android-5.1.1_r37 to android-5.1.1_r38 AOSP changelog

This only includes the Android Open Source Project changes and does not include any changes in any proprietary components included by Google or any hardware manufacturer. The raw log was generated using a modified version of this script written by JBQ, and further improved by Al Sutton.

Please do not copy this without attribution to Android Police, Al Sutton, and JBQ for the original script.

+- Project: platform/build

08e78b5 : Updating security string to 2016-07-05
c867b4e : "LMY49L"
fd6ebe0 : Update security patch string to 2016-06-01
75dc1a1 : Update Security String to 2016-05-01 in preparation for May 2016 Security OTA
6a38a15 : LMY49K

+- Project: platform/dalvik

acca427 : Fix potential buffer overrun.

+- Project: platform/external/aac

2d37979 : Fix aacDecoder_drcExtractAndMap()
8b27a28 : Fix stack corruption happening in aacDecoder_drcExtractAndMap()

+- Project: platform/external/flac

3aaad9b : Avoid free-before-initialize vulnerability in heap

+- Project: platform/external/libpng

6bdd150 : DO NOT MERGE Update libpng to 1.6.20

+- Project: platform/external/libvpx

452cd07 : DO NOT MERGE - external/libvpx/libwebm: Update snapshot

+- Project: platform/external/tremolo

5f7278e : Check partword is in range for # of partitions

+- Project: platform/external/wpa_supplicant_8

163d22e : Guard against return value already being null
7b90d94 : Remove newlines from config output

+- Project: platform/frameworks/av

9eff150 : MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
08e8b6d : limit mediaserver memory
13ed0bc : Check malloc result to avoid NPD
4d3097e : Fix security vulnerability in libstagefright
842f999 : h264bsdActivateParamSets: Prevent multiplication overflow.
14199c4 : Clear unused pointer field when sending across binder
0b1cb44 : DO NOT MERGE Don't reject "thumbnail mode" setConfig
685173b : DO NOT MERGE Verify OMX buffer sizes prior to access
dffe881 : SampleTable.cpp: Fixed a regression caused by a fix for bug 28076789.
f6bdce8 : SampleTable.cpp: Prevent corrupted stts block from causing excessive memory allocation.
45a8f3a : h264dec: check for overflows when calculating allocation size.
3c83bfa : DO NOT MERGE codecs: check OMX buffer size before use in (gsm|g711)dec
ecb3f3c : AudioSource: initialize variables
bd712a1 : Check mp3 output buffer size
1d10450 : codecs: check OMX buffer size before use in (h263|h264)dec
1d64a97 : DO NOT MERGE codecs: check OMX buffer size before use in hevcdec
ca6ba03 : Fix initialization of AAC presentation struct
fe907b1 : DO NOT MERGE codecs: check OMX buffer size before use in (vorbis|opus)dec
542e306 : Fix AMR decoder
22ec453 : SoftAMR: check input buffer size to avoid overflow.
eaceff0 : SoftAMR: check output buffer size to avoid overflow.
7d6a914 : codecs: check OMX buffer size before use in VP8 encoder.
f68983c : NuPlayerStreamListener: NULL and bounds check before memcpy
d65154e : Camera3Device: Validate template ID
86d7a40 : Add VPX output buffer size check

+- Project: platform/frameworks/base

6e9224c : DO NOT MERGE : backport of backup transport whitelist
632994a : Don't pass URL path and username/password to PAC scripts
686f3b8 : DO NOT MERGE Fix intent filter priorities
bba085b : Kill the real/isolated uid group, not the ApplicationInfo uid
1f2c428 : [DO NOT MERGE] Disallow guest user from changing Wifi settings

+- Project: platform/frameworks/native

dd2ce3e : Correctly handle dup() failure in Parcel::readNativeHandle
433616e : Fix issue #27252896: Security Vulnerability -- weak binder
9c7a8c2 : BQ: fix some uninitialized variables

+- Project: platform/hardware/libhardware

b528857 : Add guest mode functionality (1/3)

+- Project: platform/hardware/qcom/audio

3e7c86e : DO NOT MERGE Fix AudioEffect reply overflow

+- Project: platform/hardware/qcom/media

9cb3c42 : DO NOT MERGE mm-video-v4l2: venc: Avoid processing ETBs/FTBs in invalid states
2c017b7 : DO NOT MERGE mm-video-v4l2: vdec: Avoid processing ETBs/FTBs in invalid states
14fe2d5 : DO NOT MERGE mm-video-v4l2: vdec: Update param struct size correctly
ae622f3 : DO NOT MERGE mm-video-v4l2: venc: add safety checks for freeing buffers
686c171 : DO NOT MERGE mm-video-v4l2: vdec: add safety checks for freeing buffers
5a72fd4 : DO NOT MERGE mm-video-v4l2: vdec: deprecate unused config OMX_IndexVendorVideoExtraData
6d0247c : DO NOT MERGE mm-video-v4l2: vidc: validate omx param/config data

+- Project: platform/packages/apps/Bluetooth

a9cb1ad : Add guest mode functionality (3/3)
c77e9b7 : "DO NOT MERGE" Add write SMS protection

+- Project: platform/packages/apps/Email

f7a4bf8 : Don't allow cachedFile Attachments if the content Uri is pointing to EmailProvider.

+- Project: platform/packages/apps/Nfc

0070a06 : Verify setForegroundDispatch caller is in foreground.

+- Project: platform/packages/apps/UnifiedEmail

6caa879 : Don't allow cachedFile Attachments if the content Uri is pointing to EmailProvider.

+- Project: platform/packages/services/Telephony

fe5f4ff : DO NOT MERGE Use E PhoneAccount for MT ECM Call

+- Project: platform/system/core

2b5b916 : Fix scanf %s in lsof.
222b320 : Fix overflow in path building
a897fa7 : Don't demangle symbol names.