rpms/usbguard
6
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL 9.0.0 Alpha bootstrap

Browse Source 
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/usbguard#4f397875d0f8d572f3e8713572af02c6361fe3d0
This commit is contained in:
Troy Dawson 2020-10-15 13:18:00 -07:00
parent 399f7b3fd0
commit 87c3bf2528
7 changed files with 721 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.gitignore vendored
View File

@ -0,0 +1,21 @@
/usbguard-0.5.10.tar.gz
/usbguard-0.5.11.tar.gz
/usbguard-0.5.12.tar.gz
/usbguard-0.5.13.tar.gz
/usbguard-0.5.14.tar.gz
/usbguard-0.6.0.tar.gz
/usbguard-0.6.1.tar.gz
/usbguard-0.6.2.tar.gz
/dkopecek-usbguard-fcde518.tar.gz
/dkopecek-usbguard-522c34c.tar.gz
/dkopecek-usbguard-e528ff6.tar.gz
/usbguard-0.7.0.tar.gz
/usbguard-0.7.1.tar.gz
/usbguard-0.7.2.tar.gz
/usbguard-0.7.6.tar.gz
/usbguard-selinux-0.0.1.tar.gz
/usbguard-selinux-0.0.2.tar.gz
/usbguard-0.7.7.tar.gz
/usbguard-selinux-0.0.3.tar.gz
/usbguard-0.7.8.tar.gz
/usbguard-selinux-0.0.4.tar.gz

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (usbguard-0.7.8.tar.gz) = 315c25ed7eb61cc0920047836dcca035cb07aecb6dfece9e4f6dc2ad61aaf6fdbf86898e43493958f3d12a146eb4c8f88b90bb246da0df83bb2097ce5b853e88
SHA512 (usbguard-selinux-0.0.4.tar.gz) = b73b14396e40f847704511097bfed17c94b9b28cc70f3391a6effab763a315fe723aba37bb4c622d18ab691306c485fcd7632ccc8a837413f32c73cd9879c8b0

13
tests/tests.yml Normal file
View File

@ -0,0 +1,13 @@
---
# Test to run in classic context
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
repositories:
- repo: "https://github.com/RedHat-SP-Security/tests"
dest: "tests"
fmf_filter: "component: usbguard"
required_packages:
- beakerlib-libraries

191
usbguard-daemon.conf Normal file
View File

@ -0,0 +1,191 @@
#
# Rule set file path.
#
# The USBGuard daemon will use this file to load the policy
# rule set from it and to write new rules received via the
# IPC interface.
#
# RuleFile=/path/to/rules.conf
#
RuleFile=/etc/usbguard/rules.conf
#
# Rule set folder path.
#
# The USBGuard daemon will use this folder to load the policy
# rule set from it and to write new rules received via the
# IPC interface.
#
# RuleFolder=/path/to/rulesfolder/
#
RuleFolder=/etc/usbguard/rules.d/
#
# Implicit policy target.
#
# How to treat devices that don't match any rule in the
# policy. One of:
#
# * allow - authorize the device
# * block - block the device
# * reject - remove the device
#
ImplicitPolicyTarget=block
#
# Present device policy.
#
# How to treat devices that are already connected when the
# daemon starts. One of:
#
# * allow - authorize every present device
# * block - deauthorize every present device
# * reject - remove every present device
# * keep - just sync the internal state and leave it
# * apply-policy - evaluate the ruleset for every present
# device
#
PresentDevicePolicy=apply-policy
#
# Present controller policy.
#
# How to treat USB controllers that are already connected
# when the daemon starts. One of:
#
# * allow - authorize every present device
# * block - deauthorize every present device
# * reject - remove every present device
# * keep - just sync the internal state and leave it
# * apply-policy - evaluate the ruleset for every present
# device
#
PresentControllerPolicy=keep
#
# Inserted device policy.
#
# How to treat USB devices that are already connected
# *after* the daemon starts. One of:
#
# * block - deauthorize every present device
# * reject - remove every present device
# * apply-policy - evaluate the ruleset for every present
# device
#
InsertedDevicePolicy=apply-policy
#
# Restore controller device state.
#
# The USBGuard daemon modifies some attributes of controller
# devices like the default authorization state of new child device
# instances. Using this setting, you can controll whether the
# daemon will try to restore the attribute values to the state
# before modificaton on shutdown.
#
# SECURITY CONSIDERATIONS: If set to true, the USB authorization
# policy could be bypassed by performing some sort of attack on the
# daemon (via a local exploit or via a USB device) to make it shutdown
# and restore to the operating-system default state (known to be permissive).
#
RestoreControllerDeviceState=false
#
# Device manager backend
#
# Which device manager backend implementation to use. One of:
#
# * uevent - Netlink based implementation which uses sysfs to scan for present
# devices and an uevent netlink socket for receiving USB device
# related events.
# * dummy - A dummy device manager which simulates several devices and device
# events. Useful for testing.
#
DeviceManagerBackend=uevent
#!!! WARNING: It's good practice to set at least one of the !!!
#!!! two options bellow. If none of them are set, !!!
#!!! the daemon will accept IPC connections from !!!
#!!! anyone, thus allowing anyone to modify the !!!
#!!! rule set and (de)authorize USB devices. !!!
#
# Users allowed to use the IPC interface.
#
# A space delimited list of usernames that the daemon will
# accept IPC connections from.
#
# IPCAllowedUsers=username1 username2 ...
#
IPCAllowedUsers=root
#
# Groups allowed to use the IPC interface.
#
# A space delimited list of groupnames that the daemon will
# accept IPC connections from.
#
# IPCAllowedGroups=groupname1 groupname2 ...
#
IPCAllowedGroups=wheel
#
# IPC access control definition files path.
#
# The files at this location will be interpreted by the daemon
# as access control definition files. The (base)name of a file
# should be in the form:
#
# [user][:<group>]
#
# and should contain lines in the form:
#
# <section>=[privilege] ...
#
# This way each file defines who is able to connect to the IPC
# bus and what privileges he has.
#
IPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/
#
# Generate device specific rules including the "via-port"
# attribute.
#
# This option modifies the behavior of the allowDevice
# action. When instructed to generate a permanent rule,
# the action can generate a port specific rule. Because
# some systems have unstable port numbering, the generated
# rule might not match the device after rebooting the system.
#
# If set to false, the generated rule will still contain
# the "parent-hash" attribute which also defines an association
# to the parent device. See usbguard-rules.conf(5) for more
# details.
#
DeviceRulesWithPort=false
#
# USBGuard Audit events log backend
#
# One of:
#
# * FileAudit - Log audit events into a file specified by
# AuditFilePath setting (see below)
# * LinuxAudit - Log audit events using the Linux Audit
# subsystem (using audit_log_user_message)
#
AuditBackend=FileAudit
#
# USBGuard audit events log file path.
#
AuditFilePath=/var/log/usbguard/usbguard-audit.log
#
# Hides personally identifiable information such as device serial numbers and
# hashes of descriptors (which include the serial number) from audit entries.
#
HidePII=false

34
usbguard-forking-style.patch Normal file
View File

@ -0,0 +1,34 @@
diff -up ./usbguard.service.in.forking ./usbguard.service.in
--- ./usbguard.service.in.forking 2020-06-17 20:07:04.720564149 +0200
+++ ./usbguard.service.in 2020-06-17 20:10:00.744063846 +0200
@@ -8,11 +8,12 @@ AmbientCapabilities=
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER
DeviceAllow=/dev/null rw
DevicePolicy=strict
-ExecStart=%sbindir%/usbguard-daemon -k -c %sysconfdir%/usbguard/usbguard-daemon.conf
+ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
+PIDFile=/var/run/usbguard.pid
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
@@ -20,14 +21,14 @@ ProtectHome=yes
ProtectKernelModules=yes
ProtectSystem=yes
ReadOnlyPaths=-/
-ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/
+ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run
Restart=on-failure
RestrictAddressFamilies=AF_UNIX AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
-Type=simple
+Type=forking
UMask=0077
[Install]

13
usbguard-service-fips.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up ./usbguard.service.in.service-fips ./usbguard.service.in
--- ./usbguard.service.in.service-fips 2020-06-22 10:44:44.815860376 +0200
+++ ./usbguard.service.in 2020-06-22 10:45:07.699135514 +0200
@@ -6,8 +6,7 @@ Documentation=man:usbguard-daemon(8)
[Service]
AmbientCapabilities=
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER
-DeviceAllow=/dev/null rw
-DevicePolicy=strict
+DevicePolicy=closed
ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
IPAddressDeny=any
LockPersonality=yes

447
usbguard.spec Normal file
View File

@ -0,0 +1,447 @@
%global selinuxtype targeted
%global moduletype contrib
%define semodule_version 0.0.4
Name: usbguard
Version: 0.7.8
Release: 5%{?dist}
Summary: A tool for implementing USB device usage policy
License: GPLv2+
## Not installed
# src/ThirdParty/Catch: Boost Software License - Version 1.0
URL: https://usbguard.github.io/
Source0: https://github.com/USBGuard/usbguard/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/USBGuard/usbguard/releases/download/%{name}-selinux-%{semodule_version}/%{name}-selinux-%{semodule_version}.tar.gz
Source2: usbguard-daemon.conf
Requires: systemd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
Recommends: %{name}-selinux
Obsoletes: %{name}-applet-qt < 0.7.6
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: libqb-devel
BuildRequires: libgcrypt-devel
BuildRequires: libstdc++-devel
BuildRequires: protobuf-devel protobuf-compiler
BuildRequires: PEGTL-static
BuildRequires: catch1-devel
BuildRequires: autoconf automake libtool
BuildRequires: bash-completion
BuildRequires: asciidoc
BuildRequires: audit-libs-devel
# For `pkg-config systemd` only
BuildRequires: systemd
Patch1: usbguard-forking-style.patch
Patch2: usbguard-service-fips.patch
%description
The USBGuard software framework helps to protect your computer against rogue USB
devices by implementing basic whitelisting/blacklisting capabilities based on
USB device attributes.
%package devel
Summary: Development files for %{name}
Requires: %{name} = %{version}-%{release}
Requires: pkgconfig
Requires: libstdc++-devel
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package tools
Summary: USBGuard Tools
Requires: %{name} = %{version}-%{release}
%description tools
The %{name}-tools package contains optional tools from the USBGuard
software framework.
# dbus
%package dbus
Summary: USBGuard D-Bus Service
Requires: %{name} = %{version}-%{release}
BuildRequires: dbus-glib-devel
BuildRequires: dbus-devel
BuildRequires: glib2-devel
BuildRequires: polkit-devel
BuildRequires: libxslt
BuildRequires: libxml2
Requires: dbus
Requires: polkit
%description dbus
The %{name}-dbus package contains an optional component that provides
a D-Bus interface to the USBGuard daemon component.
%package selinux
Summary: USBGuard selinux
Group: Applications/System
Requires: %{name} = %{version}-%{release}
BuildRequires: selinux-policy
BuildRequires: selinux-policy-devel
BuildArch: noarch
%{?selinux_requires}
%description selinux
The %{name}-selinux package contains selinux policy for the USBGuard
daemon.
# usbguard
%prep
%setup -q
# selinux
%setup -q -D -T -a 1
%patch1 -p1 -b .service1
%patch2 -p1 -b .service2
# Remove bundled library sources before build
rm -rf src/ThirdParty/{Catch,PEGTL}
%build
mkdir -p ./m4
autoreconf -i -v --no-recursive ./
%configure \
--disable-silent-rules \
--without-bundled-catch \
--without-bundled-pegtl \
--enable-systemd \
--with-dbus \
--with-polkit \
--with-crypto-library=gcrypt
make %{?_smp_mflags}
# selinux
pushd %{name}-selinux-%{semodule_version}
make
popd
%check
make check
# selinux
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%install
make install INSTALL='install -p' DESTDIR=%{buildroot}
# Overwrite configuration with distribution defaults
mkdir -p %{buildroot}%{_sysconfdir}/usbguard
mkdir -p %{buildroot}%{_sysconfdir}/usbguard/rules.d
mkdir -p %{buildroot}%{_sysconfdir}/usbguard/IPCAccessControl.d
install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf
# selinux
install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
install -m 0644 %{name}-selinux-%{semodule_version}/%{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
install -p -m 644 %{name}-selinux-%{semodule_version}/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if
# Cleanup
find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';'
%preun
%systemd_preun usbguard.service
%post
%{?ldconfig}
%systemd_post usbguard.service
%postun
%{?ldconfig}
%systemd_postun usbguard.service
%files
%doc README.adoc CHANGELOG.md
%license LICENSE
%{_libdir}/*.so.*
%{_sbindir}/usbguard-daemon
%{_bindir}/usbguard
%dir %{_localstatedir}/log/usbguard
%dir %{_sysconfdir}/usbguard
%dir %{_sysconfdir}/usbguard/rules.d/
%dir %{_sysconfdir}/usbguard/IPCAccessControl.d
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf
%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf
%{_unitdir}/usbguard.service
%{_datadir}/man/man8/usbguard-daemon.8.gz
%{_datadir}/man/man5/usbguard-daemon.conf.5.gz
%{_datadir}/man/man5/usbguard-rules.conf.5.gz
%{_datadir}/man/man1/usbguard.1.gz
%{_datadir}/bash-completion/completions/usbguard
%files devel
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%files tools
%{_bindir}/usbguard-rule-parser
# dbus
%files dbus
%{_sbindir}/usbguard-dbus
%{_datadir}/dbus-1/system-services/org.usbguard1.service
%{_datadir}/dbus-1/system.d/org.usbguard1.conf
%{_datadir}/polkit-1/actions/org.usbguard1.policy
%{_unitdir}/usbguard-dbus.service
%{_mandir}/man8/usbguard-dbus.8.gz
%preun dbus
%systemd_preun usbguard-dbus.service
%post dbus
%systemd_post usbguard-dbus.service
%postun dbus
%systemd_postun_with_restart usbguard-dbus.service
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if
%post selinux
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{name}
fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
%changelog
* Thu Sep 24 2020 Adrian Reber <adrian@lisas.de> - 0.7.8-5
- Rebuilt for protobuf 3.13
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jun 24 2020 Radovan Sroka <rsroka@redhat.com> - 0.7.8-3
- rebase selinux tarball to v0.0.4
- enable forking style in unit file
- set DevicePolicy to closed in unit file
- usbguard prevented from writing conf via dontaudit rule
Resolves: rhbz#1804713
Resolves: rhbz#1789923
* Sun Jun 14 2020 Adrian Reber <adrian@lisas.de> - 0.7.8-2
- Rebuilt for protobuf 3.12
* Tue May 19 2020 Radovan Sroka <rsroka@redhat.com> - 0.7.8-1
- rebase usbguard to 0.7.8
- rebase usbguard-selinux to 0.0.3
- added rules.d/ directory
Resolves: rhbz#1808527
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.6-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Dec 19 2019 Orion Poplawski <orion@nwra.com> - 0.7.6-7
- Rebuild for protobuf 3.11
* Wed Dec 18 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-6
- fix selinux problems
* Mon Dec 02 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-5
- obsolete applet-qt subpackage
* Mon Nov 25 2019 Attila Lakatos <alakatos@redhat.com> - 0.7.6-4
- added patch for libqb related permission issues
resolves: rhbz#1776357
- added patch to ensure that usbguard-daemons is still running after locked screen
resolves: rhbz#1751861
- added patch to fix permanent device policy changes
* Wed Nov 13 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-3
- fixed typo in specfile
- usbguard.conf was generated incorrectly
* Wed Nov 13 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-2
- added selinux subpackage
* Mon Nov 11 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-1
- rebase to 0.7.6
- removed usbguard-applet subpackage which is not in upstream anymore
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 21 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.7.2-6
- Rebuild for protobuf 3.6
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Apr 05 2018 Daniel Kopeček <dkopecek@redhat.com> - 0.7.2-4
- Update to latest PEGTL API
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Jan 23 2018 Daniel Kopeček <dkopecek@redhat.com> - 0.7.2-2
- Escape rpm macros mentioned in changelog section
* Tue Jan 23 2018 Daniel Kopeček <dkopecek@redhat.com> - 0.7.2-1
- Update to 0.7.2
- Don't use --enable-werror downstream
- Removed patches related to compiler warnings
* Mon Jan 15 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.7.1-2
- catch catch1
* Wed Dec 06 2017 Daniel Kopeček <dkopecek@redhat.com> - 0.7.1-1
- Update to 0.7.1
* Wed Nov 29 2017 Igor Gnatenko <ignatenko@redhat.com> - 0.7.0-9
- Rebuild for protobuf 3.5
* Mon Nov 13 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.7.0-8
- Rebuild for protobuf 3.4
* Mon Oct 16 2017 Daniel Kopeček <dkopecek@redhat.com> 0.7.0-7
- Fix enumeration timeout on kernel >= 4.13
Resolves: rhbz#1499052
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Thu Jul 13 2017 Daniel Kopeček <dkopecek@redhat.com> 0.7.0-4
- Added patch to disable unused parameter warning for protobuf
generated sources to fix compilation with newer protobuf version
* Tue Jun 13 2017 Orion Poplawski <orion@cora.nwra.com> - 0.7.0-3
- Rebuild for protobuf 3.3.1
* Mon May 15 2017 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild
* Thu Apr 13 2017 Daniel Kopeček <dkopecek@redhat.com> 0.7.0-1
- Update to 0.7.0
- changed PresentDevicePolicy setting from keep to apply-policy
- added AuditFilePath configuration option pointing to
/var/log/usbguard/usbguard-audit.log file
- install bash-completion script
- use 0600 file permissions for usbguard-daemon.conf and rules.conf
* Sun Mar 19 2017 Daniel Kopeček <dkopecek@redhat.com> 0.6.3-0.1.20170319
- Update to latest git snapshot
* Fri Mar 17 2017 Daniel Kopeček <dkopecek@redhat.com> 0.6.3-0.1.20170317
- Update to latest git snapshot
- Use --enable-werror configure option as the upstream default
changed to not use -Werror.
* Thu Mar 02 2017 Daniel Kopeček <dkopecek@redhat.com> 0.6.3-0.1.20170301
- Update to latest git snapshot
- Disabled upstream alignment warning compiler flag
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Jan 26 2017 Orion Poplawski <orion@cora.nwra.com> - 0.6.2-3
- Rebuild for protobuf 3.2.0
* Sat Nov 19 2016 Orion Poplawski <orion@cora.nwra.com> - 0.6.2-2
- Rebuild for protobuf 3.1.0
* Sun Sep 18 2016 Daniel Kopeček <dkopecek@redhat.com> 0.6.2-1
- Update to 0.6.2
* Fri Sep 16 2016 Daniel Kopeček <dkopecek@redhat.com> 0.6.1-1
- Update to 0.6.1
* Sun Sep 04 2016 Daniel Kopeček <dkopecek@redhat.com> 0.6.0-1
- Update to 0.6.0
* Thu Aug 18 2016 Daniel Kopeček <dkopecek@redhat.com> 0.5.14-1
- Update to 0.5.14
* Tue Aug 16 2016 Daniel Kopeček <dkopecek@redhat.com> 0.5.13-1
- Update to 0.5.13
* Sun Aug 14 2016 Daniel Kopeček <dkopecek@redhat.com> 0.5.12-1
- Update to 0.5.12
* Sat Aug 13 2016 Daniel Kopeček <dkopecek@redhat.com> 0.5.11-2
- Update source tarball
- Ship CHANGELOG.md
* Sat Aug 13 2016 Daniel Kopeček <dkopecek@redhat.com> 0.5.11-1
- Update to 0.5.11
- Use libgcrypt instead of libsodium for crypto
* Thu Jul 21 2016 Daniel Kopecek <dkopecek@redhat.com> 0.5.10-2
- Adjust the default configuration to keep the authorization state
of present controller devices.
* Sat Jul 09 2016 Daniel Kopecek <dkopecek@redhat.com> 0.5.10-1
- Update to release 0.5.10
* Mon Mar 07 2016 Remi Collet <remi@fedoraproject.org> - 0.4-5
- rebuild for new libsodium soname
* Sun Feb 07 2016 Daniel Kopecek <dkopecek@redhat.com> 0.4-4
- Update to version 0.4
- added usbguard CLI
- added a tools subpackage with usbguard-rule-parser binary
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.3p3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3p3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Apr 14 2015 Daniel Kopecek <dkopecek@redhat.com> 0.3p3-1
- Update to version 0.3p3
- added %%check section
- removed explicit -devel requires on systemd, libqb and
libsodium devel files
- added -devel requires on libstdc++-devel
* Sat Apr 11 2015 Daniel Kopecek <dkopecek@redhat.com> 0.3p2-1
- Update to version 0.3p2
- use system-wide json and spdlog packages
* Fri Apr 10 2015 Daniel Kopecek <dkopecek@redhat.com> 0.3p1-1
- Update to version 0.3p1
- removed bundled cppformat copylib
* Thu Apr 09 2015 Daniel Kopecek <dkopecek@redhat.com> 0.3-1
- Update to version 0.3
- disabled silent rules
- install license file
- added man pages
- use _hardened_build 1 instead of custom compilation flags
- fix file permissions on files in /etc
- do not install an empty rule set file
* Fri Apr 03 2015 Daniel Kopecek <dkopecek@redhat.com> 0.2-1
- Update to version 0.2
- Updated description
- Corrected package group
* Tue Mar 17 2015 Daniel Kopecek <dkopecek@redhat.com> 0.1-1
- Initial package