diff --git a/.gitignore b/.gitignore index 1de1341..b28cf62 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ /dkopecek-usbguard-522c34c.tar.gz /dkopecek-usbguard-e528ff6.tar.gz /usbguard-0.7.0.tar.gz +/usbguard-0.7.1.tar.gz diff --git a/sources b/sources index 50ed7e9..1f21673 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (usbguard-0.7.0.tar.gz) = e0a63457011379f50cc5eb14516bb1b6192d5710c81e7fa9042b67c481514158811e761e982ad16a9b1fcae62c58e68574910da1a98be3a07e6c99f69d5c03c4 +SHA512 (usbguard-0.7.1.tar.gz) = c4eb133d3f2d87552789551d8df0a0910962713c42444b8218db858a83f4d9131d1e1c62923c7a0a249dab0517f4172c636d00e714eb0a23b08307adf9eb601a diff --git a/usbguard-0.7.1-disable-unused-result.patch b/usbguard-0.7.1-disable-unused-result.patch new file mode 100644 index 0000000..98c715e --- /dev/null +++ b/usbguard-0.7.1-disable-unused-result.patch @@ -0,0 +1,15 @@ +diff -up usbguard-0.7.1/configure.ac.disable-unused-result usbguard-0.7.1/configure.ac +--- usbguard-0.7.1/configure.ac.disable-unused-result 2017-12-05 12:47:27.531879954 +0100 ++++ usbguard-0.7.1/configure.ac 2017-12-05 12:48:21.582663544 +0100 +@@ -42,6 +42,11 @@ COMMON_WARNING_FLAGS+=" -Wformat-nonlite + COMMON_WARNING_FLAGS+=" -Wno-missing-field-initializers" + + # ++# Workaround https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425 ++# ++COMMON_WARNING_FLAGS+=" -Wno-unused-result" ++ ++# + # Don't warn about implicit fallthrough + # + # TODO: Use [[fallthrough]] C++ attribute specifier with diff --git a/usbguard-0.7.1-quiet-compiler-warnings.patch b/usbguard-0.7.1-quiet-compiler-warnings.patch new file mode 100644 index 0000000..0bd7c02 --- /dev/null +++ b/usbguard-0.7.1-quiet-compiler-warnings.patch @@ -0,0 +1,49 @@ +From e7f984bf1319df6059f09789c81cda877964ec24 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20Kope=C4=8Dek?= +Date: Tue, 5 Dec 2017 11:01:31 +0100 +Subject: [PATCH] Quiet compiler warnings + +...for function calls where we are not interested in the result. + +Addressing: +``` +src/Daemon/Daemon.cpp: In member function 'void usbguard::Daemon::run()': +src/Daemon/Daemon.cpp:498:12: error: ignoring return value of 'int lockf(int, int, __off_t)', declared with attribute warn_unused_result [-Werror=unused-result] + lockf(pid_fd, F_ULOCK, 0); + ~~~~~^~~~~~~~~~~~~~~~~~~~ +src/Daemon/Daemon.cpp: In member function 'void usbguard::Daemon::daemonize(const string&)': +src/Daemon/Daemon.cpp:571:10: error: ignoring return value of 'int chdir(const char*)', declared with attribute warn_unused_result [-Werror=unused-result] + chdir("/"); + ~~~~~^~~~~ +``` +--- + src/Daemon/Daemon.cpp | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/Daemon/Daemon.cpp b/src/Daemon/Daemon.cpp +index df318a5..be0e57e 100644 +--- a/src/Daemon/Daemon.cpp ++++ b/src/Daemon/Daemon.cpp +@@ -495,8 +495,8 @@ namespace usbguard + while (!exit_loop); + + if (pid_fd != -1) { +- lockf(pid_fd, F_ULOCK, 0); +- close(pid_fd); ++ (void)lockf(pid_fd, F_ULOCK, 0); ++ (void)close(pid_fd); + } + + IPCServer::stop(); +@@ -568,7 +568,7 @@ namespace usbguard + + /* Now we are forked 2nd time */ + umask(0047); /* no need for world-accessible or executable files */ +- chdir("/"); ++ (void)chdir("/"); + const std::array std_fds {{STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO}}; + int fd_null; + USBGUARD_SYSCALL_THROW("Daemonize", (fd_null = open("/dev/null", O_RDWR)) < 0); +-- +2.13.6 + diff --git a/usbguard-daemon.conf b/usbguard-daemon.conf index 9c44903..c096743 100644 --- a/usbguard-daemon.conf +++ b/usbguard-daemon.conf @@ -94,6 +94,18 @@ IPCAllowedGroups=wheel # DeviceRulesWithPort=false +# +# USBGuard Audit events log backend +# +# One of: +# +# * FileAudit - Log audit events into a file specified by +# AuditFilePath setting (see below) +# * LinuxAudit - Log audit events using the Linux Audit +# subsystem (using audit_log_user_message) +# +AuditBackend=FileAudit + # # USBGuard audit events log file path. # diff --git a/usbguard.spec b/usbguard.spec index 3714517..eba151f 100644 --- a/usbguard.spec +++ b/usbguard.spec @@ -4,15 +4,15 @@ %define with_dbus 1 Name: usbguard -Version: 0.7.0 -Release: 9%{?dist} +Version: 0.7.1 +Release: 1%{?dist} Summary: A tool for implementing USB device usage policy Group: System Environment/Daemons License: GPLv2+ ## Not installed # src/ThirdParty/Catch: Boost Software License - Version 1.0 -URL: https://dkopecek.github.io/usbguard -Source0: https://github.com/dkopecek/usbguard/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz +URL: https://usbguard.github.io/ +Source0: https://github.com/USBGuard/usbguard/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz Source1: usbguard-daemon.conf Requires: systemd @@ -30,6 +30,8 @@ BuildRequires: PEGTL-static BuildRequires: catch-devel BuildRequires: autoconf automake libtool BuildRequires: bash-completion +BuildRequires: asciidoctor +BuildRequires: audit-libs-devel # For `pkg-config systemd` only BuildRequires: systemd @@ -46,14 +48,11 @@ BuildRequires: libxslt BuildRequires: libxml2 %endif -%if 0%{?fedora} -BuildRequires: pandoc -%endif - Patch0: usbguard-0.6.3-disable-cast-align-warning.patch Patch1: usbguard-0.7.0-disable-unused-parameter-warning.patch -# Bug 1499052 - usbguard-daemon fails with kernel 4.13 -Patch2: usbguard-0.7.0-kernel-4.13-fix.patch +Patch2: usbguard-0.7.1-quiet-compiler-warnings.patch +# Workaround: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425 +Patch3: usbguard-0.7.1-disable-unused-result.patch %description The USBGuard software framework helps to protect your computer against rogue USB @@ -117,6 +116,7 @@ rm -rf src/ThirdParty/{Catch,PEGTL} %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build mkdir -p ./m4 @@ -167,7 +167,7 @@ find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';' %files %defattr(-,root,root,-) -%doc README.md CHANGELOG.md +%doc README.adoc CHANGELOG.md %license LICENSE %{_libdir}/*.so.* %{_sbindir}/usbguard-daemon @@ -228,6 +228,9 @@ find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';' %endif %changelog +* Wed Dec 06 2017 Daniel Kopeček - 0.7.1-1 +- Update to 0.7.1 + * Wed Nov 29 2017 Igor Gnatenko - 0.7.0-9 - Rebuild for protobuf 3.5