diff --git a/0001-Update-to-latest-PEGTL-API.patch b/0001-Update-to-latest-PEGTL-API.patch deleted file mode 100644 index 1ebfd1e..0000000 --- a/0001-Update-to-latest-PEGTL-API.patch +++ /dev/null @@ -1,567 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index a135e01..f565b87 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -290,54 +290,28 @@ AC_SUBST([catch_LIBS]) - # - AC_ARG_WITH([bundled-pegtl], AS_HELP_STRING([--with-bundled-pegtl], [Build using the bundled PEGTL library]), [with_bundled_pegtl=$withval], [with_bundled_pegtl=no]) - if test "x$with_bundled_pegtl" = xyes; then -- pegtl_CFLAGS="-I\$(top_srcdir)/src/ThirdParty/PEGTL" -- pegtl_AC_CFLAGS="-I$srcdir/src/ThirdParty/PEGTL" -+ pegtl_CFLAGS="-I\$(top_srcdir)/src/ThirdParty/PEGTL/include" -+ pegtl_AC_CFLAGS="-I$srcdir/src/ThirdParty/PEGTL/include" - pegtl_LIBS="" - AC_MSG_NOTICE([Using bundled PEGTL library]) - pegtl_summary="bundled; $pegtl_CFLAGS $pegtl_LIBS" - else -- SAVE_CPPFLAGS=$CPPFLAGS -- CPPFLAGS="-std=c++11 $CPPFLAGS" -- AC_LANG_PUSH([C++]) -- AC_CHECK_HEADER([pegtl.hh], [], [AC_MSG_FAILURE(pegtl.hh not found or not usable. Re-run with --with-bundled-pegtl to use the bundled library.)]) -- AC_LANG_POP - pegtl_CFLAGS="" - pegtl_AC_CFLAGS="" - pegtl_LIBS="" -- CPPFLAGS=$SAVE_CPPFLAGS - pegtl_summary="system-wide; $pegtl_CFLAGS $pegtl_LIBS" - fi - AC_SUBST([pegtl_CFLAGS]) - AC_SUBST([pegtl_AC_CFLAGS]) - AC_SUBST([pegtl_LIBS]) - --# --# Check whether the available PEGTL library is compatible --# with version 1.3.1 or older. --# - SAVE_CPPFLAGS=$CPPFLAGS --CPPFLAGS="-std=c++11 $pegtl_AC_CFLAGS" -+CPPFLAGS="-std=c++11 $CPPFLAGS $pegtl_AC_CFLAGS" - AC_LANG_PUSH([C++]) --AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ --#include --#include --int main(void) --{ -- struct grammar -- : pegtl::one<'g'> {}; -- try { -- pegtl::parse_string(std::string(), std::string()); -- } catch(const pegtl::parse_error& ex) { -- auto b = ex.positions[0].byte_in_line; -- } -- return 0; --} --]])], --[have_pegtl_lte_131=no], [have_pegtl_lte_131=yes]) -+AC_CHECK_HEADER([tao/pegtl.hpp], -+ [AC_DEFINE([HAVE_TAO_PEGTL_HPP], [1], [PEGTL header file with .hpp extension is present])], -+ [AC_MSG_FAILURE(PEGTL header file not found or not usable. Re-run with --with-bundled-pegtl to use the bundled library.)]) - AC_LANG_POP --if test "x$have_pegtl_lte_131" = xyes; then -- AC_DEFINE([HAVE_PEGTL_LTE_1_3_1], [1], [PEGTL version less than or equal to 1.3.1]) --fi - CPPFLAGS=$SAVE_CPPFLAGS - - # -diff --git a/src/Library/RuleParser/Actions.hpp b/src/Library/RuleParser/Actions.hpp -index 3e185f4..2b21bd2 100644 ---- a/src/Library/RuleParser/Actions.hpp -+++ b/src/Library/RuleParser/Actions.hpp -@@ -24,7 +24,7 @@ - #include "Utility.hpp" - #include "Common/Utility.hpp" - --#include -+#include - - namespace usbguard - { -@@ -47,7 +47,7 @@ namespace usbguard - struct str_if; - - template -- struct rule_parser_actions : pegtl::nothing {}; -+ struct rule_parser_actions : tao::pegtl::nothing {}; - - template<> - struct rule_parser_actions { -@@ -58,7 +58,7 @@ namespace usbguard - rule.setTarget(Rule::targetFromString(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -75,7 +75,7 @@ namespace usbguard - rule.setDeviceID(device_id); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -87,7 +87,7 @@ namespace usbguard - } - - template -- struct name_actions : pegtl::nothing {}; -+ struct name_actions : tao::pegtl::nothing {}; - - template<> - struct name_actions { -@@ -95,7 +95,7 @@ namespace usbguard - static void apply(const Input& in, Rule& rule) - { - if (!rule.attributeName().empty()) { -- throw pegtl::parse_error("name attribute already defined", in); -+ throw tao::pegtl::parse_error("name attribute already defined", in); - } - } - }; -@@ -109,7 +109,7 @@ namespace usbguard - rule.attributeName().append(stringValueFromRule(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -123,13 +123,13 @@ namespace usbguard - rule.attributeName().setSetOperator(Rule::setOperatorFromString(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; - - template -- struct id_actions : pegtl::nothing {}; -+ struct id_actions : tao::pegtl::nothing {}; - - template<> - struct id_actions { -@@ -137,7 +137,7 @@ namespace usbguard - static void apply(const Input& in, Rule& rule) - { - if (!rule.attributeDeviceID().empty()) { -- throw pegtl::parse_error("id attribute already defined", in); -+ throw tao::pegtl::parse_error("id attribute already defined", in); - } - } - }; -@@ -154,7 +154,7 @@ namespace usbguard - rule.attributeDeviceID().append(device_id); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -168,13 +168,13 @@ namespace usbguard - rule.attributeDeviceID().setSetOperator(Rule::setOperatorFromString(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; - - template -- struct hash_actions : pegtl::nothing {}; -+ struct hash_actions : tao::pegtl::nothing {}; - - template<> - struct hash_actions { -@@ -182,7 +182,7 @@ namespace usbguard - static void apply(const Input& in, Rule& rule) - { - if (!rule.attributeHash().empty()) { -- throw pegtl::parse_error("hash attribute already defined", in); -+ throw tao::pegtl::parse_error("hash attribute already defined", in); - } - } - }; -@@ -196,7 +196,7 @@ namespace usbguard - rule.attributeHash().append(stringValueFromRule(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -210,13 +210,13 @@ namespace usbguard - rule.attributeHash().setSetOperator(Rule::setOperatorFromString(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; - - template -- struct parent_hash_actions : pegtl::nothing {}; -+ struct parent_hash_actions : tao::pegtl::nothing {}; - - template<> - struct parent_hash_actions { -@@ -224,7 +224,7 @@ namespace usbguard - static void apply(const Input& in, Rule& rule) - { - if (!rule.attributeParentHash().empty()) { -- throw pegtl::parse_error("parent-hash attribute already defined", in); -+ throw tao::pegtl::parse_error("parent-hash attribute already defined", in); - } - } - }; -@@ -238,7 +238,7 @@ namespace usbguard - rule.attributeParentHash().append(stringValueFromRule(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -252,13 +252,13 @@ namespace usbguard - rule.attributeParentHash().setSetOperator(Rule::setOperatorFromString(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; - - template -- struct serial_actions : pegtl::nothing {}; -+ struct serial_actions : tao::pegtl::nothing {}; - - template<> - struct serial_actions { -@@ -266,7 +266,7 @@ namespace usbguard - static void apply(const Input& in, Rule& rule) - { - if (!rule.attributeSerial().empty()) { -- throw pegtl::parse_error("serial attribute already defined", in); -+ throw tao::pegtl::parse_error("serial attribute already defined", in); - } - } - }; -@@ -280,7 +280,7 @@ namespace usbguard - rule.attributeSerial().append(stringValueFromRule(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -294,13 +294,13 @@ namespace usbguard - rule.attributeSerial().setSetOperator(Rule::setOperatorFromString(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; - - template -- struct via_port_actions : pegtl::nothing {}; -+ struct via_port_actions : tao::pegtl::nothing {}; - - template<> - struct via_port_actions { -@@ -308,7 +308,7 @@ namespace usbguard - static void apply(const Input& in, Rule& rule) - { - if (!rule.attributeViaPort().empty()) { -- throw pegtl::parse_error("via-port attribute already defined", in); -+ throw tao::pegtl::parse_error("via-port attribute already defined", in); - } - } - }; -@@ -322,7 +322,7 @@ namespace usbguard - rule.attributeViaPort().append(stringValueFromRule(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -336,13 +336,13 @@ namespace usbguard - rule.attributeViaPort().setSetOperator(Rule::setOperatorFromString(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; - - template -- struct with_interface_actions : pegtl::nothing {}; -+ struct with_interface_actions : tao::pegtl::nothing {}; - - template<> - struct with_interface_actions { -@@ -350,7 +350,7 @@ namespace usbguard - static void apply(const Input& in, Rule& rule) - { - if (!rule.attributeWithInterface().empty()) { -- throw pegtl::parse_error("with-interface attribute already defined", in); -+ throw tao::pegtl::parse_error("with-interface attribute already defined", in); - } - } - }; -@@ -365,7 +365,7 @@ namespace usbguard - rule.attributeWithInterface().append(interface_type); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -379,13 +379,13 @@ namespace usbguard - rule.attributeWithInterface().setSetOperator(Rule::setOperatorFromString(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; - - template -- struct condition_actions : pegtl::nothing {}; -+ struct condition_actions : tao::pegtl::nothing {}; - - template<> - struct condition_actions { -@@ -393,7 +393,7 @@ namespace usbguard - static void apply(const Input& in, Rule& rule) - { - if (!rule.attributeConditions().empty()) { -- throw pegtl::parse_error("conditions already defined", in); -+ throw tao::pegtl::parse_error("conditions already defined", in); - } - } - }; -@@ -407,7 +407,7 @@ namespace usbguard - rule.attributeConditions().append(RuleCondition(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -@@ -421,7 +421,7 @@ namespace usbguard - rule.attributeConditions().setSetOperator(Rule::setOperatorFromString(in.string())); - } - catch (const std::exception& ex) { -- throw pegtl::parse_error(ex.what(), in); -+ throw tao::pegtl::parse_error(ex.what(), in); - } - } - }; -diff --git a/src/Library/RuleParser/Grammar.hpp b/src/Library/RuleParser/Grammar.hpp -index 9bd4a15..4d785c0 100644 ---- a/src/Library/RuleParser/Grammar.hpp -+++ b/src/Library/RuleParser/Grammar.hpp -@@ -22,37 +22,37 @@ - #endif - - #include "Actions.hpp" --#include - --using namespace pegtl; -+#include - - namespace usbguard - { - namespace RuleParser - { -+ using namespace tao::pegtl; - /* - * Rule language keywords - */ -- struct str_allow : pegtl_string_t("allow") {}; -- struct str_block : pegtl_string_t("block") {}; -- struct str_reject : pegtl_string_t("reject") {}; -- struct str_match : pegtl_string_t("match") {}; -- struct str_device : pegtl_string_t("device") {}; -- -- struct str_name : pegtl_string_t("name") {}; -- struct str_hash : pegtl_string_t("hash") {}; -- struct str_parent_hash : pegtl_string_t("parent-hash") {}; -- struct str_via_port : pegtl_string_t("via-port") {}; -- struct str_with_interface : pegtl_string_t("with-interface") {}; -- struct str_serial : pegtl_string_t("serial") {}; -- struct str_if : pegtl_string_t("if") {}; -- struct str_id : pegtl_string_t("id") {}; -- -- struct str_all_of : pegtl_string_t("all-of") {}; -- struct str_one_of : pegtl_string_t("one-of") {}; -- struct str_none_of : pegtl_string_t("none-of") {}; -- struct str_equals : pegtl_string_t("equals") {}; -- struct str_equals_ordered : pegtl_string_t("equals-ordered") {}; -+ struct str_allow : TAOCPP_PEGTL_STRING("allow") {}; -+ struct str_block : TAOCPP_PEGTL_STRING("block") {}; -+ struct str_reject : TAOCPP_PEGTL_STRING("reject") {}; -+ struct str_match : TAOCPP_PEGTL_STRING("match") {}; -+ struct str_device : TAOCPP_PEGTL_STRING("device") {}; -+ -+ struct str_name : TAOCPP_PEGTL_STRING("name") {}; -+ struct str_hash : TAOCPP_PEGTL_STRING("hash") {}; -+ struct str_parent_hash : TAOCPP_PEGTL_STRING("parent-hash") {}; -+ struct str_via_port : TAOCPP_PEGTL_STRING("via-port") {}; -+ struct str_with_interface : TAOCPP_PEGTL_STRING("with-interface") {}; -+ struct str_serial : TAOCPP_PEGTL_STRING("serial") {}; -+ struct str_if : TAOCPP_PEGTL_STRING("if") {}; -+ struct str_id : TAOCPP_PEGTL_STRING("id") {}; -+ -+ struct str_all_of : TAOCPP_PEGTL_STRING("all-of") {}; -+ struct str_one_of : TAOCPP_PEGTL_STRING("one-of") {}; -+ struct str_none_of : TAOCPP_PEGTL_STRING("none-of") {}; -+ struct str_equals : TAOCPP_PEGTL_STRING("equals") {}; -+ struct str_equals_ordered : TAOCPP_PEGTL_STRING("equals-ordered") {}; - - /* - * Generic rule attribute -diff --git a/src/Library/UEventParser.cpp b/src/Library/UEventParser.cpp -index 2e0ce39..aebe948 100644 ---- a/src/Library/UEventParser.cpp -+++ b/src/Library/UEventParser.cpp -@@ -27,7 +27,9 @@ - #include "usbguard/Logger.hpp" - - #include --#include -+ -+#include -+using namespace tao; - - namespace usbguard - { -@@ -114,25 +116,14 @@ namespace usbguard - void parseUEventFromString(const std::string& uevent_string, UEvent& uevent, bool trace) - { - try { --#if HAVE_PEGTL_LTE_1_3_1 -+ tao::pegtl::string_input<> in(uevent_string, std::string()); - - if (!trace) { -- pegtl::parse(uevent_string, std::string(), uevent); -+ tao::pegtl::parse(in, uevent); - } - else { -- pegtl::parse(uevent_string, std::string(), uevent); -- } -- --#else -- -- if (!trace) { -- pegtl::parse_string(uevent_string, std::string(), uevent); -+ tao::pegtl::parse(in, uevent); - } -- else { -- pegtl::parse_string(uevent_string, std::string(), uevent); -- } -- --#endif - } - catch (...) { - throw; -diff --git a/src/Library/UEventParser.hpp b/src/Library/UEventParser.hpp -index 856d5ff..4261bd5 100644 ---- a/src/Library/UEventParser.hpp -+++ b/src/Library/UEventParser.hpp -@@ -23,9 +23,7 @@ - - #include "usbguard/Typedefs.hpp" - --#include -- --using namespace pegtl; -+#include - - namespace usbguard - { -@@ -33,6 +31,8 @@ namespace usbguard - - namespace UEventParser - { -+ using namespace tao::pegtl; -+ - struct value - : seq, star>> {}; - -diff --git a/src/Library/public/usbguard/RuleParser.cpp b/src/Library/public/usbguard/RuleParser.cpp -index 4061e01..140bf14 100644 ---- a/src/Library/public/usbguard/RuleParser.cpp -+++ b/src/Library/public/usbguard/RuleParser.cpp -@@ -34,7 +34,7 @@ - #include - #include - --#include -+#include - - namespace usbguard - { -@@ -42,35 +42,21 @@ namespace usbguard - { - try { - Rule rule; --#if HAVE_PEGTL_LTE_1_3_1 -+ tao::pegtl::string_input<> input(rule_spec, file); - - if (!trace) { -- pegtl::parse(rule_spec, file, rule); -+ tao::pegtl::parse(input, rule); - } - else { -- pegtl::parse(rule_spec, file, rule); -+ tao::pegtl::parse(input, rule); - } - --#else -- -- if (!trace) { -- pegtl::parse_string(rule_spec, file, rule); -- } -- else { -- pegtl::parse_string(rule_spec, file, rule); -- } -- --#endif - return rule; - } -- catch (const pegtl::parse_error& ex) { -+ catch (const tao::pegtl::parse_error& ex) { - RuleParserError error(rule_spec); - error.setHint(ex.what()); --#if HAVE_PEGTL_LTE_1_3_1 -- error.setOffset(ex.positions[0].column); --#else - error.setOffset(ex.positions[0].byte_in_line); --#endif - - if (!file.empty() || line != 0) { - error.setFileInfo(file, line); --- -2.13.6 - diff --git a/CVE-2019-25058-1.patch b/CVE-2019-25058-1.patch deleted file mode 100644 index 69b7e65..0000000 --- a/CVE-2019-25058-1.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0db713da6c44426902961b023a925563f40b6ec7 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Sun, 6 Feb 2022 01:15:26 +0100 -Subject: [PATCH] dbus: Replace unsupported "auth_self_keep_session" by - "auth_self_keep" - ---- - src/DBus/org.usbguard.policy | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/DBus/org.usbguard.policy b/src/DBus/org.usbguard.policy -index ce842393..f1bed538 100644 ---- a/src/DBus/org.usbguard.policy -+++ b/src/DBus/org.usbguard.policy -@@ -11,7 +11,7 @@ - Prevents from listing the USBGuard policy - - no -- auth_self_keep_session -+ auth_self_keep - - - -@@ -38,7 +38,7 @@ - Prevents from listing USB devices recognized by the USBGuard daemon - - no -- auth_self_keep_session -+ auth_self_keep - - - diff --git a/CVE-2019-25058-2.patch b/CVE-2019-25058-2.patch deleted file mode 100644 index a7f9422..0000000 --- a/CVE-2019-25058-2.patch +++ /dev/null @@ -1,49 +0,0 @@ -From d2839e8f6f9096c889c4fbd09b08dc6deff5eab2 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Sat, 5 Feb 2022 21:40:17 +0100 -Subject: [PATCH] dbus: Drop policies of removed D-Bus methods - ---- - src/DBus/org.usbguard.policy | 27 --------------------------- - 1 file changed, 27 deletions(-) - -diff --git a/src/DBus/org.usbguard.policy b/src/DBus/org.usbguard.policy -index 7704583..b89c96e 100644 ---- a/src/DBus/org.usbguard.policy -+++ b/src/DBus/org.usbguard.policy -@@ -41,32 +41,5 @@ - auth_self_keep - - -- -- -- Authorize a USB device via the USBGuard daemon to interact with the system -- Prevents from authorizing USB devices via the USBGuard daemon -- -- no -- auth_admin -- -- -- -- -- Deauthorize a USB device via the USBGuard daemon -- Prevents from deauthorizing USB devices via the USBGuard daemon -- -- no -- auth_admin -- -- -- -- -- Remove a USB device via the USBGuard daemon -- Prevents from removing USB devices via the USBGuard daemon -- -- no -- auth_admin -- -- - - --- -2.23.0 - diff --git a/CVE-2019-25058-3.patch b/CVE-2019-25058-3.patch deleted file mode 100644 index f07f88c..0000000 --- a/CVE-2019-25058-3.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d8a1b1ff967864a6cd8531c57e027c903ee31c23 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Sun, 6 Feb 2022 01:17:15 +0100 -Subject: [PATCH] dbus: Improve language in tags - ---- - src/DBus/org.usbguard.policy | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/DBus/org.usbguard.policy b/src/DBus/org.usbguard.policy -index b89c96e..28206bd 100644 ---- a/src/DBus/org.usbguard.policy -+++ b/src/DBus/org.usbguard.policy -@@ -8,7 +8,7 @@ - - - List the rule set (policy) used by the USBGuard daemon -- Prevents from listing the USBGuard policy -+ Prevents listing the USBGuard policy - - no - auth_self_keep -@@ -17,7 +17,7 @@ - - - Append a new rule to the policy -- Prevents from appending rules to the USBGuard policy -+ Prevents appending rules to the USBGuard policy - - no - auth_admin -@@ -35,7 +35,7 @@ - - - List all USB devices recognized by the USBGuard deaemon -- Prevents from listing USB devices recognized by the USBGuard daemon -+ Prevents listing USB devices recognized by the USBGuard daemon - - no - auth_self_keep --- -2.23.0 - diff --git a/CVE-2019-25058-4.patch b/CVE-2019-25058-4.patch deleted file mode 100644 index 39a8082..0000000 --- a/CVE-2019-25058-4.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 17f04c6088c1b05618db99733ff8152e43206004 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Sun, 6 Feb 2022 00:00:11 +0100 -Subject: [PATCH] dbus: Fix whitespace in file "org.usbguard1.policy" - ---- - src/DBus/org.usbguard.policy | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/DBus/org.usbguard.policy b/src/DBus/org.usbguard.policy -index ff504b54..75119606 100644 ---- a/src/DBus/org.usbguard.policy -+++ b/src/DBus/org.usbguard.policy -@@ -1,7 +1,7 @@ - - -- -+ - - The USBGuard Project - https://github.org/USBGuard/usbguard diff --git a/CVE-2019-25058-5.patch b/CVE-2019-25058-5.patch deleted file mode 100644 index 86810d7..0000000 --- a/CVE-2019-25058-5.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 23c44b90ff9a49eb6bc91210b6668519ad421865 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Sun, 6 Feb 2022 01:19:08 +0100 -Subject: [PATCH] dbus: Add missing action policies - ---- - src/DBus/org.usbguard.policy | 27 +++++++++++++++++++++++++++ - 1 file changed, 27 insertions(+) - -diff --git a/src/DBus/org.usbguard.policy b/src/DBus/org.usbguard.policy -index e326c5a..4fc33c5 100644 ---- a/src/DBus/org.usbguard.policy -+++ b/src/DBus/org.usbguard.policy -@@ -33,6 +33,15 @@ - - - -+ Apply a policy to a device in USBGuard -+ Prevents applying a policy to a device in USBGuard -+ -+ no -+ auth_admin -+ -+ -+ - - List all USB devices recognized by the USBGuard deaemon - Prevents listing USB devices recognized by the USBGuard daemon -@@ -41,5 +50,23 @@ - auth_self_keep - - -+ -+ -+ Get the value of a runtime parameter -+ Prevents getting values of runtime USBGuard parameters -+ -+ no -+ auth_self_keep -+ -+ -+ -+ -+ Set the value of a runtime parameter -+ Prevents setting values of runtime USBGuard parameters -+ -+ no -+ auth_admin -+ -+ - - --- -2.23.0 - diff --git a/CVE-2019-25058-6.patch b/CVE-2019-25058-6.patch deleted file mode 100644 index 038870f..0000000 --- a/CVE-2019-25058-6.patch +++ /dev/null @@ -1,84 +0,0 @@ -From d3e7d6609a8e63c21e85abf135d237a3bdd30913 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Tue, 8 Feb 2022 16:13:48 +0100 -Subject: [PATCH] polkit.yml: Make GitHub Actions detect Polkit policy parse - error regressions - ---- - .github/workflows/polkit.yml | 67 ++++++++++++++++++++++++++++++++++++ - 1 file changed, 67 insertions(+) - create mode 100644 .github/workflows/polkit.yml - -diff --git a/.github/workflows/polkit.yml b/.github/workflows/polkit.yml -new file mode 100644 -index 00000000..fc4b4fe3 ---- /dev/null -+++ b/.github/workflows/polkit.yml -@@ -0,0 +1,67 @@ -+## -+## Copyright (c) 2022 Sebastian Pipping -+## -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+## -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+## -+## You should have received a copy of the GNU General Public License -+## along with this program. If not, see . -+ -+name: Check for Polkit policy parse errors -+ -+on: -+ push: -+ pull_request: -+ -+jobs: -+ polkit_policies: -+ -+ name: Check for Polkit policy parse errors -+ runs-on: ubuntu-20.04 -+ -+ steps: -+ - uses: actions/checkout@v2 -+ -+ - name: Install runtime dependencies -+ run: | -+ set -x -+ sudo apt-get update -+ sudo apt-get install --no-install-recommends --yes -V expat -+ -+ - name: Check for Polkit policy parse errors -+ run: | -+ # This will work around pkaction exiting with unjustified(?) -+ # code 1 on Ubuntu 20.04 -+ check_polkit_action() { pkaction -v -a "$1" | tee /dev/stderr | fgrep -q 'implicit any' ; } -+ -+ set -x -+ actions=( -+ org.usbguard.Devices.listDevices -+ org.usbguard.Devices.applyDevicePolicy -+ org.usbguard.Policy.appendRule -+ org.usbguard.Policy.listRules -+ org.usbguard.Policy.removeRule -+ org.usbguard.getParameter -+ org.usbguard.setParameter -+ ) -+ -+ # Self-test: Assert that prior to installation, our Polkit "actions" -+ # are unknown to PolKit. -+ ! check_polkit_action "${actions[0]}" -+ -+ # Install the policy so that polkin can find it -+ xmlwf src/DBus/org.usbguard.policy -+ sudo cp -v src/DBus/org.usbguard.policy /usr/share/polkit-1/actions/ -+ -+ # Assert that after installation, all of our Polkit "actions" are known. -+ # This detects parse error regressions. -+ for action in "${actions[@]}"; do -+ check_polkit_action "${action}" -+ done diff --git a/CVE-2019-25058-7.patch b/CVE-2019-25058-7.patch deleted file mode 100644 index db04462..0000000 --- a/CVE-2019-25058-7.patch +++ /dev/null @@ -1,250 +0,0 @@ -From df5f01c6ed0c20d269f7239901d21883cc871bbb Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Wed, 9 Feb 2022 02:10:40 +0100 -Subject: [PATCH] dbus: Add missing checks for authorization using Polkit - ---- - configure.ac | 2 +- - src/DBus/DBusBridge.cpp | 137 ++++++++++++++++++++++++++++++++++++++++ - src/DBus/DBusBridge.hpp | 2 + - 3 files changed, 140 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index f565b87..a45174a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -405,7 +405,7 @@ if test "x$with_dbus" = xyes; then - # - # Check for required D-Bus modules - # -- PKG_CHECK_MODULES([dbus], [dbus-1 dbus-glib-1 >= 0.100 gio-2.0], -+ PKG_CHECK_MODULES([dbus], [dbus-1 gio-2.0 polkit-gobject-1], - [AC_DEFINE([HAVE_DBUS], [1], [Required GLib DBus API available]) - dbus_summary="system-wide; $dbus_CFLAGS $dbus_LIBS"], - [AC_MSG_FAILURE([Required D-Bus modules (dbus-1, dbus-glib-1, gio-2.0) not found!])] -diff --git a/src/DBus/DBusBridge.cpp b/src/DBus/DBusBridge.cpp -index f9209f7..696d906 100644 ---- a/src/DBus/DBusBridge.cpp -+++ b/src/DBus/DBusBridge.cpp -@@ -15,12 +15,14 @@ - // along with this program. If not, see . - // - // Authors: Daniel Kopecek -+// Authors: Sebastian Pipping - // - #ifdef HAVE_BUILD_CONFIG_H - #include - #endif - - #include "DBusBridge.hpp" -+#include - - namespace usbguard - { -@@ -78,6 +80,10 @@ namespace usbguard - void DBusBridge::handleRootMethodCall(const std::string& method_name, GVariant* parameters, GDBusMethodInvocation* invocation) - { - if (method_name == "getParameter") { -+ if (! isAuthorizedByPolkit(invocation)) { -+ return; -+ } -+ - const char* name_cstr = nullptr; - g_variant_get(parameters, "(&s)", &name_cstr); - std::string name(name_cstr); -@@ -87,6 +93,10 @@ namespace usbguard - } - - if (method_name == "setParameter") { -+ if (! isAuthorizedByPolkit(invocation)) { -+ return; -+ } -+ - const char* name_cstr = nullptr; - const char* value_cstr = nullptr; - g_variant_get(parameters, "(&s&s)", &name_cstr, &value_cstr); -@@ -105,6 +115,10 @@ namespace usbguard - void DBusBridge::handlePolicyMethodCall(const std::string& method_name, GVariant* parameters, GDBusMethodInvocation* invocation) - { - if (method_name == "listRules") { -+ if (! isAuthorizedByPolkit(invocation)) { -+ return; -+ } -+ - const char* query_cstr = nullptr; - g_variant_get(parameters, "(&s)", &query_cstr); - std::string query(query_cstr); -@@ -138,6 +152,10 @@ namespace usbguard - } - - if (method_name == "appendRule") { -+ if (! isAuthorizedByPolkit(invocation)) { -+ return; -+ } -+ - const char* rule_spec_cstr = nullptr; - uint32_t parent_id = 0; - g_variant_get(parameters, "(&su)", &rule_spec_cstr, &parent_id); -@@ -148,6 +166,10 @@ namespace usbguard - } - - if (method_name == "removeRule") { -+ if (! isAuthorizedByPolkit(invocation)) { -+ return; -+ } -+ - uint32_t rule_id = 0; - g_variant_get(parameters, "(u)", &rule_id); - removeRule(rule_id); -@@ -164,6 +186,10 @@ namespace usbguard - GDBusMethodInvocation* invocation) - { - if (method_name == "listDevices") { -+ if (! isAuthorizedByPolkit(invocation)) { -+ return; -+ } -+ - const char* query_cstr = nullptr; - g_variant_get(parameters, "(&s)", &query_cstr); - std::string query(query_cstr); -@@ -196,6 +222,10 @@ namespace usbguard - } - - if (method_name == "applyDevicePolicy") { -+ if (! isAuthorizedByPolkit(invocation)) { -+ return; -+ } -+ - uint32_t device_id = 0; - uint32_t target_integer = 0; - gboolean permanent = false; -@@ -327,6 +357,113 @@ namespace usbguard - with_interface_string.c_str()); - return builder; - } -+ -+ std::string DBusBridge::formatGError(GError* error) -+ { -+ if (error) { -+ std::stringstream formatGError; -+ formatGError << error->message << " (code " << error->code << ")"; -+ return formatGError.str(); -+ } -+ else { -+ return "unknown error"; -+ } -+ } -+ -+ bool DBusBridge::isAuthorizedByPolkit(GDBusMethodInvocation* invocation) -+ { -+ GError* error = NULL; -+ USBGUARD_LOG(Trace) << "Extracting bus name..."; -+ const gchar* const /*no-free!*/ bus_name = g_dbus_method_invocation_get_sender (invocation); -+ -+ if (! bus_name) { -+ USBGUARD_LOG(Trace) << "Failed to extract bus name."; -+ return false; -+ } -+ -+ USBGUARD_LOG(Trace) << "Extracted bus name \"" << bus_name << "\"."; -+ USBGUARD_LOG(Trace) << "Extracting interface name..."; -+ const gchar* const /*no-free!*/ interfaceName = g_dbus_method_invocation_get_interface_name(invocation); -+ -+ if (! interfaceName) { -+ USBGUARD_LOG(Trace) << "Failed to extract interface name."; -+ return false; -+ } -+ -+ USBGUARD_LOG(Trace) << "Extracted interface name \"" << interfaceName << "\"."; -+ USBGUARD_LOG(Trace) << "Extracting method name..."; -+ const gchar* const /*no-free!*/ methodName = g_dbus_method_invocation_get_method_name(invocation); -+ -+ if (! methodName) { -+ USBGUARD_LOG(Trace) << "Failed to extract method name."; -+ return false; -+ } -+ -+ std::stringstream action_id; -+ action_id << interfaceName << "." << methodName; -+ USBGUARD_LOG(Trace) << "Extracted method name \"" << methodName << "\"."; -+ USBGUARD_LOG(Trace) << "Creating a system bus Polkit subject..."; -+ PolkitSubject* const subject = polkit_system_bus_name_new(bus_name); -+ -+ if (! subject) { -+ USBGUARD_LOG(Trace) << "Failed to create Polkit subject."; -+ return false; -+ } -+ -+ USBGUARD_LOG(Trace) << "Created."; -+ USBGUARD_LOG(Trace) << "Connecting with Polkit authority..."; -+ PolkitAuthority* const authority = polkit_authority_get_sync(/*cancellable=*/ NULL, &error); -+ -+ if (! authority || error) { -+ USBGUARD_LOG(Trace) << "Failed to connect to Polkit authority: " << formatGError(error) << "."; -+ g_error_free(error); -+ g_object_unref(authority); -+ g_object_unref(subject); -+ return false; -+ } -+ -+ USBGUARD_LOG(Trace) << "Connected."; -+ USBGUARD_LOG(Trace) << "Customizing Polkit authentification dialog..."; -+ PolkitDetails* const details = polkit_details_new(); -+ -+ if (! details) { -+ USBGUARD_LOG(Trace) << "Failed to customize the Polkit authentification dialog."; -+ g_object_unref(authority); -+ g_object_unref(subject); -+ return false; -+ } -+ -+ polkit_details_insert (details, "polkit.message", "This USBGuard action needs authorization"); -+ USBGUARD_LOG(Trace) << "Customized."; -+ USBGUARD_LOG(Trace) << "Checking authorization of action \"" << action_id.str() << "\" with Polkit ..."; -+ const PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION; -+ PolkitAuthorizationResult* const result = polkit_authority_check_authorization_sync -+ (authority, -+ subject, -+ action_id.str().c_str(), -+ details, -+ flags, -+ /*cancellable=*/ NULL, -+ &error); -+ -+ if (! result || error) { -+ USBGUARD_LOG(Trace) << "Failed to check back with Polkit for authoriation: " << formatGError(error) << "."; -+ g_error_free(error); -+ g_object_unref(result); -+ g_object_unref(details); -+ g_object_unref(authority); -+ g_object_unref(subject); -+ return false; -+ } -+ -+ gboolean isAuthorized = polkit_authorization_result_get_is_authorized(result); -+ USBGUARD_LOG(Trace) << (isAuthorized ? "Authorized" : "Not authorized") << "."; -+ g_object_unref(result); -+ g_object_unref(details); -+ g_object_unref(authority); -+ g_object_unref(subject); -+ return isAuthorized; -+ } - } /* namespace usbguard */ - - /* vim: set ts=2 sw=2 et */ -diff --git a/src/DBus/DBusBridge.hpp b/src/DBus/DBusBridge.hpp -index bb9d96a..838ab34 100644 ---- a/src/DBus/DBusBridge.hpp -+++ b/src/DBus/DBusBridge.hpp -@@ -71,6 +71,8 @@ namespace usbguard - bool rule_match, - uint32_t rule_id); - -+ static std::string formatGError(GError* error); -+ static bool isAuthorizedByPolkit(GDBusMethodInvocation* invocation); - - GDBusConnection* const p_gdbus_connection; - void(*p_ipc_callback)(bool); --- -2.23.0 - diff --git a/policykit-dbus-chat-selinux.patch b/policykit-dbus-chat-selinux.patch new file mode 100644 index 0000000..8f0200e --- /dev/null +++ b/policykit-dbus-chat-selinux.patch @@ -0,0 +1,22 @@ +diff -up ./usbguard-selinux-0.0.4/usbguard.te.policykit ./usbguard-selinux-0.0.4/usbguard.te +--- ./usbguard-selinux-0.0.4/usbguard.te.policykit 2022-03-15 10:32:21.002852930 +0100 ++++ ./usbguard-selinux-0.0.4/usbguard.te 2022-03-15 10:36:47.844040559 +0100 +@@ -99,9 +99,17 @@ logging_log_filetrans(usbguard_t, usbgua + + logging_send_syslog_msg(usbguard_t) + +-dbus_system_domain(usbguard_t, usbguard_exec_t) + usbguard_ipc_access(usbguard_t) + ++optional_policy(` ++ dbus_system_domain(usbguard_t, usbguard_exec_t) ++ ++ optional_policy(` ++ policykit_dbus_chat(usbguard_t) ++ ') ++') ++ ++ + tunable_policy(`usbguard_daemon_write_rules',` + rw_files_pattern(usbguard_t, usbguard_rules_t, usbguard_rules_t) + ') diff --git a/usbguard-0.7.2.tar.gz b/usbguard-0.7.2.tar.gz deleted file mode 100644 index 7d74c18..0000000 Binary files a/usbguard-0.7.2.tar.gz and /dev/null differ diff --git a/usbguard-1.1.2.tar.gz b/usbguard-1.1.2.tar.gz new file mode 100644 index 0000000..5223bed Binary files /dev/null and b/usbguard-1.1.2.tar.gz differ diff --git a/usbguard-daemon.conf b/usbguard-daemon.conf index e9800b2..d8806a1 100644 --- a/usbguard-daemon.conf +++ b/usbguard-daemon.conf @@ -9,6 +9,19 @@ # RuleFile=/etc/usbguard/rules.conf +# +# Rule set folder path. +# +# The USBGuard daemon will use this folder to load the policy +# rule set from it and to write new rules received via the +# IPC interface. +# +# RuleFolder=/path/to/rulesfolder/ +# + +RuleFolder=/etc/usbguard/rules.d/ + + # # Implicit policy target. # @@ -171,3 +184,8 @@ AuditBackend=FileAudit # AuditFilePath=/var/log/usbguard/usbguard-audit.log +# +# Hides personally identifiable information such as device serial numbers and +# hashes of descriptors (which include the serial number) from audit entries. +# +HidePII=false diff --git a/usbguard-revert-catch.patch b/usbguard-revert-catch.patch new file mode 100644 index 0000000..d75cb85 --- /dev/null +++ b/usbguard-revert-catch.patch @@ -0,0 +1,17 @@ +diff -up ./configure.ac.fix ./configure.ac +--- ./configure.ac.fix 2022-03-03 15:05:03.357194713 +0100 ++++ ./configure.ac 2022-03-03 15:06:02.849787794 +0100 +@@ -394,11 +394,11 @@ if test "x$with_bundled_catch" = xyes; t + catch_summary="bundled; $catch_CFLAGS $catch_LIBS" + else + SAVE_CPPFLAGS=$CPPFLAGS +- CPPFLAGS="-std=c++17 $CPPFLAGS -I/usr/include/catch2" ++ CPPFLAGS="-std=c++17 $CPPFLAGS -I/usr/include/catch" + AC_LANG_PUSH([C++]) + AC_CHECK_HEADER([catch.hpp], [], [AC_MSG_FAILURE(catch.hpp not found or not usable. Re-run with --with-bundled-catch to use the bundled library.)]) + AC_LANG_POP +- catch_CFLAGS="-I/usr/include/catch2" ++ catch_CFLAGS="-I/usr/include/catch" + catch_LIBS="" + CPPFLAGS=$SAVE_CPPFLAGS + catch_summary="system-wide; $catch_CFLAGS $catch_LIBS" diff --git a/usbguard.spec b/usbguard.spec index b007842..97efbf6 100644 --- a/usbguard.spec +++ b/usbguard.spec @@ -1,26 +1,29 @@ -%global _hardened_build 1 +%global selinuxtype targeted +%global moduletype contrib +%define semodule_version 0.0.4 Name: usbguard -Version: 0.7.2 -Release: 7 +Version: 1.1.2 +Release: 1 Summary: A tool for computer usb guard License: GPLv2+ URL: https://usbguard.github.io/ Source0: https://github.com/USBGuard/usbguard/releases/download/usbguard-%{version}/usbguard-%{version}.tar.gz -Source1: usbguard-daemon.conf -Patch0000: 0001-Update-to-latest-PEGTL-API.patch -Patch0001: CVE-2019-25058-1.patch -Patch0002: CVE-2019-25058-2.patch -Patch0003: CVE-2019-25058-3.patch -Patch0004: CVE-2019-25058-4.patch -Patch0005: CVE-2019-25058-5.patch -Patch0006: CVE-2019-25058-6.patch -Patch0007: CVE-2019-25058-7.patch -BuildRequires: libqb-devel libgcrypt-devel libstdc++-devel protobuf-devel protobuf-compiler PEGTL-static -BuildRequires: catch1-devel autoconf automake libtool bash-completion asciidoctor audit-libs-devel systemd -BuildRequires: qt5-qtbase-devel qt5-qtsvg-devel qt5-linguist dbus-glib-devel dbus-devel glib2-devel -BuildRequires: polkit-devel libxslt libxml2 +Source1: https://github.com/USBGuard/usbguard-selinux/archive/refs/tags/v%{semodule_version}.tar.gz +Source2: usbguard-daemon.conf +Patch0000: usbguard-revert-catch.patch +Patch0001: policykit-dbus-chat-selinux.patch + +BuildRequires: libqb-devel libgcrypt-devel libstdc++-devel protobuf-devel protobuf-compiler PEGTL-static gcc gcc-c++ +BuildRequires: catch1-devel autoconf automake libtool bash-completion asciidoc audit-libs-devel systemd make Requires: systemd +Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) +Obsoletes: %{name}-applet-qt < 0.7.6 +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig %description USBGuard helps to protect your computer against rogue USB devices. @@ -39,21 +42,29 @@ Requires: usbguard = %{version}-%{release} %description tools Optional tools from the USBGuard software framework. -%package applet-qt -Summary: USBGuard Qt 5.x Applet -Requires: usbguard = %{version}-%{release} -Obsoletes: usbguard-applet-qt <= 0.3 - -%description applet-qt -Optional Qt 5.x desktop applet for interacting with the USBGuard daemon component. - %package dbus Summary: USBGuard D-Bus Service +BuildRequires: dbus-glib-devel dbus-devel glib2-devel +BuildRequires: polkit-devel libxslt libxml2 Requires: usbguard = %{version}-%{release} dbus polkit %description dbus Optional component that provides a D-Bus interface to the USBGuard daemon component. +%package selinux +Summary: USBGuard selinux +Group: Applications/System +Requires: %{name} = %{version}-%{release} +BuildRequires: selinux-policy-devel +Requires: selinux-policy-%{selinuxtype} +Requires(post): selinux-policy-%{selinuxtype} +BuildArch: noarch +%{?selinux_requires} + +%description selinux +The %{name}-selinux package contains selinux policy for the USBGuard daemon. + + %package help Summary: Documentation for usbguard Requires: usbguard = %{version}-%{release} @@ -62,28 +73,43 @@ Requires: usbguard = %{version}-%{release} Documentation for usbguard %prep -%autosetup -n usbguard-%{version} -p1 -rm -rf src/ThirdParty/{Catch,PEGTL} +%setup -q + +%setup -q -D -T -a 1 + +%patch0000 -p1 -b .catch +%patch0001 -p1 -b .policykit %build install -d ./m4 autoreconf -i -v --no-recursive ./ %configure --disable-silent-rules --without-bundled-catch --without-bundled-pegtl \ - --enable-systemd --with-gui-qt=qt5 --with-dbus --with-polkit \ + --enable-systemd --with-dbus --with-polkit \ --with-crypto-library=gcrypt %make_build +pushd %{name}-selinux-%{semodule_version} +make +popd + %check make check %install %make_install +mkdir -p %{buildroot}%{_sysconfdir}/usbguard/rules.d install -d %{buildroot}%{_sysconfdir}/usbguard/IPCAccessControl.d -cp %{SOURCE1} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf +cp %{SOURCE2} %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf chmod 644 %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf + +install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} +install -m 0644 %{name}-selinux-%{semodule_version}/%{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} +install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} +install -p -m 644 %{name}-selinux-%{semodule_version}/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if + %delete_la %preun @@ -106,6 +132,20 @@ chmod 644 %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf %postun dbus %systemd_postun_with_restart usbguard-dbus.service +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{name} +fi + +%posttrans selinux +%selinux_relabel_post -s %{selinuxtype} + %files %doc LICENSE %exclude %{_libdir}/*.a @@ -114,6 +154,7 @@ chmod 644 %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf %{_bindir}/usbguard %dir %{_localstatedir}/log/usbguard %dir %{_sysconfdir}/usbguard +%dir %{_sysconfdir}/usbguard/rules.d/ %dir %{_sysconfdir}/usbguard/IPCAccessControl.d %config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/usbguard-daemon.conf %config(noreplace) %attr(0600,-,-) %{_sysconfdir}/usbguard/rules.conf @@ -128,23 +169,26 @@ chmod 644 %{buildroot}%{_sysconfdir}/usbguard/usbguard-daemon.conf %files tools %{_bindir}/usbguard-rule-parser -%files applet-qt -%{_bindir}/usbguard-applet-qt -%{_datadir}/applications/usbguard-applet-qt.desktop -%{_datadir}/icons/hicolor/scalable/apps/usbguard-icon.svg - %files dbus %{_sbindir}/usbguard-dbus -%{_datadir}/dbus-1/system-services/org.usbguard.service -%{_datadir}/dbus-1/system.d/org.usbguard.conf -%{_datadir}/polkit-1/actions/org.usbguard.policy +%{_datadir}/dbus-1/system-services/org.usbguard1.service +%{_datadir}/dbus-1/system.d/org.usbguard1.conf +%{_datadir}/polkit-1/actions/org.usbguard1.policy %{_unitdir}/usbguard-dbus.service +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%{_datadir}/selinux/devel/include/%{moduletype}/ipp-%{name}.if + %files help %doc README.adoc CHANGELOG.md %{_mandir}/*/* %changelog +* Thu Apr 20 2023 liyanan - 1.1.2-1 +- upgrade 1.1.2 + * Mon Mar 07 2022 houyingchao - 0.7.2-7 - Fix CVE-2019-25058 diff --git a/v0.0.4.tar.gz b/v0.0.4.tar.gz new file mode 100644 index 0000000..2790edc Binary files /dev/null and b/v0.0.4.tar.gz differ