Bug#880983: marked as done (ITP: usbauth -- USB Firewall including flex/bison parser)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 22 Feb 2018 09:00:17 +0000
with message-id <E1eomjh-00014p-Ea@fasolo.debian.org>
and subject line Bug#880983: fixed in usbauth 1.0~git20180119-1
has caused the Debian Bug report #880983,
regarding ITP: usbauth -- USB Firewall including flex/bison parser
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
880983: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880983
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: RFP: libusbauth-configparser1, usbauth, usbauth-notifier -- USB Firewall including flex/bison parser
• From: Stefan Koch <stefan.koch10@gmail.com>
• Date: Mon, 06 Nov 2017 18:22:10 +0100
• Message-id: <150998893017.3078.17823083886772966017.reportbug@debian>

Package: wnpp
Severity: wishlist

This work was initially created for SUSE in 2015. Part of it was the USB interface authorization for the Linux kernel. It's contained in Linux since kernel version 4.4.
Please add the following packages libusbauth-configparser1, usbauth, usbauth-notifier to debian unstable.
The packages are already packaged for debian (see debian subfolder for each package).

GIT Repository: https://github.com/kochstefan/usbauth-all.git

This bug report replaces bug reports #879714, #879715, #879716


PACKAGE libusbauth-configparser1:
* Package name    : libusbauth-configparser1
  Version         : 1.0
  Upstream Author : Stefan Koch <stefan.koch10@gmail.com>
* URL             : https://github.com/kochstefan/usbauth-all/tree/master/libusbauth-configparser
* License         : LGPL-2.1
  Programming Lang: C
  Description     : Library for USB Firewall including flex/bison parser

The library is used to read the usbauth config file into data structures and is used by usbauth and YaST.
See also: openSUSE package request (https://build.opensuse.org/request/show/533512)


PACKAGE usbauth:
* Package name    : usbauth
  Version         : 1.0
  Upstream Author : Stefan Koch <stefan.koch10@gmail.com>
* URL             : https://github.com/kochstefan/usbauth-all/tree/master/usbauth
* License         : GPL-2.0
  Programming Lang: C
  Description     : USB firewall against BadUSB attacks

It is a firewall against BadUSB attacks. A config file descibes in which way USB interfaces would be accepted or denied.
To the kernel an interface authorization was developed with this firewall.
The firewall sets the authorization mask according to the rules.
See also: openSUSE package request (https://build.opensuse.org/request/show/533513)


PACKAGE usbauth-notifier:
* Package name    : usbauth-notifier
  Version         : 1.0
  Upstream Author : Stefan Koch <stefan.koch10@gmail.com>
* URL             : https://github.com/kochstefan/usbauth-all/tree/master/usbauth-notifier
* License         : GPL-2.0
  Programming Lang: C
  Description     : Notifier for USB Firewall to use with desktop environments

A notifier for the usbauth firewall against BadUSB attacks. The user could manually allow or deny USB devices.
Every user that wants use the notifier must be added to the usbauth group.
See also: openSUSE package request (https://build.opensuse.org/request/show/533514)



NOTICE aboud usbguard and usbauth:
The usbguard project provides an USB firewall, too. It is already packaged within debian.
The usbguard development was supported by RedHat and usbauth was 
supported by SUSE. Historical, usbguard was published while the working 
on usbauth has already been started.
The main difference is that usbguard works with USB devices and usbauth works with USB interfaces.

usbauth could allow/deny usb interfaces using the new usb interface 
authorization mechanism that is part of linux 4.4 and above.
See also: 
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/log/?h=v4.4.94&qt=grep&q=interface+auth

Examples:
* allow a storage functionality of a USB device and deny USB Ethernet of 
the same device
* allow audio/video functionality of an USB TV card and deny using the 
remote control functionality
* allow USB printing/scanning and deny USB storage usage of a 
multifunction printer (BTW: the interface mechanism supports denying 
user space triggered actions (using USB claiming) like scanning)

usbguard could allow/deny USB devices using the usb device authorization 
mechanism of the Linux kernel.
It allows to denying a whole device if one interface of it is considered 
as bad (usbauth supports this, too)
usbguard allows creating actions that is not supported by usbauth.

If you can understand German language you could read 
a detailed description: 
https://epub.uni-bayreuth.de/3048/1/koch2017sicherheitsaspekte.pdf

--- End Message ---

--- Begin Message ---

• To: 880983-close@bugs.debian.org
• Subject: Bug#880983: fixed in usbauth 1.0~git20180119-1
• From: SZ Lin (林上智) <szlin@debian.org>
• Date: Thu, 22 Feb 2018 09:00:17 +0000
• Message-id: <E1eomjh-00014p-Ea@fasolo.debian.org>

Source: usbauth
Source-Version: 1.0~git20180119-1

We believe that the bug you reported is fixed in the latest version of
usbauth, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 880983@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
SZ Lin (林上智) <szlin@debian.org> (supplier of updated usbauth package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Feb 2018 11:42:52 +0800
Source: usbauth
Binary: usbauth
Architecture: source amd64
Version: 1.0~git20180119-1
Distribution: unstable
Urgency: medium
Maintainer: Stefan Koch <stefan.koch10@gmail.com>
Changed-By: SZ Lin (林上智) <szlin@debian.org>
Description:
 usbauth    - USB firewall against BadUSB attacks
Closes: 880983
Changes:
 usbauth (1.0~git20180119-1) unstable; urgency=medium
 .
   * Import new upstream release (Closes: #880983)
   * Move the d/post* scripts to usbauth-notifier
   * Move VCS to salsa
Checksums-Sha1:
 387386735e4aadac564eedc4c1b7347507362688 2060 usbauth_1.0~git20180119-1.dsc
 fd1bbe4545b4b752d117ef12cc673e244adcc7cf 17657 usbauth_1.0~git20180119.orig.tar.gz
 fe786583bcf0ec9248708adc10119b1a97cf0ac6 2128 usbauth_1.0~git20180119-1.debian.tar.xz
 9526381c466bd5be51997504238a2915296a24aa 14728 usbauth-dbgsym_1.0~git20180119-1_amd64.deb
 aeed2d62c2ff9302caf4e5d34db7545b14a9d742 6135 usbauth_1.0~git20180119-1_amd64.buildinfo
 a8393b3280b6dc34e856165519c7868a04b78d58 13692 usbauth_1.0~git20180119-1_amd64.deb
Checksums-Sha256:
 895ddd0e0b2016faad28e187fc0015c58db985507768f46cf278f1aaa985a601 2060 usbauth_1.0~git20180119-1.dsc
 88d17a086b1c8defcd28a1268a594e0fb598f040783968bbfc470830a8a110f1 17657 usbauth_1.0~git20180119.orig.tar.gz
 ff926181c95a19375b927855dd01c52595d3a34ad6d87ff0bc8d395b0d4e4b36 2128 usbauth_1.0~git20180119-1.debian.tar.xz
 f24bd88723a68e4cb21bb7a733d8fcffa527e298557a8a439265a7b6c8e02f06 14728 usbauth-dbgsym_1.0~git20180119-1_amd64.deb
 3a0a9e7b56319fe229300a34645d6493a0e448830552aec6be3b0922afd1808a 6135 usbauth_1.0~git20180119-1_amd64.buildinfo
 22af128c374b3b7659ae8d3455957fe46719bd991fc4810432499abfbf7ccbcf 13692 usbauth_1.0~git20180119-1_amd64.deb
Files:
 67c23d5bff19a4a5ce7b755b7e753f04 2060 utils optional usbauth_1.0~git20180119-1.dsc
 7f58a7bdf6e935eb726a4f511dd2ddd6 17657 utils optional usbauth_1.0~git20180119.orig.tar.gz
 d21fa895315e11436ce8df0d55c595ee 2128 utils optional usbauth_1.0~git20180119-1.debian.tar.xz
 6c3bbb9adaaaa9c65797adbd5271261d 14728 debug optional usbauth-dbgsym_1.0~git20180119-1_amd64.deb
 4b279315d3212825224dc6ca68d70a35 6135 utils optional usbauth_1.0~git20180119-1_amd64.buildinfo
 66bf3a8ba1f2901b1686ec8395d6a5fb 13692 utils optional usbauth_1.0~git20180119-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEF4+DOLMUAeME/ES6qVmzipVh8/kFAlqOQZYACgkQqVmzipVh
8/kNDw//c5UlMpKJmZ4vM/kz8z8R7gU2n0tlfY2tjVrdFb4YDjLUhBZ3m/8JxaTP
qe6S4ndUi+9kOnz7IszQv/kRyobLjGNIPawke1CHUuHg4MZLleFjJYPaVXm7MuOX
NbnUQoqZz8K7BOgqc9YUESzED4NZvfVeWr6eOQjsUkrQBJ7g1bMNOha75pOnnfKM
WLeTDnCh2V03ksFN1KR8zYwaUpjc6wqlHGSPs4b8FiWVyAv6xcoZ2qd0K+k1V+39
QMzg8f+bzHD20MioaSdtWpkNDrav8GOSOTB1kZD05P1hnirseaYahpz8GOVj7QSM
xAf8Gj5M9TtBOyYQ23b+bO2oQaoX0igew+F5mKoOGekZGBNJYeDxaiGn6FDLeolp
L06eoef2AiGH23KvUmTZXFxeOPUxAFGhB6MXWO5DhA/14Q4L0F59jkDkO7zNiOMd
sOLVllWlfo6rn8p+PkUa94NneiBk28Rz5sKGju9lR+rcrieRxHfRZzSIIO1iu2Xj
XDU4SwsiO5vIPoqI+oR32SwzE8KnSCZwNhiCZKhDLFPDfqyk4WCRqbizJMSQLNFH
kFdNnp0LNm1KhevD8yskSGEkCxSsQiVItYGxQooAkBCpHAAbxJylj3aXVO1VLoXC
aYGXdyykp57OQNNRAstrZN2KjnVkOPuiIkPyvBGXCBeDtWTbZ+I=
=Reo9
-----END PGP SIGNATURE-----

--- End Message ---