====================
     09-28-2017
====================

   * kernel/lge/g3/
dcd07bd  Bluetooth: Properly check L2CAP config option output buffer length  [Ben Seri]
5abf68e  Revert "time: Remove CONFIG_TIMER_STATS"  [Kelly Craft]
7e5f0b1  g3: camera: Fix the size of the i2c register array  [Christopher R. Palmer]
4754e0d  ALSA: timer: Fix race between read and ioctl  [Takashi Iwai]
7dc5c19  ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT  [Takashi Iwai]
0322e2c  fs/exec.c: account for argv/envp pointers  [Kees Cook]
72ee723  Allow stack to grow up to address space limit  [Helge Deller]
0f46697  mm: larger stack guard gap, between vmas  [Hugh Dickins]
186e53a  xfrm: policy: check policy direction value  [Vladis Dronov]
e960bf79  BACKPORT: f2fs: sanity check checkpoint segno and blkoff  [Jin Qian]
12a7b99  UPSTREAM: f2fs: sanity check segment count  [Jin Qian]
8beef23  UPSTREAM: timerfd: Protect the might cancel mechanism proper  [Thomas Gleixner]
a7b3b09  USB: f_qc_rndis: Prevent use-after-free for _rndis_qc  [Pratham Pratap]
98bafd1  f_qc_rndis: Check config or cdev is NULL in before accessing  [Mayank Rana]
13e02e0  ipv6: fix out of bound writes in __ip6_append_data()  [Eric Dumazet]
b6c7774  ipv6/dccp: do not inherit ipv6_mc_list from parent  [WANG Cong]
ded738c  sctp: do not inherit ipv6_{mc|ac|fl}_list from parent  [Eric Dumazet]
c5f156f  ipv6: Check ip6_find_1stfragopt() return value properly.  [David S. Miller]
a4f00f1  ipv6: Prevent overrun when parsing v6 header options  [Craig Gallek]
49743b2  ashmem: remove cache maintenance support  [Sudarshan Rajagopalan]
9de08ac  msm: kgsl: Fix kgsl memory allocation and free race condition  [Dennis Cagle]
269d818  msm: camera: don't cut to 8bits for validating enum variable  [Gaoxiang Chen]
3d9298b  ASoC: msm: qdsp6v2: check audio client pointer before accessing  [Aravind Kumar]
908ec56  ASoC: msm: qdsp6v2: validate audio client in callback  [Fred Oh]
54e2c1b  msm: camera: sensor: Add boundary check for cci master  [Rajesh Bondugula]
62f51fe  ASoC: msm: qdsp6v2: set pointer to NULL after free.  [Xiaojun Sang]
e8bc632  BACKPORT: msm: camera: Avoid exposing kernel addresses  [Siqi Lin]
b91ca26  msm: vidc: Protect debug_buffer access in core_info_read with lock.  [Abdulla Anam]
e7103c5  qseecom: add mutex around qseecom_set_client_mem_param  [Zhen Kong]
c662547  msm: IPA: add the check on intf query  [Skylar Chang]
2797aba  crypto: ahash - Fix EINPROGRESS notification callback  [Herbert Xu]
5311633  crypto: hash - Simplify the ahash_finup implementation  [Marek Vasut]
e18d61c  crypto: hash - Pull out the functions to save/restore request  [Marek Vasut]
9cf8e63  crypto: hash - Fix the pointer voodoo in unaligned ahash  [Marek Vasut]
d5b124a  crypto: ahash - Fully restore ahash request before completing  [Marek Vasut]
749c4b3  mm/mempolicy.c: fix error handling in set_mempolicy and mbind.  [Chris Salls]
7417229  KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings  [Eric Biggers]
8763df1  msm: mdss: Fix invalid dma attachment during fb shutdown  [Benjamin Chan]
15314a1  net/packet: fix overflow in check for tp_reserve  [Andrey Konovalov]
2193f4f  net/packet: fix overflow in check for tp_frame_nr  [Andrey Konovalov]
61bd5f8  scsi: sg: check length passed to SG_NEXT_CMD_LEN  [peter chang]
8cfc329  sg: relax 16 byte cdb restriction  [Douglas Gilbert]
e485b99  block: add blk_rq_set_block_pc()  [Jens Axboe]
eaf5830  xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder  [Andy Whitcroft]
c16512f  xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window  [Andy Whitcroft]
fc3048a  KEYS: Change the name of the dead type to ".dead" to prevent user access  [David Howells]
bc7fd4f  platform: msm: spmi: Fix possible race condition in debugfs  [ansharma]
fc4501e  sctp: deny peeloff operation on asocs with threads sleeping on it  [Marcelo Ricardo Leitner]
c483296  irda: Fix lockdep annotations in hashbin_delete().  [David S. Miller]
79c14e0  packet: fix races in fanout_add()  [Eric Dumazet]
e13d259  net/llc: avoid BUG_ON() in skb_orphan()  [Eric Dumazet]
6ffaa47  tcp: avoid infinite loop in tcp_splice_read()  [Eric Dumazet]
485cb3e  dccp: fix freeing skb too early for IPV6_RECVPKTINFO  [Andrey Konovalov]
91736b6  perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race  [Peter Zijlstra]
8760c40  sctp: avoid BUG_ON on sctp_wait_for_sndbuf  [Marcelo Ricardo Leitner]
c930293  tcp: do not lock listener to process SYN packets  [Eric Dumazet]
28e191b  ipv4: keep skb->dst around in presence of IP options  [Eric Dumazet]
daa1364  time: Remove CONFIG_TIMER_STATS  [Kees Cook]
9b95d11  ipc/shm: Fix shmat mmap nil-page protection  [Davidlohr Bueso]
355508b  ipc: add COMPAT_SHMLBA support  [Will Deacon]
03f2346  tty: n_hdlc: get rid of racy n_hdlc.tbuf  [Alexander Popov]
d76dda2  TTY: n_hdlc, fix lockdep false positive  [Jiri Slaby]
eccbfd1  selinux: fix off-by-one in setprocattr  [Stephen Smalley]
a2bb40a  msm: crypto: set CLR_CNTXT bit for crypto operations  [AnilKumar Chimata]
d8bf81f  input: touchscreen: gt9xx: fix memory corruption in Goodix driver  [Vevek Venkatesan]
3c342c8  soc: qcom: scm: add check to avoid buffer overflow  [Satya Durga Srinivasu Prabhala]
3821c4a  qseecom: check buffer size when loading firmware images  [Zhen Kong]
6e89cdc  qseecom: improve input validatation for qseecom_send_service_cmd  [Zhen Kong]
62401d0  ASoC: soc: prevent risk of buffer overflow  [Xiaojun Sang]
13c7fe1  ASoC: msm: qdsp6v2: return error when copy from userspace fails  [Siena Richard]
86514bb  ASoC: msm: qdsp6v2: return error when copy from userspace fails  [Siena Richard]
298fbfc  ASoC: msm: Fix to avoid crash during voip call  [Vidyakumar Athota]
2cd0a9a  ASoC: msm: qdsp6v2: Add range checking in msm_dai_q6_set_channel_map  [Xiaoyu Ye]
2e468da  ASoC: msm: q6dspv2: use correct variable type to store ION buff size  [Banajit Goswami]
91efbc7  drivers: soc: add mutex to prevent response being processed twice  [Siena Richard]
6bca97d  defconfig: msm: Disable CONFIG_CP_ACCESS  [Bruce Levy]
45f7124  qcdev: Check the digest length during the SHA operations  [Dennis Cagle]
2a03057  BACKPORT: f2fs: sanity check log_blocks_per_seg  [Jin Qian]
66e64fc  msm: ipa: Fix for missing int overflow check in the refcount library  [Utkarsh Saxena]
554cfa9  Revert "proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"  [Nick Desaulniers]
1c0fc98  sysrq: FIQ and sysrq default deauthorized  [Mark Salyzyn]
581c073  ASoC: msm8x10-wcd: prevent out of bounds access  [Aravind Kumar]
92ffaeb  trace: resolve stack corruption due to string copy  [Amey Telawane]
c4e2d95  ASoC: msm: qdsp6v2: Fix out-of-bounds access in put functions  [Karthikeyan Mani]
b285a8f  crypto: msm: check integer overflow on total data len in qcedev.c  [Zhen Kong]
cbf1153  ANDROID: ion: Protect kref from userspace manipulation  [Daniel Rosenberg]
c6f1d99  ion: blacklist %p kptr_restrict  [Nick Desaulniers]
31446c7  ion: Fix use after free during ION_IOC_ALLOC  [Daniel Rosenberg]
94cfabf  msm: crypto: fix issues on digest buf and copy_from_user in qcedev.c  [Zhen Kong]
83d3dfb  input: misc: fix heap overflow issue in hbtp_input.c  [Vevek Venkatesan]
6743a55  ANDROID: ion: check for kref overflow  [Daniel Rosenberg]
3e2ea84  net: ipc_router: Register services only on client port  [Karthikeyan Ramasubramanian]
35d4179  drivers: soc: add size checks and update log messages  [Siena Richard]

====================
     09-27-2017
====================

   * frameworks/base/
a1392b3  SystemUI: Hide ambient display tile if device does not support it  [Michael Bestas]
369b245  Don't crash when checking if components are protected  [Gabriele M]
   * system/sepolicy/
71b1c5b  sepolicy: Allow exfat and ntfs access for sdcard  [Kevin F. Haggerty]

====================
     09-26-2017
====================

   * external/libnfc-nci/
257864a  pn54x: Don't default to pn551 if BOARD_NFC_CHIPSET isn't set  [Luca Stefani]

====================
     09-25-2017
====================

   * packages/apps/XenonApps/
1d8567e  mnml v1.4  [dadi11]
   * system/vold/
d8d5e6e  Fix bug in cryptfs_verify_passwd with hardware disk encryption  [Yuval Detuscher]

====================
     09-24-2017
====================

   * packages/apps/XenonApps/
06b2049  SuperSU v2.82-SR4  [axxx007xxxz]
a307119  MiXplorer v6.20.5  [axxx007xxxz]
e6a2049  substratum v852  [axxx007xxxz]

====================
     09-23-2017
====================

   * frameworks/base/
d060769  [1/3] SystemUI: add burnIn protection setting  [Park Ju Hyung]
4a05efa  SystemUI: locked tasks should have a valid view  [thecrazyskull]
08c98aa  System Profiles in QS Tiles  [Roman Birg]
85161a4  Single tap tile add switch [1/2]  [varund7726]
   * packages/apps/Dialer/
618565d  Reduce min text size for two lines  [Dr. Ramm]
e69efb5  Dialer: contact name in two lines  [Dr. Ramm]
   * packages/apps/Settings/
e3bd0f2  [2/3] Settings: add burnIn protection setting  [Joey Rizzoli]
ff3287f  Single tap tile add switch [2/2]  [varund7726]
   * vendor/cmsdk/
980260f  [3/3] cmsdk: add burnIn protection setting  [Joey Rizzoli]

====================
     09-22-2017
====================

   * vendor/xenonhd/
b36d349  extract_utils: implement LOCAL_MODULE_RELATIVE_PATH  [M1cha]