***************************************************************
***************************************************************
  50 file changed, 884 insertions(+), 421 deletions(-)
***************************************************************
***************************************************************
========platform/bionic between android-7.1.1_r22..android-7.1.1_r28=========
e046081 Check for bad packets in getaddrinfo.c's getanswer.

========platform/bootable/recovery between android-7.1.1_r22..android-7.1.1_r28=========
 verifier.cpp | 6 ++++++
 1 file changed, 6 insertions(+)
2c6c23f Add a checker for signature boundary in verifier

========platform/build between android-7.1.1_r22..android-7.1.1_r28=========
 core/build_id.mk         | 2 +-
 core/version_defaults.mk | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
e22d5db N6F26U
722ccd6 N6F26T
88463b6 N6F26S
a6da47e Updating Security String to 2017-03-05 on nyc-dev
9aee59b Updating Security String to 2017-03-01 on nyc-dev
8a89878 N6F26R
e225344 Update Security String to 2017-02-05 on nyc-dev
8e84b75 Update Security String to 2017-02-01 on nyc-dev
cf7e2da N6F26Q
a618563 Updating Security String to 2017-01-05 on nyc-dev
1a90283 Updating Security String to 2017-01-01 on nyc-dev

========device/asus/fugu-kernel between android-7.1.1_r22..android-7.1.1_r28=========
 bzImage | Bin 5386576 -> 5386880 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
f4ee1db merge in nyc-mr1-security-b-release history after reset to nyc-mr1-release

========device/google/marlin-kernel between android-7.1.1_r22..android-7.1.1_r28=========
 Image.gz-dtb | Bin 18688510 -> 18708374 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
76704b1 merge in nyc-mr1-security-b-release history after reset to nyc-mr1-release

========device/htc/flounder between android-7.1.1_r22..android-7.1.1_r28=========
a37d1ee Fix security issue in Visualizer effect

========device/huawei/angler-kernel between android-7.1.1_r22..android-7.1.1_r28=========
c1f3197 merge in nyc-mr1-release history after reset to nyc-mr1-dev

========device/moto/shamu between android-7.1.1_r22..android-7.1.1_r28=========
 mixer_paths.xml | 74 +++++++++++++++++----------------------------------------
 1 file changed, 22 insertions(+), 52 deletions(-)
67b5be4 Revert "Revert "Revert "Path fix for backend connection to FE upon call disconnection"""
8e88ad7 Revert "audio: fix headset + speaker path"

========device/moto/shamu-kernel between android-7.1.1_r22..android-7.1.1_r28=========
 zImage-dtb | Bin 7215207 -> 7199943 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
0b3b978 shamu: update prebuilt kernel

========platform/external/boringssl between android-7.1.1_r22..android-7.1.1_r28=========
 src/crypto/bn/bn_test.cc |  42 +++++++++++++++++
 src/crypto/bn/convert.c  | 114 +++++++++++++++++++++++------------------------
 2 files changed, 98 insertions(+), 58 deletions(-)
54bf62a Rewrite BN_bn2dec.

========platform/external/libavc between android-7.1.1_r22..android-7.1.1_r28=========
 decoder/ih264d_api.c            |  6 ++++--
 decoder/ih264d_parse_headers.c  |  4 +++-
 decoder/ih264d_parse_pslice.c   | 38 ++++++++++++++++++++++++++------------
 decoder/ih264d_parse_slice.c    |  5 +++--
 decoder/ih264d_process_bslice.c |  3 ++-
 decoder/ih264d_sei.c            |  2 +-
 decoder/ih264d_tables.c         |  3 ++-
 decoder/ih264d_utils.c          |  3 ++-
 8 files changed, 43 insertions(+), 21 deletions(-)
6aac820 Decoder: Padded gau1_ih264d_top_left_mb_part_indx_mod to avoid an out of bound read
0a4463e Decoder: Fix in checking first_mb_in_slice
4a61d15 Decoder: Increase memory allocation for weights & offsets for interlaced clips
19814b7 Decoder: Fixed DoS in header decode when no PPS is present
0340381 Decoder: Initialize ps_cur_slice->u1_mbaff_frame_flag correctly for error cases
85c0ec4 Decoder: Fixed an out of bound access while parsing SEI
21851ea Decoder: Fix in MB count in MBAff error handling
aa78b96 Call ih264d_deblock_display only for valid process calls
ec9ab83 Decoder: Fixed allocation of ps_dec->ps_nbr_mb_row
fd9a12f Decoder: Fixed cur_mb_info initialization in error cases
a467b1f Decoder: Fix in error concealment in the case of Mbaff clips
0e8b1df Decoder: Fix in the case of error in the first MB in frame.
c4f1525 Decoder: Fix in returning incomplete frame error
3695b6b Decoder: Fix initialization of ps_next_dpb during reference list creation
cf606f3 Decoder: Fix in checking for valid profile flags

========platform/external/libgdx between android-7.1.1_r22..android-7.1.1_r28=========
 gdx/jni/Android.mk        |  3 +++
 gdx/jni/gdx2d/stb_image.h | 65 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 67 insertions(+), 1 deletion(-)
fba04a5 Fix buffer overflows
c156e72 Fix security vulnerability

========platform/external/libhevc between android-7.1.1_r22..android-7.1.1_r28=========
 decoder/ihevcd_parse_headers.c | 9 +++++++++
 1 file changed, 9 insertions(+)
dfa7251 Added check for invalid log2_max_transform_block_size in SPS
3a64694 Fixed handling invalid chroma tu size for error clips
f22345d Fixed out of bound reads in stack variables
e20f6b8 Fix in Chroma SAO for non-multiple of 8 height
b25d141 Handle invalid slice_address in slice header

========platform/external/libnfc-nci between android-7.1.1_r22..android-7.1.1_r28=========
 src/nfc/nfc/nfc_ncif.c | 2 ++
 1 file changed, 2 insertions(+)
c67cc6a Fix native crash in nfc_ncif_proc_activate

========platform/external/libnl between android-7.1.1_r22..android-7.1.1_r28=========
77a7bed libnl: Check data length in nla_reserve / nla_put

========platform/external/libopus between android-7.1.1_r22..android-7.1.1_r28=========
1ad8009 Ensure that NLSF cannot be negative when computing a min distance between them

========platform/external/libvpx between android-7.1.1_r22..android-7.1.1_r28=========
 libvpx/vp9/decoder/vp9_decodeframe.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
6f5927d libvpx: Cherry-pick 1961a92 from upstream
145f317 vp8:fix threading issues

========platform/external/skia between android-7.1.1_r22..android-7.1.1_r28=========
 resources/empty_images/zero_height.tiff | Bin 0 -> 87460 bytes
 src/codec/SkRawCodec.cpp                |  21 ++++++++-------------
 tests/CodexTest.cpp                     |   3 +++
 3 files changed, 11 insertions(+), 13 deletions(-)
8888cbf DO NOT MERGE Do not create an SkRawCodec with zero dimensions

========platform/external/tremolo between android-7.1.1_r22..android-7.1.1_r28=========
a4327f0 Tremolo: fix ARM assembly code for decode_map type 3 case

========platform/frameworks/av between android-7.1.1_r22..android-7.1.1_r28=========
 media/libstagefright/SampleTable.cpp               |  21 +-
 media/libstagefright/avc_utils.cpp                 |   5 +-
 services/audioflinger/AudioFlinger.cpp             |  23 +-
 services/audioflinger/AudioFlinger.h               |   1 +
 services/audioflinger/Effects.cpp                  | 259 +++++++++++++--------
 services/audioflinger/Effects.h                    |  37 ++-
 services/audioflinger/Threads.cpp                  |  45 +++-
 services/audioflinger/Threads.h                    |   7 +-
 .../service/AudioPolicyInterfaceImpl.cpp           |   5 +-
 9 files changed, 268 insertions(+), 135 deletions(-)
5cabe32 avc_utils: skip empty NALs from malformed bistreams
8415635 DO NOT MERGE - audioflinger: fix recursive mutex lock in EffectHandle.
bc62c08 Don't initialize sync sample parameters until the end
22e26d8 DO NOT MERGE - improve audio effect framwework thread safety
048ba59 Fix security vulnerability: potential OOB write in audioserver
bab10e4 Effect: Use local cached data for Effect commit
e684672 Fix security vulnerability: Effect command might allow negative indexes
4adf91c Make VBRISeeker more robust
70b95dd Effects: Check get parameter command size
cdd16c8 DO NOT MERGE: defensive parsing of mp3 album art information
adb8603 Fix security vulnerability: Equalizer command might allow negative indexes
a09eaa0 stagefright: remove allottedSize equality check in IOMX::useBuffer
0e1e9f4 Visualizer: Check capture size and latency parameters

========platform/frameworks/base between android-7.1.1_r22..android-7.1.1_r28=========
 .../android/app/admin/DevicePolicyManager.java     |  17 ++-
 .../android/app/admin/IDevicePolicyManager.aidl    |   1 +
 .../persistentdata/PersistentDataBlockManager.java |   5 +
 core/java/android/widget/Toast.java                |  61 ++++++---
 .../android/internal/widget/LockPatternUtils.java  |  45 +------
 .../com/android/server/LocationManagerService.java |  17 ++-
 .../com/android/server/LockSettingsService.java    |  71 ++++++++++
 .../android/server/PersistentDataBlockService.java |  23 +++-
 .../devicepolicy/DevicePolicyManagerService.java   | 143 ++++++++++++---------
 .../src/android/net/dhcp/DhcpPacketTest.java       |  52 +++++++-
 10 files changed, 307 insertions(+), 128 deletions(-)
7261a92 Fix issue with saving admins before finishing loading.
618391b resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev
d22261f Fix exploit where can hide the fact that a location was mocked am: a206a0f17e am: d417e54872 am: 3380a77516 am: 0a8978f04b am: 1684e5f344 am: d28eef0cc2 am: 1f458fdc66 am: d82f8a67fc am: 1ac8affd51 am: 56098f81b6 am: 7cec76de0f am: 2da05d0f9e
f4bed68 [DO NOT MERGE] Prevent crash from early Toast surface destruction.
5f621b5 Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
1c4d535 Prevent writing to FRP partition during factory reset.
593144f [DO NOT MERGE] Fix vulnerability in MemoryIntArray - fix build file
de5747d Fix vulnerability in MemoryIntArray
a66099e DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
4df434d DO NOT MERGE: Check provider access for content changes.
faf904b Zygote : Block SIGCHLD during fork.
c4b8272 Fix idmap leak in zygote process
7f0c2c8 Zygote: Additional whitelisting for legacy devices.
f522425 Zygote: Additional whitelists for runtime overlay / other static resources.
def0efd Public volumes belong to a single user.
25ddf85 Add SafetyNet logging to DHCP packet parsing
ec129c3 Reject DHCP packets with no magic cookie
c28117b Catch runtime exceptions when parsing DHCP packets

========platform/frameworks/ex between android-7.1.1_r22..android-7.1.1_r28=========
 framesequence/jni/FrameSequence_webp.cpp | 4 ++++
 1 file changed, 4 insertions(+)
7c824f1 resolve merge conflicts of 89cdd4cb to mnc-dev
30ee0df resolve merge conflicts of 3802db4 to mnc-dev

========platform/frameworks/native between android-7.1.1_r22..android-7.1.1_r28=========
541b1eb Correct overflow check in Parcel resize code
74dae33 Fix security vulneratibly 31960359
509fb5c Fix SF security vulnerability: 32706020
38ac668 Fix SF security vulnerability: 32660278
9a8df9a Fix integer overflow in unsafeReadTypedVector

========platform/frameworks/opt/net/wifi between android-7.1.1_r22..android-7.1.1_r28=========
 .../com/android/server/wifi/configparse/ConfigBuilder.java     | 10 ----------
 1 file changed, 10 deletions(-)
41c42f5 configparse: do not delete passpoint configuration file

========platform/hardware/libhardware between android-7.1.1_r22..android-7.1.1_r28=========
9f0e940 Fix security vulnerability: potential OOB write in audioserver

========platform/hardware/qcom/audio between android-7.1.1_r22..android-7.1.1_r28=========
7e12c89 Fix security vulnerability: Effect command might allow negative indexes
a0bfcdb Fix security vulnerability: Equalizer command might allow negative indexes

========platform/libcore between android-7.1.1_r22..android-7.1.1_r28=========
c55ce33 Fix URL parser may return wrong host name

========platform/packages/apps/Bluetooth between android-7.1.1_r22..android-7.1.1_r28=========
379e7b6 Remove MANAGE_DOCUMENTS permission as it isn't needed

========platform/packages/apps/CertInstaller between android-7.1.1_r22..android-7.1.1_r28=========
 AndroidManifest.xml                              |  1 +
 src/com/android/certinstaller/WiFiInstaller.java | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
1ad3b1e WifiInstaller: add permission for access downloaded files
1166ca8 WifiInstaller: remove the installation file

========platform/packages/apps/ContactsCommon between android-7.1.1_r22..android-7.1.1_r28=========
80822d7 resolve merge conflicts of 9f523b4 to nyc-dev

========platform/packages/apps/Messaging between android-7.1.1_r22..android-7.1.1_r28=========
 jni/GifTranscoder.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
3f98211 32764144 Security Vulnerability - heap buffer overflow in libgiftranscode.so in colorMap->Colors[colorIndex]
8ba22b4 33388925  Mismatched new vs delete in framesequence library
1bb11f3 resolve merge conflicts of eafd58a to nyc-dev
13f739b 32807795  Security Vulnerability - AOSP Messaging App: thirdparty can attach private files from "/data/data/com.android.messaging/" directory to the messaging app.
86e5bf5 32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so

========platform/packages/apps/PackageInstaller between android-7.1.1_r22..android-7.1.1_r28=========
 AndroidManifest.xml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
5c49b6b Prioritize package installer intent filter

========platform/packages/apps/UnifiedEmail between android-7.1.1_r22..android-7.1.1_r28=========
1fc7b01 Don't allow file attachment from /data through GET_CONTENT.

========platform/packages/services/Telephony between android-7.1.1_r22..android-7.1.1_r28=========
38b45bb Catch SIP exceptions which can crash Phone process on answer.

========platform/system/core between android-7.1.1_r22..android-7.1.1_r28=========
7f94bb4 change /data/bugreports to /bugreports

========platform/system/sepolicy between android-7.1.1_r22..android-7.1.1_r28=========
54a3eec label /bugreports