Releases: USBGuard/usbguard
usbguard-1.1.3
What's Changed
- Fix typo in CLI --help message: "privilges" -> "privileges" by @cvubrugier in #559
- Harden service file: Set OOMScoreAdjust to -1000 by @Cropi in #563
- Specify what happens when neither RuleFile nor RuleFolder is set by @Cropi in #562
- The parent process should wait for the first child process to finish in forking mode(-f) by @Cropi in #554
- dbus: check whether the client wanted interactive authentication by @muelli in #546
- Add missing .adoc files to the tarball (alternative to #561) by @hartwork in #567
- Replace problematic terms with alternatives by @Cropi in #569
- Fix CI by fixing calls to ldap-utils by @hartwork in #573
- Describe comments in the manual page, fixes #461 by @Cropi in #572
- Store permanent rules even if RuleFile is not set but RuleFolder is. by @Cropi in #580
- Fix build for GCC 13 + make GitHub Actions cover build with GCC 13 by @hartwork in #586
- Bump GitHub Actions off deprecated actions/checkout@v2 by @hartwork in #587
- Actions(deps): Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #592
- Actions(deps): Bump actions/checkout from 3.5.3 to 4.1.1 by @dependabot in #606
- Add "--version" option to the usbguard CLI by @Cropi in #576
- ruleset: detect integer overflow of the ID and bail out by @muelli in #600
- Enable RuleFolder by default by @PureTryOut in #621
- [please do not squash when merging] Fix CI and
RuleSet::assignID
regressions by @hartwork in #628
New Contributors
- @cvubrugier made their first contribution in #559
- @dependabot made their first contribution in #592
- @PureTryOut made their first contribution in #621
Full Changelog: usbguard-1.1.2...usbguard-1.1.3
usbguard-1.1.2
What's Changed
- polkit: Always allow getParameter/listDevices/listRules in active sessions (fixes #544) by @hartwork in #545
- D-Bus: Send reply on auth failure by @hartwork in #548
- GitHub Actions: Fix Ubuntu Docker build (by migrating from 21.10 to 22.04) by @hartwork in #552
- Unreference PolkitAuthorizationResult and PolkitAuthority structs if needed by @Cropi in #551
Full Changelog: usbguard-1.1.1...usbguard-1.1.2
usbguard-1.1.1
usbguard-1.1.0
Change Log
Added
- Started building with C++17
- Tree-like list-devices output
- Added CAP_AUDIT_WRITE capability to service file
- Added support for lower OpenSSL versions prior to 1.1.0
- Added a new signal: DevicePolicyApplied
Fixed/Changed
- Moved PIDFile from /var/run to /run
- Fixed linker isssues with disable-static
- Enhanced bash-completion script
- Make username/group checking consistent with useradd manual page definition
(with addition of capital letters) - Fixed multiple IPC related bugs
- Fixed race condition when accessing port/connect_type for USB devices
- Using bundled catch v2.13.8
- Using bundled PEGTL v3.2.5
- Fixed usbguard-rule-parser file opening
- Fix unauthorized access via D-Bus [CVE-2019-25058]
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Attila Lakatos
- Zoltan Fridrich
- Sebastian Pipping
- Anu Deepthika
- and many more
SHA256(usbguard-1.1.0.tar.gz) a39104042b0c57f969c4e6580f6d80ad7066551eda966600695e644081128a2d
usbguard-1.0.0
Change Log
Added
- Added openssl support
- Starting with libtool versioning
- Added interface for IPC permission query
- Introduced partial rule concept fo CLI
- Added WithConnectType for ldap rule
Fixed/Changed
- Daemon does not apply the policy when
"change" action event appears anymore - IPCClientPrivate@disconnect is thread safe
- Enforced loading of files from .d/ direcory
in alfabetical order - Improved CLI behaviour to be consistent
- Clarified rule's label documentation
- Fixed thread copy assignment bug
- Fixed oss-fuzz build
- Improved overall documentation
- Set DevicePolicy to closed in service file
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Attila Lakatos
- Aditi Ambadkar
- Zoltan Fridrich
- Kathryn Spiers
- Allen-Webb
- muelli
- Birger Schacht
- Marek Tamaskovic
- and many more
SHA256(usbguard-1.0.0.tar.gz) 5617986cd5dd1a2d311041648a1977d836cf4e33a4121d7f82599f21496abc42
usbguard-0.7.8
Change Log
Fixed
- Fixed segfaults with rules.d feature
SHA256(usbguard-0.7.8.tar.gz) 45b0bea8a2239f7ff3c5fe0027dfa7ce4641e8996e05cb91640276876b8d85c6
usbguard-0.7.7
Change Log
Added
- Added readwritepath to service file
- Added match-all keyword to rules language
- Added rules.d feature
- daemon can load multiple rule files from rules.d/
- Included with-connect-type in dbus signal
Fixed/Changed
- Fixed sigwaitinfo handling
- Fixed possible data corruption on stack with appendRule via dbus
- Fixed ENOBUFS errno handling on netlink socket
- daemon can survive and wait until socket is readable again
Removed
- Dropped unused PIDFile from service file
- Dropped deprecated dbus-glib dependency
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Allen-Webb <allenwebb(at)google.com>
- Atilla Lakatos <alakatos(at)redhat.com>
- Birger Schacht <...>
- Marek Tamaskovic <tamaskovic.marek(at)gmail.com>
- Levente Polyak <levente(at)leventepolyak.net>
- Sebastian Pipping <sebastian(at)pipping.org>
- Tobias Mueller <muelli(at)cryptobitch.de>
- Zoltan Fridrich <zfridric(at)redhat.com>
SHA256(usbguard-0.7.7.tar.gz) b331d7ef607a3e7a62a89120be34098f13a2e4937683f31eb8a3076cd1ca5974
usbguard-0.7.6
Change Log
Added
- Added missing options in manpage usbguard-daemon(8)
- Extended the functionality of allow/block/reject commands
- the command can handle rule as a param and not only its ID
- e.g. in case of allow, command will allow each device that matches provided rule
- Added debug info for malformed descriptors
Fixed/Changed
- Changed default backend to uevent
- Fixed handling of add uevents during scanning
- now we are sure that the enumeration is completed before processing any uevent
- we are trying to avoid a race where the kernel is still enumerating the devices
- and send the uevent while the parent is being authorised
- Silenced 'bind' and 'unbind' uevents
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Allen-Webb <allenwebb(at)google.com>
- Atilla Lakatos <alakatos(at)redhat.com>
- Thiebaud Weksteen <tweek(at)google.com>
- userWayneCampbell <wcampbell1995(at)gmail.com>
- Zoltan Fridrich <zfridric(at)redhat.com>
SHA256(usbguard-0.7.6.tar.gz) 7234d5a30b964eb4cd3564d645e24c23454dca376345c96635484d4534d2f03f ```
usbguard-0.7.5
Change Log
Added
- Added daemon configuration option HidePII
- Added check to avoid conflict between ASAN and TSAN
- Added daemon configuration option for authorized_default
- Added devpath option to generate-policy
- Added # line comments to the rule grammar
- Added ImplicitPolicyTarget to get/set parameter methods
- Added option to filter rules by label when listing
- Added the label attribute to rule
- Added PropertyParameterChanged signal
- Added support for portX/connect_type attribute
- Added temporary option to append-rule
- Added versioning to DBus service
- Added optional LDAP support
Fixed/Changed
- Fixed invalid return value in Rule::Attribute::setSolveEqualsOrdered
- Fixed KeyValueParser to validate keys only when known names are set
- Fixed uninitialized variables found by coverity
- Fixes and cleanups based on LGTM.com report
- Hardened systemd service
- Rename ListRules parameter 'query' to 'label'
- Skip empty lines in usbguard-rule-parser
Removed
- The proof-of-concept Qt applet was removed. It is going to be maintained in a simplified form as a separate project.
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Allen-Webb <allenwebb(at)google.com>
- Dridi Boukelmoune <dridi.boukelmoune(at)gmail.com>
- Georges Winkenbach <gwink(at)chromium.org>
- Mantas Mikulėnas <grawity(at)gmail.com>
- Radovan Sroka <rsroka(at)redhat.com>
- RyuzakiKK <aasonykk(at)gmail.com>
- Steve Grubb <sgrubb(at)redhat.com>
- Thiébaud Weksteen <tweek(at)google.com>
- Topi Miettinen <toiwoton(at)gmail.com>
- userWayneCampbell <wcampbell1995(at)gmail.com>
SHA256(usbguard-0.7.5.tar.gz)= ab98091969bf4ea68d7a950997cd7af98ddac84558aa6dfe733e8fa0a936454a
usbguard-0.7.4
Change Log
Fixed/Changed
- Fixed conditional manual page generation & installation
- Replaced Boost library based ext/stdio_filebuf.h implementation
with a custom FDStreamBuf implementation
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Allen Webb <allenwebb(at)google.com>
SHA256(usbguard-0.7.4.tar.gz)= 732cc99f9b03632eb558941781c01f869bf96aad7f6976998094b3824d9b7ae2