[ROM][UNOFFICIAL][LineageOS 14.1][T813] [T713] Delta Nougat

[Androilala]

no, dnscrypt does not require an internet connection to run the iptables script. In fact, when tor is enabled, dnscrypt just waits until tor starts up.

Okay, i will try tor in termux when it happens again.
Thank you verry much for the support and the great ROM.

 

[Concept48]

This is an unofficial version of LineageOS 14.1 for Samsung Galaxy S2 (T813 and T713) with extra security features.

- Vendor has been updated using latest release from Samsung (T813XXS2BSJ3 and T713XXS2BSG1)
- Kernel has been updated using latest CAF, Google, and kernel.org sources
- SDcardfs has been backported from Oreo
- Wifi driver (qcacld-2.0) has been updated from latest CAF repos
- Fixed random wifi disconnects
- Proc has been hardened with updated selinux policy
- Use correct ANT+ wireless driver (qualcomm-uart)
- Added blur effect
- Enabled burnIn protection support
- Only light up capacitive hardware keys when pressed
- Lowmemory killer has been optimized using latest upstream Google sources
- Stability and power usage improvements
- MicroG support has been added to framework (signature spoofing)
- Add menu option to switch off captive portal (to stop pinging google servers)
- Latest Wireguard kernel support added
- Integrated superuser support added
- Added per-app VPN data restrictions
- Add Privacy-Friendly Network Monitor
- Restrict untrusted apps from /proc/net
- Added per-app sensor block in privacy guard
- DNSCrypt Proxy support for encrypted DNS and integrated ad blocker
- Support for DNSCrypt Proxy requests through Tor for total DNS privacy (requires Tor to be installed separately)
- Bromite system webview that can be updated from official Bromite website and FDroid.

T813: lineage-14.1-20220509-NIGHTLY-gts210vewifi.zip
Supported Bootloader versions:
T813XXU2BSB1|T813ZCU2BSB1|T813XXS2BSG1|T813XXS2BSG3|T813XXU2BSI2|T813ZCU2BSI3|T813XXS2BSJ3

T713: lineage-14.1-20220509-NIGHTLY-gts28vewifi.zip
Supported Bootloader versions:
T713XXU2BRF4|T713XXS2BRI1|T713XXU2BSB1|T713XXU2BSA1|T713XXS2BSG3|T713XXS2BSG1|T713ZCU2BSI3

Security Patch Level: May 2022

T813 Recovery: twrp-3.2.3-1-gts210vewifi-20190418-1-recovery.img
md5sum: ce7f264cf2fdef9da0d812eec293396e

T713 Recovery: twrp-3.2.3-0-gts28vewifi.img
md5sum: twrp-3.2.3-0-gts28vewifi.img.md5

Note: TWRP 3.2.3 is only version that works properly with encryption on Nougat because newer versions of TWRP do not format the data partition correctly. The data partition must be formatted with TWRP 3.2.3 in order to create proper encryption footers.

Recommended Gapps: gapps-base-arm64-7.1.2-20180730-1-signed.zip

TWRP Device Repo: https://github.com/syphyr/android_device_samsung_gts210vewifi-teamwin/commits/android-7.1

Local Manifest: local_manifests_laos_S2-14.1.xml

Very nice a updated Nougat .I,m on Pie atm . Can you make a short tuto how to add microG to this Rom?

 

[Deltadroid]

Very nice a updated Nougat .I,m on Pie atm . Can you make a short tuto how to add microG to this Rom?

This rom is already patched to support microg (signature spoofing), so all you need to do is install the microg components. https://github.com/microg/GmsCore/wiki/Installation

Note: GmsCore should be installed to /system/priv-app to make alternative location services work

 

[Concept48]

This rom is already patched to support microg (signature spoofing), so all you need to do is install the microg components. https://github.com/microg/GmsCore/wiki/Installation

Note: GmsCore should be installed to /system/priv-app to make alternative location ser

Thanks Delta will do that and make a microg build , thanks so much for the support on LineageOS14.1 , i,m sure tablet will raceee on this build !

 

[Concept48]

This rom is already patched to support microg (signature spoofing), so all you need to do is install the microg components. https://github.com/microg/GmsCore/wiki/Installation

Note: GmsCore should be installed to /system/priv-app to make alternative location services work

I added microg to the rom and it works good , apps that cry for GS are working here now ..where can I send you the MicroG release?

 

[Deltadroid]

I added microg to the rom and it works good , apps that cry for GS are working here now ..where can I send you the MicroG release?

Would to give me some more details as to what you created? Are you referring to a microg addon to flash to the system partition with backup scripts? Perhaps the best solution is to create a new thread for what you created and link it here.

 

[Concept48]

Would to give me some more details as to what you created? Are you referring to a microg addon to flash to the system partition with backup scripts? Perhaps the best solution is to create a new thread for what you created and link it here.

No no , I just added MicroG to Your Rom , I dont want to make a thread i,m not a developer only a dressman .

 

[Concept48]

No no , I just added MicroG to Your Rom , I dont want to make a thread i,m not a developer only a dressman .

Ok I see you don't answer , then I will considder The MicroG rom a Port from Your rom . Sorry wont bother you anymore .

 

[Deltadroid]

Ok I see you don't answer , then I will considder The MicroG rom a Port from Your rom . Sorry wont bother you anymore .

I'm still not sure what you are asking me

 

[Concept48]

I'm still not sure what you are asking me

Look , your Rom is microG ready , signature spoofing , so I asked you , how to add microg properly , you said private app etc , so I did a cooking and added the MicroG elements to Your Rom , testing it and it runs the way it should , so I was like , let me send you the rom so you can add it to your collection , but maybe i,m thinking wrong . , apologies for that .

 

[Deltadroid]

Look , your Rom is microG ready , signature spoofing , so I asked you , how to add microg properly , you said private app etc , so I did a cooking and added the MicroG elements to Your Rom , testing it and it runs the way it should , so I was like , let me send you the rom so you can add it to your collection , but maybe i,m thinking wrong . , apologies for that .

No problem. I would like to leave it optional so users can choose between regular gapps and microg.

 

[Concept48]

No problem. I would like to leave it optional so users can choose between regular gapps and microg.

Alright , I just bought the tablet and was on 9 and even 10 , but I like Los 14.1 your work more.. so then I will add it to my MicroG collection . Great - i,m out good luck !

 

[Deltadroid]

Alright , I just bought the tablet and was on 9 and even 10 , but I like Los 14.1 your work more.. so then can I add it to my MicroG collection ? Of course You stay King of the rom ,.

Sure, no problem.

 

[Concept48]

Sure, no problem.

Many Thanks , you just deserved a review ,.

 

[Deltadroid]

T813: lineage-14.1-20220610-NIGHTLY-gts210vewifi.zip
T713: lineage-14.1-20220610-NIGHTLY-gts28vewifi.zip

Security Patch Level: June 2022

Notes:

- Update ca-certifacates from Android 12.
- Fix many many ffmpeg bugs/cve.
- Randomize source ports on connect to prevent distinguishing between different users
behind a VPN based on distinct source port ranges, tracking users over time across multiple
networks, tracking what applications are running on a computer based on the pattern of how
fast source ports are getting incremented, and covert communication channels between
different browsers/browser profiles running on the same computer.
- Increase wifi stability with higher missed beacon count threshold.
- Convert secure network calls from MD5 to SipHash.

android

    dbf1488 (8 days ago) manifest: Track android12-release for system/ca-certificates (syphyr)

build

    853ebc61cd (3 days ago) Bump Security String to 2022-06-05 (syphyr)

device/samsung/msm8976-common

    c87c3de (3 days ago) msm8976-common: wifi: Increase beacon missed count threshold (syphyr)

external/bromite-webview

    6cde32b (5 days ago) Bromite System Webview 102.0.5005.92 (syphyr)
    1075523 (3 weeks ago) Bromite System Webview 101.0.4951.69 (syphyr)

external/dhcpcd-6.8.2

    b388690 (5 days ago) Really disable IPv6 RA processing in dhcpcd. (Pierre Imai)

external/dnscrypt-proxy

    45800b6 (3 days ago) Update blocked names, resolvers and configs (syphyr)
    8a1ca54 (8 days ago) Update blocked names and resolvers (syphyr)
    54d69f5 (2 weeks ago) Update blocked names and relays (syphyr)
    6fbc59d (3 weeks ago) Fix negative rtt, update blocked names and resolvers (syphyr)
    a56d907 (4 weeks ago) Add another tracker to allowed names (syphyr)
    2af09d7 (4 weeks ago) Update blocked names and resolvers (syphyr)
    3a9442f (4 weeks ago) Add tracker to allowed names (syphyr)
    d457ef3 (4 weeks ago) Update to golang 1.18.2, blocked names and resolvers (syphyr)

external/ffmpeg

    072954eeb0 (2 weeks ago) avformat: Fix max value of AV_OPT_TYPE_VIDEO_RATE (Michael Niedermayer)
    732f239249 (2 weeks ago) avformat/rmdec: Clear extradata when extradata_size is cleared (Michael Niedermayer)
    5ff16c561c (2 weeks ago) avformat/rmdec: Check remaining space in debug av_log() loop (Michael Niedermayer)
    5321af71f7 (2 weeks ago) avformat/rmdec: Initialize and sanity check offset in ivr_read_header() (Michael Niedermayer)
    f515bea6e3 (2 weeks ago) lavf/rmdec: Do not return EIO on EOF. (Carl Eugen Hoyos)
    a560f14c18 (2 weeks ago) rmdec: validate block alignment (Andreas Cadhalpun)
    a563791332 (2 weeks ago) avformat/mxfdec: Clear metadata_sets_count in mxf_read_close() (Michael Niedermayer)
    bb4da38a34 (2 weeks ago) avformat/aqtitledec: Fix memleak upon read header failure (Andreas Rheinhardt)
    99cbe54ae2 (2 weeks ago) avcodec/vqavideo: Set video size (Michael Niedermayer)
    28969993f2 (2 weeks ago) avcodec/g729dec: require buf_size to be non 0 (Michael Niedermayer)
    3f6b7f24f3 (2 weeks ago) avcodec/g729dec: Use 64bit and clip in scalar product (Michael Niedermayer)
    92e30cb0f8 (2 weeks ago) avcodec/alacdsp: Fix invalid shift in append_extra_bits() (Michael Niedermayer)
    1d03b61542 (2 weeks ago) avcodec/ac3enc: Fix invalid shift (Andreas Rheinhardt)
    d2839567a2 (2 weeks ago) avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going to be written (James Almer)
    bd22c20ff3 (2 weeks ago) avcodec/diracdec: avoid signed integer overflow in global mv (Michael Niedermayer)
    585293dd4c (2 weeks ago) avcodec/diracdec: Fix integer overflow in global_mv() (Michael Niedermayer)
    5ca1372417 (2 weeks ago) avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation (Michael Niedermayer)
    8082cd9917 (2 weeks ago) avcodec/takdsp: Fix integer overflow in decorrelate_sf() (Michael Niedermayer)
    d954053636 (2 weeks ago) avcodec/takdsp: Fix negative shift in decorrelate_sf() (Michael Niedermayer)
    506f7c353d (2 weeks ago) avformat/avidec: Check height (Michael Niedermayer)
    da4bbefddd (2 weeks ago) avformat/aiffdec: Check sample_rate (Michael Niedermayer)
    687770734f (2 weeks ago) avformat/aiffdec: Check size before subtraction in get_aiff_header() (Michael Niedermayer)
    2ee310d281 (2 weeks ago) aformat/movenc: add missing padding to output track extradata (James Almer)
    665c843444 (2 weeks ago) avcodec/ac3enc: Fix memleak (Andreas Rheinhardt)
    7f84c3480f (2 weeks ago) avfilter/vf_random: fix memory leaks (Paul B Mahol)
    7630d9d1d6 (2 weeks ago) fftools/ffmpeg_opt: Fix leak of options when parsing options fails (Andreas Rheinhardt)
    6cc642a96c (2 weeks ago) avfilter/vf_edgedetect: fix heap-buffer overflow (Paul B Mahol)
    2d83792a9f (2 weeks ago) avfilter/vf_w3fdif: deny processing small videos (Paul B Mahol)
    154b3c97a7 (2 weeks ago) avfilter/af_tremolo: fix heap-buffer overflow (Paul B Mahol)
    51bf76018f (2 weeks ago) avfilter/vf_edgedetect: check if height is big enough (Paul B Mahol)
    dccddadcd3 (2 weeks ago) avfilter/vf_fieldorder: fix heap-buffer overflow (Paul B Mahol)
    525f615fe3 (2 weeks ago) avfilter/vf_fieldmatch: fix heap-buffer overflow (Paul B Mahol)
    e12c6f2fee (2 weeks ago) avcodec/pngenc: remove monowhite from apng formats (Paul B Mahol)
    d64ce1dd76 (2 weeks ago) avfilter/vf_lenscorrection: make width/height int (Paul B Mahol)
    44e2484e69 (2 weeks ago) avcodec/apedec: fix a integer overflow in long_filter_high_3800() (Michael Niedermayer)
    35c8c99967 (2 weeks ago) avformat/aqtitledec: Skip unrepresentable durations (Michael Niedermayer)
    340e4fa322 (2 weeks ago) avformat/cafdec: Do not store empty keys in read_info_chunk() (Michael Niedermayer)
    338744b6bf (2 weeks ago) avformat/matroskadec: Check pre_ns (Michael Niedermayer)
    b84c7af8a8 (2 weeks ago) avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior (Michael Niedermayer)
    7253a121b3 (2 weeks ago) avformat/matroskadec: Use rounded down duration in get_cue_desc() check (Michael Niedermayer)
    afb24dc591 (2 weeks ago) avformat/rmdec: Better duplicate tags check (Michael Niedermayer)
    3a0f1ab6bd (3 weeks ago) avformat/mov: Disallow empty sidx (Michael Niedermayer)
    db20bf2855 (3 weeks ago) avformat/matroskadec: Check duration (Michael Niedermayer)
    9957d1bcb2 (3 weeks ago) avcodec/jpeglsdec: Fix if( code style (Michael Niedermayer)
    c3ab6f9426 (3 weeks ago) avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error (Michael Niedermayer)
    09c034f76d (3 weeks ago) avcodec/motion_est: fix indention of ff_get_best_fcode() (Michael Niedermayer)
    03d818aa8e (3 weeks ago) avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode() (Michael Niedermayer)
    e6952a6b19 (3 weeks ago) avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned (Michael Niedermayer)
    6c8ee1053f (3 weeks ago) avformat/matroskadec: Check desc_bytes (Michael Niedermayer)
    57d5ea5baf (3 weeks ago) avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value() (Michael Niedermayer)
    7678e2c6ad (3 weeks ago) avformat/matroskadec: Fix infinite loop with bz decompression (Michael Niedermayer)
    2e26b8c9ae (3 weeks ago) avformat/mov: Check size before subtraction (Michael Niedermayer)
    a7db9ce19d (3 weeks ago) avcodec/apedec: Fix integer overflows in predictor_update_3930() (Michael Niedermayer)
    0320f78a7b (3 weeks ago) avcodec/apedec: fix integer overflow in 8bit samples (Michael Niedermayer)
    e65c03ff5e (3 weeks ago) avformat/flvdec: timestamps cannot use the full int64 range (Michael Niedermayer)
    9b2e525896 (3 weeks ago) avcodec/vqavideo: reset accounting on error (Michael Niedermayer)
    aed7ae9c2a (3 weeks ago) avcodec/alacdsp: fix integer overflow in decorrelate_stereo() (Michael Niedermayer)
    8370bae9f4 (3 weeks ago) avformat/4xm: Check for duplicate track ids (Michael Niedermayer)
    6f20c44f89 (3 weeks ago) avformat/4xm: Consider max_streams on reallocating tracks array (Michael Niedermayer)
    a07b7d445c (3 weeks ago) avformat/mov: Check next offset in mov_read_dref() (Michael Niedermayer)
    5ac23018f4 (3 weeks ago) avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() (Michael Niedermayer)
    be041a9eba (3 weeks ago) avcodec/apedec: Change avg to uint32_t (Michael Niedermayer)
    cfd813cbcb (3 weeks ago) avformat/mov: Check for EOF in mov_read_glbl() (Michael Niedermayer)
    877bbb4a94 (3 weeks ago) avfilter/vf_lenscorrection: fix division by zero (Paul B Mahol)
    9406e561b3 (3 weeks ago) avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum() (Michael Niedermayer)
    5bbb980f1f (3 weeks ago) avformat/movenc: Fix segfault when remuxing rtp hint stream (Andreas Rheinhardt)
    89c76d8b21 (3 weeks ago) avformat/tty: add probe function (Paul B Mahol)
    14dae6b3b3 (3 weeks ago) avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE (Michael Niedermayer)
    6740ce3c84 (3 weeks ago) avcodec/ttadsp: Fix integer overflows in tta_filter_process_c() (Michael Niedermayer)

external/libnfc-nci

    67be0f7 (2 days ago) Double Free in ce_t4t_data_cback (Alisher Alikhodjaev)
    551ccd5 (3 days ago) OOBR in nfc_ncif_proc_ee_discover_req() (Alisher Alikhodjaev)
    93b651c (3 days ago) Out of Bounds Read in nfa_dm_check_set_config (Alisher Alikhodjaev)

frameworks/base

    3e5f0e5c8459 (15 minutes ago) DO NOT MERGE Add an OEM configurable limit for zen rules (Julia Reynolds)
    c6d34cf08246 (3 days ago) limit TelecomManager#registerPhoneAccount to 10; api doc update (Thomas Stuart)
    72f7d7e504f9 (3 days ago) RESTRICT AUTOMERGE Prevent non-admin users from deleting system apps. (Oli Lan)
    51cc5080993e (3 days ago) Update GeofenceHardwareRequestParcelable to match parcel/unparcel format. (David Christie)
    b09a9d8308f5 (3 days ago) Fix security hole in GateKeeperResponse (Ayush Sharma)
    a099f266c816 (7 days ago) Fixed a concurrent modification crash (Selim Cinek)

kernel/samsung/msm8976

    7117745ed507e (4 days ago) usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter)
    270102aecc922 (4 days ago) usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman)
    5cfc91135bb1f (4 days ago) usb: gadget: clear related members when goto fail (Hangyu Hua)
    5ea33042c172e (4 days ago) usb: gadget: don't release an existing dev->buf (Hangyu Hua)
    da0cc8e1f5839 (4 days ago) USB: gadgetfs: Fix a potential memory leak in 'dev_config()' (Christophe JAILLET)
    33e63f1f344b1 (10 days ago) tcp: resalt the secret every 10 seconds (Eric Dumazet)
    c1fac3385652b (11 days ago) secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau)
    e166e626c9845 (11 days ago) tcp: connect() from bound sockets can be faster (Eric Dumazet)
    f16f9a49132e1 (11 days ago) secure_seq: fix sparse errors (Eric Dumazet)
    05c7240e70024 (11 days ago) secure_seq: use SipHash in place of MD5 (Jason A. Donenfeld)
    95e0e4979da03 (11 days ago) net: switch net_secret key generation to net_get_random_once (Hannes Frederic Sowa)
    a238074f11533 (11 days ago) BACKPORT: tcp: change source port randomizarion at connect() time (Eric Dumazet)
    276cc1f78f544 (2 weeks ago) net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang)
    93a5fe73f08b7 (3 weeks ago) netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet)
    e6f9cae4e1cdb (3 weeks ago) netlink: reset network and mac headers in netlink_dump() (Eric Dumazet)
    bb78e3f84a655 (4 weeks ago) net: sched: prevent UAF on tc_ctl_tfilter when temporarily dropping rtnl_lock (Thadeu Lima de Souza Cascardo)
    9fb40ce4cb1e4 (4 weeks ago) net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet)
    6b41561876d3e (4 weeks ago) qcacld-2.0: Possible OOB read in process_fw_diag_event_data (abhinav kumar)
    04acbf77f3fc9 (4 weeks ago) Asoc: check for invalid voice session id (Lakshman Chaluvaraju)
    4648031b0b7fc (4 weeks ago) asoc: Add check to handle negative value passed for num_app_cfg_type (Harshal Ahire)
    67d101c021ea7 (4 weeks ago) asoc: add missing null check for pcm pointer of snd_pcm_volume (xsang)
    478cc452abde0 (4 weeks ago) asoc: add null check for pcm pointer of snd_pcm_volume (xsang)

packages/apps/Bluetooth

    9b161a5df (3 days ago) Removes app access to BluetoothAdapter#setDiscoverableTimeout by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)
    e92d6785f (3 days ago) Removes app access to BluetoothAdapter#setScanMode by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)

packages/apps/Contacts

    c7774bc8c (3 days ago) No longer export CallSubjectDialog (John Shao)

packages/apps/Dialer

    2f6726c8e (3 days ago) No longer export CallSubjectDialog (Tatsuaki Machida)

packages/apps/Nfc

    4d27cb3b (3 days ago) OOB read in phNciNfc_RecvMfResp() (Alisher Alikhodjaev)

packages/services/Telecomm

    de446cd1a (3 days ago) limit TelecomManager#registerPhoneAccount to 10 (Thomas Stuart)

system/ca-certificates

    1398a9b (8 days ago) Backport Android.mk from P (syphyr)

system/core

    ae76011a9 (3 days ago) Backport of Win-specific suppression of potentially rogue construct that can engage (Shaju Mathew)

 

[Concept48]

T813: lineage-14.1-20220610-NIGHTLY-gts210vewifi.zip
T713: lineage-14.1-20220610-NIGHTLY-gts28vewifi.zip

Security Patch Level: June 2022

Notes:

- Update ca-certifacates from Android 12.
- Fix many many ffmpeg bugs/cve.
- Randomize source ports on connect to prevent distinguishing between different users
behind a VPN based on distinct source port ranges, tracking users over time across multiple
networks, tracking what applications are running on a computer based on the pattern of how
fast source ports are getting incremented, and covert communication channels between
different browsers/browser profiles running on the same computer.
- Increase wifi stability with higher missed beacon count threshold.
- Convert secure network calls from MD5 to SipHash.

android

    dbf1488 (8 days ago) manifest: Track android12-release for system/ca-certificates (syphyr)

build

    853ebc61cd (3 days ago) Bump Security String to 2022-06-05 (syphyr)

device/samsung/msm8976-common

    c87c3de (3 days ago) msm8976-common: wifi: Increase beacon missed count threshold (syphyr)

external/bromite-webview

    6cde32b (5 days ago) Bromite System Webview 102.0.5005.92 (syphyr)
    1075523 (3 weeks ago) Bromite System Webview 101.0.4951.69 (syphyr)

external/dhcpcd-6.8.2

    b388690 (5 days ago) Really disable IPv6 RA processing in dhcpcd. (Pierre Imai)

external/dnscrypt-proxy

    45800b6 (3 days ago) Update blocked names, resolvers and configs (syphyr)
    8a1ca54 (8 days ago) Update blocked names and resolvers (syphyr)
    54d69f5 (2 weeks ago) Update blocked names and relays (syphyr)
    6fbc59d (3 weeks ago) Fix negative rtt, update blocked names and resolvers (syphyr)
    a56d907 (4 weeks ago) Add another tracker to allowed names (syphyr)
    2af09d7 (4 weeks ago) Update blocked names and resolvers (syphyr)
    3a9442f (4 weeks ago) Add tracker to allowed names (syphyr)
    d457ef3 (4 weeks ago) Update to golang 1.18.2, blocked names and resolvers (syphyr)

external/ffmpeg

    072954eeb0 (2 weeks ago) avformat: Fix max value of AV_OPT_TYPE_VIDEO_RATE (Michael Niedermayer)
    732f239249 (2 weeks ago) avformat/rmdec: Clear extradata when extradata_size is cleared (Michael Niedermayer)
    5ff16c561c (2 weeks ago) avformat/rmdec: Check remaining space in debug av_log() loop (Michael Niedermayer)
    5321af71f7 (2 weeks ago) avformat/rmdec: Initialize and sanity check offset in ivr_read_header() (Michael Niedermayer)
    f515bea6e3 (2 weeks ago) lavf/rmdec: Do not return EIO on EOF. (Carl Eugen Hoyos)
    a560f14c18 (2 weeks ago) rmdec: validate block alignment (Andreas Cadhalpun)
    a563791332 (2 weeks ago) avformat/mxfdec: Clear metadata_sets_count in mxf_read_close() (Michael Niedermayer)
    bb4da38a34 (2 weeks ago) avformat/aqtitledec: Fix memleak upon read header failure (Andreas Rheinhardt)
    99cbe54ae2 (2 weeks ago) avcodec/vqavideo: Set video size (Michael Niedermayer)
    28969993f2 (2 weeks ago) avcodec/g729dec: require buf_size to be non 0 (Michael Niedermayer)
    3f6b7f24f3 (2 weeks ago) avcodec/g729dec: Use 64bit and clip in scalar product (Michael Niedermayer)
    92e30cb0f8 (2 weeks ago) avcodec/alacdsp: Fix invalid shift in append_extra_bits() (Michael Niedermayer)
    1d03b61542 (2 weeks ago) avcodec/ac3enc: Fix invalid shift (Andreas Rheinhardt)
    d2839567a2 (2 weeks ago) avformat/nutenc: don't allocate a dynamic AVIOContext if no index is going to be written (James Almer)
    bd22c20ff3 (2 weeks ago) avcodec/diracdec: avoid signed integer overflow in global mv (Michael Niedermayer)
    585293dd4c (2 weeks ago) avcodec/diracdec: Fix integer overflow in global_mv() (Michael Niedermayer)
    5ca1372417 (2 weeks ago) avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation (Michael Niedermayer)
    8082cd9917 (2 weeks ago) avcodec/takdsp: Fix integer overflow in decorrelate_sf() (Michael Niedermayer)
    d954053636 (2 weeks ago) avcodec/takdsp: Fix negative shift in decorrelate_sf() (Michael Niedermayer)
    506f7c353d (2 weeks ago) avformat/avidec: Check height (Michael Niedermayer)
    da4bbefddd (2 weeks ago) avformat/aiffdec: Check sample_rate (Michael Niedermayer)
    687770734f (2 weeks ago) avformat/aiffdec: Check size before subtraction in get_aiff_header() (Michael Niedermayer)
    2ee310d281 (2 weeks ago) aformat/movenc: add missing padding to output track extradata (James Almer)
    665c843444 (2 weeks ago) avcodec/ac3enc: Fix memleak (Andreas Rheinhardt)
    7f84c3480f (2 weeks ago) avfilter/vf_random: fix memory leaks (Paul B Mahol)
    7630d9d1d6 (2 weeks ago) fftools/ffmpeg_opt: Fix leak of options when parsing options fails (Andreas Rheinhardt)
    6cc642a96c (2 weeks ago) avfilter/vf_edgedetect: fix heap-buffer overflow (Paul B Mahol)
    2d83792a9f (2 weeks ago) avfilter/vf_w3fdif: deny processing small videos (Paul B Mahol)
    154b3c97a7 (2 weeks ago) avfilter/af_tremolo: fix heap-buffer overflow (Paul B Mahol)
    51bf76018f (2 weeks ago) avfilter/vf_edgedetect: check if height is big enough (Paul B Mahol)
    dccddadcd3 (2 weeks ago) avfilter/vf_fieldorder: fix heap-buffer overflow (Paul B Mahol)
    525f615fe3 (2 weeks ago) avfilter/vf_fieldmatch: fix heap-buffer overflow (Paul B Mahol)
    e12c6f2fee (2 weeks ago) avcodec/pngenc: remove monowhite from apng formats (Paul B Mahol)
    d64ce1dd76 (2 weeks ago) avfilter/vf_lenscorrection: make width/height int (Paul B Mahol)
    44e2484e69 (2 weeks ago) avcodec/apedec: fix a integer overflow in long_filter_high_3800() (Michael Niedermayer)
    35c8c99967 (2 weeks ago) avformat/aqtitledec: Skip unrepresentable durations (Michael Niedermayer)
    340e4fa322 (2 weeks ago) avformat/cafdec: Do not store empty keys in read_info_chunk() (Michael Niedermayer)
    338744b6bf (2 weeks ago) avformat/matroskadec: Check pre_ns (Michael Niedermayer)
    b84c7af8a8 (2 weeks ago) avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior (Michael Niedermayer)
    7253a121b3 (2 weeks ago) avformat/matroskadec: Use rounded down duration in get_cue_desc() check (Michael Niedermayer)
    afb24dc591 (2 weeks ago) avformat/rmdec: Better duplicate tags check (Michael Niedermayer)
    3a0f1ab6bd (3 weeks ago) avformat/mov: Disallow empty sidx (Michael Niedermayer)
    db20bf2855 (3 weeks ago) avformat/matroskadec: Check duration (Michael Niedermayer)
    9957d1bcb2 (3 weeks ago) avcodec/jpeglsdec: Fix if( code style (Michael Niedermayer)
    c3ab6f9426 (3 weeks ago) avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error (Michael Niedermayer)
    09c034f76d (3 weeks ago) avcodec/motion_est: fix indention of ff_get_best_fcode() (Michael Niedermayer)
    03d818aa8e (3 weeks ago) avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode() (Michael Niedermayer)
    e6952a6b19 (3 weeks ago) avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned (Michael Niedermayer)
    6c8ee1053f (3 weeks ago) avformat/matroskadec: Check desc_bytes (Michael Niedermayer)
    57d5ea5baf (3 weeks ago) avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value() (Michael Niedermayer)
    7678e2c6ad (3 weeks ago) avformat/matroskadec: Fix infinite loop with bz decompression (Michael Niedermayer)
    2e26b8c9ae (3 weeks ago) avformat/mov: Check size before subtraction (Michael Niedermayer)
    a7db9ce19d (3 weeks ago) avcodec/apedec: Fix integer overflows in predictor_update_3930() (Michael Niedermayer)
    0320f78a7b (3 weeks ago) avcodec/apedec: fix integer overflow in 8bit samples (Michael Niedermayer)
    e65c03ff5e (3 weeks ago) avformat/flvdec: timestamps cannot use the full int64 range (Michael Niedermayer)
    9b2e525896 (3 weeks ago) avcodec/vqavideo: reset accounting on error (Michael Niedermayer)
    aed7ae9c2a (3 weeks ago) avcodec/alacdsp: fix integer overflow in decorrelate_stereo() (Michael Niedermayer)
    8370bae9f4 (3 weeks ago) avformat/4xm: Check for duplicate track ids (Michael Niedermayer)
    6f20c44f89 (3 weeks ago) avformat/4xm: Consider max_streams on reallocating tracks array (Michael Niedermayer)
    a07b7d445c (3 weeks ago) avformat/mov: Check next offset in mov_read_dref() (Michael Niedermayer)
    5ac23018f4 (3 weeks ago) avformat/mxfdec: Check for duplicate mxf_read_index_entry_array() (Michael Niedermayer)
    be041a9eba (3 weeks ago) avcodec/apedec: Change avg to uint32_t (Michael Niedermayer)
    cfd813cbcb (3 weeks ago) avformat/mov: Check for EOF in mov_read_glbl() (Michael Niedermayer)
    877bbb4a94 (3 weeks ago) avfilter/vf_lenscorrection: fix division by zero (Paul B Mahol)
    9406e561b3 (3 weeks ago) avcodec/g729dec: Avoid computing invalid temporary pointers for ff_acelp_weighted_vector_sum() (Michael Niedermayer)
    5bbb980f1f (3 weeks ago) avformat/movenc: Fix segfault when remuxing rtp hint stream (Andreas Rheinhardt)
    89c76d8b21 (3 weeks ago) avformat/tty: add probe function (Paul B Mahol)
    14dae6b3b3 (3 weeks ago) avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE (Michael Niedermayer)
    6740ce3c84 (3 weeks ago) avcodec/ttadsp: Fix integer overflows in tta_filter_process_c() (Michael Niedermayer)

external/libnfc-nci

    67be0f7 (2 days ago) Double Free in ce_t4t_data_cback (Alisher Alikhodjaev)
    551ccd5 (3 days ago) OOBR in nfc_ncif_proc_ee_discover_req() (Alisher Alikhodjaev)
    93b651c (3 days ago) Out of Bounds Read in nfa_dm_check_set_config (Alisher Alikhodjaev)

frameworks/base

    3e5f0e5c8459 (15 minutes ago) DO NOT MERGE Add an OEM configurable limit for zen rules (Julia Reynolds)
    c6d34cf08246 (3 days ago) limit TelecomManager#registerPhoneAccount to 10; api doc update (Thomas Stuart)
    72f7d7e504f9 (3 days ago) RESTRICT AUTOMERGE Prevent non-admin users from deleting system apps. (Oli Lan)
    51cc5080993e (3 days ago) Update GeofenceHardwareRequestParcelable to match parcel/unparcel format. (David Christie)
    b09a9d8308f5 (3 days ago) Fix security hole in GateKeeperResponse (Ayush Sharma)
    a099f266c816 (7 days ago) Fixed a concurrent modification crash (Selim Cinek)

kernel/samsung/msm8976

    7117745ed507e (4 days ago) usb: gadget: rndis: prevent integer overflow in rndis_set_response() (Dan Carpenter)
    270102aecc922 (4 days ago) usb: gadget: rndis: check size of RNDIS_MSG_SET command (Greg Kroah-Hartman)
    5cfc91135bb1f (4 days ago) usb: gadget: clear related members when goto fail (Hangyu Hua)
    5ea33042c172e (4 days ago) usb: gadget: don't release an existing dev->buf (Hangyu Hua)
    da0cc8e1f5839 (4 days ago) USB: gadgetfs: Fix a potential memory leak in 'dev_config()' (Christophe JAILLET)
    33e63f1f344b1 (10 days ago) tcp: resalt the secret every 10 seconds (Eric Dumazet)
    c1fac3385652b (11 days ago) secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau)
    e166e626c9845 (11 days ago) tcp: connect() from bound sockets can be faster (Eric Dumazet)
    f16f9a49132e1 (11 days ago) secure_seq: fix sparse errors (Eric Dumazet)
    05c7240e70024 (11 days ago) secure_seq: use SipHash in place of MD5 (Jason A. Donenfeld)
    95e0e4979da03 (11 days ago) net: switch net_secret key generation to net_get_random_once (Hannes Frederic Sowa)
    a238074f11533 (11 days ago) BACKPORT: tcp: change source port randomizarion at connect() time (Eric Dumazet)
    276cc1f78f544 (2 weeks ago) net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang)
    93a5fe73f08b7 (3 weeks ago) netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet)
    e6f9cae4e1cdb (3 weeks ago) netlink: reset network and mac headers in netlink_dump() (Eric Dumazet)
    bb78e3f84a655 (4 weeks ago) net: sched: prevent UAF on tc_ctl_tfilter when temporarily dropping rtnl_lock (Thadeu Lima de Souza Cascardo)
    9fb40ce4cb1e4 (4 weeks ago) net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet)
    6b41561876d3e (4 weeks ago) qcacld-2.0: Possible OOB read in process_fw_diag_event_data (abhinav kumar)
    04acbf77f3fc9 (4 weeks ago) Asoc: check for invalid voice session id (Lakshman Chaluvaraju)
    4648031b0b7fc (4 weeks ago) asoc: Add check to handle negative value passed for num_app_cfg_type (Harshal Ahire)
    67d101c021ea7 (4 weeks ago) asoc: add missing null check for pcm pointer of snd_pcm_volume (xsang)
    478cc452abde0 (4 weeks ago) asoc: add null check for pcm pointer of snd_pcm_volume (xsang)

packages/apps/Bluetooth

    9b161a5df (3 days ago) Removes app access to BluetoothAdapter#setDiscoverableTimeout by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)
    e92d6785f (3 days ago) Removes app access to BluetoothAdapter#setScanMode by requiring BLUETOOTH_PRIVILEGED permission. (Rahul Sabnis)

packages/apps/Contacts

    c7774bc8c (3 days ago) No longer export CallSubjectDialog (John Shao)

packages/apps/Dialer

    2f6726c8e (3 days ago) No longer export CallSubjectDialog (Tatsuaki Machida)

packages/apps/Nfc

    4d27cb3b (3 days ago) OOB read in phNciNfc_RecvMfResp() (Alisher Alikhodjaev)

packages/services/Telecomm

    de446cd1a (3 days ago) limit TelecomManager#registerPhoneAccount to 10 (Thomas Stuart)

system/ca-certificates

    1398a9b (8 days ago) Backport Android.mk from P (syphyr)

system/core

    ae76011a9 (3 days ago) Backport of Win-specific suppression of potentially rogue construct that can engage (Shaju Mathew)

Your da Man !!!!!