We’re queuing up releases across three branches this evening, releasing into the wild CM 11.0-security, 12.0-security and our very first 12.1 release. As always, these releases are being marked as ‘known good’ by their maintainer, and signed-off individually. This means that not every CM device will receive a release – only those marked as ‘Good to go’ by the maintainer.
The 11.0 and 12.0 builds are security releases built on top of the last CM11/12.0 releases, modified to include the recent security disclosures, including the vulnerabilities in Stagefright. Users of the previous 11/12.0 release builds are encouraged to update. Users of 11.0/12.0 weeklies (nightlies) will see no net change, and need not update.
The CM12.1 release marks our first Android 5.1.1 release which brings our IMAP idle support, SDK v1 release and the security fixes mentioned previously.
If you are updating to any of these builds, please pay close …
The past month has been dominated by highly publicized vulnerabilities such as ‘Stagefright’, ‘Certifi-gate’, and ‘Deserialization’, however the August wave of fixes also included many other fixes, one of which in particular we have received a lot of questions/complaints over.
CVE-2015-3833 affects Android 5.0 and higher, and is officially described as follows:
Mitigation bypass of restrictions on getRecentTasks()
A local application can reliably determine the foreground application, circumventing the getRecentTasks() restriction introduced in Android 5.0.This is rated as a moderate severity vulnerability because it can allow a local app to access data normally protected by permissions with a “dangerous” protection level.
This particular patch was merged into CM sources on August 12th. As a result, apps that relied on attaining a list of running processes via the now plugged hole will fail to function properly. This includes (but is not limited to) apps like Greenify, FMR Memory cleaner, Zillow and System Panel . …
Welcome to another Developer Spotlight, a short Q & A with community staff. This is a small spectacle of a much larger picture that we focus on to recognize the many talented developers who contribute to one of the largest community driven open source projects around.
Brinly Taylor aka UberLaggyDarwin/uld, is a contributor and device maintainer part of the maintainer & bring-up team for the CyanogenMod community. He has been a core contributor to the project since 2012 with hundreds of contributions including being a big part of device bring ups. He’s currently a student in Adelaide, Australia, while spending some of his spare time reverse engineering low level firmware of Android devices.
So how did you get started with programming and tinkering with devices?
I started pretty young playing with Rockbox open source firmware for my Sandisk – got me into open source, plus then I got a Nintendo DS for homebrew projects.
At its core, CyanogenMod is a best in class example of Open Source development. Secure, fast, and full of meaningful choices for users, our goal is to make the world’s best Android OS available to hundreds of millions of users around the world.
Along with the resources of Cyanogen Inc. behind it, we’ve created the Platform SDK. This platform empowers developers to scale the open development of Android through CyanogenMod.
The Cyanogen Platform SDK is about safely giving developers deeper access to Android, while enabling them to create original experiences for users. Whether it’s creating new ways of engaging with existing applications or developing completely new experiences, our goal is to make sure the Cyanogen platform offers meaningful choices to meet the growing needs of a diverse, global smartphone population (6b+ by 2020).
The issue described in the the latest publication of Stagefright issues (link) has been patched in source for CM 10.1 -> 12.1. Nightlies for 12.1 beginning tonight (~2hours) will include this fix, in addition to all the other exploits that came as a result of Stagefright and DefCon/Blackhat.
On the topic of 10.1 & 10.2, while these have been patched for this particular series of issues, we do not intend to issue a new release for these branches – the patches are there more so to protect derivative ROMs that use our source as base code.
We will be releasing another stable version of 11.0 and 12.0 (as well as a stable 12.1 release) with all of these fixes (and more) by the end of this month. More on that in a separate post.
After the announcement of the Platform SDK in May we had a healthy amount of interest from users, CyanogenMod community developers, and third party Android developers. Since then we’ve had a stable release of the first version of the SDK, created further infrastructure to enable easier accessibility and maintenance, and expanded on the features available to third party app developers.
As a recap for release notes, the CM SDK hit a stable branching point for 12.1 on June 22nd, 2015. With this stable branching we’ve introduced a prebuilts repo which can be utilized to reference prebuilt, statically linkable java archives that match the current stable release. Likewise we’ve also updated the platform sdk’s wiki to detail everything from the downloading and including the jar in your own applications to …