Android Oreo AOSP Changes

Changes from 8.1.0_r22 (OPM5.171019.019) to 8.1.0_r23 (OPM4.171019.015.A1):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (0):

None

Updated Components (36):

  • device/google/dragon-kernel with 2 change(s)
    • 41fc83d : ryu: update kernel prebuilt
    • c54f093 : ryu: update kernel prebuilt

  • device/google/taimen with 1 change(s)
    • c8ca6bf : taimen: NFC: update NFC GPIO 5

  • device/google/wahoo with 5 change(s)
    • fa27cd7 : Re-set SVN to 7 for April Backpocket on sparse-branch (cherry picked from commit 73a219d1b8966ccee6fb742fdf5f727b491a696a)
    • 23e09e5 : Increase SVN to 8 for April Security Update Bug: 73240847 (cherry picked from commit cf979de2464efb9007f671b32b4420e97043b41d)
    • 469ba59 : Update SVN to 7 for March 2018 Monthly Update Bug:71860241 (cherry picked from commit da9a297f5073dba61a12498e84e8361b14e12292)
    • 431f794 : Update SVN to 6 for Feb 2017 Monthly Update
    • a384e37 : Update SVN to 5 for Jan 2017 Monthly Update Bug:69257226 (cherry picked from commit 40b61a3bb8f08ab042f0777984b6cf7c38a722d0)

  • device/huawei/angler-kernel with 1 change(s)
    • 6549a21 : angler: update kernel prebuilt

  • device/lge/bullhead-kernel with 1 change(s)
    • 02bf5a1 : bullhead: update kernel prebuilt

  • platform/art with 1 change(s)
    • d141879 : ART: Reinstate secondary-image-patching exit

  • platform/build with 10 change(s)
    • 4cd4a2a : Version bump to OPM4.171019.015.A1
    • c0aa8b0 : Version bump to OPM1.171019.021
    • 9de91d9 : Specify --max_timestamp when calling brillo_update_payload.
    • 4fe054f : Version bump to OPM1.171019.019
    • e5924a5 : Version bump to OPM1.171019.018
    • ddc4b4c : Version bump to OPM1.171019.017
    • bde6743 : Version bump to OPM1.171019.015
    • 22e3233 : Version bump to OPM1.171019.014
    • 7af9627 : Version bump to OPM4.171019.012
    • 0fcf3d6 : Version bump to OPM1.171019.013

  • platform/cts with 4 change(s)
    • 614d7dc : Add CTS test for URI fix.
    • 3085dc8 : Verify b/67737022 fix presence
    • 7ab52a6 : Test that createBitmap(65535,65535) throws OOME
    • 8da997e : Add EffectBundleTest

  • platform/external/aac with 2 change(s)
    • d04caf3 : MPEG-4 AAC Decoder: check against invalid height info
    • 8e3be52 : Fix out of bound memory access in lppTransposer

  • platform/external/conscrypt with 1 change(s)
    • c98b326 : Allow parsing RSA keys from buffers with extra space at the end.

  • platform/external/libavc with 9 change(s)
    • 292c7b5 : Decoder: Fixed reset values in parse sps.
    • d7dbaf9 : Decoder: Set prev slice type for I slice.
    • 4b58c8f : Decoder: Adding Error Check for Output Buffer Size in Shared Display Mode.
    • a7f41c5 : Decoder: Fixed memory overflow in shared display mode.
    • 10f3065 : Decoder: Modified loop condition while parsing ref_list_reordering.
    • 5acaa6f : Decoder: Handle dec_hdl memory allocation failure gracefully
    • 6c327af : Decoder: Fixed incorrect use of mmco parameters.
    • e86d3cf : Decoder: Increased allocation and added checks in sei parsing.
    • 42cf029 : Decoder: Detect change of mbaff flag in SPS

  • platform/external/libhevc with 12 change(s)
    • d81812e : Check limits for log2_max_pic_order_cnt_lsb_minus4 in sps
    • a0779d9 : Fix output buffer size check
    • b0e1239 : Check if luma wd and ht are multiple of min cb size
    • 96a40a0 : Update ctb pu map for I slice
    • b686bb2 : Add PUSH-POP of D registers in Arm Neon 32 bit functions
    • 0a714d3 : Fix first frame error return
    • 066e3b1 : Return error for negative crop parameters
    • b3f31e4 : Consume bytes for sps with unsupported resolution
    • 52ca619 : Fix slice address zero for not first slice in pic
    • 3ed3c6b : Decoder: Handle ps_codec_obj memory allocation failure gracefully
    • 7c9be31 : Fix prev slice incomplete check
    • f5b2fa2 : Fix incomplete frame error

  • platform/external/libmpeg2 with 4 change(s)
    • 9449ef4 : Adding Error Check for Output Buffer Size
    • 0ad7e37 : Correcting Buffer Allocation for Shared Display
    • 5687dbe : Fixing Underflow of ps_dec-u2_num_mbs_left
    • 29a78a1 : Adding Error Check for f_code Parameters

  • platform/external/sonivox with 2 change(s)
    • 3806f2f : Add recursion limit to XMF_ReadNode
    • aa9d9d6 : Fix memory leak

  • platform/external/svox with 1 change(s)
    • f5281a9 : SVOX: Properly initialize buffers.

  • platform/frameworks/av with 20 change(s)
    • 72cd352 : M3UParser: detect variant streams without EXT-X-STREAM-INF
    • d12c360 : Refactor MediaPlayerBase's notify
    • b20b43c : Check NAL size before looking inside
    • 7e02063 : Prevent MediaPlayerService::Client's use-after-free
    • 86141f9 : Fix use of uninitialized value in libmediadrm
    • 1617cbe : AACExtractor: check bounds during seek
    • 871412c : Fix potential buffer overflow in mediadrmserver
    • 4e091c6 : Apply input buffer validation also to AVC and MPEG4 encoders
    • 45425ee : httplive: check for malformed EXT-X-STREAM-INF
    • 2f07748 : camera: Drop pending preview for enableZsl shots
    • 9c8bf05 : IAudioPolicyService: Add attribute tags sanitization
    • 35650d3 : camera: Drop pending preview for enableZsl shots
    • f1652e1 : avoid 32-bit integer overflow
    • 646a18f : Access AVCDEC context after create fail check
    • 47d4b33 : Access HEVC context after create fail check
    • cf1e36f : SoftAVCDec: Handle zero length input without EOS
    • de7f50e : Add EFFECT_CMD_SET_PARAM parameter checking to Preset Reverb
    • dd3ca4d : Fix edge case when applying id3 unsynchronization
    • 7f7783d : Validate decryption key length to decrypt function.
    • 7adb5f5 : Protect against possible race conditions

  • platform/frameworks/base with 12 change(s)
    • 854ac60 : [RTT] ParcelableRttResults parcel code fix
    • 935288b : Fix VerifyCredentialResponse parcelling code
    • 0d63046 : Adjust URI host parsing to stop on \ character.
    • 9f4c9c1 : Check for null-terminator in ResStringPool::string8At
    • e6e4ebf : OutputConfiguration: Fix missing mIsShared in parcel read
    • 3e56e03 : Fix bad type for txPower in PeriodicAdvertisingReport serialization
    • 6f89a3e : OMS: Only allow trusted overlays to be registered.
    • 926c144 : Swap the order of synthetic password wrapping
    • 228112f : More dimming tweaks (for accessibility)
    • 4afa035 : Adjust Uri host parsing to use last instead of first @.
    • 42b2e41 : Throw OOME if Bitmap.nativeCreate fails
    • d64e959 : mtp: fix double free of thumbnail data

  • platform/frameworks/ex with 2 change(s)
    • 1ba5c0d : Add bounds checking for transparency lookup
    • ede8f95 : Skip composition of frames lacking a color map

  • platform/frameworks/minikin with 1 change(s)
    • ae7af07 : Fix OOB read due to integer overflow

  • platform/frameworks/native with 1 change(s)
    • 16392a1 : surfaceflinger: make vsync injection more robust

  • platform/hardware/google/easel with 2 change(s)
    • 8a24ecc : pbcamera: Add nofityEaselFatalError
    • 2f3d8bf : pbcamera: Add nofityEaselFatalError

  • platform/hardware/interfaces with 1 change(s)
    • d6e8f9d : cas: validate shared buffer size before using

  • platform/hardware/qcom/camera with 10 change(s)
    • 33d0011 : QCamera3: Rename property to disable HDR+
    • 6ffa4f8 : QCamera2: HAL3: Support concurrent camera with Easel
    • bf43359 : QCamera: Add Easel FW version in EXIF
    • 30f4c9c : QCamera3: Notify HDR+ client about Easel error
    • 6d31b27 : Revert "Revert "QCamera3: Enable HDR+ by default""
    • e9cccc4 : QCamera3: Rename property to disable HDR+
    • 429a060 : QCamera2: HAL3: Support concurrent camera with Easel
    • ccdcca2 : QCamera: Add Easel FW version in EXIF
    • 2b4f863 : QCamera3: Notify HDR+ client about Easel error
    • 750311e : Revert "Revert "QCamera3: Enable HDR+ by default""

  • platform/hardware/qcom/media with 1 change(s)
    • b539e1a : mm-video-v4l2: venc: Squash below changes

  • platform/libcore with 1 change(s)
    • 19a746e : Add test that extra buffer space is ignored.

  • platform/packages/apps/Email with 1 change(s)
    • 08dbcc8 : Disallow attaching files from our own EmailAttachmentProvider.

  • platform/packages/apps/Settings with 8 change(s)
    • c38c740 : Update the way OMS records details about overlays
    • d5fa60d : Update asset for no search result image
    • 8269770 : Reword bluetooth confirmation dialog
    • dfa402e : Settings: Remove HAL HDR+ option
    • 921a007 : Revert "Revert "Settings: Enable HAL HDR+ by default""
    • 67f3b82 : Fix BluetoothPairingDialogTest to not expect device name
    • 13d46d7 : Settings: Remove HAL HDR+ option
    • 4d45be2 : Revert "Revert "Settings: Enable HAL HDR+ by default""

  • platform/packages/apps/UnifiedEmail with 1 change(s)
    • dd5743f : Disallow attaching files from our own EmailAttachmentProvider.

  • platform/system/bt with 16 change(s)
    • eb8771e : AVRCP: Check number of text attribute values in response
    • 99c17db : AVRCP: Set maximum string length when copying to buffer
    • acb8b71 : AVRCP: Initialize buffer for attribute values to be written to
    • 2c3a82a : AVRCP: Check number of text attributes in response
    • 8feb740 : AVRCP: Check the number of text value attributes requested
    • 2eb7266 : SDP: Check p_req_end before reading from p_req
    • 1313abd : SDP: Include the offset in sdp_disc_server_rsp
    • 2f2043f : AVRCP: Check the number of text attributes requested
    • 49a57cd : Remove memory reference to invalid mem in error log
    • ae12fc4 : BNEP: Check received frame type
    • 08e6833 : PAN: Fix Use-after-free in bta_pan_data_buf_ind_cback
    • a50e704 : Fix unexpected behavior in reading BNEP packets
    • f0edf65 : Fix unexpected behavior in SDP
    • ec16f7d : Allocate/free the SDP connection timers only during stack startup/shutdown
    • 0627e76 : SDP: Pass the bounds to process_service_*_rsp
    • 935ee77 : Removed alarm callback execution statistics

  • platform/system/core with 1 change(s)
    • b713352 : libnetutil: Check dhcp respose packet length

  • platform/system/hwservicemanager with 1 change(s)
    • e1b4a88 : get selinux context on add call arrival.

  • platform/system/libhidl with 1 change(s)
    • a4d0252 : canCastInterface: always return true for IBase

  • platform/system/media with 1 change(s)
    • e770e37 : Camera metadata: Check source metadata size

  • platform/system/security with 2 change(s)
    • dbb64f6 : Fixing bug in security vulnerability patch
    • 65423d0 : Fixing security vuln by tightening race condition window.

  • platform/system/tools/hidl with 1 change(s)
    • 8539fc8 : Explicitly check processes are oneway

  • platform/system/update_engine with 2 change(s)
    • 55b7e08 : Add SafetyNet logging for payload timestamp error.
    • 8c3c80c : Add maximum timestamp to the payload.