Will Verduzco · Jun 19, 2014 at 08:15 pm

Here’s Everything That’s Changed in Android 4.4.4 KTU84P

Earlier today, we were all surprised at the sudden release of Android 4.4.4. Naturally, this left us all a bit curious as to what exactly went into this latest release, which according to Sprint’s update support documentation, brings an unspecified “security fix.” Now, the fine folks over at FunkyAndroid have done what they do best by listing out every code commit introduced with this new version of Android.

The FunkyAndroid team has already given us developer changelogs for Android 4.4.14.4.2, 4.4.2_r2, and 4.4.3. Now, they’ve gone ahead and given us yet another developer changelog for Android 4.4.4 KTU84P. As always, this service is made possible thanks to an open source script released by none other than former AOSP lead JBQ.

The complete changelist:

Project: platform/build
27aae42 : “KTU84P”
7f83b7c : MR2.1 – Version 4.4.4. Here we go! DO NOT MERGE

Project: platform/cts
b8e2dab : DO NOT MERGE Update for version bump
6da2c75 : CTS test for OpenSSL’s early CCS issue (CVE-2014-0224)
a3b762f : Disable host side holotests also
8e02f46 : CTS report MUST not display raw performance numbers. bug:13347703
510cfbc : media: Refactor and improve robustness of AdaptivePlaybackTest
e502d40 : Fix a concurrency bug in OpenSSLHeartbleedTest.
3a90060 : hardware: consumerir: Increase test pattern length
c070509 : hardware: consumerir: Fix time discrepancy
1856a4e : CTS test for Heartbleed vulnerability in SSLSocket.

Project: platform/external/chromium_org
76d1172 : Backport “Recycle old V8 wrapper objects on navigations”
afae5d8 : Block access to java.lang.Object.getClass in injected Java objects

Project: platform/external/chromium_org/third_party/WebKit
3fb1c1e : Fix Java Bridge wrapper properties cleanup for multi-frame pages
b13a6de : Cherry-pick “Export WebCore::forgetV8ObjectForNPObject”

Project: platform/external/chromium_org/third_party/openssl
e2f305e : Cherrypick “OpenSSL: add CVE fixes from 1.0.1h”

Project: platform/external/openssl
dd1da36 : Fix Early CCS bug

Project: platform/frameworks/base
63ade05 : Add EventLog event for logging of attempts to call java.lang.Object.getClass

Project: platform/frameworks/webview
7a7dce8 : Sanitize selector Intent when handling intent: scheme.

As specified by Sprint’s update support documentation, this is indeed a security update. And looking into the commits made to 4.4.4, we can now see that this is the case. We can also see that the vulnerability patched by this update isn’t the Linux kernel CVE-2014-3153 vulnerability exploited in geohot’s towelroot, but rather an OpenSSL early CCS issue (CVE-2014-0224) that may lead to certain types of man-in-the-middle attacks. In addition to the security fixes, some minor changes were made to webview and chromium, as well as event logging.

It is possible that in addition to the AOSP code commits, there may be certain device-specific fixes that come through the proprietary driver blobs that were also released at the same time. However, nothing is known at this time, including whether the dreaded mm-qcamera-daemon issue is still present.

[Source: FunkyAndroid | Thanks to Recognized Contributor galaxyfreak for the tip!]


_________
Want something on the XDA Portal? Send us a tip!

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician. View willverduzco's posts and articles here.
Mario Tomás Serrafero · May 25, 2015 at 02:00 pm · 2 comments

XDA Office Space: Frankenstein’s Perfect IM Client?

The portal’s decentralized XDA office lies in a Hangouts chatroom, where we discuss the latest developments that hit the blogosphere, critique them and figure out what we can do to add a new or original point of view. We came to love this little virtual office, which sees messaging 24/7 due to the international nature of our team. The main problem that we have faced since early on is that Hangouts is not versatile enough for in-depth discussion.   What...

XDA NEWS
Emil Kako · May 25, 2015 at 12:32 pm · 4 comments

Which IM Client on Android is best?

With so many different messengers to choose from, it can be tough to find the best one for you and your friends to use. Hangouts, Whatsapp, Telegram and more are all battling it out for the number one spot. Let us know which IM client you think is best on Android and why.

DISCUSS
Jimmy McGee · May 25, 2015 at 12:00 pm · 3 comments

Android Factory Reset Security Flaw and More – XDA TV

Nvidia is releasing a 500Gb SHIELD TV Pro! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this weekend's news is the announcement of an Android factory reset security flaw and be sure to check out the article talking about the Nexus Player getting TWRP. That's not all that's covered in today's video! Jordan covered the LG G4 First Impressions and Unboxing video from TK released this weekend...

XDA NEWS
Share This