AOSP Changelogs

android-security-14.0.0_r27 to android-security-14.0.0_r28 AOSP changelog

This only includes the Android Open Source Project changes and does not include any changes in any proprietary components included by Google or any hardware manufacturer. The raw log was generated using a modified version of this script written by JBQ and improved by Al Sutton.

Please do not copy this without attribution to this site and JBQ for the original script.

+- Project: platform/build

9ee8c66885 : Version bump to USV1.230808.055 [core/build_id.mk]
a22c95b929 : Version bump to USV1.230808.054 [core/build_id.mk]
74d83510de : Version bump to USV1.230808.053 [core/build_id.mk]
308e92a4bb : Version bump to USV1.230808.049.A1 [core/build_id.mk]

+- Project: platform/external/dng_sdk

72d44e3 : Update dng_sdk to 1.7.1 2471
42e6554 : Replace ubsan-minimal with throw

+- Project: platform/external/libpng

5e46c0292 : Rearchitect the fix to the buffer overflow in `png_image_finish_read`
566e14540 : Fix a buffer overflow in `png_image_finish_read`
ba5981beb : Fix a buffer overflow in `png_init_read_transformations`
411d9be12 : Fix a buffer overflow in `png_do_quantize`
da0c851e9 : Fix a memory leak in function `png_set_quantize`; refactor
a3abaea13 : Fix a heap buffer overflow in `png_write_image_8bit`

+- Project: platform/external/sqlite

5cb9c5a : Upgrade sqlite to 3.42.1
62d8eb7 : [PATCH] [ALPS08599396] Google SQLite mandatory patch
fa104a9 : Revert "Upgrade SQLite to version 3.42.0"
96f51a7 : Revert "Update sqlite to 3.42.1"

+- Project: platform/frameworks/base

c31c5d04d4c4 : DO NOT MERGE: Enforce suspend restrictions in startOp and noteOp paths
1d7703a6b66d : Enforce package name length limits in PackagePolicy setters.
2f08e7d895e3 : Block adding toast windows to non-empty tokens.
6a9eb9dd74d0 : [res] Validate package ID range in LoadedArsc
b035d109935c : Compare period character as well during wildcard matching
caffcf6be82b : Map animation delegate to the transition instead of plumbing it
fa2c8531ae6f : Validate max proxy string length for proxySpec and exclusionList using PolicySizeVerifier.
40ed3bb3016e : [res] Make sure we properly validate the XML attr size
716a1c65c273 : Verify incoming signature.
c0f88bec3bf0 : [RESTRICT AUTOMERGE] Remove staled pinned Task upon SystemUI reboot
94929458bc26 : Revert "[RESTRICT AUTOMERGE] Remove staled pinned Task upon SystemUI reboot"
407d7b083010 : RESTRICT AUTOMERGE Require to be bound with non-pinned visible window
06fb4af542b7 : Add StorageManager.convert() check earlier in the stack so the command fails early instead of crashing system later.
a83edee34b0d : Quick fix for WCLS security vulnerability.
f1c0bc9dd174 : Validate ResStringPool_header.styleCount
987b313aefa0 : Don't allow hiding critical apps.
bf47585e8618 : Allow default per-thread and per-process OnHeaderDecodedListeners
8284ae9c703a : Fix Tapjacking caused by touch slipping out of letterbox
1329a9c3ce3c : Checking userId in com.android.server.pm.ComputerEngine#resolveContentProvider
7c5437456c5d : Hide non system overlay window immediately if it is animating exit
b53981d87f80 : Apply visibility policy to window state surface
3ef64c4444d5 : Start a new transition to ignore split-enter from a malformed transition
daa876427451 : NotificationHistory validate position value

+- Project: platform/frameworks/native

4e28321ba1 : Check mDataPos to see if the Parcel needs to grow

+- Project: platform/packages/apps/CertInstaller

d90ffd0 : Use loadSafeLabel to prevent UI spoofing in CertInstaller

+- Project: platform/packages/apps/DocumentsUI

a712c9468 : Use signature-based trust for package name overrides

+- Project: platform/packages/apps/KeyChain

a9b74a6 : Sanitize app label in KeyChainActivity to prevent UI injection.

+- Project: platform/packages/apps/Launcher3

c466fd8d92 : Introduce LauncherProcessImageListener for downscaling images in Launcher.

+- Project: platform/packages/apps/Settings

72801bd6f24 : Update enable ANGLE warning message
47f5449218e : Fix vulnerability in RequestManageCredentials
4b903dacbc6 : Revert^2 "[nfc] Fix string injection in default payment app selector"
da3689792a4 : Revert "[nfc] Fix string injection in default payment app selector"
d9c08dfa81e : [nfc] Fix default payment app selection
8c3fddbc357 : Import translations. DO NOT MERGE ANYWHERE
a1416c5f8b3 : Add check to prevent privilege escalation from trampoline added in change Ie469c47005afb941f5646a2f790736362c23c697.
dd496037b6f : Add a warning asking user to backup device data
468f22c59b5 : Allow ANGLE developer option toggle UI enabled if ANGLE is enabled.
2097b24534a : Add debug property to safe guard ANGLE developer option UI.
899f6046f7c : Add warning on enabling ANGLE.
dc8f8abfcf8 : nfc: Do not let guest user disable secure nfc
648d77dd382 : Allow multi-user to control secure nfc

+- Project: platform/packages/modules/Bluetooth

006620f1ca : Avoid buffer overflow
725df035df : Handle LE Secure Connections Passkey Display/Notification
ce4be45482 : [RESTRICT AUTOMERGE] sdp: Validate buffer length in sdpu_build_attrib_seq
2e2a7bf09a : Upgrade security If it is on temp bonding & authentication is requirement

+- Project: platform/packages/modules/Permission

b16adcfc72 : Revert^2 "Ensure Gallery always shows as system fixed"
59d9e9ae75 : Revert "Revert "Display the system gallery storage permission as..."
7df0c15246 : Revert "Display the system gallery storage permission as system fixed"
7d9873e08e : Revert "Ensure Gallery always shows as system fixed"

+- Project: platform/packages/providers/ContactsProvider

7d344b67 : Fix side channel attacks in CP2
adef2344 : Fix size check bypass for case-mismatched columns

+- Project: platform/packages/services/Car

6afaae7b4b : CarDevicePolicyService: add missing permission checks

+- Project: platform/packages/services/Telecomm

13272bca5 : Fix issue initiating calls from the work profile.

+- Project: platform/packages/services/Telephony

17cda9f1f : Disallow shell to change CarrierRestrictionRules