Android Oreo AOSP Changes

Changes from 8.1.0_r16 (OPM1.171019.022.A1) to 8.1.0_r21 (OPM3.171019.019):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (0):

None

Updated Components (29):

  • device/huawei/angler-kernel with 3 change(s)
    • 4a81392 : angler: update kernel prebuilt
    • a5d339c : angler: update kernel prebuilt
    • 1572d8c : angler: update kernel prebuilt

  • device/lge/bullhead-kernel with 2 change(s)
    • 213702a : bullhead: update kernel prebuilt
    • a751acf : bullhead: update kernel prebuilt

  • platform/art with 1 change(s)
    • b6ea7da : ART: Reinstate secondary-image-patching exit

  • platform/build with 5 change(s)
    • 9669200 : Version bump to OPM3.171019.019
    • ddef2a4 : Version bump to OPM3.171019.017
    • 9c7dd00 : Version bump to OPM3.171019.016
    • 6c21c36 : Specify --max_timestamp when calling brillo_update_payload.
    • 854099e : Version bump to OPM3.171019.013

  • platform/cts with 4 change(s)
    • 99534de : Add CTS test for URI fix.
    • 8b09079 : Verify b/67737022 fix presence
    • baf4051 : Test that createBitmap(65535,65535) throws OOME
    • 2efac15 : Add EffectBundleTest

  • platform/external/aac with 2 change(s)
    • c630974 : MPEG-4 AAC Decoder: check against invalid height info
    • 5874d9e : Fix out of bound memory access in lppTransposer

  • platform/external/libavc with 9 change(s)
    • 9a4e14e : Decoder: Fixed reset values in parse sps.
    • f8434b0 : Decoder: Set prev slice type for I slice.
    • a98447d : Decoder: Adding Error Check for Output Buffer Size in Shared Display Mode.
    • 827d60b : Decoder: Fixed memory overflow in shared display mode.
    • df0ec99 : Decoder: Modified loop condition while parsing ref_list_reordering.
    • 3e17d26 : Decoder: Handle dec_hdl memory allocation failure gracefully
    • e08b7d7 : Decoder: Fixed incorrect use of mmco parameters.
    • cb8d81f : Decoder: Increased allocation and added checks in sei parsing.
    • 6483b7c : Decoder: Detect change of mbaff flag in SPS

  • platform/external/libhevc with 12 change(s)
    • d1f4c4a : Check limits for log2_max_pic_order_cnt_lsb_minus4 in sps
    • 0a41ede : Fix output buffer size check
    • 2bf3925 : Check if luma wd and ht are multiple of min cb size
    • 78daa20 : Update ctb pu map for I slice
    • dc50681 : Add PUSH-POP of D registers in Arm Neon 32 bit functions
    • 5fd289f : Fix first frame error return
    • d2789c9 : Return error for negative crop parameters
    • 4613e01 : Consume bytes for sps with unsupported resolution
    • 29da90e : Fix slice address zero for not first slice in pic
    • 8ca583e : Decoder: Handle ps_codec_obj memory allocation failure gracefully
    • de0d515 : Fix prev slice incomplete check
    • 272663d : Fix incomplete frame error

  • platform/external/libmpeg2 with 4 change(s)
    • 8f798b9 : Adding Error Check for Output Buffer Size
    • 89616f8 : Correcting Buffer Allocation for Shared Display
    • 4b46c74 : Fixing Underflow of ps_dec-u2_num_mbs_left
    • 59e227c : Adding Error Check for f_code Parameters

  • platform/external/sonivox with 2 change(s)
    • 30911cb : Add recursion limit to XMF_ReadNode
    • 96438c6 : Fix memory leak

  • platform/external/svox with 1 change(s)
    • 7aed2e5 : SVOX: Properly initialize buffers.

  • platform/frameworks/av with 20 change(s)
    • 41f0503 : Revert "libmedia: Fix null pointer crash in secure buffer allocation."
    • 3b296fc : M3UParser: detect variant streams without EXT-X-STREAM-INF
    • ab24afa : Refactor MediaPlayerBase's notify
    • 0415ec3 : libmedia: Fix null pointer crash in secure buffer allocation.
    • 6ce0a65 : Check NAL size before looking inside
    • 3b59eb1 : Prevent MediaPlayerService::Client's use-after-free
    • 3d482ba : Fix use of uninitialized value in libmediadrm
    • f518867 : AACExtractor: check bounds during seek
    • 587ffc3 : Fix potential buffer overflow in mediadrmserver
    • 720687f : Apply input buffer validation also to AVC and MPEG4 encoders
    • ab59fb6 : httplive: check for malformed EXT-X-STREAM-INF
    • b14755f : IAudioPolicyService: Add attribute tags sanitization
    • ab6913a : avoid 32-bit integer overflow
    • a858242 : Access AVCDEC context after create fail check
    • 9252d0f : Access HEVC context after create fail check
    • 5f9bf04 : SoftAVCDec: Handle zero length input without EOS
    • 986ace6 : Add EFFECT_CMD_SET_PARAM parameter checking to Preset Reverb
    • d2946ae : Fix edge case when applying id3 unsynchronization
    • e5e68bc : Validate decryption key length to decrypt function.
    • 550736e : Protect against possible race conditions

  • platform/frameworks/base with 11 change(s)
    • 7997fcd : [RTT] ParcelableRttResults parcel code fix
    • 821c346 : Fix VerifyCredentialResponse parcelling code
    • 30c924c : Adjust URI host parsing to stop on \ character.
    • 912fda4 : Check for null-terminator in ResStringPool::string8At
    • 0fd2afb : OutputConfiguration: Fix missing mIsShared in parcel read
    • 4f51c13 : Fix bad type for txPower in PeriodicAdvertisingReport serialization
    • 837ef86 : OMS: Only allow trusted overlays to be registered.
    • 739a7fb : Swap the order of synthetic password wrapping
    • 949c64b : Adjust Uri host parsing to use last instead of first @.
    • c767333 : Throw OOME if Bitmap.nativeCreate fails
    • 5f773b7 : mtp: fix double free of thumbnail data

  • platform/frameworks/ex with 2 change(s)
    • 58d6193 : Add bounds checking for transparency lookup
    • 0822ee4 : Skip composition of frames lacking a color map

  • platform/frameworks/minikin with 1 change(s)
    • e8c4bf1 : Fix OOB read due to integer overflow

  • platform/frameworks/native with 1 change(s)
    • 00850f2 : surfaceflinger: make vsync injection more robust

  • platform/hardware/interfaces with 1 change(s)
    • 07f2bbc : cas: validate shared buffer size before using

  • platform/hardware/qcom/media with 1 change(s)
    • a164ee8 : mm-video-v4l2: venc: Squash below changes

  • platform/packages/apps/Email with 1 change(s)
    • 5ada4aa : Disallow attaching files from our own EmailAttachmentProvider.

  • platform/packages/apps/Settings with 3 change(s)
    • 82f1dde : Update the way OMS records details about overlays
    • 879d048 : Reword bluetooth confirmation dialog
    • dc719aa : Fix BluetoothPairingDialogTest to not expect device name

  • platform/packages/apps/UnifiedEmail with 1 change(s)
    • 7f21d2a : Disallow attaching files from our own EmailAttachmentProvider.

  • platform/system/bt with 16 change(s)
    • 308629b : AVRCP: Check number of text attribute values in response
    • 4b0c0fa : AVRCP: Set maximum string length when copying to buffer
    • 25562ed : AVRCP: Initialize buffer for attribute values to be written to
    • 73cf3d2 : AVRCP: Check number of text attributes in response
    • b6f5d06 : AVRCP: Check the number of text value attributes requested
    • a29b07f : SDP: Check p_req_end before reading from p_req
    • c5548ce : SDP: Include the offset in sdp_disc_server_rsp
    • cb2759b : AVRCP: Check the number of text attributes requested
    • e284846 : Remove memory reference to invalid mem in error log
    • deaf642 : BNEP: Check received frame type
    • 1e24bc0 : PAN: Fix Use-after-free in bta_pan_data_buf_ind_cback
    • aa9ed79 : Fix unexpected behavior in reading BNEP packets
    • cec6b80 : Fix unexpected behavior in SDP
    • c29ee24 : Allocate/free the SDP connection timers only during stack startup/shutdown
    • 6b02907 : SDP: Pass the bounds to process_service_*_rsp
    • 4cfb56b : Removed alarm callback execution statistics

  • platform/system/core with 1 change(s)
    • de98024 : libnetutil: Check dhcp respose packet length

  • platform/system/hwservicemanager with 1 change(s)
    • f7b5c7b : get selinux context on add call arrival.

  • platform/system/libhidl with 1 change(s)
    • df72fbd : canCastInterface: always return true for IBase

  • platform/system/media with 1 change(s)
    • 2dea71f : Camera metadata: Check source metadata size

  • platform/system/security with 2 change(s)
    • cb1da09 : Fixing bug in security vulnerability patch
    • 8857bd2 : Fixing security vuln by tightening race condition window.

  • platform/system/tools/hidl with 1 change(s)
    • a27cb79 : Explicitly check processes are oneway

  • platform/system/update_engine with 2 change(s)
    • 4cea255 : Add SafetyNet logging for payload timestamp error.
    • b4116db : Add maximum timestamp to the payload.