Changelog for
rng-tools-6.17-93.2.x86_64.rpm :
* Wed Jul 31 2024 Andreas Stieger
- Do not specify a fill-watermark in the service file to fix non- starting service since 6.17, use auto-detection (boo#1228245)
* Sun Jun 30 2024 Dirk Müller - update to 6.17:
* mix data fed to the kernel byte-wise from multiple sources
* added option to attempt more persistent use of slow entropy sources
* fix some missing m4 quotes
* improved debug output to show FIPS failures more clearly
* added a named pipe entropy source
* adjusted linux poolsize
* fixed some pkcs11 error messages
* fixed ignorefail and random_step options
* Sun Apr 16 2023 Dirk Müller - update to 6.16:
* Misc man page fixes, specifically addressing -V option misdocumentation
* Improve security by allowing rngd to drop privlidges
* Misc documentation improvements
* Fix building with jitterentropy when configured for internal software clock usage
* Fix building of power9 darn code on power systems that don\'t natively support DARN instruction
* Fix jitterentropy long timeout failures on low power hardware
* Fix various build time errors on non libc systems
* Misc covscan issue fixes
* Sun Mar 27 2022 Dirk Müller - update to 6.15:
* Adjust rngtests for better behavior in travis
* fix use of non-posix setaffinity call to allow building on strict posix (musl) systems
* Add armv6l to list of detected arches for pkcs11
* misc fixes to allow building on libc-musl
* fix a deadlock in jitter shutdown sequence
* minor warning fixups (unused variables)
* improve cpu detection code
* improve jitter cpu monopolization on small/single cpu systems
* Mon Nov 15 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified:
* rng-tools.service
* Wed Oct 06 2021 Dirk Müller - disable nistbeacon support
* Thu Aug 12 2021 Dirk Müller - update to 6.14:
* Fixed a null pointer deref in nistbeacon entropy source
* fixed some confguration tests
* clarified some rngd behavior in the man page
* update init code to do proper logging
* various covscan fixes
* fixed a memory leak in jitter entropy source
* fixed possible NULL deref in rdrand source
* various fixed in openssl mangling code
* added randstat binary to build
* minor modernizations to configure.ac
* Support rndr instruction on arm
* Support jitter software timer on coarse time systems
* Merged all openssl use into a single helper library
* Improved console output readability
* Thu Mar 18 2021 Paolo Stivanin - update to 6.12:
* Fix compiler warning over log message format
* Fix some typos in force-reseed documentation in rngd man page
* Improve --list option so that we properly capture entropy sources that are available and configured on at build time, but failed initalization at run time (due to lack of hw, or some other error, etc)
* Drop the use of libsysfs - we only used it to access a single file, and we can do so with a simple open/read/close. Given the lack of maintenance of libsysfs, we can save lots of effort by dropping this lib
* Sat Jan 23 2021 Dirk Müller - update to 6.11:
* Some CI/CD fixes in travis pipeline
* Fix detection of duplicate pulses in nist source
* Fix --with-rtlsdr option in configure
* Clean up some debug statements that were erroneously left in place
* Fix error in systemd unit file
* Fix buffer overflow in rtlsdr entropy source
* Fixed darn source rekeying
* Fix various pipe read issues in jitter source
* Fix listing of rtlsdr options
* Misc Documentation fixes
* Fix a broken FIPS 140-2 corner case test
* Misc cleanups
* Addd aes mangling to nist source
* Improve nist performance with opportunistic use of CLOCK_MONOTONIC_COARSE
* Add forced reseeding of kernel entropy pool
* Sat Sep 12 2020 Dirk Mueller - update to 6.10:
* Conversion of all entropy sources to use openssl instead of gcrypt, eliminating the need for the gcrypt library
* updated nist beacon entropy source to conform to version 2 of the
* Added rtlsdr radio entropy source
* Fixed arm host_cpu name, fixing a build break
* Fixed selection of default pkcs11 engine, based on target arch
* Moved closing jitter entropy source printouts to be LOG_DEBUG
* Typo fixes from codespell
* Fix a build break with power darn entropy sourceaa
* Improve interlock between main rngd thread, and jitterentropy threads during startup/shutdown to avoid deadlock/unneeded latency
* Avoid writing to write_wakeup_threshold when no specific threshold is set (allowing for separate services to preform this task without warnings from rngd)
* Enhance logging to more clearly indicate which entropy source is issuing a given log message
* Daemonize earlier, thereby avoiding early thread exit, which in turn leads to additional latency on shutdown
* Allow for immediate thread shutdown in jitter - By using sigsetjmp/siglongjmp, threads can exit, even when blocking in the jitter library
* Fixed texrels on on rdrand_asm.S for pic compilation
* allow use of libargp if libc lacks argp parsing
* explicitly link against -lcrypto, fixing build in pkcs11 entropy source
* replace pthread_yield with posix compliant sched_yield
* bias rngd to use faster sources of entropy when available, falling back to slower sources when needed
* Fix a shutdown delay resulting from a thread exit race
* Fix a few minor compilation warnings
* Fix make distcheck make target
* Minor typo fixes/cleanups
* Misc typo fixes
* Fixed build break on ppc
* Fixed bug in which getaffinity returns error on virt systems for jitterentropy
* Fixed low watermark sizing for kernel entropy pool
* Add a test mode, allowing entropy production rates to be measured
* Added jitter library as an entropy source
* Added short names to entropy sources (rather than just index numbers), for use in identifying sources to exclude/include/set options on
* Deprecated tpm entropy source, as all modern tpm2 hardware in the kernel exports entropy via /dev/hwrng (the hwrng entropy source)
* Deprecated use of indexs in exclude/include/option setting
* Introduced the concept of slow entropy sources, that produce entropy at rates slow enough that would otherwise cause them to get disabled as being broken
* Defaulted rdrand entropy source to not use aes, as it creates a significant performance increase
* Update of jitterentropy-library version
* Addition of -O flag to allow per-entropy-source option setting (documented in man page)
* Misc jitterentropy bugfixes
* Fixing of debug messages and quiet behavior
* Enable runtime disablement of AES in rdrand entropy if no AES method is available
* Make jitterentropy thread count/buffer sizes configurable
* Make AES use in rdrand and darn entropy sources configurable
* Fixes a few logic errors in the use of jitterentropy
* Fixes a build issue in which make check fails
* Some source typo fixes
* Add caching to jitterentropy
* Free some leaked memory on exit
* limit nistbeacon random data based on freq and timestamp
* Document nistbeacon more
* improved exit code reporting
* ability to suppress failure messages when not wanted
* correction of nistbeacon fields on non 64 bit arches
* proper exiting on SIGTERM/SIGINT when polling in update_kernel_random
* Fixed a drng build issue based on a missing extern symbol
* minor code formatting cleanup
* ensure darn rng asm code is volatile to prevent getting optimized out
* improve darn runtime hardware support check
* man page fixes
* fixed bug in which rngd takes control of the terminal- drop rng-tools-check_signals.patch (obsolete)