Releases: USBGuard/usbguard
Releases · USBGuard/usbguard
usbguard-1.1.2
usbguard-1.1.2
This tag was signed with the committer’s verified signature.
The key has expired.
radosroka
Radovan Sroka
What's Changed
- polkit: Always allow getParameter/listDevices/listRules in active sessions (fixes #544) by @hartwork in #545
- D-Bus: Send reply on auth failure by @hartwork in #548
- GitHub Actions: Fix Ubuntu Docker build (by migrating from 21.10 to 22.04) by @hartwork in #552
- Unreference PolkitAuthorizationResult and PolkitAuthority structs if needed by @Cropi in #551
Full Changelog: usbguard-1.1.1...usbguard-1.1.2
Contributors
hartwork and Cropi
Assets 6
usbguard-1.1.1
usbguard-1.1.1
This tag was signed with the committer’s verified signature.
The key has expired.
radosroka
Radovan Sroka
Contributors
b1rger and hartwork
Assets 6
usbguard-1.1.0
usbguard-1.1.0
This tag was signed with the committer’s verified signature.
The key has expired.
radosroka
Radovan Sroka
Change Log
Added
- Started building with C++17
- Tree-like list-devices output
- Added CAP_AUDIT_WRITE capability to service file
- Added support for lower OpenSSL versions prior to 1.1.0
- Added a new signal: DevicePolicyApplied
Fixed/Changed
- Moved PIDFile from /var/run to /run
- Fixed linker isssues with disable-static
- Enhanced bash-completion script
- Make username/group checking consistent with useradd manual page definition
(with addition of capital letters) - Fixed multiple IPC related bugs
- Fixed race condition when accessing port/connect_type for USB devices
- Using bundled catch v2.13.8
- Using bundled PEGTL v3.2.5
- Fixed usbguard-rule-parser file opening
- Fix unauthorized access via D-Bus [CVE-2019-25058]
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Attila Lakatos
- Zoltan Fridrich
- Sebastian Pipping
- Anu Deepthika
- and many more
SHA256(usbguard-1.1.0.tar.gz) a39104042b0c57f969c4e6580f6d80ad7066551eda966600695e644081128a2d
usbguard-1.0.0
usbguard-1.0.0
This tag was signed with the committer’s verified signature.
The key has expired.
radosroka
Radovan Sroka
Change Log
Added
- Added openssl support
- Starting with libtool versioning
- Added interface for IPC permission query
- Introduced partial rule concept fo CLI
- Added WithConnectType for ldap rule
Fixed/Changed
- Daemon does not apply the policy when
"change" action event appears anymore - IPCClientPrivate@disconnect is thread safe
- Enforced loading of files from .d/ direcory
in alfabetical order - Improved CLI behaviour to be consistent
- Clarified rule's label documentation
- Fixed thread copy assignment bug
- Fixed oss-fuzz build
- Improved overall documentation
- Set DevicePolicy to closed in service file
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Attila Lakatos
- Aditi Ambadkar
- Zoltan Fridrich
- Kathryn Spiers
- Allen-Webb
- muelli
- Birger Schacht
- Marek Tamaskovic
- and many more
SHA256(usbguard-1.0.0.tar.gz) 5617986cd5dd1a2d311041648a1977d836cf4e33a4121d7f82599f21496abc42
usbguard-0.7.8
usbguard-0.7.8
This tag was signed with the committer’s verified signature.
The key has expired.
radosroka
Radovan Sroka
Change Log
Fixed
- Fixed segfaults with rules.d feature
SHA256(usbguard-0.7.8.tar.gz) 45b0bea8a2239f7ff3c5fe0027dfa7ce4641e8996e05cb91640276876b8d85c6
usbguard-0.7.7
usbguard-0.7.7
This tag was signed with the committer’s verified signature.
The key has expired.
radosroka
Radovan Sroka
Change Log
Added
- Added readwritepath to service file
- Added match-all keyword to rules language
- Added rules.d feature
- daemon can load multiple rule files from rules.d/
- Included with-connect-type in dbus signal
Fixed/Changed
- Fixed sigwaitinfo handling
- Fixed possible data corruption on stack with appendRule via dbus
- Fixed ENOBUFS errno handling on netlink socket
- daemon can survive and wait until socket is readable again
Removed
- Dropped unused PIDFile from service file
- Dropped deprecated dbus-glib dependency
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Allen-Webb <allenwebb(at)google.com>
- Atilla Lakatos <alakatos(at)redhat.com>
- Birger Schacht <...>
- Marek Tamaskovic <tamaskovic.marek(at)gmail.com>
- Levente Polyak <levente(at)leventepolyak.net>
- Sebastian Pipping <sebastian(at)pipping.org>
- Tobias Mueller <muelli(at)cryptobitch.de>
- Zoltan Fridrich <zfridric(at)redhat.com>
SHA256(usbguard-0.7.7.tar.gz) b331d7ef607a3e7a62a89120be34098f13a2e4937683f31eb8a3076cd1ca5974
usbguard-0.7.6
Change Log
Added
- Added missing options in manpage usbguard-daemon(8)
- Extended the functionality of allow/block/reject commands
- the command can handle rule as a param and not only its ID
- e.g. in case of allow, command will allow each device that matches provided rule
- Added debug info for malformed descriptors
Fixed/Changed
- Changed default backend to uevent
- Fixed handling of add uevents during scanning
- now we are sure that the enumeration is completed before processing any uevent
- we are trying to avoid a race where the kernel is still enumerating the devices
- and send the uevent while the parent is being authorised
- Silenced 'bind' and 'unbind' uevents
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Allen-Webb <allenwebb(at)google.com>
- Atilla Lakatos <alakatos(at)redhat.com>
- Thiebaud Weksteen <tweek(at)google.com>
- userWayneCampbell <wcampbell1995(at)gmail.com>
- Zoltan Fridrich <zfridric(at)redhat.com>
SHA256(usbguard-0.7.6.tar.gz) 7234d5a30b964eb4cd3564d645e24c23454dca376345c96635484d4534d2f03f ```
usbguard-0.7.5
Change Log
Added
- Added daemon configuration option HidePII
- Added check to avoid conflict between ASAN and TSAN
- Added daemon configuration option for authorized_default
- Added devpath option to generate-policy
- Added # line comments to the rule grammar
- Added ImplicitPolicyTarget to get/set parameter methods
- Added option to filter rules by label when listing
- Added the label attribute to rule
- Added PropertyParameterChanged signal
- Added support for portX/connect_type attribute
- Added temporary option to append-rule
- Added versioning to DBus service
- Added optional LDAP support
Fixed/Changed
- Fixed invalid return value in Rule::Attribute::setSolveEqualsOrdered
- Fixed KeyValueParser to validate keys only when known names are set
- Fixed uninitialized variables found by coverity
- Fixes and cleanups based on LGTM.com report
- Hardened systemd service
- Rename ListRules parameter 'query' to 'label'
- Skip empty lines in usbguard-rule-parser
Removed
- The proof-of-concept Qt applet was removed. It is going to be maintained in a simplified form as a separate project.
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Allen-Webb <allenwebb(at)google.com>
- Dridi Boukelmoune <dridi.boukelmoune(at)gmail.com>
- Georges Winkenbach <gwink(at)chromium.org>
- Mantas Mikulėnas <grawity(at)gmail.com>
- Radovan Sroka <rsroka(at)redhat.com>
- RyuzakiKK <aasonykk(at)gmail.com>
- Steve Grubb <sgrubb(at)redhat.com>
- Thiébaud Weksteen <tweek(at)google.com>
- Topi Miettinen <toiwoton(at)gmail.com>
- userWayneCampbell <wcampbell1995(at)gmail.com>
SHA256(usbguard-0.7.5.tar.gz)= ab98091969bf4ea68d7a950997cd7af98ddac84558aa6dfe733e8fa0a936454a
usbguard-0.7.4
Change Log
Fixed/Changed
- Fixed conditional manual page generation & installation
- Replaced Boost library based ext/stdio_filebuf.h implementation
with a custom FDStreamBuf implementation
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Allen Webb <allenwebb(at)google.com>
SHA256(usbguard-0.7.4.tar.gz)= 732cc99f9b03632eb558941781c01f869bf96aad7f6976998094b3824d9b7ae2
usbguard-0.7.3
Change Log
Changed
- usbguard-daemon will now exit with an error if it fails to open
a logging file or audit event file. - Updated PEGTL submodule and dropped support for older PEGTL API
- Modified the present device enumeration algorithm to be more
reliable. Enumeration timeouts won't cause usbguard-daemon process
to exit anymore. - Manual pages are now generated using asciidoc (a2x) instead of
asciidoctor. - Generation and installation of manual pages is now optional.
- Fixed several bugs D-Bus interface XML specification
Added
- umockdev based device manager capable of simulating devices based
on umockdev-record files. - Boost libraries can be used as ext/stdio_filebuf.h header file source.
Removed
- Removed DummyDevices.tar.xz tarball that was supposed to be used for
testing.
Thanks
Many thanks to the following people for contributions to this release and to the USBGuard project:
- Allen Webb <allenwebb(at)google.com>
- Bas van Schaik <gihub(at)s.traiectum.net>
- michaeladler <therisen06(at)googlemail.com>
- rsclarke <rsclrk(at)pm.me>
SHA256(usbguard-0.7.3.tar.gz)= ec1dbf72fd9622c1556055080d6fdb522d8c22c7b7ab8ef591b45004d5de87a9