Android Lollipop AOSP Changes

Changes from 5.1.1_r18 (LVY48F) to 5.1.1_r19 (LMY48T):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (0):

None

Updated Components (23):

  • device/asus/flo-kernel with 2 change(s)
    • bd26504 : flo: update prebuilt kernel
    • cbdd9ad : flo: update prebuilt kernel

  • device/asus/fugu-kernel with 1 change(s)
    • ffd6bc3 : fugu: update prebuilt kernel

  • device/lge/hammerhead-kernel with 1 change(s)
    • 08f9622 : hammerhead: update prebuilt kernel

  • device/moto/shamu-kernel with 1 change(s)
    • 7e1bdbb : shamu: update prebuilt kernel

  • platform/build with 19 change(s)

  • platform/cts with 2 change(s)
    • 8e1c005 : test if libFLAC is patched against CVE-2014-9028
    • 4d75179 : CTS: check non-zygote apps are not debuggable

  • platform/dalvik with 1 change(s)
    • 0f6f6f4 : Ensure deterministic multidex partitioning

  • platform/external/conscrypt with 1 change(s)
    • edf7055 : OpenSSLX509Certificate: mark mContext as transient

  • platform/external/flac with 2 change(s)
    • 30c7436 : Add macro definitions for clang/llvm.
    • ce4ad0e : libFLAC: merge master from Xiph

  • platform/external/libhevc with 1 change(s)
    • f17d126 : Align pic_width_in_luma_samples and pic_width_in_luma_samples to 8

  • platform/external/libpng with 1 change(s)
    • dd0ed46 : Restore a width check that was removed from png.c (CVE-2015-0973)

  • platform/external/libvpx with 1 change(s)
    • e854406 : Try to CP ag/749963 from klp-dev into lmp-mr1-release

  • platform/external/skia with 1 change(s)
    • d4fb1c4 : SkScaledBitmapSampler: fix memory overwritten

  • platform/external/sonivox with 5 change(s)
    • b022acb : Sonivox: check loopStart/loopLength against one specific wave, not whole wave pool.
    • 9277722 : Sonivox: fix overflow in Parse_data in eas_mdls.c
    • bca9c89 : Sonivox: make sure waveIndex is valid in Parse_rgn() in eas_mdls.c.
    • 0c3f41e : Check segments and libs
    • e999f07 : DLS parser: fix wave pool size check.

  • platform/external/tremolo with 3 change(s)
    • 3cbc6eb : Add sanity checks to fix crash
    • 8ab6638 : Fix vorbis decoder crash due to out of bounds memory access
    • bc8326c : Fix allocation failure crash

  • platform/external/wpa_supplicant_8 with 1 change(s)
    • 4cf0f2d : P2P: Validate SSID element length before copying it

  • platform/frameworks/av with 47 change(s)
    • 9245d5f : libstagefright: fix overflow in pvdec_api.cpp.
    • 2e1c694 : Revert "Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4"
    • 649eeb9 : libstagefright: check memory size for overflow before allocation.
    • e37e52e : libstagefright: check overflow before memory allocation in OMXCodec.cpp
    • 0fd9ff7 : Prevent integer issues in ID3::Iterator::findFrame
    • 0cbede8 : libstagefright: fix overflow in MPEG4Source::parseSampleAuxiliaryInformationOffsets.
    • 6be0261 : Check RTSP payload length
    • 53cb6c3 : libstagefright: Fix crash in convertMetaDataToMessage
    • 4a7e92a : libstagefright: fix handling of mSampleTimeEntries and mNumSampleSizes in SampleTable.
    • 8ca0d21 : Sanity check padding/delay values for gapless playback
    • 0959f39 : SoftAVCEncoder: fix auto merge error, member names have changed.
    • 520cd7c : MatroskaExtractor: detect infinite loop when parsing NALs
    • 65b1cf3 : Fix for memory corruption in ID3::removeUnsynchronizationV2_4(). Bug: 23227354
    • bbff8c7 : SoftAVCEncoder: fix mismatched type for comparison.
    • 815cc6c : Fix compile failure after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
    • 73e9dfc : MPEG4Source::fragmentedRead: check range before writing into buffers
    • e856d51 : Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
    • e88d81b : libstagefright: check remaining data size before parsing it.
    • 53788a1 : SoftAVCEnc: check requested memory size before allocation.
    • 9aa63d1 : Check integer overflow to prevent memory corruption
    • 2bd303a : SoftOpus: Fix output buffer capacity.
    • 61d9a7e : Check buffer size before using it
    • e15476a : Fix comparison sign warnings.
    • 6fd029e : ABuffer: reset members when memory allocation fails.
    • 6de921d : Check vector size before accessing
    • dedaadb : libstagefright: fix possible overflow in amrwbenc.
    • 1e40ab3 : libstagefright: fix possible overflow in ID3.
    • 0ff5f3e : Fix Ogg album art
    • ef387c2 : MPEG4Extractor.cpp: Add check for size == SIZE_MAX
    • f72b290 : Extra sanity checks on sample size and resolution
    • 0dc89f5 : Fix crash on malformed id3
    • 07f19ba : SampleTable: fix integer overflow checks.
    • 6fe85f7 : MPEG4Extractor.cpp: handle chunk_size SIZE_MAX
    • 304ef91 : Guard against codecinfo overflow
    • f4f7e0c : Prevent integer underflow if size is below 6
    • 2674a72 : Prevent integer overflow when processing covr MPEG4 atoms
    • e846a5f : Prevent reading past the end of the buffer in 3GPP
    • aeea52d : audio effects: fix heap overflow
    • 463a6f8 : Fix integer overflow when handling MPEG4 tx3g atom
    • f4a88c8 : Fix integer underflow in covr MPEG4 processing
    • 3cb1b69 : IOMX: Enable buffer ptr to buffer id translation for arm32
    • 086d84f : IOMX: Add buffer range check to emptyBuffer
    • d48f0f1 : Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes
    • 5150492 : Add some sanity checks
    • 5e75195 : Fix integer underflow in ESDS processing
    • 2434839 : Fix integer overflow during MP4 atom processing
    • cf1581c : Fix several ineffective integer overflow checks

  • platform/frameworks/base with 4 change(s)
    • d4d3181 : Allow debugging only for apps forked from zygote
    • 8fba7e6 : Prevent insanely long passwords from crashing SystemUI
    • e3cde78 : Prevent system uid component from running in an app process
    • aaa0fee : Lockdown AM.getRunningAppProcesses API with permission.REAL_GET_TASKS

  • platform/frameworks/native with 2 change(s)
    • e68cbc3 : Disregard alleged binder entities beyond parcel bounds
    • 7dcd0ec : Verify that the native handle was created

  • platform/frameworks/opt/telephony with 1 change(s)
    • df31d37 : Externally-reported Moderate severity vulnerability in SMS: Apps can bypass the SMS short code notification prompt

  • platform/packages/apps/Dialer with 1 change(s)
    • 06d7d08 : Fix voicemail playback position control

  • platform/system/core with 3 change(s)
    • 2040543 : libutils: fix overflow in String8::allocFromUTF8
    • d32a1d2 : Fix compile failure after rIfe1dc0791040150132bea6884f1e6c8d31972d1b
    • e8c62fb : Prevent integer overflow when allocating native_handle_t

  • platform/system/security with 2 change(s)
    • d4916a0 : Properly check for Blob max length
    • bb9f439 : Fix unchecked length in Blob creation