Occasional updates about DivestOS.
May 10th 2021 Update¶
- 14.1, 15.1, and 16.0 May ASB builds were published on May 8th.
- 17.1 May ASB builds were published on May 9th.
- 18.1 May ASB builds were published on May 10th.
- 14.1, 15.1, and 16.0 rebuilds were published on April 15th.
- 17.1, and 18.1 rebuilds were published on April 16th.
- Devices using `encryptable=footer` were tested broken with `forceencrypt` again in the previous build cycle. Force encryption will once again only be set for devices with a dedicated encryption metadata partition.
- There have been a handful of new kernel CVE patches as usual.
- [upstream] Updated to May ASB.
- [upstream] Updated WebView to Chromium 90.0.4430.82, has many security fixes. commit
- 18.1 Updater Tor support was fixed.
- cheeseburger/dumpling has finally been fixed on newer releases, likely caused by a stray toolchain. Should hopefully allow other similar devices to boot too.
- Firmware repository has been updated and now supports 28 devices.
- Mull 88.1.1 and 88.1.3 were made available.
- Hypatia on Android 11 was fixed.
- GMaps WV has received support for Google Consent handling.
- Hypatia received a translation into Russian thanks to @q1011!
- The website has been relicensed from GPL-3.0 to AGPL-3.0 for better freedom assurance.
April 13th 2021 Update¶
- 17.1 rebuilds were published on April 2nd.
- 14.1, 15.1, and 16.0 April ASB builds were published on April 11th.
- 17.1 April ASB builds were published on April 12th.
- 18.1 April ASB builds were published on April 13th.
- [upstream] 18.1 branch has been marked as stable by LineageOS.
- [upstream] Updated to April ASB.
- 18.1 builds have begun for many devices.
- 17.1 recovery has been updated to latest after utilizing rebranding work from 18.1 branch.
- 17.1 and 18.1 include SeedVault for creating and restoring encrypted backups of app data. A USB OTG cable/adapter and flash drive is strongly recommended.
- Experimental 18.1 builds before 04/06 for klte, bacon, and mako had broken recoveries. For klte please flash latest recovery via heimdall. For bacon/mako flash latest recovery via fastboot if unlocked. During testing it was discovered that it is impossible to unlock bacon once locked with an AOSP recovery flashed. A signed factory recovery for bacon can be provided if you've locked yours.
- eSpeak-NG has replaced PicoTTS in 18.1 builds for the system text-to-speech provider.
- Fenix based browsers were fixed on flo and hammerhead.
- Sensors have been fixed on flox 17.1+.
- In-place upgrade to 18.1 has been tested working on the following devices: mata, klte
- The following devices cannot be in-place upgraded to 18.1 and must be wiped: bacon, clark, crackling, d852, d855, flox, fp2, m8, mako, shamu, victara.
- Many devices have been moved to 18.1 and dropped from 17.1.
- avicii 17.1 builds are available (untested).
- axon7 15.1 builds are available (untested).
- Mull was updated to 87.0.0.
- MergedWiFiNLP had updates to support newer Android versions and added a database import file picker.
- A unified script has been made for handling device downloads page metadata.
- There are two new device statuses: "mostly works" and "likely works".
March 25th 2021 Update¶
- 15.1 rebuilds were published on March 14th with a patch for CVE-2019-2033.
- 14.1, 15.1, and 16.0 rebuilds were published between the 24th and 25th.
- Support for building on top of LineageOS 18.1 was added.
- Scripts have been fixed to only include Silence on devices that support SMS.
- Tweaks have been made to reduce RAM usage on devices with less then 2GB of RAM. Some of these tweaks cause graphical artifacts.
- There have been a handful of new kernel CVE patches as usual.
- [upstream] Updated WebView to Chromium 89.0.4389.105, has many security fixes. commit
- dragon has been fixed and tested working on 15.1.
- Experimental 18.1 builds have been made available for select devices. More will be available and switched out once LineageOS marks 18.1 as stable.
- FP3 17.1 builds are available (untested).
- m7 14.1 builds are available (untested).
- Users on flo 15.1 are urged to repartition to flox 17.1+.
- Users on mako 15.1/16.0 are urged to repartition to mako 17.1.
- Many devices had support dropped from old versions if they compile for newer versions to reduce maintenance burden.
- Hypatia received a full translation into Italian thanks to @dantecpu and Petra Mirelli!
- Hypatia and Extirpater received a translation into Portuguese thanks to @inkhorn!
- Hypatia received an initial translation into Spanish thanks to Petra Mirelli!
March 8th 2021 Update¶
- March ASB builds were released between the 5th and 8th.
- There have been a handful of new kernel CVE patches as usual.
- [upstream] Updated to March ASB.
- [upstream] Updated WebView to Chromium 89.0.4389.72, has many security fixes. commit
- cheryl now has verified boot support enabled after being missed.
- mako 16.0 will likely be dropped due to space requirements. Any users should repartition and update to 17.1.
- Mull was updated to 86.1.1.
- Hypatia received a handful of bug fixes and necessary improvements.
- Hypatia was translated into French thanks to Jean-Luc Tibaux and Petra Mirelli.
- All F-Droid services had the .onion addresses added as available mirrors.
- All F-Droid repos were upgraded to use 'fdroidserver' 2.0.
- Hypatia now has translated app descriptions on F-Droid.
- Extirpater, GMaps WV, MergedWifiNLP, and MotionLock all had their dependencies updated.
- 'Device downloads' has gained per-device bootloader unlocking, relocking, and verified boot information.
- AVB public keys are now available for all supported devices on the 'Device downloads' page.
- 'Bootloader Unlocking' page received many refinements.
- 'Browser Tables' page received some additions.
- 'Device downloads' page now loads faster by reusing connection to the Redis instance.
- Website should now be indexed by search engines, after removing 'robots' flags.
- More information on donating was added.
- GitHub and GitLab repositories were cleaned up (disabled unused features, labels added).
February 12th 2021 Update¶
- February ASB builds were released between the 6th and 8th.
- Over 30 CVE patches for 3.10 were added. import and update
- There have been many new kernel CVE patches as usual.
- [upstream] Updated to February ASB.
- [upstream] Updated WebView to Chromium 88.0.4324.152, has many security fixes. commit
- starlte and star2lte have been dropped due to being broken.
- Hypatia was translated into German by Petra Mirelli. link
- Mull saw 85.1.2 release.
- Petra Mirelli also made an F-Droid banner graphic for Hypatia. link
- F-Droid banner graphics were also created for Mull and Extirpater.
- F-Droid screenshots were added for Mull, Hypatia, and Extirpater.
January 26th 2021 Update¶
- January ASB builds were released between the 10th and 14th.
- Rebuilds were published on the 24th thru 26th primarily for CVE patcher updates.
- IMS/VoLTE was made working on supported devices. image
- CNE was removed after being briefly included in the Dec/Jan builds. This removal breaks Wi-Fi calling, but is likely worth the security benefits.
- The deblobber received tweaks to better handle more property edits. commit
- Part two of the Debian/retired Linux CVE import was completed. Linux 3.0, 3.4, and 3.10 devices benefit the most from this, averaging between 10 and 90 added CVE patches. import and update
- The exec-based spawning feature from GrapheneOS was disabled. We likely failed to port it over correctly and the result is many subtle breakages.
- All versions now include the LineageOS 17.1 APN list for better cell carrier compatibility. commit
- All versions were mostly patched against the old CVE-2019-2306. commit
- umask is now explicitly set in the build scripts and many files had their permissions corrected. This fixes many subtle issues.
- [upstream] Updated to January ASB.
- [upstream] Updated WebView to Chromium 88.0.4324.93, has many security fixes. commit
- mata has long-standing audio issues, Lineage team has been trying to fix them. Currently the earpiece speaker works on calls, but the loud speaker cannot have its volume adjusted.
- The microphone issue on shamu was resolved, was caused by our removal of some voice recognition blobs (which are required for adspd bring-up). commit
- bullhead now installs (and works) after removing the firmware images to workaround the missing proprietary additions needed for their flashing. related
- mako was re-enabled for 16.0 for users who do not want to re-partition their device.
- flo was re-enabled for 15.1, for users who do not want to re-partition their device.
- mako was re-enabled for 15.1 for testing purposes.
- hammerhead was re-enabled for 15.1 due to Bluetooth issues in 16.0.
- ether and shamu were re-enabled for 15.1 as they are the last versions with working IMS.
- star2lte was added to 17.1 and was tested broken, likely due to its usage of stock vendor.img.
- Mull saw 84.1.2, 84.1.4 and 85.1.0 releases.
- Hypatia had some commits forward-ported from the stable branch to the unfinished dev branch. git log
- The PrebuiltApps repository saw a handful of app updates. git log
- The device downloads page now supports serving multiple build versions per device. commit
- A 'news' page was added for changelogs and project history. commit
- A 'network connections' page was added for documenting connections made by the system. commit
- Pages with tables were fixed up for mobile.
- The 'recommended apps' page had some additions. commit
- The 'messengers' page received some needed updates.
- The credits and legal notices section of the 'about' page was updated.
- Some typos were fixed. commit
- An XMPP public chat room (muc) was created! There have been a very small handful of users, please feel free to join at firstname.lastname@example.org.
December 16th 2020 Update¶
- November and December ASB builds have been released.
- Mull is now on its 3rd Fenix based release, with the latest 84.1.0. Huge thanks to @relan for their build scripts. repo link
- Hypatia has been updated to show database release/update dates in addition to a multi-threading fix.
- Etar is now used for the calendar app across all versions.
- A handful of more proprietary blob variants have been removed.
- Vendor build fingerprints are now all replaced.
- Lots of miscellaneous fixes and cleanup.
- All 15.1 builds and higher are now fully dexpreopted, this allows for reduced memory usage and also decreased boot times on FDE devices.
- TCP SACK is no longer disabled. SACK PANIC has now been patched on nearly all kernels supported. It has valuable bandwidth saving benefits.
- There have been many new CVE patches, especially for 3.18 kernels.
- clark has been updated from 14.1 to 17.1 (potential modem issues). In-place upgrade has been tested to work, but your mileage may vary.
- flo has been updated from 15.1 to 17.1, but requires re-partitioning.
- cheeseburger/dumpling are compiling for 17.1, but not booting.
- coral and flame 17.1 builds are available (untested).
- rs988 and h990 17.1 builds are available (untested).
- yellowstone 16.0 builds are available (untested).
- h870 15.1 builds are available (untested).
- Paragraphs now have links for easy saving/sharing.
- Browser, recommended apps, and functionality tables have all been updated.
- A handful of credit updates.
- There is a new vanity onion address divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion. The old address also still works. tool used
- Most pages are now cached by the browser.
- Most text based content served up will now be compressed either by deflate or brotli.
- Old DivestOS patches have been used to remove AmbientSDK from Replicant. git tag
- 3G is starting to be rapidly phased out, meaning calls with most carriers will not be possible unless IMS/VoLTE works on your device.
- Heads up: LineageOS will most likely be dropping official 16.0 builds once 18.0/18.1 is released.
Test how much breakage the deblobber is causing to the IMS stack, or if that is upstream. Finish importing this
- Add back AOSP patching support to the CVE patcher. It is undecided how to best implement it.
October 10th 2020 Update¶
- Most 3.4 devices should expect 40-100 more kernel CVE patches. git commit
- Most 3.18 devices should expect 10-40 more kernel CVE patches. git commit
- A handful of other kernel CVE patches are available for all other devices as per usual.
- Lots of work has been done on making the CVE patcher easier for other projects to use. repo link
- Mull is now severely out of date. There hasn't been the time to rebase it. It is strongly suggested to use Bromite or the new Fennec F-Droid until then. Bromite repo is already included in DivestOS F-Droid.
- victara build failed last month due to recovery image being too large, however it is now once again available.
- h850 and zenfone3 builds have been pulled as they were last updated in 2018 and 2019 respectively.
- [upstream] Updated to October security bulletin.
- [upstream] Updated WebView to Chromium 86.0.4240.75, has many security fixes.
- 11/R builds will likely not be available until March with most devices hopefully being updated by May.
September 1st 2020 Update¶
- The CVE patch database now has many more patches thanks to importing data from the Civil Infrastructure Platform CVE tracker.
- The CVE patcher has had some minor fixes to improve output reliability.
- There have been some GPS fixes for all branches, will be available in the next rebuilds.
- Many new (untested) devices: pro1, enchilada, fajita, guacamole, guacamoleb, and broken beryllium.
- Mull is likely on its last release due to ESR 68 branch being closed off.
- Hypatia now supports an extra malware hash database from ESET.
- Credits and screenshots on the website have been updated.