GrapheneOS version 2023121200 released:
https://grapheneos.org/releases#2023121200
See the linked release notes for a summary of the improvements over the previous release.
GrapheneOS version 2023121200 released:
https://grapheneos.org/releases#2023121200
See the linked release notes for a summary of the improvements over the previous release.
My phone has been crashing a lot since the last update so I'm very excited to install this new update. But I'm wondering about two bullet points mentioned in the release notes:
-temporarily disable memory tagging and hardened_malloc for surfaceflinger process to work around upstream use-after-free bug(s)
-raise max open files for system_server to 256k from the baseline 32k limit used for all processes on Android due to situations where the 32k limit is exhausted
Do these changes represent a benefit to usability at the cost of any security?
Roger It removes MTE and the hardened malloc implementation from surfaceflinger for now, which will realistically not harm security that much since its only one process
My phone has been crashing a lot since the last update so I'm very excited to install this new update. But I'm wondering about two bullet points mentioned in the release notes:
Most users aren't having any issues but Android 14 QPR1 appears to have caused a small number of people to have system_server crashes from it opening beyond the open file limit which wasn't an issue for them before. It would depend on which apps you use. It may be triggered by apps bugs. We have no reason to think this is a GrapheneOS related issue. We confirmed the package installer regressions fixed in the last release also impact the stock OS which won't have a fix for them into January or February.
-temporarily disable memory tagging and hardened_malloc for surfaceflinger process to work around upstream use-after-free bug(s)
It will be re-enabled when it's compatible with it again, which we might figure out ourselves but we have very limited sources and our work on important features is being delayed by needing to fix and work around upstream bugs in Android 14 QPR1. You wouldn't have either of these hardening features for it on the stock OS.
-raise max open files for system_server to 256k from the baseline 32k limit used for all processes on Android due to situations where the 32k limit is exhausted
This improves denial of service resistance and is therefore a security improvement. The increase would need to be many orders of magnitudes higher before it started to have any significant negative impact.
Haptic feedback appears to be gone on my Pixel 6a after this update.
Sorry. Another reboot brought it back.
Just received on my Pixel 5.
Came this morning and worked like always perfect. Thanks.
Camera stopped working after update (Pixel7Pro) and it only worked again after 3 reboots (the one after the install and 2 more reboots).
Before the 3 reboots camera displays a blank screen when opened.
Read in the Discord that at least other user (P8Pro) with same issue.
Splendid work as always, thank you! The only feature that I am missing on this phone is the Android Auto - can you advise when we're likely to see this implementation?
My Pixel 6 Pro seems to have lost wireless charging ability after this update. I installed it before going to sleep two nights ago, phone was on the table all night, I put it on the wireless charging stand the next morning at work and found it not charging about half way through the day. Have rebooted several times now, issue is present with or without the case on, other phones still charge on the charger.
LEGENDARY-level THANKS! Pixel 4a 5G got the update, which is awesome, even if its the last one. The memory tagging and use-after-free is concerning. Shouldn't memory tagging be used to prevent those?
I am not sure which update delivered the Markup app from Google photo libraries.
Can't find what is it and why is it for. Anyone knows more about it?
digital it wasn't delivered in an update, or installed on any devices, but simply added to the GrapheneOS apps repository should users wish to install it.
From GrapheneOS Testing room:
since it can't be obtained from the Play Store yet, we've added a mirror of the Markup image editor app in the stock Pixel OS to our app repository.
it's a tiny app with no required permissions and provides nice image editing functionality, so many people want to use it on GrapheneOS, but there was no safe way for people to easily obtain it since it's not on the Play Store
we decided to mirror it to avoid people getting it from apkmirror and then not having updates for it
despite not requiring any permissions including not using internet access, updates still matter
several image editors including this one and the Windows equivalent for editing screenshots had a vulnerability for cropping where they left the old data past the end of the new file size, but people who manually installed it via apkmirror wouldn't have gotten that update, demonstrating the importance of providing a proper way to obtain it with automatic updates
Links:
See also:
Image editor from the stock Pixel OS. This app is not yet available through the Play Store so we provide a mirror to offer a safe place to obtain it with automatic updates.
treequell is there a way to use it when editing pics from AOSP's gallery app or does it only work for screenshots?
It's not only for screenshots. It works for other apps that don't have their own image editor built in such as Aves Gallery or the GrapheneOS Camera app.
For clarity, the inclusion of the Markup app in the apps repository does not mean the app is recommended by GrapheneOS over other image editing apps. The purpose is to provide a secure way for users to install that particular app if they wish to do so.
Thank you for adding the Markup app, it's very handy
Since the last 2 upgrades I have my screen frozen if I try to kill running in background apps by tap on the square and slide up those apps, the workaround is to turn off/on the screen, any idea or fix?