Project News
Occasional updates about DivestOS.
Upcoming News
October ?th 2024 Update¶
System Updates
- A new version of Fossify Gallery has been released, but DivestOS cannot update to it due to it increasing in size from 16MB to 42MB which prevents it from fitting on the system partition of many devices.
App Updates
- Updated Mull to 131.0.0, has 14+1+25 security fixes from the previous 129.0.2 release. In order to resolve the compilation issue introduced in 130, Mull is now compiled using Mozilla's prebuilt clang toolchain. This however is incompatible with the F-Droid.org inclusion criteria, so these updates (for now at least) will only be available via the DivestOS.org F-Droid repository. Please note, while this adds a prebuilt dependency, the result does still remain FOSS.
- Updated Mulch to 129.0.6668.54, 129.0.6668.70, and 129.0.6668.81, has 9, 5, and 4 security fixes respectively.
Other Updates
- Kuketz has released a writeup on Fennec F-Droid and our Mull as part of their browser series: Original German, Google Translated English
- Mandatory step to fix F-Droid repository priority to ensure app updates for DivestOS: F-Droid > Settings > Repositories > Long-press and drag 'DivestOS Official' above 'F-Droid'.
PSA: expiration of bromite.org¶
Earlier this year in April we noticed that Bromite.org was set to expire on October 10th 2024 and reached out to various projects. We recently reached out again in early September to better response and all affected apps should have requests removed or replaced before expiration. Upon expiry it will be possible for a malicious actor to take over the domain to enumerate users, block legitimate web content, or potentially exploit the browsers. Below are steps you can take as a user to ensure you are mitigated.
- Users of Bromite: it hasn't been updated in over two years, please switch to Cromite
- Users of Bromite who can't switch to a newer Chromium: Please consider a Firefox browser instead. Otherwise ensure you disable automatic update checks and replace the content filter link.
- Users of Cromite: please update to 129.0.6668.90
- Users of CalyxOS: please update to the September 2024 Feature Update
- Users of /e/OS: please update to v2.4
Current News
September 15th 2024 Update¶
System Updates
- 15.1, 16.0, 17.1, and 18.1 release candidate #1 September ASB builds were published on September 15th.
- 14.1, 19.1, and 20.0 release candidate #1 September ASB builds were published on September 8th.
- The phone number helplines database on 18.1 and higher has been synced with the latest from LineageOS 21.
- Various security fixes for expat were added.
- zram size has been reduced from 50% to 25% of total system memory for most devices.
- Thanks to OpenELA providing maintenance to the end of life Linux 4.14 branch, 327 CVE patches have been imported and applied to 4.14 and 4.9 kernels. Results in ~30 and ~15 added patches on average respectively.
App Updates
- Carrion has received additional database checks and a handful of translation updates:
- Estonian: Priit Jõerüüt
- French: cwpute
- Romanian: Renko
- Ukrainian: Fqwe1
- Firefox 130 was released September 3rd with 14 security fixes, however Mull 130 will be delayed due to Google removing a necessary component from the NDK in revision 27.
- Updated Mulch to 128.0.6613.88, 128.0.6613.99, 128.0.6613.127, and 128.0.6613.146, has 38, 4, 4, and 5 security fixes respectively.
- Updated Mull to 129.0.2.
Website Updates
- The F-Droid.org stats have been updated, results here.
- Direct APK download links are now available on the 'our apps' page, but F-Droid with our repo is still strongly recommended instead.
- Bounty payout amounts were added to ch-dates.txt
Past News
August 17th 2024 Update¶
System Updates
- 15.1, 16.0, 17.1, and 18.1 release candidate #1 August ASB builds were published on August 17th.
- 14.1, 19.1, and 20.0 release candidate #1 August ASB builds were published on August 11th.
- An issue causing the OEM unlock toggle to not always show up on some devices has been fixed.
Workspace Updates
- There is now a much improved podman container build workflow for compiling DivestOS thanks to @ryneeverett!
App Updates
- Additional translations for Hypatia and IRRemote will be released shortly.
- Carrion, Extirpater, GMaps WV, MotionLock, SupportDivestOS, and MergedWiFiNLP have received many translation updates:
- Chinese (Simplified): Crit, 大王叫我来巡山
- Croatian: lukapiplica
- Estonian: Priit Jõerüüt
- Finnish: huuhaa
- Galician: josé m
- German: thereisnoanderson
- Indonesian: Adrien N
- Japanese: honyaku
- Norwegian Bokmål: Even Bull-Tornøe
- Polish: Eryk Michalak
- Portuguese (Brazil): lucasmz-dev
- Portuguese: ssantos
- Russian: Andrey
- Spanish: gallegonovato
- Ukrainian: Fqwe1
- Updated Mulch to 127.0.6533.64-1, 127.0.6533.84-1, and 127.0.6533.103-1, has 24, 3, and 5 security fixes respectively.
- Mozilla added local on-device translation support to Firefox for Android in 127, but it is in a staged rollout. Mull 128.0.2 enables this feature.
- Updated Mull to 128.0.1, 128.0.2, 128.0.3, and 129.0.0, has 20, 0, 0, and 14 security fixes respectively.
Other Updates
- Due to repeated and on-going license violations of our copyrighted work by numerous parties, many Divested projects that were previously GPL-3.0 are now licensed as AGPL-3.0.
July 17th 2024 Update¶
System Updates
- 15.1, 16.0 and 17.1 release candidate #1 July ASB builds were published on July 17th.
- 18.1 release candidate #2 July ASB builds were published on July 17th, with two additional security fixes.
- 18.1 release candidate #1 July ASB builds were published on July 16th.
- 19.1 release candidate #1 July ASB builds were published on July 14th.
- 14.1 and 20.0 release candidate #1 July ASB builds were published on July 13th.
- OpenEUICC was updated to latest as of July 11th. However has a bug which crashes on profile switch although the switch still happens, this issue was already fixed upstream but the compile had already started.
- DivestOS 18.1 and higher now supports the GrapheneOS CarrierConfig2 app and provides the Pixel/A14 CarrierSettings to all devices when enabled. Tested to enable/fix VoLTE on multiple carriers.
App Updates
- Firefox 128 was released July 9th with 20 security fixes, however Mull 128 will be delayed due to a circular dependency they introduced.
- Updated Mull to 127.0.2.
- Updated Mulch to 126.0.6478.122-1 and 126.0.6478.186-1, has 5 and 10 security fixes respectively.
June 20th 2024 Update¶
System Updates
- 15.1, 16.0, and 17.1 release candidate #1 June ASB builds were published on June 20th.
- 18.1, 19.1, and 20.0 release candidate #1 June ASB builds were published on June 17th.
- 14.1 release candidate #1 June ASB builds were published on June 14th.
- Loose versioning has been expanded for kernel CVE patching to apply 4.19 patches to 4.14 and 4.9 kernels, gaining them ~50 and ~30 additional patches respectively.
- kernel.org is still on a rampage retroactively tagging patches as CVEs. We've imported over 3,000 patches spanning 900+ CVEs. Devices are seeing anywhere from 30 to 150 added patches. And a thanks for @danielk43, who helped test these on various devices before release!
- Work on supporting A14 is in progress.
- The Updater app on 18.1 and higher now provides multiple server choices and full .onion support.
App Updates
- You can now easily contribute translations via Weblate!
- GMaps WV has received a translation into Spanish thanks to @gallegonovato!
- Carrion now has...
- optimized database loading.
- Spanish translations thanks to @vzamanillo.
- a `database server override` option like Hypatia.
- Hypatia now has...
- gained the experimental ability to scan screen content for malicious links using a database of over 3.4 million domains.
- received updated translations from @eloitor, @lucasmz, @t1011, and @yurtpage.
- SupportDivestOS has received updated links and scrolling support.
- Extirpater has received a translation into Russian thanks to @yurtpage!
- Updated Mull to 126.0.0, 126.0.1, and 127.0.0 has 22, 0, and 23 security fixes respectively.
- Updated Mulch to 125.0.6422.51-1, 125.0.6422.53-1, 125.0.6422.72-1, 125.0.6422.113-1, 125.0.6422.147-1, 125.0.6422.165-1, 126.0.6478.40-1, 126.0.6478.50-1, 126.0.6478.71-1, and 126.0.6478.110-1, has 1, 9, 6, 1, 11, -, -, 21, -, and 6 security fixes respectively.
Website Updates
- The key on the recommended apps page has been moved to the top thanks to @okgamr.
- Three short video tutorials have been added across the website to better help users.
- Cache headers have been finely adjusted to further reduce bandwidth waste.
- Mirrors are now linked on the footer of the page.
- @Thore recently made a tool to generate graphs of the public F-Droid.org APK download statistics. We used it to graph all apps and provide the results here.
Other Updates
- Our subreddit, r/DivestOS, has been banned by Reddit admins for "spam".
- Our F-Droid repositories are now additionally generously mirrored by deimosBSD to provide additional availability & performance to users and to reduce load on our primaries.
- There is now a Cloudflare mirror:
- IT IS NOT USED BY DEFAULT. YOU MUST OPT-IN.
- divested.dev is available at eeyo.re
- divestos.org is available at divestos.eeyo.re
- Users can choose to use these alternates if they are unable to access the primaries or if they would like to reduce the resource usage of the primaries.
- The DivestOS Updater features this as one of four preset server choices in the June 2024 update.
- For the `DivestOS Official` F-Droid repo you can copy this link and add it as a new repo to F-Droid and it'll be automatially added as a user mirror.
- For Hypatia:
- 3.10 and higher has a `Cloudflare mirror` preset button in the `Database server override` option.
- 2.24 through 3.09 users can copy and paste this link into the `Database server override` option.
- Carrion 1.19 and higher has a `Cloudflare mirror` preset button in the `Database server override` option.
May 14th 2024 Update¶
System Updates
- Reminder to always make a backup before installing updates.
- 20.0 release candidate #1 May ASB builds were published on May 14th.
- 18.1 release candidate #1 May ASB builds were published on May 12th.
- 14.1, 15.1, 16.0, 17.1, and 19.1 release candidate #1 May ASB builds were published on May 11th.
- BPF JIT hardening is now enabled by default on supported kernels.
- 15.1 now uses the GrapheneOS hardened memory allocator. hmalloc only ever officially supported Android 9 and this required a small handful of backports + tweaks, but was totally worth it.
- 20.0 now includes the latest version of OpenEUICC.
- Nearly all (ASB) cherry-picks from LineageOS's Gerrit instance have been imported directly into the repository and verified to apply. 14.1 and 17.1 additionally gained 1 and 2 patches respectively.
- All devices shipping the hardened_malloc have been updated to the latest A14 revision of the hardened_malloc library.
- There was a vote going on to replace the default wallpaper in DivestOS. See choices and results here.
- Tensor devices now mandate TLSv1.2 for SUPL connections thanks to a patch from GrapheneOS.
- Many of the kernel CVE patches have been better versioned to reduce wrongly applied patches. Although none were actually found.
Device Updates
- flounder was broken this update and will be fixed in the June update.
Roster Updates
- 20.0 additions: lynx, felix, tangorpro
App Updates
- Databases for Hypatia have been adjusted to reduce false positive rate as the bloom flters were previously too filled.
- Mulch 124.0.6367.113-1 and Mull 125.3.0-2 now use X25519Kyber768 when supported for added post-quantum security. You can read more about this here and here and also test it here.
- Updated Mull to 125.3.0, has 18 security fixes. This release was delayed 13 days due to numerous compilation issues.
- @lucasmz has added/updated Portuguese translations to Carrion, Extirpater, GMaps WV, Hypatia, and MotionLock!
- Hypatia has received newly added Galician translations from @ghose, updated German translations from @thereisnoanderson, and updated Italian translations from @Tomoms!
- IRRemote has received additional remotes and support for JSON backed remotes thanks to Stéphane Lenclud!
- Updated Mulch to 123.0.6312.118-1, 124.0.6367.42-1, 124.0.6367.54-1, 124.0.6367.82-1, 124.0.6367.113-1, 124.0.6367.159-1, 125.0.6422.35-1, and 125.0.6422.46-1, has 3, -, 23, 4, 2, 2, -, and 1 security fixes respectively.
Website Updates
- ch-dates.txt now documents update history for Cromite too.
- The Browser Tables page now documents status of Safe Browsing, more recommended settings, and more decompilation screenshots.
- The Post Install page had some small updates.
Other Updates
- There have been reports of new Bluetooth connections being automatically granted contacts permission even when not chosen during pairing. This may be a UI issue when the device requires a PIN to be entered, as opposed to simply confirmed, where the code defaults the permission on but the user interface shows it off. It is recommended to toggle this contacts option during pairing as a possible workaround, and confirm it is disabled after pairing. Please take extra caution if the connecting device is Internet connected such as many modern cars are. Users should also review this permission for all existing paired devices.
- Reminder that all 16.0+ users should take advantage of the Private DNS feature and set it to the recommended Quad9 (dns.quad9.net) or DNS0 (zero.dns0.eu) resolvers.
April 8th 2024 Update¶
System Updates
- 15.1, 16.0, 17.1, and 18.1 release candidate #1 April ASB builds were published on April 8th.
- 19.1 release candidate #1 April ASB builds were published on April 7th.
- 14.1 and 20.0 release candidate #1 April ASB builds were published on April 6th.
- The invisible confirm/deny buttons in the camera app on 20.0 have been fixed.
App Updates
- Updated Mulch to 123.0.6312.80-1 and 123.0.6312.99-1, has 7 and 3 security fixes respectively.
- Updated Mull to 124.0.0-1, 124.1.0-1, and 124.2.0-1, has 16, 2, and 0 security fixes respectively.
Website Updates
- The recommended apps page has recevied a long overdue overhaul.
- a-dates.txt has been converted to an HTML table available via the new Patch History page.
- a-dates.txt now includes historical dates for LineageOS and iodeOS.
- The device downloads page now notes which devices are tablets.
- The 'our contributions back' section on the About page has been overhauled.
- The full text search can now directly link to specific subsections of pages thanks to the Pagefind v1.1.0 update from the previously used v0.12.0.
- The Patch Counts page now lists the primary author* for each patchset, as well as the count of issues fixed via Google Play System updates.
March 15th 2024 Update¶
System Updates
- Reminder to always make a backup before installing updates.
- 15.1 and 17.1 release candidate #1 March ASB builds were published on March 15th.
- 16.0, 18.1, and 20.0 release candidate #1 March ASB builds were published on March 13th.
- 14.1 and 19.1 release candidate #1 March ASB builds were published on March 9th.
- kernel.org has recently become its own CVE Numbering Authority. They appear to be going through their own multi-year long backlog and tagging many hundreds of commits as CVEs. This has resulted in many patches being applied to the devices via our autopatcher. There may be some breakage, but hopefully minimal.
App Updates
- Hypatia has received many translation updates:
- @Fjuro for newly added Czech translations.
- @cardpuncher for updated Turkish translations.
- @gallegonovato for updated Spanish translations.
- @t1011 for updated Russian translations.
- Update Mull to 123.0.1-1 and 123.1.0-1, has 32 and - security fixes.
- Updated Mulch to 122.0.6261.64-1, 122.0.6261.90-1, 122.0.6261.105-1, 122.0.6261.119-1, and 123.0.6312.40-1, has 12, 4, 3, 3, and 12 security fixes respectively.
Other Updates
- FUTO has generously awarded DivestOS one of their legendary grants.
- AOSP 11.0 now appears to be end-of-life. LineageOS has also dropped support for 18.1 as well. DivestOS will of course continue on as it currently does for Android 7 through 10.
2024 Fundraiser Conclusion¶2024-02-24
It has been fifty days, and thanks to nearly two hundred generous donations the goal has been met early. I greatly appreciate and am thankful for this level of support. Thank you! - Tavi.
February 15th 2024 Update¶
System Updates
- 20.0 builds were published on February 14th & 15th to fix an issue which caused the Phone/Dialer app to crash on incoming calls with hidden caller ID.
App Updates
- Updated Mulch to 121.0.6167.178-1 and 122.0.6261.43-1, has 1 and - security fixes respectively.
February 12th 2023 Update¶
System Updates
- 20.0 release candidate #1 February ASB builds were published on February 12th.
- 15.1, 16.0, and 17.1 release candidate #1 February ASB builds were published on February 9th.
- 14.1 and 18.1 release candidate #1 February ASB builds were published on February 8th.
- 19.1 release candidate #1 February ASB builds were published on February 7th.
App Updates
- Update Mull to 122.0.0-1, 122.0.1-1, and 122.1.0-1, has 17, 0, and 0 security fixes respectively.
- Updated Mulch to 120.0.6099.230-1, 121.0.6167.71-1, 121.0.6167.101-1, 121.0.6167.143-1, and 121.0.6167.164-1, has 4, -, 17, 4, and 3 security fixes respectively.
- We've released a new app, Carrion! It automatically blocks calls that fail STIR/SHAKEN verification on supported devices/carriers.
January 9th 2024 Update¶
System Updates
- 15.1, 16.0 and 17.1 release candidate #1 January ASB builds were published on January 9th.
- 18.1, 19.1, and 20.0 release candidate #1 January ASB builds were published on January 8th.
- 14.1 release candidate #1 January ASB builds were published on January 6th.
- Simple [Mobile Tools] Gallery has been replaced with Fossify Gallery due to the sale of SMT. Furthermore it was found that SMT Gallery depended on a proprietary Google VR SDK library, which is removed in the Fossify fork. Please uninstall SMT Gallery after installing this update.
App Updates
- Updated Mull to 121.1.0-1, has 27 security fixes.
- Updated Mulch to 120.0.6099.193-1 and 120.0.6099.210-1, has 6 and 1 security fixes respectively.
- Hypatia has a a new malware database with 600k+ signatures from ThreatFox by abuse.ch has been added.
2024 Fundraiser¶2024-01-05
Happy New Year! DivestOS and the Divested projects as they currently stand are ultimately unsustainable. My goal for 2023 was to acquire a grant to continue my work, I was unsuccessful. Today I am announcing a fundraiser of raising $12,000 USD by end of February. It may be a stretch to ask, but I hope you all have found sufficient value in my work to keep these projects going. If it is unsuccessful I will switch to a full-time job and the Divested projects will take a backseat. To those who have donated, I truly appreciate your support. Thank you - Tavi.
Donate NowDecember 26th 2023 Update¶end-of-year goodies
System Updates
- 14.1, 15.1, and 16.0 release candidate #2 December ASB builds were published on December 26th. They contain 1, 2, and 4 additional security fixes respectively.
App Updates
- Hypatia 3.0 has been released:
- Every single version of Hypatia before 3.0 is fundamentally broken.
- SHA1 hash calculation was broken since the beginning, it is now fixed.
- Handling of MD5 and SHA1 hashes was broken since the beginning, it is now fixed and many sanity checks have been added.
- Some entries from the ESET database were fixed up
- A new malware database with 700k+ signatures from MalwareBazaar by abuse.ch has been added.
- A new malware database with 1m+ signatures from VirusShare has been added.
- HashMaps for signatures have been replaced with bloom filters. This is much more compact and memory efficient.
- Pre-processed bloom filters are downloaded directly from the server, removing any decompression/sorting/conversion steps for faster loading.
- All databases are now always enabled. No more database choice.
- Fixup for scanning apps on Android 11 and higher.
- Many downloader improvements.
- Self-test function has been added.
- Actions to lookup, delete/uninstall, or ignore detections.
- Fully tested on Android 7.1.2, 8.1.0, 10, 11, and 13.
- Stats for the new database are here.
- Updated Mull to 121.0.0-1, has 27 security fixes. This update now features basic WebAuthn when microG is installed thanks to @relan and the microG project.
- Updated Mulch to 120.0.6099.115-1 and 120.0.6099.144-1, has 9 and 1 security fixes respectively.
December 12th 2023 Update¶
System Updates
- 15.1 and 16.0 release candidate #1 December ASB builds were published on December 12th.
- 17.1 and 18.1 release candidate #1 December ASB builds were published on December 11th.
- 19.1 release candidate #1 December ASB builds were published on December 9th.
- 14.1 and 20.0 release candidate #1 December ASB builds were published on December 7th.
App Updates
- Updated Mull to 120.0.0-1 and 120.1.0-1, has 19 and 0 security fixes respectively.
- Updated Mulch to 119.0.6045.163-1, 119.0.6045.193-1, and 120.0.6099.43-1, has 4, 7, and 10 security fixes respectively.
Important Notice for DivestOS 14.1 and other Android 7 Nougat users
- Google Chrome 119 is the last version to support Android 7. Mulch and other Chromium based browsers will not be able to provide any further updates to these devices. Android 7 has been end-of-life for over four years now, if you still actively use an Android 7 device please try to replace it as soon as possible!
Website Updates
- The device downloads page was made dynamic again and now shows vital information such as fuzzy last updated date, number of recent update checks, as well as what percent of users are actually updated.
November 13th 2023 Update¶
System Updates
- 15.1, 16.0, 17.1, and 18.1 release candidate #1 November ASB builds were published on November 13th.
- 19.1 release candidate #1 November ASB builds were published on November 12th.
- 14.1 and 20.0 release candidate #1 November ASB builds were published on November 11th.
- 17.1 and higher now has a potential fix for SMS notifications in secondary profiles backported from LineageOS 20.0.
- 20.0 now has a toggle for presidential emergency alerts thanks to a patch from GrapheneOS.
- Screenshots now contain less EXIF metadata on 19.1 and higher thanks to a patch from CalyxOS.
- The changelog button in the Updater app now points to this page.
- Wi-Fi regulations database updates have been disabled as the format doesn't seem to be handled correctly by select kernels. This was most notably observed as complete breakage in Australia in the early October update.
Device Updates
- Some issues have cropped up recently that we've spent numerous hours looking into, help is wanted.
- pioneer under 19.1 and 20.0 has stopped booting after the September update.
- Wi-Fi is non-functional for davinci and vayu under 20.0.
Roster Updates
- 19.1 to 20.0: h830, h850, rs988, h870, us997, h910, h918, h990, ls997, us995, vs995, pioneer, voyager, discovery, kirin, mermaid, vayu
App Updates
- Extirpater received a translation into French thanks to @Calvineries!
- IR Remote now has an added remote, extra buttons (where available), and other improvements thanks to Biswapriyo Nath!
- Updated Mulch to 118.0.5993.65-1, 118.0.5993.80-1, 118.0.5993.111-1, 119.0.6045.53-1, 119.0.6045.66-1, and 119.0.6045.134-1, has 20, 1, 2, -, 15, and 1 security fixes respectively.
- Updated Mull to 118.2.0-1, 119.0.0-1, and 119.1.0-1, has 0, 25, and 0 security fixes respectively.
Other Updates
- Our git repositories are now additionally mirrored onto Codeberg.
- All of the APK files in our F-Droid repos now have corresponding .torrent files for downloading via WebSeeds and DHT.
- Our F-Droid repositories are now generously mirrored by the following orgnaizations, reducing load on our servers and providing faster & more reliable app downloads to users.
October 9th 2023 Update¶
System Updates
- 15.1, 16.0, and 17.1 release candidate #1 October ASB builds were published on October 9th.
- 18.1 and 19.1 release candidate #1 October ASB builds were published on October 8th.
- 14.1 and 20.0 release candidate #1 October ASB builds were published on October 5th.
- 14.1 and higher are now patched against the recent VP8 zero-day (CVE-2023-5217).
- The recent Phone/Dialer overhaul by LineageOS introduced a small issue which broke receiving calls in secondary profiles, now fixed.
App Updates
- Updated Mulch to 118.0.5993.48-1.
- Updated Mulch to 117.0.5938.153-1, has 1 security fix. This update adds a patch from @uazo of Cromite that noticeably reduces the size of the standalone APK.
- Updated Mull to 118.1.0-1 and 118.1.1-1, has 1 and 0 security fixes respectively.
- Updated Mulch to 117.0.5938.140-1, has 10 security fixes.
- Updated Mull to 118.0.0-1, has 16 security fixes. Please double check your "Delete browsing data on quit" settings, 118 finally splits up `Browsing history` from `Site data`, which finally enables clearing all cookies and site data while keeping history.
September 23rd 2023 Update¶
System Updates
- 20.0 release candidate #1 September PSB builds were published on September 23rd.
- 14.1, 15.1, 16.0, and 17.1 rebuilds were published September 20th.
- 14.1 through 17.1 now uses libwebp from 18.1, thanks to @syphyr.
- 17.1, 18.1, and 19.1 rebuilds were published September 18th.
- 14.1, 15.1, and 16.0 rebuilds were published September 17th.
- 18.1 and higher are now patched against the recent WebP zero-day (CVE-2023-4863).
App Updates
- Updated Mull to 117.1.0-2, disables the JIT again and additionally adds a themed/monochrome icon thanks to @ChinoGoblino!
- IR Remote now has an added remote, extra buttons (where available), and slight visual button improvements thanks to Biswapriyo Nath!
- Updated Mull to 117.1.0-1, has 1 security fix.
- Updated Mulch to 117.0.5938.60-1, has 16 security fixes.
September 11th 2023 Update¶The smile maker
System Updates
- 15.1, 16.0, 17.1, and 18.1 release candidate #1 September ASB builds were published on September 11th.
- 14.1, 19.1, and 20.0 release candidate #1 September ASB builds were published on September 8th.
- 14.1 rebuilds were published September 4th.
- 14.1 is no longer dexpreopted in order to fix bizarre crashing issues on select devices.
- 20.0 partial rebuilds were published on August 25th, 27th, and 30th to cover promotions, fixes for Pixel 4 & OnePlus 8 series, and the added eSIM feature.
- 14.1, 15.1, 16.0, and 17.1 rebuilds were published August 24th.
- 18.1 and higher now block use of select quick settings tiles when the screen is locked, thanks to patches from GrapheneOS.
- 20.0 now has eSIM support on Pixel 4 series and newer along with the Fairphone 4. This works without any dependencies on Play Services/microG, the Google LPAd, or any Google servers. The LPA component is provided by @PeterCxy's OpenEUICC app. The proprietary Google support app is still used for secure element initialization and firmware updates, but has no Internet permission and cannot interact with other apps thanks to patches from GrapheneOS. This makes DivestOS the first system to allow users to activate and use eSIMs without the typicial privacy concerns of Google interactions. Tested working with both JMP.chat and silent.link on bluejay.
- 19.1 and higher now removes ImsServiceEntitlement and Car/DebuggingRestrictionController, which both contained proprietary Google libraries.
- Numerous proprietary libraries from the AOSP static Maven repository are now removed to ensure they aren't used.
- 20.0 has received a minor performance fix for the /etc/hosts cache mechanism, thanks to @danielk43.
- 14.1 through 16.0 now uses libAAC from 17.1, thanks to @syphyr.
- 14.1 now uses FreeType from 18.1, thanks to @syphyr.
- 14.1 has had many CVE backports for FFmpeg and BoringSSL, thanks to @syphyr.
Device Updates
- The long standing display corruption issue on m8/m8d has been fixed. Camera and video playback usage now display correctly.
- With Pixel 4 series finally booting, issues were found with the deblobber which broke the camera, however thanks to chat member 'penguin' for providing logs and testing the issue has been resolved by adding back the Pixel 4 specific Motion Sense blobs.
- After many years of being unable to boot, both Pixel 3 and 4 series have been reported working recently. Specifically blueline, crosshatch, sargo, and flame. The actual cause is still unknown.
Roster Updates
- 20.0 reappearances: kebab, lemonades
- 20.0 additions: Mi8917
- 19.1 to 20.0: apollon
- 18.1 to 20.0: z2_plus
- 17.1 to 20.0: davinci, thanks to @GarciaLnk, later dropped due to broken Wi-Fi
- 14.1 additions: athene
App Updates
- Updated Mulch to 116.0.5845.172-1 and 117.0.5938.44-1, has 4 and - security fixes respectively.
- Updated Mulch to 116.0.5845.164-1, fixes an issue with partially broken pages in WebView introduced in .163.
- Updated Mull to 117.0.0-1 and 117.0.1-1, has 20 and 0 security fixes respectively.
- Updated Mull to 116.3.0-1, enables blocking of email related trackers.
- Updated Mulch to 116.0.5845.92-1, 116.0.5845.114-1, and 116.0.5845.163-1, has 26, 5, and 1 security fixes respectively.
Other Updates
- We now have an account on the Fediverse. This will be used for providing frequent updates about the Divested projects.
- An issue with the updater API not returning correct responses was fixed.
August 8th 2023 Update¶
System Updates
- 20.0 release candidate #1 August ASB builds were published on August 14th.
- 18.1 and 19.1 release candidate #1 August ASB builds were published on August 10th.
- 14.1, 15.1, 16.0, and 17.1 release candidate #1 August ASB builds were published on August 9th.
- The additional repos file for F-Droid had a typo which caused a crash when interacting with the microG repo, please clear your F-Droid app data after installing this update if you were affected. Only new installs after the first July update are impacted.
- On 20.0 the ImsServiceEntitlement package will now only try to register for FCM (via Play Services/microG) if required by the carrier, thanks to a patch from CalyxOS.
- 19.1 has the GrapheneOS Camera again, it was accidentally removed when removing Open Camera on <18.1.
Device Updates
- Newly added 18.1 hammerhead needs repartitioning via this guide. This process wipes the device, you MUST backup first.
Roster Updates
- 18.1 additions: debx
- 15.1 to 18.1: hammerhead (thanks to @z3DD3r)
- Older versions of duplicated devices have been dropped:
- 19.1 drops: alioth
- 16.0 drops: hammerhead
- 15.1 drops: deb, flo, shamu, ether
- 14.1 drops: clark
App Updates
- There have been numerous reports of freezing and loading issues on the past few versions of Mull. The only common denominator we found appears to be the 'Dark Reader' extension, please disable it if you encounter such issues. And as a reminder we do NOT recommend any extensions except for uBlock Origin. In receiving feedback for this issue, numerous people have mentioned using extensions that are useless or downright harmful as is documented here.
- Updated Mulch to 116.0.5845.78-1, has - security fixes.
- Updated Mull to 116.2.0-1, adds back Google as a search engine.
- IR Remote now has a Skymaster/Veon remote thanks to Roman Luitko.
- Updated Mull to 116.0.0-1, has 19 security fixes. Additionally 116.0.0-2 was released to fix a branding issue and 116.0.0-3 was released which removed a prebuilt (but open-source) binary usage.
- Updated Mulch to 115.0.5790.138-1 and 115.0.5790.166-1, has 0 and 17 security fixes respectively.
July 21st 2023 Update¶Slicked
System Updates
- 20.0 rebuilds were published July 21st.
- 19.1 rebuilds were published July 19th.
- 14.1, 15.1, 16.0, 17.1, and 18.1 rebuilds were published July 18th.
- On 18.1 and higher microG enablement has been improved and is considered complete.
- microG is now set forceQueryable so that modern apps can actually interact with it.
- Apps installed via Aurora Store or Obtainium will have their install source spoofed to Play Store. This is a runtime option and doesn't require re-installing apps.
- Open Camera has been dropped as it doesn't seem to work on the lock screen anymore.
- Work profiles are now available for devices in low_ram mode.
- 17.1 and higher now let you disable user apps via their "App info" screen, thanks to a patch from GrapheneOS.
Device Updates
- low_ram is now enabled on more devices to better maintain usability as they age as noted here.
App Updates
- Updated Mull to 115.2.1-1.
- Updated Mulch to 115.0.5790.85-1 and 115.0.5790.136-1, has - and 20 security fixes.
Website Updates
- Devices using fastboot for installs now have their exact steps available linked via downloads page. This improvement should hopefully reduce friction for new users.
Other Updates
- @ElCorzo has added a basic Dockerfile to setup Fedora with the required dependencies to compile DivestOS, try it out via the included `Container/{build,run}-image-podman.sh` scripts!
July 12th 2023 Update¶Angle me not!
System Updates
- 20.0 release candidate #1 July ASB builds were published on July 12th.
- A-GPS LPP and LPPe have been set disabled.
- 18.1 and 19.1 release candidate #1 July ASB builds were published on July 9th.
- 14.1, 15.1, 16.0, and 17.1 release candidate #1 July ASB builds were published on July 8th.
- An issue with multiple users being capped to 4 has been fixed. You should now be able to have 16 if you really want.
- There is now a double opt-in microG unprivileged enablement toggle in Settings > Security on 17.1 and higher. No support will be provided at all for this mechanism and any form of Play Services is still NOT recommened.
- Full fastboot images are now provided for a handful of devices that previously only had recovery.
App Updates
- Hypatia, Extirpater, and IR Remote were translated into Greek thanks to Dimitris Vagiakakos.
- Updated Mull to 115.0.0-1 and 115.2.0-1, has 24 and 1 security fixes respectively.
- Updated Mulch to 114.0.5735.196-1, has 4 security fixes.
Website Updates
- There is now a dedicated app compatibility section on the FAQ page.
Other Updates
- Our grant application, to cover server costs and devices for testing, submitted to FUTO back in January was declined. Still waiting for a response from our application to NLnet.
June 22nd 2023 Update¶Treacheation Revocation
System Updates
- 20.0 release candidate #2 June ASB builds were published June 22nd with June PSB and QPR3 patches included.
- 18.1 rebuilds were published June 18th.
- 17.1 release candidate #2 June ASB builds were published June 18th with a handful of additional security fixes.
- 14.1, 15.1, and 16.0 rebuilds were published June 17th.
- Some untrustworthy certificate authorities have been removed.
- All branches now use the mainline AOSP certificate authority store. This is most beneficial for 14.1 through 18.1. This change increases compatibility and strengthens integrity of TLS connections.
- 20.0 now has another additional `Private DNS` preset, bringing the count to fifteen.
Roster Updates
- 19.1 to 20.0: alioth, lmi
App Updates
- Updated Mull to 114.2.0-1.
June 14th 2023 Update¶Insgesamt setzt DivestOS die Messlatte ziemlich hoch.
System Updates
- 20.0 release candidate #1 partial June ASB builds were published on June 14th. QPR3/June PSB was delayed eight days, and will be a few more days for LineageOS to merge.
- 15.1, 16.0, and 17.1 release candidate #1 June ASB builds were published on June 10th.
- 14.1, 18.1, and 19.1 release candidate #1 June ASB builds were published on June 9th.
- The code for Private DNS presets in 20.0 has been greatly simplified using newer patches from CalyxOS. Furthermore there have been two added presets.
App Updates
- Updated Mull to 114.0.0-1 and 114.1.0-1, has 15 and 0 security fixes respectively.
- Updated Mulch to 114.0.5735.61-1 and 114.0.5735.131-1, has 2 and 5 security fixes respectively.
Other Updates
- Kuketz has released a writeup on DivestOS as part of their Android OS series: Original German, Google Translated English
May 31st 2023 Update¶Timber me doodads
System Updates
- 14.1, 15.1, 16.0, and 17.1 rebuilds were published on May 30th.
Roster Updates
- The list of requested devices has been overhauled to simplify the process of tracking and adding new devices.
- 20.0 additions: akatsuki, dipper, equuleus, polaris, ursa, lemonades (failed)
- 19.1 additions: kirin, mermaid, apollon
- 18.1 additions: serranodsdd, jactivelte, jfvelte, hlte, jasmine_sprout, platina, twolip, wayne, whyred
- 18.1 to 19.1: h830, h850, rs988, h910, h918, h990, ls997, us996, vs995
- 15.1 to 19.1: h870, us997
App Updates
- Hypatia received updated Italian translations thanks to Tommaso Fonda.
- Updated Mulch (WebView) to 113.0.5672.132-1, 113.0.5672.163-1, 114.0.5735.53-1, and 114.0.5735.58-1, has 12, 0, -, and 16 security fixes respectively.
- Updated Mull to 113.1.0-1 and 113.2.0-1.
- Updated Mull to 113.0.0-1, has 34 security fixes. It also features full localization support thanks to Grant of CENO. Furthermore adventurous users can enable experimental print support via the
dom.enable_window_print
preference in about:config.
Website Updates
Other Updates
- PSA for uBlock Origin users: latest update appears to have a glitch where custom lists are disabled, double check if you have any.
May 8th 2023 Update¶100% synthetic cereal
System Updates
- 15.1 release candidate #1 May ASB builds were published on May 8th.
- 16.0, 17.1, 18.1, and 19.1 release candidate #1 May ASB builds were published on May 7th.
- 14.1 and 20.0 release candidate #1 May ASB builds were published on May 6th.
- Qualcomm location stacks using the source built libloc now strip out the User-Agent and serial number.
- Qualcomm location stacks with serial number access granted via the sysfs_soc SELinux label are now revoked.
App Updates
- IR Remote has received a translation into Italian thanks to Michael Moroni!
- Hypatia has received many translation updates:
- @Manuel-Senpai for updated Spanish translations.
- @Balthazar1234 for updated German translations.
- @Sdarfeesh for new Simplified Chinese translations.
- @cardpuncher for new Turkish and updated French translations.
- Updated Mulch (WebView) to 113.0.5672.77-1.
Website Updates
- There have been revelations regarding the Qualcomm location stack and how it impacts each device is now documented here.
April 28th 2023 Update¶
System Updates
- 17.1 release candidate #1 and #2 April ASB builds were published on April 28th and 29th respectively. RC#2 has 2 extra security fixes.
- 14.1, 15.1, 16.0, and 17.1 rebuilds were published on April 24th.
- 15.1 and 16.0 release candidate #1 April ASB builds were published on April 19th.
App Updates
- Updated Mulch (WebView) to 112.0.5615.136-1 and 113.0.5672.62-1, has 8 and 15 security fixes respectively.
- Updated Mull to 112.1.0-1 and 112.2.0-1.
Website Updates
- There is now a detailed overview of GNSS handling here to clear up recent confusion in the greater community.
Other Updates
- The web server is now round robin load balanced between two servers.
- The chat server has been upgraded (2x the CPU cores, 6x the RAM) for increased performance/reliability.
- Please donate to cover these added costs.
April 17th 2023 Update¶Emblazoned
System Updates
- 18.1 and 20.0 release candidate #1 April ASB builds were published on April 16th and 17th respectively.
- 19.1 release candidate #2 April ASB builds were published on April 15th with 3 additional security fixes.
- 14.1 and 19.1 release candidate #1 April ASB builds were published on April 12th.
- Fingerprint lockout attempt limit was increased from 3 to 5. This is more convenient while still being more secure than typical 20 of AOSP.
- 18.1 and 19.1 rebuilds were published on April 2nd.
- 16.0 rebuilds were published on April 1st.
- 14.1, 15.1, and 17.1 release candidate #2 March ASB builds were published on April 1st, they contain 1, 1, and 2 additional security fixes.
- Apps that check for but do not require Google Services Framework should now work without crashing on 16.0 and higher thanks to a patch from GrapheneOS.
- A workaround has been applied to silence some Wi-Fi driver related log spam on 20.0 for select devices (FP3).
- CompanionDeviceManager has been restored on 15.1 and higher which should improve compatibility with some Wearable apps.
Roster Updates
- santoni/land 16.0 has been replaced by a unified Mi8937 20.0. A wipe will be required due to signing key change.
- 20.0 additions: crownlte, pro1x
- 19.1 to 20.0: cheryl, mata, FP3
- 17.1 to 20.0: avicii, star*lte
- 17.1 to 18.1: griffin
App Updates
- Hypatia now uses signed databases for improved security/trust. Users MUST refresh databases after updating as the new version refuses to load older unsigned databases.
- Updated Mull to 112.0.0-1, has 56 security fixes.
- Updated Mulch (WebView) to Chromium 112.0.5615.48-1 and 112.0.5615.101-1, has 16 and 2 security fixes respectively.
Website Updates
- Supporting files (eg. avb keys and copy-parts), while already being effectively signed, now have GPG .asc signatures available too.
- Devices with broken bootloaders are now documented here.
- The Browsers page now has a list of recommended settings to change for improved privacy & security.
Other Updates
- Users are strongly recommended to use the official F-Droid client if they are not already, as the others currently lack mirror support and delta index updates along with other issues (eg. not maintained, no localization support, no download cache/resumption support).
- A mirror has been added to reduce load on the primary web server. More mirrors will hopefully be added soon. Please donate to cover their added costs.
March 22nd 2023 Update¶Agnudekret!
Special Announcement
- Tavi was granted the 2022 'Outstanding New Free Software Contributor' award by the Free Software Foundation.
System Updates
- 15.1 and 16.0 release candidate #1 March ASB builds were published on March 23rd.
- 17.1 and 20.0 release candidate #1 March ASB builds were published on March 21st and 22nd respectively.
- An issue with system services not having doze exemptions applied to their background tasks has been fixed thanks to a patch from GrapheneOS. This should fix notifications for Messaging and Etar on 18.1 and higher.
- 18.1 and 19.1 release candidate #1 March ASB builds were published on March 18th.
- 15.1, 16.0, and 17.1 rebuilds were published on March 18th.
- 14.1 release candidate #1 March ASB builds were published on March 14th.
- 15.1 and 16.0 release candidate #1 February ASB builds were published on February 19th.
- 20.0 now adds Tor Browser and Briar to the VPN killswitch bypass list when Orbot is used, thanks to a modified patch from CalyxOS. See here for more information.
- 18.1 and higher now fully disables NTP when `Set time automatically` is disabled in Settings, thanks to a patch from GrapheneOS. Typical AOSP continues to poll NTP even when this is off.
Workspace Updates
- The build scripts have had many robustness improvements.
Device Updates
- An experimental 20.0 based avicii build is now available with firmware included. If your bootloader is unlocked you should be able to in-place upgrade from 17.1. If your bootloader is locked, you must backup and unlock first.
- instantnoodle* failed to compile for the March update due to space constraints of its /system partition, builds may or may not return for it.
- kebab failed to compile for the February update due to space constraints of its /system partition, builds may or may not return for it.
App Updates
- Hypatia now has a new database from Echap for finding known stalkerware.
- Updated Mull to 110.1.0-1, 111.0.0-1, and 111.1.0-1, has 1, 20, and 0 security fixes respectively.
- Updated Mulch (WebView) to Chromium 110.0.5481.154-1, 111.0.5563.49-1, 111.0.5563.58-1, and 111.0.5563.116-1, has 10, -, 40, and 8 security fixes respectively.
Website Updates
- There is now a version of the build guide in video form here.
- The build guide has been updated with more information and some fixes.
- The website now features a full-text search thanks to the Pagefind library!
Other Updates
- AOSP 10.0/17.1 now appears to be end-of-life.
- Google took an extra week from the 6th to 13th to publish the March security bulletin.
February 18th 2023 Update¶Supple of SUPL
System Updates
- Users who only had the `DivestOS WebView` repo in their F-Droid client are strongly recommended to add the `DivestOS Official` repo in order to keep receiving out-of-band WebView updates.
- After installing this February update it is recommended to remove the `DivestOS WebView` repository from your F-Droid client and to additionally remove the legacy Mulch WebView (com.android.webview) app via Settings.
- 19.1 release candidate #1 February ASB builds were published on February 18th.
- 18.1 and 20.0 release candidate #1 February ASB builds were published on February 12th and 14th respectively.
- 17.1 rebuilds were published on February 12th.
- Backported patches (from Google/Linaro) and a workaround (from GrapheneOS) have been used to fix/mitigate an upstream Linux issue that causes IPv6 privacy addresses to be persisted across networks. (rfc4941bis)
- 17.1 release candidate #1 February ASB builds were published on February 11th.
- 17.1 and higher now has a dedicated toggle switch for SUPL use, thanks to a patch from GrapheneOS. Older versions can still use the less robust method of removing the `supl` APN type from activated APN.
- 15.1, 16.0, 17.1, and 18.1 rebuilds were published on February 10th.
- 14.1 release candidate #1 February ASB builds were published on February 8th.
- Updated the allowed WebView providers to support new Mulch package ID.
- You can now always edit APN configs, thanks to a patch from GrapheneOS.
- The GrapheneOS kernel hardening patches have been updated, adding support for Linux 5.10 and 5.15 along with updated patches for 4.x series.
- The AOSP bug on 19.1+ which causes special app permissions to be randomly reset on reboot has been fixed thanks to GrapheneOS.
App Updates
- GMaps WV has received multiple improvements including proper location support and share to navigation app ability, thanks to @woheller69.
- Updated Mulch (WebView) to Chromium 110.0.5481.64-1 and 110.0.5481.65-1.
- Mulch 110.0.5481.61-2 and beyond now has a unique package ID and has been moved into the main `DivestOS Official` repo.
- The following apps have been dramatically minified: Hypatia, Extirpater, GMaps WV, MotionLock, and SupportDivestOS. Please be sure to report any issues.
- Hypatia has been updated to reduce hash collisions after the last update trimmed them too short.
- Updated Mull to 109.2.0-1 and 110.0.1-1, has 0 and 30 security fixes respectively.
- Updated Mulch (WebView) to Chromium 109.0.5414.118-1 and 110.0.5481.61-1, has 6 and 15 security fixes respectively.
Website Updates
- The Network Connections page has had additional small improvements & cleanup.
- Updater and mirror handling for system builds is now completely decoupled from the website in order to properly prepare for additional mirror servers.
- The entire DivestOS.org website is now completely static for improved performance and security.
January 23rd 2023 Update¶
System Updates
- 20.0 rebuilds were published on January 23rd.
- 18.1 and 19.1 rebuilds were published on January 22nd.
- An issue was found with the DHCP client sending device hostname in requests on 19.1 and 20.0. Caused by path change of config file, resulting in it not being patched.
- 14.1, 15.1, 16.0, and 17.1 rebuilds were published on January 21st.
- Google Pixel 6 and 7 series now use the Broadcom PSDS server instead of Google's.
- Requests to the Broadcom PSDS server should now use HTTPS instead of plain HTTP.
- The content blocker toggle was found to improperly handle localhost resolution due to an incorrect check and has been fixed.
- 17.1 now has the option to disable the content blocker (hosts) like 18.1+.
- 18.1 and up now feature more server choices for the `Network Connectivity Check` option.
- 20.0 now features a patch from GrapheneOS which prohibits installing updates to system apps with the same version code. This mitigates downgrade attacks, as system apps usually only have their version bumped each major Android revision.
- Rebuilds for guacamole*, hotdog*, vayu, and davinci were published on January 13th with a confirmed fix for the video playback issue introduced in the January update.
- Reverse loose versioning has been added to the CVE checker which will apply 3.4 patches to 3.10 if no match is available. Yields 20-40 additional patches.
- Loose versioning of the CVE checker has been adjusted to apply 4.14 patches to 4.9 now that it is EOL. Yields 5 to 10 additional patches.
App Updates
- Updated Mull to 109.1.1-1, has 21 security fixes.
- Updated Mulch (WebView) to Chromium 109.0.5414.86-1, has 17 security fixes.
Website Updates
- The Network Connections page has had many improvements.
January 9th 2023 Update¶
System Updates
- OnePlus 9 series has broken Bluetooth offload in this update, use the `Disable A2DP offload` toggle in Developer Options to workaround until next update.
- 20.0 release candidate #1 January ASB builds were published on January 9th.
- 15.1 and 16.0 release candidate #1 January ASB builds were published on January 8th.
- 16.0 was found to be missing two security patches for external/dtc, one from 2022-11 and another from 2022-12.
- 18.1 and 19.1 release candidate #2 January ASB builds were published on January 8th, they both contain two additional security fixes compared to RC#1.
- 14.1 and 17.1 release candidate #1 January ASB builds were published on January 6th and 7th respectively.
- 20.0 rebuilds were published on December 26th.
- This update has had many fixes put in place which has been largely confirmed to fix Pixel 5/6/7 series being non-functional:
- The deblobber has been further adjusted to handle Tensor devices.
- The disablement aspects of the defconfig hardener have been reigned in a bit.
- A handful of the bionic hardening patches have been disabled.
- 17.1 and up now have LTE-only mode as an option thanks to patches from GrapheneOS.
- The proprietary library for aptX support is no longer removed.
- 15.1 and 16.0 release candidate #1 December ASB builds were published on December 12th.
Roster Updates
- Untested 20.0 builds for oriole, raven, bluejay, panther, and cheetah are now available.
App Updates
- Hypatia has received many optimizations to reduce memory usage significantly. Database downloads are also smaller too without any loss.
- Updated Mulch (WebView) to Chromium 108.0.5359.128-1, has 8 security fixes.
- Updated Mull to 108.1.0-1, 108.1.1-1, and 108.2.0-1, has 20, 0, and 0 security fixes respectively.
Website Updates
- The Installation page has had some refinements.
- The Devices page now notes which ones include firmware.
- The Messengers page has had many improvements.
Initial addition of 20.0¶
Support for 20.0 has been added in October and largely stabilized since then. The majority of 12 devices have moved to 13 with the rest following soon.
- In-place upgrade from 12 to 13 while locked has been tested working on fajita, cheeseburger, and taimen, plus many additional successful user reports.
- Only one report of failed upgrade so far.
- TalkBack and Simple Mobile Tools Gallery don't show up, despite being included in images. Suspected signing issue, logs say no v2 signature, apksigner says otherwise.
- Make a backup before upgrading!
December 11th 2022 Update¶
System Updates
- 20.0 release candidate #1 December ASB builds were published on December 11th.
- 14.1 and 19.1 release candidate #1 December ASB builds were published on December 10th.
- 17.1 and 18.1 release candidate #1 December ASB builds were published on December 9th.
- 14.1, 15.1, and 16.0 rebuilds were published on December 7th.
- Partial 20.0 rebuilds were published on November 25th and 27th.
- Patches for CVE-2018-9422 were pointed out to be incorrect by @voron00. They have since been fixed which should fix issues with latent random reboots on kernel <4.4 devices.
- There have been many new kernel CVE patches as usual, including many 3.4 backports from Fairphone again.
Device Updates
- taimen/walleye 20.0 builds after 11/15 had a broken recovery due to a (likely conflicting) upstream change. Fixed builds were released on 12/03.
- OnePlus 7 users who installed the 11/15 update on a device with A11 firmware and have no touch screen can flash today's update or manually install the A12 firmware only if unlocked. All other users must backup, unlock and migrate to these new builds.
- 2022/11/16: New 19.1 builds for OnePlus 7 series were uploaded with A12 firmware included and flashing fixed. See here for more information.
- OnePlus 7 series users must update with extreme caution. MAKE A BACKUP FIRST!
- If you have a bootloader locked OnePlus 7 series device, you MUST unlock it before this update. Locking is no longer supported due to vendor changes.
- If you have one of the following devices you MUST backup before installing this update: guacamole*, hotdog*.
- Firmware is now included again on guacamole* and hotdog*.
App Updates
- Hypatia has had a handful of fixes and improvements:
- It was missing the ability to read all files on Android 11 and higher. This was a major oversight on our part and has since been fixed.
- Refinements to the Spanish translations thanks to @senpai33.
- Features a new signature database from Amnesty International's Investigations.
- IR Remote has had a Xiaomi remote added and a handful of bug fixes, thanks to @godbless96.
- Updated Mulch (WebView) to Chromium 107.0.5304.141-1, 108.0.5359.61-1, and 108.0.5359.79-1, has 1, 28, and 1 security fixes respectively.
- Updated Mull to 107.1.0-1 and 107.2.0-1, has 21 and 0 security fixes respectively. Mull 107.1.0-2 was released in-between with the functionality to use a custom addon collection restored.
Website Updates
- The messengers page has had many updates.
Other Updates
- A selection of rules has been enacted for community areas such as the chat room.
- The domains/services have had some security improvements thanks to suggestions from @tommytran732 and @strcat.
- The Onion services have been switched to SingleHopMode, which should help reduce latency and increase throughput for users.
- The web server has been upgraded thanks to user donations. This will better handle traffic and allow keeping more old builds.
November 14th 2022 Update¶
System Updates
- All branches include a fix for the recent publicized SIM PUK related lockscreen bypass.
- 15.1 release candidate #1 November ASB builds were published on November 14th.
- 14.1 release candidate #3 November ASB builds were published on November 13th. They contain four additional security patches compared to RC#1.
- 16.0 and 20.0 release candidate #1 November ASB builds were published on November 13th.
- 19.1 release candidate #1 November ASB builds were published on November 12th.
- 17.1 and 18.1 release candidate #1 November ASB builds were published on November 11th.
- 15.1 and 16.0 rebuilds were published on November 10th.
- 14.1 release candidate #1 November ASB builds were published on November 9th.
Device Updates
- 2022/11/16: All OnePlus 7 series builds were pulled due to users not reading the news before upgrading and ending up with broken devices. See here for more information.
- OnePlus 7 series users must update with extreme caution. MAKE A BACKUP FIRST!
- Note: OnePlus 7 series may require Android 12 firmware, still unclear. A12 firmware was previously included but removed at user response due to relock support being removed.
If you have a bootloader locked OnePlus 7 series device, you MUST unlock it before this update. Locking is no longer supported due to vendor changes.- If you have one of the following devices you MUST backup before installing this update: guacamole*, hotdog*, instantnoodle*, and lemonade*.
- Firmware is now included on
guacamole*, hotdog*,instantnoodle*, and lemonade*.
App Updates
- GMaps WV was recently found to not be blocking page loaded resources correctly, thereby for example letting through page interaction telemetry events to Google. Discovered by @woheller69.
- Updated Mulch (WebView) to Chromium 107.0.5304.54-1, 107.0.5304.91-1, and 107.0.5304.105-1, has 14, 1 and 10 security fixes respectively.
October 25th 2022 Update¶
System Updates
- 18.1 and 19.1 rebuilds were published on October 24th.
- 14.1, 15.1, 16.0, and 17.1 rebuilds were published on October 23rd.
- There have been many new kernel CVE patches as usual.
- Disabled the previously added CarrierConfig and carrier_list changes due to reports of non-functional SIMs and reboots with select carriers.
- 20.0 rebuilds were published on October 20th. Users already on the existing 20.0 builds will have Network and Sensors permissions disabled for all user apps.
- 17.1 rebuilds were published on October 19th.
- 15.1 and 16.0 release candidate #1 October ASB builds were published on October 19th.
- Initial 20.0 builds were published on October 16th.
- 14.1 release candidate #1 October ASB builds were published on October 14th.
- 19.1 now has a captive portal toggle like in previous versions, thanks to a modified patch from GrapheneOS.
- The previously added DPM and CNE blobs have been removed.
Roster Updates
- Untested 20.0 builds for barbet are now available.
- Untested 18.1 builds for m8d are now available.
App Updates
- Extirpater, GMaps WV, Hypatia, MotionLock, and SupportDivestOS have been updated with themed app icon support.
- Updated Mull to 106.1.0-1, has 8 security fixes.
- Updated Mulch (WebView) to Chromium 106.0.5249.118-1 and 106.0.5249.126-1, has 6 and 0 security fixes respectively.
October 10th 2022 Update¶
System Updates
- 19.1 release candidate #1 October ASB builds were published on October 9th.
- 18.1 release candidate #1 October ASB builds were published on October 8th.
- 17.1 release candidate #1 October ASB builds were published on October 7th.
- 14.1, 15.1, and 16.0 rebuilds were published on October 7th.
- The proprietary Data Port Mapper (DPM) and Connectivity Engine (CNE) blobs have been added back. This should fix issues with multi-SIM, along with enabling link aggregation (LTE+) and Wi-Fi calling (VoWiFi).
- 19.1 now has a "Show Details" button to view the error log when an app crashes, thanks to a patch from GrapheneOS.
- The SIM ToolKit (STK) app has been added back to all versions. This is sometimes used for topping up cellular plans and also by some banks as a form of 2FA.
- Many configs/databases have been updated to improve carrier compatibility:
- 17.1+ now includes CarrierConfig configs from Android 13.
- 16.0+ now includes the carrier_list database from Android 13.
- 15.1+ includes a slightly updated VisualVoiceMail database from Google.
- 14.1+ has replaced the seven year old MMS configs with new ones from Google.
- Four bugfixes have been pulled-in for features from GrapheneOS after going through their newer patches.
Device Updates
- The firmware repository has had a big update:
- enabled: cheryl, dumpling, cheeseburger
- updated and enabled: bramble, coral, flame, redfin, sunfish
- added and enabled: aura, barbet, FP3, FP4, pro1
- the table was made easier to read
- Builds for kebab are back after four months, please see the previous special notes for OnePlus 8 series here.
- lavender had a report of modem related reboots on this update.
App Updates
- Updated Mull to 105.1.0-1 and 105.2.0-1, has 13 and 0 security fixes respectively.
- Updated Mulch (WebView) to Chromium 105.0.5195.124-1, 105.0.5195.136-1, 106.0.5249.65-1, and 106.0.5249.79-1, has 0, 11, 24, and 3 security fixes respectively.
September 10th 2022 Update¶
System Updates
- 14.1 and 15.1 release candidate #2 September ASB builds were published on September 11th. They contain three and two additional security patches respectively compared to RC#1.
- 15.1 and 16.0 release candidate #1 September ASB builds were published on September 10th.
- 18.1 release candidate #1 September ASB builds were published on September 9th.
- 14.1, 17.1, and 19.1 release candidate #1 September ASB builds were published on September 8th.
App Updates
- Updated Mull to 104.2.0-1.
- Updated Mull to 104.1.0-3, adds many additional search engines as available choices.
- Updated Mulch (WebView) to Chromium 105.0.5195.77-1 and 105.0.5195.79-1, has 1 and 0 security fixes respectively.
August 31st 2022 Update¶
System Updates
- 19.1 rebuilds were published on August 31st.
- 18.1 rebuilds were published on August 29th.
- 17.1 rebuilds were published on August 28th.
- 14.1, 15.1, and 16.0 rebuilds were published on August 27th.
- DEBUG_NOTIFIERS has been disabled on kernels 4.14 and higher due to an incompatibility with CFI and the Android toolchain. This has been confirmed to fix boot on OnePlus 9 series. It also likely fixes Pixel 4 and 5 series.
- Most 3.18 kernels and higher have been patched against CVE-2022-2588.
- The APN list, VisualVoiceMail configs, Wi-Fi regulations database, and contributors cloud database have been updated for all branches.
- 17.1 is likely to be end-of-life very soon.
- 16.0 rebuilds were published on August 14th.
- 15.1 release candidate #1 August ASB builds were published on August 13th. This is a total of 40 added security patches from March through August.
- 14.1 rebuilds were published on August 13th.
- There have been many new kernel CVE patches as usual, including many 3.4 backports from Fairphone again.
Workspace Updates
- The build script now verifies the GPG signatures of the DivestOS repos, the prebuilt apps, and of all the AOSP platform repos as part of ongoing protection against supply chain attacks.
- A complete malware scan of every file in the workspace was performed resulting in zero detections.
Device Updates
- If you have one of the following devices you MUST backup before installing this update: instantnoodle*, kebab, beryllium.
- If you have a bootloader locked OnePlus 8 series device, you MUST unlock it before this update. Locking is no longer supported due to vendor changes.
- If you have a OnePlus 8 or 9 series device, you MUST update to the Android 12 based firmware for it.
App Updates
- Updated Mulch (WebView) to Chromium 105.0.5195.68-1, has 24 security fixes.
- Extirpater, GMaps WV, Hypatia, MergedWiFiNLP, MotionLock, and SupportDivestOS have had:
- Strict dependency verification checks enabled to better protect against supply chain attacks.
- Dependency updates thanks to initial patches from Patryk Miś.
- Updated Mull to 104.1.0-1, has 10 security fixes.
- Updated Mulch (WebView) to Chromium 104.0.5112.97-1, has 12 security fixes.
Website Updates
- The FAQ page has had many additions to it.
- The patch levels page now better elaborates on how insecure these devices are.
- The device downloads page has had the generation code overhauled to be easier to maintain.
- There is a new ASB Patch Counts page that documents which system ASB patches are included in which branches.
Other Updates
- All git commits by Tavi after 2022/08/22 should be GPG signed. See here for keys.
August 8th 2022 Update¶
System Updates
- 16.0 and 19.1 release candidate #1 August ASB builds were published on August 8th.
- 18.1 release candidate #1 August ASB builds were published on August 7th.
- 17.1 release candidate #1 August ASB builds were published on August 6th.
- 15.1 and 16.0 rebuilds were published on August 5th.
- 14.1 release candidate #1 August ASB builds were published on August 5th.
- 16.0 release candidate #1 July ASB builds were published on July 15th.
Roster Updates
- Tested 19.1 builds for FP4 are now available.
App Updates
- Mull has received a new icon in the shape of a
raccoonbadger. - Updated Mulch (WebView) to Chromium 103.0.5060.129-1 and 104.0.5112.69-1, has 0 and 27 security fixes respectively.
- Updated Mull to 103.1.0-1, has 10 security fixes.
Website Updates
- All chat/forums links have been moved to a new community page.
- Browser and Messenger tables now have links to each app.
Other Updates
- The chat room is now available via the Matrix Bifrost. This was blocked previously due to severe issues with the bridge implementation.
July 14th 2022 Update¶
System Updates
- 19.1 release candidate #1 July ASB builds were published on July 13th.
- 18.1 release candidate #1 July ASB builds were published on July 11th.
- 17.1 release candidate #1 July ASB builds were published on July 10th.
- 15.1 and 16.0 rebuilds were published on July 10th.
- 14.1 release candidate #1 July ASB builds were published on July 9th.
- Reminder that 14.1, 15.1, and 16.0 are end-of-life. 17.1 will also reach end-of-life soon, likely within three months.
- There have been a handful of new kernel CVE patches to all devices as usual, plus a dozen for all 3.0 and 3.4 devices thanks to recent backports from @haggertk.
- While 15.1 is still on the 2022-02 ASB level, an assortment of 22 security fixes have been applied from the past few months to it.
- 19.1 now has a toggle for Monet theming based on wallpaper thanks to patches from GrapheneOS.
- 16.0 release candidate #1 June ASB builds were published on June 15th.
App Updates
- Hypatia has received translations into Polish thanks to Marcin Mikołajczak!
- GMapsWV has received fastlane translations into Polish and Brazilian Portuguese thanks to Marcin Mikołajczak and @ruanon respectively!
- Updated Mulch (WebView) to Chromium 103.0.5060.53-1, 103.0.5060.70-1, and 103.0.5060.71-1, has 13, 0, and 3 security fixes respectively.
- On Mull 101 and higher there have been reports of addons sporadically disabling and becoming non-functional on 101 and higher. Unable to reproduce and cause unknown.
- Mull 102.1.1-1 had Fission enabled which while it largely worked, resulted in many broken functions so was disabled in -2.
- Updated Mull to 102.1.1-1, 102.1.1-2, and 102.2.0-1, has 23, 0, and 0 security fixes respectively.
Website Updates
- The 'Functionality Tables' page has been split out from the 'Known Issues' page.
- There is now a new page for easy access to known issues and where to report issues, the bug reporting page.
Other Updates
- Thanks to a large donation recently there is now an additional Ryzen 5900X+64GB RAM system used for compiling.
June 14th 2022 Update¶
System Updates
- 19.1 release candidate #1 June ASB builds were published on June 14th.
- 18.1 release candidate #1 June ASB builds were published on June 13th.
- 14.1 and 17.1 release candidate #1 June ASB builds were published on June 12th.
- 15.1 and 16.0 rebuilds were published on June 12th.
- Passwords up to 64 characters are now supported thanks to a patch from GrapheneOS.
- There was a report of not being able to successfully boot flounder with this update, however cannot be reproduced by us.
- 18.1 rebuilds were published on June 7th.
- 14.1, 15.1, 16.0, and 17.1 rebuilds were published on June 5th.
- 18.1 and 19.1 now have unconditional AMOLED burn-in protection for the status and navigation bars, thanks to old patches from @arter97.
- Page sanitization was found missing from nearly all 3.18 kernels, and has been added.
- SLUB debugging has been disabled to reduce memory fragmentation and restore performance. This comes at the loss of sanity checks and redzoning on all kernels, along with SLUB sanitization on 3.0, 3.4 and 4.4 kernels. Redzoning was also suspected to cause boot issues on numerous devices.
- copy-partitions.zip has been resigned for all devices to fix incompatibility with 19.1 recoveries not containing -extra keys.
- 14.1 rebuilds were published on May 27th.
- More (Google Pixel specific) proprietary blobs have been removed.
- ZRAM enabled devices now use 75% of RAM on 1GB devices and 50% of RAM on all other devices.
- Private DNS options are now available on 19.1
- Location indicator spam on 19.1 has been fixed.
Device Updates
- davinci, kebab, and z2_plus failed to compile this cycle. Fix is already known for kebab.
Roster Updates
- A handful of new 19.1 devices, untested: instantnoodle, instantnoodlep, kebab, lemonade, lemonadep
App Updates
- Updated Mulch (WebView) to Chromium 102.0.5005.59-1, 102.0.5005.78-1, 102.0.5005.99-1, and 102.0.5005.125-1, has 32, 0, 0, and 7 security fixes respectively.
- Updated Mull to 100.1.3, 100.3.0, 101.1.0, 101.1.1, and 101.2.0, has 0, 2, 30, 0, and 0 security fixes respectively.
Website Updates
- The 'Functionality Tables' page now documents notes and quirks of the system.
- Screenshots have been updated to showcase 19.1.
- Future news is now always shown as upcoming news.
- 'Troubleshooting' page now has commands for collecting logs.
- 'FAQ' page has received many improvements.
May 11th 2022 Update¶
System Updates
- This release has confirmed reports of certain apps losing special permissions like all file access or screen overlay. Cause unknown. Likely upstream bug.
- 19.1 release candidate #1 May ASB builds were published on May 11th.
- 14.1 and 18.1 release candidate #1 May ASB builds were published on May 9th.
- 16.0 and 17.1 release candidate #1 May ASB builds were published on May 8th.
- 14.1, 15.1, and 16.0 rebuilds were published on May 7th.
- 19.1 now includes the Camera app from GrapheneOS. This is a much more user friendly and faster camera compared to Open Camera.
- The default launcher layouts have been fixed.
- Some more proprietary blobs have been removed.
- Many unnecessary kernel debug options were disabled which should slightly increase performance and reduce memory usage.
- An issue with non-executable DRM leftovers was fixed that caused Chromium-based browsers like Brave to freeze/crash.
- 19.1 rebuilds were published on April 26th.
- 18.1 and 19.1 now features an option to disable /etc/hosts blocking. Useful for when a site is falsely blocked.
- On 17.1 and up, a warning is now shown when running 32-bit apps on a 64-bit device.
- Supported kernels using an internal wireless regulations database are now updated to latest database.
- Silence has been dropped in favor of the AOSP Messaging app.
Device Updates
- bonito and sargo, now likely end-of-life, have firmware included.
App Updates
- Updated Mulch (WebView) to Chromium 101.0.4951.61-1, has 13 security fixes.
- Updated Mull to 100.1.0, has 20 security fixes and now enables HTTPS only mode by default. This release was delayed due to a change upstream and fixed by Relan, give them a big thanks!
- Updated Mulch (WebView) to Chromium 100.0.4896.127-1 and 101.0.4951.41-1, has 2 and 29 security fixes respectively.
Website Updates
- 'Patch Levels' page now makes it more evident how insecure devices are.
- Device blob counts were removed due to maintenance overhead.
- Device status lines are now more specific.
Other Updates
- The /r/DivestOS subreddit is now the official DivestOS subreddit for those who prefer the non-free Reddit.
Initial addition of 19.1¶
Support for 19.1 was added last month and has largely stabilized, builds for many devices are already available available.
- [parity] The captive portal toggle in Settings is not available yet.
- [improvement] Many legacy hacks have been dropped.
- [improvement] Full bionic hardening patchset from GrapheneOS has been enabled.
- [issue] Network restrictions on other profiles are quirky, pending upstream patchset.
- Only devices with kernel 4.4 or higher will be supported due to increased requirements.
- In-place upgrade from 11 to 12 while locked has been tested working.
- Please report any issues you find.
- Make a backup before upgrading!
- Sensors Off toggle must be disabled before upgrading.
Pending Removal of Silence¶
What is happening
DivestOS has included Silence as the SMS app since the very beginning. However this app has been completely unmaintained for well over two years now. It has many annoying bugs and likely has unfound security issues. DivestOS plans to remove Silence and replace it back with the LineageOS fork of the AOSP SMS app.
What steps you need to take
In order to prevent loss of your message history, or to keep the app if you want to continue using it please follow these steps.
- Open Silence and export an encrypted backup, this will ensure you can recover if the app fails to persist.
- Download the current version of Silence from one of these mirrors: F-Droid, Divested, GitLab, Cloudflare
- Install it.
- After the system update you should still have Silence available.
- If after the system update Silence is missing, install it again, and restore your backup.
April 14th 2022 Update¶Very variant
Roster Updates
- Fourteen new 18.1 variants: d800, d801, d850, d851, f400, h830, h918, jflteatt, jfltespr, jfltevzw, ls990, ls997, vs985, vs995
- Two new 15.1 variants: deb, flounder_lte
- Nine new 14.1 variants: d2att, d2spr, d2tmo, d2vzw, h811, hero2lte, himawl, n5100, n5120
April 13th 2022 Update¶May I have another RAM please?
System Updates
- 14.1, 15.1, 16.0, 17.1, and partial 18.1 rebuilds were published on April 13th.
- The FDroidPrivExt has been dropped due to breakage caused by the per-app sensors permission patchset.
- The exec spawning feature has been default disabled due to usability issues, especially on devices with <=4GB of RAM.
- In order to improve usability, the following additional devices now have low RAM tweaks applied: clark, crackling, flox, fp2, fugu, harpia, jfltexx, klte, m8, mako, merlin, osprey, serrano3gxx, serranoltexx, surnia, victara
- 16.0/17.1/18.1 have switched to the more robust GrapheneOS implementation of per-app sensors permission.
App Updates
- Updated Mulch (WebView) to Chromium 100.0.4896.88-1, has 12 security fixes.
- Hypatia received a translation into Finnish thanks to @huuhaa!
April 10th 2022 Update¶
System Updates
- 16.0 release candidate #1 April ASB builds were published on April 9th.
- Rebuilds for beryllium, lavender, lmi, and vayu along with enchilada and fajita were published on April 9th with AVB permissive again after boot issues. If your device was affected you should be able to update to new build via adb sideload without issue.
- 14.1 release candidate #1 April ASB builds were published on April 8th.
- UnifiedNlp and backends are no longer included due to potential privacy concerns.
- 18.1 release candidate #1 April ASB builds were published on April 8th.
- 17.1 release candidate #1 April ASB builds were published on April 7th.
- During bringup of 19.1 it was discovered that all AVB devices had AVB set permissive. This has been corrected and new builds will be released soon. Please make a backup and ensure OEM unlocking toggle is allowed/enabled before updating. The offending code was added 11 months ago to actually enable AVB after LineageOS had disabled it, however it was incorrect. If you have knowledge of Android systems and the free time please kindly take a stroll through our source code for any further issues, I cannot do this all on my own.
- There have been many new kernel CVE patches as usual.
- The kernel CVE patcher now supports pulling patches from the CIP 4.4 branch. While 4.4 was EOL in 2022-02, CIP 4.4 has support until 2027-01.
App Updates
- GMapsWV had a bugfix release to fix cases where cookies were not cleared.
- Updated Mulch (WebView) to Chromium 100.0.4896.79-1, has 1 security fix.
- Hypatia now supports custom server endpoints.
Website Updates
- A new table is now available that shows historical patch level dates for a handful of Android projects.
- The full browser table has been split up.
April 3rd 2022 Update¶
System Updates
- 18.1 rebuilds were published on April 3rd.
- Kernel defconfig hardening function has been adjusted to ensure init_on_alloc/free is used over page_poision when available.
- 14.1, 15.1, 16.0, and 17.1 rebuilds were published on April 2nd.
- 15.1 rebuilds were published on April 1st and were discovered to not boot due to the WebView overlay change added on March 14th. Less than 5 users were likely impacted. Sideload the latest build to fix.
- APN and Visual VoiceMail configs have been synced from LineageOS 19.1.
- There have been many new kernel CVE patches as usual.
- Clang's -ftrivial-auto-var-init=zero is now enabled on 22 supported kernels and additionally on all of 17.1 userspace just like Android 11+ thanks to a patchset from GrapheneOS.
- 17.1 and 18.1 now include an option to always randomize Wi-Fi MAC addresses by default thanks to GrapheneOS. Be sure to enable it on any applicable existing saved networks.
- 17.1 and 18.1 now sports a toggle to disable and enable the exec spawning feature thanks to GrapheneOS. You might consider using it if you don't want the app launch delay or increased memory usage.
- 16.0 and higher now feature the powerful exec spawning patchset from GrapheneOS.
App Updates
- Updated Mulch (WebView) to Chromium 99.0.4844.88-1 and 100.0.4896.58-1, has 1 and 28 security fixes respectively.
- Updated Mull to 98.3.0.
Website Updates
- The Chromium versions table now has past release dates for select variants.
March 22nd 2022 Update¶Ruff ruff!
System Updates
- This was a bumpy release due to boot failures on select devices despite extensive testing, however the result is very much worth it.
- 17.1 and 18.1 rebuilds were published on March 21st.
- 16.0 release candidate #3 March ASB builds were published on March 19th.
- There have been many new kernel CVE patches as usual, with CVE-2022-23960 patches applied to 6 trees.
- 16.0 and higher now includes many additional hardening patches from GrapheneOS.
- 18.1 now uses the GrapheneOS hardened memory allocator on 64-bit devices just like 16.0 and 17.1.
- 18.1 now provides an option to block secondary users from installing apps thanks to a patch from GrapheneOS.
- 17.1 and 18.1 now allows prohibiting native debugging via ptrace_scope thanks to patches from GrapheneOS.
- 17.1 and 18.1 now features timeouts to automatically reboot, disable Bluetooth, and disable Wi-Fi thanks to patches from GrapheneOS and CalyxOS.
- Ability to optionally use the Bromite WebView instead of Mulch via the override in Developer Settings thanks to @MSe1969.
App Updates
- Updated Mulch (WebView) to Chromium 99.0.4844.73-1, has 11 security fixes.
- Hypatia received a translation into Afrikaans thanks to Oswald van Ginkel!
March 14th 2022 Update¶
System Updates
- 18.1 release candidate #1 March ASB builds were published on March 13th and 14th.
- 14.1, 15.1, and 16.0 rebuilds were published on March 12th.
- 17.1 release candidate #1 March ASB builds were published on March 11th.
- 14.1 release candidate #1 March ASB builds were published on March 10th.
- Kernel CVE patch database had long overdue maintenance:
- Nearly all patches were reimported after adding local import support to the checker.
- Many missing patches were added due to the reimport.
- Many AOSP diffs were replaced with patches thanks to local import support.
- All inclusive patch versions were automatically corrected after adding support to the checker.
- All links were verified, fixing a hundred or so broken ones along the way.
- No regressions in generated patchers, only a few additions here or there.
- 15.1, 16.0, and 17.1 rebuilds were published on March 8th.
- 14.1 rebuilds were published on March 7th.
- There have been many new kernel CVE patches as usual, with CVE-2022-0847 and CVE-2022-25375 patches applied to 15 and 24 trees respectively.
- FIFO and regular file protections were enabled back in 2019, however were not actually enabled on select devices due to missing SELinux labels. Now fixed thanks to a patch from GrapheneOS.
- Many duplicate or incorrectly applied CVE patches have been removed from the kernel patchers after a thorough cleanup. Should fix some latent camera, Wi-Fi, Bluetooth, and display issues across devices.
- Some kernels are broken and when combined with usage of the app data restriction options on 17.1/18.1 would cause a "random reboot". A workaround is now in place to retry the restriction instead of crashing the system server. This is known to affect cheeseburger, dumpling, and maybe a few other Linux 4.4 series devices.
App Updates
- Updated Mulch (WebView) to Chromium 99.0.4844.58-1, fixes blank new tab page and broken WebView scrolling.
- Updated Mull to 98.1.1 and 98.2.0, has 2 and 1 security fixes respectively.
Website Updates
- Chromium version comparison list has been overhauled.
- Installation steps have been much improved.
- Signed copy-partitions.zip scripts by Erfan Abdi, filipepferraz, and Lanchon are now available for devices that require it.
- The list of recommended devices on the 'FAQ' page has been updated.
March 2nd 2022 Update¶Hash me if you can!
System Updates
- 18.1 rebuilds were published on March 1st.
- 16.0 rebuilds were published on February 28th.
- 17.1 rebuilds were published on February 26th.
- 16.0, 17.1, and 18.1 now feature the NETWORK permission from GrapheneOS. This is an extremely effective way for denying all network access of an app. It should be used in-place of the existing "Allow network access" toggle.
- 14.1, 15.1, and 16.0 release candidate #3 February ASB builds were published on February 24th.
- Loose versioning of the CVE checker has been improved to apply 4.9 patches to 4.4 and 3.18 kernels now that 4.4 is EOL.
- Developer options crash on 15.1 should be fixed.
Roster Updates
- 17.1 removals: marlin, sailfish, m8, z2_plus
- marlin and sailfish has been moved to 18.1, tested working.
App Updates
- Updated Mull to 97.2.0 and 98.1.0, has 0 and 16 security fixes respectively.
- Updated Mulch (WebView) to Chromium 98.0.4758.101-1 and 99.0.4844.48-1, has 11 and 28 security fixes respectively.
Website Updates
- The verified boot hashes are now documented on their own new page.
February 14th 2022 Update¶Will you be my build?
System Updates
- 16.0 release candidate #2 February ASB builds were published on February 14th.
- 14.1 release candidate #2 February ASB builds were published on February 13th. They contain one additional security patch compared to RC#1.
- 18.1 release candidate #1 February ASB builds were published on February 13th.
- 14.1 release candidate #1 February ASB builds were published on February 12th.
- 14.1, 15.1, and 16.0 rebuilds were published on February 11th.
- FairEmail and Vanilla Music, along with their AOSP fallbacks, have been dropped from inclusion in part due to responses demonstrated in a recent user poll.
- The provisioner repository has been dropped, as the feature was disabled in official F-Droid.
- 17.1 release candidate #1 February ASB builds were published on February 11th.
- 16.0 rebuilds were published on January 29th.
- 15.1 release candidate #2 January ASB builds were published on January 28th.
- 14.1 rebuilds were published on January 27th.
- Secondary users now have a logout option available on 16.0+, thanks to a patch from GrapheneOS.
- The hamper analytics patchset has been dropped due to causing app crashes. The HOSTS file sufficiently blocks them anyway.
- 14.1 release candidate #2 January ASB builds were published on January 19th. They contain three additional security patches compared to RC#1.
Workspace Updates
- Workspace was migrated to a larger Intel S3710 thanks to user contributions! Their support also enabled doubling the RAM of the build machine to 64GB.
Device Updates
- Likely fixed calling issues on Pixel devices, by restoring a handful of previously removed blobs.
- Some re-lockable devices were missing the option to enable OEM unlocking, affected devices should now be fixed.
- guacamole*/hotdog*: cellular radio has been fixed after adding back a previously removed blob.
Roster Updates
- jellypro builds are now available again after it turned out it was commented in the uploader since October 2021.
App Updates
- Updated Mulch (WebView) to Chromium 97.0.4692.87-1, 97.0.4692.98-1, and 98.0.4758.87-1 has 0, 26, and 27 security fixes respectively.
- Updated Mull to 96.2.0, 96.3.0, 97.1.0, and 97.1.1, has 0, 1, 44, and 0 security fixes respectively.
Website Updates
- A new table is now available for comparing Chromium releases in the wild.
Other Updates
- AOSP 9.0/16.0 now appears to be end-of-life.
- Linux 4.4 is now end-of-life.
- The Anarchy-Droid tool now has basic support for installing DivestOS.
January 2022 Incident¶Ruh Roh!
What Happened
- Builds for twenty devices were pulled due to boot failure and rebuilt versions were later uploaded.
Impact
- Affected devices: alioth, Amber, avicii, bramble, coral, davinci, discovery, flame, guacamole, guacamoleb, hotdog, hotdogb, lmi, pioneer, redfin, sunfish, vayu, voyager, z2_plus
Timeline
- Jan 13th: Patches for CVE-2021-4203 were added to the Linux patch repo.
- Builds containing this patch were released on Jan 14th and 16th.
- Jan 16th @ 20:08: A report was received of guacamole not booting, initially suspected to be firmware related.
- Jan 16th @ 23:02: The report of guacamole not booting was confirmed and ruled out firmware.
- Jan 16th @ 23:18: All guacamole* and hotdog* builds were pulled.
- Using the error message ("creds_are_invalid") and `git blame` the CVE-2021-4203 patches were identified as the issue.
- Jan 16th @ 23:45: All devices that included the patch were pulled.
- In-depth checking of why this broke led to DEBUG_CREDENTIALS catching the NULL credential objects, due to missing this patch.
- This is confirmed by looking at the Linux stable patches released on Oct 6th, both patches are included.
- Jan 17th @ 00:24: CVE patchers were regenerated and rebuilds of the affected devices started.
- Jan 17th @ 10:31: Rebuilds of the 15 affected 18.1 devices started uploading. Finished @ 13:10.
- Jan 17th @ 13:11: Rebuilds of the 5 affected 17.1 devices started uploading. Finished @ 14:50.
Steps to take if you installed the broken build
- If your bootloader is unlocked or your recovery is still functional, simply flash the newest fixed build.
- If your bootloader is locked and your recovery is not functional, you will have to unlock (which wipes your device) and reinstall the newest fixed build. Then restore your data from backup.
Steps to take as a user in the future
- Keep a copy of the most recent known working build for your device.
- Backup your data before every update.
Steps we plan to take in the future
- Acquire more devices for testing, to catch such issues before release.
January 16th 2022 Update¶
System Updates
- 18.1 release candidate #1 January ASB builds were published on January 16th.
- 17.1 rebuilds were published on January 14th.
- 14.1, 15.1, and 16.0 rebuilds were published on January 13th.
- 16.0 and 17.1 release candidate #1 January ASB builds were published on January 12th.
- 15.1 rebuilds were published on January 11th.
- 14.1 release candidate #1 January ASB builds were published on January 11th.
- A handful of additional tracker libraries are now disabled after overhauling our `hamper analytics` patchset.
- Much work went into reducing the number of falsely blocked hosts in the included HOSTS file. Please report any others you find.
- Firmware inclusion repository has had further improvements. Notably enabling updates for enchilada/fajita.
Roster Updates
- Many new 18.1 devices, untested: h910, lavender, pioneer, voyager, discovery, akari, aurora, xz2c
App Updates
- WebRTC was enabled in Mull 96.x builds and would leak LAN IP addresses to websites. WebRTC was again disabled in 96.1.1-3. Few users would have been impacted due to needing to manually update to 96.x in the first place.
- Updated Mulch (WebView) to Chromium 97.0.4692.70-1, has 38 security fixes.
- Updated Mull to 96.1.0, 96.1.1, and 96.1.1-2, has 30, 0, and 0 security fixes respectively.
Website Updates
- The 'Browser Tables' page has been overhauled to be more informative and accurate.
- 'Patch Levels' page has updated blob counts and more prominent end-of-life dates.
December 17th 2021 Update¶
System Updates
- 14.1, 15.1 and 16.0 release candidate #2 December ASB builds were published on December 17th.
Device Updates
- Wi-Fi has been fixed on a handful of devices such as amber, raphael, lmi, alioth, guacamole*, and hotdog*.
App Updates
- Updated Mull to 95.2.0.
December 14th 2021 Update¶"patch patch patch!"
System Updates
- Firmware inclusion repository has had some improvements and now has an index available for users.
- 17.1 and 18.1 release candidate #1 December ASB builds were published on December 13th.
- 14.1 release candidate #1 December ASB builds were published on December 8th.
- This is an absolutely massive and exciting kernel security update for all devices using Linux 3.x series thanks to loose versioning work. This modification to the CVE checker allows checking newer versioned patches against older kernels when a matching version patch is unavailable. This feature was rolled out in three stages, firstly applying one version higher, then applying up to two versions higher, and lastly attempting all 4.4 patches on all 3.x versions. The result is anywhere between 50 and 180 additional CVE patches per 3.x kernel. Rebuilds of all impacted devices were published between November 26th and 29th.
- There have been many new kernel CVE patches as usual.
Device Updates
- Camera2 is now in place of Open Camera on flox due to driver quirks.
Roster Updates
- harpia and merlin 17.1 builds are now available, untested.
- jellypro 14.1 builds are now available, untested.
App Updates
- Updated Mull to 95.1.0-4, enables the RLBox security hardening feature.
- Updated Mull to 95.1.0, has 18 security fixes.
- Updated Mulch (WebView) to Chromium 96.0.4664.45-1, 96.0.4664.92-1, and 96.0.4664.104-1, has 25, 22, and 5 security fixes respectively.
Website Updates
- The 'Patch Levels' page has been cleaned up, received more links, and documents 'end-of-life' dates.
- Security patch counts for Mull and Mulch have been added to the changelogs.
Other Updates
- The chat room recently peaked at 24 users connected.
November 9th 2021 Update¶
System Updates
- 15.1 release candidate #3 November ASB builds were published on November 9th.
November 8th 2021 Update¶A sanity check
System Updates
- 18.1 release candidate #2 November ASB builds were published on November 7th.
- 14.1, 16.0, and 17.1 release candidate #2 November ASB builds were published on November 6th.
- [upstream] Updated to November ASB.
- 15.1 rebuilds were published on November 5th and 6th. They do not contain November ASB patches.
- The per-app sensors permission patches have been disabled on 14.1, 15.1 and 16.0 due to breakage in select cases.
- 14.1 release candidate #1 November ASB builds were published on November 3rd.
- AVB2.0 devices had an AVB1.0 flag set likely preventing boot.
- Many AVB1.0 devices turned out to not be enforcing, now fixed.
- Verified boot enablement has been overhauled.
- The script used to change the default DNS has been expanded to cover more files.
- The `Private DNS` menu of the Settings app on 17.1+ now includes thirteen presets for various DNS providers. Based off of work by CalyxOS.
- Firmware inclusion has been disabled for select devices, pending update and re-enablement.
- The included HOSTS file has been further reduced in size after making our wildcard optimizer more thorough.
- There have been many new kernel CVE patches as usual.
Workspace Updates
- All scripts have been verified working as intended.
- Various script fixes.
- Scripts will now fail loudly.
- Some patches had minor adjustments to them for `git am` correctness.
- A non-critical patch was found to not have been applied due to a typo.
- Patches are now refreshed on apply.
- Patches are now applied via a helper function based on `git am` instead of `patch -p1 <`.
- Workspace reset function has been made more thorough.
- All branches have been deleted and re-downloaded.
- Manifests have been trimmed.
- 11.0/KitKat support has been removed.
Device Updates
- The recovery firmware extraction script has been tested working on clark after resolving SELinux denials. Likely also fixes osprey and surnia.
- The enchilada/fajita kernel has been updated to 4.9.277 from 4.9.227.
Roster Updates
- z2_plus has been moved to 18.1, untested.
- kccat6, lentislte, land, and santoni 16.0 builds are now available, untested.
- apollo 14.1 builds are now available, untested.
App Updates
- Updated Mull to 94.1.0 and 94.1.1, has 16 security fixes.
- Updated Mulch (WebView) to Chromium 95.0.4638.50-1 and 95.0.4638.74-1, has 19 and 9 security fixes respectively.
Website Updates
- The 'Patch Levels' page now has direct links to kernel CVE patchers.
Other Updates
- AOSP 8.1/15.1 is now end-of-life.
- Google has finally stopped supporting Linux 3.18, resulting in a grand total of 339 additional CVE patches after official support ended.
October 11th 2021 Update¶Lights out!
System Updates
- 18.1 October ASB builds were published on October 10th.
- 14.1, 15.1, 16.0, and 17.1 release candidate #1 October ASB builds were published on October 7th.
- [upstream] Updated to October ASB.
- A new `Support` app is included with links to common resources. git repository
- 17.1 rebuilds were published on October 3rd.
- 14.1, 15.1, and 16.0 rebuilds were published on October 2nd.
- 18.1 had full wildcard hosts support fixed after more testing.
- DivestOS now includes its own WebView build named Mulch. Previously DivestOS depended on the LineageOS WebView. However this limited how quickly we could release security updates and prevented our ability to disable various anti-features in Chromium. Mulch is largely based off of and will track closely the Vanadium browser from GrapheneOS. A standalone version of Mulch is also available to all Android users on our F-Droid repository. git repository
- 17.1 and 18.1 now feature a quick settings tile to globally block all apps from accessing the camera, microphones, and sensors.
- All versions now have an option to disable sensors on a per-app basis, thanks to @MSe1969
- All 3.4 devices have received numerous (3-30) prima (Wi-Fi driver) related security patches.
- hardenDefconfig function has been reworked to better ensure all changes are made to all devices. Previously there were some cases where changes were only partially applied.
- It has been shown some devices have an extremely long command line passed to the kernel by the bootloader. The hardenBootArgs function exacerbated this issue and caused some devices to not boot. It has now been shortened dramatically.
- The hamper analytics patches have been fixed after converting the booleans to strings.
Device Updates
- i9100 has fallen behind due to space constraints.
- Bluetooth on thor has likely been fixed.
- klte build 20210913 had a broken recovery due to kernel commandline. If installed, you will need to manually update. Steps here
App Updates
- Updated Mulch (WebView) to Chromium 94.0.4606.71-3 and 94.0.4606.80-1, has 4 and 4 security fixes respectively.
- Updated Mull to 93.1.0, has 13 security fixes.
- [upstream] Updated WebView to Chromium 94.0.4606.61, has 1 security fix. commit
- Hypatia 2.22 was released, mostly internal changes, and should be much more responsive.
- [upstream] Updated WebView to Chromium 93.0.4577.82, has 10 security fixes. commit
Website Updates
- The 'Patch Levels' page now details the number of proprietary blobs each device includes and has removed.
- Credits section has been made more readable
September 14th 2021 Update¶Can you hear me now?
System Updates
- 18.1 September ASB builds were published on September 13th and 14th.
- 14.1, 15.1, 16.0, and 17.1 release candidate #3 September ASB builds were published on September 12th.
- slub_nomerge has been enabled for pre 3.18 kernels, providing some of the slab_nomerge benefits.
- PROC_PAGE_MONITOR is no longer disabled, fixing app and service memory stats (eg. previously 0B shown in Settings).
- 14.1 and 15.1 release candidate #2 September ASB builds were published on September 12th.
- [upstream] The APN list has been updated, especially many changes for carriers in China.
- 14.1 and 15.1 release candidate #1 September ASB builds were published on September 9th.
- [upstream] Updated to September ASB.
- There have been many new kernel CVE patches as usual, including many 3.4 backports from Fairphone.
- TalkBack is now included on all versions. This is thanks to our work removing its proprietary blobs back in July and the subsequent upstreaming to F-Droid. Notably it is the first libre-build featuring the Braille keyboard.
- The included HOSTS list for blocking ads/trackers has now been optimized using wildcards.
- Wildcard HOSTS support has been backported from 16.0 branch to 14.1 and 15.1.
- [upstream] Updated WebView to Chromium 92.0.4515.159, has 9 security fixes. commit
Device Updates
- Camera on taimen and walleye is fixed.
Roster Updates
- vayu 18.1 builds are now available, untested.
- davinci 17.1 builds are now available, untested.
- surnia builds are now available, tested working.
- sunfish, bramble, and redfin 18.1 builds are now available, untested.
- beryllium, lmi, and alioth 18.1 builds are now available, untested.
App Updates
- Updated Mull to 91.1.0, 91.2.0, and 92.1.1, has 19, 1, and 13 security fixes respectively.
- Hypatia had a bug fix to identify multiple files with the same hashes (inverted hashmap).
Website Updates
- The 'Messenger Tables' page now details offline message support and multiple device support.
- The 'Screenshots' page has been overhauled.
- Many refinements to the device downloads page:
- Device names have been refined.
- Update check counts are now shown for each device.
- Fuzzy dates for images are now shown for each device.
Other Updates
- The privacy policy has been updated to better comply with GDPR regulations.
- An F-Droid repository for serving system WebView updates out-of-band is now included. You might need to manually add it.
August 7th 2021 Update¶I said deets, not beets!
System Updates
- 18.1 August ASB builds were published on August 7th.
- 14.1, 15.1, 16.0, and 17.1 August ASB builds were published on August 6th.
- [upstream] Updated to August ASB.
- [upstream] Updated WebView to Chromium 92.0.4515.131, has 10 security fixes. commit
- 14.1 release candidate #1 August ASB builds were published on August 4th.
- A path quoting issue in the CVE patcher was fixed that now allows correctly applying alternate root patches. Now fixed, many devices have received a fair number of added patches. Alternate root patches are primarily used for the Qualcomm Wi-Fi drivers.
- [upstream] Updated WebView to Chromium 92.0.4515.115, has 35 security fixes. commit
Device Updates
- LTE (band 4) support for mako was enabled if using a hybrid modem. Tested working with and without hybrid modem.
Roster Updates
- osprey has been moved to 17.1, untested.
- FP3 has been moved to 18.1, untested.
App Updates
- Updated Mull to 90.1.3.
- Hypatia now has more detailed database descriptions and a new database source from @botherder.
- GMaps WV now supports loading addresses shared from other apps thanks to R Raj (@accountForIssues).
Website Updates
- An effort will be made to better sort News entries by date, most recent first.
- 'Technical Details' page has been overhauled. Many changes are now documented and easily viewable.
- 'Patch Levels' page has been overhauled. Device info is now generated automatically. Linux version status is added.
Other Updates
- Contributions to DivestOS and related projects now require sign-off as per the DCO.
July 20th 2021 Update¶
System Updates
- 18.1 rebuilds were published on July 20th.
- 15.1 rebuilds were published on July 18th.
- July 13/17th 15.1 builds were missing two security patches compared to 18th.
- 14.1, 15.1, 16.0, and 17.1 rebuilds were published on July 17th.
- July 13th 16.0 builds were missing two security patches compared to 17th.
- [upstream] Updated WebView to Chromium 91.0.4472.164, has 8 security fixes. commit
Roster Updates
- FP2 has been moved to 18.1, untested.
- aura, hotdog, and hotdogb 18.1 builds are now available, untested.
July 14th 2021 Update¶
System Updates
- 18.1 July ASB builds were published on July 14th.
- 15.1, 16.0, and 17.1 July ASB builds were published on July 13th.
- 14.1 July ASB builds were published on July 12th.
- 14.1 release candidate #1 July ASB builds were published on early July 10th and again later in the day.
- 14.1, 15.1, 16.0 June rebuilds were published on July 5th.
- July 5th 14.1 builds had a broken bootanimation due to overzealous optipng.
- Fallback DNS has been changed from Cloudflare to Quad9.
- All versions now have an option in the Network section of the Settings app to toggle captive portal checks thanks to @MSe1969.
- Workspace on build server has been re-initialized, should fix a few subtle issues.
- A handful of patches from GrapheneOS and CalyxOS have been integrated.
- There have been a handful of new kernel CVE patches as usual, with over 200 for the 3.4 branch thanks to @haggertk's backports.
- [upstream] Updated to July ASB.
- [upstream] Updated WebView to Chromium 91.0.4472.120, has 4 security fixes. commit
Device Updates
- bonito/sargo for 18.1 are still failing to compile, any assistance appreciated. error:
ln: cannot create symbolic link from '/data/vendor/rfs/mpss' to 'out/target/product/bonito/vendor/rfs/msm/mpss//readwrite': No such file or directory
taimen has reported camera issues, if anyone can provide a logcat that would be welcomed
Roster Updates
- serrano 18.1 builds are available
App Updates
- All but one of our apps are now available on the official F-Droid repository.
- Updated Mull to 90.1.1 and 90.1.1-2, has 20 and 0 security fixes respectively.
- IR Remote has received a translation into Spanish thanks to Diego Sanguinetti!
June 16th 2021 Update¶
System Updates
- 15.1, and 16.0 June ASB builds were published on June 11th.
- 14.1 and 17.1 June ASB builds were published on June 12th.
- 18.1 June ASB builds were published on June 15th.
- There have been a handful of new kernel CVE patches as usual.
- [upstream] Updated to June ASB.
- [upstream] Updated WebView to Chromium 91.0.4472.101, has 14 security fixes. commit
Device Updates
- oneplus2 and ether have been tested booting after amending the deblobber. crackling and kipper are likely also fixed.
- i9305 SIM detection should be fixed.
App Updates
- Many of our apps have been submitted for inclusion in F-Droid. Pending approval/merge.
- Updated Mull to 89.1.1, has 17 security fixes.
Website Updates
- "Name Your Price" donations are now accepted on the 'About' page via Stripe. For freedom preservation there is a prompt before loading any proprietary JavaScript.
Other Updates
- It has been one year since the public release of DivestOS!
- cm-14.1 is likely on its last legs ASB-wise
May 10th 2021 Update¶
System Updates
- 14.1, 15.1, and 16.0 May ASB builds were published on May 8th.
- 17.1 May ASB builds were published on May 9th.
- 18.1 May ASB builds were published on May 10th.
- 14.1, 15.1, and 16.0 rebuilds were published on April 15th.
- 17.1, and 18.1 rebuilds were published on April 16th.
- Devices using `encryptable=footer` were tested broken with `forceencrypt` again in the previous build cycle. Force encryption will once again only be set for devices with a dedicated encryption metadata partition.
- There have been a handful of new kernel CVE patches as usual.
- [upstream] Updated to May ASB.
- [upstream] Updated WebView to Chromium 90.0.4430.82, has 7 security fixes. commit
- 18.1 Updater Tor support was fixed.
Device Updates
- cheeseburger/dumpling has finally been fixed on newer releases, likely caused by a stray toolchain. Should hopefully allow other similar devices to boot too.
- Firmware repository has been updated and now supports 28 devices.
App Updates
- Updated Mull to 88.1.1 and 88.1.3, has 17 and 2 security fixes respectively.
- Hypatia on Android 11 was fixed.
- GMaps WV has received support for Google Consent handling.
- Hypatia received a translation into Russian thanks to @q1011!
Website Updates
- The website has been relicensed from GPL-3.0 to AGPL-3.0 for better freedom assurance.
April 13th 2021 Update¶
System Updates
- 17.1 March rebuilds were published on April 2nd.
- 14.1, 15.1, and 16.0 April ASB builds were published on April 11th.
- 17.1 April ASB builds were published on April 12th.
- 18.1 April ASB builds were published on April 13th.
- [upstream] 18.1 branch has been marked as stable by LineageOS.
- [upstream] Updated to April ASB.
- 18.1 builds have begun for many devices.
- 17.1 recovery has been updated to latest after utilizing rebranding work from 18.1 branch.
- 17.1 and 18.1 include SeedVault for creating and restoring encrypted backups of app data. A USB OTG cable/adapter and flash drive is strongly recommended.
- Experimental 18.1 builds before 04/06 for klte, bacon, and mako had broken recoveries. For klte please flash latest recovery via heimdall. For bacon/mako flash latest recovery via fastboot if unlocked. During testing it was discovered that it is impossible to unlock bacon once locked with an AOSP recovery flashed. A signed factory recovery for bacon can be provided if you've locked yours.
- eSpeak-NG has replaced PicoTTS in 18.1 builds for the system text-to-speech provider.
Device Updates
- Fenix based browsers were fixed on flo and hammerhead.
- Sensors have been fixed on flox 17.1+.
- In-place upgrade to 18.1 has been tested working on the following devices: mata, klte
- The following devices cannot be in-place upgraded to 18.1 and must be wiped: bacon, clark, crackling, d852, d855, flox, fp2, m8, mako, shamu, victara.
Roster Updates
- Many devices have been moved to 18.1 and dropped from 17.1.
- avicii 17.1 builds are available (untested).
- axon7 15.1 builds are available (untested).
App Updates
- Updated Mull to 87.0.0, has 14 security fixes.
- MergedWiFiNLP had updates to support newer Android versions and added a database import file picker.
Website Updates
- A unified script has been made for handling device downloads page metadata.
- There are two new device statuses: "mostly works" and "likely works".
March 25th 2021 Update¶
System Updates
- 15.1 rebuilds were published on March 14th with a patch for CVE-2019-2033.
- 14.1, 15.1, and 16.0 rebuilds were published between the 24th and 25th.
- Support for building on top of LineageOS 18.1 was added.
- Scripts have been fixed to only include Silence on devices that support SMS.
- Tweaks have been made to reduce RAM usage on devices with less than 2GB of RAM. Some of these tweaks cause graphical artifacts.
- There have been a handful of new kernel CVE patches as usual.
- [upstream] Updated WebView to Chromium 89.0.4389.105, has 5? security fixes. commit
Device Updates
- dragon has been fixed and tested working on 15.1.
Roster Updates
- Experimental 18.1 builds have been made available for select devices. More will be available and switched out once LineageOS marks 18.1 as stable.
- FP3 17.1 builds are available (untested).
- m7 14.1 builds are available (untested).
- Users on flo 15.1 are urged to repartition to flox 17.1+.
- Users on mako 15.1/16.0 are urged to repartition to mako 17.1.
- Many devices had support dropped from old versions if they compile for newer versions to reduce maintenance burden.
App Updates
- Hypatia received a full translation into Italian thanks to @dantecpu and Petra Mirelli!
- Hypatia and Extirpater received a translation into Portuguese thanks to @inkhorn!
- Hypatia received an initial translation into Spanish thanks to Petra Mirelli!
March 8th 2021 Update¶
System Updates
- March ASB builds were released between the 5th and 8th.
- There have been a handful of new kernel CVE patches as usual.
- [upstream] Updated to March ASB.
- [upstream] Updated WebView to Chromium 89.0.4389.72, has 47 security fixes. commit
Device Updates
- cheryl now has verified boot support enabled after being missed.
Roster Updates
- mako 16.0 will likely be dropped due to space requirements. Any users should repartition and update to 17.1.
App Updates
- Updated Mull to 86.1.1, has 26 security fixes.
- Hypatia received a handful of bug fixes and necessary improvements.
- Hypatia was translated into French thanks to Jean-Luc Tibaux and Petra Mirelli.
- All F-Droid services had the .onion addresses added as available mirrors.
- All F-Droid repos were upgraded to use 'fdroidserver' 2.0.
- Hypatia now has translated app descriptions on F-Droid.
- Extirpater, GMaps WV, MergedWifiNLP, and MotionLock all had their dependencies updated.
Website Updates
- 'Device downloads' has gained per-device bootloader unlocking, relocking, and verified boot information.
- AVB public keys are now available for all supported devices on the 'Device downloads' page.
- 'Bootloader Unlocking' page received many refinements.
- 'Browser Tables' page received some additions.
- 'Device downloads' page now loads faster by reusing connection to the Redis instance.
- Website should now be indexed by search engines, after removing 'robots' flags.
- More information on donating was added.
Other Updates
- GitHub and GitLab repositories were cleaned up (disabled unused features, labels added).
February 12th 2021 Update¶
System Updates
- February ASB builds were released between the 6th and 8th.
- Over 30 CVE patches for 3.10 were added. import and update
- There have been many new kernel CVE patches as usual.
- [upstream] Updated to February ASB.
- [upstream] Updated WebView to Chromium 88.0.4324.152, has 1 security fix. commit
Roster Updates
- starlte and star2lte have been dropped due to being broken.
App Updates
- Hypatia was translated into German by Petra Mirelli. link
- Updated Mull to 85.1.2, has 1 security fix.
- Petra Mirelli also made an F-Droid banner graphic for Hypatia. link
- F-Droid banner graphics were also created for Mull and Extirpater.
- F-Droid screenshots were added for Mull, Hypatia, and Extirpater.
Website Updates
January 26th 2021 Update¶
System Updates
- January ASB builds were released between the 10th and 14th.
- Rebuilds were published on the 24th thru 26th primarily for CVE patcher updates.
- IMS/VoLTE was made working on supported devices. image
- CNE was removed after being briefly included in the Dec/Jan builds. This removal breaks Wi-Fi calling, but is likely worth the security benefits.
- The deblobber received tweaks to better handle more property edits. commit
- Part two of the Debian/retired Linux CVE import was completed. Linux 3.0, 3.4, and 3.10 devices benefit the most from this, averaging between 10 and 90 added CVE patches. import and update
- The exec-based spawning feature from GrapheneOS was disabled. We likely failed to port it over correctly and the result is many subtle breakages.
- All versions now include the LineageOS 17.1 APN list for better cell carrier compatibility. commit
- All versions were mostly patched against the old CVE-2019-2306. commit
- umask is now explicitly set in the build scripts and many files had their permissions corrected. This fixes many subtle issues.
- [upstream] Updated to January ASB.
- [upstream] Updated WebView to Chromium 88.0.4324.93, has 36 security fixes. commit
Device Updates
- mata has long-standing audio issues, Lineage team has been trying to fix them. Currently the earpiece speaker works on calls, but the loud speaker cannot have its volume adjusted.
- The microphone issue on shamu was resolved, was caused by our removal of some voice recognition blobs (which are required for adspd bring-up). commit
- bullhead now installs (and works) after removing the firmware images to workaround the missing proprietary additions needed for their flashing. related
Roster Updates
- mako was re-enabled for 16.0 for users who do not want to re-partition their device.
- flo was re-enabled for 15.1, for users who do not want to re-partition their device.
- mako was re-enabled for 15.1 for testing purposes.
- hammerhead was re-enabled for 15.1 due to Bluetooth issues in 16.0.
- ether and shamu were re-enabled for 15.1 as they are the last versions with working IMS.
- star2lte was added to 17.1 and was tested broken, likely due to its usage of stock vendor.img.
App Updates
- Updated Mull to 84.1.2, 84.1.4 and 85.1.0, has 0, 1, and 33 security fixes respectively.
- Hypatia had some commits forward-ported from the stable branch to the unfinished dev branch. git log
- The PrebuiltApps repository saw a handful of app updates. git log
Website Updates
- The device downloads page now supports serving multiple build versions per device. commit
- A 'News' page was added for changelogs and project history. commit
- A 'Network Connections' page was added for documenting connections made by the system. commit
- Pages with tables were fixed up for mobile.
- The 'Recommended Apps' page had some additions. commit
- The 'Messenger Tables' page received some needed updates.
- The credits and legal notices section of the 'about' page was updated.
- Some typos were fixed. commit
Other Updates
- An XMPP public chat room (muc) was created! There have been a very small handful of users, please feel free to join at divestos-mobile@conference.konvers.me.
December 16th 2020 Update¶
General Updates
- November and December ASB builds have been released.
- Mull is now on its 3rd Fenix based release, with the latest 84.1.0 including 20 security fixes. Huge thanks to @relan for their build scripts. repo link
- Hypatia has been updated to show database release/update dates in addition to a multi-threading fix.
- Etar is now used for the calendar app across all versions.
- A handful of more proprietary blob variants have been removed.
- Vendor build fingerprints are now all replaced.
- Lots of miscellaneous fixes and cleanup.
- All 15.1 builds and higher are now fully dexpreopted, this allows for reduced memory usage and also decreased boot times on FDE devices.
- TCP SACK is no longer disabled. SACK PANIC has now been patched on nearly all kernels supported. It has valuable bandwidth saving benefits.
- There have been many new CVE patches, especially for 3.18 kernels.
Roster Updates
- clark has been updated from 14.1 to 17.1 (potential modem issues). In-place upgrade has been tested to work, but your mileage may vary.
- flo has been updated from 15.1 to 17.1, but requires re-partitioning.
- cheeseburger/dumpling are compiling for 17.1, but not booting.
- coral and flame 17.1 builds are available (untested).
- rs988 and h990 17.1 builds are available (untested).
- yellowstone 16.0 builds are available (untested).
- h870 15.1 builds are available (untested).
Website Updates
- Paragraphs now have links for easy saving/sharing.
- Browser, recommended apps, and functionality tables have all been updated.
- A handful of credit updates.
- There is now a captcha required to access the device downloads page. It works without JavaScript, and has audio support.
- There is a new vanity onion address divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion. The old address also still works. tool used
- Most pages are now cached by the browser.
- Most text based content served up will now be compressed either by deflate or brotli.
Other things
- Old DivestOS patches have been used to remove AmbientSDK from Replicant. git tag
- 3G is starting to be rapidly phased out, meaning calls with most carriers will not be possible unless IMS/VoLTE works on your device.
- Heads up: LineageOS will most likely be dropping official 16.0 builds once 18.0/18.1 is released.
Future work
Test how much breakage the deblobber is causing to the IMS stack, or if that is upstream.Finish importing this- Add back AOSP patching support to the CVE patcher. It is undecided how to best implement it.
October 10th 2020 Update¶
- Most 3.4 devices should expect 40-100 more kernel CVE patches. git commit
- Most 3.18 devices should expect 10-40 more kernel CVE patches. git commit
- A handful of other kernel CVE patches are available for all other devices as per usual.
- Lots of work has been done on making the CVE patcher easier for other projects to use. repo link
- Mull is now severely out of date. There hasn't been the time to rebase it. It is strongly suggested to use Bromite or the new Fennec F-Droid until then. Bromite repo is already included in DivestOS F-Droid.
- victara build failed last month due to recovery image being too large, however it is now once again available.
- h850 and zenfone3 builds have been pulled as they were last updated in 2018 and 2019 respectively.
- [upstream] Updated to October security bulletin.
- [upstream] Updated WebView to Chromium 86.0.4240.75, has 35 security fixes.
- 11/R builds will likely not be available until March with most devices hopefully being updated by May.
September 1st 2020 Update¶
- The CVE patch database now has many more patches thanks to importing data from the Civil Infrastructure Platform CVE tracker.
- The CVE patcher has had some minor fixes to improve output reliability.
- There have been some GPS fixes for all branches, will be available in the next rebuilds.
- Many new (untested) devices: pro1, enchilada, fajita, guacamole, guacamoleb, and broken beryllium.
- Mull is likely on its last release due to ESR 68 branch being closed off.
- Hypatia now supports an extra malware hash database from ESET.
- Credits and screenshots on the website have been updated.