security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
3,807 Commits 2 Branches 4 Tags
Commit Graph

3807 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
15946d5ff9 disable traditional stateful TLS session cache 
This is useless for TLSv1.3 since there's no longer any distinction in
the protocol based on whether the server is using stateless or stateful
session resumption. OpenSSL has a non-standard anti-replay mechanism for
0-RTT based on stateful session resumption but 0-RTT still ends up being
a downgrade for the TLS security properties. nginx disables that feature
since otherwise 0-RTT wouldn't work with the default stateless approach.

Since this cache is only used for TLSv1.2 when stateless resumption
isn't disabled and nearly all TLSv1.2 clients support tickets, it isn't
getting any significant use. It provides worse forward secrecy than
tickets because we implement ticket key rotation based on the expiry
time and sessions aren't actively purged from the stateful cache when
they expire. Cached session state varies in size and nginx ends up
writing errors to the log when clearing out a session fails to make room
for a new one due to it being larger. It's best to finally get rid of
this flawed approach to session resumption.

TLSv1.3 provides the option of forward secrecy for resumed sessions and
it's the only approach that's normally enabled so we don't need to worry
about this anymore once TLSv1.2 is disabled as long as we never enable
0-RTT which weakens forward secrecy and other security properties.
 2022-04-30 22:53:28 -04:00
Daniel Micay
8fea46eb9f reorder release notes 2022-04-30 19:59:21 -04:00
Daniel Micay
4cdf8bffb9 new build number 2022043000 2022-04-30 19:59:02 -04:00
Daniel Micay
19c2bd62f2 consistently refer to Updater as System Updater 2022-04-30 18:03:00 -04:00
Daniel Micay
d982cbadf1 add Alpha channel 2022-04-30 18:01:24 -04:00
Daniel Micay
11a2bcf14d carriersettings-extractor cleanup 2022-04-30 18:01:07 -04:00
Daniel Micay
382c892a9c add missing context 2022-04-29 21:26:47 -04:00
Daniel Micay
adba2296ad update Chromium to 101.0.4951.41 2022-04-29 18:58:23 -04:00
Daniel Micay
8385671123 nearby devices gmscompat improvements 2022-04-29 18:14:34 -04:00
Daniel Micay
dccf64a07d improve gmscompat UI 2022-04-29 18:13:42 -04:00
Daniel Micay
af0888aff9 remove NGA feature declaration 2022-04-29 17:23:41 -04:00
dependabot[bot]
db11e3801f Bump stylelint from 14.8.0 to 14.8.1 
Bumps [stylelint](https://github.com/stylelint/stylelint) from 14.8.0 to 14.8.1.
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/14.8.0...14.8.1)

---
updated-dependencies:
- dependency-name: stylelint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-29 17:23:14 -04:00
dependabot[bot]
5322d57ceb Bump terser from 5.13.0 to 5.13.1 
Bumps [terser](https://github.com/terser/terser) from 5.13.0 to 5.13.1.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.13.0...v5.13.1)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-29 17:23:09 -04:00
Daniel Micay
e58321d4f4 Camera version 29 2022-04-28 22:15:05 -04:00
Daniel Micay
a4c2a99310 Camera version 28 2022-04-27 20:39:16 -04:00
Daniel Micay
27efd1bccd GrapheneOS Camera Night mode was renamed 2022-04-27 05:02:46 -04:00
Daniel Micay
5dc55ff6ee Camera version 26 2022-04-26 22:46:27 -04:00
Daniel Micay
a46d4a4018 Camera version 25 2022-04-26 16:39:05 -04:00
Daniel Micay
2b4a70bc2d document carrier configuration improvements 2022-04-26 15:41:49 -04:00
Daniel Micay
1b311d5252 document support for disabling user installed apps 2022-04-26 15:38:38 -04:00
Daniel Micay
c715609bc4 document additional service changes/toggles 2022-04-26 15:38:29 -04:00
Daniel Micay
526089d44f clarify device model check 2022-04-26 15:38:23 -04:00
dependabot[bot]
128dad3c97 Bump terser from 5.12.1 to 5.13.0 
Bumps [terser](https://github.com/terser/terser) from 5.12.1 to 5.13.0.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.12.1...v5.13.0)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-26 15:03:40 -04:00
dependabot[bot]
6f1365a95c Bump stylelint from 14.7.1 to 14.8.0 
Bumps [stylelint](https://github.com/stylelint/stylelint) from 14.7.1 to 14.8.0.
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/14.7.1...14.8.0)

---
updated-dependencies:
- dependency-name: stylelint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-26 15:03:21 -04:00
Daniel Micay
ce134d85e0 reword 2022-04-26 12:32:58 -04:00
Daniel Micay
cfcb9fba95 reorder release notes 2022-04-26 12:21:58 -04:00
Daniel Micay
a67959fb82 publish new release notes 2022-04-26 12:14:54 -04:00
Daniel Micay
315edb1fe4 new build number 2022-04-26 05:52:02 -04:00
lberrymage
178fe05297 Remove note about Play Store uninstallation stalling 
The Play Store no longer stalls when uninstalling an app if the user
rejects the request as of 2022041900, so we can remove this section.
 2022-04-25 23:24:39 -04:00
lberrymage
246971b3f8 Add missing hyperlink to 2022042000 release notes 2022-04-25 23:24:23 -04:00
Daniel Micay
cb8f658f2d minor Vanadium tweak 2022-04-25 21:15:12 -04:00
Daniel Micay
7ecfae89fd sandboxed Google Play location compat improvement 2022-04-25 21:10:51 -04:00
dependabot[bot]
6578d281fc Bump eslint from 8.13.0 to 8.14.0 
Bumps [eslint](https://github.com/eslint/eslint) from 8.13.0 to 8.14.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.13.0...v8.14.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-25 21:10:49 -04:00
Daniel Micay
f394a16099 factory images flashing script improvements 2022-04-24 19:36:39 -04:00
Daniel Micay
51bc3876bc adevtool update 2022-04-24 19:09:29 -04:00
Daniel Micay
5e6dd117f0 talkback rebuild 2022-04-24 18:19:47 -04:00
Daniel Micay
1da5a2a8c3 support disabling non-system apps 2022-04-24 17:08:53 -04:00
Daniel Micay
61b322a11b Apps version 6 for next release 2022-04-24 17:08:44 -04:00
Daniel Micay
cd3b4536f1 potentially fix visual voicemail for some carriers 2022-04-24 14:17:17 -04:00
Daniel Micay
a02a6d47c5 update VVM configurations 2022-04-24 13:48:51 -04:00
Daniel Micay
8eb2599b24 clarify crosshatch/blueline attestation change 2022-04-24 13:23:45 -04:00
Daniel Micay
370b649ec3 update MMS configuration db 2022-04-24 12:07:55 -04:00
Daniel Micay
c2e0fa6a7a Camera version 24 2022-04-23 22:09:24 -04:00
Daniel Micay
9c8d9fd0bc add missing key provisioning proxy change 2022-04-23 18:42:37 -04:00
Daniel Micay
22914e466c Camera v23 2022-04-21 20:38:06 -04:00
smdyv
367880caf5 Normalize line height of hero title 
We want consistent white space between the hero text and its neighboring
elements.
 2022-04-21 13:41:18 -04:00
smdyv
66fcee80ef Apply M3 body large typography to the body 
This increases the white space between different lines and between
individual letters. It provides a more modern look and feel for the
user, which makes it easier to digest the content.
 2022-04-21 13:06:03 -04:00
Daniel Micay
ccebae1553 backport upstream hardware attestation workaround 2022-04-21 11:02:54 -04:00
Daniel Micay
b23dce6d2e Camera version 22 2022-04-20 17:54:28 -04:00
Daniel Micay
5db66a0860 publish new release notes 2022-04-20 03:30:13 -04:00