security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
hakurei.app/static/releases.html
Daniel Micay 7e33d2dd0c add footer link to Reddit community
2019-08-02 20:02:48 -04:00

673 lines
44 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" prefix="og: http://ogp.me/ns#">
<head>
<meta charset="utf-8"/>
<title>Releases | GrapheneOS</title>
<meta name="description" content="Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility."/>
<meta name="theme-color" content="#212121"/>
<meta name="msapplication-TileColor" content="#ffffff"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<meta name="twitter:site" content="@GrapheneOS"/>
<meta name="twitter:creator" content="@GrapheneOS"/>
<meta property="og:title" content="GrapheneOS releases"/>
<meta property="og:description" content="Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility."/>
<meta property="og:type" content="website"/>
<meta property="og:image" content="https://grapheneos.org/opengraph.png"/>
<meta property="og:image:width" content="512"/>
<meta property="og:image:height" content="512"/>
<meta property="og:image:alt" content="GrapheneOS logo"/>
<meta property="og:url" content="https://grapheneos.org/releases"/>
<meta property="og:site_name" content="GrapheneOS"/>
<link rel="icon" type="image/vnd.microsoft.icon" href="/favicon.ico"/>
<link rel="mask-icon" href="/safari-pinned-tab-icon.svg" color="#000000"/>
<link rel="stylesheet" href="/grapheneos.css?13"/>
<link rel="manifest" href="/manifest.webmanifest"/>
<link rel="canonical" href="https://grapheneos.org/releases"/>
</head>
<body>
<nav>
<ul>
<li><a href="/">GrapheneOS</a></li>
<li><a href="/install">Install</a></li>
<li><a href="/build">Build</a></li>
<li><a href="/usage">Usage</a></li>
<!--<li><a href="/faq">FAQ</a></li>-->
<li class="active"><a href="/releases">Releases</a></li>
<li><a href="/source">Source</a></li>
<li><a href="/donate">Donate</a></li>
<li><a href="/contact">Contact</a></li>
</ul>
</nav>
<div id="content">
<h1 id="releases">
<a href="#releases">Releases</a>
</h1>
<h2 id="table-of-contents">
<a href="#table-of-contents">Table of contents</a>
</h2>
<ul>
<li><a href="#about-the-releases">About the releases</a></li>
<li>
<a href="#stable-channel">Stable channel</a>
<ul>
<li><a href="#bonito-stable">Pixel 3a XL</a></li>
<li><a href="#sargo-stable">Pixel 3a</a></li>
<li><a href="#blueline-stable">Pixel 3 XL</a></li>
<li><a href="#crosshatch-stable">Pixel 3</a></li>
<li><a href="#taimen-stable">Pixel 2 XL</a></li>
<li><a href="#walleye-stable">Pixel 2</a></li>
<li><a href="#marlin-stable">Pixel XL (legacy)</a></li>
<li><a href="#sailfish-stable">Pixel (legacy)</a></li>
</ul>
</li>
<li>
<a href="#beta-channel">Beta channel</a>
<ul>
<li><a href="#bonito-beta">Pixel 3a XL</a></li>
<li><a href="#sargo-beta">Pixel 3a</a></li>
<li><a href="#blueline-beta">Pixel 3 XL</a></li>
<li><a href="#crosshatch-beta">Pixel 3</a></li>
<li><a href="#taimen-beta">Pixel 2 XL</a></li>
<li><a href="#walleye-beta">Pixel 2</a></li>
<li><a href="#marlin-beta">Pixel XL (legacy)</a></li>
<li><a href="#sailfish-beta">Pixel (legacy)</a></li>
</ul>
</li>
<li>
<a href="#changelog">Changelog</a>
<ul>
<li><a href="#2019.07.16.22">2019.07.16.22</a></li>
<li><a href="#2019.07.01.21">2019.07.01.21</a></li>
<li><a href="#2019.06.23.05">2019.06.23.05</a></li>
<li><a href="#2019.06.14.02">2019.06.14.02</a></li>
<li><a href="#2019.06.03.18">2019.06.03.18</a></li>
<li><a href="#2019.05.18.20">2019.05.18.20</a></li>
<li><a href="#2019.05.08.15">2019.05.08.15</a></li>
<li><a href="#2019.05.07.00">2019.05.07.00</a></li>
<li><a href="#2019.04.01.19">2019.04.01.19</a></li>
<li><a href="#2019.03.05.03">2019.03.05.03</a></li>
</ul>
</li>
</ul>
<h2 id="about-the-releases">
<a href="#about-the-releases">About the releases</a>
</h2>
<p>These releases are available as both tags in the source code repositories and
official builds.</p>
<p>The factory images are used for the initial installation and can be verified with
signify. See the <a href="/install">installation guide</a> for details.</p>
<p>GrapheneOS uses automatic over-the-air updates, but full update packages are listed
below for uncommon use cases like never connecting the device to the internet. A full
update package can upgrade from any past version to the new version. The over-the-air
updates use delta update packages when available. Those aren't currently linked below
but may be in the future once they're being used more consistently. Update packages
are not for performing the initial installation and you should ignore incorrect guides
trying to use them to install the OS.</p>
<p>The update packages have a internal signature verified by the update client (or
recovery image when sideloading). Downgrade attacks are also prevented, and downgrades
cannot be done unless a special downgrade update package has been signed with the
release key. The internal payload for <code>update_engine</code> is also signed,
providing another layer of signature verification and downgrade protection. Verified
boot and the hardware-backed keystore also act as a final layer of protection.</p>
<p>Releases are tested by the developers and are then pushed out via the Beta channel.
The release is then pushed out via the Stable channel after being tested by some users
using the Beta channel. In some cases, problems are caught during Beta channel testing
and a new release is made via the Beta channel to replace the aborted one. In general,
it's not possible to downgrade unless a downgrade update package is generated, so use
the Stable channel if you cannot tolerate dealing with temporary issues while a new
release for the Beta channel is being created.</p>
<noscript><strong>JavaScript is required to fetch the current list of releases from
the update server. The list you're seeing below is a pre-generated template that may
be out-of-date.</strong></noscript>
<section id="stable-channel">
<h2>
<a href="#stable-channel">Stable channel</a>
</h2>
<section id="bonito-stable">
<h3>
<a href="#bonito-stable">Pixel 3a XL</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3B.190705.003.2019.07.16.22">PQ3B.190705.003.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/bonito-factory-2019.07.16.22.zip">bonito-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/bonito-factory-2019.07.16.22.zip.sig">bonito-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/bonito-ota_update-2019.07.16.22.zip">bonito-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="sargo-stable">
<h3>
<a href="#sargo-stable">Pixel 3a</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3B.190705.003.2019.07.16.22">PQ3B.190705.003.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/sargo-factory-2019.07.16.22.zip">sargo-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/sargo-factory-2019.07.16.22.zip.sig">sargo-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/sargo-ota_update-2019.07.16.22.zip">sargo-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="crosshatch-stable">
<h3>
<a href="#crosshatch-stable">Pixel 3 XL</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.003.2019.07.16.22">PQ3A.190705.003.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/crosshatch-factory-2019.07.16.22.zip">crosshatch-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/crosshatch-factory-2019.07.16.22.zip.sig">crosshatch-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/crosshatch-ota_update-2019.07.16.22.zip">crosshatch-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="blueline-stable">
<h3>
<a href="#blueline-stable">Pixel 3</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.003.2019.07.16.22">PQ3A.190705.003.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/blueline-factory-2019.07.16.22.zip">blueline-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/blueline-factory-2019.07.16.22.zip.sig">blueline-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/blueline-ota_update-2019.07.16.22.zip">blueline-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="taimen-stable">
<h3>
<a href="#taimen-stable">Pixel 2 XL</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.16.22">PQ3A.190705.001.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/taimen-factory-2019.07.16.22.zip">taimen-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/taimen-factory-2019.07.16.22.zip.sig">taimen-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/taimen-ota_update-2019.07.16.22.zip">taimen-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="walleye-stable">
<h3>
<a href="#walleye-stable">Pixel 2</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.16.22">PQ3A.190705.001.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/walleye-factory-2019.07.16.22.zip">walleye-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/walleye-factory-2019.07.16.22.zip.sig">walleye-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/walleye-ota_update-2019.07.16.22.zip">walleye-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="marlin-stable">
<h3>
<a href="#marlin-stable">Pixel XL (legacy)</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.16.22">PQ3A.190705.001.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/marlin-factory-2019.07.16.22.zip">marlin-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/marlin-factory-2019.07.16.22.zip.sig">marlin-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/marlin-ota_update-2019.07.16.22.zip">marlin-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="sailfish-stable">
<h3>
<a href="#sailfish-stable">Pixel (legacy)</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.16.22">PQ3A.190705.001.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/sailfish-factory-2019.07.16.22.zip">sailfish-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/sailfish-factory-2019.07.16.22.zip.sig">sailfish-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/sailfish-ota_update-2019.07.16.22.zip">sailfish-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
</section>
<section id="beta-channel">
<h2>
<a href="#beta-channel">Beta channel</a>
</h2>
<section id="bonito-beta">
<h3>
<a href="#bonito-beta">Pixel 3a XL</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3B.190705.003.2019.07.16.22">PQ3B.190705.003.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/bonito-factory-2019.07.16.22.zip">bonito-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/bonito-factory-2019.07.16.22.zip.sig">bonito-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/bonito-ota_update-2019.07.16.22.zip">bonito-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="sargo-beta">
<h3>
<a href="#sargo-beta">Pixel 3a</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3B.190705.003.2019.07.16.22">PQ3B.190705.003.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/sargo-factory-2019.07.16.22.zip">sargo-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/sargo-factory-2019.07.16.22.zip.sig">sargo-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/sargo-ota_update-2019.07.16.22.zip">sargo-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="crosshatch-beta">
<h3>
<a href="#crosshatch-beta">Pixel 3 XL</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.003.2019.07.16.22">PQ3A.190705.003.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/crosshatch-factory-2019.07.16.22.zip">crosshatch-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/crosshatch-factory-2019.07.16.22.zip.sig">crosshatch-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/crosshatch-ota_update-2019.07.16.22.zip">crosshatch-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="blueline-beta">
<h3>
<a href="#blueline-beta">Pixel 3</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.003.2019.07.16.22">PQ3A.190705.003.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/blueline-factory-2019.07.16.22.zip">blueline-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/blueline-factory-2019.07.16.22.zip.sig">blueline-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/blueline-ota_update-2019.07.16.22.zip">blueline-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="taimen-beta">
<h3>
<a href="#taimen-beta">Pixel 2 XL</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.16.22">PQ3A.190705.001.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/taimen-factory-2019.07.16.22.zip">taimen-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/taimen-factory-2019.07.16.22.zip.sig">taimen-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/taimen-ota_update-2019.07.16.22.zip">taimen-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="walleye-beta">
<h3>
<a href="#walleye-beta">Pixel 2</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.16.22">PQ3A.190705.001.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/walleye-factory-2019.07.16.22.zip">walleye-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/walleye-factory-2019.07.16.22.zip.sig">walleye-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/walleye-ota_update-2019.07.16.22.zip">walleye-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="marlin-beta">
<h3>
<a href="#marlin-beta">Pixel XL (legacy)</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.16.22">PQ3A.190705.001.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/marlin-factory-2019.07.16.22.zip">marlin-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/marlin-factory-2019.07.16.22.zip.sig">marlin-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/marlin-ota_update-2019.07.16.22.zip">marlin-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
<section id="sailfish-beta">
<h3>
<a href="#sailfish-beta">Pixel (legacy)</a>
</h3>
<p>Version: <a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.16.22">PQ3A.190705.001.2019.07.16.22</a></p>
<ul>
<li><a href="https://releases.grapheneos.org/sailfish-factory-2019.07.16.22.zip">sailfish-factory-2019.07.16.22.zip</a></li>
<li><a href="https://releases.grapheneos.org/sailfish-factory-2019.07.16.22.zip.sig">sailfish-factory-2019.07.16.22.zip.sig</a></li>
<li><a href="https://releases.grapheneos.org/sailfish-ota_update-2019.07.16.22.zip">sailfish-ota_update-2019.07.16.22.zip</a></li>
</ul>
</section>
</section>
<h2 id="changelog">
<a href="#changelog">Changelog</a>
</h2>
<p>List of tagged releases. Snapshot releases without tags such as early releases of
the project and early device support releases are not listed.</p>
<h3 id="2019.07.16.22">
<a href="#2019.07.16.22">2019.07.16.22</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.16.22">PQ3A.190705.001.2019.07.16.22</a> (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)</li>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.003.2019.07.16.22">PQ3A.190705.003.2019.07.16.22</a> (Pixel 3, Pixel 3 XL, other devices)</li>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3B.190705.003.2019.07.16.22">PQ3B.190705.003.2019.07.16.22</a> (Pixel 3a, Pixel 3a XL)</li>
</ul>
<p>Changes since the 2019.07.01.21 release:</p>
<ul>
<li>Vanadium (browser and WebView): update Chromium base to 75.0.3770.143</li>
<li>Vanadium: disable media router media remoting by default</li>
<li>Vanadium: disable media router by default (avoids the triggering warning about not having Play Services)</li>
<li>Vanadium: remove Help &amp; feedback menu entry</li>
<li>Vanadium: further string rebranding from Chromium / Chrome to Vanadium</li>
<li>Vanadium: disable unused reporting feature at compile-time</li>
<li>Vanadium: disable unused remoting feature at compile-time</li>
<li>Vanadium (browser and WebView): move from external/chromium to external/vanadium in the GrapheneOS source tree and rename module from Chromium to Vanadium</li>
<li>Vanadium: disable offering translations by default</li>
<li>Vanadium: disable prefetching suggested pages by default</li>
<li>Vanadium: disable browser sign in feature by default</li>
<li>Vanadium: disable safe browsing reporting opt-in by default</li>
<li>extend release.sh to call the script for signing factory images</li>
<li>extend release.sh to call the script for generating update channel metadata</li>
<li>kernel build script (Pixel, Pixel XL, Pixel 3a, Pixel 3a XL): verify that no arguments are passed</li>
<li>kernel build script (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): verify that a single argument (device variant) is passed</li>
<li>enable kernel mitigations for file spoofing</li>
</ul>
<p>Restoration of past features since the 2019.07.01.21 release:</p>
<ul>
<li>Vanadium (browser and WebView): enable type-based CFI for virtual calls</li>
<li>enable kernel mitigations for link races</li>
<li>kernel (Pixel 2, Pixel 2 XL): backport fixes for SLAB_FREELIST_RANDOM</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): enable SLAB_FREELIST_RANDOM</li>
<li>kernel (Pixel 2, Pixel 2 XL): backport slub dynamic DEBUG_PAGEALLOC setting</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): backport slub free list pointer obfuscation</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): backport slub free list pointer obfuscation prefetch fix</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): backport slub native double free detection</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): enable SLAB_FREELIST_HARDENED</li>
<li>kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): enable DEBUG_LIST</li>
<li>kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): enable DEBUG_SG</li>
<li>kernel (Pixel, Pixel XL): reduce DEBUG_SG virt_addr_valid check to a warning (this works around a bug in the legacy QCE driver)</li>
<li>kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): enable DEBUG_NOTIFIERS</li>
<li>kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): enable DEBUG_CREDENTIALS</li>
<li>kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): enable SCHED_STACK_END_CHECK</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): bug on !PageSlab &amp;&amp; !PageCompound in ksize</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): always perform cache_from_obj consistency checks</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): bug on kmem_cache_free with the wrong cache</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): real slab_equal_or_root check for !MEMCG_KMEM</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add missing cache_from_obj !PageSlab check</li>
<li>kernel (Pixel 2, Pixel 2 XL): backport upstreamed FORTIFY_SOURCE implementation</li>
<li>kernel (Pixel 2, Pixel 2 XL): backport upstreamed leading zero byte for stack canary</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add simpler page sanitization</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add support for verifying page sanitization</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): slub: add basic full slab sanitization</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): slub: add support for verifying slab sanitization</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): slub: add multi-purpose random canaries</li>
</ul>
<h3 id="2019.07.01.21">
<a href="#2019.07.01.21">2019.07.01.21</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.001.2019.07.01.21">PQ3A.190705.001.2019.07.01.21</a> (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)</li>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190705.003.2019.07.01.21">PQ3A.190705.003.2019.07.01.21</a> (Pixel 3, Pixel 3 XL, other devices)</li>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3B.190705.003.2019.07.01.21">PQ3B.190705.003.2019.07.01.21</a> (Pixel 3a, Pixel 3a XL)</li>
</ul>
<p>Changes since the 2019.06.23.05 release:</p>
<ul>
<li>full 2019-07-01 security patch level</li>
<li>full 2019-07-05 security patch level</li>
<li>rebased onto PQ3A.190705.003/PQ3B.190705.003 releases</li>
<li>Auditor: update to version 15</li>
</ul>
<p>Restoration of past features since the 2019.06.23.05 release:</p>
<ul>
<li>add GrapheneOS PDF Viewer app (version 1)</li>
<li>Vanadium: stop ignoring download location prompt setting</li>
<li>Vanadium: show download prompt again by default</li>
</ul>
<h3 id="2019.06.23.05">
<a href="#2019.06.23.05">2019.06.23.05</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190605.003.2019.06.23.05">PQ3A.190605.003.2019.06.23.05</a> (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, other devices)</li>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3B.190605.006.2019.06.23.05">PQ3B.190605.006.2019.06.23.05</a> (Pixel 3a, Pixel 3a XL)</li>
</ul>
<p>Changes since the 2019.06.14.02 release:</p>
<ul>
<li>hardened_malloc: use copy_size to check for canaries (tiny performance / hardening fix and avoids an erroneous abort in a corner case with realloc from 0 byte allocations)</li>
<li>hardened_malloc: update libdivide to 1.1</li>
<li>Pixel 3a, Pixel 3a XL: raise maximum users to 16</li>
<li>Pixel 3a, Pixel 3a XL: disable system_other odex</li>
<li>Pixel 3a, Pixel 3a XL: disable system_other preloads_copy</li>
<li>Pixel 3a, Pixel 3a XL: show connected mac randomization feature</li>
<li>Pixel 3a, Pixel 3a XL: move to custom kernel</li>
<li>Pixel 3a, Pixel 3a XL: use monolithic kernel builds</li>
<li>kernel (Pixel 3a, Pixel 3a XL): disable slab merging</li>
<li>kernel (Pixel 3a, Pixel 3a XL): add toggle for disabling newly added USB devices</li>
<li>kernel (Pixel 3a, Pixel 3a XL): replace SECURITY_SMACK with SECURITY_NETWORK</li>
<li>kernel (Pixel 3a, Pixel 3a XL): mark qcedev data const</li>
<li>Vanadium (browser and WebView): update Chromium base to 75.0.3770.101</li>
<li>Vanadium: disable sensors access by default</li>
<li>Vanadium: disable third party cookies by default</li>
<li>Vanadium: disable background sync by default</li>
<li>Vanadium (browser and WebView): stub out battery API</li>
<li>Vanadium: disable search logo</li>
<li>Vanadium: always use local new tab page</li>
<li>Vanadium: disable payment support by default</li>
</ul>
<p>Restoration of past features since the 2019.06.14.02 release:</p>
<ul>
<li>Vanadium: do not enable default search engine notification permission by default</li>
</ul>
<h3 id="2019.06.14.02">
<a href="#2019.06.14.02">2019.06.14.02</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190605.003.2019.06.14.02">PQ3A.190605.003.2019.06.14.02</a> (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, other devices)</li>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3B.190605.006.2019.06.14.02">PQ3B.190605.006.2019.06.14.02</a> (Pixel 3a, Pixel 3a XL)</li>
</ul>
<p>Changes since the 2019.06.03.18 release:</p>
<ul>
<li>Vanadium (browser and WebView): update Chromium base to 75.0.3770.67</li>
<li>add back brk system call to the seccomp whitelist for compatibility with Go</li>
<li>Auditor: update to version 14</li>
<li>Music: backport bug fix for passing CTS</li>
<li>Updater: replace seamlessupdate.app with releases.grapheneos.org alias</li>
<li>add initial experimental support for the Pixel 3a and Pixel 3a XL</li>
<li>Pixel 2, Pixel 2 XL: set AVB rollback index to security patch timestamp (backport of the implementation for the Pixel 3)</li>
</ul>
<p>Restoration of past features since the 2019.06.03.18 release:</p>
<ul>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): replace SECURITY_SMACK with SECURITY_NETWORK</li>
</ul>
<h3 id="2019.06.03.18">
<a href="#2019.06.03.18">2019.06.03.18</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190605.003.2019.06.03.18">PQ3A.190605.003.2019.06.03.18</a> (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, other devices)</li>
</ul>
<p>Changes since the 2019.05.18.20 release:</p>
<ul>
<li>full 2019-06-01 security patch level</li>
<li>full 2019-06-05 security patch level</li>
<li>rebased onto PQ3A.190605.003 release</li>
<li>Auditor: update to version 12</li>
<li>hardened_malloc (GrapheneOS only): further expand workaround for Pixel 3 and Pixel 3 XL camera issues</li>
</ul>
<p>Restoration of past features since the 2019.05.18.20 release:</p>
<ul>
<li>disable exec spawning when using debugging options</li>
<li>enable exec spawning by default</li>
<li>enable Verizon visual voicemail support</li>
<li>kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): add toggle for disabling newly added USB devices</li>
<li>add properties for controlling deny_new_usb</li>
<li>implement dynamic deny_new_usb toggle mode</li>
<li>set deny_new_usb feature to dynamic by default</li>
<li>sepolicy: deny_new_usb sysctl and system property policy</li>
</ul>
<h3 id="2019.05.18.20">
<a href="#2019.05.18.20">2019.05.18.20</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190505.001.2019.05.18.20">PQ3A.190505.001.2019.05.18.20</a> (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)</li>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190505.002.2019.05.18.20">PQ3A.190505.002.2019.05.18.20</a> (Pixel 3, Pixel 3 XL, other devices)</li>
</ul>
<p>Changes since the 2019.05.08.15 release:</p>
<ul>
<li>GrapheneOS logo mask</li>
<li>Auditor: update to version 10</li>
<li>add preload parameter for avoiding full preload with exec</li>
<li>raise maximum users to 16</li>
<li>Vanadium (browser and WebView): update Chromium base to 74.0.3729.157</li>
<li>hardened_malloc (GrapheneOS only): apply temporary workaround for citadel HAL
use-after-free (need to start building vendor HALs from the sources to fix
issues like this)</li>
</ul>
<p>Restoration of past features since the 2019.05.08.15 release:</p>
<ul>
<li>disable OpenGL preloading for exec spawning</li>
<li>disable resource preloading for exec spawning</li>
<li>disable ICU cache pinning for exec spawning</li>
<li>disable class preloading for exec spawning</li>
<li>disable WebView reservation for exec spawning</li>
<li>disable JCA provider warm up for exec spawning</li>
<li>avoid AssetManager errors with exec spawning</li>
</ul>
<h3 id="2019.05.08.15">
<a href="#2019.05.08.15">2019.05.08.15</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190505.001.2019.05.08.15">PQ3A.190505.001.2019.05.08.15</a> (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)</li>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190505.002.2019.05.08.15">PQ3A.190505.002.2019.05.08.15</a> (Pixel 3, Pixel 3 XL, other devices)</li>
</ul>
<p>Changes since the 2019.05.07.00 release:</p>
<ul>
<li>fix cellular, hotspot and battery saver quick settings tiles (they became no-ops when unlocked)</li>
</ul>
<h3 id="2019.05.07.00">
<a href="#2019.05.07.00">2019.05.07.00</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190505.001.2019.05.07.00">PQ3A.190505.001.2019.05.07.00</a> (Pixel, Pixel XL, Pixel 2, Pixel 2 XL)</li>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ3A.190505.002.2019.05.07.00">PQ3A.190505.002.2019.05.07.00</a> (Pixel 3, Pixel 3 XL, other devices)</li>
</ul>
<p>Changes since the 2019.04.01.19 release:</p>
<ul>
<li>full 2019-05-01 security patch level</li>
<li>full 2019-05-05 security patch level</li>
<li>rebased onto PQ3A.190505.002 release</li>
<li>add Pixel and Pixel XL support including standard changes to kernel and device code</li>
<li>Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL: fix hw_random permissions</li>
<li>bundle Auditor (version 9)</li>
<li>Chromium (browser and WebView): update to 74.0.3729.136</li>
<li>Chromium: enable strict site isolation by default</li>
<li>Chromium: initial rebranding to Vanadium including icon recolor</li>
<li>hardened_malloc: extensive work on refactoring, micro-optimization and documentation (see commits for details)</li>
<li>hardened_malloc: implement mallinfo and mallinfo extensions for Android</li>
<li>hardened_malloc: implement Android API for requesting purging</li>
<li>hardened_malloc: implement the option of large size classes (enabled by default)</li>
<li>hardened_malloc: support extended range of small size classes (enabled by default)</li>
<li>hardened_malloc: support for slabs with 1 slot for largest sizes</li>
<li>hardened_malloc: use round-robin assignment to arenas</li>
<li>hardened_malloc: disable current in-place growth code path</li>
<li>hardened_malloc: harden arena implementation</li>
<li>hardened_malloc: fix non-init size for malloc_object_size extension</li>
<li>hardened_malloc: shrink initial region table size to fit in 1 page</li>
<li>hardened_malloc (GrapheneOS only): expand workaround for Pixel 3 and Pixel 3 XL camera issues</li>
<li>Pixel 3, Pixel 3 XL: change SystemUIGoogle pinning to SystemUI</li>
</ul>
<p>Restoration of past features since the 2019.04.01.19 release:</p>
<ul>
<li>use -fwrapv when signed overflow checking is off</li>
<li>add exec-based spawning support (disabled by default for now)</li>
<li>require unlocking to use battery saver quick tile</li>
<li>require unlocking to use cellular quick tile</li>
<li>require unlocking to use hotspot quick tile</li>
<li>require unlocking to use data saver quick tile</li>
<li>require unlocking to use rotation lock quick tile</li>
<li>require unlocking to use wifi quick tile</li>
<li>require unlocking to use airplane mode quick tile</li>
<li>require unlocking to use bluetooth quick tile</li>
<li>require unlocking to use nfc quick tile</li>
<li>add support for kernels without module support enabled to the VTS and compatibility tests</li>
<li>kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): disable slab merging</li>
<li>kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): disable loadable kernel module support</li>
<li>kernel (Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): mark qcedev data const</li>
<li>kernel (Pixel 2, Pixel 2 XL): disable unused ramdisk compression formats</li>
<li>SELinux policy: remove priv_app app_data_file execute</li>
<li>SELinux policy: remove dumpstate ashmem execute and execmem (GrapheneOS doesn't use the ART JIT compiler)</li>
<li>SELinux policy: remove healthd ashmem execute and execmem (GrapheneOS doesn't use the ART JIT compiler)</li>
<li>SELinux policy: auditallow app execmem (moving back towards an exception system)</li>
<li>SELinux policy: auditallow app ashmem execute (moving back towards an exception system)</li>
<li>SELinux policy: auditallow ephemeral_app app_data_file execute (moving back towards an exception system)</li>
<li>SELinux policy: auditallow untrusted_app_all execmod (moving back towards an exception system)</li>
<li>SELinux policy: auditallow untrusted_app_all app_data_file execute (moving back towards an exception system)</li>
<li>SELinux policy: auditallow untrusted_app_all app_data_file execute_no_trans (moving back towards an exception system)</li>
</ul>
<h3 id="2019.04.01.19">
<a href="#2019.04.01.19">2019.04.01.19</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ2A.190405.003.2019.04.01.19">PQ2A.190405.003.2019.04.01.19</a> (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, other devices)</li>
</ul>
<p>Initial release of GrapheneOS. Detailed changelogs were not written at this
point.</p>
<h3 id="2019.03.05.03">
<a href="#2019.03.05.03">2019.03.05.03</a>
</h3>
<p>Tags:</p>
<ul>
<li><a href="https://github.com/GrapheneOS/platform_manifest/releases/tag/PQ2A.190305.002.2019.03.05.03">PQ2A.190305.002.2019.03.05.03</a> (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, other devices)</li>
</ul>
<p>Final and only tagged release of the AndroidHardening project before it became
GrapheneOS. Earlier AndroidHardening releases were only snapshots and are not listed
here. Detailed changelogs were not written at this point.</p>
</div>
<footer>
<a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>
<ul id="social">
<li><a href="https://twitter.com/GrapheneOS">Twitter</a></li>
<li><a href="https://github.com/GrapheneOS">GitHub</a></li>
<li><a href="https://reddit.com/r/GrapheneOS">Reddit</a></li>
</ul>
</footer>
<script src="/releases.js?11"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink