android-5.1.1_r3 to android-5.1.1_r14 AOSP changelog

This only includes the Android Open Source Project changes and does not include any changes in any proprietary components included by Google or any hardware manufacturer. The raw log was generated using a modified version of this script written by JBQ, and further improved by Al Sutton.

Please do not copy this without attribution to Android Police, Al Sutton, and JBQ for the original script.

+- Project: platform/build

3b9e3a3 : "LMY48M"
f165cfb : LMY48L
a3ebc82 : "LMY48K"
c445cc3 : "LMY48J"
fa943a9 : "LMY48I"
5a71557 : "LMY48H"
40be6ec : "LMY48G"
13f696e : "LMY48F"
546a5aa : "LMY48E"
38deeee : "LMY48D"
bca602e : "LMY48C"

+- Project: device/samsung/manta

3209a6f : manta: update prebuilt kernel (DO NOT MERGE)

+- Project: platform/external/conscrypt

edf7055 : OpenSSLX509Certificate: mark mContext as transient

+- Project: platform/external/libpng

dd0ed46 : Restore a width check that was removed from png.c (CVE-2015-0973)

+- Project: platform/external/skia

e28401b : DO NOT MERGE Prevent integer wrap around for malloc size when creating a SkRegion

+- Project: platform/external/sonivox

e999f07 : DLS parser: fix wave pool size check.

+- Project: platform/external/wpa_supplicant_8

4cf0f2d : P2P: Validate SSID element length before copying it

+- Project: platform/frameworks/av

6fe85f7 : MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
304ef91 : Guard against codecinfo overflow
a5d9298 : Revert "DO NOT MERGE: Lock drm plugin API calls globally, not per MediaDrm instance"
d776139 : DO NOT MERGE: Lock drm plugin API calls globally, not per MediaDrm instance
f4f7e0c : Prevent integer underflow if size is below 6
2674a72 : Prevent integer overflow when processing covr MPEG4 atoms
e846a5f : Prevent reading past the end of the buffer in 3GPP
aeea52d : audio effects: fix heap overflow
463a6f8 : Fix integer overflow when handling MPEG4 tx3g atom
f4a88c8 : Fix integer underflow in covr MPEG4 processing
3cb1b69 : IOMX: Enable buffer ptr to buffer id translation for arm32
086d84f : IOMX: Add buffer range check to emptyBuffer
c82e31a : HDCP: buffer over flow check -- DO NOT MERGE
d48f0f1 : Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes
5150492 : Add some sanity checks
5e75195 : Fix integer underflow in ESDS processing
2434839 : Fix integer overflow during MP4 atom processing
cf1581c : Fix several ineffective integer overflow checks

+- Project: platform/frameworks/base

8fba7e6 : Prevent insanely long passwords from crashing SystemUI
1e72dc7 : DO NOT MERGE: Ensure that unparcelling Region only reads the expected number of bytes
4cff1f4 : Check that the parcel contained the expected amount of region data. DO NOT MERGE
a5e904e : DO NOT MERGE Change to add STK_PERMISSION for stk related commands.
e3cde78 : Prevent system uid component from running in an app process
aaa0fee : Lockdown AM.getRunningAppProcesses API with permission.REAL_GET_TASKS
0b98d30 : DO NOT MERGE Don't take flags when creating app widget config activity.
d44e5bd : Make Bitmap_createFromParcel check the color count. DO NOT MERGE
0e40462 : Revert "DO NOT MERGE Backport of limited jank-tracking metrics"
d5a4a1a : DO NOT MERGE Backport of limited jank-tracking metrics

+- Project: platform/frameworks/native

e68cbc3 : Disregard alleged binder entities beyond parcel bounds
7dcd0ec : Verify that the native handle was created

+- Project: platform/frameworks/opt/telephony

df31d37 : Externally-reported Moderate severity vulnerability in SMS: Apps can bypass the SMS short code notification prompt
b485814 : DO NOT MERGE Change to add STK_PERMISSION for stk related commands.

+- Project: platform/packages/apps/Stk

1d8e001 : DO NOT MERGE Change to add STK_PERMISSION for stk related commands.

+- Project: platform/packages/services/Telephony

fcb1d13 : DO NOT MERGE Change to make STK related intents protected.

+- Project: platform/system/core

e8c62fb : Prevent integer overflow when allocating native_handle_t

+- Project: platform/system/security

bb9f439 : Fix unchecked length in Blob creation