diff --git a/.gitignore b/.gitignore index 037ab40..ed26253 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ /usbguard-selinux-0.0.3.tar.gz /usbguard-0.7.8.tar.gz /usbguard-selinux-0.0.4.tar.gz +/usbguard-1.0.0.tar.gz diff --git a/sources b/sources index 8c31e08..6b48e8e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (usbguard-0.7.8.tar.gz) = 315c25ed7eb61cc0920047836dcca035cb07aecb6dfece9e4f6dc2ad61aaf6fdbf86898e43493958f3d12a146eb4c8f88b90bb246da0df83bb2097ce5b853e88 +SHA512 (usbguard-1.0.0.tar.gz) = 068a9be8bd5ea05efcdad79e2c4beb5e8b646b4703fbe1f8bb262e37ae9a6284a6eeb811a6bd441250a38bce1e45b7f44ad15726aa5963da2e1b56e85f5e16fd SHA512 (usbguard-selinux-0.0.4.tar.gz) = b73b14396e40f847704511097bfed17c94b9b28cc70f3391a6effab763a315fe723aba37bb4c622d18ab691306c485fcd7632ccc8a837413f32c73cd9879c8b0 diff --git a/usbguard-forking-style.patch b/usbguard-forking-style.patch deleted file mode 100644 index 8a6500a..0000000 --- a/usbguard-forking-style.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -up ./usbguard.service.in.forking ./usbguard.service.in ---- ./usbguard.service.in.forking 2020-06-17 20:07:04.720564149 +0200 -+++ ./usbguard.service.in 2020-06-17 20:10:00.744063846 +0200 -@@ -8,11 +8,12 @@ AmbientCapabilities= - CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER - DeviceAllow=/dev/null rw - DevicePolicy=strict --ExecStart=%sbindir%/usbguard-daemon -k -c %sysconfdir%/usbguard/usbguard-daemon.conf -+ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf - IPAddressDeny=any - LockPersonality=yes - MemoryDenyWriteExecute=yes - NoNewPrivileges=yes -+PIDFile=/var/run/usbguard.pid - PrivateDevices=yes - PrivateTmp=yes - ProtectControlGroups=yes -@@ -20,14 +21,14 @@ ProtectHome=yes - ProtectKernelModules=yes - ProtectSystem=yes - ReadOnlyPaths=-/ --ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -+ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run - Restart=on-failure - RestrictAddressFamilies=AF_UNIX AF_NETLINK - RestrictNamespaces=yes - RestrictRealtime=yes - SystemCallArchitectures=native - SystemCallFilter=@system-service --Type=simple -+Type=forking - UMask=0077 - - [Install] diff --git a/usbguard-service-fips.patch b/usbguard-service-fips.patch deleted file mode 100644 index fce50c9..0000000 --- a/usbguard-service-fips.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up ./usbguard.service.in.service-fips ./usbguard.service.in ---- ./usbguard.service.in.service-fips 2020-06-22 10:44:44.815860376 +0200 -+++ ./usbguard.service.in 2020-06-22 10:45:07.699135514 +0200 -@@ -6,8 +6,7 @@ Documentation=man:usbguard-daemon(8) - [Service] - AmbientCapabilities= - CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER --DeviceAllow=/dev/null rw --DevicePolicy=strict -+DevicePolicy=closed - ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf - IPAddressDeny=any - LockPersonality=yes diff --git a/usbguard.spec b/usbguard.spec index bdec093..9060c5b 100644 --- a/usbguard.spec +++ b/usbguard.spec @@ -3,8 +3,8 @@ %define semodule_version 0.0.4 Name: usbguard -Version: 0.7.8 -Release: 6%{?dist} +Version: 1.0.0 +Release: 1%{?dist} Summary: A tool for implementing USB device usage policy License: GPLv2+ ## Not installed @@ -39,9 +39,6 @@ BuildRequires: audit-libs-devel # For `pkg-config systemd` only BuildRequires: systemd -Patch1: usbguard-forking-style.patch -Patch2: usbguard-service-fips.patch - %description The USBGuard software framework helps to protect your computer against rogue USB devices by implementing basic whitelisting/blacklisting capabilities based on @@ -103,9 +100,6 @@ daemon. # selinux %setup -q -D -T -a 1 -%patch1 -p1 -b .service1 -%patch2 -p1 -b .service2 - # Remove bundled library sources before build rm -rf src/ThirdParty/{Catch,PEGTL} @@ -228,6 +222,14 @@ fi %changelog +* Thu Jan 14 2021 Zoltan Fridrich - 1.0.0-1 +- rebase usbguard to 1.0.0 +- added support for rules covering combination of classes +- fix usbguard being killed +Resolves: rhbz#1916039 +Resolves: rhbz#1861330 +Resolves: rhbz#1905257 + * Wed Jan 13 14:43:57 CET 2021 Adrian Reber - 0.7.8-6 - Rebuilt for protobuf 3.14