Hello community,
here is the log from the commit of package haveged for openSUSE:Factory checked
in at 2020-06-03 20:28:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/haveged (Old)
and /work/SRC/openSUSE:Factory/.haveged.new.3606 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haveged"
Wed Jun 3 20:28:33 2020 rev:55 rq:809687 version:1.9.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/haveged/haveged.changes 2019-08-05
10:29:18.431452794 +0200
+++ /work/SRC/openSUSE:Factory/.haveged.new.3606/haveged.changes
2020-06-03 20:28:43.080479677 +0200
@@ -1,0 +2,27 @@
+Tue May 26 10:49:29 UTC 2020 - Martin Pluskal <mplus...@suse.com>
+
+- Update to version 1.9.8:
+ * Fix for Unresolved symbol error_exit in libhavege #20 by pld-gitsync
[Jirka Hladky]
+ * order after systemd-tmpfiles-setup-dev.service (origin/pr/21) [Christian
Hesse]
+ * use systemd security features [Christian Hesse]
+ * do not run in container [Christian Hesse]
+ * do not use carriage return in line break [Christian Hesse]
+ * Fixed invalid UTF-8 codes in ChangeLog [Jirka Hladky]
+- Changes for version 1.9.5:
+ * Added test for /dev/random symlink [Jirka Hladky]
+ * Update to automake 1.16 [Jirka Hladky]
+ * Fix segv at start [Andrew]
+ * Fixed built issue on Cygwin [jbaker6953]
+ * Fix segfault on arm machines (origin/pr/7) [Natanael Copa]
+ * init.d/Makefile.am - add missing dependency [Jackie Huang]
+ * service.redhat - update PIDFile [Pierre-Jean Texier]
+ * Fix type mismatch in get_poolsize [Andreas Schwab]
+ * Fixup upstream changelog [Nicolas Braud-Santoni]
+ * Remove support for CPUID on ia64 (origin/pr/19) [Jeremy Bobbio]
+ * Output some progress during CUSUM and RANDOM EXCURSION test [Sven Hartge]
+ * Diagnostics capture mode now works correctly [Ethan Rahn]
+- Drop upstream patches:
+ * f2193587.patch
+ * get-poolsize.patch
+
+-------------------------------------------------------------------
Old:
----
f2193587.patch
get-poolsize.patch
haveged-1.9.4.tar.gz
New:
----
haveged-1.9.8.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ haveged.spec ++++++
--- /var/tmp/diff_new_pack.keCOZZ/_old 2020-06-03 20:28:45.028485598 +0200
+++ /var/tmp/diff_new_pack.keCOZZ/_new 2020-06-03 20:28:45.028485598 +0200
@@ -1,7 +1,7 @@
#
# spec file for package haveged
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,13 +18,13 @@
%{!?_udevrulesdir: %global _udevrulesdir %(pkg-config --variable=udevdir
udev)/rules.d }
Name: haveged
-Version: 1.9.4
+Version: 1.9.8
Release: 0
Summary: Daemon for feeding entropy into the random pool
License: GPL-3.0-only
Group: System/Daemons
URL: https://github.com/jirka-h/haveged
-Source0:
https://github.com/jirka-h/haveged/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0:
https://github.com/jirka-h/haveged/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source2: %{name}.service
Source3: 90-haveged.rules
Source4: haveged-dracut.module
@@ -34,10 +34,6 @@
Patch1: haveged-conditional-enttest.patch
# PATCH-FIX-UPSTREAM: don't write to syslog at startup to avoid deadlocks
psim...@suse.com bnc#959237
Patch2: haveged-no-syslog.patch
-# PATCH-FIX-GITHUB: Fix segfault on arm machines
-Patch3: f2193587.patch
-# PATCH-FIX-GITHUB: Fix type mismatch in get_poolsize bsc#1111047
-Patch4: get-poolsize.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -82,12 +78,7 @@
algorithm and supporting features.
%prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
+%autosetup -p1
%build
autoreconf -fvi
@@ -168,7 +159,6 @@
%{_mandir}/man3/libhavege.3%{?ext_man}
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/havege.h
-%{_includedir}/%{name}/havegecmd.h
%doc contrib/build/havege_sample.c
%{_libdir}/*.so
++++++ haveged-1.9.4.tar.gz -> haveged-1.9.8.tar.gz ++++++
++++ 3706 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/ChangeLog new/haveged-1.9.8/ChangeLog
--- old/haveged-1.9.4/ChangeLog 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/ChangeLog 2019-09-30 19:38:46.000000000 +0200
@@ -1,3 +1,26 @@
+v1.9.8 (Sep 30, 2019)
+* Fix for Unresolved symbol error_exit in libhavege #20 by pld-gitsync [Jirka
Hladky]
+* order after systemd-tmpfiles-setup-dev.service (origin/pr/21) [Christian
Hesse]
+* use systemd security features [Christian Hesse]
+* do not run in container [Christian Hesse]
+* do not use carriage return in line break [Christian Hesse]
+* Fixed invalid UTF-8 codes in ChangeLog [Jirka Hladky]
+
+
+v1.9.5 (Aug 20, 2019)
+ * Added test for /dev/random symlink [Jirka Hladky]
+ * Update to automake 1.16 [Jirka Hladky]
+ * Fix segv at start [Andrew]
+ * Fixed built issue on Cygwin [jbaker6953]
+ * Fix segfault on arm machines (origin/pr/7) [Natanael Copa]
+ * init.d/Makefile.am - add missing dependency [Jackie Huang]
+ * service.redhat - update PIDFile [Pierre-Jean Texier]
+ * Fix type mismatch in get_poolsize [Andreas Schwab]
+ * Fixup upstream changelog [Nicolas Braud-Santoni]
+ * Remove support for CPUID on ia64 (origin/pr/19) [Jeremy Bobbio]
+ * Output some progress during CUSUM and RANDOM EXCURSION test [Sven Hartge]
+ * Diagnostics capture mode now works correctly [Ethan Rahn]
+
v1.9.4 (Aug 11, 2018)
* Avoid misleading message if cmd socket is in use
@@ -7,7 +30,7 @@
v1.9.2 (Nov 16, 2017)
* Add cross compile fixes contributed by Robert Schwebel
* Limit watermark max to less than pool size to avoid 100% cpu condition
- * Add service.suse init script contributed by Tom� Chv�tal
+ * Add service.suse init script contributed by Tomas Chvatal
v1.9.1 (Feb 11, 2014)
* Documentation and sample file touch-up for v1.9.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/NEWS new/haveged-1.9.8/NEWS
--- old/haveged-1.9.4/NEWS 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/NEWS 2019-09-30 19:38:46.000000000 +0200
@@ -1,17 +1,26 @@
+v1.9.8 (Sep 30, 2018)
+ * Various bug fixes - please see ChangeLog for the detailed list of changes
+
+v1.9.5 (Aug 11, 2018)
+ * Various bug fixes - please see ChangeLog for the detailed list of changes
+
v1.9.4 (Aug 11, 2018)
* Avoid misleading message if cmd socket is in use
-
+
v1.9.3 (Aug 10, 2018)
- I (Jirka Hladky) took over haveged upstream development and moved it to GiHub
+ I (Jirka Hladky) took over haveged upstream development and moved it to GiHub
https://github.com/jirka-h/haveged
- This version implements a command mode and use it for chroot -it was
+ This version implements a command mode and use it for chroot -it was
contributed by Dr. Werner Fink.
-v1.9.2 (Nov 16, 1017)
-
+v1.9.2 (Nov 16, 2017)
+
This release cleans up issues that have accumulated since the last release.
I retired
several years ago, and haveged is no longer under active development. This
release only
- attempts to collect and document the downstream reports I have received.
+ attempts to collect and document the downstream reports I have received.
+
+v1.9.1 (Feb 11, 2014)
+ Documentation and sample file touch-up for v1.9.
v1.9 (Feb 10, 2014)
@@ -24,7 +33,7 @@
logic, and implementation bugs in both test procedure A and B. Attempting
to diagnose
these problems also revealed the injection feature of the diagnostic build
was also
broken.
-
+
Once the injection facility was fixed, an independent implementation of the
AIS reference
for procedure B was used to verify the haveged implementation down to bit
level. Portions
of the run-time test suite were rewritten to correct defects and improve
performance of the
@@ -33,7 +42,7 @@
oriented. Unrelated changes included in the release include adding a quick
version check
for libhavege use, many small improvements to diagnostics, and more cleanup
man pages,
sample files, and other documentation.
-
+
Special thanks to Jirka Hladky for help in sorting out the procedure B
bugs, verifying
the haveged RNG is statistically comparable to RDRAND, and the first formal
testing of
haveged on ARM.
@@ -57,7 +66,7 @@
Fix broken parallel builds - fix LDADD problem in build, VPATH problems in
check targets.
Move to check-local for check target to work with automake v1.13 but retain
backward
compatibility. Modify build to make tuning component optional in build.
Improve sample
- spec file and docs.
+ spec file and docs.
v1.7 (Jan 15, 2013)
@@ -65,7 +74,7 @@
dependency. The new contrib/build/build.sh script is intended to toggle
this requirement
as well as providing a bootstrap to recover from automake mismatches. The
script will also
build and run devel sample code for those interested in using the devel
package.
-
+
Other build related changes include updating AC_PREQ to a more reasonable,
2.59 and changing
the build option for init scripts to default to --enable-init=none. The
format of the
haveged diagnostic display has changed to provided more information and the
output is now
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/config/compile new/haveged-1.9.8/config/compile
--- old/haveged-1.9.4/config/compile 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/config/compile 2019-09-30 19:38:46.000000000 +0200
@@ -1,9 +1,9 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
-scriptversion=2016-01-11.22; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2018 Free Software Foundation, Inc.
# Written by Tom Tromey <tro...@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -340,7 +340,7 @@
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/config/missing new/haveged-1.9.8/config/missing
--- old/haveged-1.9.4/config/missing 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/config/missing 2019-09-30 19:38:46.000000000 +0200
@@ -1,9 +1,9 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
-scriptversion=2016-01-11.22; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2018 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -101,9 +101,9 @@
exit $st
fi
-perl_URL=http://www.perl.org/
-flex_URL=http://flex.sourceforge.net/
-gnu_software_URL=http://www.gnu.org/software
+perl_URL=https://www.perl.org/
+flex_URL=https://github.com/westes/flex
+gnu_software_URL=https://www.gnu.org/software
program_details ()
{
@@ -207,7 +207,7 @@
exit $st
# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/configure.ac new/haveged-1.9.8/configure.ac
--- old/haveged-1.9.4/configure.ac 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/configure.ac 2019-09-30 19:38:46.000000000 +0200
@@ -3,7 +3,7 @@
## Minimum Autoconf version
AC_PREREQ([2.59])
-AC_INIT([haveged],[1.9.4])
+AC_INIT([haveged],[1.9.8])
AC_CONFIG_AUX_DIR(config)
AC_USE_SYSTEM_EXTENSIONS
AC_CONFIG_HEADER([config.h])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/haveged.spec new/haveged-1.9.8/haveged.spec
--- old/haveged-1.9.4/haveged.spec 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/haveged.spec 2019-09-30 19:38:46.000000000 +0200
@@ -1,76 +1,111 @@
-#
-# Sample spec file for haveged and haveged-devel
-# Copyright (c) 2013-2014
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
-#
-%define have_systemd 0
-
-Name: haveged
-Version: 1.9
-Release: 0
-License: GPLv3
-Group: System Environment/Daemons
-Summary: Feed entropy into random pool
-URL: http://www.issihosts.com/haveged/
-Source0: http://www.issihosts.com/haveged/haveged-%{version}.tar.gz
-BuildRoot: %{_builddir}/%{name}-{%version}-build
-%if 0%{?have_systemd}
-BuildRequires: systemd
-%endif
+Summary: A Linux entropy source using the HAVEGE algorithm
+Name: haveged
+Version: 1.9.6
+Release: 1
+License: GPL v3+
+Group: Daemons
+Source0: https://github.com/jirka-h/haveged/archive/v%{version}.tar.gz
+# Source0-md5: 445ebbe0ecce01de06847689e9822efd
+Patch0: %{name}-link.patch
+URL: http://www.irisa.fr/caps/projects/hipsor/
+BuildRequires: autoconf >= 2.59
+BuildRequires: automake
+BuildRequires: libtool
+BuildRequires: rpmbuild(macros) >= 1.644
+BuildRequires: systemd-devel
+Requires(post,preun,postun): systemd-units >= 38
+Requires: systemd-units >= 38
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
-The haveged daemon feeds the linux entropy pool with random
-numbers generated from hidden processor state.
+A Linux entropy source using the HAVEGE algorithm
+
+Haveged is a user space entropy daemon which is not dependent upon the
+standard mechanisms for harvesting randomness for the system entropy
+pool. This is important in systems with high entropy needs or limited
+user interaction (e.g. headless servers).
+
+Haveged uses HAVEGE (HArdware Volatile Entropy Gathering and
+Expansion) to maintain a 1M pool of random bytes used to fill
+/dev/random whenever the supply of random bits in /dev/random falls
+below the low water mark of the device. The principle inputs to
+haveged are the sizes of the processor instruction and data caches
+used to setup the HAVEGE collector. The haveged default is a 4kb data
+cache and a 16kb instruction cache. On machines with a cpuid
+instruction, haveged will attempt to select appropriate values from
+internal tables.
+
+%package libs
+Summary: Shared libraries for HAVEGE algorithm
+Group: Libraries
+
+%description libs
+Shared libraries for HAVEGE algorithm.
%package devel
-Summary: haveged development files
-Group: Development/Libraries
+Summary: Headers and shared development libraries for HAVEGE algorithm
+Group: Development/Libraries
+Requires: %{name}-devel = %{version}-%{release}
%description devel
-Headers and shared object symbolic links for the haveged library
-
-This package contains the haveged implementation of the HAVEGE
-algorithm and supporting features.
+Headers and shared object symbolic links for the HAVEGE algorithm
%prep
%setup -q
+%patch0 -p1
%build
+%{__libtoolize}
+%{__aclocal}
+%{__autoconf}
+%{__autoheader}
+%{__automake}
%configure \
- --enable-daemon\
- --enable-init=sysv.redhat
-make
-
-%check
-make check
+ --disable-static \
+ --enable-init=service.fedora
+# SMP build is not working
+%{__make} -j1
%install
-%makeinstall
-%{__install} -D -m0755 init.d/haveged %{buildroot}%{_sysconfdir}/init.d/%{name}
-%if 0%{?have_systemd}
-%{__install} -D -m0644 init.d/havege.service
%{buildroot}%{_unitdir}/%{name}.service
-%endif
-%{__rm} -f %{buildroot}%{_libdir}/libhavege.*a
+rm -rf $RPM_BUILD_ROOT
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT
+
+install -d $RPM_BUILD_ROOT%{systemdunitdir}
+#cp -p %{SOURCE1} $RPM_BUILD_ROOT%{systemdunitdir}/haveged.service
+
+# We don't ship .la files.
+rm $RPM_BUILD_ROOT%{_libdir}/libhavege.la
%clean
-%{?buildroot:%__rm -rf "%{buildroot}"}
+rm -rf $RPM_BUILD_ROOT
+
+%post libs -p /sbin/ldconfig
+%postun libs -p /sbin/ldconfig
+
+%post
+%systemd_post haveged.service
+
+%preun
+%systemd_preun haveged.service
+
+%postun
+%systemd_reload
%files
-%defattr(-, root, root, -)
-%doc COPYING
+%defattr(644,root,root,755)
+%doc AUTHORS ChangeLog NEWS README contrib/build/havege_sample.c
+%attr(755,root,root) %{_sbindir}/haveged
%{_mandir}/man8/haveged.8*
-%{_sbindir}/haveged
-%{_sysconfdir}/init.d/haveged
-%if 0%{?have_systemd}
-%{_unitdir}/haveged.service
-%endif
+%{systemdunitdir}/haveged.service
+
+%files libs
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libhavege.so.*.*.*
+%ghost %{_libdir}/libhavege.so.1
%files devel
-%doc COPYING
-%defattr(-, root, root, -)
+%defattr(644,root,root,755)
+%{_includedir}/%{name}
+%{_libdir}/libhavege.so
%{_mandir}/man3/libhavege.3*
-%dir %{_includedir}/%{name}
-%{_includedir}/%{name}/havege.h
-%doc contrib/build/havege_sample.c
-%{_libdir}/*.so*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/init.d/Makefile.am new/haveged-1.9.8/init.d/Makefile.am
--- old/haveged-1.9.4/init.d/Makefile.am 2018-08-11 00:44:19.000000000
+0200
+++ new/haveged-1.9.8/init.d/Makefile.am 2019-09-30 19:38:46.000000000
+0200
@@ -33,7 +33,7 @@
install-exec-hook:
$(do_subst) < $(srcdir)/$(src_tmpl) > haveged.service;
-install-data-hook:
+install-data-hook: install-exec-hook
if ENABLE_SYSTEMD_LOOKUP
install -p -D -m644 haveged.service $(DESTDIR)`pkg-config
--variable=systemdsystemunitdir systemd`/haveged.service;
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/init.d/service.fedora new/haveged-1.9.8/init.d/service.fedora
--- old/haveged-1.9.4/init.d/service.fedora 2018-08-11 00:44:19.000000000
+0200
+++ new/haveged-1.9.8/init.d/service.fedora 2019-09-30 19:38:46.000000000
+0200
@@ -1,11 +1,18 @@
[Unit]
Description=Entropy Daemon based on the HAVEGE algorithm
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+DefaultDependencies=no
+After=systemd-tmpfiles-setup-dev.service
+Before=sysinit.target shutdown.target systemd-journald.service
[Service]
-Type=simple
-ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1 --Foreground
-SuccessExitStatus=143
+ExecStart=/usr/sbin/haveged -w 1024 -v 1 --Foreground
+Restart=always
+SuccessExitStatus=137 143
+CapabilityBoundingSet=CAP_SYS_ADMIN
+PrivateDevices=true
+PrivateNetwork=true
+ProtectSystem=full
[Install]
-WantedBy=multi-user.target
+WantedBy=sysinit.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/init.d/service.redhat new/haveged-1.9.8/init.d/service.redhat
--- old/haveged-1.9.4/init.d/service.redhat 2018-08-11 00:44:19.000000000
+0200
+++ new/haveged-1.9.8/init.d/service.redhat 2019-09-30 19:38:46.000000000
+0200
@@ -3,7 +3,7 @@
[Service]
Type=forking
-PIDFile=/var/run/haveged.pid
+PIDFile=/run/haveged.pid
ExecStart=@SBIN_DIR@/haveged -w 1024 -v 1
[Install]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/init.d/service.suse new/haveged-1.9.8/init.d/service.suse
--- old/haveged-1.9.4/init.d/service.suse 2018-08-11 00:44:19.000000000
+0200
+++ new/haveged-1.9.8/init.d/service.suse 2019-09-30 19:38:46.000000000
+0200
@@ -1,19 +1,19 @@
-[Unit]
-Description=Entropy Daemon based on the HAVEGE algorithm
-Documentation=man:haveged(8) http://www.issihosts.com/haveged/
-DefaultDependencies=no
-ConditionVirtualization=!container
-#Conflicts=shutdown.target
-# Don't wait for systemd-random-seed.service, leads to deadlock with fips=1
-#After=systemd-random-seed.service
-Before=sysinit.target shutdown.target systemd-journald.service
-
-[Service]
-ExecStart=/usr/sbin/haveged -w 1024 -v 0 -F
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
-PrivateNetwork=yes
-Restart=always
-SuccessExitStatus=137 143
-
-[Install]
-WantedBy=sysinit.target
+[Unit]
+Description=Entropy Daemon based on the HAVEGE algorithm
+Documentation=man:haveged(8) http://www.issihosts.com/haveged/
+DefaultDependencies=no
+ConditionVirtualization=!container
+#Conflicts=shutdown.target
+# Don't wait for systemd-random-seed.service, leads to deadlock with fips=1
+#After=systemd-random-seed.service
+Before=sysinit.target shutdown.target systemd-journald.service
+
+[Service]
+ExecStart=/usr/sbin/haveged -w 1024 -v 0 -F
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
+PrivateNetwork=yes
+Restart=always
+SuccessExitStatus=137 143
+
+[Install]
+WantedBy=sysinit.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/nist/packtest.c new/haveged-1.9.8/nist/packtest.c
--- old/haveged-1.9.4/nist/packtest.c 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/nist/packtest.c 2019-09-30 19:38:46.000000000 +0200
@@ -557,6 +557,7 @@
for (i = 4; i < ArraySize; i = (i << 1))
{
int inter;
+ fprintf (stderr, "\t\t ArraySize: %d\n", i);
inter = MOD (ARRAY[ArraySize - i], ArraySize - i);
if (failure >= 8)
{
@@ -600,6 +601,7 @@
for (i = 0; i < 8; i++)
{
int index;
+ fprintf (stderr, "\t\t Slice number: %d\n", i);
index = (ArraySize / 8) * i;
if (ArraySize > 262144)
index = index + (MOD (ARRAY[index], (ArraySize / 8) - 32768));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/src/Makefile.am new/haveged-1.9.8/src/Makefile.am
--- old/haveged-1.9.4/src/Makefile.am 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/src/Makefile.am 2019-09-30 19:38:46.000000000 +0200
@@ -21,13 +21,12 @@
libhavege_la_LDFLAGS = -version-number @HAVEGE_LT_VERSION@
libhavege_la_LIBADD = @HA_LDFLAGS@
-libhavege_la_SOURCES = havege.c havegetune.c havegecollect.c havegetest.c
havegecmd.c \
- cpuid-43.h havege.h havegetune.h havegecollect.h havegetest.h
oneiteration.h \
- havegecmd.h
+libhavege_la_SOURCES = havege.c havegetune.c havegecollect.c havegetest.c \
+ cpuid-43.h havege.h havegetune.h havegecollect.h havegetest.h
oneiteration.h
-pkginclude_HEADERS = havege.h havegecmd.h
+pkginclude_HEADERS = havege.h
-haveged_SOURCES = haveged.c haveged.h
+haveged_SOURCES = haveged.c haveged.h havegecmd.c havegecmd.h
haveged_LDADD = @HA_LDFLAGS@ libhavege.la
##libtool_end##
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/src/havege.c new/haveged-1.9.8/src/havege.c
--- old/haveged-1.9.4/src/havege.c 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/src/havege.c 2019-09-30 19:38:46.000000000 +0200
@@ -197,7 +197,7 @@
free(temp);
}
#ifdef ONLINE_TESTS_ENABLE
- if (0 != (temp=hptr->testData)) {
+ else if (0 != (temp=hptr->testData)) {
double *g = ((procShared *)temp)->G;
hptr->testData = 0;
if (0 != g)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/src/havege.h new/haveged-1.9.8/src/havege.h
--- old/haveged-1.9.4/src/havege.h 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/src/havege.h 2019-09-30 19:38:46.000000000 +0200
@@ -30,7 +30,7 @@
* header/package version as a numeric major, minor, patch triple. See
havege_version()
* below for useage.
*/
-#define HAVEGE_PREP_VERSION "1.9.4"
+#define HAVEGE_PREP_VERSION "1.9.8"
/**
* Basic types
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/src/havegecollect.c new/haveged-1.9.8/src/havegecollect.c
--- old/haveged-1.9.4/src/havegecollect.c 2018-08-11 00:44:19.000000000
+0200
+++ new/haveged-1.9.8/src/havegecollect.c 2019-09-30 19:38:46.000000000
+0200
@@ -194,10 +194,10 @@
H_UINT t0=0;
(void)havege_gather(h_ctxt); /* first sample */
- t0 = h_ctxt->havege_tic;
+ t0 = HTICK1;
for(i=1;i<MININITRAND;i++)
(void)havege_gather(h_ctxt); /* warmup rng */
- if (h_ctxt->havege_tic==t0) { /* timer stuck? */
+ if (HTICK1==t0) { /* timer stuck? */
h_ptr->error = H_NOTIMER;
havege_nddestroy(h_ctxt);
return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/src/havegecollect.h new/haveged-1.9.8/src/havegecollect.h
--- old/haveged-1.9.4/src/havegecollect.h 2018-08-11 00:44:19.000000000
+0200
+++ new/haveged-1.9.8/src/havegecollect.h 2019-09-30 19:38:46.000000000
+0200
@@ -117,11 +117,7 @@
#ifdef HAVE_ISA_IA64
#define ARCH "ia64"
-#define CPUID(op,reg) ASM("mov %0=cpuid[%1]"\
- : "=r" (value)\
- : "r" (reg))
#define HARDCLOCK(x) ASM("mov %0=ar.itc" : "=r"(x))
-#define HASCPUID(x) x=1
#endif
#ifdef HAVE_ISA_SPARC
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/src/haveged.c new/haveged-1.9.8/src/haveged.c
--- old/haveged-1.9.4/src/haveged.c 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/src/haveged.c 2019-09-30 19:38:46.000000000 +0200
@@ -26,9 +26,11 @@
#include <signal.h>
#include <fcntl.h>
#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
#ifndef NO_DAEMON
-#include <unistd.h>
#include <syslog.h>
#include <sys/ioctl.h>
#include <asm/types.h>
@@ -496,7 +498,8 @@
void) /* IN: nothing */
{
FILE *poolsize_fh,*osrel_fh;
- unsigned int max_bits,major,minor;
+ unsigned int major,minor;
+ int max_bits;
poolsize_fh = fopen(params->poolsize, "rb");
if (poolsize_fh) {
@@ -529,6 +532,7 @@
int conn_fd = -1;
#endif
struct rand_pool_info *output;
+ struct stat stat_buf;
if (0 != params->run_level) {
anchor_info(h);
@@ -543,6 +547,10 @@
anchor_info(h);
if (params->low_water>0)
set_watermark(params->low_water);
+ if ( lstat(params->random_device, &stat_buf) != 0 )
+ error_exit("lstat has failed for the random device \"%s\": %s",
params->random_device, strerror(errno));
+ if ( S_ISLNK(stat_buf.st_mode) )
+ error_exit("random device \"%s\" is a link. This is not supported for
the security reasons.", params->random_device);
random_fd = open(params->random_device, O_RDWR);
if (random_fd == -1)
error_exit("Couldn't open random device: %s", strerror(errno));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/haveged-1.9.4/src/havegetune.c new/haveged-1.9.8/src/havegetune.c
--- old/haveged-1.9.4/src/havegetune.c 2018-08-11 00:44:19.000000000 +0200
+++ new/haveged-1.9.8/src/havegetune.c 2019-09-30 19:38:46.000000000 +0200
@@ -795,6 +795,8 @@
ctype = vfs_configFile(pAnchor, path, vfs_configType);
strcpy(path+plen, "size");
size = vfs_configFile(pAnchor, path, vfs_configInt);
+ if (size == -1)
+ size = ctype == 'I' ? GENERIC_ICACHE : GENERIC_DCACHE;
cfg_cacheAdd(pAnchor, SRC_VFS_INDEX, pArgs[1], level, ctype, size);
}
}
++++++ haveged-conditional-enttest.patch ++++++
--- /var/tmp/diff_new_pack.keCOZZ/_old 2020-06-03 20:28:45.208486146 +0200
+++ /var/tmp/diff_new_pack.keCOZZ/_new 2020-06-03 20:28:45.212486158 +0200
@@ -2,8 +2,10 @@
haveged-1.9.4/configure.ac | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
---- haveged-1.9.4/configure.ac
-+++ haveged-1.9.4/configure.ac 2018-09-19 09:23:58.582379792 +0000
+Index: haveged-1.9.8/configure.ac
+===================================================================
+--- haveged-1.9.8.orig/configure.ac
++++ haveged-1.9.8/configure.ac
@@ -62,6 +62,11 @@ AC_ARG_ENABLE(nistest,
AS_HELP_STRING([--enable-nistest=[no/yes]],[Run NIST test suite
[default=no]]),
, enable_nistest="no")
++++++ haveged-no-syslog.patch ++++++
--- /var/tmp/diff_new_pack.keCOZZ/_old 2020-06-03 20:28:45.240486243 +0200
+++ /var/tmp/diff_new_pack.keCOZZ/_new 2020-06-03 20:28:45.248486268 +0200
@@ -1,12 +1,8 @@
-Index: haveged-1.9.1/src/haveged.c
+Index: haveged-1.9.8/src/haveged.c
===================================================================
----
- haveged-1.9.4/src/haveged.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
---- haveged-1.9.4/src/haveged.c
-+++ haveged-1.9.4/src/haveged.c 2018-09-19 09:24:30.741795848 +0000
-@@ -478,8 +478,10 @@ static void daemonize( /* RETURN: no
+--- haveged-1.9.8.orig/src/haveged.c
++++ haveged-1.9.8/src/haveged.c
+@@ -480,8 +480,10 @@ static void daemonize( /* RETURN: no
void) /* IN: nothing */
{
FILE *fh;
@@ -17,7 +13,7 @@
if (daemon(0, 0) == -1)
error_exit("Cannot fork into the background");
fh = fopen(params->pid_file, "w");
-@@ -684,7 +686,9 @@ void error_exit( /* RETURN: no
+@@ -692,7 +694,9 @@ void error_exit( /* RETURN: no
#ifndef NO_DAEMON
if (params->detached!=0) {
unlink(params->pid_file);
@@ -27,7 +23,7 @@
}
else
#endif
-@@ -794,11 +798,13 @@ static void print_msg( /* RETURN: no
+@@ -802,11 +806,13 @@ static void print_msg( /* RETURN: no
va_list ap;
va_start(ap, format);
snprintf(buffer, sizeof(buffer), "%s: %s", params->daemon, format);
