-----BEGIN PGP SIGNATURE-----
iEYEABECAAYFAlfz3TAACgkQ6K0/gZqxDngnnACfWpBBPD+MBlDoVY2FWqXt7Sqb
hJwAnjOXT7GJvfSU5u5YclHC75odF/kw
=1TOl
-----END PGP SIGNATURE-----
Merge tag 'android-6.0.1_r72' into HEAD
Android 6.0.1 Release 72 (M4B30X)
# gpg: Signature made Tue 04 Oct 2016 09:47:44 AM PDT using DSA key ID 9AB10E78
# gpg: Can't check signature: public key not found
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlfO7lgACgkQ6K0/gZqxDngc2ACfZbbFQwPNwcKdvsSkc86RQp3V
0D4An0Djf1+JGySqLfiJex4600uwb/49
=kr4V
-----END PGP SIGNATURE-----
Merge tag 'android-6.0.1_r66' into HEAD
Android 6.0.1 release 66
# gpg: Signature made Tue 06 Sep 2016 09:27:04 AM PDT using DSA key ID 9AB10E78
# gpg: Can't check signature: public key not found
The security issue occurs because id is allowed to be an arbitrary
path instead of being limited to what it is -- a long. Both id
and account id are now parsed into longs (and if either fails, an
error will be logged and null will be returned).
Tested/verified error is logged using the reported attack.
BUG=30745403
Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684
(cherry picked from commit 9794d7e8216138adf143a3b6faf3d5683316a662)
The security issue occurs because id is allowed to be an arbitrary
path instead of being limited to what it is -- a long. Both id
and account id are now parsed into longs (and if either fails, an
error will be logged and null will be returned).
Tested/verified error is logged using the reported attack.
BUG=30745403
Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684
(cherry picked from commit 9794d7e8216138adf143a3b6faf3d5683316a662)
This is to backport a security fix reported by b/27308057 and b/27335139.
Also, add Analytics for these errors.
Bug: b/27335139
Change-Id: Iaacb34e4983cdf9a85487222ae930cb64d80a193
Instead of coalescing for 15 seconds after the first change
notification, coalesce until change notifications have been idle for at
least 2 seconds. This avoids long update delays, which is especially
jarring when using notifications on a wearable and the initial
notification didn't yet include the message body.
Also skip coalescence entirely for deletions; update immediately in that
case.
Change-Id: I67bed9a1af7b023020b0fd5429495eb45000e858
For subfolders of system folder type return the remote folder name instead of translate
it to the default folder type resource name. Subfolders shouldn't be considered as
system folders. For example a SPAM folder of a SPAM root folder (Junk/Ham should
be displayed as Ham instead of Junk).
Change-Id: I2644b8da336e3f0983d24355aefe961aa8acf30b
Signed-off-by: Jorge Ruesga <jorge@ruesga.com>
(cherry picked from commit db1ca54cd325c64971240d92ed11dad175d83579)
There is no activity response the intent of action VIEW and
data auth://com.android.email.ACCOUNT_SECURITY.
Add the intent filter for activity AccountSecurity, then this activity
can handle this intent.
CRs-fixed: 816922
Change-Id: I0b8982c63bd31d3fcca506fde9a1ad0d72e38cbb
Currently, body text and html are removed from the content values to be stored as files
in the filesystem. This could lead to a IllegalArgumentException because we passed
an empty content value to the update operation. We must ensure that we update
at least one item.
Related BUGDUMP-4037330 and http://forum.cyanogenmod.org/topic/112563-massive-data-use
Change-Id: Ib9ba10eb2cb86598bef6e5f8bc11553d09fc4ef8
Signed-off-by: Jorge Ruesga <jorge@ruesga.com>
