android-7.0.0_r33 to android-7.0.0_r34 AOSP changelog

This only includes the Android Open Source Project changes and does not include any changes in any proprietary components included by Google or any hardware manufacturer. The raw log was generated using a modified version of this script written by JBQ and improved by Al Sutton.

Please do not copy this without attribution to this site and JBQ for the original script.

+- Project: platform/bionic

f1fe99f : linker: remove link from external library on unload

+- Project: platform/build

5eddfa3 : Update bugfix security string to October (cherry picked from commit ba16193f1e503e26381f81ff7d95820b75bb2247)
669a337 : Update Security String to September for Bugfix (cherry picked from commit d932d49b64fcc794dfd112694dade745eb345363)
41b186c : Version bump to NBD92L
8439b07 : Version bump to NBD92K
28a1c78 : Version bump to NBD92J
1eef05a : NBD92I
69ba3ea : NBD92H

+- Project: device/asus/fugu-kernel

ce36384 : fugu: update prebuilt kernel [ DO NOT MERGE ]

+- Project: device/google/dragon

f402965 : Fix audio record pre-processing

+- Project: device/google/dragon-kernel

fa4bb86 : ryu: update prebuilt kernel

+- Project: device/htc/flounder-kernel

b03bbc5 : flounder: update kernel prebuilt (Oct 2016 Security)

+- Project: device/moto/shamu-kernel

467bfd1 : shamu: update prebuilt kernel [ DO NOT MERGE ]

+- Project: platform/external/boringssl

c8b5fe9 : CVE 2016-2109 fix
f984795 : Always use Fermat's Little Theorem in ecdsa_sign_setup.

+- Project: platform/external/dng_sdk

dd092c6 : Throw exception on integer overflow in dng_ifd.cpp.

+- Project: platform/external/dnsmasq

6dc950b : Add extra (size_t) cast to avoid compiler warning.
a10cd37 : Make dnsmasq more stable.

+- Project: platform/external/giflib

4e8cf0d : Update GIFLIB to 5.1.4 DO NOT MERGE

+- Project: platform/external/libavc

977ff4a : Decoder: Fixed allocation of pv_map_ref_idx_to_poc_buf.
8a96e64 : Decoder: Fixed overflow in refernce list creation.
93d9884 : Initialize DPB structures to valid values.
acf845b : Added error check for output buffer size.
d6858ba : Fixed hang in the case of multiple sps id.
327f93c : Decoder: Fix in the case of MMCO 6
2d3c734 : Decoder: Cleaned up parse sps function.
4e2860c : Initializing reference list for every P/B slice.
445d57c : Fix resolution change within a decode call.
15827be : Decoder: Fixed allocation size of pred info buffer
c46d83a : Decoder: Fix end of bitstream error.
2285974 : Decoder: Fix allocation for Mbaff weight matrix
4c1ac1e : Decoder: Initialize MB info buffer to zero.
4d50188 : Decoder: Fixed flag u1_top_bottom_decoded.
823e2bd : Decoder: Added an error check while parsing PPS.
6ac20bb : DO NOT MERGE Fixed bug in the case of resolution change.
8503745 : Fix stack buffer overflow in ih264d_process_intra_mb
ac64724 : Decoder: Fix in reference list initialization.
205985d : Decoder: Fixes in accessing mbaff flag in error cases
0741a41 : Fix in the case of MMCO 3 (long term reference idx).
525dbf3 : Decoder: Fixed error handling for dangling fields
5b50bdf : Decoder: Fixed number of MB calculation for interlaced error streams

+- Project: platform/external/libhevc

49ca3ef : Fix slice decrement for skipped slices
617405b : Ensure CTB size > 16 for clips with tiles and width/height >= 4096
3df8b4b : Limit boundary PU sizes in case of errors
5e85dfa : Fix array size for hrd parameters
98251e8 : Check number of output buffers and sizes
42d7aa1 : Return error for invalid crop parameters
2107c44 : Fix OOB issue in nal unit parsing
dacf9ba : Set pic_present at end of pic_init instead of beginning
bb2912a : Handle error return in parse slice
ca32a90 : Fix heap buffer overflow while searching for valid PPS
55ffcfb : Check for buffer overflow in pps/slice header parsing
6076ba9 : memset SPS to zero
7e6466e : Fix reallocation for new sps
aefb36b : DO NOT MERGE Handle streams with change in max_dec_buffering/num_reorder_frames without resolution change
2bf2985 : Check for cpb cnt in hrd parsing
83e8832 : Correct Tiles rows and cols check
7b1cf7f : Check only allocated mv bufs for releasing from reference
8d9bad9 : Set current slice ctb x and y to fill prev incomplete slice
14efc6a : Handle error return from ref list in slice hdr parsing
4bc0adc : Return error from cabac init if offset is greater than range
d3690f9 : Return error if SPS parsing reads more bytes than the nal length

+- Project: platform/external/libmpeg2

b8e04c0 : Fixed Memory Overflow Errors
93af4ef : Correcting NumCoeff Check in VLD
4d991ba : Adding Error Check For PictureStructure Param
62bd739 : Update mbs_left In Case Of Missing Slice
8c0efb8 : Check For Zero Width/Height in Frame Header
1c38adb : Check Number of Skip MBs
ec659d9 : Error Resilience - Check on as_recent_fld[0][1]
bde91fa : Fix Bytes Consumed Issue
f087f52 : Fix in handling header decode errors

+- Project: platform/external/libvpx

9d8f436 : DO NOT MERGE libvpx: Cherry-pick 8b4c315 from upstream
5fdc527 : Limit vpx decoder to 4K frames

+- Project: platform/external/libxml2

72a81b1 : DO NOT MERGE: Heap buffer overflow in xmlAddID
1a64a41 : DO NOT MERGE: Add validation for eternal enities
d509a7b : DO NOT MERGE: Use correct limit for port values
8b28866 : DO NOT MERGE: fix for the XPath nodeTab use-after-free bug from nmehta@
24d00e7 : DO NOT MERGE: Fix XPointer paths beginning with range-to
583ce3c : DO NOT MERGE: Disallow namespace nodes in XPointer ranges
e561296 : DO NOT MERGE: Apply upstream Chromium patch for encoding changes
7b6c139 : Update libxml2 to 2.9.4 by merging e3d78e1f into nyc-dev.

+- Project: platform/external/sfntly

5a38f36 : Merge remote-tracking branch 'aosp/upstream-master' into master
8f53017 : Merge commit 'bbc9221' into master

+- Project: platform/external/skia

a48b616 : Defend against ICOs with large BMPs embedded DO NOT MERGE
efd9b10 : Stop supporting kUnknown_BmpHeaderType DO NOT MERGE
6db145d : Set a limit on the size for BMP images DO NOT MERGE

+- Project: platform/external/sonivox

4c21970 : Fix interpolator
fffb60a : Fix infinite recursion
57082a2 : Check chunk size

+- Project: platform/external/sqlite

a160e13 : DO NOT MERGE - fix FTS3 column pointer handling

+- Project: platform/external/tremolo

f1636bd : Fix out of bounds access in codebook processing
a2a2366 : Use heap instead of alloca in res012.c
3f82609 : Always use unsigned char

+- Project: platform/frameworks/av

86bdce8 : Fix 'potential memory leak' compiler warning.
5958ede : Check buffer size in useBuffer in software components
d3daa54 : stagefright: avoid buffer overflow in base64 decoder
c72ab9c : Add EFFECT_CMD_SET_PARAM parameter checking to Downmix and Reverb
a4cb749 : Fix memory leak in OggExtractor
7668983 : Skip track if verification fails
283b936 : MPEG4Source: fix fragmented read.
b9d24e9 : stagefright: fix crash due to bad timestamp index
aef5439 : stagefright: check aac_frame_length to prevent infinite loop
32ef996 : MediaPlayerService: fix access of mPlayer in client
e5ae829 : MPEG4Extractor: ensure returned status is checked.
78d2047 : DO NOT MERGE Check frame handle validity before freeing buffer.
d5f9832 : audio effects: filter reserved effect commands
142c37a : Change MPEG2 reinit Error Handling
9e8522e : Track: Check buffer size of static tracks
bbee74e : MPEG4Extractor: check size for yrrc box
7cee9d0 : AudioFlinger: Fix memory allocation for client-less tracks
562b4c9 : Notify Errors Appropriately from SoftMPEG2
679e579 : EffectBundle: Check value size for get preset name
81482a9 : Fix TOCTOU problem in libstagefright_soft_aacenc
e3c3c21 : Fix security vulnerability: Equalizer setParameter memory overflow
e9f8be0 : Check the buffer index from acquireBuffer
ece623c : better manage buffer for libstagefright_soft_mpeg4enc
a6fe507 : m4v_h263: update width/height only when they are valid.
1097a23 : m4v_h263: check header first before decoding a frame.
efca80c : Fix integer overflow in mediadrmserver
85559d6 : Fix potential leak
e6fbc9e : DO NOT MERGE Don't leak `this` out of GraphicBufferSource ctor
7406a44 : Modifying MetaData invalidates previous char*
b2184a0 : Fix memory leak in error case
edc20fc : Limit ogg packet size
7a65563 : Prevent OOB write in soft_avc encoder
07d0c6c : Avoid crash for stss sync sample number 0
7b34dc4 : Don't allow using or allocating a buffer after the first state transition
e570b59 : FLACExtractor: copy protect mWriteBuffer
9d71510 : Add bounds check in SoftAACEncoder2::onQueueFilled()
954e3d6 : Fix integer overflow and divide-by-zero
6183f7c : Fix NPDs in h263 decoder
a75badb : Fix out of bounds access
3468e22 : Validate lengths in HEVC metadata parsing
d6e03aa : AudioFlinger: Check framecount overflow when creating track
3102b04 : codecs: handle onReset() for a few encoders

+- Project: platform/frameworks/base

bc1550f : Fix security hole in GateKeeperResponse.
4f60062 : Enforce policy for camera gesture in keyguard
73cd152 : Back-port fixes for b/62196835
381fd75 : Close connection before retrying
ad44210 : ZygoteInit: Remove CAP_SYS_RESOURCE
89df367 : system_server: add CAP_SYS_PTRACE
510f016 : Make a11y node info parceling more robust
b351be2 : Protect Bluetooth OPP ACCEPT and DECLINE broadcast
ba94d7a : DO NOT MERGE Clear calling identity before checking if user is running.
7a7cfc69 : [DO NOT MERGE] Check bounds in offsetToPtr
b0cebac : [DO NOT MERGE] Throw exception if slot has invalid offset
aee66e2 : [DO NOT MERGE] Don't allow permission change to runtime

+- Project: platform/frameworks/minikin

06218f9 : Reject unsorted cmap entries. DO NOT MERGE

+- Project: platform/frameworks/native

2b89987 : fix race condition that can cause a use after free
d6e9c1c : libgui: check for invalid slot in attachBuffer
089c769 : libgui: Check slot received from IGBP in Surface
67ecf36 : ui: Fix bad size check in Fence::unflatten

+- Project: platform/frameworks/opt/net/wifi

7a59ee6 : cherry-pick: wifinative jni: check array length for trackSignificantWifiChange

+- Project: platform/hardware/qcom/audio

a3a3d03 : Equalizer: Check value size for get preset name
80d16f5 : Fix security vulnerability: Equalizer setParameter memory overflow

+- Project: platform/hardware/ril

268653f : DO NOT MERGE Fix security vulnerability in pre-O rild code.

+- Project: platform/libcore

c5dcd1c : Fix failing FileTest#test_canonicalCachesAreOff()
cf4b69f : Disable File.getCanonicalPath caches.
4739bee : Proper fix for rejecting ftp URL with /r/n.
4d6e231 : Revert "Reject ftp URLConnection containing /r/n in user info."
a199e2f : Reject ftp URLConnection containing /r/n in user info.
7925afa : Test for rejection of ftp URL with /r/n in userinfo

+- Project: platform/packages/apps/Bluetooth

f3f1d92 : Prevent OPP from opening files that aren't sent over Bluetooth
8066e11 : OPP: Restrict file based URI access to external storage

+- Project: platform/packages/apps/Messaging

9f73c36 : 37742976 - Catch bad gifs

+- Project: platform/packages/apps/Nfc

630104d : Add READ_EXTERNAL_STORAGE for file based Uri while beaming.

+- Project: platform/packages/apps/PackageInstaller

2873011 : DO NOT MERGE Disable overlays while installer is resumed

+- Project: platform/packages/apps/Settings

8e5cf7c : Disabling the activate button when paused
3a692f7 : Back-port ag/2491664
6f94ffe : resolve merge conflicts of 3964c51bf2 to nyc-dev

+- Project: platform/packages/providers/DownloadProvider

9444c4c : DO NOT MERGE Deleting downloads for removed uids on downloadprovider start

+- Project: platform/packages/providers/MediaProvider

55b4970 : [DO NOT MERGE] Enforce user separation on external storage

+- Project: platform/prebuilts/android-emulator

4cfa2f2 : Add LICENSE for android-emulator am: 03e20dad0d

+- Project: platform/system/bt

ff8dff1 : Add missing extension length check while parsing BNEP control packets
98dfa3e : Free p_pending_data from tBNEP_CONN to avoid potential memory leaks
fc30889 : Add a missing check for PAN buffer size before copying data
ea3343a : Add missing packet length checks while parsing BNEP control packets
e083259 : Add missing continuation offset check for SDP continuation requests
d4d3424 : Disable PAN Reverse Tethering when connection originated by the Remote
a85851a : Allocate buffers of the right size when BT_HDR is included
11cd452 : Check LE advertising data length before caching advertising records
03d04ea : resolve merge conflicts of a3ee2e35 to nyc-dev

+- Project: platform/system/core

efe5966 : Fix out of bound read in libziparchive

+- Project: platform/system/sepolicy

8d6c9ab : system_server: replace sys_resource with sys_ptrace