GrapheneOS and CalyxOS July Security Updates Released
Popular privacy-focused mobile operating systems just got their July security updates along with other fixes.
GrapheneOS v2023070500
- "July release of the Android Open Source Project and stock OS for the Pixel Fold is delayed, likely only for a few days. The device was just released on June 27th with official support shipped in a GrapheneOS release on June 28th so it doesn't make sense to do an incomplete early release."
- "We'll include it as part of this release when the official July release is available."
Changes since the 2023062800 release:
- full 2023-07-01 security patch level
- full 2023-07-05 security patch level
- rebased onto TQ3A.230705.001 (generic, coral) and TQ3A.230705.001.B4 (tangorpro) Android Open Source Project releases
- do not report pseudo-"network" location provider to be always disabled (resolves regression with network location compatibility from 2023062300)
- kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.185
- kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): revert 2 f2fs garbage collection optimizations backported in the Android GKI tree since at least one of them appears to be broken which we ran into in our previous 2023061400 release and now multiple OEMs including Xiaomi have encountered the issue in their own testing too
- kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.119
- disable unused instant app features at boot
- disable problematic "Add users from lock screen" setting at boot
- Settings: remove problematic "Add users from lock screen" setting
- Dialer: re-enable false gesture detection for answering calls, which can be replaced with a newer implementation in the near future instead of it being removed
- Settings: require device restart to disable eSIM activation app via our toggle
- Seedvault: update to latest revision (we plan on replacing this with a new backup implementation since Seedvault is buggy/unreliable, has consistently needed security fixes applied downstream, has failed to provide the originally planned core features and despite being initially created by a GrapheneOS community member for GrapheneOS was taken over by a group hostile towards it)
- PDF Viewer: update to version 17
- GmsCompatConfig: update to version 61
CalyxOS V4.11.1
- CalyxOS 4.11.1 - July 2023 is now available for all supported devices.
Changelog
- CalyxOS 4.11.0
- July 2023 Security update
- Bring back “Aurora Services” for seamless updates. Our intention was never to break that.
- Dialer: Open helpline links in Tor browser when available.
- Update all included apps to latest.
Pixel 3, 3a, 4, 4a, 5, 5a
- Optionally allow unlocking via fingerprint only when screen is on, enable from Settings -> Security -> Fingerprint -> Manage fingerprints -> “Touch to unlock anytime”
FP4
- Fix fingerprint unlock - “Touch to unlock anytime” (previously “Unlock only when screen is on”) getting reset.
