Android Nougat AOSP Changes

Changes from 7.1.2_r28 (N2G48C) to 7.1.2_r29 (NJH47F):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (0):

None

Updated Components (22):

  • platform/bionic with 1 change(s)
    • b928447 : linker: remove link from external library on unload

  • platform/build with 10 change(s)

  • platform/external/boringssl with 1 change(s)

  • platform/external/dng_sdk with 1 change(s)
    • 35aa468 : Throw exception on integer overflow in dng_ifd.cpp.

  • platform/external/libavc with 15 change(s)
    • 2c25f44 : Fixed hang in the case of multiple sps id.
    • 798232a : Decoder: Fix in the case of MMCO 6
    • 3ebe3b9 : Decoder: Cleaned up parse sps function.
    • 5d88b6e : Initializing reference list for every P/B slice.
    • b96c229 : Fix resolution change within a decode call.
    • b31a137 : Decoder: Fixed allocation size of pred info buffer
    • 9490be3 : Decoder: Fix end of bitstream error.
    • 77af827 : Decoder: Fix allocation for Mbaff weight matrix
    • 776ddbc : Decoder: Initialize MB info buffer to zero.
    • 4081cc4 : Decoder: Fixed flag u1_top_bottom_decoded.
    • abb5cfb : Decoder: Added an error check while parsing PPS.
    • c2d3ce5 : Fix stack buffer overflow in ih264d_process_intra_mb
    • 76f6a3e : Decoder: Fix in reference list initialization.
    • d4b34e3 : Decoder: Fixes in accessing mbaff flag in error cases
    • 9759612 : Fix in the case of MMCO 3 (long term reference idx).

  • platform/external/libgdx with 6 change(s)
    • c97a2c1 : Fix 36385715 heap overflow when loading HDR files
    • 4702c50 : Fix Pixmap overflow. Bug 36621442
    • e3b5da5 : Fix series of JPEG vulnerabilities
    • e0ddaf0 : Fix 36385715 heap overflow when loading HDR files
    • 1135533 : Fix heap overflow when loading a PSD. bug 36368305
    • a3b3f74 : Fix heap overflow when loading a PSD. bug 36368305

  • platform/external/libhevc with 17 change(s)
    • 0aed62e : Fix OOB issue in nal unit parsing
    • 177a98f : Set pic_present at end of pic_init instead of beginning
    • 5d5c572 : Handle error return in parse slice
    • 6523680 : Fix heap buffer overflow while searching for valid PPS
    • cf376a7 : Check for buffer overflow in pps/slice header parsing
    • 62e944d : memset SPS to zero
    • d6fd3d7 : Fix reallocation for new sps
    • 4667b9e : Check for cpb cnt in hrd parsing
    • 9d0b579 : Correct Tiles rows and cols check
    • 5e35abd : Check only allocated mv bufs for releasing from reference
    • 8851805 : Set current slice ctb x and y to fill prev incomplete slice
    • 3d8d296 : Correct Tiles rows and cols check
    • a100ab9 : Check only allocated mv bufs for releasing from reference
    • cd22e2c : Set current slice ctb x and y to fill prev incomplete slice
    • ab14d63 : Return error from cabac init if offset is greater than range
    • e7cd9a6 : Handle error return from ref list in slice hdr parsing
    • ac4084f : Return error if SPS parsing reads more bytes than the nal length

  • platform/external/libmpeg2 with 7 change(s)
    • 6afe396 : Correcting NumCoeff Check in VLD
    • 56bfc9e : Adding Error Check For PictureStructure Param
    • c58fcca : Update mbs_left In Case Of Missing Slice
    • 297e445 : Check For Zero Width/Height in Frame Header
    • b427732 : Check Number of Skip MBs
    • 5da05c0 : Error Resilience - Check on as_recent_fld[0][1]
    • 45df45d : Fix Bytes Consumed Issue

  • platform/external/libvpx with 2 change(s)
    • c2f8373 : Limit vpx decoder to 4K frames
    • 66892a9 : Limit vpx decoder to 4K frames

  • platform/external/sonivox with 2 change(s)

  • platform/external/tremolo with 1 change(s)
    • 7d1beba : Always use unsigned char

  • platform/frameworks/av with 12 change(s)
    • a02a794 : Fix security vulnerability: Equalizer setParameter memory overflow
    • 3cbfea2 : RESTRICT AUTOMERGE Check the buffer index from acquireBuffer
    • 415ef49 : better manage buffer for libstagefright_soft_mpeg4enc
    • 33c7899 : m4v_h263: update width/height only when they are valid.
    • 5e04c0a : m4v_h263: check header first before decoding a frame.
    • 8a30460 : Fix integer overflow in mediadrmserver
    • ba6060b : Fix potential leak
    • e0123f5 : Modifying MetaData invalidates previous char*
    • 309c4fb : Fix memory leak in error case
    • 77089b2 : Limit ogg packet size
    • aaeca86 : Prevent OOB write in soft_avc encoder
    • edc1286 : Don't allow using or allocating a buffer after the first state transition

  • platform/frameworks/base with 8 change(s)
    • 4b19de0 : Close connection before retrying
    • 0d099dd : ZygoteInit: Remove CAP_SYS_RESOURCE
    • 6b7bffb : system_server: add CAP_SYS_PTRACE
    • de7cc6b : Fix re-enabling alert window appop after leaving VR mode.
    • aa4edfe : Make a11y node info parceling more robust
    • 6aa2723 : Fix issue with saving admins before finishing loading.
    • eea3ed2 : resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev fix conflict in nyc-mr2-release Change-Id: I97ef31536cd06495a08a3f94f81df2d1376186e0 (cherry picked from commit f806d65e615b942c268a5f68d44bde9d55634972)
    • 4fc5d98 : Protect Bluetooth OPP ACCEPT and DECLINE broadcast

  • platform/frameworks/native with 4 change(s)
    • 17e5eec : fix race condition that can cause a use after free
    • 2210c72 : libgui: check for invalid slot in attachBuffer
    • d3fa90b : libgui: Check slot received from IGBP in Surface
    • 9ab1252 : ui: Fix bad size check in Fence::unflatten

  • platform/frameworks/opt/net/wifi with 1 change(s)
    • e3f551d : cherry-pick: wifinative jni: check array length for trackSignificantWifiChange

  • platform/hardware/qcom/audio with 1 change(s)
    • 440b372 : Fix security vulnerability: Equalizer setParameter memory overflow

  • platform/libcore with 4 change(s)
    • b85da16 : Proper fix for rejecting ftp URL with /r/n.
    • d1b3b26 : Test for rejection of ftp URL with /r/n in userinfo
    • 92a7b90 : Reject ftp URLConnection containing /r/n in user info.
    • 7ef1f06 : Test for rejection of ftp URL with /r/n in userinfo

  • platform/packages/apps/Bluetooth with 4 change(s)
    • 877e9be : Prevent OPP from opening files that aren't sent over Bluetooth
    • ad46f6a : OPP: Restrict file based URI access to external storage
    • 8175764 : Prevent OPP from opening files that aren't sent over Bluetooth
    • 0ed24c4 : OPP: Restrict file based URI access to external storage

  • platform/packages/apps/Settings with 2 change(s)
    • bd1cc32 : Fix phishing attack in ChooseLockGeneric
    • 97fd637 : resolve merge conflicts of 3964c51bf2 to nyc-dev

  • platform/system/bt with 3 change(s)
    • 0bbd5c6 : Check LE advertising data length before caching advertising records
    • 9421015 : Check LE advertising data length before caching advertising records
    • 74a7a01 : resolve merge conflicts of a3ee2e35 to nyc-dev

  • platform/system/core with 2 change(s)
    • 2dec628 : Fix out of bound read in libziparchive
    • fd1574b : Fix out of bound read in libziparchive

  • platform/system/sepolicy with 1 change(s)
    • 4cfc1b9 : system_server: replace sys_resource with sys_ptrace