import rng-tools-6.15-1.el8

2022-11-08 01:55:38 -05:00 · 2022-11-08 01:55:38 -05:00 · 65e08f709f
commit 65e08f709f
parent 328e8810ff
14 changed files with 84 additions and 246 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/jitterentropy-library-3.3.1.tar.gz
-SOURCES/rng-tools-6.14.tar.gz
+SOURCES/jitterentropy-library-3.4.0.tar.gz
+SOURCES/rng-tools-6.15.tar.gz
--- a/.rng-tools.metadata
+++ b/.rng-tools.metadata
@ -1,2 +1,2 @@
-b48e54d56961e3db138dac4fd6ab3117e31f5db9 SOURCES/jitterentropy-library-3.3.1.tar.gz
-fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz
+9b6ad5d20372878cc317a424135c575921d7aa61 SOURCES/jitterentropy-library-3.4.0.tar.gz
+79de2f603a8d5266691edd5b53efc1a7b6a02cd3 SOURCES/rng-tools-6.15.tar.gz
--- a/SOURCES/1-je-rh-makefile.patch
+++ b/SOURCES/1-je-rh-makefile.patch
@ -1,14 +1,18 @@
-diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
--- ./jitterentropy-library/Makefile	2021-07-13 17:23:42.954652287 +0200
-+++ ./jitterentropy-library/Makefile	2021-07-13 17:27:27.958549833 +0200
-@@ -3,7 +3,7 @@
+diff -up jitterentropy-library/Makefile jitterentropy-library/Makefile
+--- jitterentropy-library/Makefile	2021-07-13 17:23:42.954652287 +0200
+++ jitterentropy-library/Makefile	2021-07-13 17:27:27.958549833 +0200
+@@ -3,11 +3,11 @@
 CC ?= gcc
 #Hardening
+ ENABLE_STACK_PROTECTOR ?= 1
 CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
 -CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
 +CFLAGS +=-Wp,-U_FORTIFY_SOURCE -Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
 LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
 
+ # Enable internal timer support
+ CFLAGS += -DJENT_CONF_ENABLE_INTERNAL_TIMER
+ 
 GCCVERSIONFORMAT := $(shell echo `$(CC) -dumpversion | sed 's/\./\n/g' | wc -l`)
@@ -28,7 +28,7 @@ LIBDIR := lib
 INCDIR := include
--- a/SOURCES/2-je-remove-install.patch
+++ b/SOURCES/2-je-remove-install.patch
@ -1,6 +1,6 @@
-diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
--- ./jitterentropy-library/Makefile	2021-07-13 17:23:42.954652287 +0200
-+++ ./jitterentropy-library/Makefile	2021-07-13 17:27:27.958549833 +0200
+diff -up jitterentropy-library/Makefile jitterentropy-library/Makefile
+--- jitterentropy-library/Makefile	2021-07-13 17:23:42.954652287 +0200
+++ jitterentropy-library/Makefile	2021-07-13 17:27:27.958549833 +0200
@@ -70,29 +70,6 @@ scan: $(analyze_plists)
 cppcheck:
 	cppcheck --force -q --enable=performance --enable=warning --enable=portability *.h *.c
--- a/SOURCES/3-rt-use-jitter-static.patch
+++ b/SOURCES/3-rt-use-jitter-static.patch
@ -1,25 +1,16 @@
-diff -up ./Makefile.am.orig ./Makefile.am
+diff -up Makefile.am Makefile.am
 --- ./Makefile.am	2021-07-03 22:22:27.000000000 +0200
 +++ ./Makefile.am	2021-08-06 12:18:48.498612099 +0200
@@ -1,7 +1,7 @@
 ##
 ## Toplevel Makefile.am for rng-tools
 ##
-SUBDIRS		= contrib tests 
+-SUBDIRS		= contrib tests
 +SUBDIRS		= contrib tests jitterentropy-library
 
 sbin_PROGRAMS	 = rngd
 bin_PROGRAMS	 = rngtest
-@@ -14,7 +14,7 @@ rngd_SOURCES	= rngd.h rngd.c	rngd_entsou
- if NISTBEACON
- rngd_SOURCES	+= rngd_nistbeacon.c
- endif
- 
-+
- if RDRAND
- rngd_SOURCES	+= rngd_rdrand.c rdrand_asm.S
- endif
-@@ -27,29 +27,16 @@ if RNDR
+@@ -27,40 +27,27 @@ if RNDR
 rngd_SOURCES	+= rngd_rndr.c
 endif
 
@ -31,18 +22,28 @@ diff -up ./Makefile.am.orig ./Makefile.am
 -rngd_SOURCES	+= rngd_rtlsdr.c
 -endif
 
-rngd_LDADD	= librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
-+rngd_LDADD	= librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
+-rngd_LDADD	= librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} ${libcap_LIBS} $(PTHREAD_LIBS)
+rngd_LDADD	= librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} ${libcap_LIBS} $(PTHREAD_LIBS)
 
-if PKCS11 
+ if DARN
+ rngd_SOURCES	+= rngd_darn.c
+ 
+ # Build Power9-only code with Power9
+ # compile flags in a separate library
+ rngd_LDADD		+= libdarn_impl.a
+ noinst_LIBRARIES	+= libdarn_impl.a
+ libdarn_impl_a_SOURCES	= darn_impl.c
+ libdarn_impl_a_CFLAGS	= -mcpu=power9 -mtune=power9
+ endif
+
+-if PKCS11
 -rngd_SOURCES	+= rngd_pkcs11.c
 -pkcs11_ENGINE = -DDEFAULT_PKCS11_ENGINE=\"$(PKCS11_ENGINE)\"
 -endif
 -
-rngd_CFLAGS	= ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
-rngd_LDFLAGS	= $(PTHREAD_CFLAGS) 
-+rngd_CFLAGS	= ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
-+rngd_LDFLAGS	= $(PTHREAD_CFLAGS)
+-rngd_CFLAGS	= ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} ${libcap_CFLAGS} $(PTHREAD_CFLAGS)
+rngd_CFLAGS	= ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} ${libcap_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
+ rngd_LDFLAGS	= $(PTHREAD_CFLAGS)
 
 rngtest_SOURCES	= exits.h stats.h stats.c rngtest.c
 rngtest_LDADD	= librngd.a
--- a/SOURCES/6-je-fix-ec-check.patch
+++ b/SOURCES/6-je-fix-ec-check.patch
@ -1,20 +0,0 @@
-diff -up jitterentropy-library/src/jitterentropy-noise.c.orig jitterentropy-library/src/jitterentropy-noise.c
--- jitterentropy-library/src/jitterentropy-noise.c	2021-11-23 15:42:47.809329173 +0100
-+++ jitterentropy-library/src/jitterentropy-noise.c	2021-11-23 15:44:19.820499338 +0100
-@@ -188,7 +188,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
- 		uint32_t u[4];
- 		uint8_t b[sizeof(uint32_t) * 4];
- 	} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
-	uint32_t addressMask = ec->memmask;
-+	uint32_t addressMask;
- 
- 	/* Ensure that macros cannot overflow jent_loop_shuffle() */
- 	BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
-@@ -197,6 +197,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
- 
- 	if (NULL == ec || NULL == ec->mem)
- 		return;
-+	addressMask = ec->memmask;
- 
- 	/*
- 	 * Mix the current data into prngState
--- a/SOURCES/6-rt-fix-jent-define.patch
+++ b/SOURCES/6-rt-fix-jent-define.patch
@ -0,0 +1,14 @@
+--- configure.ac	2022-03-24 13:14:11.000000000 +0100
+++ configure.ac.new	2022-03-24 15:58:56.187367770 +0100
+@@ -95,7 +95,10 @@ AS_IF(
+ 				[AM_CONDITIONAL([JITTER], [true])
+ 				AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
+ 				AC_CHECK_LIB(jitterentropy, jent_notime_settick,
+-				[AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])],
+				[
+					AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])
+					AC_DEFINE([JENT_CONF_ENABLE_INTERNAL_TIMER],1,[Enable JENT_CONF_ENABLE_INTERNAL_TIMER])
+				],
+ 				[],-lpthread)],
+ 				AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread)
+ 	], [AC_MSG_NOTICE([Disabling JITTER entropy source])]
--- a/SOURCES/7-rt-change-option.patch
+++ b/SOURCES/7-rt-change-option.patch
@ -1,40 +0,0 @@
-From 6e1a11ae6df8cd6c98657a8b78761763f3ff2abd Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@tuxdriver.com>
-Date: Mon, 28 Feb 2022 07:59:57 -0500
-Subject: [PATCH 2/3] Change DARN_OPT_AES to DRNG_OPT_AES for rngd_rndr.c
-Content-type: text/plain
-
-@dermotbradley noted that we were using the wrong define for the arm
-rndr instruction.  Fix that up
-
-Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
- rngd_rndr.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git rngd_rndr.c rngd_rndr.c
-index 79bf2ce..fa1eaa9 100644
--- rngd_rndr.c
-+++ rngd_rndr.c
-@@ -171,7 +171,7 @@ static int fill_from_rndr(void *buf, size_t size)
- 
- int xread_rndr(void *buf, size_t size, struct rng *ent_src)
- {
-	if (ent_src->rng_options[DARN_OPT_AES].int_val)
-+	if (ent_src->rng_options[DRNG_OPT_AES].int_val)
- 		return fill_from_aes(ent_src, buf, size);
- 	else
- 		return fill_from_rndr(buf, size);
-@@ -187,7 +187,7 @@ int init_rndr_entropy_source(struct rng *ent_src)
- 		return 1;
- 	}
- 	message_entsrc(ent_src,LOG_DAEMON|LOG_INFO, "Enabling aarch64 RNDR rng support\n");
-	if (ent_src->rng_options[DARN_OPT_AES].int_val && init_openssl(ent_src))
-+	if (ent_src->rng_options[DRNG_OPT_AES].int_val && init_openssl(ent_src))
- 		return 1;
- 	return 0;
- }
-- 
-2.35.1
-
--- a/SOURCES/8-rt-adjust-detection.patch
+++ b/SOURCES/8-rt-adjust-detection.patch
@ -1,32 +0,0 @@
-From e2698477e8abf623c18ab28d33cc894ec882a706 Mon Sep 17 00:00:00 2001
-From: Neil Horman <neil.horman@privafy.com>
-Date: Fri, 18 Mar 2022 18:59:52 -0400
-Subject: [PATCH 3/3] Adjust jitterentropy detection to look for the settick
- function
-Content-type: text/plain
-
-Theres no great way to detect if jitterentropy has the internal timer
-feature enabled so we have to look for a function that is only defined
-when it is enabled
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git configure.ac configure.ac
-index e16e1a0..0f5a38e 100644
--- configure.ac
-+++ configure.ac
-@@ -94,7 +94,7 @@ AS_IF(
- 		AC_SEARCH_LIBS(jent_version,jitterentropy,
- 				[AM_CONDITIONAL([JITTER], [true])
- 				AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
-				AC_CHECK_LIB(jitterentropy, jent_entropy_switch_notime_impl,
-+				AC_CHECK_LIB(jitterentropy, jent_notime_settick,
- 				[AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])],
- 				[],-lpthread)],
- 				AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread)
-- 
-2.35.1
-
--- a/SOURCES/9-rt-drop-unused-variables.patch
+++ b/SOURCES/9-rt-drop-unused-variables.patch
@ -1,53 +0,0 @@
-From 370e252c6caedf561c832fa19b20abb7e249b326 Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Fri, 25 Mar 2022 12:41:45 +0100
-Subject: [PATCH] Drop unused variables
-Content-type: text/plain
-
-And brush up code a bit. Unused variables are reported by gcc as:
-
-rngd_darn.c: In function 'init_openssl':
-rngd_darn.c:68:13: warning: unused variable 'i' [-Wunused-variable]
-   68 |         int i;
-rngd_darn.c: In function 'xread_darn':
-rngd_darn.c:163:19: warning: unused variable 'darn_ptr' [-Wunused-variable]
-  163 |         uint64_t *darn_ptr =(uint64_t *)buf;
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
- rngd_darn.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git rngd_darn.c rngd_darn.c
-index 5254195..7b26cbe 100644
--- rngd_darn.c
-+++ rngd_darn.c
-@@ -65,7 +65,6 @@ static size_t rand_bytes_served = 0;
- static int init_openssl(struct rng *ent_src)
- {
- 	uint64_t darn_val;
-	int i;
- 
- 	ossl_aes_random_key(key, NULL);
- 
-@@ -140,8 +139,7 @@ static size_t copy_avail_rand_to_buf(unsigned char *buf, size_t size, size_t cop
-  */
- static uint64_t get_darn()
- {
-	uint64_t darn_val;
-	darn_val = 0;
-+	uint64_t darn_val = 0;
- 	int i;
- 
- 	/*
-@@ -160,7 +158,6 @@ static uint64_t get_darn()
- 
- int xread_darn(void *buf, size_t size, struct rng *ent_src)
- {
-	uint64_t *darn_ptr =(uint64_t *)buf;
- 	size_t copied = 0;
- 
- 	while (copied < size) {
-- 
-2.35.1
-
--- a/SOURCES/rngd-wake-threshold.service
+++ b/SOURCES/rngd-wake-threshold.service
@ -1,15 +0,0 @@
-# This unit is needed to run rngd as a non-privileged user.
-# It performs a system set up which requires privileges.
-
-[Unit]
-Description=Hardware RNG Entropy Gatherer Wake threshold service
-ConditionVirtualization=!container
-Before=rngd.service
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; if [ -e /dev/hwrng ]; then chmod 0640 /dev/hwrng; chgrp rngd /dev/hwrng; fi"
-
-[Install]
-WantedBy=sysinit.target
--- a/SOURCES/rngd.service
+++ b/SOURCES/rngd.service
@ -1,15 +1,9 @@
 [Unit]
 Description=Hardware RNG Entropy Gatherer Daemon
 ConditionVirtualization=!container
-Requires=rngd-wake-threshold.service

 # The "-f" option is required for the systemd service rngd to work with Type=simple
 [Service]
-User=rngd
-Group=rngd
-CapabilityBoundingSet=CAP_SYS_ADMIN
-AmbientCapabilities=CAP_SYS_ADMIN
-TimeoutStartSec=60s
 Type=simple
 EnvironmentFile=/etc/sysconfig/rngd
 ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
--- a/SOURCES/rngd.sysconfig
+++ b/SOURCES/rngd.sysconfig
@ -1,3 +1,3 @@
 # Optional arguments passed to rngd. See rngd(8) and
 # https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
-RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"
+RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon"
--- a/SPECS/rng-tools.spec
+++ b/SPECS/rng-tools.spec
@ -2,26 +2,15 @@

 Summary:        Random number generator related utilities
 Name:           rng-tools
-Version:        6.14
-Release:        6.git.b2b7934e%{?dist}
+Version:        6.15
+Release:        1%{?dist}
 Group:          System Environment/Base
 License:        GPLv2+
 URL:            https://github.com/nhorman/rng-tools
 Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:        rngd.service
-Source2:        rngd-wake-threshold.service
-Source3:        rngd.sysconfig
-Source4:        jitterentropy-library-3.3.1.tar.gz
-
-Patch0:         1-je-rh-makefile.patch
-Patch1:         2-je-remove-install.patch
-Patch2:         3-rt-use-jitter-static.patch
-Patch3:         4-rt-revert-build-randstat.patch
-Patch4:         5-rt-comment-out-have-aesni.patch
-Patch5:         6-je-fix-ec-check.patch
-Patch6:         7-rt-change-option.patch
-Patch7:         8-rt-adjust-detection.patch
-Patch8:         9-rt-drop-unused-variables.patch
+Source2:        rngd.sysconfig
+Source3:        jitterentropy-library-3.4.0.tar.gz

 BuildRequires: gcc make binutils
 BuildRequires: gettext
@ -30,10 +19,19 @@ BuildRequires: autoconf automake
 BuildRequires: libgcrypt-devel libcurl-devel
 BuildRequires: libxml2-devel openssl-devel
 BuildRequires: jansson-devel
+BuildRequires: libcap-devel
+
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-Requires: jansson openssl
+Requires: selinux-policy >= 3.14.3-98
+
+Patch0: 1-je-rh-makefile.patch
+Patch1: 2-je-remove-install.patch
+Patch2: 3-rt-use-jitter-static.patch
+Patch3: 4-rt-revert-build-randstat.patch
+Patch4: 5-rt-comment-out-have-aesni.patch
+Patch5: 6-rt-fix-jent-define.patch

 %description
 This is a random number generator daemon and its tools. It monitors
@ -42,46 +40,33 @@ TPM, jitter) and supplies entropy from them to a kernel entropy pool.

 %prep
 %setup -q
-tar xf %{SOURCE4}
-mv jitterentropy-library-3.3.1 jitterentropy-library
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p0
-%patch4 -p0
-%patch5 -p0
-%patch6 -p0
-%patch7 -p0
-%patch8 -p0
+tar xf %{SOURCE3}
+mv jitterentropy-library-3.4.0 jitterentropy-library
+%autopatch -p0

 %build
 ./autogen.sh
+# a dirty hack so libdarn_impl_a_CFLAGS overrides common CFLAGS
+sed -i -e 's/$(libdarn_impl_a_CFLAGS) $(CFLAGS)/$(CFLAGS) $(libdarn_impl_a_CFLAGS)/' Makefile.in
 %configure --without-pkcs11 --without-rtlsdr
 %make_build

 %install
 %make_install

-# install systemd unit files
+# install systemd unit file
 install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
-install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
 # install sysconfig file
-install -D %{SOURCE3} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
-
-%pre
-getent group rngd >/dev/null || groupadd -f -r rngd
-getent passwd rngd >/dev/null || useradd -r -g rngd -M -d / -s /sbin/nologin -c "Random Number Generator Daemon" rngd
+install -D %{SOURCE2} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd

 %post
-%systemd_post rngd.service rngd-wake-threshold.service
-/usr/bin/systemctl start rngd-wake-threshold.service || :
+%systemd_post rngd.service

 %preun
-%systemd_preun rngd.service rngd-wake-threshold.service
+%systemd_preun rngd.service

 %postun
-%systemd_postun_with_restart rngd.service rngd-wake-threshold.service
-getent passwd rngd >/dev/null && userdel rngd
+%systemd_postun_with_restart rngd.service

 %files
 %{!?_licensedir:%global license %%doc}
@ -91,18 +76,18 @@ getent passwd rngd >/dev/null && userdel rngd
 %{_sbindir}/rngd
 %{_mandir}/man1/rngtest.1.*
 %{_mandir}/man8/rngd.8.*
-%attr(0644,root,root)   %{_unitdir}/rngd.service
-%attr(0644,root,root)   %{_unitdir}/rngd-wake-threshold.service
-%config(noreplace) %attr(0644,root,root)   %{_sysconfdir}/sysconfig/rngd
+%attr(0644,root,root)    %{_unitdir}/rngd.service
+%config(noreplace) %attr(0644,root,root)    %{_sysconfdir}/sysconfig/rngd

 %changelog
-* Thu Apr 28 2022 Vladis Dronov <vdronov@redhat.com> - 6.14-6.git.b2b7934e
- Fix a missing rngd group issue (bz2079377)
-
-* Thu Apr 21 2022 Vladis Dronov <vdronov@redhat.com> - 6.14-5.git.b2b7934e
- Fix udevadm issues on systems lacking it (bz 2057030)
- Fix a missing working directory issue (bz 2053160)
- Add some upstream patches
+* Sat Apr 16 2022 Vladis Dronov <vdronov@redhat.com> - 6.15-1
+- Update rng-tools to v6.15 @ 172bf0e3 (bz 2075974)
+- Update jitterentropy library to v3.4.0 @ 887c9871
+- Allow rngd process to drop privileges with "-D user:group"
+- Fix an error building with jitterentropy-3.4.0
+- Add a requirement for selinux-policy of a certain version
+- Fix a build failure on ppc64
+- Small edits in test scripts

 * Mon Nov 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-4.git.b2b7934e
 - Update rng-tools to v6.14 @ b2b7934e (bz 2015570)