security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

mark up release notes as articles

Browse Source
This commit is contained in:
Daniel Micay 2020-12-02 13:35:59 -05:00
parent abc83cbed6
commit 9231fb02a4
2 changed files with 1512 additions and 1416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
generate_feed.py
View File

@ -6,7 +6,7 @@ import lxml.html
from lxml import etree
document = lxml.html.parse("static_tmp/releases.html").getroot()
releases = document.body.cssselect("#changelog h3")
releases = document.body.cssselect("#changelog article")
updated = None
entries = []
@ -16,11 +16,7 @@ for release in releases:
time = datetime.strptime(title, "%Y.%m.%d.%H").isoformat() + "Z"
if updated is None:
updated = time
content = []
element = release.getnext()
while element is not None and element.tag != "h3":
content.append(etree.tostring(element).decode())
element = element.getnext()
content = [etree.tostring(e).decode() for e in release.getchildren()[1:]]
entry = f"""\
<entry>
<id>https://grapheneos.org/releases#{title}</id>

200
static/releases.html
View File

@ -399,7 +399,8 @@
<!--
<h3 id="2020.11.27.15">
<article id="2020.11.27.15">
<h3>
<a href="#2020.11.27.15">2020.11.27.15</a>
</h3>
@ -421,10 +422,12 @@
<li>Vanadium: disable autofill server communication by default</li>
<li>Settings: remove partial MAC randomization translations</li>
</ul>
</article>
-->
<h3 id="2020.11.27.15">
<article id="2020.11.27.15">
<h3>
<a href="#2020.11.27.15">2020.11.27.15</a>
</h3>
@ -441,8 +444,10 @@
<li>Vanadium: disable component updater pings by default</li>
<li>Settings: disallow configuring connectivity checks for users disallowed to configure Private DNS by the administrator (in theory, it could be a separate option, but we need to use one that's already part of the public API)</li>
</ul>
</article>
<h3 id="2020.11.25.22">
<article id="2020.11.25.22">
<h3>
<a href="#2020.11.25.22">2020.11.25.22 preview</a>
</h3>
@ -473,8 +478,10 @@
<li>Settings: add setting to toggle between GrapheneOS connectivity check server and the standard Android connectivity check URLs to continue supporting blending in with other Android devices without a VPN</li>
<li>Updater: remove unused READ_PHONE_STATE permission</li>
</ul>
</article>
<h3 id="2020.11.05.18">
<article id="2020.11.05.18">
<h3>
<a href="#2020.11.05.18">2020.11.05.18</a>
</h3>
@ -493,8 +500,10 @@
<ul>
<li>Clock: add battery optimization exemption required for the new target API level (this is missing in AOSP)</li>
</ul>
</article>
<h3 id="2020.11.03.03">
<article id="2020.11.03.03">
<h3>
<a href="#2020.11.03.03">2020.11.03.03</a>
</h3>
@ -529,8 +538,10 @@
<li>script: make generate_deltas ask for the password only once</li>
<li>enable screenshot action for 3 button nav too (the upstream release limited it to being enabled for 2 button navigation)</li>
</ul>
</article>
<h3 id="2020.10.23.04">
<article id="2020.10.23.04">
<h3>
<a href="#2020.10.23.04">2020.10.23.04</a>
</h3>
@ -555,8 +566,10 @@
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a): apply Bluetooth fixes from the stable kernel branch including fixes for CVE-2020-12351, CVE-2020-12352 and CVE-2020-24490</li>
<li>improve experimental support for the Pixel 4a including porting most device-specific changes implemented for other devices</li>
</ul>
</article>
<h3 id="2020.10.06.02">
<article id="2020.10.06.02">
<h3>
<a href="#2020.10.06.02">2020.10.06.02</a>
</h3>
@ -580,8 +593,10 @@
<li>Clock: apply fixes for various upstream issues</li>
<li>Updater: harden PendingIntent usage</li>
</ul>
</article>
<h3 id="2020.10.01.23">
<article id="2020.10.01.23">
<h3>
<a href="#2020.10.01.23">2020.10.01.23</a>
</h3>
@ -599,8 +614,10 @@
<li>Settings: fix integration of LTE only mode option to preferred network setting</li>
<li>Auditor: update to <a href="https://github.com/GrapheneOS/Auditor/releases/tag/21">version 21</a></li>
</ul>
</article>
<h3 id="2020.09.29.20">
<article id="2020.09.29.20">
<h3>
<a href="#2020.09.29.20">2020.09.29.20</a>
</h3>
@ -622,8 +639,10 @@
<li>fix syncing time for the port of our HTTPS-based network time update implementation to Android 11</li>
<li>stop using dedicated keys for signing OsuLogin and ServiceWifiResources rather than simply using the regular testkey/releasekey</li>
</ul>
</article>
<h3 id="2020.09.25.00">
<article id="2020.09.25.00">
<h3>
<a href="#2020.09.25.00">2020.09.25.00</a>
</h3>
@ -648,8 +667,10 @@
</ul>
<p>We're no longer going to be listing out restored past features in a separate section for the release notes.</p>
</article>
<h3 id="2020.09.18.13">
<article id="2020.09.18.13">
<h3>
<a href="#2020.09.18.13">2020.09.18.13 preview</a>
</h3>
@ -682,8 +703,10 @@
first official release of the Android Hardening project will be forced to factory
reset as part of this upgrade, due to lack of backwards compatibility with the
unaltered AOSP encryption format.</p>
</article>
<h3 id="2020.09.11.14">
<article id="2020.09.11.14">
<h3>
<a href="#2020.09.11.14">2020.09.11.14</a>
</h3>
@ -704,8 +727,10 @@
<ul>
<li>revert to using the Android 10 kernels on the devices that were switched over early due to backwards incompatible changes in some drivers</li>
</ul>
</article>
<h3 id="2020.09.10.05">
<article id="2020.09.10.05">
<h3>
<a href="#2020.09.10.05">2020.09.10.05 preview</a>
</h3>
@ -750,8 +775,10 @@
<ul>
<li>kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL): enable intra-object FORTIFY_SOURCE overflow checks</li>
</ul>
</article>
<h3 id="2020.08.07.01">
<article id="2020.08.07.01">
<h3>
<a href="#2020.08.07.01">2020.08.07.01</a>
</h3>
@ -765,8 +792,10 @@
<ul>
<li>SELinux policy: fix executing apk libraries as executables for third party applications</li>
</ul>
</article>
<h3 id="2020.08.03.22">
<article id="2020.08.03.22">
<h3>
<a href="#2020.08.03.22">2020.08.03.22</a>
</h3>
@ -795,8 +824,10 @@
<ul>
<li>kernel (Pixel 4, Pixel 4 XL): read-only data expansion</li>
</ul>
</article>
<h3 id="2020.07.06.20">
<article id="2020.07.06.20">
<h3>
<a href="#2020.07.06.20">2020.07.06.20</a>
</h3>
@ -828,8 +859,10 @@
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL): set PANIC_TIMEOUT to -1</li>
<li>kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL): disable SECURITY_SELINUX_DEVELOP</li>
</ul>
</article>
<h3 id="2020.06.22.21">
<article id="2020.06.22.21">
<h3>
<a href="#2020.06.22.21">2020.06.22.21</a>
</h3>
@ -868,8 +901,10 @@
<li>kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add back FORTIFY_SOURCE enhancements</li>
<li>kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): add back userspace ASLR improvements</li>
</ul>
</article>
<h3 id="2020.06.02.02">
<article id="2020.06.02.02">
<h3>
<a href="#2020.06.02.02">2020.06.02.02</a>
</h3>
@ -888,8 +923,10 @@
<li>Vanadium: update Chromium base to 83.0.4103.83</li>
<li>factory images: add fastboot version detection to flash-all.bat on Windows</li>
</ul>
</article>
<h3 id="2020.05.29.00">
<article id="2020.05.29.00">
<h3>
<a href="#2020.05.29.00">2020.05.29.00</a>
</h3>
@ -907,8 +944,10 @@
<li>revert attempt at fixing audio DeviceDescriptor sorting</li>
<li>hardened_malloc: temporarily disable SLOT_RANDOMIZE for audioserver to work around DeviceDescriptor sorting bug</li>
</ul>
</article>
<h3 id="2020.05.23.12">
<article id="2020.05.23.12">
<h3>
<a href="#2020.05.23.12">2020.05.23.12</a>
</h3>
@ -941,8 +980,10 @@
<ul>
<li>Settings: allow disabling Vanadium browser app via the Settings UI now that Trichrome (browser, WebView, shared library) has replaced Monochrome (monolithic app) for providing the WebView without having 2 copies of the browser engine</li>
</ul>
</article>
<h3 id="2020.05.05.02">
<article id="2020.05.05.02">
<h3>
<a href="#2020.05.05.02">2020.05.05.02</a>
</h3>
@ -974,8 +1015,10 @@
<ul>
<li>Vanadium: use 64-bit Trichrome browser processes</li>
</ul>
</article>
<h3 id="2020.04.14.23">
<article id="2020.04.14.23">
<h3>
<a href="#2020.04.14.23">2020.04.14.23</a>
</h3>
@ -991,8 +1034,10 @@
<li>Settings: remove unnecessary workaround for MAC randomization preference</li>
<li>Settings: tweak MAC randomization preference wording</li>
</ul>
</article>
<h3 id="2020.04.13.21">
<article id="2020.04.13.21">
<h3>
<a href="#2020.04.13.21">2020.04.13.21</a>
</h3>
@ -1020,8 +1065,10 @@
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): globally enable -ftrivial-auto-var-init=zero rather than porting our downstream -fsanitize=local-init feature</li>
<li>Vanadium: enable -ftrivial-auto-var-init=zero rather than porting our downstream -fsanitize=local-init feature</li>
</ul>
</article>
<h3 id="2020.04.07.10">
<article id="2020.04.07.10">
<h3>
<a href="#2020.04.07.10">2020.04.07.10</a>
</h3>
@ -1044,8 +1091,10 @@
<li>raise protected_fifos / protected_regular from 1 (world-writable directories) to 2 (group-writable directories too)</li>
<li>remove use of "Hey Google" as an example feature for battery saver in Settings</li>
</ul>
</article>
<h3 id="2020.03.23.22">
<article id="2020.03.23.22">
<h3>
<a href="#2020.03.23.22">2020.03.23.22</a>
</h3>
@ -1074,8 +1123,10 @@
<li>dexpreopt: use speed filter for boot images and non-prebuilts rather than unintentionally only setting it for prebuilts</li>
<li>dexpreopt: disable pre-optimization for apps bundled by android-prepare-vendor to work around unresolved issues with conflicting inlined definitions</li>
</ul>
</article>
<h3 id="2020.03.04.16">
<article id="2020.03.04.16">
<h3>
<a href="#2020.03.04.16">2020.03.04.16</a>
</h3>
@ -1092,8 +1143,10 @@
<li>Settings: avoid overriding MAC address with random persistent MAC address when viewing MAC address</li>
<li>finish porting support for per-connection random MAC rather than using the per-network random address</li>
</ul>
</article>
<h3 id="2020.03.03.03">
<article id="2020.03.03.03">
<h3>
<a href="#2020.03.03.03">2020.03.03.03</a>
</h3>
@ -1136,8 +1189,10 @@
<li>SELinux policy: remove system_server_startup domain</li>
<li>add LTE only mobile network configuration option</li>
</ul>
</article>
<h3 id="2020.02.07.19">
<article id="2020.02.07.19">
<h3>
<a href="#2020.02.07.19">2020.02.07.19</a>
</h3>
@ -1160,8 +1215,10 @@
<ul>
<li>WebView: use Vanadium WebView as provider</li>
</ul>
</article>
<h3 id="2020.02.04.01">
<article id="2020.02.04.01">
<h3>
<a href="#2020.02.04.01">2020.02.04.01</a>
</h3>
@ -1190,8 +1247,10 @@
<ul>
<li>add PIN scrambling feature</li>
</ul>
</article>
<h3 id="2020.01.06.21">
<article id="2020.01.06.21">
<h3>
<a href="#2020.01.06.21">2020.01.06.21</a>
</h3>
@ -1218,8 +1277,10 @@
<ul>
<li>Settings: expose control over USB peripheral denial feature</li>
</ul>
</article>
<h3 id="2019.12.02.23">
<article id="2019.12.02.23">
<h3>
<a href="#2019.12.02.23">2019.12.02.23</a>
</h3>
@ -1246,8 +1307,10 @@
<li>Launcher: rebranding</li>
<li>require unlocking to use work tile</li>
</ul>
</article>
<h3 id="2019.11.05.23">
<article id="2019.11.05.23">
<h3>
<a href="#2019.11.05.23">2019.11.05.23</a>
</h3>
@ -1263,8 +1326,10 @@
<li>Vanadium: fix Services preferences menu</li>
<li>WebView: avoid incompatibility due to wrong apk variant</li>
</ul>
</article>
<h3 id="2019.11.04.23">
<article id="2019.11.04.23">
<h3>
<a href="#2019.11.04.23">2019.11.04.23</a>
</h3>
@ -1301,8 +1366,10 @@
<li>add secondary stack randomization</li>
<li>kernel (Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): disable dynamic kernel module support (resulting in substantially improved CFI granularity)</li>
</ul>
</article>
<h3 id="2019.10.07.21">
<article id="2019.10.07.21">
<h3>
<a href="#2019.10.07.21">2019.10.07.21</a>
</h3>
@ -1331,8 +1398,10 @@
<ul>
<li>begin generating / uploading delta updates from the last release to the current release</li>
</ul>
</article>
<h3 id="2019.09.25.00">
<article id="2019.09.25.00">
<h3>
<a href="#2019.09.25.00">2019.09.25.00</a>
</h3>
@ -1349,8 +1418,10 @@
<li>fix granting Network and Sensors permissions at install time</li>
<li>fix wording for Network permission group</li>
</ul>
</article>
<h3 id="2019.09.23.19">
<article id="2019.09.23.19">
<h3>
<a href="#2019.09.23.19">2019.09.23.19</a>
</h3>
@ -1365,8 +1436,10 @@
<li>disable enforcing Runtime Resource Overlays for baseline overlays to work around incompatibility with exec spawning</li>
<li>enable exec spawning for com.android.phone again</li>
</ul>
</article>
<h3 id="2019.09.21.18">
<article id="2019.09.21.18">
<h3>
<a href="#2019.09.21.18">2019.09.21.18 preview</a>
</h3>
@ -1386,8 +1459,10 @@
<li>Pixel 2, Pixel 2 XL: enable increased system.img inode count</li>
<li>script: replace networkstack key</li>
</ul>
</article>
<h3 id="2019.09.18.14">
<article id="2019.09.18.14">
<h3>
<a href="#2019.09.18.14">2019.09.18.14 preview</a>
</h3>
@ -1414,8 +1489,10 @@
<li>add guard page between the stack and the new static TLS region</li>
<li>bionic: pthread_internal_t changes have not yet been ported over so that feature is temporarily gone</li>
</ul>
</article>
<h3 id="2019.08.25.15">
<article id="2019.08.25.15">
<h3>
<a href="#2019.08.25.15">2019.08.25.15</a>
</h3>
@ -1444,8 +1521,10 @@
<li>arm, x86 and x86_64 are now supported / tested architectures</li>
<li>generic and emulator build targets are now supported / tested for development usage (not suitable for secure production releases)</li>
</ul>
</article>
<h3 id="2019.08.05.19">
<article id="2019.08.05.19">
<h3>
<a href="#2019.08.05.19">2019.08.05.19</a>
</h3>
@ -1476,8 +1555,10 @@
<li>rename WebView provider to Vanadium</li>
<li>SELinux policy: label protected_{fifos,regular} as proc_security (this is needed for init to override the default values)</li>
</ul>
</article>
<h3 id="2019.07.16.22">
<article id="2019.07.16.22">
<h3>
<a href="#2019.07.16.22">2019.07.16.22</a>
</h3>
@ -1541,8 +1622,10 @@
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): slub: add support for verifying slab sanitization</li>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL): slub: add multi-purpose random canaries</li>
</ul>
</article>
<h3 id="2019.07.01.21">
<article id="2019.07.01.21">
<h3>
<a href="#2019.07.01.21">2019.07.01.21</a>
</h3>
@ -1569,8 +1652,10 @@
<li>Vanadium: stop ignoring download location prompt setting</li>
<li>Vanadium: show download prompt again by default</li>
</ul>
</article>
<h3 id="2019.06.23.05">
<article id="2019.06.23.05">
<h3>
<a href="#2019.06.23.05">2019.06.23.05</a>
</h3>
@ -1610,8 +1695,10 @@
<ul>
<li>Vanadium: do not enable default search engine notification permission by default</li>
</ul>
</article>
<h3 id="2019.06.14.02">
<article id="2019.06.14.02">
<h3>
<a href="#2019.06.14.02">2019.06.14.02</a>
</h3>
@ -1639,8 +1726,10 @@
<ul>
<li>kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL): replace SECURITY_SMACK with SECURITY_NETWORK</li>
</ul>
</article>
<h3 id="2019.06.03.18">
<article id="2019.06.03.18">
<h3>
<a href="#2019.06.03.18">2019.06.03.18</a>
</h3>
@ -1672,8 +1761,10 @@
<li>set deny_new_usb feature to dynamic by default</li>
<li>sepolicy: deny_new_usb sysctl and system property policy</li>
</ul>
</article>
<h3 id="2019.05.18.20">
<article id="2019.05.18.20">
<h3>
<a href="#2019.05.18.20">2019.05.18.20</a>
</h3>
@ -1707,8 +1798,10 @@
<li>disable JCA provider warm up for exec spawning</li>
<li>avoid AssetManager errors with exec spawning</li>
</ul>
</article>
<h3 id="2019.05.08.15">
<article id="2019.05.08.15">
<h3>
<a href="#2019.05.08.15">2019.05.08.15</a>
</h3>
@ -1723,8 +1816,10 @@
<ul>
<li>fix cellular, hotspot and battery saver quick settings tiles (they became no-ops when unlocked)</li>
</ul>
</article>
<h3 id="2019.05.07.00">
<article id="2019.05.07.00">
<h3>
<a href="#2019.05.07.00">2019.05.07.00</a>
</h3>
@ -1790,8 +1885,10 @@
<li>SELinux policy: auditallow untrusted_app_all app_data_file execute (moving back towards an exception system)</li>
<li>SELinux policy: auditallow untrusted_app_all app_data_file execute_no_trans (moving back towards an exception system)</li>
</ul>
</article>
<h3 id="2019.04.01.19">
<article id="2019.04.01.19">
<h3>
<a href="#2019.04.01.19">2019.04.01.19</a>
</h3>
@ -1802,8 +1899,10 @@
<p>Initial release of GrapheneOS. Detailed changelogs were not written at this
point.</p>
</article>
<h3 id="2019.03.05.03">
<article id="2019.03.05.03">
<h3>
<a href="#2019.03.05.03">2019.03.05.03</a>
</h3>
@ -1815,6 +1914,7 @@
<p>Final and only tagged release of the AndroidHardening project before it became
GrapheneOS. Earlier AndroidHardening releases were only snapshots and are not listed
here. Detailed changelogs were not written at this point.</p>
</article>
</section>
</main>
<footer>