Compare commits
No commits in common. "c8" and "c9s" have entirely different histories.
|
@ -1,3 +1,23 @@
|
|||
SOURCES/usbguard-1.0.0.tar.gz
|
||||
SOURCES/usbguard-notifier-0.0.6.tar.gz
|
||||
SOURCES/usbguard-selinux-0.0.3.tar.gz
|
||||
/usbguard-0.5.10.tar.gz
|
||||
/usbguard-0.5.11.tar.gz
|
||||
/usbguard-0.5.12.tar.gz
|
||||
/usbguard-0.5.13.tar.gz
|
||||
/usbguard-0.5.14.tar.gz
|
||||
/usbguard-0.6.0.tar.gz
|
||||
/usbguard-0.6.1.tar.gz
|
||||
/usbguard-0.6.2.tar.gz
|
||||
/dkopecek-usbguard-fcde518.tar.gz
|
||||
/dkopecek-usbguard-522c34c.tar.gz
|
||||
/dkopecek-usbguard-e528ff6.tar.gz
|
||||
/usbguard-0.7.0.tar.gz
|
||||
/usbguard-0.7.1.tar.gz
|
||||
/usbguard-0.7.2.tar.gz
|
||||
/usbguard-0.7.6.tar.gz
|
||||
/usbguard-selinux-0.0.1.tar.gz
|
||||
/usbguard-selinux-0.0.2.tar.gz
|
||||
/usbguard-0.7.7.tar.gz
|
||||
/usbguard-selinux-0.0.3.tar.gz
|
||||
/usbguard-0.7.8.tar.gz
|
||||
/usbguard-selinux-0.0.4.tar.gz
|
||||
/usbguard-1.0.0.tar.gz
|
||||
/usbguard-notifier-0.0.6.tar.gz
|
||||
|
|
|
@ -1,3 +1,2 @@
|
|||
bf909799daae6798634e1b01efaaadc5781b9755 SOURCES/usbguard-1.0.0.tar.gz
|
||||
7bd5b72c6fd73472ef1230977b9358345ce442d3 SOURCES/usbguard-notifier-0.0.6.tar.gz
|
||||
e223495a2c41013bc786a5ceae730f2574aeba1b SOURCES/usbguard-selinux-0.0.3.tar.gz
|
||||
bf909799daae6798634e1b01efaaadc5781b9755 usbguard-1.0.0.tar.gz
|
||||
40db29405c2236791ca5ce616d9e563a8309356e usbguard-selinux-0.0.4.tar.gz
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
diff --color -ru a/usbguard.service.in b/usbguard.service.in
|
||||
--- a/usbguard.service.in 2021-09-07 16:33:49.911540537 +0200
|
||||
+++ b/usbguard.service.in 2021-09-07 16:37:20.788885123 +0200
|
||||
@@ -8,7 +8,6 @@
|
||||
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_AUDIT_WRITE
|
||||
DevicePolicy=closed
|
||||
ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
|
||||
-IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
|
@ -1,82 +0,0 @@
|
|||
diff --color -ru a/usbguard-notifier-0.0.6/Makefile.am b/usbguard-notifier-0.0.6/Makefile.am
|
||||
--- a/usbguard-notifier-0.0.6/Makefile.am 2021-11-18 11:38:43.704876330 +0100
|
||||
+++ b/usbguard-notifier-0.0.6/Makefile.am 2021-11-18 11:35:39.108500175 +0100
|
||||
@@ -35,6 +35,7 @@
|
||||
src/ThirdParty/Catch2/single_include/catch2
|
||||
|
||||
usbguard_notifier_SOURCES = \
|
||||
+ src/usbguard-icon.hpp \
|
||||
src/Notifier.hpp \
|
||||
src/NotifyWrapper.hpp \
|
||||
src/Serializer.hpp \
|
||||
@@ -43,8 +44,7 @@
|
||||
src/Notifier.cpp \
|
||||
src/NotifyWrapper.cpp \
|
||||
src/Serializer.cpp \
|
||||
- src/Log.cpp \
|
||||
- icons/usbguard-icon.svg
|
||||
+ src/Log.cpp
|
||||
|
||||
usbguard_notifier_LDFLAGS = \
|
||||
@rsvg_LIBS@ \
|
||||
@@ -65,7 +65,8 @@
|
||||
endif
|
||||
|
||||
BUILT_SOURCES = \
|
||||
- src/BuildConfig.h
|
||||
+ src/BuildConfig.h \
|
||||
+ src/usbguard-icon.hpp
|
||||
|
||||
usbguard_notifier_cli_SOURCES = \
|
||||
src/Serializer.hpp \
|
||||
@@ -109,8 +110,16 @@
|
||||
#
|
||||
# usbguard icon
|
||||
#
|
||||
-.svg.o:
|
||||
- $(LD) -r -b binary -o $@ $<
|
||||
+EXTRA_DIST += \
|
||||
+ $(top_builddir)/icons/usbguard-icon.svg
|
||||
+
|
||||
+$(top_builddir)/src/usbguard-icon.hpp: $(top_builddir)/icons/usbguard-icon.svg
|
||||
+ echo -e "#ifndef ICON_HPP\n#define ICON_HPP\nnamespace notify {\nconst char *icon =" > $@
|
||||
+ $(SED) 's/"/\\"/g' $^ | $(SED) 's/^/"/' | $(SED) 's/$$/\\n"/' >> $@
|
||||
+ echo -e ";\n}\n#endif" >> $@
|
||||
+
|
||||
+CLEANFILES += \
|
||||
+ $(top_builddir)/src/usbguard-icon.hpp
|
||||
|
||||
#
|
||||
# unit file
|
||||
diff --color -ru a/usbguard-notifier-0.0.6/src/NotifyWrapper.cpp b/usbguard-notifier-0.0.6/src/NotifyWrapper.cpp
|
||||
--- a/usbguard-notifier-0.0.6/src/NotifyWrapper.cpp 2020-03-02 11:55:25.932999263 +0100
|
||||
+++ b/usbguard-notifier-0.0.6/src/NotifyWrapper.cpp 2021-11-18 11:29:52.825157237 +0100
|
||||
@@ -18,14 +18,13 @@
|
||||
*/
|
||||
|
||||
#include "NotifyWrapper.hpp"
|
||||
+#include "usbguard-icon.hpp"
|
||||
|
||||
+#include <cstring>
|
||||
#include <stdexcept>
|
||||
|
||||
#include <librsvg-2.0/librsvg/rsvg.h>
|
||||
|
||||
-extern char _binary_icons_usbguard_icon_svg_start[];
|
||||
-extern char _binary_icons_usbguard_icon_svg_end[];
|
||||
-
|
||||
namespace notify
|
||||
{
|
||||
|
||||
@@ -54,10 +53,7 @@
|
||||
Notification::Notification(const std::string& summary, const std::string& body)
|
||||
: _n(notify_notification_new(summary.c_str(), body.c_str(), nullptr))
|
||||
{
|
||||
- RsvgHandle* handle = rsvg_handle_new_from_data(
|
||||
- (const guint8*)(_binary_icons_usbguard_icon_svg_start),
|
||||
- _binary_icons_usbguard_icon_svg_end - _binary_icons_usbguard_icon_svg_start,
|
||||
- nullptr);
|
||||
+ RsvgHandle* handle = rsvg_handle_new_from_data((const guint8*)icon, std::strlen(icon), nullptr);
|
||||
if (!handle) {
|
||||
throw std::runtime_error("Failed to obtain rsvg handle");
|
||||
}
|
|
@ -1,12 +0,0 @@
|
|||
diff -up ./usbguard-selinux-0.0.3/usbguard.te.cpuinfo ./usbguard-selinux-0.0.3/usbguard.te
|
||||
--- ./usbguard-selinux-0.0.3/usbguard.te.cpuinfo 2020-06-18 15:53:40.161615146 +0200
|
||||
+++ ./usbguard-selinux-0.0.3/usbguard.te 2020-06-18 15:54:28.399982328 +0200
|
||||
@@ -77,6 +77,8 @@ auth_read_passwd(usbguard_t)
|
||||
dev_list_sysfs(usbguard_t)
|
||||
dev_rw_sysfs(usbguard_t)
|
||||
|
||||
+kernel_read_system_state(usbguard_t)
|
||||
+
|
||||
list_dirs_pattern(usbguard_t,usbguard_conf_t,usbguard_conf_t)
|
||||
read_files_pattern(usbguard_t,usbguard_conf_t,usbguard_conf_t)
|
||||
dontaudit usbguard_t usbguard_conf_t:file write;
|
|
@ -1,11 +0,0 @@
|
|||
diff -up ./usbguard-selinux-0.0.3/usbguard.te.selinux-read-dir ./usbguard-selinux-0.0.3/usbguard.te
|
||||
--- ./usbguard-selinux-0.0.3/usbguard.te.selinux-read-dir 2020-06-09 10:53:03.191977241 +0200
|
||||
+++ ./usbguard-selinux-0.0.3/usbguard.te 2020-06-09 10:54:21.441965315 +0200
|
||||
@@ -81,6 +81,7 @@ list_dirs_pattern(usbguard_t,usbguard_co
|
||||
read_files_pattern(usbguard_t,usbguard_conf_t,usbguard_conf_t)
|
||||
dontaudit usbguard_t usbguard_conf_t:file write;
|
||||
|
||||
+list_dirs_pattern(usbguard_t,usbguard_rules_t,usbguard_rules_t)
|
||||
read_files_pattern(usbguard_t,usbguard_conf_t,usbguard_rules_t)
|
||||
|
||||
manage_dirs_pattern(usbguard_t, usbguard_var_run_t, usbguard_var_run_t)
|
|
@ -1,22 +0,0 @@
|
|||
From 008af22f238bfb97f6d337759732ac87bdef7b24 Mon Sep 17 00:00:00 2001
|
||||
From: alakatos <alakatos@redhat.com>
|
||||
Date: Mon, 25 May 2020 15:27:38 +0200
|
||||
Subject: [PATCH] /etc/usrbuard/rules.d(/.*)? has usbguard_rules_t label right
|
||||
after the installation
|
||||
|
||||
---
|
||||
usbguard.fc | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/usbguard.fc b/usbguard.fc
|
||||
index bce3e8c..3e14720 100644
|
||||
--- a/usbguard-selinux-0.0.3/usbguard.fc
|
||||
+++ b/usbguard-selinux-0.0.3/usbguard.fc
|
||||
@@ -13,6 +13,7 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
+/etc/usbguard/rules\.d(/.*)? gen_context(system_u:object_r:usbguard_rules_t,s0)
|
||||
/etc/usbguard/rules.conf -- gen_context(system_u:object_r:usbguard_rules_t,s0)
|
||||
/etc/usbguard(/.*)? gen_context(system_u:object_r:usbguard_conf_t,s0)
|
||||
/dev/shm/qb-usbguard-.* -- gen_context(system_u:object_r:usbguard_tmpfs_t,s0)
|
|
@ -0,0 +1,7 @@
|
|||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
|
|
@ -0,0 +1,3 @@
|
|||
SHA512 (usbguard-1.0.0.tar.gz) = 068a9be8bd5ea05efcdad79e2c4beb5e8b646b4703fbe1f8bb262e37ae9a6284a6eeb811a6bd441250a38bce1e45b7f44ad15726aa5963da2e1b56e85f5e16fd
|
||||
SHA512 (usbguard-selinux-0.0.4.tar.gz) = b73b14396e40f847704511097bfed17c94b9b28cc70f3391a6effab763a315fe723aba37bb4c622d18ab691306c485fcd7632ccc8a837413f32c73cd9879c8b0
|
||||
SHA512 (usbguard-notifier-0.0.6.tar.gz) = 25402ff336ed89c92a2c7824e97a25c59570f6240e2e9c97fd37dabc25ed49ebe7dc051982f4aaff181eb835677ec29cd4e4dfe9efc11f07583ff5cfb92630b0
|
|
@ -1,6 +1,6 @@
|
|||
diff -up usbguard-1.0.0/src/DBus/DBusBridge.cpp.orig usbguard-1.0.0/src/DBus/DBusBridge.cpp
|
||||
--- usbguard-1.0.0/src/DBus/DBusBridge.cpp.orig 2022-10-18 10:33:04.498762878 +0200
|
||||
+++ usbguard-1.0.0/src/DBus/DBusBridge.cpp 2022-10-18 10:33:36.920785285 +0200
|
||||
--- usbguard-1.0.0/src/DBus/DBusBridge.cpp.orig 2022-11-23 08:57:40.119760422 +0100
|
||||
+++ usbguard-1.0.0/src/DBus/DBusBridge.cpp 2022-11-23 08:58:22.380845720 +0100
|
||||
@@ -434,12 +434,11 @@ namespace usbguard
|
||||
USBGUARD_LOG(Trace) << "Connecting with Polkit authority...";
|
||||
PolkitAuthority* const authority = polkit_authority_get_sync(/*cancellable=*/ NULL, &error);
|
|
@ -1,12 +1,12 @@
|
|||
diff -up usbguard-1.0.0/usbguard.service.in.orig usbguard-1.0.0/usbguard.service.in
|
||||
--- usbguard-1.0.0/usbguard.service.in.orig 2023-01-12 13:17:14.200064956 +0100
|
||||
+++ usbguard-1.0.0/usbguard.service.in 2023-01-12 13:17:22.588078994 +0100
|
||||
--- usbguard-1.0.0/usbguard.service.in.orig 2023-01-12 13:22:23.032554498 +0100
|
||||
+++ usbguard-1.0.0/usbguard.service.in 2023-01-12 13:22:33.082568210 +0100
|
||||
@@ -8,7 +8,7 @@ OOMScoreAdjust=-1000
|
||||
AmbientCapabilities=
|
||||
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_AUDIT_WRITE
|
||||
DevicePolicy=closed
|
||||
-ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
|
||||
+ExecStart=%sbindir%/usbguard-daemon -f -s -K -c %sysconfdir%/usbguard/usbguard-daemon.conf
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
|
@ -0,0 +1,111 @@
|
|||
diff --git a/Makefile.am b/Makefile.am
|
||||
index f4ce03d8..2d1ded8e 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -71,7 +71,10 @@ man_ROFF_FILES=\
|
||||
$(man_ADOC_FILES:.adoc=.roff)
|
||||
|
||||
EXTRA_DIST+=\
|
||||
- $(man_ADOC_FILES)
|
||||
+ $(man_ADOC_FILES) \
|
||||
+ doc/man/example-allow-device.adoc \
|
||||
+ doc/man/example-initial-policy.adoc \
|
||||
+ doc/man/footer.adoc
|
||||
|
||||
CLEANFILES+=\
|
||||
$(man_ROFF_FILES) \
|
||||
diff --git a/scripts/docker/build_on_alpine_linux_3_15.Dockerfile b/scripts/docker/build_on_alpine_linux_3_15.Dockerfile
|
||||
index a86a18a0..5b20958d 100644
|
||||
--- a/scripts/docker/build_on_alpine_linux_3_15.Dockerfile
|
||||
+++ b/scripts/docker/build_on_alpine_linux_3_15.Dockerfile
|
||||
@@ -18,6 +18,7 @@ FROM alpine:3.15
|
||||
RUN echo '@edge-testing https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
|
||||
&& \
|
||||
apk add --update \
|
||||
+ asciidoc \
|
||||
autoconf \
|
||||
automake \
|
||||
dbus-glib-dev \
|
||||
@@ -34,10 +35,19 @@ RUN echo '@edge-testing https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /
|
||||
pegtl@edge-testing \
|
||||
pkgconf \
|
||||
polkit-dev \
|
||||
- protobuf-dev
|
||||
+ protobuf-dev \
|
||||
+ tar
|
||||
ADD usbguard.tar usbguard/
|
||||
ADD catch.tar usbguard/src/ThirdParty/Catch/
|
||||
WORKDIR usbguard
|
||||
RUN git init &>/dev/null && ./autogen.sh
|
||||
RUN ./configure --with-bundled-catch || ! cat config.log
|
||||
-RUN make V=1 "-j$(nproc)"
|
||||
+RUN make dist
|
||||
+RUN tar --version
|
||||
+RUN tar xf usbguard-*.tar.gz
|
||||
+RUN mv -v usbguard-*.*.*/ usbguard-release/
|
||||
+RUN mkdir usbguard-release/build/
|
||||
+WORKDIR usbguard-release/build/
|
||||
+RUN ../configure --with-bundled-catch || ! cat config.log
|
||||
+RUN bash -c 'set -o pipefail; make V=1 "-j$(nproc)" |& tee build.log'
|
||||
+RUN ! grep -F 'include file not found' build.log
|
||||
diff --git a/scripts/docker/build_on_centos_8_2.Dockerfile b/scripts/docker/build_on_centos_8_2.Dockerfile
|
||||
index a9947c56..fea933dd 100644
|
||||
--- a/scripts/docker/build_on_centos_8_2.Dockerfile
|
||||
+++ b/scripts/docker/build_on_centos_8_2.Dockerfile
|
||||
@@ -27,6 +27,7 @@ RUN sed \
|
||||
dnf config-manager --set-enabled PowerTools \
|
||||
&& \
|
||||
dnf install -y \
|
||||
+ asciidoc \
|
||||
autoconf \
|
||||
automake \
|
||||
dbus-glib-devel \
|
||||
@@ -49,4 +50,11 @@ ADD pegtl.tar usbguard/src/ThirdParty/PEGTL/
|
||||
WORKDIR usbguard
|
||||
RUN git init &>/dev/null && ./autogen.sh
|
||||
RUN ./configure --with-bundled-catch --with-bundled-pegtl || ! cat config.log
|
||||
-RUN make V=1 "-j$(nproc)"
|
||||
+RUN make dist
|
||||
+RUN tar xf usbguard-*.tar.gz
|
||||
+RUN mv -v usbguard-*.*.*/ usbguard-release/
|
||||
+RUN mkdir usbguard-release/build/
|
||||
+WORKDIR usbguard-release/build/
|
||||
+RUN ../configure --with-bundled-catch --with-bundled-pegtl || ! cat config.log
|
||||
+RUN bash -c 'set -o pipefail; make V=1 "-j$(nproc)" |& tee build.log'
|
||||
+RUN ! grep -F 'include file not found' build.log
|
||||
diff --git a/scripts/docker/build_on_debian_buster_with_gcc_9_2.Dockerfile b/scripts/docker/build_on_debian_buster_with_gcc_9_2.Dockerfile
|
||||
index dc884cc6..802a3f05 100644
|
||||
--- a/scripts/docker/build_on_debian_buster_with_gcc_9_2.Dockerfile
|
||||
+++ b/scripts/docker/build_on_debian_buster_with_gcc_9_2.Dockerfile
|
||||
@@ -58,5 +58,12 @@ ADD catch.tar usbguard/src/ThirdParty/Catch/
|
||||
WORKDIR usbguard
|
||||
RUN git init &>/dev/null && ./autogen.sh
|
||||
RUN ./configure --enable-systemd --with-bundled-catch || ! cat config.log
|
||||
-RUN make V=1 "-j$(nproc)"
|
||||
+RUN make dist
|
||||
+RUN tar xf usbguard-*.tar.gz
|
||||
+RUN mv -v usbguard-*.*.*/ usbguard-release/
|
||||
+RUN mkdir usbguard-release/build/
|
||||
+WORKDIR usbguard-release/build/
|
||||
+RUN ../configure --enable-systemd --with-bundled-catch || ! cat config.log
|
||||
+RUN bash -c 'set -o pipefail; make V=1 "-j$(nproc)" |& tee build.log'
|
||||
+RUN ! grep -F 'include file not found' build.log
|
||||
RUN make V=1 check || { cat src/Tests/test-suite.log ; false ; }
|
||||
diff --git a/scripts/docker/build_on_ubuntu_22_04.Dockerfile b/scripts/docker/build_on_ubuntu_22_04.Dockerfile
|
||||
index 0303dffe..e9214439 100644
|
||||
--- a/scripts/docker/build_on_ubuntu_22_04.Dockerfile
|
||||
+++ b/scripts/docker/build_on_ubuntu_22_04.Dockerfile
|
||||
@@ -50,5 +50,12 @@ ADD usbguard.tar usbguard/
|
||||
WORKDIR usbguard
|
||||
RUN git init &>/dev/null && ./autogen.sh
|
||||
RUN ./configure --enable-systemd || ! cat config.log
|
||||
-RUN make V=1 "-j$(nproc)"
|
||||
+RUN make dist
|
||||
+RUN tar xf usbguard-*.tar.gz
|
||||
+RUN mv -v usbguard-*.*.*/ usbguard-release/
|
||||
+RUN mkdir usbguard-release/build/
|
||||
+WORKDIR usbguard-release/build/
|
||||
+RUN ../configure --enable-systemd || ! cat config.log
|
||||
+RUN bash -c 'set -o pipefail; make V=1 "-j$(nproc)" |& tee build.log'
|
||||
+RUN ! grep -F 'include file not found' build.log
|
||||
RUN make V=1 check || { cat src/Tests/test-suite.log ; false ; }
|
|
@ -1,6 +1,6 @@
|
|||
diff --color -ru a/src/Library/IPCServerPrivate.cpp b/src/Library/IPCServerPrivate.cpp
|
||||
--- a/src/Library/IPCServerPrivate.cpp 2020-11-23 15:56:12.979847655 +0100
|
||||
+++ b/src/Library/IPCServerPrivate.cpp 2021-09-15 10:02:51.641082533 +0200
|
||||
+++ b/src/Library/IPCServerPrivate.cpp 2021-10-14 12:33:12.462503822 +0200
|
||||
@@ -567,10 +567,12 @@
|
||||
bool IPCServerPrivate::authenticateIPCConnectionDAC(uid_t uid, gid_t gid, IPCServer::AccessControl* const ac_ptr) const
|
||||
{
|
|
@ -1,6 +1,6 @@
|
|||
diff --color -ru a/usbguard-notifier-0.0.6/man/usbguard-notifier.1 b/usbguard-notifier-0.0.6/man/usbguard-notifier.1
|
||||
--- a/usbguard-notifier-0.0.6/man/usbguard-notifier.1 2021-09-24 13:08:23.304639109 +0200
|
||||
+++ b/usbguard-notifier-0.0.6/man/usbguard-notifier.1 2021-09-24 13:16:14.177186425 +0200
|
||||
--- a/usbguard-notifier-0.0.6/man/usbguard-notifier.1 2021-10-14 12:44:57.816146101 +0200
|
||||
+++ b/usbguard-notifier-0.0.6/man/usbguard-notifier.1 2021-10-14 12:46:14.442519466 +0200
|
||||
@@ -39,7 +39,12 @@
|
||||
.PP
|
||||
\fB\-w, \-\-wait\fR
|
||||
|
@ -82,7 +82,7 @@ diff --color -ru a/usbguard-notifier-0.0.6/man/usbguard-notifier.1 b/usbguard-no
|
|||
usbguard(1)
|
||||
diff --color -ru a/usbguard-notifier-0.0.6/src/Main.cpp b/usbguard-notifier-0.0.6/src/Main.cpp
|
||||
--- a/usbguard-notifier-0.0.6/src/Main.cpp 2020-03-04 08:59:49.138771474 +0100
|
||||
+++ b/usbguard-notifier-0.0.6/src/Main.cpp 2021-09-24 13:07:41.322966320 +0200
|
||||
+++ b/usbguard-notifier-0.0.6/src/Main.cpp 2021-10-14 12:46:14.443519484 +0200
|
||||
@@ -20,6 +20,7 @@
|
||||
#include "Log.hpp"
|
||||
#include "Notifier.hpp"
|
||||
|
@ -170,7 +170,7 @@ diff --color -ru a/usbguard-notifier-0.0.6/src/Main.cpp b/usbguard-notifier-0.0.
|
|||
}
|
||||
diff --color -ru a/usbguard-notifier-0.0.6/usbguard-notifier.service.in b/usbguard-notifier-0.0.6/usbguard-notifier.service.in
|
||||
--- a/usbguard-notifier-0.0.6/usbguard-notifier.service.in 2020-03-04 09:00:32.019254871 +0100
|
||||
+++ b/usbguard-notifier-0.0.6/usbguard-notifier.service.in 2021-09-24 13:07:41.322966320 +0200
|
||||
+++ b/usbguard-notifier-0.0.6/usbguard-notifier.service.in 2021-10-14 12:46:14.444519502 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
After=usbguard.service
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
diff -up usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te.orig usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te
|
||||
--- usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te.orig 2021-03-17 15:08:59.975712403 +0100
|
||||
+++ usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te 2021-03-17 15:09:21.565708348 +0100
|
||||
diff -up usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te.orig usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te
|
||||
--- usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te.orig 2021-03-23 10:32:56.239139027 +0100
|
||||
+++ usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te 2021-03-23 10:33:05.718229143 +0100
|
||||
@@ -68,7 +68,7 @@ files_pid_file(usbguard_var_run_t)
|
||||
# Local policy
|
||||
#
|
|
@ -1,7 +1,7 @@
|
|||
diff -up usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te.orig usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te
|
||||
--- usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te.orig 2022-08-24 16:14:30.810875871 +0200
|
||||
+++ usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te 2022-08-24 16:15:50.064906117 +0200
|
||||
@@ -100,7 +100,6 @@ logging_log_filetrans(usbguard_t, usbgua
|
||||
diff -up usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te.orig usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te
|
||||
--- usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te.orig 2022-08-17 09:17:13.995269603 +0200
|
||||
+++ usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te 2022-08-17 09:18:47.439260009 +0200
|
||||
@@ -99,7 +99,6 @@ logging_log_filetrans(usbguard_t, usbgua
|
||||
|
||||
logging_send_syslog_msg(usbguard_t)
|
||||
|
||||
|
@ -9,7 +9,7 @@ diff -up usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te.orig usbguard-1.0.0/u
|
|||
usbguard_ipc_access(usbguard_t)
|
||||
|
||||
tunable_policy(`usbguard_daemon_write_rules',`
|
||||
@@ -111,6 +110,15 @@ tunable_policy(`usbguard_daemon_write_co
|
||||
@@ -110,6 +109,14 @@ tunable_policy(`usbguard_daemon_write_co
|
||||
rw_files_pattern(usbguard_t, usbguard_conf_t, usbguard_conf_t)
|
||||
')
|
||||
|
||||
|
@ -20,7 +20,6 @@ diff -up usbguard-1.0.0/usbguard-selinux-0.0.3/usbguard.te.orig usbguard-1.0.0/u
|
|||
+ policykit_dbus_chat(usbguard_t)
|
||||
+ ')
|
||||
+')
|
||||
+
|
||||
+
|
||||
# Allow confined users to communicate with usbguard over unix socket
|
||||
optional_policy(`
|
|
@ -0,0 +1,24 @@
|
|||
From 6a596441eb91215898542bce4aadabfe396a3875 Mon Sep 17 00:00:00 2001
|
||||
From: Birger Schacht <1143280+b1rger@users.noreply.github.com>
|
||||
Date: Mon, 18 Jan 2021 15:00:47 +0000
|
||||
Subject: [PATCH] Write PIDFile to /run instead of /var/run
|
||||
|
||||
According to https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s13.html regarding /var/run:
|
||||
This directory was once intended for system information data describing the system since it was booted. These functions have been moved to /run; this directory exists to ensure compatibility with systems and software using an older version of this specification.
|
||||
---
|
||||
usbguard.service.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/usbguard.service.in b/usbguard.service.in
|
||||
index 0d7e193c..2ec8c633 100644
|
||||
--- a/usbguard.service.in
|
||||
+++ b/usbguard.service.in
|
||||
@@ -12,7 +12,7 @@ IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
-PIDFile=/var/run/usbguard.pid
|
||||
+PIDFile=/run/usbguard.pid
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectControlGroups=yes
|
|
@ -1,6 +1,6 @@
|
|||
diff --color -ru a/doc/man/usbguard.1.adoc b/doc/man/usbguard.1.adoc
|
||||
--- a/doc/man/usbguard.1.adoc 2021-09-20 09:08:55.134538747 +0200
|
||||
+++ b/doc/man/usbguard.1.adoc 2021-09-20 16:46:48.266557561 +0200
|
||||
--- a/doc/man/usbguard.1.adoc 2020-11-23 15:56:12.977847682 +0100
|
||||
+++ b/doc/man/usbguard.1.adoc 2021-10-14 12:39:11.949947187 +0200
|
||||
@@ -282,6 +282,7 @@
|
||||
....
|
||||
|
||||
|
@ -10,8 +10,8 @@ diff --color -ru a/doc/man/usbguard.1.adoc b/doc/man/usbguard.1.adoc
|
|||
|
||||
=== *remove-user* 'name' ['OPTIONS']
|
||||
diff --color -ru a/doc/man/usbguard-daemon.conf.5.adoc b/doc/man/usbguard-daemon.conf.5.adoc
|
||||
--- a/doc/man/usbguard-daemon.conf.5.adoc 2021-09-20 09:08:55.135538763 +0200
|
||||
+++ b/doc/man/usbguard-daemon.conf.5.adoc 2021-09-20 13:20:09.788855176 +0200
|
||||
--- a/doc/man/usbguard-daemon.conf.5.adoc 2020-11-23 15:56:12.977847682 +0100
|
||||
+++ b/doc/man/usbguard-daemon.conf.5.adoc 2021-10-14 12:39:11.953947259 +0200
|
||||
@@ -162,6 +162,8 @@
|
||||
|
||||
** list: Get values of run-time parameters.
|
||||
|
@ -22,8 +22,8 @@ diff --color -ru a/doc/man/usbguard-daemon.conf.5.adoc b/doc/man/usbguard-daemon
|
|||
It allows one to modify USB device authorization state (`Devices=modify`), list USB devices (`Devices=list`), listen to USB device related events (`Devices=listen`), list USB authorization policy rules (`Policy=list`) and listen to exception events (`Exceptions=listen`):
|
||||
|
||||
diff --color -ru a/src/Library/public/usbguard/IPCServer.cpp b/src/Library/public/usbguard/IPCServer.cpp
|
||||
--- a/src/Library/public/usbguard/IPCServer.cpp 2021-09-20 09:08:55.206539917 +0200
|
||||
+++ b/src/Library/public/usbguard/IPCServer.cpp 2021-09-22 10:38:28.703655497 +0200
|
||||
--- a/src/Library/public/usbguard/IPCServer.cpp 2020-11-23 15:56:12.979847655 +0100
|
||||
+++ b/src/Library/public/usbguard/IPCServer.cpp 2021-10-14 12:39:11.954947277 +0200
|
||||
@@ -159,18 +159,25 @@
|
||||
throw USBGUARD_BUG("Cannot set privileges for NONE section");
|
||||
}
|
||||
|
@ -83,8 +83,8 @@ diff --color -ru a/src/Library/public/usbguard/IPCServer.cpp b/src/Library/publi
|
|||
: d_pointer(usbguard::make_unique<IPCServerPrivate>(*this))
|
||||
{
|
||||
diff --color -ru a/src/Library/public/usbguard/IPCServer.hpp b/src/Library/public/usbguard/IPCServer.hpp
|
||||
--- a/src/Library/public/usbguard/IPCServer.hpp 2021-09-20 09:08:55.200539819 +0200
|
||||
+++ b/src/Library/public/usbguard/IPCServer.hpp 2021-09-20 13:11:31.476803776 +0200
|
||||
--- a/src/Library/public/usbguard/IPCServer.hpp 2020-10-11 17:43:43.519295669 +0200
|
||||
+++ b/src/Library/public/usbguard/IPCServer.hpp 2021-10-14 12:39:11.955947295 +0200
|
||||
@@ -278,6 +278,17 @@
|
||||
};
|
||||
|
|
@ -1,14 +1,14 @@
|
|||
%global _hardened_build 1
|
||||
%global selinuxtype targeted
|
||||
%global moduletype contrib
|
||||
%define semodule_version 0.0.3
|
||||
%define semodule_version 0.0.4
|
||||
%define notifier_version 0.0.6
|
||||
|
||||
%bcond_without check
|
||||
|
||||
Name: usbguard
|
||||
Version: 1.0.0
|
||||
Release: 13%{?dist}
|
||||
Release: 15%{?dist}
|
||||
Summary: A tool for implementing USB device usage policy
|
||||
Group: System Environment/Daemons
|
||||
License: GPLv2+
|
||||
|
@ -51,25 +51,21 @@ BuildRequires: libxslt
|
|||
BuildRequires: libxml2
|
||||
|
||||
Patch1: usbguard-0.7.6-notifier.patch
|
||||
Patch2: usbguard-selinux-rules-d.patch
|
||||
Patch3: usbguard-selinux-list-dir.patch
|
||||
Patch4: usbguard-selinux-cpuinfo.patch
|
||||
Patch5: usbguard-audit-capability.patch
|
||||
Patch6: usbguard-selinux-audit-capability.patch
|
||||
Patch7: usbguard-ipaddressdeny.patch
|
||||
Patch8: usbguard-ipc-override-fix.patch
|
||||
Patch9: usbguard-validate-acl.patch
|
||||
Patch10: usbguard-notifier-decrease-spam.patch
|
||||
Patch11: usbguard-notifier-icon-injection.patch
|
||||
Patch12: usbguard-dbus-CVE.patch
|
||||
Patch13: usbguard-selinux-dbus-CVE.patch
|
||||
Patch14: usbguard-dbus-CVE-leak.patch
|
||||
Patch15: usbguard-daemon-race-condition.patch
|
||||
Patch16: usbguard-OOMScoreAdjust.patch
|
||||
Patch17: usbguard-consistent-rules.patch
|
||||
Patch18: usbguard-missing-doc.patch
|
||||
Patch19: usbguard-permanent-rules.patch
|
||||
Patch20: usbguard-disable-console-log.patch
|
||||
Patch2: usbguard-audit-capability.patch
|
||||
Patch3: usbguard-selinux-audit-capability.patch
|
||||
Patch4: usbguard-service-pidfile.patch
|
||||
Patch5: usbguard-ipc-override-fix.patch
|
||||
Patch6: usbguard-validate-acl.patch
|
||||
Patch7: usbguard-notifier-decrease-spam.patch
|
||||
Patch8: usbguard-dbus-CVE.patch
|
||||
Patch9: usbguard-selinux-dbus-CVE.patch
|
||||
Patch10: usbguard-dbus-CVE-leak.patch
|
||||
Patch11: usbguard-OOMScoreAdjust.patch
|
||||
Patch12: usbguard-daemon-race-condition.patch
|
||||
Patch13: usbguard-consistent-rules.patch
|
||||
Patch14: usbguard-missing-doc.patch
|
||||
Patch15: usbguard-permanent-rules.patch
|
||||
Patch16: usbguard-disable-console-log.patch
|
||||
|
||||
%description
|
||||
The USBGuard software framework helps to protect your computer against rogue USB
|
||||
|
@ -147,25 +143,21 @@ device presence changes and displays them as pop-up notifications.
|
|||
rm -rf src/ThirdParty/{Catch,PEGTL}
|
||||
|
||||
%patch1 -p1 -b .notifier
|
||||
%patch2 -p1 -b .rules-d-selinux
|
||||
%patch3 -p1 -b .list-dir
|
||||
%patch4 -p1 -b .cpuinfo
|
||||
%patch5 -p1 -b .audit-capability
|
||||
%patch6 -p1 -b .selinux-audit-capability
|
||||
%patch7 -p1 -b .ipaddressdeny
|
||||
%patch8 -p1 -b .ipc-override-fix
|
||||
%patch9 -p1 -b .validate-acl
|
||||
%patch10 -p1 -b .notifier-decrease-spam
|
||||
%patch11 -p1 -b .notifier-icon-injection
|
||||
%patch12 -p1 -b .dbus-CVE
|
||||
%patch13 -p1 -b .selinux-dbus-CVE
|
||||
%patch14 -p1 -b .dbus-CVE-leak
|
||||
%patch15 -p1 -b .daemon-race
|
||||
%patch16 -p1 -b .OOMScoreAdjust
|
||||
%patch17 -p1 -b .consistent-rules
|
||||
%patch18 -p1 -b .missing-doc
|
||||
%patch19 -p1 -b .permanent-rules
|
||||
%patch20 -p1 -b .disable-syslog
|
||||
%patch2 -p1 -b .audit-write
|
||||
%patch3 -p1 -b .selinux-audit-write
|
||||
%patch4 -p1 -b .pidfile
|
||||
%patch5 -p1 -b .ipc-override-fix
|
||||
%patch6 -p1 -b .validate-acl
|
||||
%patch7 -p1 -b .notifier-decrease-spam
|
||||
%patch8 -p1 -b .dbus-CVE
|
||||
%patch9 -p1 -b .selinux-dbus-CVE
|
||||
%patch10 -p1 -b .dbus-CVE-leak
|
||||
%patch11 -p1 -b .oomscore-adjust
|
||||
%patch12 -p1 -b .race-condition
|
||||
%patch13 -p1 -b .consistent-rules
|
||||
%patch14 -p1 -b .missing-doc
|
||||
%patch15 -p1 -b .permanent-rules
|
||||
%patch16 -p1 -b .disable-syslog
|
||||
|
||||
%build
|
||||
mkdir -p ./m4
|
||||
|
@ -330,104 +322,146 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Jan 12 2023 Attila Lakatos <alakatos@redhat.com> - 1.0.0-13
|
||||
- Set OOMScoreAdjust to -1000 in service file
|
||||
Resolves: rhbz#2159411
|
||||
- Fix race condition in usbguard-daemon when forking
|
||||
Resolves: rhbz#2159409
|
||||
- Add missing files to documentation
|
||||
Resolves: rhbz#2159412
|
||||
* Thu Jan 12 2023 Attila Lakatos <alakatos@redhat.com> - 1.0.0-15
|
||||
- Disable logging to console, logging to syslog is still enabled
|
||||
Resolves: rhbz#2122109
|
||||
- Store permanent rules even if RuleFile is not set but RuleFolder is
|
||||
Resolves: rhbz#2155910
|
||||
|
||||
* Mon Nov 28 2022 Attila Lakatos <alakatos@redhat.com> - 1.0.0-12
|
||||
- Set OOMScoreAdjust to -1000 in service file
|
||||
Resolves: rhbz#2097419
|
||||
- Fix race condition in usbguard-daemon when forking
|
||||
Resolves: rhbz#2042345
|
||||
- Add missing files to documentation
|
||||
Resolves: rhbz#2122107
|
||||
- Neither RuleFolder nor RuleFile exists bugfix
|
||||
Resolves: rhbz#2159413
|
||||
Resolves: rhbz#2122109
|
||||
- Remove build for i686 arch
|
||||
Resolves: rhbz#2105091
|
||||
Resolves: rhbz#2126622
|
||||
|
||||
* Wed Aug 24 2022 Attila Lakatos <alakatos@redhat.com> - 1.0.0-10
|
||||
* Tue Aug 16 2022 Attila Lakatos <alakatos@redhat.com> - 1.0.0-11
|
||||
- Fix unauthorized access via D-bus
|
||||
- Fix memory leaks on connection failure to D-bus
|
||||
Resolves: rhbz#2059067
|
||||
- Fix memory leak when connection to dbus is broken
|
||||
Resolves: rhbz#2059068
|
||||
|
||||
* Mon Nov 29 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.0-8
|
||||
- change usbguard icon injection
|
||||
* Mon Oct 25 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.0-10
|
||||
- fix DSP module definition in spec file
|
||||
Resolves: rhbz#2014441
|
||||
- add execstack to spec
|
||||
- remove IPAddressDeny from usbguard service
|
||||
Resolves: rhbz#1929364
|
||||
- fix file conflict when installing usbguard on rhel
|
||||
Resolves: rhbz#1963271
|
||||
Resolves: rhbz#2014442
|
||||
- fix IPC access control files override
|
||||
Resolves: rhbz#2004511
|
||||
Resolves: rhbz#2009227
|
||||
- validate ACL permission existence
|
||||
Resolves: rhbz#2005020
|
||||
Resolves: rhbz#2009229
|
||||
- decrease usbguard-notifier spam when denied connection
|
||||
Resolves: rhbz#2000000
|
||||
Resolves: rhbz#2009226
|
||||
|
||||
* Wed Mar 17 2021 Attila Lakatos <alakatos@redhat.com> - 1.0.0-2
|
||||
- Add CAP_AUDIT_WRITE capability to service file
|
||||
Resolves: rhbz#1940060
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.0-8
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Tue Jan 19 2021 Attila Lakatos <alakatos@redhat.com> - 1.0.0-1
|
||||
- Rebase to 1.0.0
|
||||
Resolves: rhbz#1887448
|
||||
- Filtering rules by attribute
|
||||
Resolves: rhbz#1873953
|
||||
- Change device policy of multiple devices using rule instead of ID
|
||||
Resolves: rhbz#1852568
|
||||
* Wed Jul 28 2021 Radovan Sroka <rsroka@redhat.com> - 1.0.0-7
|
||||
RHEL 9 BETA
|
||||
- starting usbguard service complains about PIDFile= references a path below legacy directory /var/run/
|
||||
Resolves: rhbz#1985627
|
||||
- file conflict when installing usbguard on rhel
|
||||
Resolves: rhbz#1986785
|
||||
|
||||
* Tue Aug 11 2020 Attila Lakatos <alakatos@redhat.com> - 0.7.8-7
|
||||
- Do not cause segfault in case of an empty rulesd folder
|
||||
Resolves: rhbz#1738590
|
||||
* Fri Apr 16 2021 Attila Lakatos <alakatos@redhat.com> - 1.0.0-6
|
||||
- Clear executable stack flag on usbguard-notifier
|
||||
Resolves: rhbz#1917544
|
||||
|
||||
* Wed Aug 05 2020 Radovan Sroka <rsroka@redhat.com> - 0.7.8-6
|
||||
- RHEL 8.3.0 ERRATUM
|
||||
- Removed execstack from .spec
|
||||
- Removed AuthorizedDefault=wired from the usbguard
|
||||
Resolves: rhbz#1852539
|
||||
- Missing error message on bad configuration
|
||||
Resolves: rhbz#1857299
|
||||
- /etc/usbguard/usbguard-daemon.conf file does not contain all default options
|
||||
Resolves: rhbz#1862907
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.0-5
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Wed Jun 17 2020 Radovan Sroka <rsroka@redhat.com> - 0.7.8-5
|
||||
- RHEL 8.3.0 ERRATUM
|
||||
- Use old-fasioned forking style in unit file
|
||||
Resolves: rhbz#1846885
|
||||
- Allow usbguard to read /proc/cpuinfo
|
||||
Resolves: rhbz#1847870
|
||||
- Removed notifier's Requires for usbguard-devel
|
||||
Resolves: rhbz#1667395
|
||||
- Allow usbguard to read /dev/urandom
|
||||
Resolves: rhbz#1848618
|
||||
* Fri Feb 19 2021 Attila Lakatos <alakatos@redhat.com> - 1.0.0-4
|
||||
- sync with rhel-8.4.0 branch
|
||||
- bundle usbguard-notifier as subpackage
|
||||
Resolves: rhbz#1917544
|
||||
|
||||
* Wed May 06 2020 Attila Lakatos <alakatos@redhat.com> - 0.7.8-4
|
||||
- RHEL 8.3.0 ERRATUM
|
||||
- Spec file clean up
|
||||
- Rebase to 0.7.8
|
||||
Resolves: rhbz#1738590
|
||||
- Added selinux subpackage
|
||||
Resolves: rhbz#1683567
|
||||
- Added notifier subpackage
|
||||
- Installing /etc/usbguard/rules.d/
|
||||
Resolves: rhbz#1667395
|
||||
- Fixed sigwaitinfo handling
|
||||
Resolves: rhbz#1835210
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Mon Nov 25 2019 Marek Tamaskovic <mtamasko@redhat.com> - 0.7.4-4
|
||||
- add match-all keyword
|
||||
* Sat Jan 16 12:49:32 CET 2021 Adrian Reber <adrian@lisas.de> - 1.0.0-2
|
||||
- Rebuilt for protobuf 3.14
|
||||
|
||||
* Tue May 21 2019 Daniel Kopeček <dkopecek@redhat.com> - 0.7.4-3
|
||||
- spec: make the check phase conditional
|
||||
* Thu Jan 14 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.0-1
|
||||
- rebase usbguard to 1.0.0
|
||||
- added support for rules covering combination of classes
|
||||
- fix usbguard being killed
|
||||
Resolves: rhbz#1916039
|
||||
Resolves: rhbz#1861330
|
||||
Resolves: rhbz#1905257
|
||||
|
||||
* Fri Dec 14 2018 Jiri Vymazal <jvymazal@redhat.com> - 0.7.4-2
|
||||
Resolves: rhbz#1643057 - usbguard fails to report invalid value in IPCAccessControlFiles directive
|
||||
* Wed Jan 13 14:43:57 CET 2021 Adrian Reber <adrian@lisas.de> - 0.7.8-6
|
||||
- Rebuilt for protobuf 3.14
|
||||
|
||||
* Wed Jul 11 2018 Daniel Kopeček <dkopecek@redhat.com> - 0.7.4-1
|
||||
- Update to 0.7.4
|
||||
- Replaced asciidoctor dependency with asciidoc
|
||||
- Disabled Qt applet
|
||||
* Thu Sep 24 2020 Adrian Reber <adrian@lisas.de> - 0.7.8-5
|
||||
- Rebuilt for protobuf 3.13
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.8-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Jun 24 2020 Radovan Sroka <rsroka@redhat.com> - 0.7.8-3
|
||||
- rebase selinux tarball to v0.0.4
|
||||
- enable forking style in unit file
|
||||
- set DevicePolicy to closed in unit file
|
||||
- usbguard prevented from writing conf via dontaudit rule
|
||||
Resolves: rhbz#1804713
|
||||
Resolves: rhbz#1789923
|
||||
|
||||
* Sun Jun 14 2020 Adrian Reber <adrian@lisas.de> - 0.7.8-2
|
||||
- Rebuilt for protobuf 3.12
|
||||
|
||||
* Tue May 19 2020 Radovan Sroka <rsroka@redhat.com> - 0.7.8-1
|
||||
- rebase usbguard to 0.7.8
|
||||
- rebase usbguard-selinux to 0.0.3
|
||||
- added rules.d/ directory
|
||||
Resolves: rhbz#1808527
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.6-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Dec 19 2019 Orion Poplawski <orion@nwra.com> - 0.7.6-7
|
||||
- Rebuild for protobuf 3.11
|
||||
|
||||
* Wed Dec 18 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-6
|
||||
- fix selinux problems
|
||||
|
||||
* Mon Dec 02 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-5
|
||||
- obsolete applet-qt subpackage
|
||||
|
||||
* Mon Nov 25 2019 Attila Lakatos <alakatos@redhat.com> - 0.7.6-4
|
||||
- added patch for libqb related permission issues
|
||||
resolves: rhbz#1776357
|
||||
- added patch to ensure that usbguard-daemons is still running after locked screen
|
||||
resolves: rhbz#1751861
|
||||
- added patch to fix permanent device policy changes
|
||||
|
||||
* Wed Nov 13 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-3
|
||||
- fixed typo in specfile
|
||||
- usbguard.conf was generated incorrectly
|
||||
|
||||
* Wed Nov 13 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-2
|
||||
- added selinux subpackage
|
||||
|
||||
* Mon Nov 11 2019 Radovan Sroka <rsroka@redhat.com> - 0.7.6-1
|
||||
- rebase to 0.7.6
|
||||
- removed usbguard-applet subpackage which is not in upstream anymore
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Nov 21 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.7.2-6
|
||||
- Rebuild for protobuf 3.6
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Thu Apr 05 2018 Daniel Kopeček <dkopecek@redhat.com> - 0.7.2-4
|
||||
- Update to latest PEGTL API
|
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
Loading…
Reference in New Issue