Skip to content

Releases: USBGuard/usbguard

usbguard-1.1.3

06 Jun 14:48
usbguard-1.1.3
d8f6595
Compare
Choose a tag to compare

What's Changed

  • Fix typo in CLI --help message: "privilges" -> "privileges" by @cvubrugier in #559
  • Harden service file: Set OOMScoreAdjust to -1000 by @Cropi in #563
  • Specify what happens when neither RuleFile nor RuleFolder is set by @Cropi in #562
  • The parent process should wait for the first child process to finish in forking mode(-f) by @Cropi in #554
  • dbus: check whether the client wanted interactive authentication by @muelli in #546
  • Add missing .adoc files to the tarball (alternative to #561) by @hartwork in #567
  • Replace problematic terms with alternatives by @Cropi in #569
  • Fix CI by fixing calls to ldap-utils by @hartwork in #573
  • Describe comments in the manual page, fixes #461 by @Cropi in #572
  • Store permanent rules even if RuleFile is not set but RuleFolder is. by @Cropi in #580
  • Fix build for GCC 13 + make GitHub Actions cover build with GCC 13 by @hartwork in #586
  • Bump GitHub Actions off deprecated actions/checkout@v2 by @hartwork in #587
  • Actions(deps): Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #592
  • Actions(deps): Bump actions/checkout from 3.5.3 to 4.1.1 by @dependabot in #606
  • Add "--version" option to the usbguard CLI by @Cropi in #576
  • ruleset: detect integer overflow of the ID and bail out by @muelli in #600
  • Enable RuleFolder by default by @PureTryOut in #621
  • [please do not squash when merging] Fix CI and RuleSet::assignID regressions by @hartwork in #628

New Contributors

Full Changelog: usbguard-1.1.2...usbguard-1.1.3

usbguard-1.1.2

02 Sep 16:36
usbguard-1.1.2
a9380dd
Compare
Choose a tag to compare

What's Changed

  • polkit: Always allow getParameter/listDevices/listRules in active sessions (fixes #544) by @hartwork in #545
  • D-Bus: Send reply on auth failure by @hartwork in #548
  • GitHub Actions: Fix Ubuntu Docker build (by migrating from 21.10 to 22.04) by @hartwork in #552
  • Unreference PolkitAuthorizationResult and PolkitAuthority structs if needed by @Cropi in #551

Full Changelog: usbguard-1.1.1...usbguard-1.1.2

usbguard-1.1.1

15 Mar 17:19
usbguard-1.1.1
5a73324
Compare
Choose a tag to compare

What's Changed

  • Use authentication instead of authentification by @b1rger in #542
  • Restore support for access control filenames without a group (fixes #540) by @hartwork in #541

Full Changelog: usbguard-1.1.0...usbguard-1.1.1

usbguard-1.1.0

24 Feb 14:46
usbguard-1.1.0
8605c10
Compare
Choose a tag to compare

Change Log

Added

  • Started building with C++17
  • Tree-like list-devices output
  • Added CAP_AUDIT_WRITE capability to service file
  • Added support for lower OpenSSL versions prior to 1.1.0
  • Added a new signal: DevicePolicyApplied

Fixed/Changed

  • Moved PIDFile from /var/run to /run
  • Fixed linker isssues with disable-static
  • Enhanced bash-completion script
  • Make username/group checking consistent with useradd manual page definition
    (with addition of capital letters)
  • Fixed multiple IPC related bugs
  • Fixed race condition when accessing port/connect_type for USB devices
  • Using bundled catch v2.13.8
  • Using bundled PEGTL v3.2.5
  • Fixed usbguard-rule-parser file opening
  • Fix unauthorized access via D-Bus [CVE-2019-25058]

Thanks

Many thanks to the following people for contributions to this release and to the USBGuard project:

SHA256(usbguard-1.1.0.tar.gz) a39104042b0c57f969c4e6580f6d80ad7066551eda966600695e644081128a2d

usbguard-1.0.0

13 Jan 15:33
usbguard-1.0.0
b9ea78e
Compare
Choose a tag to compare

Change Log

Added

  • Added openssl support
  • Starting with libtool versioning
  • Added interface for IPC permission query
  • Introduced partial rule concept fo CLI
  • Added WithConnectType for ldap rule

Fixed/Changed

  • Daemon does not apply the policy when
    "change" action event appears anymore
  • IPCClientPrivate@disconnect is thread safe
  • Enforced loading of files from .d/ direcory
    in alfabetical order
  • Improved CLI behaviour to be consistent
  • Clarified rule's label documentation
  • Fixed thread copy assignment bug
  • Fixed oss-fuzz build
  • Improved overall documentation
  • Set DevicePolicy to closed in service file

Thanks

Many thanks to the following people for contributions to this release and to the USBGuard project:

SHA256(usbguard-1.0.0.tar.gz) 5617986cd5dd1a2d311041648a1977d836cf4e33a4121d7f82599f21496abc42

usbguard-0.7.8

20 May 12:17
usbguard-0.7.8
add3c44
Compare
Choose a tag to compare
usbguard-0.7.8 Pre-release
Pre-release

Change Log

Fixed

  • Fixed segfaults with rules.d feature

SHA256(usbguard-0.7.8.tar.gz) 45b0bea8a2239f7ff3c5fe0027dfa7ce4641e8996e05cb91640276876b8d85c6

usbguard-0.7.7

19 May 12:54
usbguard-0.7.7
6296040
Compare
Choose a tag to compare
usbguard-0.7.7 Pre-release
Pre-release

Change Log

Added

  • Added readwritepath to service file
  • Added match-all keyword to rules language
  • Added rules.d feature
    • daemon can load multiple rule files from rules.d/
  • Included with-connect-type in dbus signal

Fixed/Changed

  • Fixed sigwaitinfo handling
  • Fixed possible data corruption on stack with appendRule via dbus
  • Fixed ENOBUFS errno handling on netlink socket
    • daemon can survive and wait until socket is readable again

Removed

  • Dropped unused PIDFile from service file
  • Dropped deprecated dbus-glib dependency

Thanks

Many thanks to the following people for contributions to this release and to the USBGuard project:

  • Allen-Webb <allenwebb(at)google.com>
  • Atilla Lakatos <alakatos(at)redhat.com>
  • Birger Schacht <...>
  • Marek Tamaskovic <tamaskovic.marek(at)gmail.com>
  • Levente Polyak <levente(at)leventepolyak.net>
  • Sebastian Pipping <sebastian(at)pipping.org>
  • Tobias Mueller <muelli(at)cryptobitch.de>
  • Zoltan Fridrich <zfridric(at)redhat.com>

SHA256(usbguard-0.7.7.tar.gz) b331d7ef607a3e7a62a89120be34098f13a2e4937683f31eb8a3076cd1ca5974

usbguard-0.7.6

11 Nov 11:49
Compare
Choose a tag to compare
usbguard-0.7.6 Pre-release
Pre-release

Change Log

Added

  • Added missing options in manpage usbguard-daemon(8)
  • Extended the functionality of allow/block/reject commands
    • the command can handle rule as a param and not only its ID
    • e.g. in case of allow, command will allow each device that matches provided rule
  • Added debug info for malformed descriptors

Fixed/Changed

  • Changed default backend to uevent
  • Fixed handling of add uevents during scanning
    • now we are sure that the enumeration is completed before processing any uevent
    • we are trying to avoid a race where the kernel is still enumerating the devices
    • and send the uevent while the parent is being authorised
  • Silenced 'bind' and 'unbind' uevents

Thanks

Many thanks to the following people for contributions to this release and to the USBGuard project:

  • Allen-Webb <allenwebb(at)google.com>
  • Atilla Lakatos <alakatos(at)redhat.com>
  • Thiebaud Weksteen <tweek(at)google.com>
  • userWayneCampbell <wcampbell1995(at)gmail.com>
  • Zoltan Fridrich <zfridric(at)redhat.com>
SHA256(usbguard-0.7.6.tar.gz) 7234d5a30b964eb4cd3564d645e24c23454dca376345c96635484d4534d2f03f  ```

usbguard-0.7.5

02 Jul 07:33
Compare
Choose a tag to compare
usbguard-0.7.5 Pre-release
Pre-release

Change Log

Added

  • Added daemon configuration option HidePII
  • Added check to avoid conflict between ASAN and TSAN
  • Added daemon configuration option for authorized_default
  • Added devpath option to generate-policy
  • Added # line comments to the rule grammar
  • Added ImplicitPolicyTarget to get/set parameter methods
  • Added option to filter rules by label when listing
  • Added the label attribute to rule
  • Added PropertyParameterChanged signal
  • Added support for portX/connect_type attribute
  • Added temporary option to append-rule
  • Added versioning to DBus service
  • Added optional LDAP support

Fixed/Changed

  • Fixed invalid return value in Rule::Attribute::setSolveEqualsOrdered
  • Fixed KeyValueParser to validate keys only when known names are set
  • Fixed uninitialized variables found by coverity
  • Fixes and cleanups based on LGTM.com report
  • Hardened systemd service
  • Rename ListRules parameter 'query' to 'label'
  • Skip empty lines in usbguard-rule-parser

Removed

  • The proof-of-concept Qt applet was removed. It is going to be maintained in a simplified form as a separate project.

Thanks

Many thanks to the following people for contributions to this release and to the USBGuard project:

  • Allen-Webb <allenwebb(at)google.com>
  • Dridi Boukelmoune <dridi.boukelmoune(at)gmail.com>
  • Georges Winkenbach <gwink(at)chromium.org>
  • Mantas Mikulėnas <grawity(at)gmail.com>
  • Radovan Sroka <rsroka(at)redhat.com>
  • RyuzakiKK <aasonykk(at)gmail.com>
  • Steve Grubb <sgrubb(at)redhat.com>
  • Thiébaud Weksteen <tweek(at)google.com>
  • Topi Miettinen <toiwoton(at)gmail.com>
  • userWayneCampbell <wcampbell1995(at)gmail.com>
SHA256(usbguard-0.7.5.tar.gz)= ab98091969bf4ea68d7a950997cd7af98ddac84558aa6dfe733e8fa0a936454a

usbguard-0.7.4

12 Jul 04:45
Compare
Choose a tag to compare
usbguard-0.7.4 Pre-release
Pre-release

Change Log

Fixed/Changed

  • Fixed conditional manual page generation & installation
  • Replaced Boost library based ext/stdio_filebuf.h implementation
    with a custom FDStreamBuf implementation

Thanks

Many thanks to the following people for contributions to this release and to the USBGuard project:

  • Allen Webb <allenwebb(at)google.com>
SHA256(usbguard-0.7.4.tar.gz)= 732cc99f9b03632eb558941781c01f869bf96aad7f6976998094b3824d9b7ae2