security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
3,787 Commits 2 Branches 4 Tags
Commit Graph

3787 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
43f9f22856 add file locking to deploy/process scripts 2022-05-05 00:19:01 -04:00
dependabot[bot]
a255769f61 Bump stylelint from 14.8.1 to 14.8.2 
Bumps [stylelint](https://github.com/stylelint/stylelint) from 14.8.1 to 14.8.2.
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/14.8.1...14.8.2)

---
updated-dependencies:
- dependency-name: stylelint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-04 15:33:32 -04:00
Daniel Micay
b4af21f07c fix raviole boosted color mode settings string 2022-05-04 11:20:09 -04:00
Daniel Micay
0bb095fd35 fix factory image script non-bash /bin/sh compat 2022-05-04 08:15:54 -04:00
Daniel Micay
8d0f837518 adevtool improvements 2022-05-04 01:55:11 -04:00
flawedworld
f01c2ba086 Update Qualcomm PSDS S3 URLs based on reverse engineering results 2022-05-04 01:32:15 -04:00
Daniel Micay
c112c660da whitespace / text wrapping fixes 2022-05-03 20:14:03 -04:00
flawedworld
d4c56f74ab Document GSMA TS.43 carriers 2022-05-03 19:26:42 -04:00
Daniel Micay
d2fc01a154 enable thread pool AIO support 2022-05-03 19:20:58 -04:00
Daniel Micay
bbe68dc7af fix wording 2022-05-03 13:43:26 -04:00
Daniel Micay
de99492cd2 expand Camera privacy policy 2022-05-03 13:26:34 -04:00
Daniel Micay
8d7adb343f publish new release notes 2022-05-03 12:09:37 -04:00
Daniel Micay
f8ca435473 new build number 2022050301 2022-05-03 11:14:42 -04:00
Daniel Micay
8b7e8c96a5 add privacy indicator exemption for Phone services 2022-05-03 10:39:34 -04:00
Daniel Micay
e7efc21340 drop configuration for clearing legacy push cookie 2022-05-03 00:25:07 -04:00
Daniel Micay
5bdd465faf fix typo in most recent tag list 2022-05-02 22:07:52 -04:00
Daniel Micay
af5d46305e make recent tag lists consistent 2022-05-02 22:07:21 -04:00
Daniel Micay
ee5580d7f9 publish new release notes 2022-05-02 21:58:01 -04:00
Daniel Micay
5b6160de4b add last release to table of contents 2022-05-02 21:54:51 -04:00
Daniel Micay
7f8ba8d051 new build number 2022-05-02 21:54:03 -04:00
Daniel Micay
533d2fa293 compatibility fix for adevtool 2022-05-02 21:04:04 -04:00
Daniel Micay
d5f3ebfb3f split up dependencies again 2022-05-02 20:54:41 -04:00
flawedworld
2c22bc7c36 Update adevtool docs 2022-05-02 20:12:52 -04:00
lberrymage
69d4037084 Note that the GrapheneOS app repo is implemented 2022-05-02 20:07:43 -04:00
Daniel Micay
133e286c2a prepare release notes for monthly update 2022-05-02 20:05:03 -04:00
Daniel Micay
271d04b876 add resolver setup to baseline configuration 2022-05-02 04:09:18 -04:00
Daniel Micay
8c360de379 Camera version 30 2022-05-01 23:57:55 -04:00
Daniel Micay
d13c519793 screenshot EXIF metadata reduction feature 2022-05-01 06:00:08 -04:00
Daniel Micay
5c6a25663d clarify alpha channel 2022-05-01 05:20:52 -04:00
Daniel Micay
abd10716eb publish new release notes 2022-05-01 04:46:33 -04:00
Daniel Micay
15946d5ff9 disable traditional stateful TLS session cache 
This is useless for TLSv1.3 since there's no longer any distinction in
the protocol based on whether the server is using stateless or stateful
session resumption. OpenSSL has a non-standard anti-replay mechanism for
0-RTT based on stateful session resumption but 0-RTT still ends up being
a downgrade for the TLS security properties. nginx disables that feature
since otherwise 0-RTT wouldn't work with the default stateless approach.

Since this cache is only used for TLSv1.2 when stateless resumption
isn't disabled and nearly all TLSv1.2 clients support tickets, it isn't
getting any significant use. It provides worse forward secrecy than
tickets because we implement ticket key rotation based on the expiry
time and sessions aren't actively purged from the stateful cache when
they expire. Cached session state varies in size and nginx ends up
writing errors to the log when clearing out a session fails to make room
for a new one due to it being larger. It's best to finally get rid of
this flawed approach to session resumption.

TLSv1.3 provides the option of forward secrecy for resumed sessions and
it's the only approach that's normally enabled so we don't need to worry
about this anymore once TLSv1.2 is disabled as long as we never enable
0-RTT which weakens forward secrecy and other security properties.
 2022-04-30 22:53:28 -04:00
Daniel Micay
8fea46eb9f reorder release notes 2022-04-30 19:59:21 -04:00
Daniel Micay
4cdf8bffb9 new build number 2022043000 2022-04-30 19:59:02 -04:00
Daniel Micay
19c2bd62f2 consistently refer to Updater as System Updater 2022-04-30 18:03:00 -04:00
Daniel Micay
d982cbadf1 add Alpha channel 2022-04-30 18:01:24 -04:00
Daniel Micay
11a2bcf14d carriersettings-extractor cleanup 2022-04-30 18:01:07 -04:00
Daniel Micay
382c892a9c add missing context 2022-04-29 21:26:47 -04:00
Daniel Micay
adba2296ad update Chromium to 101.0.4951.41 2022-04-29 18:58:23 -04:00
Daniel Micay
8385671123 nearby devices gmscompat improvements 2022-04-29 18:14:34 -04:00
Daniel Micay
dccf64a07d improve gmscompat UI 2022-04-29 18:13:42 -04:00
Daniel Micay
af0888aff9 remove NGA feature declaration 2022-04-29 17:23:41 -04:00
dependabot[bot]
db11e3801f Bump stylelint from 14.8.0 to 14.8.1 
Bumps [stylelint](https://github.com/stylelint/stylelint) from 14.8.0 to 14.8.1.
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/14.8.0...14.8.1)

---
updated-dependencies:
- dependency-name: stylelint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-29 17:23:14 -04:00
dependabot[bot]
5322d57ceb Bump terser from 5.13.0 to 5.13.1 
Bumps [terser](https://github.com/terser/terser) from 5.13.0 to 5.13.1.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.13.0...v5.13.1)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-29 17:23:09 -04:00
Daniel Micay
e58321d4f4 Camera version 29 2022-04-28 22:15:05 -04:00
Daniel Micay
a4c2a99310 Camera version 28 2022-04-27 20:39:16 -04:00
Daniel Micay
27efd1bccd GrapheneOS Camera Night mode was renamed 2022-04-27 05:02:46 -04:00
Daniel Micay
5dc55ff6ee Camera version 26 2022-04-26 22:46:27 -04:00
Daniel Micay
a46d4a4018 Camera version 25 2022-04-26 16:39:05 -04:00
Daniel Micay
2b4a70bc2d document carrier configuration improvements 2022-04-26 15:41:49 -04:00
Daniel Micay
1b311d5252 document support for disabling user installed apps 2022-04-26 15:38:38 -04:00