Android Nougat AOSP Changes

Changes from 7.1.2_r30 (NHG47Q) to 7.1.2_r32 (NKG47S):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (0):

None

Updated Components (23):

  • platform/bionic with 1 change(s)
    • 38072ff : linker: remove link from external library on unload

  • platform/build with 29 change(s)

  • platform/external/boringssl with 2 change(s)
    • 3613ed6 : CVE 2016-2109 fix
    • 13179a8 : Always use Fermat's Little Theorem in ecdsa_sign_setup.

  • platform/external/dng_sdk with 1 change(s)
    • c24e7e9 : Throw exception on integer overflow in dng_ifd.cpp.

  • platform/external/libavc with 16 change(s)
    • ccdbddf : Fixed hang in the case of multiple sps id.
    • 43af1c1 : Decoder: Fix in the case of MMCO 6
    • 35adfe8 : Decoder: Cleaned up parse sps function.
    • 52459e9 : Initializing reference list for every P/B slice.
    • 74014aa : Fix resolution change within a decode call.
    • b7452eb : Decoder: Fixed allocation size of pred info buffer
    • e17d0a8 : Decoder: Fix end of bitstream error.
    • e59de0e : Decoder: Fix allocation for Mbaff weight matrix
    • 106bf56 : Decoder: Initialize MB info buffer to zero.
    • ea42369 : Decoder: Fixed flag u1_top_bottom_decoded.
    • 7d65c03 : Decoder: Added an error check while parsing PPS.
    • fa33d35 : Fix stack buffer overflow in ih264d_process_intra_mb
    • 3519e9b : Decoder: Fix in reference list initialization.
    • c480b08 : Decoder: Fixes in accessing mbaff flag in error cases
    • 3c73a9d : Fix in the case of MMCO 3 (long term reference idx).
    • 5c3fd5d : Decoder: Fixed error handling for dangling fields

  • platform/external/libgdx with 6 change(s)
    • 82680d8 : Fix 36385715 heap overflow when loading HDR files
    • 6011ed9 : Fix Pixmap overflow. Bug 36621442
    • a384eb9 : Fix series of JPEG vulnerabilities
    • 506ace2 : Fix 36385715 heap overflow when loading HDR files
    • 1135533 : Fix heap overflow when loading a PSD. bug 36368305
    • a3b3f74 : Fix heap overflow when loading a PSD. bug 36368305

  • platform/external/libhevc with 17 change(s)
    • 4251491 : Fix OOB issue in nal unit parsing
    • 0c935bc : Set pic_present at end of pic_init instead of beginning
    • 501e60a : Handle error return in parse slice
    • a5fed18 : Fix heap buffer overflow while searching for valid PPS
    • b1b3d0e : Check for buffer overflow in pps/slice header parsing
    • 6798ac8 : memset SPS to zero
    • 76d6c84 : Fix reallocation for new sps
    • c715f2f : Check for cpb cnt in hrd parsing
    • 9d0b579 : Correct Tiles rows and cols check
    • 5e35abd : Check only allocated mv bufs for releasing from reference
    • 8851805 : Set current slice ctb x and y to fill prev incomplete slice
    • 3d8d296 : Correct Tiles rows and cols check
    • a100ab9 : Check only allocated mv bufs for releasing from reference
    • cd22e2c : Set current slice ctb x and y to fill prev incomplete slice
    • bcfc712 : Return error from cabac init if offset is greater than range
    • a142472 : Handle error return from ref list in slice hdr parsing
    • 45c97f8 : Return error if SPS parsing reads more bytes than the nal length

  • platform/external/libmpeg2 with 8 change(s)
    • d0a4d74 : Correcting NumCoeff Check in VLD
    • 899ad11 : Adding Error Check For PictureStructure Param
    • 469719a : Update mbs_left In Case Of Missing Slice
    • 85e3eb0 : Check For Zero Width/Height in Frame Header
    • 0dbc51c : Check Number of Skip MBs
    • bc42c78 : Error Resilience - Check on as_recent_fld[0][1]
    • a03baec : Fix Bytes Consumed Issue
    • a86eb79 : Fix in handling header decode errors

  • platform/external/libvpx with 2 change(s)
    • c2f8373 : Limit vpx decoder to 4K frames
    • 66892a9 : Limit vpx decoder to 4K frames

  • platform/external/sonivox with 2 change(s)

  • platform/external/tremolo with 1 change(s)
    • 1873e9c : Always use unsigned char

  • platform/frameworks/av with 18 change(s)
    • c987481 : Fix security vulnerability: Equalizer setParameter memory overflow
    • 20b5397 : RESTRICT AUTOMERGE Check the buffer index from acquireBuffer
    • f708b83 : better manage buffer for libstagefright_soft_mpeg4enc
    • 45fd1c7 : m4v_h263: update width/height only when they are valid.
    • f286e9b : m4v_h263: check header first before decoding a frame.
    • 9e1ee0e : Fix integer overflow in mediadrmserver
    • 1a1b08d : Fix potential leak
    • c9d8e75 : Modifying MetaData invalidates previous char*
    • 2bb5361 : Fix memory leak in error case
    • 73235e3 : Limit ogg packet size
    • b4194c9 : Prevent OOB write in soft_avc encoder
    • 82ceddb : Don't allow using or allocating a buffer after the first state transition
    • 594bf93 : Add bounds check in SoftAACEncoder2::onQueueFilled()
    • 961e5ac : Fix NPDs in h263 decoder
    • 6f1d990 : Fix out of bounds access
    • 36b0493 : Fix integer overflow and divide-by-zero
    • 523f6b4 : Validate lengths in HEVC metadata parsing
    • a9188f8 : AudioFlinger: Check framecount overflow when creating track

  • platform/frameworks/base with 8 change(s)
    • 791cba4 : Close connection before retrying
    • 19b8611 : ZygoteInit: Remove CAP_SYS_RESOURCE
    • 6dbc747 : system_server: add CAP_SYS_PTRACE
    • f40e5a7 : Fix re-enabling alert window appop after leaving VR mode.
    • 4fa6944 : Make a11y node info parceling more robust
    • 542bba3 : Fix issue with saving admins before finishing loading.
    • f806d65 : resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev fix conflict in nyc-mr2-release Change-Id: I97ef31536cd06495a08a3f94f81df2d1376186e0
    • 667d2cb : Protect Bluetooth OPP ACCEPT and DECLINE broadcast

  • platform/frameworks/native with 4 change(s)
    • 1ea732e : fix race condition that can cause a use after free
    • 4d140c6 : libgui: check for invalid slot in attachBuffer
    • 9b4f6fd : libgui: Check slot received from IGBP in Surface
    • 87b006d : ui: Fix bad size check in Fence::unflatten

  • platform/frameworks/opt/net/wifi with 1 change(s)
    • 4296929 : cherry-pick: wifinative jni: check array length for trackSignificantWifiChange

  • platform/hardware/broadcom/wlan with 2 change(s)
    • 8c2e01f : net: wireless: bcmdhd: update bcm4354/56 FW (7.35.101.6)
    • 4bc3e7d : net: wireless: bcmdhd: adding bssid count NL attribute in SWC config

  • platform/hardware/qcom/audio with 1 change(s)
    • 51be669 : Fix security vulnerability: Equalizer setParameter memory overflow

  • platform/libcore with 2 change(s)
    • acde6e2 : Proper fix for rejecting ftp URL with /r/n.
    • cde9942 : Test for rejection of ftp URL with /r/n in userinfo

  • platform/packages/apps/Bluetooth with 4 change(s)
    • 877e9be : Prevent OPP from opening files that aren't sent over Bluetooth
    • ad46f6a : OPP: Restrict file based URI access to external storage
    • 8175764 : Prevent OPP from opening files that aren't sent over Bluetooth
    • 0ed24c4 : OPP: Restrict file based URI access to external storage

  • platform/packages/apps/Settings with 2 change(s)
    • d19d7a6 : Fix phishing attack in ChooseLockGeneric
    • a637e82 : resolve merge conflicts of 3964c51bf2 to nyc-dev

  • platform/system/bt with 3 change(s)
    • 0bbd5c6 : Check LE advertising data length before caching advertising records
    • 9421015 : Check LE advertising data length before caching advertising records
    • a4875a4 : resolve merge conflicts of a3ee2e35 to nyc-dev

  • platform/system/core with 3 change(s)
    • 2dec628 : Fix out of bound read in libziparchive
    • fd1574b : Fix out of bound read in libziparchive
    • 3d6a431 : Fix out of bound read in libziparchive

  • platform/system/sepolicy with 1 change(s)
    • 06631fe : system_server: replace sys_resource with sys_ptrace