New release: usbguard-0.7.0

Hello strangers! It’s been a while. A new release of USBGuard is available and it brings important bug fixes and new features.

From all the bug fixes in this release, I’d like to point out one which required a backwards incompatible change and requires an update to existing policies. The Linux USB root hub devices use the kernel version as the bcdDevice attribute value. The value is part of the USB descriptor data which USBGuard uses for computing the device hash and therefore causes the device hash to change on every kernel update. This in turn makes USBGuard rules which rely on this hash to not match and block the device. And because it’s a root hub device that gets blocked, all the other devices get blocked too. The bug fix is simple, reset the bcdDevice value to zero before hashing (applied only for the Linux root hub devices).

New features include an UEvent based device manager and support for fine-grained IPC access control. Check out the Change Log for more details.

Change Log

Added

Removed

Changed

Thanks

Many thanks to the following people for contributions to this release and to the USBGuard project:

Updating

If you are using Fedora or the USBGuard Copr repository, run:

$ sudo dnf update --enablerepo=updates-testing usbguard

Download

Signed release tarball can be downloaded from the USBGuard release page at GitHub:

SHA256(usbguard-0.7.0.tar.gz)= 1e1485a2b47ba3bde9de2851b371d2552a807047a21e0b81553cf80d7f722709