system package update security improvements

2022-12-27 09:45:56 -05:00 · 2022-12-27 09:45:56 -05:00 · 92e686b15a
commit 92e686b15a
parent 4176525a54
1 changed files with 2 additions and 0 deletions
--- a/static/releases.html
+++ b/static/releases.html
@ -663,6 +663,8 @@
                    <ul>
                        <li>fix upstream Android 13 QPR1 recent apps list bug mainly triggered after user profile switches</li>
                        <li>kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Generic 5.10): update to latest GKI LTS branch revision which provides a proper fix for a backport mistake we discovered and reported</li>
+                        <li>block updating system packages to versions with the same versionCode since system packages without releases outside the OS rarely have their versionCode increased when changes are made and therefore it makes it possible to downgrade them which is a security weakness in Android's approach</li>
+                        <li>prefer package from OS image  over equal version packages installed as an update to improve security by dropping potentially downgraded packages particularly for the verified boot security model, with the bonus of saving disk space by dropping out-of-band updates installed from our app repository once they're redundant</li>
                        <li>TalkBack (screen reader): update base code to 13</li>
                        <li>TalkBack (screen reader): update dependencies</li>
                    </ul>