diff --git a/0001-Use-AM_PROG_AR-over-AC_CHECK_TOOLS.patch b/0001-Use-AM_PROG_AR-over-AC_CHECK_TOOLS.patch
deleted file mode 100644
index 66afbdb..0000000
--- a/0001-Use-AM_PROG_AR-over-AC_CHECK_TOOLS.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 16b728f9a5bb138386fa770de817ec244a158be5 Mon Sep 17 00:00:00 2001
-From: David Seifert <soap@gentoo.org>
-Date: Sat, 12 Jun 2021 22:15:06 +0200
-Subject: Use `AM_PROG_AR` over `AC_CHECK_TOOLS`
-
-* `AM_PROG_AR` is the canonical way to detect the archiver
-  and includes workarounds for Cygwin.
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- .gitignore   | 1 +
- configure.ac | 3 +--
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/.gitignore b/.gitignore
-index 0df9347..5dc334d 100644
---- a/.gitignore
-+++ b/.gitignore
-@@ -2,6 +2,7 @@
- *.o
- /.deps/
- /aclocal.m4
-+/ar-lib
- /autom4te.cache/
- /compile
- /config.guess
-diff --git a/configure.ac b/configure.ac
-index 5b4f2cb..1cb7fd7 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -62,10 +62,9 @@ AM_PROG_AS
- dnl Checks for programs
- AC_PROG_CC
- AC_PROG_RANLIB
-+AM_PROG_AR
- AC_PROG_GCC_TRADITIONAL
- 
--AC_CHECK_TOOLS([AR], [ar gar], :)
--
- AX_PTHREAD
- 
- AM_CONDITIONAL([RDRAND], [test $target_cpu = x86_64 -o $target_cpu = i686])
--- 
-2.26.3
-
diff --git a/0003-AC_CANONICAL_TARGET-AC_CANONICAL_HOST.patch b/0003-AC_CANONICAL_TARGET-AC_CANONICAL_HOST.patch
deleted file mode 100644
index be19d6e..0000000
--- a/0003-AC_CANONICAL_TARGET-AC_CANONICAL_HOST.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 3adf2613e262efbda0a3455e59c8cb3390271563 Mon Sep 17 00:00:00 2001
-From: David Seifert <soap@gentoo.org>
-Date: Sat, 12 Jun 2021 22:15:12 +0200
-Subject: `AC_CANONICAL_TARGET` -> `AC_CANONICAL_HOST`
-
-* `AC_CANONICAL_TARGET` is the type of system for which code
-  will be produced, not on which it will run. This is a common
-  confusion with Autoconf's target triplet.
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- configure.ac | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 1cb7fd7..0fe06fc 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -20,7 +20,8 @@ dnl Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA  02110-1335  USA
- AC_INIT(rng-tools, 6.13, [Neil Horman <nhorman@tuxdriver.com>])
- AC_PREREQ(2.52)
- AC_CONFIG_SRCDIR([rngd.c])
--AC_CANONICAL_TARGET
-+AC_CANONICAL_HOST
-+AC_CANONICAL_TARGET dnl required for broken AX_PTHREAD
- AM_INIT_AUTOMAKE([foreign])
- AC_CONFIG_HEADERS([rng-tools-config.h])
- AC_CONFIG_MACRO_DIRS([m4])
-@@ -67,14 +68,14 @@ AC_PROG_GCC_TRADITIONAL
- 
- AX_PTHREAD
- 
--AM_CONDITIONAL([RDRAND], [test $target_cpu = x86_64 -o $target_cpu = i686])
--AS_IF([test $target_cpu = x86_64 -o $target_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
-+AM_CONDITIONAL([RDRAND], [test $host_cpu = x86_64 || $host_cpu = i686])
-+AS_IF([test $host_cpu = x86_64 || $host_cpu = i686], [AC_DEFINE([HAVE_RDRAND],1,[Enable RDRAND])],[])
- 
--AM_CONDITIONAL([DARN], [test $target_cpu = powerpc64le])
--AS_IF([test $target_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
-+AM_CONDITIONAL([DARN], [test $host_cpu = powerpc64le])
-+AS_IF([test $host_cpu = powerpc64le], [AC_DEFINE([HAVE_DARN],1,[Enable DARN])],[])
- 
--AM_CONDITIONAL([RNDR], [test $target_cpu = aarch64])
--AS_IF([test $target_cpu = aarch64], [AC_DEFINE([HAVE_RNDR],1,[Enable RNDR])],[])
-+AM_CONDITIONAL([RNDR], [test $host_cpu = aarch64])
-+AS_IF([test $host_cpu = aarch64], [AC_DEFINE([HAVE_RNDR],1,[Enable RNDR])],[])
- AM_CONDITIONAL([JITTER], [false])
- 
- AC_ARG_ENABLE(jitterentropy,
--- 
-2.26.3
-
diff --git a/0004-Fix-logic-in-ossl_aes_random_key.patch b/0004-Fix-logic-in-ossl_aes_random_key.patch
deleted file mode 100644
index b2f39dc..0000000
--- a/0004-Fix-logic-in-ossl_aes_random_key.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 73e81dc78ddb6f1bc0d8750c1a9e19e6cc123d48 Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Sat, 12 Jun 2021 09:16:25 +0200
-Subject: Fix logic in ossl_aes_random_key()
-
-- Using sizeof is correct for arr[], but is not correct for *ptr. read() here
-makes a 8-bytes read (on 64-bit arch). It should read AES_BLOCK bytes instead,
-as callers of ossl_aes_random_key() imply.
-
-Covscan emits the following warning:
-
-Error: SIZEOF_MISMATCH (CWE-398): [#def1]
-rng-tools-6.12/ossl_helpers.c:51: suspicious_sizeof: Passing argument "key" of
-type "unsigned char *" and argument "8UL /* sizeof (key) */" to function "read"
-is suspicious.
-    51|-> int r = read(fd, key, sizeof key);
-
-- According to the following warning, mark r as not used explicitly:
-
-Error: CLANG_WARNING: [#def2]
-rng-tools-6.12/ossl_helpers.c:51:7: warning[deadcode.DeadStores]: Value stored
-to 'r' during its initialization is never read
-    51|-> int r = read(fd, key, sizeof key);
-
-- Add volatile to stack_junk to avoid possible compiler optimization. This does
-not silence "Uninitialized variable: stack_junk" covscan warning.
-
-- Remove a check for pepper == NULL where it is not needed.
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- ossl_helpers.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/ossl_helpers.c b/ossl_helpers.c
-index c3c1fbb..9569b74 100644
---- a/ossl_helpers.c
-+++ b/ossl_helpers.c
-@@ -42,22 +42,23 @@ void ossl_aes_random_key(unsigned char *key, const unsigned char *pepper)
- 		0x00,0x10,0x20,0x30,0x40,0x50,0x60,0x70,
- 		0x80,0x90,0xa0,0xb0,0xc0,0xd0,0xe0,0xf0
- 	}; /* AES data reduction key */
--	unsigned char stack_junk[AES_BLOCK];
-+	volatile unsigned char stack_junk[AES_BLOCK];
- 	int fd, i;
- 
- 	/* Try getting some randomness from the kernel */
- 	fd = open("/dev/urandom", O_RDONLY);
- 	if (fd >= 0) {
--		int r = read(fd, key, sizeof key);
-+		int r __attribute__((unused));
-+		r = read(fd, key, AES_BLOCK);
- 		close(fd);
- 	}
- 
- 	/* Mix in our default key */
--	for (i = 0; i < AES_BLOCK && pepper; i++)
-+	for (i = 0; i < AES_BLOCK; i++)
- 		key[i] ^= default_key[i];
- 
- 	/* Mix in stack junk */
--	for (i = 0; i < AES_BLOCK && pepper; i++)
-+	for (i = 0; i < AES_BLOCK; i++)
- 		key[i] ^= stack_junk[i];
- 
- 	/* Spice it up if we can */
--- 
-2.26.3
-
diff --git a/0005-Fix-a-read-returning-zero-case-in-init_entropy_sourc.patch b/0005-Fix-a-read-returning-zero-case-in-init_entropy_sourc.patch
deleted file mode 100644
index 2263443..0000000
--- a/0005-Fix-a-read-returning-zero-case-in-init_entropy_sourc.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 8659477ea65b1617332efee6da4c533137870577 Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Sat, 12 Jun 2021 09:00:42 +0200
-Subject: Fix a read() returning zero case in init_entropy_source()
-
-Covscan warns about this with:
-
-Error: CHECKED_RETURN (CWE-252): [#def3]
-rng-tools-6.12/rngd_entsource.c:185: check_return: "read(int, void *,
-size_t)" returns the number of bytes read, but it is ignored.
-    185|-> if (read(rngavail_fd, buf, sizeof(buf)) < 0) {
-
-Add a check for a zero return. While this should not happen, lets just
-handle the case, also to silence covscan.
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- rngd_entsource.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/rngd_entsource.c b/rngd_entsource.c
-index f54ee40..e5b7d43 100644
---- a/rngd_entsource.c
-+++ b/rngd_entsource.c
-@@ -182,13 +182,14 @@ int init_entropy_source(struct rng *ent_src)
- 		return 1;
- 	}
- 
--	if (read(rngavail_fd, buf, sizeof(buf)) < 0) {
-+	int ret = read(rngavail_fd, buf, sizeof(buf));
-+	if (ret < 0) {
- 		message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "Error reading sysfs file: %s\n", RNG_AVAIL);
- 		close(rngavail_fd);
- 		return 1;
- 	}
- 
--	if (strncmp(buf, "\n", 1) == 0) {
-+	if (ret == 0 || strncmp(buf, "\n", 1) == 0) {
- 		message_entsrc(ent_src,LOG_DAEMON|LOG_DEBUG, "No available rng device\n");
- 		close(rngavail_fd);
- 		return 1;
--- 
-2.26.3
-
diff --git a/0006-Fix-minor-possibilities-of-using-a-NULL-pointer.patch b/0006-Fix-minor-possibilities-of-using-a-NULL-pointer.patch
deleted file mode 100644
index d6d0ae6..0000000
--- a/0006-Fix-minor-possibilities-of-using-a-NULL-pointer.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From e4a94ad5d4ea8e5663f1e5d71669317b16105945 Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Sat, 12 Jun 2021 13:11:19 +0200
-Subject: Fix minor possibilities of using a NULL pointer
-
-Fix the following covscan warnings by performing a check for a NULL:
-
-1) Add a check for NULL to message_entsrc macro:
-
-Error: GCC_ANALYZER_WARNING (CWE-688):
-rng-tools-6.12/rngd_rdrand.c: scope_hint: In function 'init_drng_entropy_source'
-rng-tools-6.12/rngd.h:186:9: warning[-Wanalyzer-possible-null-argument]: use of
-possibly-NULL '____buf' where non-null expected
-/usr/include/stdio.h:334:12: note: argument 1 of 'sprintf' must be non-null
-   184|   size_t ____neededmsg = snprintf(NULL, 0, fmt, ##args) + 1; \
-   185|   char *____buf = malloc(____neededpfx + ____neededmsg); \
-   186|-> sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
-
-2) Move memset() in xread_tpm() to a proper place:
-
-Error: NULL_RETURNS (CWE-476): [#def3]
-rng-tools-6.12/rngd_entsource.c:96: returned_null: "malloc" returns "NULL"
-(checked 89 out of 95 times).
-rng-tools-6.12/rngd_entsource.c:96: var_assigned: Assigning: "temp_buf" =
-"NULL" return value from "malloc".
-rng-tools-6.12/rngd_entsource.c:97: dereference: Dereferencing a pointer
-that might be "NULL" "temp_buf" when calling "memset".
-    96|   temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
-    97|-> memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
-    98|   if (temp_buf == NULL) {
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- rngd.h           | 8 +++++---
- rngd_entsource.c | 3 ++-
- 2 files changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/rngd.h b/rngd.h
-index 6208b95..7d65f3c 100644
---- a/rngd.h
-+++ b/rngd.h
-@@ -184,9 +184,11 @@ extern bool quiet;
- 	size_t ____neededpfx = snprintf(NULL, 0, "[%-6s]: ", src->rng_sname); \
- 	size_t ____neededmsg = snprintf(NULL, 0, fmt, ##args) + 1; \
- 	char *____buf = malloc(____neededpfx + ____neededmsg); \
--	sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
--	message(priority, "%s", ____buf); \
--	free(____buf); \
-+	if (____buf) { \
-+		sprintf(____buf, "[%-6s]: " fmt, src->rng_sname, ##args); \
-+		message(priority, "%s", ____buf); \
-+		free(____buf); \
-+	} \
- } while (0)
- 
- extern bool do_reseed;
-diff --git a/rngd_entsource.c b/rngd_entsource.c
-index e5b7d43..b7ebd15 100644
---- a/rngd_entsource.c
-+++ b/rngd_entsource.c
-@@ -94,12 +94,13 @@ int xread_tpm(void *buf, size_t size, struct rng *ent_src)
- 	}
- 
- 	temp_buf = (unsigned char *) malloc(size + TPM_GET_RNG_OVERHEAD);
--	memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
- 	if (temp_buf == NULL) {
- 		message_entsrc(ent_src,LOG_ERR|LOG_INFO,"No memory for TPM buffer\n");
- 		close(ent_src->rng_fd);
- 		return -1;
- 	}
-+	memset(temp_buf, 0, (size+TPM_GET_RNG_OVERHEAD));
-+
- 	/* 32 bits has been reserved for random byte size */
- 	rng_cmd[13] = (unsigned char)(size & 0xFF);
- 	rng_cmd[12] = (unsigned char)((size >> 8) & 0xFF);
--- 
-2.26.3
-
diff --git a/0007-Small-bug-and-warning-fixes-per-covscan-report.patch b/0007-Small-bug-and-warning-fixes-per-covscan-report.patch
deleted file mode 100644
index 00317bd..0000000
--- a/0007-Small-bug-and-warning-fixes-per-covscan-report.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-From 2d244c6b5aea8f1a8e70307540d9d95b8111a242 Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Mon, 14 Jun 2021 14:04:27 +0200
-Subject: Small bug and warning fixes per covscan report
-
-- Fix a strncpy() bug.
-
-- Remove unused variables.
-
-- A small formatting fix.
-
-- Fix signedness warnings.
-
-- Add parenthesis to definitions of CHUNK_SIZE.
-
-- Adjust default_watermark() so wm is set to a default value in all cases.
-  Also add logging the same way it was done in init_kernel_rng().
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- rngd_darn.c   |  4 ++--
- rngd_jitter.c |  3 +--
- rngd_linux.c  | 31 ++++++++++++++++++++++---------
- rngd_rdrand.c |  2 --
- rngd_rndr.c   |  2 +-
- rngd_rtlsdr.c |  6 +++---
- stats.c       |  2 +-
- 7 files changed, 30 insertions(+), 20 deletions(-)
-
-diff --git a/rngd_darn.c b/rngd_darn.c
-index bc8edec..5254195 100644
---- a/rngd_darn.c
-+++ b/rngd_darn.c
-@@ -46,9 +46,9 @@ static uint64_t get_darn();
- static int refill_rand(struct rng *ent_src, bool allow_reinit);
- static size_t copy_avail_rand_to_buf(unsigned char *buf, size_t size, size_t copied);
- 
--#define CHUNK_SIZE AES_BLOCK * 8
-+#define CHUNK_SIZE		(AES_BLOCK*8)
- #define RDRAND_ROUNDS		512		/* 512:1 data reduction */
--#define THRESH_BITS 14
-+#define THRESH_BITS		14
- 
- /* ossl AES context */
- static struct ossl_aes_ctx *ossl_ctx;
-diff --git a/rngd_jitter.c b/rngd_jitter.c
-index b68c791..7403c02 100644
---- a/rngd_jitter.c
-+++ b/rngd_jitter.c
-@@ -128,7 +128,7 @@ int pipefds[2];
- 
- unsigned char *aes_buf;
- 
--static char key[AES_BLOCK];
-+static unsigned char key[AES_BLOCK];
- static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128)));
- static struct ossl_aes_ctx *ossl_ctx;
- 
-@@ -322,7 +322,6 @@ int validate_jitter_options(struct rng *ent_src)
- 	int delay = ent_src->rng_options[JITTER_OPT_RETRY_DELAY].int_val;
- 	int rcount = ent_src->rng_options[JITTER_OPT_RETRY_COUNT].int_val;
- 	int soft_timer = ent_src->rng_options[JITTER_OPT_FORCE_INT_TIMER].int_val;
--	int num_threads = ent_src->rng_options[JITTER_OPT_THREADS].int_val;
- 
- 	/* Need at least one thread to do this work */
- 	if (!threads) {
-diff --git a/rngd_linux.c b/rngd_linux.c
-index cf4fcdf..c52c62d 100644
---- a/rngd_linux.c
-+++ b/rngd_linux.c
-@@ -56,22 +56,35 @@ extern int kent_pool_size;
- /*
-  * Get the default watermark
-  */
-+
-+#define DEFAULT_WATERMARK_GUESS 4096
-+
- int default_watermark(void)
- {
- 	FILE *f;
--	unsigned int wm;	/* Default guess */
-+	unsigned int wm;
- 
- 	f = fopen("/proc/sys/kernel/random/poolsize", "r");
--	if (!f)
-+	if (!f) {
-+		wm = DEFAULT_WATERMARK_GUESS;
-+		message(LOG_DAEMON|LOG_ERR, "can't open /proc/sys/kernel/random/poolsize: %s",
-+			strerror(errno));
- 		goto err;
--	/*
--	 * Default to 4096 if fscanf fails
--	 */
--	if(fscanf(f,"%u", &wm) < 1)
--		wm = 4096;
-+	}
-+
-+	/* Use DEFAULT_WATERMARK_GUESS if fscanf fails */
-+	if(fscanf(f,"%u", &wm) < 1) {
-+		wm = DEFAULT_WATERMARK_GUESS;
-+		message(LOG_DAEMON|LOG_ERR, "can't read /proc/sys/kernel/random/poolsize: %s",
-+			strerror(errno));
-+	}
-+
-+err:
- 	kent_pool_size = wm;
- 	wm = wm*3/4;
--err:
-+	message(LOG_DAEMON|LOG_ERR, "kernel entropy pool size: %d pool watermark: %d",
-+		kent_pool_size, wm);
-+
- 	if (f)
- 		fclose(f);
- 	return wm;
-@@ -153,7 +166,7 @@ int random_add_entropy(void *buf, size_t size)
- 	} else
- 		write(random_fd, buf, size);
- 
--	return ent->ent_count; 
-+	return ent->ent_count;
- 
- }
- 
-diff --git a/rngd_rdrand.c b/rngd_rdrand.c
-index cba27a9..caa9d05 100644
---- a/rngd_rdrand.c
-+++ b/rngd_rdrand.c
-@@ -243,8 +243,6 @@ int init_drng_entropy_source(struct rng *ent_src)
- 	const uint32_t features_ebx7_rdseed = 1 << 18;
- 	uint32_t max_cpuid_leaf;
- 	unsigned char xkey[AES_BLOCK];	/* Material to XOR into the key */
--	int fd;
--	int i;
- 
- 	if (!x86_has_cpuid())
- 		return 1;	/* No CPUID instruction */
-diff --git a/rngd_rndr.c b/rngd_rndr.c
-index 176ce90..79bf2ce 100644
---- a/rngd_rndr.c
-+++ b/rngd_rndr.c
-@@ -47,7 +47,7 @@ static struct ossl_aes_ctx *ossl_ctx;
- static unsigned char key[AES_BLOCK];
- static unsigned char iv_buf[AES_BLOCK];
- 
--#define CHUNK_SIZE AES_BLOCK * 8
-+#define CHUNK_SIZE (AES_BLOCK*8)
- static unsigned char aes_buf[CHUNK_SIZE];
- static size_t aes_buf_pos;
- #define REKEY_BITS 8
-diff --git a/rngd_rtlsdr.c b/rngd_rtlsdr.c
-index 949c8b0..5371905 100644
---- a/rngd_rtlsdr.c
-+++ b/rngd_rtlsdr.c
-@@ -21,12 +21,12 @@
- #include "rngd.h"
- #include "ossl_helpers.h"
- 
--#define RAW_BUF_SZ	    4096
-+#define RAW_BUF_SZ              4096
- 
--#define CHUNK_SIZE	      (AES_BLOCK*8)   /* 8 parallel streams */
-+#define CHUNK_SIZE              (AES_BLOCK*8)   /* 8 parallel streams */
- 
- static rtlsdr_dev_t *radio = NULL;
--static char raw_buffera[RAW_BUF_SZ];
-+static unsigned char raw_buffera[RAW_BUF_SZ];
- static int freq_min;
- static int freq_max;
- static int sample_min;
-diff --git a/stats.c b/stats.c
-index 5c4036a..a172a35 100644
---- a/stats.c
-+++ b/stats.c
-@@ -65,7 +65,7 @@ static void scale_mult_unit(char *unit, int unitsize,
- 	if (mult)
- 		snprintf(unit, unitsize, "%ci%s", multchar[mult-1], baseunit);
- 	else
--		strncpy(unit, baseunit, unitsize);
-+		strncpy(unit, baseunit, unitsize-1);
- }
- 
- /* Computes elapsed time in microseconds */
--- 
-2.26.3
-
diff --git a/0008-Fix-a-minor-memory-leak-in-rngd_jitter.c.patch b/0008-Fix-a-minor-memory-leak-in-rngd_jitter.c.patch
deleted file mode 100644
index d88b1b1..0000000
--- a/0008-Fix-a-minor-memory-leak-in-rngd_jitter.c.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 05505f04b9146e3f1225c182d3fdfc2fb51a633f Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Sat, 12 Jun 2021 09:35:21 +0200
-Subject: Fix a minor memory leak in rngd_jitter.c
-
-While a leak is short-lived until a process memory is freed, fix it anyway.
-
-Error: GCC_ANALYZER_WARNING (CWE-401):
-rng-tools-6.12/rngd_jitter.c:396:66: warning[-Wanalyzer-malloc-leak]:
-leak of 'aes_buf'
-rng-tools-6.12/rngd_jitter.c:35: included_from: Included from here.
-rng-tools-6.12/rngd_jitter.c:394:17: note: in expansion of macro 'message_entsrc'
-
-Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
-rng-tools-6.12/rngd_jitter.c: scope_hint: In function 'init_jitter_entropy_source'
-rng-tools-6.12/rngd_jitter.c:396:66: warning[-Wanalyzer-malloc-leak]: leak of 'aes_buf'
-rng-tools-6.12/rngd_jitter.c:394:17: note: in expansion of macro 'message_entsrc'
- 394|   message_entsrc(ent_src,LOG_CONS|LOG_INFO, "Initializing AES buffer\n");
- 395|   aes_buf = malloc(tdata[0].buf_sz);
- 396|-> ent_src->rng_options[JITTER_OPT_USE_AES].int_val = 0;
- 397|   if (xread_jitter(key, AES_BLOCK, ent_src)) {
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- rngd_jitter.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/rngd_jitter.c b/rngd_jitter.c
-index 7403c02..ea29436 100644
---- a/rngd_jitter.c
-+++ b/rngd_jitter.c
-@@ -126,7 +126,7 @@ static struct thread_data *tdata;
- static pthread_t *threads;
- int pipefds[2];
- 
--unsigned char *aes_buf;
-+unsigned char *aes_buf = NULL;
- 
- static unsigned char key[AES_BLOCK];
- static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128)));
-@@ -533,9 +533,9 @@ void close_jitter_entropy_source(struct rng *ent_src)
- 	close(pipefds[0]);
- 	free(tdata);
- 	free(threads);
-+	free(aes_buf);
- 	if (ossl_ctx) {
- 		ossl_aes_exit(ossl_ctx);
- 		ossl_ctx = NULL;
- 	}
- }
--
--- 
-2.26.3
-
diff --git a/0009-Brush-up-rngd_nistbeacon.c.patch b/0009-Brush-up-rngd_nistbeacon.c.patch
deleted file mode 100644
index 5ba2404..0000000
--- a/0009-Brush-up-rngd_nistbeacon.c.patch
+++ /dev/null
@@ -1,233 +0,0 @@
-From c87d4f8616c42a921cec37e8758e71f5651c727f Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Mon, 14 Jun 2021 14:37:28 +0200
-Subject: Brush up rngd_nistbeacon.c
-
-1) Fix a possile NULL dereference in get_nist_record() and update_active_cert().
-It may happen in an unlikely case when curl_easy_setopt(CURLOPT_WRITEFUNCTION)
-fails but curl_easy_perform() succeeds.
-
-Also adjust error handling and logging. This way a libcurl instance is properly
-cleaned up in all cases.
-
-This fixes code for the following warnings. NULL pointer warning still stays,
-as covscan does not recognize parse_nist_json_block() as a callback.
-
-Error: CHECKED_RETURN (CWE-252): [#def13]
-rng-tools-6.12/rngd_nistbeacon.c:582: check_return: Calling "curl_easy_setopt(curl,
-_curl_opt, certurl)" without checking return value. This library function may fail
-and return an error code.
-   581|   certurl = strcat(certurl, block.certificateIdString);
-   582|-> curl_easy_setopt(curl, CURLOPT_URL, certurl);
-
-Error: CLANG_WARNING: [#def19]
-rng-tools-6.12/rngd_nistbeacon.c:622:32: warning[core.NonNullParamChecker]: Null
-pointer passed to 1st parameter expecting 'nonnull'
-   622|-> activeCertId = strndup(block.certificateId, be32toh(block.certificateIdLen));
-
-2) Remove unused variables from parse_nist_json_block().
-
-3) Fix a signedness warning for nist_rand_buf and block.signatureValue.
-
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
----
- rngd_nistbeacon.c | 109 +++++++++++++++++++++++++++++++---------------
- 1 file changed, 74 insertions(+), 35 deletions(-)
-
-diff --git a/rngd_nistbeacon.c b/rngd_nistbeacon.c
-index 5d51d44..51e3458 100644
---- a/rngd_nistbeacon.c
-+++ b/rngd_nistbeacon.c
-@@ -74,7 +74,7 @@ static int get_nist_record(struct rng *ent_src);
- 
- static size_t nist_buf_avail = 0;
- static size_t nist_buf_ptr = 0;
--static char nist_rand_buf[NIST_BUF_SIZE];
-+static unsigned char nist_rand_buf[NIST_BUF_SIZE];
- static char errbuf[120];
- int cfp;
- 
-@@ -275,23 +275,18 @@ static void get_json_byte_array(json_t *parent, char *key, char **val, uint32_t
- }
- 
- /*
-- * Note, I'm making the assumption that the entire xml block gets returned 
-+ * Note, I'm making the assumption that the entire xml block gets returned
-  * in a single call here, which I should fix
-  */
- static size_t parse_nist_json_block(char *ptr, size_t size, size_t nemb, void *userdata)
- {
-         size_t idx;
-         json_t *jidx;
--	xmlTextReaderPtr reader;
--	int ret = 1;
--	const char *name;
--	size_t realsize = size * nemb;
--	char *xml = (char *)ptr;
--        json_t *json, *pulse, *values, *obj;
-+        size_t realsize = size * nemb;
-+        json_t *json, *pulse, *obj;
-         json_error_t jsonerror;
-         struct rng *ent_src = userdata;
- 
--
-         json = json_loads(ptr, size, &jsonerror);
-         if (!json) {
-                 message_entsrc(ent_src,LOG_DAEMON|LOG_ERR, "Unparseable JSON\n");
-@@ -532,7 +527,8 @@ static int validate_nist_block(struct rng *ent_src)
- 		goto out;
- 	}
- 
--	if (EVP_VerifyFinal(mdctx, block.signatureValue, be32toh(block.signatureValueLen), pubkey) < 1) {
-+	if (EVP_VerifyFinal(mdctx, (unsigned char *)block.signatureValue,
-+		be32toh(block.signatureValueLen), pubkey) < 1) {
- 		unsigned long err;
- 		message_entsrc(ent_src,LOG_DAEMON| LOG_ERR, "Unable to validate signature on message\n");
- 		while( (err = ERR_get_error()) != 0 ) {
-@@ -566,7 +562,8 @@ static size_t copy_nist_certificate(char *ptr, size_t size, size_t nemb, void *u
-         return size * nemb;
- }
- 
--static void update_active_cert() {
-+static void update_active_cert(struct rng *ent_src)
-+{
-         CURL *curl;
-         CURLcode res;
-         char *certurl;
-@@ -574,24 +571,46 @@ static void update_active_cert() {
- 
-         free(activeCert);
-         activeCert = NULL;
--                
-+
-         curl = curl_easy_init();
--        if (!curl)
-+        if (!curl) {
-+                message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+                        "update_active_cert(): curl_easy_init() failed\n");
-                 return;
-+        }
- 
-         certurl = alloca(urlsize);
--        if (!certurl)
--                return;
-+        if (!certurl) {
-+                message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+                        "update_active_cert(): alloca() failed\n");
-+                goto out_curl;
-+        }
-         strcpy(certurl, NIST_CERT_BASE_URL);
-         certurl = strcat(certurl, block.certificateIdString);
--        curl_easy_setopt(curl, CURLOPT_URL, certurl);
--        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, copy_nist_certificate);
-+
-+        res = curl_easy_setopt(curl, CURLOPT_URL, certurl);
-+        if (res != CURLE_OK) {
-+                message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+                        "update_active_cert(): curl_easy_setopt(URL) failed: %s\n",
-+                        curl_easy_strerror(res));
-+                goto out_curl;
-+        }
-+        res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, copy_nist_certificate);
-+        if (res != CURLE_OK) {
-+                message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+                        "update_active_cert(): curl_easy_setopt(WRITEFUNC) failed: %s\n",
-+                        curl_easy_strerror(res));
-+                goto out_curl;
-+        }
- 
-         res = curl_easy_perform(curl);
--	if (res != CURLE_OK) {
--		fprintf(stderr, "curl_easy_perform() failed in cert update: %s\n", 
--			curl_easy_strerror(res));
--	}
-+        if (res != CURLE_OK) {
-+                message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+                        "update_active_cert(): curl_easy_perform() failed: %s\n",
-+                        curl_easy_strerror(res));
-+        }
-+
-+out_curl:
-         curl_easy_cleanup(curl);
-         return;
- }
-@@ -603,42 +622,62 @@ static int get_nist_record(struct rng *ent_src)
- 	int rc = 1;
- 
- 	curl = curl_easy_init();
--
--	if (!curl)
-+	if (!curl) {
-+		message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+			"get_nist_record(): curl_easy_init() failed\n");
- 		goto out;
-+	}
- 
--	curl_easy_setopt(curl, CURLOPT_URL, NIST_RECORD_URL);
--	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, parse_nist_json_block);
--        curl_easy_setopt(curl, CURLOPT_WRITEDATA, ent_src);
-+	res = curl_easy_setopt(curl, CURLOPT_URL, NIST_RECORD_URL);
-+	if (res != CURLE_OK) {
-+		message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+			"get_nist_record(): curl_easy_setopt(URL) failed: %s\n",
-+			curl_easy_strerror(res));
-+		goto out_curl;
-+	}
-+	res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, parse_nist_json_block);
-+	if (res != CURLE_OK) {
-+		message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+			"get_nist_record(): curl_easy_setopt(WRITEFUNC) failed: %s\n",
-+			curl_easy_strerror(res));
-+		goto out_curl;
-+	}
-+	res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, ent_src);
-+	if (res != CURLE_OK) {
-+		message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+			"get_nist_record(): curl_easy_setopt(WRITEDATA) failed: %s\n",
-+			curl_easy_strerror(res));
-+		goto out_curl;
-+	}
- 
-+	/* parse_nist_json_block() runs here as a callback */
- 	res = curl_easy_perform(curl);
- 	if (res != CURLE_OK) {
--		fprintf(stderr, "curl_easy_perform() failed: %s\n", 
-+		message_entsrc(ent_src, LOG_DAEMON|LOG_ERR,
-+			"get_nist_record(): curl_easy_perform() failed: %s\n",
- 			curl_easy_strerror(res));
--		goto out;
-+		goto out_curl;
- 	}
- 
--	curl_easy_cleanup(curl);
--
-         lastpulse = block.pulseIndex;
- 
-         if (!activeCertId || memcmp(activeCertId, block.certificateId, be32toh(block.certificateIdLen))) {
-                 free(activeCertId);
-                 activeCertId = strndup(block.certificateId, be32toh(block.certificateIdLen));
--                update_active_cert();
-+                update_active_cert(ent_src);
-         }
- 
- 	if (validate_nist_block(ent_src)) {
--		message_entsrc(ent_src,LOG_DAEMON|LOG_ERR, "Received block failed validation\n");
--		goto out;
-+		message_entsrc(ent_src, LOG_DAEMON|LOG_ERR, "Received block failed validation\n");
-+		goto out_curl;
- 	}
- 
--        
- 	rc = 0;
- 
-+out_curl:
-+	curl_easy_cleanup(curl);
- out:
- 	return rc;
--	
- }
- 
- /*
--- 
-2.26.3
-
diff --git a/rng-tools.spec b/rng-tools.spec
index ba4d54d..2fa4db3 100644
--- a/rng-tools.spec
+++ b/rng-tools.spec
@@ -12,10 +12,10 @@
 Summary:        Random number generator related utilities
 Name:           rng-tools
 Version:        6.13
-Release:        3%{?dist}
+Release:        4.git.d207e0b6%{?dist}
 License:        GPLv2+
 URL:            https://github.com/nhorman/rng-tools
-Source0:        https://github.com/nhorman/rng-tools/archive/v%{version}/rng-tools-%{version}.tar.gz
+Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:        rngd.service
 Source2:        rngd-wake-threshold.service
 Source3:        60-hwrng.rules
@@ -39,15 +39,6 @@ Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
 
-Patch1: 0001-Use-AM_PROG_AR-over-AC_CHECK_TOOLS.patch
-Patch2: 0003-AC_CANONICAL_TARGET-AC_CANONICAL_HOST.patch
-Patch3: 0004-Fix-logic-in-ossl_aes_random_key.patch
-Patch4: 0005-Fix-a-read-returning-zero-case-in-init_entropy_sourc.patch
-Patch5: 0006-Fix-minor-possibilities-of-using-a-NULL-pointer.patch
-Patch6: 0007-Small-bug-and-warning-fixes-per-covscan-report.patch
-Patch7: 0008-Fix-a-minor-memory-leak-in-rngd_jitter.c.patch
-Patch8: 0009-Brush-up-rngd_nistbeacon.c.patch
-
 %description
 Hardware random number generation tools.
 
@@ -90,7 +81,7 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
 %files
 %{!?_licensedir:%global license %%doc}
 %license COPYING
-%doc AUTHORS NEWS README
+%doc AUTHORS README
 %{_bindir}/rngtest
 %{_sbindir}/rngd
 %{_mandir}/man1/rngtest.1.*
@@ -100,6 +91,13 @@ getent passwd rngd >/dev/null || useradd -r -M -d %{_localstatedir}/lib/rngd -s
 %attr(0644,root,root)   %{_udevrulesdir}/60-hwrng.rules
 
 %changelog
+* Thu Jul 22 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-4.git.d207e0b6
+- Update to the upstream v6.13 + tip of origin/master + onecpu
+  branch + revert of 2ce93190 (bz 1965318)
+- Rebuild rng-tools against the latest jitterentropy library
+  3.0.2-2.git.409828cf with fixes for an important issue
+- Adjust Source0 to a more proper one
+
 * Mon Jul 05 2021 Vladis Dronov <vdronov@redhat.com> - 6.13-3
 - Adjust rngd-wake-threshold.service and post section so udevadm
   is not run in a container (bz 1965318)
diff --git a/sources b/sources
index ccf1456..0c8d9df 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (rng-tools-6.13.tar.gz) = def5f2dcdd1771e8fe5af9476de866ff89a225065416672165af6019cbb166f874fae936b3705221aa47dc13ae99fa63d054d7d49b612f3151cd922a0a129490
+SHA512 (rng-tools-6.13.tar.gz) = e92491073e5af67e5d0ede0349944baaa9fca0e1171e3e311df1b08295d71c15791538497e595c0e9a61e02cffe83d31ae10c00a195826c6f677004208dc7911