pool/rng-tools
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
rng-tools/rng-tools.changes

433 lines
18 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Wed Sep 24 09:50:54 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
- Drop rcrng-tools symlink [jsc#PED-266]
-------------------------------------------------------------------
Thu Oct 24 15:49:23 UTC 2024 - Andreas Schwab <schwab@suse.de>
- Enable build on risc64
-------------------------------------------------------------------
Wed Oct 23 11:56:10 CEST 2024 - ro@suse.de
- add patch rng-tools-missing-includes.patch
add missing include statements to fix compilation with recent gcc
-------------------------------------------------------------------
Wed Jul 31 16:42:01 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- Do not specify a fill-watermark in the service file to fix non-
starting service since 6.17, use auto-detection (boo#1228245)
-------------------------------------------------------------------
Sun Jun 30 07:56:27 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 6.17:
* mix data fed to the kernel byte-wise from multiple sources
* added option to attempt more persistent use of slow entropy
sources
* fix some missing m4 quotes
* improved debug output to show FIPS failures more clearly
* added a named pipe entropy source
* adjusted linux poolsize
* fixed some pkcs11 error messages
* fixed ignorefail and random_step options
-------------------------------------------------------------------
Sun Apr 16 09:27:49 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 6.16:
* Misc man page fixes, specifically addressing -V option
misdocumentation
* Improve security by allowing rngd to drop privlidges
* Misc documentation improvements
* Fix building with jitterentropy when configured for internal
software clock usage
* Fix building of power9 darn code on power systems that don't
natively support DARN instruction
* Fix jitterentropy long timeout failures on low power hardware
* Fix various build time errors on non libc systems
* Misc covscan issue fixes
-------------------------------------------------------------------
Sun Mar 27 19:45:51 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 6.15:
* Adjust rngtests for better behavior in travis
* fix use of non-posix setaffinity call to allow building on strict posix
(musl) systems
* Add armv6l to list of detected arches for pkcs11
* misc fixes to allow building on libc-musl
* fix a deadlock in jitter shutdown sequence
* minor warning fixups (unused variables)
* improve cpu detection code
* improve jitter cpu monopolization on small/single cpu systems
-------------------------------------------------------------------
Mon Nov 15 16:03:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* rng-tools.service
-------------------------------------------------------------------
Wed Oct 6 13:40:00 UTC 2021 - Dirk Müller <dmueller@suse.com>
- disable nistbeacon support
-------------------------------------------------------------------
Thu Aug 12 12:25:48 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 6.14:
* Fixed a null pointer deref in nistbeacon entropy source
* fixed some confguration tests
* clarified some rngd behavior in the man page
* update init code to do proper logging
* various covscan fixes
* fixed a memory leak in jitter entropy source
* fixed possible NULL deref in rdrand source
* various fixed in openssl mangling code
* added randstat binary to build
* minor modernizations to configure.ac
* Support rndr instruction on arm
* Support jitter software timer on coarse time systems
* Merged all openssl use into a single helper library
* Improved console output readability
-------------------------------------------------------------------
Thu Mar 18 13:04:28 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
- update to 6.12:
* Fix compiler warning over log message format
* Fix some typos in force-reseed documentation in rngd man page
* Improve --list option so that we properly capture entropy sources
that are available and configured on at build time, but failed
initalization at run time (due to lack of hw, or some other error, etc)
* Drop the use of libsysfs - we only used it to access a single file,
and we can do so with a simple open/read/close.
Given the lack of maintenance of libsysfs, we can save lots of
effort by dropping this lib
-------------------------------------------------------------------
Sat Jan 23 00:29:32 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 6.11:
* Some CI/CD fixes in travis pipeline
* Fix detection of duplicate pulses in nist source
* Fix --with-rtlsdr option in configure
* Clean up some debug statements that were erroneously left in place
* Fix error in systemd unit file
* Fix buffer overflow in rtlsdr entropy source
* Fixed darn source rekeying
* Fix various pipe read issues in jitter source
* Fix listing of rtlsdr options
* Misc Documentation fixes
* Fix a broken FIPS 140-2 corner case test
* Misc cleanups
* Addd aes mangling to nist source
* Improve nist performance with opportunistic use of CLOCK_MONOTONIC_COARSE
* Add forced reseeding of kernel entropy pool
-------------------------------------------------------------------
Sat Sep 12 13:06:07 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 6.10:
* Conversion of all entropy sources to use openssl instead of gcrypt, eliminating the need for the gcrypt library
* updated nist beacon entropy source to conform to version 2 of the
* Added rtlsdr radio entropy source
* Fixed arm host_cpu name, fixing a build break
* Fixed selection of default pkcs11 engine, based on target arch
* Moved closing jitter entropy source printouts to be LOG_DEBUG
* Typo fixes from codespell
* Fix a build break with power darn entropy sourceaa
* Improve interlock between main rngd thread, and jitterentropy threads during startup/shutdown to avoid deadlock/unneeded latency
* Avoid writing to write_wakeup_threshold when no specific threshold is set (allowing for separate services to preform this task without warnings from rngd)
* Enhance logging to more clearly indicate which entropy source is issuing a given log message
* Daemonize earlier, thereby avoiding early thread exit, which in turn leads to additional latency on shutdown
* Allow for immediate thread shutdown in jitter - By using sigsetjmp/siglongjmp, threads can exit, even when blocking in the jitter library
* Fixed texrels on on rdrand_asm.S for pic compilation
* allow use of libargp if libc lacks argp parsing
* explicitly link against -lcrypto, fixing build in pkcs11 entropy source
* replace pthread_yield with posix compliant sched_yield
* bias rngd to use faster sources of entropy when available, falling back to slower sources when needed
* Fix a shutdown delay resulting from a thread exit race
* Fix a few minor compilation warnings
* Fix make distcheck make target
* Minor typo fixes/cleanups
* Misc typo fixes
* Fixed build break on ppc
* Fixed bug in which getaffinity returns error on virt systems for jitterentropy
* Fixed low watermark sizing for kernel entropy pool
* Add a test mode, allowing entropy production rates to be measured
* Added jitter library as an entropy source
* Added short names to entropy sources (rather than just index numbers), for use in identifying sources to exclude/include/set options on
* Deprecated tpm entropy source, as all modern tpm2 hardware in the kernel exports entropy via /dev/hwrng (the hwrng entropy source)
* Deprecated use of indexs in exclude/include/option setting
* Introduced the concept of slow entropy sources, that produce entropy at rates slow enough that would otherwise cause them to get disabled as being broken
* Defaulted rdrand entropy source to not use aes, as it creates a significant performance increase
* Update of jitterentropy-library version
* Addition of -O flag to allow per-entropy-source option setting (documented in man page)
* Misc jitterentropy bugfixes
* Fixing of debug messages and quiet behavior
* Enable runtime disablement of AES in rdrand entropy if no AES method is available
* Make jitterentropy thread count/buffer sizes configurable
* Make AES use in rdrand and darn entropy sources configurable
* Fixes a few logic errors in the use of jitterentropy
* Fixes a build issue in which make check fails
* Some source typo fixes
* Add caching to jitterentropy
* Free some leaked memory on exit
* limit nistbeacon random data based on freq and timestamp
* Document nistbeacon more
* improved exit code reporting
* ability to suppress failure messages when not wanted
* correction of nistbeacon fields on non 64 bit arches
* proper exiting on SIGTERM/SIGINT when polling in update_kernel_random
* Fixed a drng build issue based on a missing extern symbol
* minor code formatting cleanup
* ensure darn rng asm code is volatile to prevent getting optimized out
* improve darn runtime hardware support check
* man page fixes
* fixed bug in which rngd takes control of the terminal
- drop rng-tools-check_signals.patch (obsolete)
-------------------------------------------------------------------
Sat Feb 6 17:06:48 UTC 2016 - crrodriguez@opensuse.org
- 90-hwrng.rules: Improve udev rule, autostart rngd only
when there are hwrng drivers available and one is actually
bound to the device.
-------------------------------------------------------------------
Mon Oct 19 08:07:13 UTC 2015 - dmueller@suse.com
- enable aarch64 as well
-------------------------------------------------------------------
Sat Oct 17 23:19:36 UTC 2015 - dvaleev@suse.com
- Enable Power64 architecture. Starting with Power7+ we have in
CPU random number generator
-------------------------------------------------------------------
Fri Sep 19 00:28:16 CEST 2014 - ro@suse.de
- add patch: rng-tools-check_signals.patch (bnc#897335)
check for signals in all loops to react to SIGINT/SIGTERM
-------------------------------------------------------------------
Wed Sep 3 10:18:46 UTC 2014 - idonmez@suse.com
- Apparently --fill-watermark expects a number between 0 and 4096
now. So we now set it to 3700 which is ~90% of 4096.
-------------------------------------------------------------------
Mon Aug 25 10:13:40 UTC 2014 - idonmez@suse.com
- Update to version 5
* Support RDRAND capable systems that don't have AES-NI
* Man page spelling fixes
* Don't use fixed AES key for data reduction
* Platform: Support x32. x86-64 micro-optimizations.
* Fix RDRAND data reduction
* Enable RDSEED instruction
- Add libgcrypt dependency needed for RDRAND
- Add back --fill-watermark=90% to the service file
- Package NEWS file
- Spec cleanup
-------------------------------------------------------------------
Fri Aug 22 16:49:41 UTC 2014 - crrodriguez@opensuse.org
- package is needed on %arm (raspberry pi at least).
-------------------------------------------------------------------
Tue Jun 24 18:05:29 UTC 2014 - crrodriguez@opensuse.org
- systemd: Do not start in containers, in that case
entropy comes from the "host"
- systemd: Conflict with haveged, only one entropy daemon
must be running.
-------------------------------------------------------------------
Wed Apr 30 03:54:36 UTC 2014 - crrodriguez@opensuse.org
- Fix automagic startup with udev/systemd virtio-rng KERNEL
name is hw_random not hwrng..
-------------------------------------------------------------------
Wed Apr 30 03:15:22 UTC 2014 - crrodriguez@opensuse.org
- in some parallel universe --fill-watermark took a percentage
value, not in this incarnation at least, where it takes
an integer. just use the sane builtin default
-------------------------------------------------------------------
Fri Dec 27 20:16:37 UTC 2013 - crrodriguez@opensuse.org
- udev does not like rules without a new line
-------------------------------------------------------------------
Sun Nov 24 04:23:56 UTC 2013 - crrodriguez@opensuse.org
- there is no trousers-devel requirement anymore
- define _udevrulesdir only if not already defined
- run %udev_rules_update, if defined.
-------------------------------------------------------------------
Wed Oct 23 14:45:37 UTC 2013 - p.drouand@gmail.com
- Drop old sysvinit stuff; none of distribution targets use it anymore
- Remove redundant %clean section
- Remove useless automake BuildRequires, CFLAGS export and autoreconf call
-------------------------------------------------------------------
Mon Sep 2 02:07:59 UTC 2013 - crrodriguez@opensuse.org
- in a previous change I removed WantedBy=multi-user.target
from the systemd service file because the service can get
automatically started by udev, however there are usecases
on which manual start is desirable, restore that.
-------------------------------------------------------------------
Wed May 15 17:41:27 CEST 2013 - ro@suse.de
- remove option "--feed-interval=1" from init-script and
service file, no current version of rng-tools has ever
known this option (bnc#819764)
-------------------------------------------------------------------
Thu Apr 11 02:42:07 UTC 2013 - crrodriguez@opensuse.org
- Just to be in the safe side, put udev rules later into
the mix 50-hwrng.rules --> 90-hwrng.rules
-------------------------------------------------------------------
Tue Apr 9 01:03:51 UTC 2013 - crrodriguez@opensuse.org
- 50-hwrng.rules + rng-tools.service, use activation by systemd+udev
combo, the service will come up automatically when the kernel
registers a /dev/hwrng device, service no longer requires
manual intervention to work at all.
-------------------------------------------------------------------
Thu Oct 4 14:31:13 UTC 2012 - lars@linux-schulserver.de
- update to version 4:
* Add RDRAND instruction support
* Add -q and -v options for quiet and verbose output
* Add -p option for specifying PID file (text file containing daemon's PID)
* Disable entropy source if facing continued failures, but be
tolerant of the occasional fault.
* Default device is now the preferred /dev/hwrng
* Do not use TPM device for RNG access, if /dev/hwrng is present
(TPM RNG is exported via the kernel, in newer kernels)
- require $remote_fs in init script as binaries are below /usr
-------------------------------------------------------------------
Sun Jan 29 02:57:13 UTC 2012 - tabraham@novell.com
- Update to version 3
* add rngteswt program
* support TPM chip's hardware RNG (and thus, a framework for
supporting multiple entropy sources)
* change default hardware RNG device name to "/dev/hw_random"
-------------------------------------------------------------------
Sat Dec 31 05:34:54 UTC 2011 - crrodriguez@opensuse.org
- Put rngd back into %{_sbindir} /usr is mounted in the initrd now.
-------------------------------------------------------------------
Fri Dec 16 02:21:55 UTC 2011 - crrodriguez@opensuse.org
- Support systemd.
-------------------------------------------------------------------
Thu Dec 1 15:58:15 UTC 2011 - coolo@suse.com
- add automake as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Wed Aug 10 04:40:10 UTC 2011 - crrodriguez@opensuse.org
- Work around VIA Nano xstore bug
- Add support for Linux 3.0
- Enable large file support
- Enable VIA PadLock support on x86_64
-------------------------------------------------------------------
Wed Mar 9 13:18:09 UTC 2011 - coolo@novell.com
- prereq sysvinit services
-------------------------------------------------------------------
Mon Nov 22 01:22:00 CET 2010 - ro@suse.de
- change license from GPLv2+ to GPLv3+ as the tpm_engine code
in the ubuntu patch uses that license (bnc#653119)
-------------------------------------------------------------------
Wed Nov 10 15:38:50 CET 2010 - ro@suse.de
- do not report init script as failed if no hardware found
(bnc#624198)
-------------------------------------------------------------------
Wed May 19 16:35:08 CEST 2010 - ro@suse.de
- move rngd back to /sbin and drop remotefs dependency from
init script
-------------------------------------------------------------------
Mon May 17 15:14:42 CEST 2010 - ro@suse.de
- do not enable by default
-------------------------------------------------------------------
Thu May 13 02:39:02 UTC 2010 - cristian.rodriguez@opensuse.org
- use debian/ubuntu rng-tools_mt which is under active development
-------------------------------------------------------------------
Sun Apr 25 16:23:18 UTC 2010 - crrodriguez@opensuse.org
- add Suplemments for all currently supported hwrngs
-------------------------------------------------------------------
Fri Jan 9 08:41:58 CET 2009 - olh@suse.de
- use ExclusiveArch as in /SRC/arch/
-------------------------------------------------------------------
Fri Nov 9 08:44:54 CET 2007 - bwalle@suse.de
- added PreReq for %fillup_prereq
-------------------------------------------------------------------
Sun Apr 1 21:22:32 CEST 2007 - bwalle@suse.de
- added init script that also probes hardware if the module
cannot be probed by PCI IDs
-------------------------------------------------------------------
Wed Jan 25 21:44:37 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Aug 25 00:15:23 CEST 2004 - ro@suse.de
- update to version 2
-------------------------------------------------------------------
Thu Jul 29 01:17:22 CEST 2004 - ro@suse.de
- update to version 1.1
-------------------------------------------------------------------
Thu Aug 21 12:04:34 CEST 2003 - ro@suse.de
- created package version 1.0
Reference in New Issue View Git Blame Copy Permalink