From cc14e01ec6b7877caf773f724cad2cccced583ff Mon Sep 17 00:00:00 2001
From: DistroBaker <osci-list@redhat.com>
Date: Thu, 14 Jan 2021 12:24:13 +0000
Subject: [PATCH] Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/usbguard.git#d41c0811d4efe7ca8a62a730ca90d60b2b2c3288
---
 .gitignore                   |  1 +
 sources                      |  2 +-
 usbguard-forking-style.patch | 34 ----------------------------------
 usbguard-service-fips.patch  | 13 -------------
 usbguard.spec                | 22 ++++++++++++++--------
 5 files changed, 16 insertions(+), 56 deletions(-)
 delete mode 100644 usbguard-forking-style.patch
 delete mode 100644 usbguard-service-fips.patch

diff --git a/.gitignore b/.gitignore
index 037ab40..ed26253 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@
 /usbguard-selinux-0.0.3.tar.gz
 /usbguard-0.7.8.tar.gz
 /usbguard-selinux-0.0.4.tar.gz
+/usbguard-1.0.0.tar.gz
diff --git a/sources b/sources
index 8c31e08..6b48e8e 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (usbguard-0.7.8.tar.gz) = 315c25ed7eb61cc0920047836dcca035cb07aecb6dfece9e4f6dc2ad61aaf6fdbf86898e43493958f3d12a146eb4c8f88b90bb246da0df83bb2097ce5b853e88
+SHA512 (usbguard-1.0.0.tar.gz) = 068a9be8bd5ea05efcdad79e2c4beb5e8b646b4703fbe1f8bb262e37ae9a6284a6eeb811a6bd441250a38bce1e45b7f44ad15726aa5963da2e1b56e85f5e16fd
 SHA512 (usbguard-selinux-0.0.4.tar.gz) = b73b14396e40f847704511097bfed17c94b9b28cc70f3391a6effab763a315fe723aba37bb4c622d18ab691306c485fcd7632ccc8a837413f32c73cd9879c8b0
diff --git a/usbguard-forking-style.patch b/usbguard-forking-style.patch
deleted file mode 100644
index 8a6500a..0000000
--- a/usbguard-forking-style.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-diff -up ./usbguard.service.in.forking ./usbguard.service.in
---- ./usbguard.service.in.forking	2020-06-17 20:07:04.720564149 +0200
-+++ ./usbguard.service.in	2020-06-17 20:10:00.744063846 +0200
-@@ -8,11 +8,12 @@ AmbientCapabilities=
- CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER
- DeviceAllow=/dev/null rw
- DevicePolicy=strict
--ExecStart=%sbindir%/usbguard-daemon -k -c %sysconfdir%/usbguard/usbguard-daemon.conf
-+ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
- IPAddressDeny=any
- LockPersonality=yes
- MemoryDenyWriteExecute=yes
- NoNewPrivileges=yes
-+PIDFile=/var/run/usbguard.pid
- PrivateDevices=yes
- PrivateTmp=yes
- ProtectControlGroups=yes
-@@ -20,14 +21,14 @@ ProtectHome=yes
- ProtectKernelModules=yes
- ProtectSystem=yes
- ReadOnlyPaths=-/
--ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/
-+ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run
- Restart=on-failure
- RestrictAddressFamilies=AF_UNIX AF_NETLINK
- RestrictNamespaces=yes
- RestrictRealtime=yes
- SystemCallArchitectures=native
- SystemCallFilter=@system-service
--Type=simple
-+Type=forking
- UMask=0077
- 
- [Install]
diff --git a/usbguard-service-fips.patch b/usbguard-service-fips.patch
deleted file mode 100644
index fce50c9..0000000
--- a/usbguard-service-fips.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -up ./usbguard.service.in.service-fips ./usbguard.service.in
---- ./usbguard.service.in.service-fips	2020-06-22 10:44:44.815860376 +0200
-+++ ./usbguard.service.in	2020-06-22 10:45:07.699135514 +0200
-@@ -6,8 +6,7 @@ Documentation=man:usbguard-daemon(8)
- [Service]
- AmbientCapabilities=
- CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER
--DeviceAllow=/dev/null rw
--DevicePolicy=strict
-+DevicePolicy=closed
- ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
- IPAddressDeny=any
- LockPersonality=yes
diff --git a/usbguard.spec b/usbguard.spec
index 4bf2999..9060c5b 100644
--- a/usbguard.spec
+++ b/usbguard.spec
@@ -3,8 +3,8 @@
 %define semodule_version 0.0.4
 
 Name:           usbguard
-Version:        0.7.8
-Release:        5%{?dist}
+Version:        1.0.0
+Release:        1%{?dist}
 Summary:        A tool for implementing USB device usage policy
 License:        GPLv2+
 ## Not installed
@@ -23,6 +23,7 @@ Requires(postun): /sbin/ldconfig
 Recommends: %{name}-selinux
 Obsoletes: %{name}-applet-qt < 0.7.6
 
+BuildRequires: make
 BuildRequires: gcc
 BuildRequires: gcc-c++
 BuildRequires: libqb-devel
@@ -38,9 +39,6 @@ BuildRequires: audit-libs-devel
 # For `pkg-config systemd` only
 BuildRequires: systemd
 
-Patch1: usbguard-forking-style.patch
-Patch2: usbguard-service-fips.patch
-
 %description
 The USBGuard software framework helps to protect your computer against rogue USB
 devices by implementing basic whitelisting/blacklisting capabilities based on
@@ -102,9 +100,6 @@ daemon.
 # selinux
 %setup -q -D -T -a 1
 
-%patch1 -p1 -b .service1
-%patch2 -p1 -b .service2
-
 # Remove bundled library sources before build
 rm -rf src/ThirdParty/{Catch,PEGTL}
 
@@ -227,6 +222,17 @@ fi
 
 
 %changelog
+* Thu Jan 14 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.0-1
+- rebase usbguard to 1.0.0
+- added support for rules covering combination of classes
+- fix usbguard being killed
+Resolves: rhbz#1916039
+Resolves: rhbz#1861330
+Resolves: rhbz#1905257
+
+* Wed Jan 13 14:43:57 CET 2021 Adrian Reber <adrian@lisas.de> - 0.7.8-6
+- Rebuilt for protobuf 3.14
+
 * Thu Sep 24 2020 Adrian Reber <adrian@lisas.de> - 0.7.8-5
 - Rebuilt for protobuf 3.13