ago) AVRCP: Use calloc to zero reserved fields (Myles Watson)
        dc9c77873 (17 minutes ago) Legacy pairing: Reject device with same BD_ADDR (Hansong Zhang)
    6
    Security Update:
    lineage-14.1-20190620-NIGHTLY-gts210vewifi.zip

    - Fixes for CVE-2019-5489, CVE-2019-11884, CVE-2019-11833, CVE-2019-11477 (latest high severity "Ping of Death" issue), CVE-2019-11478, and CVE-2019-11479
    - OpenSSH has been updated and backported from Android Pie.

    Additionally, the latest official version of TWRP (3.3.1-1) does not work with encryption on this device. Therefore, here is a custom version of TWRP (3.2.3-1) for T813 with a few additional changes.

    - Updated encryption blobs from latest factory release
    - Disable haptic settings (backported from TWRP 3.3.1) because T813 does not have haptics.
    - Updated kernel and sdfat driver for recovery

    Recovery: twrp-3.2.3-1-gts210vewifi-20190418-1-recovery.img
    md5sum: ce7f264cf2fdef9da0d812eec293396e

    TWRP Device Repo: https://github.com/syphyr/android_device_samsung_gts210vewifi-teamwin/commits/android-7.1
    6
    T813: lineage-14.1-20200822-NIGHTLY-gts210vewifi.zip

    T713: lineage-14.1-20200822-NIGHTLY-gts28vewifi.zip

    Notes: Fixes for CVE-2020-0108 and CVE-2020-0238

    Code:
    external/chromium-webview
    
        a0e62a6 (22 hours ago) Update Chromium Webview to 84.0.4147.125 (Kevin F. Haggerty)
    
    external/dnscrypt-proxy
    
        113ee61 (17 minutes ago) Update blocked names list (syphyr)
        047ac5d (13 days ago) Update binary, resolver, and blocked names (syphyr)
    
    frameworks/base
    
        d8389d36e51 (3 weeks ago) More fixes towards the race conditions in AMS (Jing Ji)
        eee0afbaeb7 (3 weeks ago) DO NOT MERGE - Kill apps outright for API contract violations (Christopher Tate)
    
    kernel/samsung/msm8976
    
        628c1ee3728c0 (23 hours ago) ANDROID: fix a bug in quota2 (Maciej Żenczykowski)
        b10f0763e402e (23 hours ago) netfilter: Remove Samsung debug from xt_quota2 (syphyr)
        56dc5aee93e60 (3 days ago) regmap: dev_get_regmap_match(): fix string comparison (Marc Kleine-Budde)
        073120377e62e (3 days ago) ALSA: info: Drop WARN_ON() from buffer NULL sanity check (Takashi Iwai)
        2abcc7856a95c (3 days ago) crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes (Ard Biesheuvel)
        4726edf051cb3 (11 days ago) nl80211: fix sched scan netlink socket owner destruction (Johannes Berg)
    
    packages/apps/Settings
    
        6048a5c67e (15 hours ago) Allows to launch only authenticator owned activities (Sunny Shao)