Major changes (since usbguard-0.4)

• Changed versioning scheme to include a release number. Releases will be rolled out more often during a milestone (x.y -- currently 0.5) development.
• Merged usbguard-applet-qt (sub)project into usbguard.
• Added a D-Bus bridge component which exposes a D-Bus interface to usbguard.
• Enhancements of the usbguard command-line interface.
• Fixed USB descriptor data parsing. Previously, many real-world cases of descriptors weren't parsed correctly because of a naive implementation of the parser.
• Fixed systemd integration.
• Manual pages are now generated from their source (markdown) during the build process.
• A default usbguard-daemon configuration file is now installed.
• Fixed issues: #84, #83, #80, #79, #78, #77, #76, #75, #74, #73, #72, #71, #70, #69, #68, #56, #54, #53, #51, #50, #44.

Thanks

Many thanks to the following people for contributions to this release and to the USBGuard project:

• @amenophobis
• Ian Beringer (@ianberinger)
• James Cowgill (@jcowgill)
• Muri Nicanor (@murinicanor)
• Rebecca N. Palmer (@rebecca-palmer)
• Christian Stadelmann (@genodeftest)

SHA256(usbguard-0.5.10.tar.gz)= f51a302ad6222ba87ac5a2f96d033c9ba514c0d20027983798e97746d879ac28

Major changes

• The daemon is now capable of dropping process capabilities and uses a seccomp based syscall whitelist. Options to enable these features were added to the usbguard-daemon command.
• Devices connected at the start of the daemon are now recognized and the DevicePresent signal is sent for each of them.
• New configuration options for setting the implicit policy target and how to handle the present devices are now available.
• String values read from the device are now properly escaped and length limits on these values are enforced.
• The library API was extended with the Device and DeviceManager classes.
• Implemented the usbguard CLI, see usbguard(1) for available commands.
• Initial authorization policies can be now easily generated using the usbguard generate-policy command.
• Extended the rule language with rule conditions. See usbguard-rules.conf(5) for details.
• Moved logging code into the shared library. You can use static methods of the Logger class to configure logging behaviour.
• Removed the bundled libsodium and libqb libraries.
• Fixed several bugs.
• Resolved issues: #46, #45, #41, #40, #37, #32, #31, #28, #25, #24, #21, #16, #13, #9, #4

WARNING: Backwards incompatible changes

• The device hashing procedure was altered and generates different hash values. If you are using the hash attribute in your rules, you'll have to update the values.
• The bundled libsodium and libqb were removed. You'll have to compile and install them separately if your distribution doesn't provide them as packages.

Updating

If you are using Fedora or the USBGuard Copr repository, run:

$ sudo dnf update usbguard

Download

Tarballs can be downloaded here:

• usbguard-0.4.tar.gz
• CHECKSUM.sha512
• CHECKSUM.sha256

Major changes

• use AC_CHECK_HEADER instead of a pkg-config based check for json and spdlog
• make check target available

Download

Tarballs can be downloaded here:

• usbguard-0.3p3.tar.gz
• CHECKSUM.sha512
• CHECKSUM.sha256

Major changes

• SHM permissions are set to uid of the client process and gid of the daemon with rw-rw---- mode (0660).
• added --with-bundled-json and --with-bundled-spdlog configure options to enable/disable the usage of the bundled libraries

Updating

If you are using the USBGuard Copr repository, run:

$ sudo yum update usbguard usbguard-applet-qt

Download

Tarballs can be downloaded here:

• usbguard-0.3p2.tar.gz
• CHECKSUM.sha512
• CHECKSUM.sha256

Major changes

• removed bundled cppformat copylib

Download

Tarballs can be downloaded here:

• usbguard-0.3p1.tar.gz
• CHECKSUM.sha512
• CHECKSUM.sha256

Major changes

• Fixed appending of permanent rules
• Implemented a DAC based IPC access control
• Ship man pages for usbguard-daemon, usbguard-daemon.conf and usbguard-rules.conf
• Ship the LICENSE file
• Fixed distribution RPM spec file. Thanks to Petr Lautrbach and Ralf Corsepius for review.
• Resolved issues: #18 #19 #13

Updating

If you are using the USBGuard Copr repository, run:

$ sudo yum update usbguard usbguard-applet-qt

Download

Tarballs can be downloaded here:

• usbguard-0.3.tar.gz
• usbguard-applet-qt-0.3.tar.gz
• CHECKSUM.sha512
• CHECKSUM.sha256

Major changes

• Support for modifying permanent rules over the IPC interface.
• Reworked device hashing.
• Rule language changes
  • set operators
  • renamed "port" to "via-port"
  • added "with-interface" matching attribute
  • removed the "class" attribute
• The IPCClient, ConfigFile, Rule and RuleSet classes are now shipped in a shared library.
• Created abstract interface for OS specific USB device handling.
• Changed default daemon config path to /etc/usbguard/usbguard-daemon.conf.
• Implemented basic USB descriptor structure parsing and improved interface type handling
• The IPC API was changed:
  • added new signal, DevicePresent, which signals that a device was already present at the start of the IPC session
  • the DeviceInserted and DevicePresent signals pass interface types that the device supports
  • the explicit string arguments of the signals are now passed as a map
• Resolved issues: #1 #2 #5 #6 #10 #11

Updating

Note that the rule language syntax changed. USBGuard no longer recognizes the "class" attribute, which was removed, and the "port" attribute, which was renamed to "via-port".

If you are using the USBGuard Copr repository, run:

$ sudo yum update usbguard usbguard-applet-qt