Android Nougat AOSP Changes

Changes from 7.1.1_r33 (N4F26X) to 7.1.1_r35 (NOF27D):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (0):

None

Updated Components (38):

  • device/asus/fugu with 3 change(s)
    • a04581f : update media_codecs_performance.xml
    • 4a39caa : update media_codecs_performance.xml
    • e31f75d : dexpreopt: make significantly more room for l10n builds

  • device/asus/fugu-kernel with 1 change(s)
    • bbf3c5f : fugu: update prebuilt kernel

  • device/google/marlin with 3 change(s)
    • 8ca6bce : marlin: audio: Update volume level of volume listener (1007)
    • 475df60 : sepolicy: grant thermal-engine sys_boot
    • 3b48a49 : Add a thermal shutdown to marlin

  • device/htc/flounder with 1 change(s)
    • cd647e3 : Fix security issue in Visualizer effect

  • platform/bionic with 1 change(s)
    • 0f6bfb7 : Check for bad packets in getaddrinfo.c's getanswer.

  • platform/bootable/recovery with 1 change(s)
    • 262603c : Add a checker for signature boundary in verifier

  • platform/build with 32 change(s)

  • platform/external/boringssl with 1 change(s)

  • platform/external/libavc with 25 change(s)
    • 7d65c7b : resolve merge conflicts of 3654ad0 to mnc-dr-dev
    • 82e1bdb : Decoder: Fixed initialization of first_slice_in_pic
    • 555cba3 : Decoder: Moved end of pic processing to end of decode call
    • c5235ab : Decoder: Treat first slice in a picture as part of new picture always
    • 58f45a1 : Decoder: Return correct error code for slice header errors
    • d575cc5 : Decoder: Initialize default reference buffers for all pictures
    • fcb0397 : Fix in returning end of bitstream error for MBAFF
    • 82ea04b : Decoder: Fixes an out of bound write in bitstream buffer
    • c2be452 : Revert "Decoder: Fixed initialization of first_slice_in_pic"
    • 8994f34 : Decoder: Fixed initialization of first_slice_in_pic
    • d11c623 : Decoder: Padded gau1_ih264d_top_left_mb_part_indx_mod to avoid an out of bound read
    • eeebffb : Decoder: Fix in checking first_mb_in_slice
    • 69333b3 : Decoder: Increase memory allocation for weights & offsets for interlaced clips
    • 8a0d898 : Decoder: Fixed DoS in header decode when no PPS is present
    • aa88176 : Decoder: Initialize ps_cur_slice-u1_mbaff_frame_flag correctly for error cases
    • 1094045 : Decoder: Fixed an out of bound access while parsing SEI
    • 24d4eb6 : Decoder: Fix in MB count in MBAff error handling
    • dacc8b1 : Call ih264d_deblock_display only for valid process calls
    • 5c7b72a : Decoder: Fixed allocation of ps_dec-ps_nbr_mb_row
    • f7edb05 : Decoder: Fixed cur_mb_info initialization in error cases
    • 9705f81 : Decoder: Fix in error concealment in the case of Mbaff clips
    • 384eb9e : Decoder: Fix in the case of error in the first MB in frame.
    • 70cca9e : Decoder: Fix in returning incomplete frame error
    • a4391a6 : Decoder: Fix initialization of ps_next_dpb during reference list creation
    • e08e31d : Decoder: Fix in checking for valid profile flags

  • platform/external/libgdx with 3 change(s)
    • e2cb432 : Security fix for overflow check.
    • 31041cb : Fix buffer overflows
    • 49f2149 : Fix security vulnerability

  • platform/external/libhevc with 7 change(s)
    • bdadb5f : Handle invalid num_reorder_pics & max_dec_pic_buffering in SPS
    • dbf9bca : Fix in handling wrong cu_qp_delta
    • 078476d : Added check for invalid log2_max_transform_block_size in SPS
    • f48c012 : Fixed handling invalid chroma tu size for error clips
    • dd0f2d3 : Fixed out of bound reads in stack variables
    • 26b6626 : Fix in Chroma SAO for non-multiple of 8 height
    • a33f672 : Handle invalid slice_address in slice header

  • platform/external/libmpeg2 with 2 change(s)
    • e30d67b : Check for Valid Frame Rate in Header
    • 5a675dd : Error Check for VLD Symbols Read

  • platform/external/libnfc-nci with 1 change(s)
    • 7f8c2ef : Fix native crash in nfc_ncif_proc_activate

  • platform/external/libnl with 2 change(s)
    • 8fa0d0e : Perform range check on len in nlmsg_reserve
    • f0b4019 : libnl: Check data length in nla_reserve / nla_put

  • platform/external/libopus with 1 change(s)
    • 0d052d6 : Ensure that NLSF cannot be negative when computing a min distance between them

  • platform/external/libvpx with 2 change(s)
    • 4add200 : libvpx: Cherry-pick 1961a92 from upstream
    • 6886e8e : vp8:fix threading issues

  • platform/external/skia with 1 change(s)
    • 0c7fc3c : Fix out of bounds memory read in GIFMovie.cpp

  • platform/external/sonivox with 1 change(s)
    • 4b0ca0d : eas_mdls: fix OOB read.

  • platform/external/tremolo with 1 change(s)
    • 5dc9923 : Tremolo: fix ARM assembly code for decode_map type 3 case

  • platform/frameworks/av with 14 change(s)
    • 5930dc4 : resolve merge conflicts of 79cf158c51 to mnc-dev
    • c4e146b : EffectBundle: check nb channels to write speaker angles
    • 77bb35d : Fix overflow check and check read result
    • 63cc61f : CameraBase: Don't return an sp by reference
    • a0d2ff1 : avc_utils: skip empty NALs from malformed bistreams
    • ac18df7 : Don't initialize sync sample parameters until the end
    • edc723b : Fix security vulnerability: potential OOB write in audioserver
    • c88e62a : Effect: Use local cached data for Effect commit
    • 321ea52 : Fix security vulnerability: Effect command might allow negative indexes
    • 453b351 : Make VBRISeeker more robust
    • 26965db : Effects: Check get parameter command size
    • c66c43a : Fix security vulnerability: Equalizer command might allow negative indexes
    • 781bd81 : stagefright: remove allottedSize equality check in IOMX::useBuffer
    • 557bd7b : Visualizer: Check capture size and latency parameters

  • platform/frameworks/base with 22 change(s)
    • 364e0be : Fixed the logic for tethering provisioning re-evaluation
    • 6bc7cf9 : Fix issue with saving admins before finishing loading.
    • 1532f81 : resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev
    • 287037f : Fix exploit where can hide the fact that a location was mocked am: a206a0f17e am: d417e54872 am: 3380a77516 am: 0a8978f04b am: 1684e5f344 am: d28eef0cc2 am: 1f458fdc66 am: d82f8a67fc am: 1ac8affd51 am: 56098f81b6 am: 7cec76de0f am: 2da05d0f9e
    • 1598419 : Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
    • 215a820 : Prevent writing to FRP partition during factory reset.
    • c639cb6 : Do not write if apply() did not change the file.
    • 0627670 : Only persist last Shared Preferences state
    • de5e345 : Fix vulnerability in MemoryIntArray
    • a014b6b : Catch runtime exceptions when parsing DHCP packets
    • 0041a76 : Zygote : Block SIGCHLD during fork.
    • 423a70c : Fix idmap leak in zygote process
    • 296f6d5 : Zygote: Additional whitelisting for legacy devices.
    • 6b650e8 : Zygote: Additional whitelists for runtime overlay / other static resources.
    • 47e62b7 : Public volumes belong to a single user.
    • 47e81a2 : Add SafetyNet logging to DHCP packet parsing
    • ad760e1 : Fix boot loop when upgrading direclty from L to N
    • 3570784 : Revert "Catch KeyStoreException for setting profile lock"
    • 867ef61 : Catch KeyStoreException for setting profile lock
    • 0804215 : Fixed a bug with the emergency affordance in multi user
    • 84e380e : Catch KeyStoreException for setting profile lock
    • aca11d8 : Fixed a bug with the emergency affordance in multi user

  • platform/frameworks/ex with 2 change(s)
    • f35a659 : resolve merge conflicts of 89cdd4cb to mnc-dev
    • 7f0e3da : resolve merge conflicts of 3802db4 to mnc-dev

  • platform/frameworks/native with 6 change(s)
    • 7c760a8 : Fix security vulnerability
    • bfd36c3 : Fix security vulneratibly 31960359
    • 922ab40 : Fix SF security vulnerability: 32706020
    • 7c1f953 : Correct overflow check in Parcel resize code
    • 675e212 : Fix SF security vulnerability: 32660278
    • e5753ba : Fix integer overflow in unsafeReadTypedVector

  • platform/frameworks/opt/net/wifi with 1 change(s)
    • f4396d5 : configparse: do not delete passpoint configuration file

  • platform/hardware/libhardware with 1 change(s)
    • 8a1906a : Fix security vulnerability: potential OOB write in audioserver

  • platform/hardware/qcom/audio with 3 change(s)
    • 2692d9d : Fix for audio distortion on speaker
    • ed79f2c : Fix security vulnerability: Effect command might allow negative indexes
    • d72ea85 : Fix security vulnerability: Equalizer command might allow negative indexes

  • platform/libcore with 3 change(s)
    • 81a0842 : Fix URLTest#testAtSignInUserInfo failure
    • b8f7e1a : Pull upstream fix for CVE-2016-5552
    • 9430b2e : Fix URL parser may return wrong host name

  • platform/packages/apps/Bluetooth with 1 change(s)
    • cbced75 : Remove MANAGE_DOCUMENTS permission as it isn't needed

  • platform/packages/apps/CertInstaller with 2 change(s)
    • 5b2771b : WifiInstaller: add permission for access downloaded files
    • 85933f4 : WifiInstaller: remove the installation file

  • platform/packages/apps/ContactsCommon with 1 change(s)
    • d47661a : resolve merge conflicts of 9f523b4 to nyc-dev

  • platform/packages/apps/Messaging with 5 change(s)
    • b9afc7b : 32764144 Security Vulnerability - heap buffer overflow in libgiftranscode.so in colorMap-Colors[colorIndex]
    • 1981ec4 : 33388925 Mismatched new vs delete in framesequence library
    • b5ef563 : resolve merge conflicts of eafd58a to nyc-dev
    • 9879d17 : 32807795 Security Vulnerability - AOSP Messaging App: thirdparty can attach private files from "/data/data/com.android.messaging/" directory to the messaging app.
    • 47971bc : 32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so

  • platform/packages/apps/PackageInstaller with 1 change(s)
    • 9f44b89 : Prioritize package installer intent filter

  • platform/packages/apps/TvSettings with 2 change(s)
    • 7ef9b3a : Provide stub intent filters for CTS
    • abc1728 : Provide stub intent filters for CTS

  • platform/packages/apps/UnifiedEmail with 1 change(s)
    • 1de59f7 : Don't allow file attachment from /data through GET_CONTENT.

  • platform/packages/services/Telephony with 3 change(s)
    • 382020c : Added permission check for setCellInfoListRate
    • 1cdced5 : Catch SIP exceptions which can crash Phone process on answer.
    • c8f5e04 : Not cache empty config bundle.

  • platform/system/bt with 2 change(s)
    • 60bbbae : Remove position dependent lookup tables in AT command parser
    • b90b669 : Mask out HFP 1.7 feature bits if peer version is 1.7

  • platform/system/core with 1 change(s)
    • 8d367d2 : change /data/bugreports to /bugreports

  • platform/system/sepolicy with 1 change(s)