diff --git a/metadata/com.cheogram.android.yml b/metadata/com.cheogram.android.yml index 03f156ead8..6419c40076 100644 --- a/metadata/com.cheogram.android.yml +++ b/metadata/com.cheogram.android.yml @@ -128,6 +128,13 @@ Builds: prebuild: sed -i -e '/MissingTranslation/aabortOnError\ false' -e '/splits/,+5d' -e '/Variants.all/,+10d' build.gradle ndk: r21e + antifeatures: + - KnownVuln + +MaintainerNotes: |- + KnownVuln: org.webrtc:google-webrtc:1.0.32006 noted at below link + https://git.singpolyma.net/cheogram-android/tree/$TAG/item/build.gradle + https://gitlab.com/fdroid/fdroiddata/-/issues/2064 AutoUpdateMode: Version ++free %v-fdroid UpdateCheckMode: Tags .*-fdroid$ diff --git a/metadata/com.csipsimple.yml b/metadata/com.csipsimple.yml index ebf8a24bf6..e52eea3096 100644 --- a/metadata/com.csipsimple.yml +++ b/metadata/com.csipsimple.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Phone & SMS License: GPL-3.0-only @@ -89,6 +91,9 @@ MaintainerNotes: |- this issue, as of June 23 2016, the maintainers haven't responded to that question yet. + KnownVuln: webrtc@2948 noted above + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + ArchivePolicy: 0 versions AutoUpdateMode: None UpdateCheckMode: None diff --git a/metadata/com.foobnix.pro.pdf.reader.yml b/metadata/com.foobnix.pro.pdf.reader.yml index b136fefc60..ca2bf1682b 100644 --- a/metadata/com.foobnix.pro.pdf.reader.yml +++ b/metadata/com.foobnix.pro.pdf.reader.yml @@ -330,11 +330,18 @@ Builds: - pushd ../Builder/ - ./link_merge.sh ndk: r25b + antifeatures: + - KnownVuln MaintainerNotes: |- * Upstream builds separate APKs for each architecture but we build an universal APK. * scanner will detect GMS (/com/google/android/gms) in these APKs; those are only stubs here, see https://gitlab.com/fdroid/fdroiddata/-/issues/2272#note_493741256 + * KnownVuln: MuPDF 1.11 noted at below link + * https://github.com/foobnix/LibreraReader/blob/8.8.5/app/src/main/java/com/foobnix/pdf/info/AppsConfig.java#L30 + * app includes both MuPDF 1.11 as the default for legacy Android 4.0 compatibility + * https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + AutoUpdateMode: Version +-fdroid %v UpdateCheckMode: Tags UpdateCheckData: app/build.gradle|\s+FDroidCodeNumber = (\d+)|.|\s+FDroidVersionNumber diff --git a/metadata/com.gsnathan.pdfviewer.yml b/metadata/com.gsnathan.pdfviewer.yml index fe6b2a7c3a..1c02b0b8ba 100644 --- a/metadata/com.gsnathan.pdfviewer.yml +++ b/metadata/com.gsnathan.pdfviewer.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Reading License: MIT @@ -97,6 +99,13 @@ Builds: gradle: - yes +MaintainerNotes: |- + KnownVuln: com.github.barteksc:android-pdf-viewer:3.2.0 noted at below link + https://github.com/JavaCafe01/PdfViewer/blob/$TAG/app/build.gradle + https://github.com/JavaCafe01/PdfViewer/issues/175 + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + Repository archived + AutoUpdateMode: Version v%v UpdateCheckMode: Tags ^v[0-9.]+$ CurrentVersion: '3.7' diff --git a/metadata/com.poupa.attestationdeplacement.yml b/metadata/com.poupa.attestationdeplacement.yml index ecbae347b8..b7f7389044 100644 --- a/metadata/com.poupa.attestationdeplacement.yml +++ b/metadata/com.poupa.attestationdeplacement.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Phone & SMS License: GPL-3.0-only @@ -125,6 +127,13 @@ Builds: gradle: - yes +MaintainerNotes: |- + KnownVuln: com.itextpdf:itextg:5.5.10 noted at below link + https://github.com/AdrienPoupa/AttestationDeplacement/blob/$TAG/app/build.gradle + https://github.com/AdrienPoupa/AttestationDeplacement/issues/131 + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + Repository archived + AutoUpdateMode: Version %v UpdateCheckMode: Tags CurrentVersion: 3.7.0 diff --git a/metadata/com.saverio.pdfviewer.yml b/metadata/com.saverio.pdfviewer.yml index 0db1a7539f..7c88039539 100644 --- a/metadata/com.saverio.pdfviewer.yml +++ b/metadata/com.saverio.pdfviewer.yml @@ -54,6 +54,7 @@ Builds: MaintainerNotes: KnownVuln as it uses a very old version of pdfium with many vulnerabilities, see https://gitlab.com/fdroid/fdroiddata/-/merge_requests/9913#note_701892370 + https://github.com/Sav22999/sav-pdf-viewer-pro/issues/28 AutoUpdateMode: Version %v UpdateCheckMode: Tags diff --git a/metadata/com.simplemobiletools.filemanager.pro.yml b/metadata/com.simplemobiletools.filemanager.pro.yml index 0ba336cad7..14169a1457 100644 --- a/metadata/com.simplemobiletools.filemanager.pro.yml +++ b/metadata/com.simplemobiletools.filemanager.pro.yml @@ -526,6 +526,14 @@ Builds: - build.patch gradle: - fdroid + antifeatures: + - KnownVuln + +MaintainerNotes: |- + KnownVuln: com.github.tibbi:AndroidPdfViewer:da57ff410e noted at below link + https://github.com/SimpleMobileTools/Simple-File-Manager/blob/$TAG/app/build.gradle + https://github.com/SimpleMobileTools/Simple-File-Manager/issues/619 + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 AutoUpdateMode: Version %v UpdateCheckMode: Tags diff --git a/metadata/cx.hell.android.pdfview.yml b/metadata/cx.hell.android.pdfview.yml index 3c705eb7b2..f03de49c82 100644 --- a/metadata/cx.hell.android.pdfview.yml +++ b/metadata/cx.hell.android.pdfview.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Reading License: GPL-3.0-only @@ -75,6 +77,11 @@ Builds: - yes ndk: r12b +MaintainerNotes: |- + KnownVuln: Ancient MuPDF noted at below link + https://github.com/mpietrzak/apv/tree/$COMMIT/pdfview/deps + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + AutoUpdateMode: None UpdateCheckMode: None CurrentVersion: 0.4.0 diff --git a/metadata/de.baumann.pdfcreator.yml b/metadata/de.baumann.pdfcreator.yml index 09737b3dff..c531eb8d35 100644 --- a/metadata/de.baumann.pdfcreator.yml +++ b/metadata/de.baumann.pdfcreator.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Writing License: GPL-3.0-or-later @@ -174,6 +176,12 @@ Builds: - echo -e 'distributionUrl=https://services.gradle.org/distributions/gradle-3.3-bin.zip' > gradle/wrapper/gradle-wrapper.properties +MaintainerNotes: |- + KnownVuln: com.itextpdf:itextg:5.5.10 noted at below link + https://github.com/scoute-dich/PDFCreator/blob/$TAG/app/build.gradle + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + Repository archived + AutoUpdateMode: Version v%v UpdateCheckMode: Tags CurrentVersion: '3.8' diff --git a/metadata/io.github.droidapps.pdfreader.yml b/metadata/io.github.droidapps.pdfreader.yml index 51286c552b..da37007bc7 100644 --- a/metadata/io.github.droidapps.pdfreader.yml +++ b/metadata/io.github.droidapps.pdfreader.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Reading License: GPL-3.0-only @@ -33,6 +35,11 @@ Builds: - yes ndk: r12b +MaintainerNotes: |- + KnownVuln: Ancient MuPDF noted at below link + https://github.com/droidapps/pdfreader4Android/tree/$TAG/jni/mupdf/pdf + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + AutoUpdateMode: None UpdateCheckMode: Tags CurrentVersion: 0.4.0 diff --git a/metadata/it.iiizio.epubator.yml b/metadata/it.iiizio.epubator.yml index b3bbb2e15e..74fa64bb86 100644 --- a/metadata/it.iiizio.epubator.yml +++ b/metadata/it.iiizio.epubator.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Reading License: GPL-3.0-only @@ -63,6 +65,11 @@ Builds: subdir: ePUBator prebuild: mv lib libs +MaintainerNotes: |- + KnownVuln: itextpdf-5.5.6.jar noted at below link + https://sourceforge.net/p/epubator/code/ci/master/tree/ePUBator/lib/ + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + AutoUpdateMode: None UpdateCheckMode: Tags CurrentVersion: '0.12' diff --git a/metadata/org.documentfoundation.libreoffice.yml b/metadata/org.documentfoundation.libreoffice.yml index fe25a90a58..9caea27391 100644 --- a/metadata/org.documentfoundation.libreoffice.yml +++ b/metadata/org.documentfoundation.libreoffice.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Reading License: MPL-2.0 @@ -402,6 +404,9 @@ MaintainerNotes: |- Once the right contents of LOTarballs has been figured out, don't forget to set --enable-fetch-external=no and add back the symlink command to LOTarballs (and update the LOTarballs commit hash to the new one). + KnownVuln: Current version is from 2018-01-26 + https://cgit.freedesktop.org/libreoffice/core/commit/?id=484d0ea842da + ArchivePolicy: 4 versions AutoUpdateMode: None UpdateCheckMode: None diff --git a/metadata/org.ninthfloor.copperpdf.yml b/metadata/org.ninthfloor.copperpdf.yml index e0a4a809cc..b8f63490ac 100644 --- a/metadata/org.ninthfloor.copperpdf.yml +++ b/metadata/org.ninthfloor.copperpdf.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Reading - System @@ -58,6 +60,12 @@ Builds: - yes prebuild: sed -i -e '/jcenter/a google()' ../build.gradle +MaintainerNotes: |- + KnownVuln: PDF.js 1.5.188 noted at below link + https://github.com/paride/CopperPDF/blob/$TAG/app/src/main/assets/pdf.js + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + Repository archived + AutoUpdateMode: Version v%v UpdateCheckMode: Tags CurrentVersion: v1.3.0 diff --git a/metadata/org.snikket.android.yml b/metadata/org.snikket.android.yml index af416caf36..b298cc0c9a 100644 --- a/metadata/org.snikket.android.yml +++ b/metadata/org.snikket.android.yml @@ -65,6 +65,12 @@ Builds: -e "/phonenumber/aimplementation 'org.webrtc:google-webrtc:1.0.32006'" -e '/splits/,+5d' -e '/Variants.all/,+8d' build.gradle ndk: r21e + antifeatures: + - KnownVuln + +MaintainerNotes: |- + KnownVuln: org.webrtc:google-webrtc:1.0.32006 noted above + https://gitlab.com/fdroid/fdroiddata/-/issues/2064 AutoUpdateMode: Version ++fcr %v UpdateCheckMode: Tags diff --git a/metadata/org.sufficientlysecure.viewer.yml b/metadata/org.sufficientlysecure.viewer.yml index 06b2603ce0..3873e0e602 100644 --- a/metadata/org.sufficientlysecure.viewer.yml +++ b/metadata/org.sufficientlysecure.viewer.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Reading License: GPL-3.0-only @@ -1750,6 +1752,12 @@ MaintainerNotes: |- * Archive policy last three upstream releases * Disable AUM since it does not support ABI splits + * KnownVuln: MuPDF 1.11 noted at below link + * https://github.com/SufficientlySecure/document-viewer/commits/$TAG/document-viewer/jni/mupdf + * https://github.com/SufficientlySecure/document-viewer/issues/277 + * https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + * No longer maintained + ArchivePolicy: 15 versions AutoUpdateMode: None UpdateCheckMode: None diff --git a/metadata/org.vudroid.yml b/metadata/org.vudroid.yml index 83890bbb98..f8278769bb 100644 --- a/metadata/org.vudroid.yml +++ b/metadata/org.vudroid.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Reading License: GPL-3.0-only @@ -31,6 +33,10 @@ Builds: - yes ndk: r12b +MaintainerNotes: |- + KnownVuln: Ancient MuPDF + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + AutoUpdateMode: None UpdateCheckMode: Static CurrentVersion: '1.4' diff --git a/metadata/swati4star.createpdf.yml b/metadata/swati4star.createpdf.yml index 2a9ad81a17..07d6e43a31 100644 --- a/metadata/swati4star.createpdf.yml +++ b/metadata/swati4star.createpdf.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Multimedia License: GPL-3.0-or-later @@ -144,6 +146,12 @@ Builds: - sed -i -e '/aspose/d' build.gradle - sed -i -e '/ExcelToPDFAsync/d' src/main/java/swati4star/createpdf/fragment/ExceltoPdfFragment.java +MaintainerNotes: |- + KnownVuln: com.itextpdf:itextg:5.5.10 noted at below link + https://github.com/Swati4star/Images-to-PDF/blob/$TAG/app/build.gradle + https://github.com/Swati4star/Images-to-PDF/issues/1083 + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + AutoUpdateMode: Version UpdateCheckMode: Tags CurrentVersion: 8.8.1 diff --git a/metadata/universe.constellation.orion.viewer.yml b/metadata/universe.constellation.orion.viewer.yml index 18edc17290..38342e1be9 100644 --- a/metadata/universe.constellation.orion.viewer.yml +++ b/metadata/universe.constellation.orion.viewer.yml @@ -1,3 +1,5 @@ +AntiFeatures: + - KnownVuln Categories: - Reading License: GPL-3.0-or-later @@ -29,6 +31,12 @@ Builds: - nativeLibs/mupdf ndk: r20b +MaintainerNotes: |- + KnownVuln: MuPDF 1.16.1 noted at below link + https://github.com/max-kammerer/orion-viewer/commits/$TAG/nativeLibs/mupdfModule + https://github.com/max-kammerer/orion-viewer/issues/40 + https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496 + AutoUpdateMode: Version UpdateCheckMode: Tags UpdateCheckData: orion-viewer/version.properties|orion\.version\.code\s*=\s*([0-9]+)|.|orion.version.name\s*=\s*(.+)