diff --git a/.gitignore b/.gitignore
index 95189a1..7d46ce0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/jitterentropy-library-3.0.2.tar.gz
-SOURCES/rng-tools-6.13.tar.gz
+SOURCES/jitterentropy-library-3.3.1.tar.gz
+SOURCES/rng-tools-6.14.tar.gz
diff --git a/.rng-tools.metadata b/.rng-tools.metadata
index c0f7896..b12f406 100644
--- a/.rng-tools.metadata
+++ b/.rng-tools.metadata
@@ -1,2 +1,2 @@
-4515a148eb1bec043c12135b867afd47cd512fe7 SOURCES/jitterentropy-library-3.0.2.tar.gz
-378735271b930a745c97b92be8dd61eefc0d79bc SOURCES/rng-tools-6.13.tar.gz
+b48e54d56961e3db138dac4fd6ab3117e31f5db9 SOURCES/jitterentropy-library-3.3.1.tar.gz
+fd67bdfdc7962801564cda6c55bf58acf0b6a8dc SOURCES/rng-tools-6.14.tar.gz
diff --git a/SOURCES/4-rt-add-missing-test.patch b/SOURCES/4-rt-add-missing-test.patch
deleted file mode 100644
index 7f15d47..0000000
--- a/SOURCES/4-rt-add-missing-test.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 800d7c6e23f0a04bd893ee748a74b622657017a9 Mon Sep 17 00:00:00 2001
-From: David Seifert <soap@gentoo.org>
-Date: Sun, 1 Aug 2021 13:16:16 +0200
-Subject: [PATCH] configure.ac: Add missing `test`
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- configure.ac | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 0fe06fc..7c8e327 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -68,8 +68,8 @@ AC_PROG_GCC_TRADITIONAL
- 
- AX_PTHREAD
- 
--AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || $host_cpu = i686])
--AS_IF([test $host_cpu = x86_64 || $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
-+AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || test $host_cpu = i686])
-+AS_IF([test $host_cpu = x86_64 || test $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
- 
- AM_CONDITIONAL([DARN], [test $host_cpu = powerpc64le])
- AS_IF([test $host_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
--- 
-2.26.3
-
diff --git a/SOURCES/4-rt-revert-build-randstat.patch b/SOURCES/4-rt-revert-build-randstat.patch
new file mode 100644
index 0000000..c784c64
--- /dev/null
+++ b/SOURCES/4-rt-revert-build-randstat.patch
@@ -0,0 +1,47 @@
+From de2ee0d8b7e8ad2915165ef941a6ec37442a2fdc Mon Sep 17 00:00:00 2001
+From: Vladis Dronov <vdronov@redhat.com>
+Date: Tue, 6 Jul 2021 14:36:46 +0200
+Subject: [PATCH] Revert "Build randstat binary"
+
+We do not want new and mostly useless randstat binary.
+This reverts commit 2ce93190cb0111fcab2f622a539689d70960643a.
+
+Signed-off-by: Vladis Dronov <vdronov@redhat.com>
+---
+ .gitignore          | 3 +--
+ contrib/Makefile.am | 5 +++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git .gitignore .gitignore
+index 943fa2b..5dc334d 100644
+--- .gitignore
++++ .gitignore
+@@ -1,6 +1,6 @@
+ *.a
+ *.o
+-.deps/
++/.deps/
+ /aclocal.m4
+ /ar-lib
+ /autom4te.cache/
+@@ -10,7 +10,6 @@
+ /config.status
+ /config.sub
+ /configure
+-/contrib/randstat
+ /depcomp
+ /install-sh
+ /missing
+diff --git contrib/Makefile.am contrib/Makefile.am
+index a81fb0e..18c4fbc 100644
+--- contrib/Makefile.am
++++ contrib/Makefile.am
+@@ -1,2 +1,3 @@
+-bin_PROGRAMS = randstat
+-randstat_SOURCES = randstat.c
++
++EXTRA_DIST = randstat.c
++
+-- 
+2.26.3
+
diff --git a/SOURCES/5-rt-comment-out-have-aesni.patch b/SOURCES/5-rt-comment-out-have-aesni.patch
new file mode 100644
index 0000000..8661e6e
--- /dev/null
+++ b/SOURCES/5-rt-comment-out-have-aesni.patch
@@ -0,0 +1,42 @@
+From 86a66ed41390fa5f98aade60a55376269fd163b0 Mon Sep 17 00:00:00 2001
+From: Vladis Dronov <vdronov@redhat.com>
+Date: Fri, 17 Sep 2021 01:04:51 +0200
+Subject: [PATCH] Comment out an unused assignment
+
+Covscan warns about an unused value. Comment it out.
+
+Defect type: UNUSED_VALUE: covscan warning:
+rng-tools-6.13/rngd_rdrand.c:260: assigned_value: Assigning value
+from "!!(info.ecx & 0x2000000U)" to "have_aesni" here, but that
+stored value is overwritten before it can be used.
+
+Signed-off-by: Vladis Dronov <vdronov@redhat.com>
+---
+ rngd_rdrand.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git rngd_rdrand.c rngd_rdrand.c
+index caa9d05..ea7b8fa 100644
+--- rngd_rdrand.c
++++ rngd_rdrand.c
+@@ -239,7 +239,7 @@ int init_drng_entropy_source(struct rng *ent_src)
+ 	struct cpuid info;
+ 	/* We need RDRAND, but AESni is optional */
+ 	const uint32_t features_ecx1_rdrand = 1 << 30;
+-	const uint32_t features_ecx1_aesni  = 1 << 25;
++	//const uint32_t features_ecx1_aesni  = 1 << 25;
+ 	const uint32_t features_ebx7_rdseed = 1 << 18;
+ 	uint32_t max_cpuid_leaf;
+ 	unsigned char xkey[AES_BLOCK];	/* Material to XOR into the key */
+@@ -257,7 +257,7 @@ int init_drng_entropy_source(struct rng *ent_src)
+ 	if (!(info.ecx & features_ecx1_rdrand))
+ 		return 1;
+ 
+-	have_aesni = !!(info.ecx & features_ecx1_aesni);
++	//have_aesni = !!(info.ecx & features_ecx1_aesni);
+ 	have_aesni = 0; /* BACK OUT NH */
+ 	have_rdseed = 0;
+ 	if (max_cpuid_leaf >= 7) {
+-- 
+2.26.3
+
diff --git a/SOURCES/6-je-fix-ec-check.patch b/SOURCES/6-je-fix-ec-check.patch
new file mode 100644
index 0000000..16dedd9
--- /dev/null
+++ b/SOURCES/6-je-fix-ec-check.patch
@@ -0,0 +1,20 @@
+diff -up jitterentropy-library/src/jitterentropy-noise.c.orig jitterentropy-library/src/jitterentropy-noise.c
+--- jitterentropy-library/src/jitterentropy-noise.c	2021-11-23 15:42:47.809329173 +0100
++++ jitterentropy-library/src/jitterentropy-noise.c	2021-11-23 15:44:19.820499338 +0100
+@@ -188,7 +188,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
+ 		uint32_t u[4];
+ 		uint8_t b[sizeof(uint32_t) * 4];
+ 	} prngState = { .u = {0x8e93eec0, 0xce65608a, 0xa8d46b46, 0xe83cef69} };
+-	uint32_t addressMask = ec->memmask;
++	uint32_t addressMask;
+ 
+ 	/* Ensure that macros cannot overflow jent_loop_shuffle() */
+ 	BUILD_BUG_ON((MAX_ACC_LOOP_BIT + MIN_ACC_LOOP_BIT) > 63);
+@@ -197,6 +197,7 @@ static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
+ 
+ 	if (NULL == ec || NULL == ec->mem)
+ 		return;
++	addressMask = ec->memmask;
+ 
+ 	/*
+ 	 * Mix the current data into prngState
diff --git a/SOURCES/rngd.service b/SOURCES/rngd.service
index e495d19..dcca9d6 100644
--- a/SOURCES/rngd.service
+++ b/SOURCES/rngd.service
@@ -3,13 +3,16 @@ Description=Hardware RNG Entropy Gatherer Daemon
 ConditionVirtualization=!container
 Requires=rngd-wake-threshold.service
 
+# The "-f" option is required for the systemd service rngd to work with Type=simple
 [Service]
 User=rngd
 Group=rngd
 CapabilityBoundingSet=CAP_SYS_ADMIN
 AmbientCapabilities=CAP_SYS_ADMIN
-ExecStart=/usr/sbin/rngd -f --fill-watermark=0
 TimeoutStartSec=60s
+Type=simple
+EnvironmentFile=/etc/sysconfig/rngd
+ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
 
 [Install]
 WantedBy=sysinit.target
diff --git a/SOURCES/rngd.sysconfig b/SOURCES/rngd.sysconfig
new file mode 100644
index 0000000..f0da1d9
--- /dev/null
+++ b/SOURCES/rngd.sysconfig
@@ -0,0 +1,3 @@
+# Optional arguments passed to rngd. See rngd(8) and
+# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
+RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"
diff --git a/SPECS/rng-tools.spec b/SPECS/rng-tools.spec
index 2bbd088..402a3ac 100644
--- a/SPECS/rng-tools.spec
+++ b/SPECS/rng-tools.spec
@@ -2,8 +2,8 @@
 
 Summary:        Random number generator related utilities
 Name:           rng-tools
-Version:        6.13
-Release:        1.git.d207e0b6%{?dist}
+Version:        6.14
+Release:        4.git.b2b7934e%{?dist}
 Group:          System Environment/Base
 License:        GPLv2+
 URL:            https://github.com/nhorman/rng-tools
@@ -11,12 +11,15 @@ Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:        rngd.service
 Source2:        rngd-wake-threshold.service
 Source3:        60-hwrng.rules
-Source4:        jitterentropy-library-3.0.2.tar.gz
+Source4:        jitterentropy-library-3.3.1.tar.gz
+Source5:        rngd.sysconfig
 
 Patch0:         1-je-rh-makefile.patch
 Patch1:         2-je-remove-install.patch
 Patch2:         3-rt-use-jitter-static.patch
-Patch3:         4-rt-add-missing-test.patch
+Patch3:         4-rt-revert-build-randstat.patch
+Patch4:         5-rt-comment-out-have-aesni.patch
+Patch5:         6-je-fix-ec-check.patch
 
 BuildRequires: gcc make
 BuildRequires: gettext
@@ -42,11 +45,13 @@ TPM, jitter) and supplies entropy from them to a kernel entropy pool.
 %prep
 %setup -q
 tar xf %{SOURCE4}
-mv jitterentropy-library-3.0.2 jitterentropy-library
+mv jitterentropy-library-3.3.1 jitterentropy-library
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
+%patch3 -p0
+%patch4 -p0
+%patch5 -p0
 
 %build
 ./autogen.sh
@@ -60,6 +65,8 @@ mv jitterentropy-library-3.0.2 jitterentropy-library
 install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE1}
 install -Dt %{buildroot}%{_unitdir} -m0644 %{SOURCE2}
 install -Dt %{buildroot}%{_udevrulesdir} -m0644 %{SOURCE3}
+# install sysconfig file
+install -D %{SOURCE5} -m0644 %{buildroot}%{_sysconfdir}/sysconfig/rngd
 
 %pre
 getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s /sbin/nologin -c "Random Number Generator Daemon" rngd
@@ -85,8 +92,15 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
 %attr(0644,root,root)   %{_unitdir}/rngd.service
 %attr(0644,root,root)   %{_unitdir}/rngd-wake-threshold.service
 %attr(0644,root,root)   %{_udevrulesdir}/60-hwrng.rules
+%config(noreplace) %attr(0644,root,root)   %{_sysconfdir}/sysconfig/rngd
 
 %changelog
+* Mon Nov 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.14-4.git.b2b7934e
+- Update rng-tools to v6.14 @ b2b7934e (bz 2015570)
+- Update jitterentropy library to v3.3.1 @ 887c9871
+- Add a config file for storing rngd options
+- Fix a security issue found by a covscan in jitterentropy library
+
 * Thu Jul 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-1.git.d207e0b6
 - Update to the upstream v6.13 + tip of origin/master + onecpu
   branch + revert of 2ce93190