android-6.0.1_r22 to android-6.0.1_r25 AOSP changelog

This only includes the Android Open Source Project changes and does not include any changes in any proprietary components included by Google or any hardware manufacturer. The raw log was generated using a modified version of this script written by JBQ, and further improved by Al Sutton.

Please do not copy this without attribution to Android Police, Al Sutton, and JBQ for the original script.

+- Project: platform/bootable/recovery

ec4df63 : Fix integer overflows in recovery procedure.

+- Project: platform/build

3ca0b04 : "MTC19T"
cb4a4b7 : "MTC19S"
a83b748 : MTC19R
be600a2 : Update Security String to 2016-05-01 in preparation for May 2016 Security OTA
72e8cda : "MTC19Q"
6fe1867 : "MTC78"
86f52cc : MTC19O
b188a8e : Set BUILD_ID to use MT 2 letter abbreviation.
3300537 : "MHC19N"
70593a0 : "MHC19M"
1b865fa : "MHC19L"
7e848b3 : Updating security string patch to 2016-04-01
5228b92 : "MHC19K"

+- Project: platform/external/aac

f1f22e4 : Fix stack corruption happening in aacDecoder_drcExtractAndMap()

+- Project: platform/external/bouncycastle

288f88f : GCMParameters: fix insecure tag size

+- Project: platform/external/conscrypt

014a3fd : Fix updateAAD when offset is not 0
c6fb365 : OpenSSLCipher: multiple calls to updateAAD were ignored
550bba7 : OpenSSLCipher: reset AAD when necessary

+- Project: platform/external/dhcpcd

70f592d : Improve length checks in DHCP Options parsing of dhcpcd.

+- Project: platform/external/flac

284969d : Avoid free-before-initialize vulnerability in heap

+- Project: platform/external/libavc

c57fc37 : Decoder: Fix stack underflow in CAVLC 4x4 parse functions
50a580a : Ensure ih264d_start_of_pic() is not repeated in ih264d_mark_err_slice_skip()

+- Project: platform/external/skia

b49207a : Update SK_CRASH to default to abort(). DO NOT MERGE

+- Project: platform/external/wpa_supplicant_8

96d5871 : Guard against return value already being null
d996054 : Remove newlines from config output

+- Project: platform/frameworks/av

5c8f2a4 : Fix AMR decoder
05ee9ed : SoftAMR: check input buffer size to avoid overflow.
57cfe69 : SoftAMR: check output buffer size to avoid overflow.
07d8d29 : codecs: check OMX buffer size before use in VP8 encoder.
b22375c : NuPlayerStreamListener: NULL and bounds check before memcpy
7ef9d93 : Camera3Device: Validate template ID
d1ab8dd : Add VPX output buffer size check
5db7307 : Get service by value instead of reference
b7c8681 : Also fix out of bounds access for normal read
d3e5eca : Clear allocation to avoid info leak
a685aea : Fixing safteynet logging bug introduced in ag/862848
1a5ab71 : 3 uninitialized variables in IOMX.cpp
7227fe0 : Fix info leak vulnerability of IDrm
52fbd46 : IOMX.cpp uninitialized pointer in BnOMX::onTransact

+- Project: platform/frameworks/base

d886fca : [DO NOT MERGE] Disallow guest user from changing Wifi settings
66c3e63 : DO NOT MERGE Add new ConnectionEvent API (hide) to send a notification to Telecom
6ccc513 : NPE fix for SyncStorageEngine read authority am: a962d9eba7 am: 339c4f2b05 am: 58048c1f17
9dcf4bc : Redact Account info from getCurrentSyncs

+- Project: platform/frameworks/minikin

555dbae : Add error logging on invalid cmap

+- Project: platform/frameworks/native

1e27ec5 : Fix issue #27252896: Security Vulnerability -- weak binder
362ed3d : BQ: fix some uninitialized variables
a93a310 : Add SN logging
a5d2913 : Sanity check IMemory access versus underlying mmap
28a83d4 : BQ: Add permission check to BufferQueueConsumer::dump

+- Project: platform/frameworks/opt/net/wifi

765f850 : Revert "Appropriately fail EAP-SIM/AKA when SIM doesn't generate good response"
52ba5c9 : Appropriately fail EAP-SIM/AKA when SIM doesn't generate good response
1b7ed25 : Revert "Appropriately fail EAP-SIM/AKA when SIM doesn't generate good response"

+- Project: platform/frameworks/opt/telephony

2e60eb7 : DO NOT MERGE Inform registrants of which connection started or stopped the hold tone.

+- Project: platform/hardware/broadcom/wlan

b8c05d4 : net: wireless: bcmdhd: update bcm4358 FW (7.112.100.47) [DO NOT MERGE]
0095a04 : Revert "net: wireless: bcmdhd: update bcm4358 FW (7.112.200.5) [DO NOT MERGE]"
6046a46 : net: wireless: bcmdhd: update bcm4358 FW (7.112.200.5) [DO NOT MERGE]

+- Project: platform/libcore

3bf65a5 : CipherTest: add test for multiple updateAAD calls
955b4fa : CipherTest: test instance reuse with updateAAD
b307d35 : GCMParameters: check that the default tag size is secure (16 bits)

+- Project: platform/packages/apps/CertInstaller

ae7438e : Trust CA certificates added for the whole OS only

+- Project: platform/packages/apps/Email

b65d462 : Don't allow cachedFile Attachments if the content Uri is pointing to EmailProvider.

+- Project: platform/packages/apps/UnifiedEmail

96e938f : Don't allow cachedFile Attachments if the content Uri is pointing to EmailProvider.
c4614f6 : Don't allow file attachment from file:///data.

+- Project: platform/packages/providers/DownloadProvider

e74ee40 : DO NOT MERGE. Use resolved path when inserting and deleting.
8ec0057 : Use resolved path for both checking and opening.

+- Project: platform/packages/services/Telecomm

8503f03 : DO NOT MERGE Listen for ConnectionEvent and use the InCallToneMonitor to play the tone
b5a7feb : DO NOT MERGE - Restrict ability to add call based on device provision status
2750faa : DO NOT MERGE Check PAH in addNewIncomingCall

+- Project: platform/packages/services/Telephony

661d806 : DO NOT MERGE Register OnHoldTone event
a294ae5 : Fixes creation of incorrect SIP PhoneAccountHandle

+- Project: platform/system/core

8b25673 : Don't demangle symbol names.
213af3a : Don't create tombstone directory.