android-6.0.1_r79 to android-6.0.1_r80 AOSP changelog

This only includes the Android Open Source Project changes and does not include any changes in any proprietary components included by Google or any hardware manufacturer. The raw log was generated using a modified version of this script written by JBQ and improved by Al Sutton.

Please do not copy this without attribution to this site and JBQ for the original script.

+- Project: platform/bionic

3790036 : linker: remove link from external library on unload

+- Project: platform/bootable/recovery

4245022 : Add a checker for signature boundary in verifier

+- Project: platform/build

77fe130 : Updating security string to 2017-07-01 on mnc (cherry picked from commit dce5c7b9dcf30d3d8582e704733b6d702be4e64b)
320f9ba : Version bump to MOB31Y
2f1cb00 : MOB31X
87ab43a : MOB31W
67d11aa : [DO NOT MERGE] Update Security String to 2017-06-01 for mnc-dev
6a9de88 : DO NOT MERGE : Update Security String to 2017-05-01 on mnc-dev
7ed8683 : [DO NOT MERGE] Update Security String to 2017-04-01 for mnc-dev
dfb6f45 : MOB31V
6a6b785 : [DO NOT MERGE] Updating Security String to 2017-03-01 on mnc-dev
56439f8 : MOB31U
2ab374f : [DO NOT MERGE] Updating Security String to 2017-03-05 on mnc-dev
922e4e7 : [DO NOT MERGE] Updating Security String to 2017-03-01 on mnc-dev
817ad4a : [DO NOT MERGE] Update Security String to 2017-02-05 on mnc-dev
3aef984 : [DO NOT MERGE] Update Security String to 2017-02-01 on mnc-dev

+- Project: platform/cts

341f1d4 : MediaServerCrashTest: add testDrmManagerClientReset.
f9ec676 : CTS test for robust handling of invalid cmap

+- Project: device/htc/flounder

ddff829 : Fix security issue in Visualizer effect

+- Project: platform/external/boringssl

d21457b : CVE 2016-2109 fix
df0817d : DO NOT MERGE Always use Fermat's Little Theorem in ecdsa_sign_setup.
8cc3ca7 : DO NOT MERGE Constify more BN_MONT_CTX parameters.
f0d18cf : DO NOT MERGE Compute ECDSA modular inverses with Fermal's Little Theorem.
828c02a : DO NOT MERGE Make BN_mod_exp_mont_consttime take a const context.
d1d5a84 : Rewrite BN_bn2dec.

+- Project: platform/external/chromium-libpac

511f01a : Fixup libpac for V8 4.9.385.28 DO NOT MERGE.
ffb0e0b : Fix for PAC script function dnsResolve. DO NOT MERGE.
84c95a9 : Update proxy resolver and tests for V8 API changes. DO NOT MERGE.

+- Project: platform/external/chromium-webview

2dfacfd : WebView AOSP Integration Request - 52.0.2743.100

+- Project: platform/external/expat

0c447e5 : Fix cast from pointer to integer of different size

+- Project: platform/external/freetype

2689da5 : Merge commit '055aee28cedc3' into klp-dev:

+- Project: platform/external/giflib

663d87a : DO NOT MERGE Update GIFLIB to 5.1.4 DO NOT MERGE

+- Project: platform/external/libavc

bfcb407 : Decoder: Initialize MB info buffer to zero.
6bdb902 : Decoder: Fix end of bitstream error.
a9427f1 : Decoder: Fix allocation for Mbaff weight matrix
97b1d82 : Decoder: Fixed flag u1_top_bottom_decoded.
0a559ba : Decoder: Added an error check while parsing PPS.
103cc4c : Fix stack buffer overflow in ih264d_process_intra_mb
1a9219e : Decoder: Fixes in accessing mbaff flag in error cases
122d0d0 : Fix in the case of MMCO 3 (long term reference idx).
1d5cb46 : Decoder: Fixed number of MB calculation for interlaced error streams
7f3e5c6 : Decoder: Fix in reference list initialization.
ad3f6e4 : Fixing a check in ih264d_parse_slice.c
bf52820 : DO NOT MERGE Decoder: Fixed error handling for dangling fields
151ff76 : :Decoder: Moved end of pic processing to end of decode call
1762feb : Decoder: Treat first slice in a picture as part of new picture always
ca5a94f : resolve merge conflicts of 3654ad0 to mnc-dr-dev
7b38293 : Decoder: Fixed initialization of first_slice_in_pic
ed7d70d : Fix in returning end of bitstream error for MBAFF
4f91f55 : Decoder: Initialize default reference buffers for all pictures
97c26af : Decoder: Return correct error code for slice header errors
c5f9133 : Decoder: Fixes an out of bound write in bitstream buffer
65fa600 : Decoder: Fixed cur_mb_info initialization in error cases
aa26243 : Decoder: Fix in returning incomplete frame error
7742ee4 : Decoder: Fix initialization of ps_next_dpb during reference list creation
a345ce3 : Decoder: Fix in error concealment in the case of Mbaff clips
99fa90e : Decoder: Fix in the case of error in the first MB in frame.
effb5b8 : Decoder: Fixed allocation of ps_dec->ps_nbr_mb_row
9614400 : Call ih264d_deblock_display only for valid process calls
d972d37 : Decoder: Fix in MB count in MBAff error handling
22c8136 : Decoder: Fixed an out of bound access while parsing SEI
7f26623 : Decoder: Initialize ps_cur_slice->u1_mbaff_frame_flag correctly for error cases
04757ee : Decoder: Increase memory allocation for weights & offsets for interlaced clips
c5318ac : Decoder: Fixed DoS in header decode when no PPS is present
5072c4b : Decoder: Fix in checking first_mb_in_slice
28fa0db : Decoder: Padded gau1_ih264d_top_left_mb_part_indx_mod to avoid an out of bound read

+- Project: platform/external/libhevc

9f44219 : Fix heap buffer overflow while searching for valid PPS
a44bd29 : Check for buffer overflow in pps/slice header parsing
7fa2a97 : memset SPS to zero
d6a57e2 : Fix reallocation for new sps
4b96ab4 : DO NOT MERGE Handle streams with change in max_dec_buffering/num_reorder_frames without resolution change
673562c : resolve merge conflicts of 8dc7b42 to mnc-dr-dev
6b908b5 : Set current slice ctb x and y to fill prev incomplete slice
427dbba : Correct Tiles rows and cols check
d7c2e52 : Check only allocated mv bufs for releasing from reference
8cab3ff : DO NOT MERGE Return error if SPS parsing reads more bytes than the nal length
4024f48 : DO NOT MERGE Handle error return from ref list in slice hdr parsing
e90a20e : DO NOT MERGE Return error from cabac init if offset is greater than range
69f64b6 : Fix in handling wrong cu_qp_delta
d739201 : Handle invalid num_reorder_pics & max_dec_pic_buffering in SPS
d646def : Added check for invalid log2_max_transform_block_size in SPS

+- Project: platform/external/libmpeg2

337856a : Check Number of Skip MBs
17f438e : Error Resilience - Check on as_recent_fld[0][1]
5c5330e : Fix Bytes Consumed Issue
a518fd6 : DO NOT MERGE Fix in handling header decode errors
2d98b43 : Check for Valid Frame Rate in Header
f4117e9 : Error Check for VLD Symbols Read

+- Project: platform/external/libnfc-nci

8e60049 : Fix native crash in nfc_ncif_proc_activate

+- Project: platform/external/libnl

63da476 : Perform range check on len in nlmsg_reserve
52f2923 : libnl: Check data length in nla_reserve / nla_put

+- Project: platform/external/libopus

744911a : Ensure that NLSF cannot be negative when computing a min distance between them

+- Project: platform/external/libpng

b68e029 : DO NOT MERGE Update libpng to 1.6.20

+- Project: platform/external/libvpx

a88637b : Limit vpx decoder to 4K frames

+- Project: platform/external/libxml2

591f7c3 : DO NOT MERGE: Add validation for eternal enities
24e4363 : DO NOT MERGE: Use correct limit for port values
efd0e73 : DO NOT MERGE: Heap buffer overflow in xmlAddID
1ea3ab9 : DO NOT MERGE: fix for the XPath nodeTab use-after-free bug from nmehta@
78654b3 : DO NOT MERGE: Apply upstream Chromium patch for encoding changes
20fff36 : DO NOT MERGE: Fix XPointer paths beginning with range-to
b9d9cac : DO NOT MERGE: Disallow namespace nodes in XPointer ranges
cb49e76 : DO NOT MERGE resolve merge conflicts of 1d43fb67 to mnc-dev am: 1d462cdbb0

+- Project: platform/external/pdfium

269ce88 : Backport 940100c28ae28931722290794889cf84a92c5f6f from libopenjpeg20
f749948 : Backport 734d57d5f7842aa7c2c9f36d62131ab4d8bd6c87 from libopenjpeg20
6c96c1a : [DO NOT MERGE] Fix the way FreeType headers are incldued.

+- Project: platform/external/sepolicy

f26c9ce : system_server: replace sys_resource with sys_ptrace

+- Project: platform/external/skia

652f914 : Fix out of bounds memory read in GIFMovie.cpp

+- Project: platform/external/sonivox

9e9d4a2 : Fix infinite recursion
34a012f : Check chunk size
0d6d59d : Sonivox: sanity check headerLength in XMF_ReadNode.
a8ed52a : eas_mdls: fix OOB read.

+- Project: platform/external/tremolo

f2ea3e3 : Always use unsigned char
db824a5 : Fix divide by zero for non-arm processor
07e7103 : Tremolo: fix ARM assembly code for decode_map type 3 case
45cff08 : Check partword is in range for # of partitions

+- Project: platform/external/v8

b0893cc : Merge V8 5.3.332.45. DO NOT MERGE
8b7e11b : Merge V8 5.2.361.47 DO NOT MERGE
5f6805a : Ignore warnings inline with upstream V8 project. DO NOT MERGE
21c2829 : Fix unused sources warning DO NOT MERGE
7278f97 : Merge V8 5.1.281.59 DO NOT MERGE
8c86306 : Upgrade V8 to 5.1.281.57 DO NOT MERGE
30d0143 : Revert "Revert "Upgrade to 5.0.71.48"" DO NOT MERGE
2a3cfc5 : Remove mksnapshot support entirely. DO NOT MERGE.
23f628c : Upgrade V8 to version 4.9.385.28 DO NOT MERGE.
cb4387f : Align SnapshotData to word boundary. DO NOT MERGE.
8d208c6 : Don't build a v8 snapshot. DO NOT MERGE.
f02e122 : Remove generator.js from LOCAL_SRC_FILES DO NOT MERGE.
6f3d7b3 : v8: prevent unnecessary rebuilds DO NOT MERGE.
2a61e75 : Update V8 to version 4.1.0.21 DO NOT MERGE.
cfa3a99 : Recover from shift exponent ubsan failures. DO NOT MERGE.

+- Project: platform/frameworks/av

b18a4dd : Fix memory leak in error case
fbed441 : Limit ogg packet size
3b3e9c9 : Prevent OOB write in soft_avc encoder
bcb2f39 : Don't allow using or allocating a buffer after the first state transition
9908b1f : Avoid crash for stss sync sample number 0
456ec64 : Don't allow using or allocating a buffer after the first state transition
13bb7ef : DO NOT MERGE AudioFlinger: Check framecount overflow when creating track
9e0b991 : DO NOT MERGE codecs: handle onReset() for a few encoders
74ffb08 : DO NOT MERGE Add bounds check in SoftAACEncoder2::onQueueFilled()
129aba4 : DO NOT MERGE Fix NPDs in h263 decoder
d6eeff8 : DO NOT MERGE Fix out of bounds access
6303034 : DO NOT MERGE Fix integer overflow and divide-by-zero
97d752f : DO NOT MERGE FLACExtractor: copy protect mWriteBuffer
432478a : CameraBase: Don't return an sp<> by reference
ca32aed : Fix overflow check and check read result
e660633 : resolve merge conflicts of 79cf158c51 to mnc-dev
e9ff002 : EffectBundle: check nb channels to write speaker angles
eeaa0ea : avc_utils: skip empty NALs from malformed bistreams
7d77479 : Don't initialize sync sample parameters until the end
c26aa7d : Don't CHECK when buffer is too large
285fa52 : DO NOT MERGE - improve audio effect framwework thread safety
d4b3c84 : Don't CHECK when buffer is too large
87c3782 : Don't initialize sync sample parameters until the end

+- Project: platform/frameworks/base

fb07b46 : ZygoteInit: Remove CAP_SYS_RESOURCE
bf5b43c : system_server: add CAP_SYS_PTRACE
0fd509c : Make a11y node info parceling more robust
4996a4b : DO NOT MERGE [DO NOT MERGE] Throw exception if slot has invalid offset
a7dc08b : DO NOT MERGE [DO NOT MERGE] Check bounds in offsetToPtr
f3a435f : DO NOT MERGE [DO NOT MERGE] Don't allow permission change to runtime
804cbf6 : Fixed the logic for tethering provisioning re-evaluation
ecd7270 : DO NOT MERGE Do not call RecoverySystem with DPMS lock held
7cc6259 : Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
49ae4d6 : Prevent writing to FRP partition during factory reset.
5e017ef : Fix exploit where can hide the fact that a location was mocked am: a206a0f17e am: d417e54872 am: 3380a77516

+- Project: platform/frameworks/ex

8b02fe1 : DO NOT MERGE Update FrameSequence to call new DGifCloseFile DO NOT MERGE
6da377d : Handle small sized webps correctly

+- Project: platform/frameworks/native

2aa91b3 : libgui: check for invalid slot in attachBuffer
a6381e3 : libgui: Check slot received from IGBP in Surface
33d1119 : ui: Fix bad size check in Fence::unflatten
088c16b : Fix security vulnerability

+- Project: platform/frameworks/opt/net/wifi

d4cd5c5 : configparse: do not delete passpoint configuration file
59229c0 : Revert "Fix Runtime Restart caused by ag/1370419"
2a9c887 : Fix Runtime Restart caused by ag/1370419

+- Project: platform/hardware/broadcom/wlan

8a8ccb0 : Fix use-after-free in wifi_cleanup()

+- Project: platform/libcore

cdc5ccc : FtpURLConnection: Throw on invalid characters in commands.

+- Project: platform/packages/apps/Bluetooth

cc12f3b : OPP: Restrict file based URI access to external storage
806a57a : Prevent OPP from opening files that aren't sent over Bluetooth

+- Project: platform/packages/apps/CertInstaller

62a9f0b : WifiInstaller: remove the installation file

+- Project: platform/packages/apps/ContactsCommon

b54016a : resolve merge conflicts of e20a370 to mnc-dev

+- Project: platform/packages/apps/Messaging

a0851e0 : DO NOT MERGE Update callers *GifCloseFile for new GIFLIB DO NOT MERGE
09c15f3 : 32764144 Security Vulnerability - heap buffer overflow in libgiftranscode.so in colorMap->Colors[colorIndex]
ac65cc4 : 33388925 Mismatched new vs delete in framesequence library

+- Project: platform/packages/apps/PackageInstaller

0193872 : Prioritize package installer intent filter

+- Project: platform/packages/apps/Settings

97d1f86 : Add permission check to Intents used by Authenticator Settings.

+- Project: platform/packages/providers/DownloadProvider

1a49568 : Deleting downloads for removed uids on downloadprovider start

+- Project: platform/packages/providers/MediaProvider

611a98f : [DO NOT MERGE] Enforce user separation on external storage

+- Project: platform/packages/services/Telephony

db73083 : Added permission check for setCellInfoListRate

+- Project: platform/system/bt

449ad52 : Check LE advertising data length before caching advertising records
1410b9a : DO NOT MERGE Check the HCI length before extracting the L2CAP length and CID