From 2f461f591c376486cd89434562131471c10fb1d2 Mon Sep 17 00:00:00 2001 From: Android Partner Docs Date: Mon, 7 May 2018 15:51:34 -0700 Subject: Docs: Changes to source.android.com - 195735838 Omit Nexus 6P build for now, this is a follow up of cr/19... by Android Partner Docs - 195718504 Tags for 2018/05 Security Release. by Android Partner Docs - 195700751 Update all tenant freezes to contain last_published_cl: 0. by Android Partner Docs - 195685647 Add last month's enhancements to News section on home by Clay Murphy - 195679418 Cloned from CL 194466703 by 'g4 patch'. by Clay Murphy - 195463680 Exclude 2017 Pixel bulletins from localization by Danielle Roberts - 195438214 Devsite localized content from translation request 0bd594... by Android Partner Docs - 195434804 Change from preview link to link that it resolved to. by Danielle Roberts - 195307570 Devsite localized content from translation request 315297... by Android Partner Docs - 195268816 Fix spelling: passthough -> passthrough. by Mark Hecomovich - 195268432 Devsite localized content from translation request 7a2fd8... by Android Partner Docs - 195198267 Update modular kernel requirements by Android Partner Docs - 195178304 Remove reference to ccache. by Android Partner Docs - 195178297 Remove ccache reference. by Android Partner Docs - 195151900 Minor documentation fixes by Android Partner Docs PiperOrigin-RevId: 195735838 Change-Id: I4ae193dea515f236487e1533741006cb34a2a2c2 --- en/_freeze.yaml | 3 +- en/_index.yaml | 35 +- en/devices/architecture/hidl/index.html | 2 +- .../architecture/kernel/modular-kernels.html | 6 - en/devices/input/touch-devices.html | 5 +- en/devices/tech/admin/enterprise-telephony.html | 2 +- en/security/_toc.yaml | 4 + en/security/bulletin/2018-04-01.html | 13 +- en/security/bulletin/2018-05-01.html | 604 ++++++++++++++++++++ en/security/bulletin/2018.html | 23 +- en/security/bulletin/_translation.yaml | 4 + en/security/bulletin/index.html | 23 +- en/security/bulletin/pixel/2018-05-01.html | 619 +++++++++++++++++++++ en/security/bulletin/pixel/2018.html | 23 +- en/security/bulletin/pixel/index.html | 25 +- en/security/overview/acknowledgements.html | 369 ++++++------ en/setup/build/initializing.html | 2 +- en/setup/build/requirements.html | 3 +- en/setup/start/build-numbers.html | 24 + 19 files changed, 1577 insertions(+), 212 deletions(-) create mode 100644 en/security/bulletin/2018-05-01.html create mode 100644 en/security/bulletin/pixel/2018-05-01.html (limited to 'en') diff --git a/en/_freeze.yaml b/en/_freeze.yaml index d9f62224..1d4ce6b9 100644 --- a/en/_freeze.yaml +++ b/en/_freeze.yaml @@ -1,2 +1,3 @@ # DevSite V2 is moving to production servers, but sites will not be published unless manually specified. -# This freeze file prevents uploading of content to the production servers in V2 to prevent accidents. \ No newline at end of file +# This freeze file prevents uploading of content to the production servers in V2 to prevent accidents. +last_published_cl: 0 \ No newline at end of file diff --git a/en/_index.yaml b/en/_index.yaml index 796a08ac..0ba2105f 100644 --- a/en/_index.yaml +++ b/en/_index.yaml @@ -69,28 +69,31 @@ landing_page: image_path: /images/android_stack.png - heading: News items: - - heading: April Security Bulletins + - heading: hikey960 Vendor Partition description: > - The April 2018 Android and Pixel/Nexus Security Bulletins have been - published to support the April security release. + HiKey960 documentation now includes the vendor partition. And CTS + Setup now notes the property ro.product.first_api_level + should be unset (removed) rather than set to 0. buttons: - - label: April 4th, 2018 - path: /security/bulletin/2018-04-01 - - heading: Android 2017 Year in Review + - label: April 11th, 2018 + path: /setup/build/devices + - heading: Bluetooth Low Energy description: > - The Android Security 2017 Year in Review covers everything that happened - in Android Security in 2017. + Implementation instructions have been published for Bluetooth Low + Energy. And Debian is now noted as used along with Ubuntu for testing + Android builds. buttons: - - label: March 15th, 2018 - path: /security/overview/reports - - heading: ART DEX bytecode improvements + - label: April 10th, 2018 + path: /devices/bluetooth/ble + - heading: ccache, Valgrind, and Jack No More description: > - Android runtime (ART) now includes bytecode documentation for - const-method-handle and const-method-type, as - well as updates to invoke-polymorphic. + Android engineering is now recommending against use of ccache. + Similarly, use AddressSanitizer over Valgrind and avoid the Jack + toolchain as Android has added support for Java 8 language features + directly into the current javac and dx set of tools. buttons: - - label: January 19th, 2018 - path: /devices/tech/dalvik/dalvik-bytecode + - label: April 5th, 2018 + path: /devices/tech/debug/asan - classname: devsite-landing-row-100 tf-row-centered items: - buttons: diff --git a/en/devices/architecture/hidl/index.html b/en/devices/architecture/hidl/index.html index 2ff78a12..5790b78c 100644 --- a/en/devices/architecture/hidl/index.html +++ b/en/devices/architecture/hidl/index.html @@ -31,7 +31,7 @@ between codebases that may be compiled independently.

HIDL is intended to be used for inter-process communication (IPC). Communication between processes is referred to as Binderized. For -libraries that must be linked to a process, a passthough +libraries that must be linked to a process, a passthrough mode is also available (not supported in Java).

HIDL specifies data structures and method signatures, organized in interfaces diff --git a/en/devices/architecture/kernel/modular-kernels.html b/en/devices/architecture/kernel/modular-kernels.html index 70debebe..fd1d8706 100644 --- a/en/devices/architecture/kernel/modular-kernels.html +++ b/en/devices/architecture/kernel/modular-kernels.html @@ -331,9 +331,6 @@ CUSTOM_IMAGE_VERITY_BLOCK_DEVICE := /dev/block/…./by-name/odm fstab file fragments. For example, when specifying an entry to mount /vendor in the device tree, the fstab file must not repeat that entry. -

  • Only /system, /odm, or /vendor can be -mounted early. Android does not include support to mount any other partitions in -init first stage.
  • Partitions requiring verifyatboot must not be early mounted (doing so is unsupported).
  • The verity mode/state for verified partitions must be specified in kernel @@ -457,9 +454,6 @@ for AVB.
    • fstab file fragments. For example, if you specify an entry to mount /vendor in the device tree, the fstab file must not repeat that entry. -
  • Only /system, /odm, or /vendor can be -mounted early. Android does not include support to mount any other partitions in -init first stage.
  • VBoot 2.0 does not support verifyatboot, regardless of whether early mount is enabled or not.
  • The verity mode/state for verified partitions must be specified in kernel diff --git a/en/devices/input/touch-devices.html b/en/devices/input/touch-devices.html index 8cbcc66b..e3126ed8 100644 --- a/en/devices/input/touch-devices.html +++ b/en/devices/input/touch-devices.html @@ -226,7 +226,8 @@ and MotionEvent.ACTION_HOVER_EXIT.

    detect the capabilities of the device.

    For example, if the device reports the BTN_TOUCH key code, the system will assume that BTN_TOUCH will always be used to indicate whether the tool is -actually touching the screen or is merely in range and hovering.

    + actually touching the screen. Therefore, BTN_TOUCH should not be used to indicate + that the tool is merely in the range and hovering.

  • Single-touch devices use the following Linux input events:

    @@ -564,7 +565,7 @@ the characteristics of touches using device-specific units.

    For example, many touch devices measure the touch contact area using an internal device-specific scale, such as the total number of sensor nodes that were triggered by the touch. This raw size value would -not be meaningful applications because they would need to know about the +not be meaningful to applications because they would need to know about the physical size and other characteristics of the touch device sensor nodes.

    The system uses calibration parameters encoded in input device configuration files to decode, transform, and normalize the values reported by the touch diff --git a/en/devices/tech/admin/enterprise-telephony.html b/en/devices/tech/admin/enterprise-telephony.html index aee11f3a..95d73bd0 100644 --- a/en/devices/tech/admin/enterprise-telephony.html +++ b/en/devices/tech/admin/enterprise-telephony.html @@ -77,7 +77,7 @@ for contacts in their Dialer Contacts and SMS/MMS Messaging apps.

    Cross profile contact search should be implemented using the Enterprise Contacts API (ContactsContract.Contacts.ENTERPRISE_CONTENT_FILTER_URI etc.), which can be found in the EMM developer's overview +href="https://developers.google.com/android/work/overview#contacts">EMM developer's overview on the Android EMM Developers site.

    diff --git a/en/security/_toc.yaml b/en/security/_toc.yaml index ae1f236f..e125d205 100644 --- a/en/security/_toc.yaml +++ b/en/security/_toc.yaml @@ -47,6 +47,8 @@ toc: section: - title: 2018 Bulletins section: + - title: May + path: /security/bulletin/2018-05-01 - title: April path: /security/bulletin/2018-04-01 - title: March @@ -133,6 +135,8 @@ toc: path: /security/bulletin/pixel/index - title: 2018 Bulletins section: + - title: May + path: /security/bulletin/pixel/2018-05-01 - title: April path: /security/bulletin/pixel/2018-04-01 - title: March diff --git a/en/security/bulletin/2018-04-01.html b/en/security/bulletin/2018-04-01.html index 21bb5aa5..567a352d 100644 --- a/en/security/bulletin/2018-04-01.html +++ b/en/security/bulletin/2018-04-01.html @@ -384,13 +384,6 @@ process.

    High NFC driver - - CVE-2017-5754 - A-69856074* - ID - High - Memory mapping - CVE-2017-16534 A-69052594
    @@ -2696,5 +2689,11 @@ security bulletins. April 4, 2018 Bulletin revised to include AOSP links. + + 1.2 + May 1, 2018 + Bulletin revised to remove CVE-2017-5754 from the Kernel Components section. It now appears + in the May 2018 bulletin. + diff --git a/en/security/bulletin/2018-05-01.html b/en/security/bulletin/2018-05-01.html new file mode 100644 index 00000000..bc45a35b --- /dev/null +++ b/en/security/bulletin/2018-05-01.html @@ -0,0 +1,604 @@ + + + Android Security Bulletin—May 2018 + + + + + + +

    Published May 7, 2018

    + +

    +The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Security patch levels of 2018-05-05 or later address +all of these issues. To learn how to check a device's security patch level, see +Check & update +your Android version. +

    +

    +Android partners are notified of all issues at least a month before publication. +Source code patches for these issues will be released to the Android Open Source +Project (AOSP) repository in the next 48 hours. We will revise this bulletin with +the AOSP links when they are available. +

    +

    +The most severe of these issues is a critical security vulnerability in Media +framework that could enable a remote attacker using a specially crafted file to +execute arbitrary code within the context of a privileged process. The +severity +assessment is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are turned off for development purposes or if successfully bypassed. +

    +

    +We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the Android and Google Play +Protect mitigations section for details on the +Android security platform protections +and Google Play Protect, which improve the security of the Android platform. +

    +

    +Note: Information on the latest over-the-air update (OTA) and +firmware images for Google devices is available in the +May +2018 Pixel / Nexus Security Bulletin. +

    + + +

    Android and Google service mitigations

    + +

    +This is a summary of the mitigations provided by the +Android security platform +and service protections such as +Google Play Protect. +These capabilities reduce the likelihood that security vulnerabilities +could be successfully exploited on Android. +

    +
      +
    • Exploitation for many issues on Android is made more difficult by +enhancements in newer versions of the Android platform. We encourage all users +to update to the latest version of Android where possible.
      • +
    • The Android security team actively monitors for abuse through +Google Play Protect +and warns users about +Potentially +Harmful Applications. Google Play Protect is enabled by default on devices +with Google Mobile Services, and is +especially important for users who install apps from outside of Google +Play.
      • +
    + +

    2018-05-01 security patch level vulnerability details

    + +

    +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2018-05-01 patch level. Vulnerabilities are +grouped under the component that they affect. There is a description of the +issue and a table with the CVE, associated references, +type of vulnerability, +severity, +and updated AOSP versions (where applicable). When available, we link the public +change that addressed the issue to the bug ID, like the AOSP change list. When +multiple changes relate to a single bug, additional references are linked to +numbers following the bug ID. +

    + +

    Android runtime

    +

    The most severe vulnerability in this section could enable a remote attacker +to access data normally accessible only to locally installed applications with +permissions.

    + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2017-13309A-73251618IDHigh8.1
    + + +

    Framework

    +

    The most severe vulnerability in this section could enable a local malicious +application to bypass user interaction requirements in order to gain access to +additional permissions.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2017-13310A-71992105EoPHigh6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
    CVE-2017-13311A-73252178EoPHigh7.0, 7.1.1, 7.1.2, 8.0, 8.1
    + + +

    Media framework

    +

    The most severe vulnerability in this section could enable a local malicious +application to bypass user interaction requirements in order to gain access to +additional permissions.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2017-13312A-73085795EoPHigh8.0
    CVE-2017-13313A-74114680DoSHigh6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
    + + +

    System

    +

    The most severe vulnerability in this section could enable a local malicious +application to bypass user interaction requirements in order to gain access to +additional permissions.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2017-13314A-63000005EoPHigh7.0, 7.1.1, 7.1.2, 8.0, 8.1
    CVE-2017-13315A-70721937EoPHigh6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
    + + +

    2018-05-05 security patch level vulnerability details

    + +

    +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2018-05-05 patch level. Vulnerabilities are +grouped under the component that they affect and include details such as the +CVE, associated references, type of vulnerability, +severity, +component (where applicable), and updated AOSP versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +

    + +

    Kernel components

    +

    The most severe vulnerability in this section could enable a local malicious +application to bypass operating system protections that isolate application +data from other applications.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityComponent
    CVE-2017-16643A-69916367
    + +Upstream kernel    		IDHighUSB driver
    CVE-2017-5754A-69856074*IDHighMemory mapping
    + + +

    NVIDIA components

    +

    The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of the TEE.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityComponent
    CVE-2017-6289A-72830049*EoPCriticalTEE
    CVE-2017-5715A-71686116*IDHighTLK
    CVE-2017-6293A-69377364*EoPHighNVIDIA Tegra X1 TZ
    + + +

    Qualcomm components

    +

    The most severe vulnerability in this section could enable a proximate +attacker using a specially crafted file to execute arbitrary code within the +context of a privileged process.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityComponent
    CVE-2018-3580A-72957507
    + +QC-CR#2149187    		RCECriticalWLAN
    CVE-2018-5841A-72957293
    + +QC-CR#2073502    		EoPHighDCC
    CVE-2018-5850A-72957135
    + +QC-CR#2141458    		EoPHighWLAN
    CVE-2018-5846A-71501683
    + +QC-CR#2120063    		EoPHighRadio internet packet accelerator
    CVE-2018-5845A-71501680
    + +QC-CR#2119081    		EoPHighGPU
    CVE-2018-5840A-71501678
    + +QC-CR#2052024    		EoPHighGPU
    CVE-2017-18154A-62872238*
    + QC-CR#2109325    		EoPHighLibgralloc
    CVE-2018-3578A-72956999
    + +QC-CR#2145573    		EoPHighWLAN
    CVE-2018-3565A-72957234
    + +QC-CR#2138555    		EoPHighWLAN
    CVE-2017-13077A-77481464*EoPHighWLAN
    CVE-2018-3562A-72957526
    + QC-CR#2147955 + [2]    		DoSHighWLAN
    + +

    Common questions and answers

    +

    +This section answers common questions that may occur after reading this +bulletin.

    + +

    1. How do I determine if my device is updated to address these issues? +

    +

    To learn how to check a device's security patch level, see +Check +and update your Android version.

    +
      +
    • Security patch levels of 2018-05-01 or later address all issues associated +with the 2018-05-01 security patch level.
      • +
    • Security patch levels of 2018-05-05 or later address all issues associated +with the 2018-05-05 security patch level and all previous patch levels.
      • +
    +

    +Device manufacturers that include these updates should set the patch string +level to: +

    +
      +
    • [ro.build.version.security_patch]:[2018-05-01]
      • +
    • [ro.build.version.security_patch]:[2018-05-05]
      • +
    +

    +2. Why does this bulletin have two security patch levels? +

    +

    +This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level. +

    +
      +
    • Devices that use the 2018-05-01 security patch level must include all issues +associated with that security patch level, as well as fixes for all issues +reported in previous security bulletins.
      • +
    • Devices that use the security patch level of 2018-05-05 or newer must +include all applicable patches in this (and previous) security +bulletins.
      • +
    +

    +Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update. +

    +

    +3. What do the entries in the Type column mean? +

    +

    +Entries in the Type column of the vulnerability details table reference +the classification of the security vulnerability. +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    AbbreviationDefinition
    RCERemote code execution
    EoPElevation of privilege
    IDInformation disclosure
    DoSDenial of service
    N/AClassification not available
    +

    +4. What do the entries in the References column mean? +

    +

    +Entries under the References column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    PrefixReference
    A-Android bug ID
    QC-Qualcomm reference number
    M-MediaTek reference number
    N-NVIDIA reference number
    B-Broadcom reference number
    +

    +5. What does a * next to the Android bug ID in the References +column mean? +

    +

    +Issues that are not publicly available have a * next to the Android bug ID in +the References column. The update for that issue is generally contained +in the latest binary drivers for Nexus devices available from the Google Developer +site. +

    +

    +6. Why are security vulnerabilities split between this bulletin and +device/partner security bulletins, such as the Pixel / Nexus bulletin? +

    +

    +Security vulnerabilities that are documented in this security bulletin are +required in order to declare the latest security patch level on Android devices. +Additional security vulnerabilities that are documented in the +device / partner security bulletins are not required for declaring +a security patch level. Android device and chipset manufacturers are encouraged +to document the presence of other fixes on their devices through their own security +websites, such as the +Samsung, +LGE, or +Pixel / Nexus +security bulletins. +

    +

    Versions

    + + + + + + + + + + + + + + +
    VersionDateNotes
    1.0May 7, 2018Bulletin published.
    + + diff --git a/en/security/bulletin/2018.html b/en/security/bulletin/2018.html index 58c206cc..ec4bfbad 100644 --- a/en/security/bulletin/2018.html +++ b/en/security/bulletin/2018.html @@ -36,6 +36,22 @@ of all bulletins, see the Android Securi Published date Security patch level + + May 2018 + Coming soon + + + May 7, 2018 + 2018-05-01
    + 2018-05-05 + April 2018 Coming soon @@ -49,19 +65,18 @@ of all bulletins, see the Android Securi --> April 2, 2018 - 2018-04-05 + 2018-04-01
    + 2018-04-05     March 2018 - Coming soon - March 2018 2018-03-01
    diff --git a/en/security/bulletin/_translation.yaml b/en/security/bulletin/_translation.yaml index af2c6b7f..37f58a17 100644 --- a/en/security/bulletin/_translation.yaml +++ b/en/security/bulletin/_translation.yaml @@ -31,6 +31,10 @@ ignore_paths: - /security/bulletin/2015-10-01 - /security/bulletin/2015-09-01 - /security/bulletin/2015-08-01 +- /security/bulletin/pixel/2017 +- /security/bulletin/pixel/2017-12-01 +- /security/bulletin/pixel/2017-11-01 +- /security/bulletin/pixel/2017-10-01 enable_continuous_translation: True title: Android Security Bulletins description: Translations for Android Security Bulletins diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html index b4bac017..7761d8fd 100644 --- a/en/security/bulletin/index.html +++ b/en/security/bulletin/index.html @@ -67,6 +67,22 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi Published date Security patch level + + May 2018 + Coming soon + + + May 7, 2018 + 2018-05-01
    + 2018-05-05 + April 2018 Coming soon @@ -80,19 +96,18 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi --> April 2, 2018 - 2018-04-05 + 2018-04-01
    + 2018-04-05 March 2018 - Coming soon - March 5, 2018 2018-03-01
    diff --git a/en/security/bulletin/pixel/2018-05-01.html b/en/security/bulletin/pixel/2018-05-01.html new file mode 100644 index 00000000..2532c0af --- /dev/null +++ b/en/security/bulletin/pixel/2018-05-01.html @@ -0,0 +1,619 @@ + + + Pixel / Nexus Security Bulletin—May 2018 + + + + + + +

    Published May 7, 2018

    + +

    +The Pixel / Nexus Security Bulletin contains details of security +vulnerabilities and functional improvements affecting +supported +Google Pixel and Nexus devices (Google devices). +For Google devices, security patch levels of 2018-05-05 or later address all +issues in this bulletin and all issues in the May 2018 Android Security +Bulletin. To learn how to check a device's security patch level, see +Check & update your +Android version. +

    +

    +All supported Google devices will receive an update to the 2018-05-05 patch +level. We encourage all customers to accept these updates to their devices. +

    +

    +Note: The Google device firmware images are available on the +Google Developer +site. +

    +

    Announcements

    +

    In addition to the security vulnerabilities described in the May 2018 +Android Security Bulletin, Pixel and Nexus devices also contain patches for the +security vulnerabilities described below. Partners were notified of these issues +at least a month ago and may choose to incorporate them as part of their device +updates.

    +

    Security patches

    +

    +Vulnerabilities are grouped under the component that they affect. There is a +description of the issue and a table with the CVE, associated references, +type of vulnerability, +severity, +and updated Android Open Source Project (AOSP) versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +

    + +

    Framework

    + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2017-13316A-73311729IDModerate6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
    + +

    Media framework

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2017-13317A-73172046IDModerate8.1
    CVE-2017-13318A-73782357IDModerate8.1
    CVE-2017-13319A-71868329IDModerate7.0, 7.1.1, 7.1.2, 8.0, 8.1
    DoSHigh6.0, 6.0.1
    CVE-2017-13320A-72764648IDModerate7.0, 7.1.1, 7.1.2, 8.0, 8.1
    DoSHigh6.0, 6.0.1
    + +

    System

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2017-13323A-73826242EoPModerate6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
    CVE-2017-13321A-70986337IDModerate8.0, 8.1
    CVE-2017-13322A-67862398DoSModerate6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
    + +

    Kernel components

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityComponent
    CVE-2018-5344A-72867809
    + +Upstream kernel    		EoPModerateBlock driver
    CVE-2017-15129A-72961054
    + +Upstream kernel    		EoPModerateNetwork namespace
    + +

    NVIDIA components

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityComponent
    CVE-2018-6254A-64340684*IDModerateMedia server
    CVE-2018-6246A-69383916*IDModerateWidevine trustlet
    + + +

    Qualcomm components

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CVEReferencesTypeSeverityComponent
    CVE-2018-5849A-72957611
    + +QC-CR#2131811    		EoPModerateQTEECOM
    CVE-2018-5851A-72957505
    + QC-CR#2146869 +[2]    		EoPModerateWLAN
    CVE-2018-5842A-72957257
    + QC-CR#2113219 +[2]    		EoPModerateWLAN
    CVE-2018-5848A-72957178
    + +QC-CR#2126062    		EoPModerateWIGIG
    CVE-2018-5853A-71714212*
    + QC-CR#2178082
    + QC-CR#2043277    		EoPModerateNetworking subsystem
    CVE-2018-5843A-71501685
    + +QC-CR#2113385    		EoPModerateModem driver
    CVE-2018-5844A-71501682
    + +QC-CR#2118860    		EoPModerateVideo device
    CVE-2018-5847A-71501681
    + +QC-CR#2120955    		EoPModerateSnapdragon display engine
    CVE-2018-3582A-72956801
    + +QC-CR#2149531    		EoPModerateWLAN
    CVE-2018-3581A-72957725
    + QC-CR#2150359 + [2]    		EoPModerateWLAN
    CVE-2018-3576A-72957337
    + +QC-CR#2128512    		EoPModerateWLAN
    CVE-2018-3572A-72957724
    + QC-CR#2145996 + [2]    		EoPModerateAudio
    CVE-2018-3571A-72957527
    + +QC-CR#2132332    		EoPModerateKgsl
    CVE-2017-18153A-35470735*
    + QC-CR#2021363    		EoPModerateQcacld-2.0
    CVE-2017-18070A-72441280
    + +QC-CR#2114348    		EoPModerateWLAN
    CVE-2017-15857A-65122765*
    + QC-CR#2111672
    + QC-CR#2152401
    + QC-CR#2152399
    + QC-CR#2153841    		EoPModerateCamera
    CVE-2017-15854A-71501688
    + +QC-CR#2114396    		EoPModerateWLAN
    CVE-2017-15843A-72956941
    + QC-CR#2032076 +[2]    		EoPModerateFloor_vote driver
    CVE-2017-15842A-72957040
    + QC-CR#2123291 + [2]    		EoPModerateQdsp6v2
    CVE-2017-15832A-70237689
    + +QC-CR#2114756    		EoPModerateWLAN
    CVE-2018-5852A-70242505*
    + QC-CR#2169379    		IDModerateIpa driver
    CVE-2018-3579A-72957564
    + +QC-CR#2149720    		IDModerateWLAN
    + +

    Functional patches

    +

    +These updates are included for affected Pixel devices to address functionality +issues not related to the security of Pixel devices. The table includes +associated references; the affected category, such as Bluetooth or mobile data; +and a summary of the issue. +

    + + + + + + + + + + + + + + + + + + + +
    ReferencesCategoryImprovementsDevices
    A-68840121PerformanceImprove Multitouch DetectionAll
    A-72851087PowerAdjust Pixel XL charging behaviorPixel XL
    + +

    Common questions and answers

    +

    +This section answers common questions that may occur after reading this +bulletin. +

    +

    +1. How do I determine if my device is updated to address these issues? + +

    +

    +Security patch levels of 2018-05-05 or later address all issues associated with +the 2018-05-05 security patch level and all previous patch levels. To learn how +to check a device's security patch level, read the instructions on the Pixel +and Nexus update schedule. +

    +

    +2. What do the entries in the Type column mean? +

    +

    +Entries in the Type column of the vulnerability details table reference +the classification of the security vulnerability. +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    AbbreviationDefinition
    RCERemote code execution
    EoPElevation of privilege
    IDInformation disclosure
    DoSDenial of service
    N/AClassification not available
    +

    +3. What do the entries in the References column mean? +

    +

    +Entries under the References column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    PrefixReference
    A-Android bug ID
    QC-Qualcomm reference number
    M-MediaTek reference number
    N-NVIDIA reference number
    B-Broadcom reference number
    +

    +4. What does a * next to the Android bug ID in the References +column mean? +

    +

    +Issues that are not publicly available have a * next to the Android bug ID in +the References column. The update for that issue is generally contained +in the latest binary drivers for Nexus devices available from the +Google Developer site. +

    +

    +5. Why are security vulnerabilities split between this bulletin and the +Android Security Bulletins? +

    +

    +Security vulnerabilities that are documented in the Android Security Bulletins +are required in order to declare the latest security patch level on Android +devices. Additional security vulnerabilities, such as those documented in this +bulletin are not required for declaring a security patch level. +

    +

    Versions

    + + + + + + + + + + + + + + +
    VersionDateNotes
    1.0May 7, 2018Bulletin published.
    + + + diff --git a/en/security/bulletin/pixel/2018.html b/en/security/bulletin/pixel/2018.html index f4a08522..a2597f50 100644 --- a/en/security/bulletin/pixel/2018.html +++ b/en/security/bulletin/pixel/2018.html @@ -38,6 +38,21 @@ Bulletins homepage.

    Published date Security patch level + + May 2018 + Coming soon + + + May 7, 2018 + 2018-05-05 + April 2018 Coming soon @@ -50,20 +65,20 @@ Bulletins homepage.

    中文 (台灣) --> - April 2018 + April 2, 2018 2018-04-05 March 2018 - Coming soon - + 中文 (台灣) March 2018 2018-03-05 diff --git a/en/security/bulletin/pixel/index.html b/en/security/bulletin/pixel/index.html index 95f1eafd..73e6d0f7 100644 --- a/en/security/bulletin/pixel/index.html +++ b/en/security/bulletin/pixel/index.html @@ -24,7 +24,7 @@

    This page contains the available Pixel / Nexus monthly bulletins. These bulletins supplement the -Android Security Bulletins with +Android Security Bulletins with additional security patches and functional improvements on Pixel and Nexus devices. These bulletins apply to supported Pixel and @@ -58,6 +58,21 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release Published date Security patch level + + May 2018 + Coming soon + + + May 7, 2018 + 2018-05-05 + April 2018 Coming soon @@ -70,20 +85,20 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release 中文 (台灣) --> - April 2018 + April 2, 2018 2018-04-05 March 2018 - Coming soon - + 中文 (台灣) March 5, 2018 2018-03-05 diff --git a/en/security/overview/acknowledgements.html b/en/security/overview/acknowledgements.html index bd66f9dc..e621c0a9 100644 --- a/en/security/overview/acknowledgements.html +++ b/en/security/overview/acknowledgements.html @@ -37,6 +37,59 @@ Rewards program.

    In 2018, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.

    +

    May

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ResearchersCVEs
    Corinna VinschenCVE-2018-5853
    derrek (@derrekr6)CVE-2017-6293, CVE-2018-6246
    Gengjia Chen (@chengjia4574) and + pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd.CVE-2017-18153
    Hanxiang Wen and Mingjian Zhou (周明建) + (@Mingjian_Zhou) of + C0RE TeamCVE-2017-18154
    Hongli Han (@HexB1n) and Mingjian Zhou (周明建) + (@Mingjian_Zhou) of + C0RE TeamCVE-2018-6254
    Joshua Steiner of Introne AppsCVE-2017-13322
    Michał BednarskiCVE-2017-13310, CVE-2017-13311
    Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室)CVE-2017-15857, CVE-2018-5852
    Zinuo Han of Chengdu Security Response Center, + Qihoo 360 Technology Co. LtdCVE-2017-13321, CVE-2017-13315, CVE-2017-13318, CVE-2017-13323, CVE-2017-13312, + CVE-2017-13319, CVE-2017-13317
    +

    April

    @@ -81,7 +134,7 @@ acknowledgements were listed together.

    - Dinesh Venkatesan (@malwareresearch) of + Dinesh Venkatesan (@malwareresearch) of Symantec CVE-2017-13295 @@ -94,14 +147,14 @@ acknowledgements were listed together.

    - En He (@heeeeen4x) and Bo Liu of + En He (@heeeeen4x) and Bo Liu of MS509Team CVE-2017-13294 - Eric Leong (@ericwleong) + Eric Leong (@ericwleong) CVE-2017-13301 @@ -113,26 +166,26 @@ acknowledgements were listed together.

    - Haosheng Wang (@gnehsoah) + Haosheng Wang (@gnehsoah) CVE-2017-13280 - Jean-Baptiste Cayrou (@jbcayrou) + Jean-Baptiste Cayrou (@jbcayrou) CVE-2017-13284 - Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha + Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd CVE-2017-13291, CVE-2017-13283, CVE-2017-13282, CVE-2017-13281, CVE-2017-13267 - Patrick Delvenne (@wintzx) of Orange Labs + Patrick Delvenne (@wintzx) of Orange Labs CVE-2018-3584 @@ -156,7 +209,7 @@ acknowledgements were listed together.

    - Weichao Sun of Alibaba Inc (@sunblate) + Weichao Sun of Alibaba Inc (@sunblate) CVE-2017-13277 @@ -169,7 +222,7 @@ acknowledgements were listed together.

    - Yonggang Guo (@guoygang) of IceSword Lab, + Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd CVE-2017-8269, CVE-2017-13307, CVE-2018-5826 @@ -222,7 +275,7 @@ Zhou (周明建) CVE-2018-3560 - Jianjun Dai (@Jioun_dai) and + Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2017-13266, CVE-2017-13256, CVE-2017-13255 @@ -231,16 +284,16 @@ Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2017-13258 - Hongli Han (@hexb1n), Hongli Han (@hexb1n), Dacheng Shao, and Mingjian Zhou -(周明建) (@Mingjian_Zhou) of @Mingjian_Zhou) of C0RE Team CVE-2017-6287 - Hongli Han (@HexB1n) and + Hongli Han (@HexB1n) and Mingjian Zhou (周明建)(@Mingjian_Zhou) of @Mingjian_Zhou) of C0RE Team CVE-2017-6286, CVE-2017-6285, CVE-2017-6281 @@ -256,7 +309,7 @@ CVE-2017-15814 Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team +href="https://twitter.com/tamir_zb">@tamir_zb) of Zimperium zLabs Team CVE-2017-13253 @@ -264,7 +317,7 @@ href="https://twitter.com/tamir_zb">@tamir_zb) of Zimperium zLabs Team CVE-2017-13249, CVE-2017-13248, CVE-2017-13264 - Wish Wu (@wish_wu Wish Wu (@wish_wu 吴潍浠 此彼) of Ant-financial Light-Year Security Lab CVE-2017-13259, CVE-2017-13272 @@ -274,7 +327,7 @@ Security Lab CVE-2017-13257, CVE-2017-13268 - Yonggang Guo (@guoygang) of + Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2017-13271 @@ -300,8 +353,8 @@ Response Center of Qihoo 360 Technology Co. Ltd. Aaron Willey, autoprime (@utoprime), and Tyler Montgomery -(@tylerfixer) of Team Codefire +href="https://twitter.com/utoprime?lang=en">@utoprime), and Tyler Montgomery +(@tylerfixer) of Team Codefire CVE-2017-13238 @@ -320,7 +373,7 @@ Alpha Team, Qihoo 360 Technology Co. Ltd. - En He (@heeeeen4x) and Bo Liu + En He (@heeeeen4x) and Bo Liu of MS509Team CVE-2017-13242 @@ -339,17 +392,17 @@ of MS509Team - Hongli Han (@HexB1n), Hongli Han (@HexB1n), Dacheng Shao and Mingjian Zhou (@Mingjian_Zhou) of @Mingjian_Zhou) of C0RE Team CVE-2017-6258 - Hongli Han (@HexB1n), Mingjian -Zhou (@Mingjian_Zhou) of Hongli Han (@HexB1n), Mingjian +Zhou (@Mingjian_Zhou) of C0RE Team CVE-2017-17767, CVE-2017-6279 @@ -357,7 +410,7 @@ href="http://c0reteam.org">C0RE Team Mingjian Zhou (周明建) (@Mingjian_Zhou) of @Mingjian_Zhou) of C0RE Team CVE-2017-13241, CVE-2017-13231 @@ -371,7 +424,7 @@ href="http://c0reteam.org">C0RE Team Niky1235 (@jiych_guru) +href="https://twitter.com/jiych_guru">@jiych_guru) CVE-2017-13230, CVE-2017-13234 @@ -384,7 +437,7 @@ href="https://twitter.com/jiych_guru">@jiych_guru) Qidan He (@flanker_hqd) of PDD Security +href="https://twitter.com/flanker_hqd?lang=en">@flanker_hqd) of PDD Security Team CVE-2017-13246 @@ -397,7 +450,7 @@ Team - Yonggang Guo (@guoygang) of + Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2017-13273 @@ -439,12 +492,12 @@ href="https://labs.mwrinfosecurity.com/">MWR Labs CVE-2017-13212 - Andy Tyler (@ticarpi) of Andy Tyler (@ticarpi) of e2e-assure CVE-2017-0846 - Baozeng Ding (@sploving), + Baozeng Ding (@sploving), Chengming Yang, and Yang Song of Pandora Lab, Ali Security CVE-2017-13222, CVE-2017-13220 @@ -458,7 +511,7 @@ Chengming Yang, and Yang Song of Pandora Lab, Ali Security Chi Zhang and Mingjian Zhou -(@Mingjian_Zhou) of @Mingjian_Zhou) of C0RE Team CVE-2017-13178, CVE-2017-13179 @@ -467,19 +520,19 @@ href="http://c0reteam.org">C0RE Team CVE-2017-13209 - Haosheng Wang (@gnehsoah) + Haosheng Wang (@gnehsoah) CVE-2017-13198 - Hongli Han (@HexB1n) and -Mingjian Zhou (@Mingjian_Zhou) + Hongli Han (@HexB1n) and +Mingjian Zhou (@Mingjian_Zhou) of C0RE Team CVE-2017-13183, CVE-2017-13180 - Hongli Han (@HexB1n), Hongli Han (@HexB1n), Dacheng Shao, and Mingjian Zhou (@Mingjian_Zhou) of @Mingjian_Zhou) of C0RE Team CVE-2017-13194 @@ -489,13 +542,13 @@ href="http://c0reteam.org">C0RE Team Mingjian Zhou (周明建) (@Mingjian_Zhou) of @Mingjian_Zhou) of C0RE Team CVE-2017-13184, CVE-2017-13201 Niky1235 (@jiych_guru) +href="https://twitter.com/jiych_guru">@jiych_guru) CVE-2017-0855, CVE-2017-13195, CVE-2017-13181 @@ -510,7 +563,7 @@ Academy of Sciences CVE-2017-13176 - V.E.O (@VYSEa) of V.E.O (@VYSEa) of Mobile Threat Response Team, Trend Micro CVE-2017-13196, CVE-2017-13186 @@ -524,12 +577,12 @@ Threat Response Team, Trend MicroCVE-2017-13217 - Yangkang (@dnpushme) of + Yangkang (@dnpushme) of Qihoo360 Qex Team CVE-2017-13200 - Yongke Wang (@Rudykewang) + Yongke Wang (@Rudykewang) and Yuebin Sun of Tencent's Xuanwu Lab CVE-2017-13202 @@ -577,7 +630,7 @@ Response Center, Qihoo 360 Technology Co. Ltd. CVE-2017-0650 - Ao Wang (@ArayzSegment) of + Ao Wang (@ArayzSegment) of Pangu Team CVE-2017-0691, CVE-2017-0700 @@ -591,7 +644,7 @@ Barbara CVE-2017-0650 - Baozeng Ding (@sploving1) of + Baozeng Ding (@sploving1) of Alibaba Mobile Security Group CVE-2017-0463, CVE-2017-0506, CVE-2017-0711, CVE-2017-0741, CVE-2017-0742, CVE-2017-0751, CVE-2017-0796, CVE-2017-0798, CVE-2017-0800, @@ -599,7 +652,7 @@ CVE-2017-0827, CVE-2017-0843, CVE-2017-0864, CVE-2017-9703, CVE-2017-9708, CVE-2017-11000, CVE-2017-11059, CVE-2017-13170 - Ben Actis (@Ben_RA) + Ben Actis (@Ben_RA) CVE-2016-8461 @@ -647,7 +700,7 @@ href="https://c0reteam.org/">C0RE Team CVE-2017-0836, CVE-2017-0857, CVE-2017-0880, CVE-2017-13166 - Chiachih Wu (@chiachih_wu) + Chiachih Wu (@chiachih_wu) of C0RE Team CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431, CVE-2016-8432, CVE-2016-8449, CVE-2016-8435, CVE-2016-8480, CVE-2016-8481, @@ -661,7 +714,7 @@ Response Center, Qihoo 360 Technology Co. Ltd. CVE-2017-0758 - Cong Zheng (@shellcong) of + Cong Zheng (@shellcong) of Palo Alto Networks CVE-2017-0752 @@ -688,19 +741,19 @@ href="http://c0reteam.org/">C0RE Team CVE-2017-13160 - Daxing Guo (@freener0) of + Daxing Guo (@freener0) of Xuanwu Lab, Tencent CVE-2017-0386, CVE-2017-0553, CVE-2017-0585, CVE-2017-0706 derrek (@derrekr6) +href="https://twitter.com/derrekr6">@derrekr6) CVE-2016-8413, CVE-2016-8477, CVE-2017-0392, CVE-2017-0521, CVE-2017-0531, CVE-2017-0576, CVE-2017-8260 - Di Shen (@returnsme) of -KeenLab (@keen_lab), Tencent + Di Shen (@returnsme) of +KeenLab (@keen_lab), Tencent CVE-2016-8412, CVE-2016-8427, CVE-2016-8444, CVE-2016-10287, CVE-2017-0334, CVE-2017-0403, CVE-2017-0427, CVE-2017-0456, CVE-2017-0457, CVE-2017-0525, CVE-2017-8265 @@ -727,7 +780,7 @@ CVE-2017-0525, CVE-2017-8265 CVE-2017-0692, CVE-2017-0694, CVE-2017-0771, CVE-2017-0774, CVE-2017-0775 - En He (@heeeeen4x) of En He (@heeeeen4x) of MS509Team CVE-2017-0394, CVE-2017-0490, CVE-2017-0601, CVE-2017-0639, CVE-2017-0645, CVE-2017-0784, CVE-2017-11042 @@ -756,7 +809,7 @@ CVE-2017-0645, CVE-2017-0784, CVE-2017-11042 Gengjia Chen (@chengjia4574) of IceSword Lab, +href="https://twitter.com/chengjia4574">@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2016-8464, CVE-2016-10285, CVE-2016-10288, CVE-2016-10290, CVE-2016-10294, CVE-2016-10295, CVE-2016-10296, CVE-2017-0329, CVE-2017-0332, @@ -769,7 +822,7 @@ CVE-2017-9691, CVE-2017-10997 Godzheng (郑文选 @VirtualSeekers) of Tencent PC +href="https://twitter.com/virtualseekers">@VirtualSeekers) of Tencent PC Manager CVE-2017-0602, CVE-2017-0646 @@ -782,7 +835,7 @@ Manager CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785 - Guang Gong (龚广) (@oldfresher) + Guang Gong (龚广) (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2016-8415, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, CVE-2016-8465, @@ -837,7 +890,7 @@ CVE-2017-0792, CVE-2017-0825, CVE-2017-6424 Hongli Han - (@HexB1n) of + (@HexB1n) of C0RE Team CVE-2017-0384, CVE-2017-0385, CVE-2017-0731, CVE-2017-0739, CVE-2017-13154, CVE-2017-6276 @@ -848,7 +901,7 @@ CVE-2017-0792, CVE-2017-0825, CVE-2017-6424 CVE-2017-0753 - Ian Foster (@lanrat) + Ian Foster (@lanrat) CVE-2017-0554 @@ -873,18 +926,18 @@ CVE-2017-0792, CVE-2017-0825, CVE-2017-6424 Jeremy Huang - (@bittorrent3389) + (@bittorrent3389) of King Team CVE-2017-13172 - Jianjun Dai (@Jioun_dai) of + Jianjun Dai (@Jioun_dai) of Qihoo 360 Skyeye Labs CVE-2017-0478, CVE-2017-0541, CVE-2017-0559 Jianqiang Zhao (@jianqiangzhao) of IceSword Lab, +href="https://twitter.com/jianqiangzhao">@jianqiangzhao) of IceSword Lab, Qihoo 360 CVE-2016-5346, CVE-2016-8416, CVE-2016-8475, CVE-2016-8478, CVE-2017-0445, CVE-2017-0458, CVE-2017-0459, CVE-2017-0518, CVE-2017-0519, @@ -896,7 +949,7 @@ CVE-2017-8261, CVE-2017-8268, CVE-2017-9718, CVE-2017-1000380 CVE-2017-0698 - Jon Sawyer (@jcase) + Jon Sawyer (@jcase) CVE-2016-8461, CVE-2016-8462 @@ -951,7 +1004,7 @@ href="http://c0reteam.org/">C0RE Team CVE-2017-0491 - Marco Bartoli (@wsxarcher) + Marco Bartoli (@wsxarcher) CVE-2017-0712 @@ -971,13 +1024,13 @@ href="http://c0reteam.org/">C0RE Team CVE-2017-0598, CVE-2017-0806, CVE-2017-0871 - Mike Anderson (@manderbot) of + Mike Anderson (@manderbot) of Tesla Motors Product Security Team CVE-2017-0327, CVE-2017-0328 Mingjian Zhou (@Mingjian_Zhou) of @Mingjian_Zhou) of C0RE Team CVE-2017-0383, CVE-2017-0417, CVE-2017-0418, CVE-2017-0425, CVE-2017-0450, CVE-2017-0479, CVE-2017-0480, CVE-2017-0483, CVE-2017-0665, @@ -997,11 +1050,11 @@ CVE-2017-13152, CVE-2017-13154, CVE-2017-13166, CVE-2017-13169, CVE-2017-14904 CVE-2016-10276 - Nathan Crandall (@natecray) + Nathan Crandall (@natecray) CVE-2017-0535 - Nathan Crandall (@natecray) of + Nathan Crandall (@natecray) of Tesla Motors Product Security Team CVE-2017-0306, CVE-2017-0327, CVE-2017-0328, CVE-2017-0331, CVE-2017-0606, CVE-2017-8242, CVE-2017-9679 @@ -1016,7 +1069,7 @@ CVE-2017-0606, CVE-2017-8242, CVE-2017-9679 Niky1235 (@jiych_guru) +href="https://twitter.com/jiych_guru">@jiych_guru) CVE-2017-0603, CVE-2017-0670, CVE-2017-0697, CVE-2017-0726, CVE-2017-0818 @@ -1053,7 +1106,7 @@ CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090CVE-2017-11046, CVE-2017-11091 - Peter Pi (@heisecode) of + Peter Pi (@heisecode) of Trend Micro CVE-2016-8424, CVE-2016-8428, CVE-2016-8429, CVE-2016-8460, CVE-2016-8469, CVE-2016-8473, CVE-2016-8474 @@ -1075,7 +1128,7 @@ CVE-2017-8270, CVE-2017-9691, CVE-2017-9718, CVE-2017-10997, CVE-2017-1000380 Qidan He (何淇丹) (@flanker_hqd) of KeenLab, Tencent +href="https://twitter.com/flanker_hqd">@flanker_hqd) of KeenLab, Tencent (腾讯科恩实验室) CVE-2017-0325, CVE-2017-0337, CVE-2017-0382, CVE-2017-0427, CVE-2017-0476, CVE-2017-0544, CVE-2017-0861, CVE-2017-0866, CVE-2017-13167, @@ -1094,7 +1147,7 @@ CVE-2017-15868 CVE-2017-0522 - Roee Hay (@roeehay) of Aleph + Roee Hay (@roeehay) of Aleph Research, HCL Technologies CVE-2016-10277, CVE-2017-0563, CVE-2017-0582, CVE-2017-0648, CVE-2017-0829, CVE-2017-13174 @@ -1113,24 +1166,24 @@ Communications in DarkMatter CVE-2017-0528 - salls (@chris_salls) of + salls (@chris_salls) of Shellphish Grill Team, UC Santa Barbara CVE-2017-0505, CVE-2017-13168 Scott Bauer (@ScottyBauer1) +href="https://twitter.com/ScottyBauer1">@ScottyBauer1) CVE-2016-10274, CVE-2017-0339, CVE-2017-0405, CVE-2017-0504, CVE-2017-0516, CVE-2017-0521, CVE-2017-0562, CVE-2017-0576, CVE-2017-0705, CVE-2017-8259, CVE-2017-8260, CVE-2017-9680, CVE-2017-11053, CVE-2017-13160 Sean Beaupre (@firewaterdevs) +href="https://twitter.com/firewaterdevs">@firewaterdevs) CVE-2016-8461, CVE-2016-8462, CVE-2017-0455 - Seven Shen (@lingtongshen) + Seven Shen (@lingtongshen) of Trend Micro Mobile Threat Research Team CVE-2016-8418, CVE-2016-8466, CVE-2016-10231, CVE-2017-0449, CVE-2017-0452, CVE-2017-0578, CVE-2017-0586, CVE-2017-0724, CVE-2017-0772, @@ -1174,11 +1227,11 @@ CVE-2017-0436, CVE-2017-10661 Uma Sankar Pradhan (@umasankar_iitd) +href="https://twitter.com/umasankar_iitd">@umasankar_iitd) CVE-2017-0560 - Valerio Costamagna (@vaio_co) + Valerio Costamagna (@vaio_co) CVE-2017-0712 @@ -1188,7 +1241,7 @@ CVE-2017-0675, CVE-2017-0676, CVE-2017-0682, CVE-2017-0683, CVE-2017-0696, CVE-2017-0699, CVE-2017-0701, CVE-2017-0702, CVE-2017-0716, CVE-2017-0757 - V.E.O (@VYSEa) of Mobile Threat + V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro CVE-2017-0381, CVE-2017-0424, CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, CVE-2017-0471, CVE-2017-0472, @@ -1205,7 +1258,7 @@ CVE-2017-10662, CVE-2017-10663 CVE-2017-0522 - Weichao Sun (@sunblate) of + Weichao Sun (@sunblate) of Alibaba Inc. CVE-2017-0391, CVE-2017-0407, CVE-2017-0549, CVE-2017-0759 @@ -1226,12 +1279,12 @@ CVE-2017-0483, CVE-2017-0768, CVE-2017-0779, CVE-2017-0812, CVE-2017-0815, CVE-2017-0816 - Wenlin Yang (@wenlin_yang) + Wenlin Yang (@wenlin_yang) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2017-0577, CVE-2017-0580 - Wish Wu (@wish_wu) (Wish Wu (@wish_wu) (吴潍浠 此彼) of Ant-financial Light-Year Security Lab CVE-2017-0408, CVE-2017-0477, CVE-2017-11063, CVE-2017-11092 @@ -1314,7 +1367,7 @@ CVE-2017-9708, CVE-2017-13170 CVE-2017-0860 - Yangkang (@dnpushme) of Qex + Yangkang (@dnpushme) of Qex Team, Qihoo 360 CVE-2017-0647, CVE-2017-0690, CVE-2017-0753 @@ -1329,12 +1382,12 @@ href="http://c0reteam.org/">C0RE Team Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc. +href="https://twitter.com/ThomasKing2014">@ThomasKing2014) of Alibaba Inc. CVE-2017-0404, CVE-2017-0588, CVE-2017-0842, CVE-2017-13164, CVE-2017-9708, CVE-2017-13170 - Yonggang Guo (@guoygang) of + Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2016-10289, CVE-2017-0465, CVE-2017-0564, CVE-2017-0746, CVE-2017-0749, CVE-2017-7370, CVE-2017-8267, CVE-2017-8269, CVE-2017-8271, @@ -1372,22 +1425,22 @@ CVE-2017-8264, CVE-2017-10661, CVE-2017-14903 CVE-2017-0767, CVE-2017-0839, CVE-2017-0848 - Yuqi Lu (@nikos233) of Yuqi Lu (@nikos233) of C0RE Team CVE-2017-0383, CVE-2017-0401, CVE-2017-0417, CVE-2017-0425, CVE-2017-0483 - Yuxiang Li (@Xbalien29) of + Yuxiang Li (@Xbalien29) of Tencent Security Platform Department CVE-2017-0395, CVE-2017-0669, CVE-2017-0704 - Zach Riggle (@ebeip90) of the + Zach Riggle (@ebeip90) of the Android Security Team CVE-2017-0710 - Zhanpeng Zhao (行之) (@0xr0ot) of + Zhanpeng Zhao (行之) (@0xr0ot) of Security Research Lab, Cheetah Mobile CVE-2016-8451 @@ -1398,7 +1451,7 @@ Co. Ltd. Zhen Zhou (@henices) of @henices) of NSFocus CVE-2017-0406 @@ -1457,12 +1510,12 @@ Telecommunications

    Andrei Kapishnikov of Google

    -

    Andy Tyler (@ticarpi) of +

    Andy Tyler (@ticarpi) of e2e-assure

    -

    Anestis Bechtsoudis (@anestisb) of CENSUS S.A.

    +

    Anestis Bechtsoudis (@anestisb) of CENSUS S.A.

    -

    Ao Wang (@ArayzSegment) of +

    Ao Wang (@ArayzSegment) of PKAV, Silence Information Technology

    Askyshang of Security Platform Department, Tencent

    @@ -1487,7 +1540,7 @@ Telecommunications

    Chi Zhang of C0RE Team

    -

    Chiachih Wu (@chiachih_wu) of +

    Chiachih Wu (@chiachih_wu) of C0RE Team from Qihoo 360

    Christian Seel

    @@ -1536,16 +1589,16 @@ Telecommunications

    Efthimios Alepis of University of Piraeus

    -

    En He (@heeeeen4x) of En He (@heeeeen4x) of MS509Team

    -

    Gal Beniamini (@laginimaineb, +

    Gal Beniamini (@laginimaineb, http://bits-please.blogspot.com)

    -

    Gengjia Chen (@chengjia4574) +

    Gengjia Chen (@chengjia4574) of Lab 0x031E, Qihoo 360 Technology Co. Ltd

    -

    Gengming Liu (刘耕铭) (@dmxcsnsbh) +

    Gengming Liu (刘耕铭) (@dmxcsnsbh) of KeenLab, Tencent

    George Piskas of @@ -1555,7 +1608,7 @@ Telecommunications

    Greg Kaiser of Google Android Team

    -

    Guang Gong (龚广) (@oldfresher) +

    Guang Gong (龚广) (@oldfresher) of Qihoo 360 Technology Co. Ltd.

    Hang Zhang of UC Riverside

    @@ -1585,15 +1638,15 @@ Telecommunications

    Jeremy C. Joslin of Google

    -

    jfang of KEEN lab, Tencent (@K33nTeam)

    +

    jfang of KEEN lab, Tencent (@K33nTeam)

    -

    Jianqiang Zhao (@jianqiangzhao) of IceSword Lab, Qihoo 360

    +

    Jianqiang Zhao (@jianqiangzhao) of IceSword Lab, Qihoo 360

    -

    Joshua Drake (@jduck)

    +

    Joshua Drake (@jduck)

    Jouni Malinen PGP id EFC895FA

    -

    Kai Lu (@K3vinLuSec) of +

    Kai Lu (@K3vinLuSec) of Fortinet's FortiGuard Labs

    Kandala Shivaram reddy

    @@ -1613,8 +1666,8 @@ Fortinet's FortiGuard Labs

    Makoto Onuki of Google

    -

    Marco Grassi (@marcograss) of KeenLab - (@keen_lab), Tencent

    +

    Marco Grassi (@marcograss) of KeenLab + (@keen_lab), Tencent

    Marco Nelissen of Google

    @@ -1628,7 +1681,7 @@ Fortinet's FortiGuard Labs

    Max Spector of Google

    -

    MengLuo Gou (@idhyt3r) of Bottle +

    MengLuo Gou (@idhyt3r) of Bottle Tech

    Michał Bednarski (github.com/michalbednarski)

    @@ -1637,7 +1690,7 @@ Fortinet's FortiGuard Labs

    Min Chong of Android Security

    -

    Mingjian Zhou (@Mingjian_Zhou) +

    Mingjian Zhou (@Mingjian_Zhou) of C0RE Team, Qihoo 360

    Miriam Gershenson of Google

    @@ -1646,13 +1699,13 @@ Fortinet's FortiGuard Labs

    Nasim Zamir

    -

    Nathan Crandall (@natecray) of +

    Nathan Crandall (@natecray) of Tesla Motors Product Security Team

    -

    Nico Golde (@iamnion) of Qualcomm Product Security Initiative

    +

    Nico Golde (@iamnion) of Qualcomm Product Security Initiative

    Nightwatch Cybersecurity Research - (@nightwatchcyber)

    + (@nightwatchcyber)

    Ning You of Alibaba Mobile Security Group

    @@ -1666,7 +1719,7 @@ Tesla Motors Product Security Team

    Pengfei Ding (丁鹏飞) of Baidu X-Lab

    -

    Peter Pi (@heisecode) of Trend Micro

    +

    Peter Pi (@heisecode) of Trend Micro

    pjf of IceSword Lab, Qihoo 360

    @@ -1675,8 +1728,8 @@ Tesla Motors Product Security Team

    Qianwei Hu (rayxcp@gmail.com) of WooYun TangLab

    -

    Qidan He (@Flanker_hqd) of - KeenLab (@keen_lab), Tencent

    +

    Qidan He (@Flanker_hqd) of + KeenLab (@keen_lab), Tencent

    Richard Shupak

    @@ -1691,7 +1744,7 @@ Tesla Motors Product Security Team

    Romain Trouvé of MWR Labs

    -

    Ronald L. Loor Vargas (@loor_rlv) +

    Ronald L. Loor Vargas (@loor_rlv) of TEAM Lv51

    Sagi Kedmi, IBM Security X-Force Researcher

    @@ -1701,20 +1754,20 @@ of TEAM Lv51

    Santos Cordon of Google Telecom Team

    Scott Bauer - (@ScottyBauer1)

    + (@ScottyBauer1)

    -

    Sen Nie (@nforest_) of KEEN lab, - Tencent (@K33nTeam)

    +

    Sen Nie (@nforest_) of KEEN lab, + Tencent (@K33nTeam)

    -

    Sergey Bobrov (@Black2Fan) of +

    Sergey Bobrov (@Black2Fan) of Kaspersky Lab

    -

    Seven Shen (@lingtongshen) +

    Seven Shen (@lingtongshen) of Trend Micro (www.trendmicro.com)

    Sharvil Nanavati of Google

    -

    Shinjo Park (@ad_ili_rai) of +

    Shinjo Park (@ad_ili_rai) of Security in Telecommunications

    @@ -1728,7 +1781,7 @@ Telecommunications

    Tieyan Li of Huawei

    -

    Tim Strazzere (@timstrazz) of +

    Tim Strazzere (@timstrazz) of SentinelOne / RedNaga

    Tom Craig of Google X

    @@ -1740,7 +1793,7 @@ SentinelOne / RedNaga

    Tongxin Li of Peking University

    -

    trotmaster (@trotmaster99)

    +

    trotmaster (@trotmaster99)

    Vasily Vasilev

    @@ -1752,13 +1805,13 @@ SentinelOne / RedNaga

    Vishwath Mohan of Android Security

    -

    Wei Wei (@Danny__Wei) of Xuanwu +

    Wei Wei (@Danny__Wei) of Xuanwu LAB, Tencent

    -

    Weichao Sun (@sunblate) of Alibaba Inc

    +

    Weichao Sun (@sunblate) of Alibaba Inc

    -

    Wen Niu (@NWMonster) of KeenLab - (@keen_lab), Tencent

    +

    Wen Niu (@NWMonster) of KeenLab + (@keen_lab), Tencent

    Wenke Dou of C0RE Team

    @@ -1766,7 +1819,7 @@ SentinelOne / RedNaga

    William Roberts (william.c.roberts@intel.com)

    -

    Wish Wu (@wish_wu) (Wish Wu (@wish_wu) (吴潍浠) of Mobile Threat Response Team, Trend Micro @@ -1780,7 +1833,7 @@ SentinelOne / RedNaga

    Xiling Gong of Tencent Security Platform Department

    -

    Xingyu He (何星宇) (@Spid3r_) +

    Xingyu He (何星宇) (@Spid3r_) of Alibaba Inc

    Xinhui Han of Peking University

    @@ -1812,10 +1865,10 @@ SentinelOne / RedNaga

    Yong Shi of Eagleye team, SCC, Huawei

    -

    Yong Wang (王勇) (@ThomasKing2014) +

    Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc.

    -

    Yongke Wang (@Rudykewang) of +

    Yongke Wang (@Rudykewang) of Xuanwu LAB, Tencent

    Yongzheng Wu of Huawei

    @@ -1827,13 +1880,13 @@ of Alibaba Inc.

    Yuru Shao of University of Michigan Ann Arbor

    -

    Yuxiang Li (@Xbalien29) of +

    Yuxiang Li (@Xbalien29) of Tencent Security Platform Department

    -

    Zach Riggle (@ebeip90) of the +

    Zach Riggle (@ebeip90) of the Android Security Team

    -

    Zhanpeng Zhao (行之) (@0xr0ot) of +

    Zhanpeng Zhao (行之) (@0xr0ot) of Security Research Lab, Cheetah Mobile

    Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology Co. @@ -1879,7 +1932,7 @@ of Alibaba Inc.

    Gal Beniamini (http://bits-please.blogspot.com)

    -

    Guang Gong (龚广) (@oldfresher, higongguang@gmail.com) of Qihoo 360 Technology Co.Ltd

    +

    Guang Gong (龚广) (@oldfresher, higongguang@gmail.com) of Qihoo 360 Technology Co.Ltd

    Hongil Kim of System Security Lab, KAIST (hongilk@kaist.ac.kr)

    @@ -1890,7 +1943,7 @@ Aires Argentina

    Jack Tang of Trend Micro (@jacktang310)

    -

    jgor of The University of Texas at Austin (@indiecom)

    +

    jgor of The University of Texas at Austin (@indiecom)

    Joaquín Rinaudo (@xeroxnir) of Programa STIC at Fundación Dr. Manuel Sadosky, Buenos Aires Argentina

    @@ -1901,9 +1954,9 @@ Buenos Aires Argentina

    Lei Wu of C0RE Team from Qihoo 360

    -

    Marco Grassi (@marcograss) of KeenTeam (@K33nTeam)

    +

    Marco Grassi (@marcograss) of KeenTeam (@K33nTeam)

    -

    Mark Carter (@hanpingchinese) of EmberMitre Ltd

    +

    Mark Carter (@hanpingchinese) of EmberMitre Ltd

    Martin Barbella, Google Chrome Security Team

    @@ -1936,7 +1989,7 @@ Secure Software Engineering Group, EC SPRIDE Technische Universität

    Steven Vittitoe of Google Project Zero

    Tony Beltramelli (@Tbeltramelli) of @Tbeltramelli) of tonybeltramelli.com

    Tzu-Yin (Nina) Tai

    @@ -1961,23 +2014,23 @@ href="http://tonybeltramelli.com/">tonybeltramelli.com

    Aaron Mangel of Banno (amangel@gmail.com)

    -

    Alex Park (@saintlinu)

    +

    Alex Park (@saintlinu)

    Alexandru Gheorghita

    Andrey Labunets of Facebook

    Ange Albertini (@angealbertini)

    +href="https://twitter.com/angealbertini">@angealbertini)

    Axelle Apvrille of Fortinet, FortiGuards Labs

    -

    Dan Amodio of Aspect Security (@DanAmodio)

    +

    Dan Amodio of Aspect Security (@DanAmodio)

    David Murdoch

    Henry Hoggard of MWR Labs (@HenryHoggard)

    +href="https://twitter.com/henryhoggard">@HenryHoggard)

    Imre Rad of Search-Lab Ltd.

    @@ -1992,20 +2045,20 @@ Security

    Joseph Redfern of MWR Labs
    (@JosephRedfern)

    +href="https://twitter.com/JosephRedfern">@JosephRedfern)

    Kunal Patel of Samsung KNOX Security Team (kunal.patel1@samsung.com)

    Luander Michel Ribeiro (@luanderock)

    +href="https://twitter.com/luanderock">@luanderock)

    Luyi Xing of Indiana University Bloomington (xingluyi@gmail.com)

    -

    Marc Blanchou (@marcblanchou)

    +

    Marc Blanchou (@marcblanchou)

    -

    Mathew Solnik (@msolnik)

    +

    Mathew Solnik (@msolnik)

    Michał Bednarski

    @@ -2052,17 +2105,17 @@ href="mailto:litongxin1991@gmail.com">litongxin1991@gmail.com)

    Tony Trummer of The Men in the Middle
    (@SecBro1)

    +href="https://twitter.com/SecBro1">@SecBro1)

    Tushar Dalvi (@tushardalvi)

    +href="https://twitter.com/tushardalvi">@tushardalvi)

    Valera Neronov

    Wang Tao of Baidu X-Team (wintao@gmail.com)

    -

    Wang Yu of Baidu X-Team (@xi4oyu)

    +

    Wang Yu of Baidu X-Team (@xi4oyu)

    Will Shackleton of Facebook

    @@ -2079,7 +2132,7 @@ href="mailto:xw7@indiana.edu">xw7@indiana.edu)

    Xiaoyong Zhou of Indiana University Bloomington
    (@xzhou, @xzhou, zhou.xiaoyong@gmail.com)

    Xinhui Han of Peking University (hanxinhui@pku.edu.cn)

    href="mailto:luc2yj@gmail.com">luc2yj@gmail.com)

    Yu-Cheng Lin 林禹成 (@AndroBugs)

    +href="https://twitter.com/AndroBugs">@AndroBugs)

    Zhang Dong Hui of Baidu X-Team (shineastdh)

    @@ -2107,7 +2160,7 @@ of eCommera (jon@cunninglogic.com)

    Joshua J. Drake of Accuvant LABS - (@jduck) + (@jduck) Patch Rewards Symbol

    @@ -2124,7 +2177,7 @@ href="mailto:xingluyi@gmail.com">xingluyi@gmail.com)

    Mike Ryan of iSEC Partners -
    (@mpeg4codec, +
    (@mpeg4codec, mikeryan@isecpartners.com )

    @@ -2135,7 +2188,7 @@ at Urbana-Champaign

    Qualcomm Product Security Initiative

    -

    Roee Hay (@roeehay, +

    Roee Hay (@roeehay, roeehay@gmail.com)

    Robert Craig of @@ -2145,7 +2198,7 @@ Trusted Systems Research Group, US National Security Agency title="This person contributed code that improved Android security">

    Ruben Santamarta of IOActive -(@reversemode)

    +(@reversemode)

    Stephen Smalley of Trusted Systems Research Group, US National Security Agency @@ -2172,12 +2225,12 @@ alt="Patch Symbol" title="This person contributed code that improved Android sec

    -

    David Weinstein (@insitusec) +

    David Weinstein (@insitusec) of viaForensics

    Jann Horn

    -

    Ravishankar Borgaonkari (@raviborgaonkar) of TU Berlin

    +

    Ravishankar Borgaonkari (@raviborgaonkar) of TU Berlin

    Robert Craig of Trusted Systems Research Group, US National Security Agency @@ -2185,7 +2238,7 @@ Trusted Systems Research Group, US National Security Agency Patch Symbol

    -

    Roee Hay (@roeehay, +

    Roee Hay (@roeehay, roeehay@gmail.com)

    Stephen Smalley of @@ -2208,7 +2261,7 @@ alt="Patch Symbol" title="This person contributed code that improved Android sec

    @@ -2216,9 +2269,9 @@ alt="Patch Symbol" title="This person contributed code that improved Android sec
    -

    Charlie Miller (@0xcharlie)

    +

    Charlie Miller (@0xcharlie)

    -

    Collin Mulliner of MUlliNER.ORG (@collinrm)

    +

    Collin Mulliner of MUlliNER.ORG (@collinrm)

    diff --git a/en/setup/build/initializing.html b/en/setup/build/initializing.html index c68f0773..24c697ff 100644 --- a/en/setup/build/initializing.html +++ b/en/setup/build/initializing.html @@ -159,7 +159,7 @@ environment You will need a 64-bit version of Ubuntu. Ubuntu 14.04 is recommended. 

    -sudo apt-get install git-core gnupg flex bison gperf build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z-dev ccache libgl1-mesa-dev libxml2-utils xsltproc unzip
+sudo apt-get install git-core gnupg flex bison gperf build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z-dev libgl1-mesa-dev libxml2-utils xsltproc unzip
  • At least 100GB of free disk space to checkout the code and an extra 150GB - to build it. If you conduct multiple builds or employ ccache, you will need - even more space. + to build it. If you conduct multiple builds, you will need even more space.
  • If you are running Linux in a virtual machine, you need at least 16GB of RAM/swap. diff --git a/en/setup/start/build-numbers.html b/en/setup/start/build-numbers.html index fb2f2d39..6889f568 100644 --- a/en/setup/start/build-numbers.html +++ b/en/setup/start/build-numbers.html @@ -234,6 +234,30 @@ following table. + + OPM4.171019.016.C1 + android-8.1.0_r29 + Oreo + Pixel C + + + OPM4.171019.016.B1 + android-8.1.0_r28 + Oreo + Pixel XL, Pixel, Pixel 2 XL, Pixel 2 + + + OPM4.171019.016.A1 + android-8.1.0_r27 + Oreo + Nexus 5X + + + OPM2.171019.029.B1 + android-8.1.0_r26 + Oreo + Pixel 2 XL, Pixel 2 + OPM4.171019.015.A1 android-8.1.0_r23 -- cgit v1.2.3