From aa1d243464ab88cf8a3f0ebfd851e407ef895304 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Wed, 11 May 2022 04:11:34 +0000
Subject: [PATCH] import rng-tools-6.15-1.el8

---
 .gitignore                           |  4 +-
 .rng-tools.metadata                  |  4 +-
 SOURCES/1-je-rh-makefile.patch       | 12 +++--
 SOURCES/2-je-remove-install.patch    |  6 +--
 SOURCES/3-rt-use-jitter-static.patch | 39 +++++++-------
 SOURCES/6-je-fix-ec-check.patch      | 20 -------
 SOURCES/6-rt-fix-jent-define.patch   | 14 +++++
 SOURCES/60-hwrng.rules               |  1 -
 SOURCES/rngd-wake-threshold.service  | 14 -----
 SOURCES/rngd.service                 |  6 ---
 SOURCES/rngd.sysconfig               |  2 +-
 SPECS/rng-tools.spec                 | 80 +++++++++++++---------------
 12 files changed, 87 insertions(+), 115 deletions(-)
 delete mode 100644 SOURCES/6-je-fix-ec-check.patch
 create mode 100644 SOURCES/6-rt-fix-jent-define.patch
 delete mode 100644 SOURCES/60-hwrng.rules
 delete mode 100644 SOURCES/rngd-wake-threshold.service

diff --git a/.gitignore b/.gitignore
index 7d46ce0..49fdc5d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/jitterentropy-library-3.3.1.tar.gz
-SOURCES/rng-tools-6.14.tar.gz
+SOURCES/jitterentropy-library-3.4.0.tar.gz
+SOURCES/rng-tools-6.15.tar.gz
diff --git a/.rng-tools.metadata b/.rng-tools.metadata
index b12f406..df3792f 100644
--- a/.rng-tools.metadata
+++ b/.rng-tools.metadata
@@ -1,2 +1,2 @@
-b48e54d56961e3db138dac4fd6ab3117e31f5db9 SOURCES/jitterentropy-library-3.3.1.tar.gz
-fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz
+9b6ad5d20372878cc317a424135c575921d7aa61 SOURCES/jitterentropy-library-3.4.0.tar.gz
+79de2f603a8d5266691edd5b53efc1a7b6a02cd3 SOURCES/rng-tools-6.15.tar.gz
diff --git a/SOURCES/1-je-rh-makefile.patch b/SOURCES/1-je-rh-makefile.patch
index 7560779..5fdfb4b 100644
--- a/SOURCES/1-je-rh-makefile.patch
+++ b/SOURCES/1-je-rh-makefile.patch
@@ -1,14 +1,18 @@
-diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
---- ./jitterentropy-library/Makefile	2021-07-13 17:23:42.954652287 +0200
-+++ ./jitterentropy-library/Makefile	2021-07-13 17:27:27.958549833 +0200
-@@ -3,7 +3,7 @@
+diff -up jitterentropy-library/Makefile jitterentropy-library/Makefile
+--- jitterentropy-library/Makefile	2021-07-13 17:23:42.954652287 +0200
++++ jitterentropy-library/Makefile	2021-07-13 17:27:27.958549833 +0200
+@@ -3,11 +3,11 @@
  CC ?= gcc
  #Hardening
+ ENABLE_STACK_PROTECTOR ?= 1
  CFLAGS ?= -fwrapv --param ssp-buffer-size=4 -fvisibility=hidden -fPIE -Wcast-align -Wmissing-field-initializers -Wshadow -Wswitch-enum
 -CFLAGS +=-Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
 +CFLAGS +=-Wp,-U_FORTIFY_SOURCE -Wextra -Wall -pedantic -fPIC -O0 -fwrapv -Wconversion
  LDFLAGS +=-Wl,-z,relro,-z,now -lpthread
  
+ # Enable internal timer support
+ CFLAGS += -DJENT_CONF_ENABLE_INTERNAL_TIMER
+ 
  GCCVERSIONFORMAT := $(shell echo `$(CC) -dumpversion | sed 's/\./\n/g' | wc -l`)
 @@ -28,7 +28,7 @@ LIBDIR := lib
  INCDIR := include
diff --git a/SOURCES/2-je-remove-install.patch b/SOURCES/2-je-remove-install.patch
index 9f280b4..35ccf6c 100644
--- a/SOURCES/2-je-remove-install.patch
+++ b/SOURCES/2-je-remove-install.patch
@@ -1,6 +1,6 @@
-diff -up ./jitterentropy-library/Makefile.orig ./jitterentropy-library/Makefile
---- ./jitterentropy-library/Makefile	2021-07-13 17:23:42.954652287 +0200
-+++ ./jitterentropy-library/Makefile	2021-07-13 17:27:27.958549833 +0200
+diff -up jitterentropy-library/Makefile jitterentropy-library/Makefile
+--- jitterentropy-library/Makefile	2021-07-13 17:23:42.954652287 +0200
++++ jitterentropy-library/Makefile	2021-07-13 17:27:27.958549833 +0200
 @@ -70,29 +70,6 @@ scan: $(analyze_plists)
  cppcheck:
  	cppcheck --force -q --enable=performance --enable=warning --enable=portability *.h *.c
diff --git a/SOURCES/3-rt-use-jitter-static.patch b/SOURCES/3-rt-use-jitter-static.patch
index 7fa6ed4..b77055c 100644
--- a/SOURCES/3-rt-use-jitter-static.patch
+++ b/SOURCES/3-rt-use-jitter-static.patch
@@ -1,25 +1,16 @@
-diff -up ./Makefile.am.orig ./Makefile.am
+diff -up Makefile.am Makefile.am
 --- ./Makefile.am	2021-07-03 22:22:27.000000000 +0200
 +++ ./Makefile.am	2021-08-06 12:18:48.498612099 +0200
 @@ -1,7 +1,7 @@
  ##
  ## Toplevel Makefile.am for rng-tools
  ##
--SUBDIRS		= contrib tests 
+-SUBDIRS		= contrib tests
 +SUBDIRS		= contrib tests jitterentropy-library
  
  sbin_PROGRAMS	 = rngd
  bin_PROGRAMS	 = rngtest
-@@ -14,7 +14,7 @@ rngd_SOURCES	= rngd.h rngd.c	rngd_entsou
- if NISTBEACON
- rngd_SOURCES	+= rngd_nistbeacon.c
- endif
-- 
-+
- if RDRAND
- rngd_SOURCES	+= rngd_rdrand.c rdrand_asm.S
- endif
-@@ -27,29 +27,16 @@ if RNDR
+@@ -27,40 +27,27 @@ if RNDR
  rngd_SOURCES	+= rngd_rndr.c
  endif
  
@@ -31,18 +22,28 @@ diff -up ./Makefile.am.orig ./Makefile.am
 -rngd_SOURCES	+= rngd_rtlsdr.c
 -endif
  
--rngd_LDADD	= librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
-+rngd_LDADD	= librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} $(PTHREAD_LIBS)
+-rngd_LDADD	= librngd.a $(LIBS) $(librtlsdr_LIBS) ${libp11_LIBS} ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} ${libcap_LIBS} $(PTHREAD_LIBS)
++rngd_LDADD	= librngd.a $(LIBS) jitterentropy-library/libjitterentropy.a ${libcrypto_LIBS} ${jansson_LIBS} ${libcurl_LIBS} ${libxml2_LIBS} ${openssl_LIBS} ${libcap_LIBS} $(PTHREAD_LIBS)
  
--if PKCS11 
+ if DARN
+ rngd_SOURCES	+= rngd_darn.c
+ 
+ # Build Power9-only code with Power9
+ # compile flags in a separate library
+ rngd_LDADD		+= libdarn_impl.a
+ noinst_LIBRARIES	+= libdarn_impl.a
+ libdarn_impl_a_SOURCES	= darn_impl.c
+ libdarn_impl_a_CFLAGS	= -mcpu=power9 -mtune=power9
+ endif
+
+-if PKCS11
 -rngd_SOURCES	+= rngd_pkcs11.c
 -pkcs11_ENGINE = -DDEFAULT_PKCS11_ENGINE=\"$(PKCS11_ENGINE)\"
 -endif
 -
--rngd_CFLAGS	= ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS)
--rngd_LDFLAGS	= $(PTHREAD_CFLAGS) 
-+rngd_CFLAGS	= ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
-+rngd_LDFLAGS	= $(PTHREAD_CFLAGS)
+-rngd_CFLAGS	= ${pkcs11_CFLAGS} $(librtlsdr_CFLAGS) ${pkcs11_ENGINE} ${libp11_CFLAGS} ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} ${libcap_CFLAGS} $(PTHREAD_CFLAGS)
++rngd_CFLAGS	= ${libcrypto_CFLAGS} ${libxml2_CFLAGS} ${openssl_CFLAGS} ${libcap_CFLAGS} $(PTHREAD_CFLAGS) -DHAVE_JITTER -I./jitterentropy-library/
+ rngd_LDFLAGS	= $(PTHREAD_CFLAGS)
  
  rngtest_SOURCES	= exits.h stats.h stats.c rngtest.c
  rngtest_LDADD	= librngd.a
diff --git a/SOURCES/6-je-fix-ec-check.patch b/SOURCES/6-je-fix-ec-check.patch
deleted file mode 100644
index 16dedd9..0000000
--- a/SOURCES/6-je-fix-ec-check.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff -up jitterentropy-library/src/jitterentropy-noise.c.orig jitterentropy-library/src/jitterentropy-noise.c
---- jitterentropy-library/src/jitterentropy-noise.c	2021-11-23 15:42:47.809329173 +0100
-+++ jitterentropy-library/src/jitterentropy-noise.c	2021-11-23 15:44:19.820499338 +0100
-@@ -188,7 +188,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
- 		uint32_t u[4];
- 		uint8_t b[sizeof(uint32_t) * 4];
- 	} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
--	uint32_t addressMask = ec->memmask;
-+	uint32_t addressMask;
- 
- 	/* Ensure that macros cannot overflow jent_loop_shuffle() */
- 	BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
-@@ -197,6 +197,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
- 
- 	if (NULL == ec || NULL == ec->mem)
- 		return;
-+	addressMask = ec->memmask;
- 
- 	/*
- 	 * Mix the current data into prngState
diff --git a/SOURCES/6-rt-fix-jent-define.patch b/SOURCES/6-rt-fix-jent-define.patch
new file mode 100644
index 0000000..e208c1a
--- /dev/null
+++ b/SOURCES/6-rt-fix-jent-define.patch
@@ -0,0 +1,14 @@
+--- configure.ac	2022-03-24 13:14:11.000000000 +0100
++++ configure.ac.new	2022-03-24 15:58:56.187367770 +0100
+@@ -95,7 +95,10 @@ AS_IF(
+ 				[AM_CONDITIONAL([JITTER], [true])
+ 				AC_DEFINE([HAVE_JITTER],1,[Enable JITTER])
+ 				AC_CHECK_LIB(jitterentropy, jent_notime_settick,
+-				[AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])],
++				[
++					AC_DEFINE([HAVE_JITTER_NOTIME],1,[Enable JITTER_NOTIME])
++					AC_DEFINE([JENT_CONF_ENABLE_INTERNAL_TIMER],1,[Enable JENT_CONF_ENABLE_INTERNAL_TIMER])
++				],
+ 				[],-lpthread)],
+ 				AC_MSG_NOTICE([No Jitterentropy library found]),-lpthread)
+ 	], [AC_MSG_NOTICE([Disabling JITTER entropy source])]
diff --git a/SOURCES/60-hwrng.rules b/SOURCES/60-hwrng.rules
deleted file mode 100644
index dfb7cae..0000000
--- a/SOURCES/60-hwrng.rules
+++ /dev/null
@@ -1 +0,0 @@
-SUBSYSTEM=="misc", KERNEL=="hw_random", GROUP="rngd", MODE="0640"
diff --git a/SOURCES/rngd-wake-threshold.service b/SOURCES/rngd-wake-threshold.service
deleted file mode 100644
index 41ef172..0000000
--- a/SOURCES/rngd-wake-threshold.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Hardware RNG Entropy Gatherer Wake threshold service
-ConditionVirtualization=!container
-Before=rngd.service
-
-[Service]
-CapabilityBoundingSet=CAP_SYS_ADMIN
-AmbientCapabilities=CAP_SYS_ADMIN
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/bin/sh -c "PSIZE=$(cat /proc/sys/kernel/random/poolsize); let THRESH=$PSIZE*3/4; echo $THRESH>/proc/sys/kernel/random/write_wakeup_threshold; udevadm trigger --sysname-match=hw_random --settle"
-
-[Install]
-WantedBy=sysinit.target
diff --git a/SOURCES/rngd.service b/SOURCES/rngd.service
index dcca9d6..0cf8106 100644
--- a/SOURCES/rngd.service
+++ b/SOURCES/rngd.service
@@ -1,15 +1,9 @@
 [Unit]
 Description=Hardware RNG Entropy Gatherer Daemon
 ConditionVirtualization=!container
-Requires=rngd-wake-threshold.service
 
 # The "-f" option is required for the systemd service rngd to work with Type=simple
 [Service]
-User=rngd
-Group=rngd
-CapabilityBoundingSet=CAP_SYS_ADMIN
-AmbientCapabilities=CAP_SYS_ADMIN
-TimeoutStartSec=60s
 Type=simple
 EnvironmentFile=/etc/sysconfig/rngd
 ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
diff --git a/SOURCES/rngd.sysconfig b/SOURCES/rngd.sysconfig
index f0da1d9..dbb6f7a 100644
--- a/SOURCES/rngd.sysconfig
+++ b/SOURCES/rngd.sysconfig
@@ -1,3 +1,3 @@
 # Optional arguments passed to rngd. See rngd(8) and
 # https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
-RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"
+RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon"
diff --git a/SPECS/rng-tools.spec b/SPECS/rng-tools.spec
index 402a3ac..815145e 100644
--- a/SPECS/rng-tools.spec
+++ b/SPECS/rng-tools.spec
@@ -2,40 +2,36 @@
 
 Summary:        Random number generator related utilities
 Name:           rng-tools
-Version:        6.14
-Release:        4.git.b2b7934e%{?dist}
+Version:        6.15
+Release:        1%{?dist}
 Group:          System Environment/Base
 License:        GPLv2+
 URL:            https://github.com/nhorman/rng-tools
 Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:        rngd.service
-Source2:        rngd-wake-threshold.service
-Source3:        60-hwrng.rules
-Source4:        jitterentropy-library-3.3.1.tar.gz
-Source5:        rngd.sysconfig
+Source2:        rngd.sysconfig
+Source3:        jitterentropy-library-3.4.0.tar.gz
 
-Patch0:         1-je-rh-makefile.patch
-Patch1:         2-je-remove-install.patch
-Patch2:         3-rt-use-jitter-static.patch
-Patch3:         4-rt-revert-build-randstat.patch
-Patch4:         5-rt-comment-out-have-aesni.patch
-Patch5:         6-je-fix-ec-check.patch
-
-BuildRequires: gcc make
+BuildRequires: gcc make binutils
 BuildRequires: gettext
-#BuildRequires: systemd-units
 BuildRequires: systemd systemd-rpm-macros
 BuildRequires: autoconf automake
 BuildRequires: libgcrypt-devel libcurl-devel
-BuildRequires: libsysfs-devel jansson-devel
 BuildRequires: libxml2-devel openssl-devel
-#Requires(post): systemd-units
-#Requires(preun): systemd-units
-#Requires(postun): systemd-units
+BuildRequires: jansson-devel
+BuildRequires: libcap-devel
+
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-Requires: jansson openssl
+Requires: selinux-policy >= 3.14.3-98
+
+Patch0: 1-je-rh-makefile.patch
+Patch1: 2-je-remove-install.patch
+Patch2: 3-rt-use-jitter-static.patch
+Patch3: 4-rt-revert-build-randstat.patch
+Patch4: 5-rt-comment-out-have-aesni.patch
+Patch5: 6-rt-fix-jent-define.patch
 
 %description
 This is a random number generator daemon and its tools. It monitors
@@ -44,42 +40,33 @@ TPM, jitter) and supplies entropy from them to a kernel entropy pool.
 
 %prep
 %setup -q
-tar xf %{SOURCE4}
-mv jitterentropy-library-3.3.1 jitterentropy-library
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p0
-%patch4 -p0
-%patch5 -p0
+tar xf %{SOURCE3}
+mv jitterentropy-library-3.4.0 jitterentropy-library
+%autopatch -p0
 
 %build
 ./autogen.sh
+# a dirty hack so libdarn_impl_a_CFLAGS overrides common CFLAGS
+sed -i -e 's/$(libdarn_impl_a_CFLAGS) $(CFLAGS)/$(CFLAGS) $(libdarn_impl_a_CFLAGS)/' Makefile.in
 %configure --without-pkcs11 --without-rtlsdr
 %make_build
 
 %install
 %make_install
 
-# install systemd unit file and udev rules
+# install systemd unit file
 install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
-install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
-install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3}
 # install sysconfig file
-install -D %{SOURCE5} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
-
-%pre
-getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
+install -D %{SOURCE2} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
 
 %post
-%systemd_post rngd.service rngd-wake-threshold.service
-/usr/bin/systemctl start rngd-wake-threshold.service || :
+%systemd_post rngd.service
 
 %preun
-%systemd_preun rngd.service rngd-wake-threshold.service
+%systemd_preun rngd.service
 
 %postun
-%systemd_postun_with_restart rngd.service rngd-wake-threshold.service
+%systemd_postun_with_restart rngd.service
 
 %files
 %{!?_licensedir:%global license %%doc}
@@ -89,12 +76,19 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
 %{_sbindir}/rngd
 %{_mandir}/man1/rngtest.1.*
 %{_mandir}/man8/rngd.8.*
-%attr(0644,root,root)   %{_unitdir}/rngd.service
-%attr(0644,root,root)   %{_unitdir}/rngd-wake-threshold.service
-%attr(0644,root,root)   %{_udevrulesdir}/60-hwrng.rules
-%config(noreplace) %attr(0644,root,root)   %{_sysconfdir}/sysconfig/rngd
+%attr(0644,root,root)    %{_unitdir}/rngd.service
+%config(noreplace) %attr(0644,root,root)    %{_sysconfdir}/sysconfig/rngd
 
 %changelog
+* Sat Apr 16 2022 Vladis Dronov <vdronov@redhat.com> - 6.15-1
+- Update rng-tools to v6.15 @ 172bf0e3 (bz 2075974)
+- Update jitterentropy library to v3.4.0 @ 887c9871
+- Allow rngd process to drop privileges with "-D user:group"
+- Fix an error building with jitterentropy-3.4.0
+- Add a requirement for selinux-policy of a certain version
+- Fix a build failure on ppc64
+- Small edits in test scripts
+
 * Mon Nov 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-4.git.b2b7934e
 - Update rng-tools to v6.14 @ b2b7934e (bz 2015570)
 - Update jitterentropy library to v3.3.1 @ 887c9871