Android Pie AOSP Changes

Changes from 9.0.0_r17 (PPR1.181005.003.A1) to 9.0.0_r18 (PPR2.181005.003.A1):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (0):

None

Updated Components (26):

  • device/google/marlin with 1 change(s)
    • 1ca624f : Changing SUPL_ES=1 for SUPL end point control

  • device/google/wahoo with 3 change(s)
    • 6c91ec9 : Update SVN to 19 for October Monthly release Bug: 112535135 (cherry picked from commit b0d073596a250b7b47a979fff04caa37ba6791af)
    • a063ae4 : usb gadget hal: Increase disconnect timeout
    • 60983c2 : Update SVN to 18 for September Monthly release Bug: 111501777 (cherry picked from commit 2cded42036f5dfdb470c82e2e7cbdaa2f43320bd)

  • platform/build with 10 change(s)
    • 27b2266 : Update platform security string to 2018-11-01 on pi-dev & master Bug:114110585 (cherry picked from commit 2e6c06ba1b01fd0b9af8d955ae28da6b39037c85)
    • fcae272 : Version bump to PPR2.181005.003
    • 47dc68b : Version bump to PPR2.181005.002
    • 2fea004 : Update platform security string to 2018-10-05 on pi-dev & master bug: 112535135 (cherry picked from commit 61ddf1fa27039bc83a7e4be48a35a50ab2b83c78)
    • 2e697ca : Version bump to PPR2.180905.006
    • ed6abe6 : Version bump to PPR2.180905.005
    • 630d084 : Version bump to PPR2.180905.004
    • 99532c9 : Version bump to PPR2.180905.003
    • 35c093d : Version bump to PPR2.180905.002
    • d4c097f : Updating Platform Security String to 2018-09-05 Bug: 111501777 (cherry picked from commit 6bc223c9af044ad06e2f1abc0c4570a7371f9a3a)

  • platform/external/aac with 3 change(s)
    • 0734346 : Prevent bit buffer counter overflow.
    • 60b6c3a : Break audio element loop in case element_count becomes too large.
    • 6cf266e : Add sampling rate sanity check

  • platform/external/chromium-libpac with 1 change(s)
    • 2eb093b : Test for error in handling getters changing element kind.

  • platform/external/f2fs-tools with 1 change(s)
    • 3f4f4b1 : make_f2fs: issue discard commands on mkfs

  • platform/external/libmpeg2 with 1 change(s)
    • 58ad1b7 : Adding check for min_width and min_height

  • platform/external/libxaac with 8 change(s)
    • 81981f9 : Fix for global buffer overflow in scale factor processing
    • f5f8fd0 : Fix for crc related issues
    • 61ac936 : Fix for NPD in case of single coupling channel element.
    • 4386e3e : Fix for heap buffer overflow in xaac decoder init
    • 89a89a1 : Fix for out of bound write memory access in xheaac
    • 155344c : Revert "Fix for ubsan add-overflow"
    • 48a3a9b : Fix for stack corruption in esbr
    • f79b9c7 : Fix for ubsan add-overflow

  • platform/external/neven with 1 change(s)
    • 86a561f : Make bound check proper in bbf_Scanner_addOutPos

  • platform/external/sonivox with 2 change(s)
    • 41ba85a : sonivox: prevent rejection of good but large MIDI files
    • 7a8a046 : sonivox: prevent infinite loop in OTA ringtones

  • platform/external/tremolo with 1 change(s)
    • dc2293e : Fix OOB access in Tremolo

  • platform/external/v8 with 1 change(s)
    • ccaf279 : Backport: Fix Object.entries/values with changing elements

  • platform/frameworks/av with 9 change(s)
    • 57a27cb : NuPlayer2CCDecoder: Add bound check before memcpy
    • a5d1e3d : Fix race condition for cas sessions
    • c500d92 : Fix information disclosure in mediadrmserver
    • 73835b3 : Check for overflow of crypto size
    • 0d143ae : Allow playing output to default output device when during uplink playback
    • 2870aca : M3UParser: handle missing EXT-X-MEDIA URIs
    • 29d991f : Allow kPortModeDynamicANWBuffer for kBufferTypeANWBuffer in useBuffer
    • 080ebd0 : MediaExtractor: stop rendering when an error occurs
    • 8033f4a : M3UParser: make url on demand

  • platform/frameworks/base with 10 change(s)
    • 6a7e587 : Verify number of Map entries written to Parcel
    • 4f876ce : Changing SUPL_ES=1 for SUPL end point control
    • 1648173 : Fixes possible issue with no-op creator.
    • c7d576e : Revert "RESTRICT AUTOMERGE: Revoke permissions defined in a to-be removed package."
    • 821e9bd : Fix crash during cursor moving on BiDi text
    • f45705c : RESTRICT AUTOMERGE: Revoke permissions defined in a to-be removed package.
    • 586b910 : Fix TrackInfo parcel write
    • cf6784b : vpn: allow IPSec traffic through Always-on VPN
    • 2de620f : Resolve inconsistent parcel read in NanoAppFilter
    • 623b2b6 : Backport Prevent shortcut info package name spoofing

  • platform/hardware/qcom/display with 1 change(s)
    • d1c08b1 : Fix Buffer Overflow in Vendor Service display.qservice

  • platform/hardware/qcom/media with 3 change(s)
    • da5bb8a : mm-video-v4l2: Protect buffer access and increase input buffer size
    • 08fe191 : mm-video-v4l2: Protect buffer access and increase input buffer size
    • 064fbe3 : mm-video-v4l2: Squash below changes

  • platform/libcore with 1 change(s)
    • 518e8d2 : Fix hostname parsing in java.net.URLStreamHandler.

  • platform/packages/apps/Settings with 2 change(s)
    • 218e840 : Hide SettingsSlice provider
    • af4c772 : Disable changing lock when device is not provisioned.

  • platform/packages/providers/DownloadProvider with 1 change(s)
    • 284c0f5 : Remove "public" download feature.

  • platform/system/bt with 22 change(s)
    • 96d3183 : Check data length when parsing AVRCP vendor specific command responses
    • f41fd53 : Check AVRCP data length when parsing inside avrc_ctrl_pars_vendor_rsp()
    • 537f6c7 : HID Device: Fix OOB in register_app
    • dd99cd8 : Fix a wrong check in rfc_parse_data
    • 3ee3f46 : Add bound check for rfc_parse_data
    • b2fab41 : Fix build failure in stack/rfcomm/rfc_ts_frames.c
    • 42fdad3 : Add packet length checks in mca_ccb_hdl_req
    • 9091840 : Checks the SMP length to fix OOB read
    • a1a6202 : Add packet length check in smp_proc_master_id
    • 5e879e7 : Add missing AVRCP message length checks inside avrc_msg_cback
    • 53cb1b1 : Check packet length in bta_av_proc_meta_cmd
    • 4e16b30 : Fix OOB read in avrc_ctrl_pars_vendor_rsp
    • c6b31ec : Check remaining frame length in rfc_process_mx_message
    • edcee79 : Fix copy length calculation in sdp_copy_raw_data
    • b9af041 : HFP: Don't use mSBC for HF devices not supporting Codec Negotiation
    • bc6aef4 : HID Host: Check L2CAP packet data length
    • d5b44f6 : Fix OOB read in process_l2cap_cmd
    • bdbabb2 : Add packet length checks in l2cble_process_sig_cmd
    • d3689fb : Don't use Address after it was deleted
    • 6868819 : SDP: return error on offset bigger than atribute length
    • 43cd528 : HFP: Fix out of bound access in phone number processing
    • 75c2298 : HIDD: Prevent integer underflow in bta_hd_act

  • platform/system/core with 1 change(s)
    • d8e76e1 : Revert "Support Speck encryption."

  • platform/system/extras with 1 change(s)
    • 4e6cbf5 : Revert "Support Speck encryption."

  • platform/system/libhidl with 1 change(s)
    • 93484b9 : hidl_memory: fail on transfer if size SIZE_MAX

  • platform/system/netd with 1 change(s)
    • 9e60459 : Set optlen for UDP-encap check in XfrmController

  • platform/system/sepolicy with 1 change(s)
    • d4e094e : crash_dump: disallow ptrace of TCB components

  • platform/system/vold with 1 change(s)
    • e7d3304 : cryptfs: Remove Speck support