diff --git a/.gitignore b/.gitignore index e69de29..037ab40 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,21 @@ +/usbguard-0.5.10.tar.gz +/usbguard-0.5.11.tar.gz +/usbguard-0.5.12.tar.gz +/usbguard-0.5.13.tar.gz +/usbguard-0.5.14.tar.gz +/usbguard-0.6.0.tar.gz +/usbguard-0.6.1.tar.gz +/usbguard-0.6.2.tar.gz +/dkopecek-usbguard-fcde518.tar.gz +/dkopecek-usbguard-522c34c.tar.gz +/dkopecek-usbguard-e528ff6.tar.gz +/usbguard-0.7.0.tar.gz +/usbguard-0.7.1.tar.gz +/usbguard-0.7.2.tar.gz +/usbguard-0.7.6.tar.gz +/usbguard-selinux-0.0.1.tar.gz +/usbguard-selinux-0.0.2.tar.gz +/usbguard-0.7.7.tar.gz +/usbguard-selinux-0.0.3.tar.gz +/usbguard-0.7.8.tar.gz +/usbguard-selinux-0.0.4.tar.gz diff --git a/sources b/sources new file mode 100644 index 0000000..8c31e08 --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +SHA512 (usbguard-0.7.8.tar.gz) = 315c25ed7eb61cc0920047836dcca035cb07aecb6dfece9e4f6dc2ad61aaf6fdbf86898e43493958f3d12a146eb4c8f88b90bb246da0df83bb2097ce5b853e88 +SHA512 (usbguard-selinux-0.0.4.tar.gz) = b73b14396e40f847704511097bfed17c94b9b28cc70f3391a6effab763a315fe723aba37bb4c622d18ab691306c485fcd7632ccc8a837413f32c73cd9879c8b0 diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..294bc61 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,13 @@ +--- +# Test to run in classic context +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + repositories: + - repo: "https://github.com/RedHat-SP-Security/tests" + dest: "tests" + fmf_filter: "component: usbguard" + required_packages: + - beakerlib-libraries diff --git a/usbguard-daemon.conf b/usbguard-daemon.conf new file mode 100644 index 0000000..d8806a1 --- /dev/null +++ b/usbguard-daemon.conf @@ -0,0 +1,191 @@ +# +# Rule set file path. +# +# The USBGuard daemon will use this file to load the policy +# rule set from it and to write new rules received via the +# IPC interface. +# +# RuleFile=/path/to/rules.conf +# +RuleFile=/etc/usbguard/rules.conf + +# +# Rule set folder path. +# +# The USBGuard daemon will use this folder to load the policy +# rule set from it and to write new rules received via the +# IPC interface. +# +# RuleFolder=/path/to/rulesfolder/ +# + +RuleFolder=/etc/usbguard/rules.d/ + + +# +# Implicit policy target. +# +# How to treat devices that don't match any rule in the +# policy. One of: +# +# * allow - authorize the device +# * block - block the device +# * reject - remove the device +# +ImplicitPolicyTarget=block + +# +# Present device policy. +# +# How to treat devices that are already connected when the +# daemon starts. One of: +# +# * allow - authorize every present device +# * block - deauthorize every present device +# * reject - remove every present device +# * keep - just sync the internal state and leave it +# * apply-policy - evaluate the ruleset for every present +# device +# +PresentDevicePolicy=apply-policy + +# +# Present controller policy. +# +# How to treat USB controllers that are already connected +# when the daemon starts. One of: +# +# * allow - authorize every present device +# * block - deauthorize every present device +# * reject - remove every present device +# * keep - just sync the internal state and leave it +# * apply-policy - evaluate the ruleset for every present +# device +# +PresentControllerPolicy=keep + +# +# Inserted device policy. +# +# How to treat USB devices that are already connected +# *after* the daemon starts. One of: +# +# * block - deauthorize every present device +# * reject - remove every present device +# * apply-policy - evaluate the ruleset for every present +# device +# +InsertedDevicePolicy=apply-policy + +# +# Restore controller device state. +# +# The USBGuard daemon modifies some attributes of controller +# devices like the default authorization state of new child device +# instances. Using this setting, you can controll whether the +# daemon will try to restore the attribute values to the state +# before modificaton on shutdown. +# +# SECURITY CONSIDERATIONS: If set to true, the USB authorization +# policy could be bypassed by performing some sort of attack on the +# daemon (via a local exploit or via a USB device) to make it shutdown +# and restore to the operating-system default state (known to be permissive). +# +RestoreControllerDeviceState=false + +# +# Device manager backend +# +# Which device manager backend implementation to use. One of: +# +# * uevent - Netlink based implementation which uses sysfs to scan for present +# devices and an uevent netlink socket for receiving USB device +# related events. +# * dummy - A dummy device manager which simulates several devices and device +# events. Useful for testing. +# +DeviceManagerBackend=uevent + +#!!! WARNING: It's good practice to set at least one of the !!! +#!!! two options bellow. If none of them are set, !!! +#!!! the daemon will accept IPC connections from !!! +#!!! anyone, thus allowing anyone to modify the !!! +#!!! rule set and (de)authorize USB devices. !!! + +# +# Users allowed to use the IPC interface. +# +# A space delimited list of usernames that the daemon will +# accept IPC connections from. +# +# IPCAllowedUsers=username1 username2 ... +# +IPCAllowedUsers=root + +# +# Groups allowed to use the IPC interface. +# +# A space delimited list of groupnames that the daemon will +# accept IPC connections from. +# +# IPCAllowedGroups=groupname1 groupname2 ... +# +IPCAllowedGroups=wheel + +# +# IPC access control definition files path. +# +# The files at this location will be interpreted by the daemon +# as access control definition files. The (base)name of a file +# should be in the form: +# +# [user][:] +# +# and should contain lines in the form: +# +#
=[privilege] ... +# +# This way each file defines who is able to connect to the IPC +# bus and what privileges he has. +# +IPCAccessControlFiles=/etc/usbguard/IPCAccessControl.d/ + +# +# Generate device specific rules including the "via-port" +# attribute. +# +# This option modifies the behavior of the allowDevice +# action. When instructed to generate a permanent rule, +# the action can generate a port specific rule. Because +# some systems have unstable port numbering, the generated +# rule might not match the device after rebooting the system. +# +# If set to false, the generated rule will still contain +# the "parent-hash" attribute which also defines an association +# to the parent device. See usbguard-rules.conf(5) for more +# details. +# +DeviceRulesWithPort=false + +# +# USBGuard Audit events log backend +# +# One of: +# +# * FileAudit - Log audit events into a file specified by +# AuditFilePath setting (see below) +# * LinuxAudit - Log audit events using the Linux Audit +# subsystem (using audit_log_user_message) +# +AuditBackend=FileAudit + +# +# USBGuard audit events log file path. +# +AuditFilePath=/var/log/usbguard/usbguard-audit.log + +# +# Hides personally identifiable information such as device serial numbers and +# hashes of descriptors (which include the serial number) from audit entries. +# +HidePII=false diff --git a/usbguard-forking-style.patch b/usbguard-forking-style.patch new file mode 100644 index 0000000..8a6500a --- /dev/null +++ b/usbguard-forking-style.patch @@ -0,0 +1,34 @@ +diff -up ./usbguard.service.in.forking ./usbguard.service.in +--- ./usbguard.service.in.forking 2020-06-17 20:07:04.720564149 +0200 ++++ ./usbguard.service.in 2020-06-17 20:10:00.744063846 +0200 +@@ -8,11 +8,12 @@ AmbientCapabilities= + CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER + DeviceAllow=/dev/null rw + DevicePolicy=strict +-ExecStart=%sbindir%/usbguard-daemon -k -c %sysconfdir%/usbguard/usbguard-daemon.conf ++ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf + IPAddressDeny=any + LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes ++PIDFile=/var/run/usbguard.pid + PrivateDevices=yes + PrivateTmp=yes + ProtectControlGroups=yes +@@ -20,14 +21,14 @@ ProtectHome=yes + ProtectKernelModules=yes + ProtectSystem=yes + ReadOnlyPaths=-/ +-ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ ++ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run + Restart=on-failure + RestrictAddressFamilies=AF_UNIX AF_NETLINK + RestrictNamespaces=yes + RestrictRealtime=yes + SystemCallArchitectures=native + SystemCallFilter=@system-service +-Type=simple ++Type=forking + UMask=0077 + + [Install] diff --git a/usbguard-service-fips.patch b/usbguard-service-fips.patch new file mode 100644 index 0000000..fce50c9 --- /dev/null +++ b/usbguard-service-fips.patch @@ -0,0 +1,13 @@ +diff -up ./usbguard.service.in.service-fips ./usbguard.service.in +--- ./usbguard.service.in.service-fips 2020-06-22 10:44:44.815860376 +0200 ++++ ./usbguard.service.in 2020-06-22 10:45:07.699135514 +0200 +@@ -6,8 +6,7 @@ Documentation=man:usbguard-daemon(8) + [Service] + AmbientCapabilities= + CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER +-DeviceAllow=/dev/null rw +-DevicePolicy=strict ++DevicePolicy=closed + ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf + IPAddressDeny=any + LockPersonality=yes diff --git a/usbguard.spec b/usbguard.spec new file mode 100644 index 0000000..4bf2999 --- /dev/null +++ b/usbguard.spec @@ -0,0 +1,447 @@ +%global selinuxtype targeted +%global moduletype contrib +%define semodule_version 0.0.4 + +Name: usbguard +Version: 0.7.8 +Release: 5%{?dist} +Summary: A tool for implementing USB device usage policy +License: GPLv2+ +## Not installed +# src/ThirdParty/Catch: Boost Software License - Version 1.0 +URL: https://usbguard.github.io/ +Source0: https://github.com/USBGuard/usbguard/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/USBGuard/usbguard/releases/download/%{name}-selinux-%{semodule_version}/%{name}-selinux-%{semodule_version}.tar.gz +Source2: usbguard-daemon.conf + +Requires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig +Recommends: %{name}-selinux +Obsoletes: %{name}-applet-qt < 0.7.6 + +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: libqb-devel +BuildRequires: libgcrypt-devel +BuildRequires: libstdc++-devel +BuildRequires: protobuf-devel protobuf-compiler +BuildRequires: PEGTL-static +BuildRequires: catch1-devel +BuildRequires: autoconf automake libtool +BuildRequires: bash-completion +BuildRequires: asciidoc +BuildRequires: audit-libs-devel +# For `pkg-config systemd` only +BuildRequires: systemd + +Patch1: usbguard-forking-style.patch +Patch2: usbguard-service-fips.patch + +%description +The USBGuard software framework helps to protect your computer against rogue USB +devices by implementing basic whitelisting/blacklisting capabilities based on +USB device attributes. + +%package devel +Summary: Development files for %{name} +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig +Requires: libstdc++-devel + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%package tools +Summary: USBGuard Tools +Requires: %{name} = %{version}-%{release} + +%description tools +The %{name}-tools package contains optional tools from the USBGuard +software framework. + + +# dbus +%package dbus +Summary: USBGuard D-Bus Service +Requires: %{name} = %{version}-%{release} +BuildRequires: dbus-glib-devel +BuildRequires: dbus-devel +BuildRequires: glib2-devel +BuildRequires: polkit-devel +BuildRequires: libxslt +BuildRequires: libxml2 +Requires: dbus +Requires: polkit + +%description dbus +The %{name}-dbus package contains an optional component that provides +a D-Bus interface to the USBGuard daemon component. + +%package selinux +Summary: USBGuard selinux +Group: Applications/System +Requires: %{name} = %{version}-%{release} +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +BuildArch: noarch +%{?selinux_requires} + +%description selinux +The %{name}-selinux package contains selinux policy for the USBGuard +daemon. + +# usbguard +%prep +%setup -q + +# selinux +%setup -q -D -T -a 1 + +%patch1 -p1 -b .service1 +%patch2 -p1 -b .service2 + +# Remove bundled library sources before build +rm -rf src/ThirdParty/{Catch,PEGTL} + +%build +mkdir -p ./m4 +autoreconf -i -v --no-recursive ./ +%configure \ + --disable-silent-rules \ + --without-bundled-catch \ + --without-bundled-pegtl \ + --enable-systemd \ + --with-dbus \ + --with-polkit \ + --with-crypto-library=gcrypt + +make %{?_smp_mflags} + +# selinux +pushd %{name}-selinux-%{semodule_version} +make +popd + +%check +make check + +# selinux +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%install +make install INSTALL='install -p' DESTDIR=%{buildroot} + +# Overwrite configuration with distribution defaults +mkdir -p %{buildroot}%{_sysconfdir}/usbguard +mkdir -p %{buildroot}%{_sysconfdir}/usbguard/rules.d +mkdir -p %{buildroot}%{_sysconfdir}/usbguard/IPCAccessControl.d +install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf + +# selinux +install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} +install -m 0644 %{name}-selinux-%{semodule_version}/%{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} +install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} +install -p -m 644 %{name}-selinux-%{semodule_version}/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if + +# Cleanup +find %{buildroot} \( -name '*.la' -o -name '*.a' \) -exec rm -f {} ';' + +%preun +%systemd_preun usbguard.service + +%post +%{?ldconfig} +%systemd_post usbguard.service + +%postun +%{?ldconfig} +%systemd_postun usbguard.service + +%files +%doc README.adoc CHANGELOG.md +%license LICENSE +%{_libdir}/*.so.* +%{_sbindir}/usbguard-daemon +%{_bindir}/usbguard +%dir %{_localstatedir}/log/usbguard +%dir %{_sysconfdir}/usbguard +%dir %{_sysconfdir}/usbguard/rules.d/ +%dir %{_sysconfdir}/usbguard/IPCAccessControl.d +%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf +%config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf +%{_unitdir}/usbguard.service +%{_datadir}/man/man8/usbguard-daemon.8.gz +%{_datadir}/man/man5/usbguard-daemon.conf.5.gz +%{_datadir}/man/man5/usbguard-rules.conf.5.gz +%{_datadir}/man/man1/usbguard.1.gz +%{_datadir}/bash-completion/completions/usbguard + +%files devel +%{_includedir}/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc + +%files tools +%{_bindir}/usbguard-rule-parser + +# dbus +%files dbus +%{_sbindir}/usbguard-dbus +%{_datadir}/dbus-1/system-services/org.usbguard1.service +%{_datadir}/dbus-1/system.d/org.usbguard1.conf +%{_datadir}/polkit-1/actions/org.usbguard1.policy +%{_unitdir}/usbguard-dbus.service +%{_mandir}/man8/usbguard-dbus.8.gz + +%preun dbus +%systemd_preun usbguard-dbus.service + +%post dbus +%systemd_post usbguard-dbus.service + +%postun dbus +%systemd_postun_with_restart usbguard-dbus.service + +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{name} +fi + +%posttrans selinux +%selinux_relabel_post -s %{selinuxtype} + + + +%changelog +* Thu Sep 24 2020 Adrian Reber - 0.7.8-5 +- Rebuilt for protobuf 3.13 + +* Wed Jul 29 2020 Fedora Release Engineering - 0.7.8-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jun 24 2020 Radovan Sroka - 0.7.8-3 +- rebase selinux tarball to v0.0.4 +- enable forking style in unit file +- set DevicePolicy to closed in unit file +- usbguard prevented from writing conf via dontaudit rule +Resolves: rhbz#1804713 +Resolves: rhbz#1789923 + +* Sun Jun 14 2020 Adrian Reber - 0.7.8-2 +- Rebuilt for protobuf 3.12 + +* Tue May 19 2020 Radovan Sroka - 0.7.8-1 +- rebase usbguard to 0.7.8 +- rebase usbguard-selinux to 0.0.3 +- added rules.d/ directory +Resolves: rhbz#1808527 + +* Fri Jan 31 2020 Fedora Release Engineering - 0.7.6-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Dec 19 2019 Orion Poplawski - 0.7.6-7 +- Rebuild for protobuf 3.11 + +* Wed Dec 18 2019 Radovan Sroka - 0.7.6-6 +- fix selinux problems + +* Mon Dec 02 2019 Radovan Sroka - 0.7.6-5 +- obsolete applet-qt subpackage + +* Mon Nov 25 2019 Attila Lakatos - 0.7.6-4 +- added patch for libqb related permission issues + resolves: rhbz#1776357 +- added patch to ensure that usbguard-daemons is still running after locked screen + resolves: rhbz#1751861 +- added patch to fix permanent device policy changes + +* Wed Nov 13 2019 Radovan Sroka - 0.7.6-3 +- fixed typo in specfile +- usbguard.conf was generated incorrectly + +* Wed Nov 13 2019 Radovan Sroka - 0.7.6-2 +- added selinux subpackage + +* Mon Nov 11 2019 Radovan Sroka - 0.7.6-1 +- rebase to 0.7.6 +- removed usbguard-applet subpackage which is not in upstream anymore + +* Sat Jul 27 2019 Fedora Release Engineering - 0.7.2-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Feb 03 2019 Fedora Release Engineering - 0.7.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Nov 21 2018 Igor Gnatenko - 0.7.2-6 +- Rebuild for protobuf 3.6 + +* Sat Jul 14 2018 Fedora Release Engineering - 0.7.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Apr 05 2018 Daniel Kopeček - 0.7.2-4 +- Update to latest PEGTL API + +* Fri Feb 09 2018 Fedora Release Engineering - 0.7.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 23 2018 Daniel Kopeček - 0.7.2-2 +- Escape rpm macros mentioned in changelog section + +* Tue Jan 23 2018 Daniel Kopeček - 0.7.2-1 +- Update to 0.7.2 +- Don't use --enable-werror downstream +- Removed patches related to compiler warnings + +* Mon Jan 15 2018 Igor Gnatenko - 0.7.1-2 +- catch → catch1 + +* Wed Dec 06 2017 Daniel Kopeček - 0.7.1-1 +- Update to 0.7.1 + +* Wed Nov 29 2017 Igor Gnatenko - 0.7.0-9 +- Rebuild for protobuf 3.5 + +* Mon Nov 13 2017 Igor Gnatenko - 0.7.0-8 +- Rebuild for protobuf 3.4 + +* Mon Oct 16 2017 Daniel Kopeček 0.7.0-7 +- Fix enumeration timeout on kernel >= 4.13 + Resolves: rhbz#1499052 + +* Thu Aug 03 2017 Fedora Release Engineering - 0.7.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.7.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Jul 13 2017 Daniel Kopeček 0.7.0-4 +- Added patch to disable unused parameter warning for protobuf + generated sources to fix compilation with newer protobuf version + +* Tue Jun 13 2017 Orion Poplawski - 0.7.0-3 +- Rebuild for protobuf 3.3.1 + +* Mon May 15 2017 Fedora Release Engineering - 0.7.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild + +* Thu Apr 13 2017 Daniel Kopeček 0.7.0-1 +- Update to 0.7.0 + - changed PresentDevicePolicy setting from keep to apply-policy + - added AuditFilePath configuration option pointing to + /var/log/usbguard/usbguard-audit.log file + - install bash-completion script + - use 0600 file permissions for usbguard-daemon.conf and rules.conf + +* Sun Mar 19 2017 Daniel Kopeček 0.6.3-0.1.20170319 +- Update to latest git snapshot + +* Fri Mar 17 2017 Daniel Kopeček 0.6.3-0.1.20170317 +- Update to latest git snapshot +- Use --enable-werror configure option as the upstream default + changed to not use -Werror. + +* Thu Mar 02 2017 Daniel Kopeček 0.6.3-0.1.20170301 +- Update to latest git snapshot +- Disabled upstream alignment warning compiler flag + +* Sat Feb 11 2017 Fedora Release Engineering - 0.6.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 26 2017 Orion Poplawski - 0.6.2-3 +- Rebuild for protobuf 3.2.0 + +* Sat Nov 19 2016 Orion Poplawski - 0.6.2-2 +- Rebuild for protobuf 3.1.0 + +* Sun Sep 18 2016 Daniel Kopeček 0.6.2-1 +- Update to 0.6.2 + +* Fri Sep 16 2016 Daniel Kopeček 0.6.1-1 +- Update to 0.6.1 + +* Sun Sep 04 2016 Daniel Kopeček 0.6.0-1 +- Update to 0.6.0 + +* Thu Aug 18 2016 Daniel Kopeček 0.5.14-1 +- Update to 0.5.14 + +* Tue Aug 16 2016 Daniel Kopeček 0.5.13-1 +- Update to 0.5.13 + +* Sun Aug 14 2016 Daniel Kopeček 0.5.12-1 +- Update to 0.5.12 + +* Sat Aug 13 2016 Daniel Kopeček 0.5.11-2 +- Update source tarball +- Ship CHANGELOG.md + +* Sat Aug 13 2016 Daniel Kopeček 0.5.11-1 +- Update to 0.5.11 +- Use libgcrypt instead of libsodium for crypto + +* Thu Jul 21 2016 Daniel Kopecek 0.5.10-2 +- Adjust the default configuration to keep the authorization state + of present controller devices. + +* Sat Jul 09 2016 Daniel Kopecek 0.5.10-1 +- Update to release 0.5.10 + +* Mon Mar 07 2016 Remi Collet - 0.4-5 +- rebuild for new libsodium soname + +* Sun Feb 07 2016 Daniel Kopecek 0.4-4 +- Update to version 0.4 +- added usbguard CLI +- added a tools subpackage with usbguard-rule-parser binary + +* Fri Feb 05 2016 Fedora Release Engineering - 0.3p3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 0.3p3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Apr 14 2015 Daniel Kopecek 0.3p3-1 +- Update to version 0.3p3 +- added %%check section +- removed explicit -devel requires on systemd, libqb and + libsodium devel files +- added -devel requires on libstdc++-devel + +* Sat Apr 11 2015 Daniel Kopecek 0.3p2-1 +- Update to version 0.3p2 +- use system-wide json and spdlog packages + +* Fri Apr 10 2015 Daniel Kopecek 0.3p1-1 +- Update to version 0.3p1 +- removed bundled cppformat copylib + +* Thu Apr 09 2015 Daniel Kopecek 0.3-1 +- Update to version 0.3 +- disabled silent rules +- install license file +- added man pages +- use _hardened_build 1 instead of custom compilation flags +- fix file permissions on files in /etc +- do not install an empty rule set file + +* Fri Apr 03 2015 Daniel Kopecek 0.2-1 +- Update to version 0.2 +- Updated description +- Corrected package group + +* Tue Mar 17 2015 Daniel Kopecek 0.1-1 +- Initial package