* Build-Depend on libgcrypt20-dev instead of libgcrypt11-dev
* Add systemd unit.
[ David Härdeman ]
* Add lsb_logging to init.d script (Closes: #384921, #773297)
[ Christian Kastner]
* Use logcheck-conform filtering rules in logcheck.ignore (Closes: #620692)
[ Peter Eisentraut ]
* Add support for "status" action to init.d script (Closes: #653482)
[ Ivan Baldo ]
* Add descriptions in init.d script (Closes: #774920)
[ Aron Xu ]
* Non-maintainer upload.
* Synchronize source tree with Ubuntu (Closes: #587157, #692450, #828835)
* Rewrite debian/rules using dh style
* Update std-ver to 4.2.1
* Bump to compat 10
* No change rebuild to pick up -fPIE compiler default
* No-change rebuild for the libgcrypt20 transition.
* Fix capability detection for Intel RDRAND cpu feature in the init
script and thus start rngd daemon on compatible cpus. (LP: #1377131)
* Dropped debian/patches
* Release version 5.
rdrand: Enable the RDSEED instruction
rdrand: Fix the RDRAND data reduction
rdrand: Simplify by changing x86_rdrand_nlong to x86_rdrand_bytes
rngd_rdrand: Support compiling for x32 by adding unative_t
rdrand_asm.S: On x86-64 we have enough registers, avoid repeated loads
rdrand_asm.S: Use #ifdef instead of #if defined()
rngd_rdrand: Don't use a fixed AES key for data reduction
rngd_rdrand: Code style cleanups
Add BUGS file.
rngd.8: Delete obsolete FIXME
Provide support for RDRAND capable systems that don't have AES-NI.
Fix the AES keys so that they are correct and match the comments.
Update FSF mailing address in license.
rngtest.1.in: Import spelling fixes from Fedora
-LP: #1256167
* Add missing build-depends on libgcrypt.
* Merge from upstream git://git.kernel.org/pub/scm/utils/kernel/rng-tools/rng-tools.git
908d733527a361621da88cdf931a71aa83cba430
-LP: #1084378
* Merge from debian unstable (LP: #812121). Remaining changes:
- debian/patches/tpm-engine.patch: implement TPM entropy source
(Debian bug 542599).
- debian/control: add build-deps for TPM interface.
- debian/rng-tools.default: add example for TPM devices.
- debian/{rules,rng-tools.postinst}: adjust rc start/stop location to
start later then trousers.
* New upstream version:
+ Work around VIA Nano xstore bug (closes: #609289)
+ Add support for Linux 3.0 (closes: #630771)
* Merge from debian unstable. Remaining changes:
- debian/patches/tpm-engine.patch: implement TPM entropy source
(Debian bug 542599).
- debian/control: add build-deps for TPM interface.
- debian/rng-tools.default: add example for TPM devices.
- debian/{rules,rng-tools.postinst}: adjust rc start/stop location to
start later then trousers.
* Re-upload to fix problem caused by a bad i386 chroot on the -2 build
* Use DEB_BUILD_ARCH to detect if we should force VIA PadLock support
(closes: #580843)
* New upstream source:
+ Enable large file support (closes: #506639)
+ Fix COPYING file to contain the correct license (GPL v2 text)
+ Enable VIA PadLock support on x86_64 (untested)
* debian/copyright,debian/rules,debian/rng-tools.postinst: update
copyright notices and fix license blurb were wrong (it is GPL2+)
* Debian build-system updates:
+ Set debian/source/format to '3.0 (quilt)'
+ debian/control: build-depend on autoconf, automake and drop
autotools-dev since automake will take care of it and we do
not use them directly anymore
+ debian/rules: remove all autogenerated files in clean target,
and call upstream's autogen.sh to regenerate build system
+ debian/rules: use dh_prep instead of dh_clean -k (lintian)
+ debian/rules: use dh_lintian
* debian/rules: honour CFLAGS, really set build arch/target
and really enable viapadlock on i386
* debian/control: rng-tools (binary pkg): add misc:Depends (lintian)
* debian/control: rng-tools (binary pkg): swap udev and makedev in
dependency header (closes: #546880)
* debian/rng-tools.postinst: call MAKEDEV only when available
(closes: #504762)
* debian/control: add version-control related fields
* Remove obsolete /etc/modprobe.d/rng-tools (closes: #518240)
* debian/control: bump standards-version to 3.8.4.0 (no changes)
* debian/rng-tools.lintian-overrides: ignore complains about the path
in /sbin/MAKEDEV calls in postinst
* debian/rng-tools.default: add example for TPM devices (LP: #519427).
* debian/{rules,rng-tools.postinst}: adjust rc start/stop location to
start later then trousers (LP: #544545).
* tpm_engine.c: wait for TPM to become available.
* Implement TPM RNG engine (Debian bug 542599):
- tpm_engine.{c,h}: add TPM RNG.
- rngd_entsource.{c,h}, rngd.c, Makefile.am, configure.ac: hook up.
* debian/rng-tools.modprobe: Drop, the kernel will already autoload this
* debian/rules: Update
* New upstream source:
+ Some README/NEWS cleanup
+ No code changes
* Upload to unstable (closes: #486688)
* Remove debian/README.Debian, new upstream README has most of the text
that was there
* Sync with Debian sid branch 2-unofficial-mt.10-3
* Packaging cleanup:
+ Remove old debian/rng-tools.modules file, deprecated since forever...
+ Bump standards-version to 3.8.0.0, no changes needed
+ Fix lintian warning: debian-rules-ignores-make-clean-error using the
suggested -f Makefile test
+ Switch to debhelper V7 mode
+ Use standard debhelper initscripts, lets us get rid of our custom
postrm and prerm. Ignore failures to start/stop rng-tools in the
maintainer scripts, however, otherwise we become a pest if /dev/hwrng
is missing
+ linda is gone, drop override handling for it in debian/rules
+ install upstream README
* Sync with Debian sarge branch 2-unofficial-mt.10-1
* Add LSB initscript header information, thanks to Petter Reinholdtsen
<pere@hungry.com> for the patch (closes: #466917)
* Fix --trng instead of --hrng in manpage and defaults file
(closes: #388748)
* Remove debian/watch file. Since I am upstream for this heavily
modified version, the file is useless anyway (closes: #450224)
* Fix typo in initscript which caused HRNGDEVICE definitions in
/etc/default/rng-tools to be ignored, thanks to Dariush Pietrzak
<eyck.debian@ghost.anime.pl> for noticing this (closes: #354186)
* "Last changes for Sarge (I hope)"
* The following changes warrant an upstream version bump:
+ Backport selected changes from rng-tools--hmh-devo--3.0--patch-80:
+ Upgrade udev and makedev versioned depends to require
hwrng naming of the hardware random device
+ Attempt to makedev only "hwrng", deprecate all other device
naming for hw_random and friends (closes: #308248)
+ Backport configure.ac tweaks, and call ./configure correctly
+ Backport s/TRNG/HRNG/ in all docs
+ Backport intel->intelfwh name change for Intel FWH profile
* Sync with 2-unofficial-mt.8-5
* Sync with 2-unofficial-mt.8-3:
* New unofficial version:
* Support for different input drivers
* Add new high-performance (several Mbit/s) VIA PadLock TRNG
user-space driver. This work was sponsored by mekensleep.com,
in particular by Loic Dachary. Mekensleep gave me unlimited
access to a VIA Nehemiah system that they bought for this purpose,
and which I am told will be available for the general community
after the rngd work is stablized.
* --trng=intel renamed to --trng=intelfwh (because Intel may show up
with something to compete with VIA's PadLock security engine)
* --trng=via renamed to --trng=viakernel
* Add NEWS.Debian file to report user-visible changes in behaviour
* Minor README.Debian improvements and fixes
* Detect running kernel version, and work around kernel 2.4 bugs in
entropy accounting
* Fix initscript, thanks to Clint Adams <schizo@debian.org>
(closes: #295321)
* Urgency high to get this simple fix into testing ASAP
* Fix bad off-by-one error on the FIFO queue allocation that has been
in the unofficial versions since forever. I really need to use
valgrind more often.
* The "WTF are they smoking up there?" release
* Rework initscript to detect yet another new alias for the
hw_random. Now udev rules want to call it hwrng. I love how
these things keep changing for no good reason.
* Install modprobe.d file mapping char-major-10-183, /dev/hwrandom,
/dev/hw_random and /dev/misc/hw_random to the hw_random module
(closes: #287938)
* Add lintian overrides for
description-synopsis-starts-with-a-capital-letter
* New unofficial version
* rngd.c: use the GNU version of strerror_r(). Argh!
* New unofficial version
* rngd, rngtest: Use groupings on Argp parser
* rngd: fix macro content output in Argp help text
* rngd_threads.c, rngd_threads.h: dynamically size buffer structures
* rngd.h: allow up to 1000 buffers, instead of 10
* add many assert() calls to root out bugs
* New unofficial version:
* select() and poll() don't always work with /dev/hwrandom
Thus, even non-blocking IO is a no-go. Add SIGALRM functionality
that is pthread-aware to rngd, and use that to implement --rng-timeout.
* rngd_linux.c: implement --feed-interval in a portable way
* better thread-safety when logging messages
* Better watch file using prdownloads.sf.net as primary source of version
information
* New unofficial version:
* Deprecate --timeout, rename it to --feed-interval
* rngd_linux.c: use select() instead of poll(), so that we do not
lose track of --feed-interval (non-portable to non-Linux kernels)
* Document in rngd(8) that --fill-watermark now takes percentage values
and defaults to 50%
* Implement --rng-timeout, default 10s, so that we can detect a RNG that
is silent/disabled
* New upstream version
+ No real changes, upstream just accepted Debian patches
+ Added Jeff Garzik to copyright notice for rngd
* New unofficial version
* Get kernel entropy pool size from /proc, and use that to allow
the user to specify --fill-watermark in percentage values relative
to the pool size, as well as in absolute bit size
* Limit --fill-watermark dynamically to the kernel entropy pool size
(closes: #274479)
* Better input validation when processing command line parameters
* Cosmetic changes to code (signed/unsigned cleanups, plus some
other code/formatting cleanups)
* Minor manpage typos and formatting fixes
* Add myself to copyright notice for rngd, due to the threading code,
and all the other small features
* Log PID to syslog
* Make sure we do have work to do before we leave the sink and FIPS
thread startup code
* Sync rngtest "entropy source returned EOF" message to be the same
as rngd's
* Add watch file for uscan/DEHS
* Use automake 1.9 in build
* Minor updates to debian/copyright
* Update logcheck.ignore for LOG_PID logging, and force-feed the ignore
file to violations.ignore.d/ to workaround logcheck braindamage
* New unofficial version:
* Better pidfile locking, fixes race;
* strerror() is not threadsafe, so don't use it inside threads.
Use strerror_r() instead;
* Nicer error message when entropy source signals EOF.
* New unofficial version:
* Clean-up 64-bit support, using the __STDC_FORMAT_MACROS and PRI?64
macros ugliness. Thanks to the ia64 autobuilder and the gcc warnings
for the heads-up ;-)
* New unofficial version:
* Initialize statistics early in rngd.c
* Switch to arch: any. I figure that at least ppc, ia32, ia64 and
amd64/x86_64 may benefit from this package (although I do not know of a
TRNG for the PPC). One could also generate the random numbers elsewhere
and store them in a (big) file, at which point anything that runs Linux
would be able to use this package with the TRNG output file
(closes: #252535);
* Minor updates to package description, and README.Debian.
* Urgency medium, to get a bug-free version in testing ASAP
* Upload to unstable, since Jeff Garzik seems to be otherwise
busy and the upstream merge has halted for some weeks now.
* Ack bugs fixed by previous uploads to experimental:
closes: #248548, #239810
* Use simple MAKEDEV calls, and kill all legacy "let's fix the
device inode" code. Add intel_rng and i810_rng variations to
the initscript device search list (closes: #248548)
* Major batch of enhancements from yours thruly. Not yet merged
upstream, right now consider this a temporary fork (the merge IS
ongoing). Do not bother upstream with bugs against this package.
The new functionality may change, depending on upstream merge;
ChangeLog:
+ Use multithreading to increase the available bandwidth, now rngd can
read, process FIPS tests, and feed the kernel at the same time;
+ Store data on buffers, that can be operated independently by the
threads. Default to triple-buffering;
+ Lock memory used as buffers of random data;
+ Add statistics, based on ideas from mtrngd.cpp by Martin Peck
<coderman@charter.net>;
+ Detect and deal with TRNGs stuck in a failing state, using an
exponential backoff and eventually giving up and exiting;
+ Revamped manpage extensively;
+ Configure /dev/random, /dev/hwrandom and pidfile location using
autoconf, to avoid hardcoded defaults;
+ Work on systems using kernel 2.6 (closes: #243319)
* Add logcheck ignore rules;
* Update README.Debian to reflect new functionality in the package;
* Update package description and short description a bit;
* Use --name and --start-as instead of --exec in initscript;
* postinst: ignore exit status of initscript on start (closes: #239810)
(yes, I have changed my mind about the issue).
* New upstream source:
+ New rngtest by yours thruly
+ Improved FIPS tests
* Minor update to README.Debian;
* Separate recommended options by TRNG type in /etc/default/rng-tools;
* Fix initscript to properly wait for rngd to exit on stop/restart;
* Update copyright file;
* Version dependency on a makedev that knows about intel_rng (since
hwrandom isn't available yet), and add alternative dependency on udev.
Remove useless dependency on devfsd.
* Remove all hand-holding about /dev/hwrandom from initscript.
Instead, try to detect which device we should be using. Also,
add an /etc/default/rng-tools, and use it (closes: #235045);
* Add some helpful hints to README.Debian
* Change n for the continuous run test to 32, due to AMD's RNG. This
is still FIPS 140-1 compliant for smaller block RNGs, anyway. It
will reduce false positives on Intel's RNG as well;
* Add --rng-entropy (-H) option;
* Add note in description about what this package is about. Add
explanation about PRNGs and TRNGs in README.Debian (closes: #235752).
* Add ugly hack workaround until MAKEDEV support for hwrandom goes in
(refer to #234366); This closes: #233656.
* New maintainer (closes: #214926);
* New upstream version:
+ Support new hw_random device in new kernels;
* And some enhancements to the upstream code, from yours thruly:
+ Use new automake and autoconf, and enable AM_MAINTAINER_MODE;
+ Fix rngd to also do the FIPS 140-1 continuous run test;
+ Add pidfile control;
+ Improve manpage;
* Rename package to rng-tools;
* Ack NMUs:
+ closes: #101389;
* Lots of changes in the packaging, including:
+ Drop partial DevFS support (patches are welcome to implement it
_properly_). DevFS users must add the required links or modify the
initscript themselves (closes: #197506 since it is now irrelevant);
+ Standards-version 3.6.1;
+ Debhelper mode 4;
+ Rewrite README.Debian, and add section about Intel RNGs (contributions
on other RNGs are welcome);
+ Rewrite copyright file to something that is valid;
+ Update initscript to something more proper for an important system
service.
* Uploading with maintainer set to QA group
* debian/copyright: de-dh_make-boilerplated
* Fixed manpage. (Closes: #110591, #149904)
* Remove devfs handling, as it has been breaking. (Closes: #116868)
* Make appropriate links in /dev for devfs systems. Poor fix but
should work fine. (Closes: #113320)
* Added dependency to makedev (>= 2.3.1-53) for creating /dev/intel_rng.
* postinst uses MAKEDEV to create /dev/intel_rng if required.
(Closes: #101389)
* Entry for devfsd symlink, /etc/devfs/symlink.d/intel-rng-tools added,
which creates a symlink for correct use.
* set -e added to postinst.
* Use dh_installmodules to register kernel module.
* Integrate mknod in postinst to create /dev/intel_rng, as MAKEDEV
doesn't yet support it. Check for /dev/.devfsd in postinst.
* Depend upon makedev | devfsd.
* Initial Release.