Changelog 10 - Sensitive numbers and our CVE Tracker

Welcome to LineageOS’ biweekly review, where we go over changes in the last couple of weeks

Major changes since the 15th May

• Some sensitive numbers are no longer written to the call log
  • In the EU, some numbers are intentionally not shown on phone bills, in order to allow hotlines dealing with domestic violence or similar situations to be called with confidence
  • In LineageOS, a list of particular numbers (available to view here - this will be continually updated) will no longer be written to the call log viewable in the Dialer app
  • We would appreciate if you know of any other sensitive numbers in your country - particularly those dealing with child abuse, domestic abuse, or sexual assault hotlines - to submit these to Gerrit, in a similar fashion to these commits: Brazil, Bangladesh, Turkey, US
• Small Jelly tweaks and improvements
  • Support ‘desktop mode’ - for viewing sites as a desktop browser would see them
  • The page is no longer re-rendered when the device is rotated
  • Incognito mode has been improved: it no longer stores cookies, and now shows an indicator to let you know when you are in incognito mode
• WiFi is now enabled on first boot after a factory reset, preventing a crash in our Setup Wizard further in the setup
• AudioFX should now be much more responsive, and free of some of the lag suffered when moving between various effects
• The customisable right lockscreen shortcut now has identical behaviour and appearance to the left one, so no longer appears black, and correctly inherits the icon’s primary colour as the background
• A potential memory leak and/or memory corruption exploit with our recent su hide patches (which you can read more about in our last changelog post) has been fixed

CVE tracker (again)

If you didn’t know, Google releases a set of security updates monthly, which fix a number of CVEs (security vulnerabilities). These aren’t always in the upper layers of Android, and are typically in the kernel.

Because of this, it can be difficult to record exactly which devices, as a developer, have been patched against particular vulnerabilities. Our CVE tracker, which was previously private is now publically accessible (as read-only), primarily for the use of developers not currently part of the LineageOS team who would like to patch their kernels against security vulnerabilities.

To clear up some confusion, to modify values here, you have to be signed into a GitHub account that is part of the LineageOS organization on GitHub - a privilege reserved for those who are part of our team.

Also bear in mind, that this does not analyse the kernel repository. The device maintainer must mark particular CVEs patched themselves.

Build roster

Added 14.1 devices

• Google Pixel C - dragon - maintainer: followmsi
• Galaxy Note 3 (International LTE) - hlte - maintainers: haggertk, trader418
• Galaxy Note 3 (T-Mobile) - hltetmo - maintainers: haggertk, trader418
• BQ Aquaris U Plus - tenshi - maintainers: brinlyau, eloimuns, Kra1o5, Team aquaris-dev

Changes to 14.1 devices

• Google Nexus 4 - mako - maintainer: rmccask
  • Readded to 14.1 roster

Changes to 13.0 devices

• LeEco Le Max 2 - x2 - maintainers: tortel, andr68rus, cr3pt
  • Promoted to 14.1
• Motorola Photon Q 4G LTE - xt897 - maintainers: nadlabak, mccreary
  • Promoted to 14.1