haveged (1.9.19-3) unstable; urgency=medium * Udating apparmor profile, thanks to Giacomo Mulas (Closes: #1087318). -- Daniel Baumann Tue, 12 Nov 2024 15:11:42 +0100 haveged (1.9.19-2) unstable; urgency=medium * Trimming previous changelog entry. * Correcting spelling typo in 1.9.14-1 changelog entries. -- Daniel Baumann Sun, 10 Nov 2024 17:08:50 +0100 haveged (1.9.19-1) unstable; urgency=low * Merging upstream version 1.9.19 (Closes: #999811, #1078052): - haveged can be run as an application if also running as a daemon (Closes: #998382). * Removing unused gbp.conf. * Removing unused README.source. * Removing sysvinit remains. * Updating to standards version 4.7.0. * Removing vcs fields. * Adding explicit section for binary packages. * Updating watch file. * Prefixing debhelper files with package names. * Moving apparmor files to local subdirectory within packaging directory. * Wrap and sorting packaging files. * Updating SystemCall entries in service file to fix armel issues (Closes: #985196). -- Daniel Baumann Sun, 10 Nov 2024 16:10:16 +0100 haveged (1.9.14-2) unstable; urgency=low * New maintainer (Closes: #1087263). -- Daniel Baumann Sun, 10 Nov 2024 15:27:58 +0100 haveged (1.9.14-1) unstable; urgency=low * New upstream version (2021-01-01) Added --version and new subcommand to close communication socket * Upgrade to debhelper compatibility level 13 dh_missing --fail-missing is now the default. * d/control: Declare compliance with policy v4.5.1. No change needed. -- nicoo Thu, 14 Jan 2021 00:56:44 +0100 haveged (1.9.13-1) unstable; urgency=medium [ nicoo ] * New upstream version (2020-06-28) + added support for --version [Jirka Hladky] + fix a memory leak in havege_destroy [Anakin Zhang] + libhavege2: Update symbols file * Setup Salsa CI for the packaging repository * haveged: Simplify handling of the Apparmor profile [ Dan Streetman ] * Add consoles to apparmor profile Support outputting logs when running inside a container * Improve autopkgtests. * Remove -w parameter from /etc/default/haveged [ Debian Janitor ] * Add missing ${misc:Depends} to Depends for haveged-udeb. * Set upstream metadata fields Bug-Database, Bug-Submit, Repository, Repository-Browse. -- nicoo Wed, 25 Nov 2020 02:09:10 +0100 haveged (1.9.8-4) unstable; urgency=high (RC bug fix) * debian/haveged.service: Break ordering cycle Drop ordering constraint with systemd-journald Closes: #950418, #950540 * debian/control: Build-Depends on debhelper (>= 12.3) Closes: #944040 -- nicoo Fri, 07 Feb 2020 14:34:56 +0100 haveged (1.9.8-3) unstable; urgency=medium * debian/haveged.service + Sync with upstream's version - Service ordering changes - Start after systemd-tmpfiles-setup-dev.service This is required, otherwise /dev/random might not yet exist. - Start before systemd-journald - Set WantedBy=sysinit.target (rather than multi-user.target) - Drop `NoNewPrivileges` (useless, as haveged keeps running as root) - Update SuccessExitStatus - Always restart the service - Allow running haveged in containers - Normalise on Boolean “true” instead of “yes” + Tighten-down security settings - Apply a syscall filter to the service - Set ProtectHostname, ProtectKernel{Logs,Modules} - Set Restrict{Namespaces,Realtime}, preventing access to potentially-vulnerable kernel features. - Set LockPersonality, MemoryDenyWriteExecute * Declare compliance with policy v4.5.0. No change required. * Remove obsolete debian/source/include-binaries -- nicoo Fri, 31 Jan 2020 05:16:40 +0100 haveged (1.9.8-2) unstable; urgency=medium * Fix haveged-udeb by bumping SONAME in shlibs.local; otherwise, the udeb would get a dependency on non-udeb libhavege2, rendering it uninstallable and breaking d-i builds (Closes: #944189). -- Cyril Brulebois Tue, 05 Nov 2019 16:53:59 +0000 haveged (1.9.8-1) unstable; urgency=high (systemd boot fix) [nicoo] * New upstream version 1.9.8 (Closes: #934971) + Remove patches merged upstream + libhavege: Update symbols file, bump soname. Upstream removed visibility of havegecmd in v1.9.7, which is ABI-breaking. * debian/watch + Deal with new release tag names + Stop expecting signed releases. Upstream stopped signing releases, this is a known issue: https://github.com/jirka-h/haveged/issues/2 * debian/rules: Fixup for debhelper/12.3 dh_makeshlibs now detects the library in haveged-udeb, but complains it is not shipped in haveged (since it's shipped in libhavege2) * debian/control + Use HTTPS for the Homepage link. + Declare compliance with policy v4.4.1. No change required. [Dan Streetman] * haveged.service: do not order After=systemd-random-seed.service Upstream systemd has recently changed systemd-random-seed.serivce to no longer be ordered before sysinit.target. However, since haveged orders itself After=systemd-random-seed and also Before=sysinit.service, it is now causing boot delays: https://github.com/systemd/systemd/issues/13252 Closes: #938939 -- nicoo Wed, 16 Oct 2019 21:13:07 +0200 haveged (1.9.4-2) unstable; urgency=medium * haveged.service: Set WantedBy=multi-user.target (Closes: #934165) * Patch reliability issue (segfault on start) -- nicoo Thu, 15 Aug 2019 14:18:48 +0200 haveged (1.9.4-1) unstable; urgency=medium [ nicoo ] * New upstream version 1.9.4 (Closes: #906294) * Add myself as an uploader * New upstream maintainer + Update debian/copyright, debian/watch + Switch to new-style upstream signing keys, update signing keys + Forward Debian patches (as Github PRs), update patch metadata * Amend the changelog for 1.9.1-6. It should have closed #866513, as the start ordering issue was likely the problem. * libhavege1 + Add Build-Depends-Package to symbols file + Update symbols file * Comply with policy v4.4.0 + Set Rules-Requires-Root: no + Install the upstream changelog as NEWS.gz + debian/copyright: Use HTTPS format URI * debian/control + Replace `Priority: extra` with `optional` + Drop obsolete -dbg package (Closes: #874627) + Add missing Pre-Depends for haveged * debian/gbp.conf + Update the name of the debian branch + Enable use of pristine-tar by default * Switch to debhelper 12, remove the old-style debian/compat file * Add missing installed paths, not-installed, make dh_missing failing * Simplify debian/rules [ Ondřej Nový ] * d/control: Set Vcs-* to salsa.debian.org -- nicoo Wed, 14 Aug 2019 16:34:34 +0200 haveged (1.9.1-8) unstable; urgency=medium * Update apparmor profile: add write access to /run/haveged.pid as that would get DENIED when running under sysvinit (Closes: #911604). That's not an issue when running under systemd as PID file handling isn't needed there. -- Cyril Brulebois Sat, 13 Jul 2019 01:36:24 +0200 haveged (1.9.1-7) unstable; urgency=medium [ Cyril Brulebois ] * Add haveged-udeb, for use from the Debian Installer (See: #923675, Closes: #927376). * Bundle the daemon and the library in haveged-udeb, since the daemon is the only user of the libhavege.so.1 SONAME. [ Ondřej Nový ] * d/control: Set Vcs-* to salsa.debian.org -- Cyril Brulebois Fri, 19 Apr 2019 18:29:05 +0200 haveged (1.9.1-6) unstable; urgency=high * Start haveged.service after systemd-tmpfiles-setup.service has been run. Many thanks to Jan Echternach for reporting the problem and suggesting a fix. (Closes: #858134, #866513) -- Jérémy Bobbio Mon, 17 Jul 2017 18:05:45 +0200 haveged (1.9.1-5) unstable; urgency=medium * Fix URL in Homepage control field. * Fix URL in debian/watch. * Declare libhavege-dev Multi-Arch:same. * Add autopkgtest testing effectiveness using using dieharder. -- Jérémy Bobbio Wed, 30 Nov 2016 15:49:36 +0100 haveged (1.9.1-4) unstable; urgency=medium * Non-maintainer upload, with maintainer's agreement. * Add Suggests: apparmor * Fix start ordering with AppArmor under systemd (Closes: #824179). * Fixes all Lintian warnings: - Bump Standards-Version to 3.9.8. - Use hardened build flags. - Use HTTPS for remote VCS links. - Fix typos in manpages. * Mark patches as forwarded upstream. -- nicoo Sat, 25 Jun 2016 11:17:52 +0200 haveged (1.9.1-3) unstable; urgency=medium * Fix spelling of SecureBits value in service file. Thanks Sven Hartge for the report and solution. (Closes: #798090) -- Jérémy Bobbio Sun, 06 Sep 2015 20:40:09 +0200 haveged (1.9.1-2) unstable; urgency=medium [ Jérémy Bobbio ] * Add a patch to prevent a watermark higher than the pool size. (Closes: #740117) * Teach haveged normal exit code to systemd. Thanks Markus Schade. (Closes: #781585) * Restore support for the default file with systemd. Thanks Markus Schade. (Closes: #740349) * Limit privileges when running with systemd. Thanks Micah Anderson. (Closes: #771633) * Start haveged early in the boot process when using systemd. Borrowed from openSUSE. Thanks Christian Boltz for the pointer. * Fix minor issue in debian/copyright spotted by Lintian. * Bump Standards-Version, no changes required. [ nicoo ] * Add AppArmor profile. (Closes: #796374) -- Jérémy Bobbio Fri, 04 Sep 2015 20:24:19 +0200 haveged (1.9.1-1) unstable; urgency=low * Imported Upstream version 1.9.1. (Closes: #739403) * Add upstream signature verification to debian/watch. * Update debian/copyright. * Update symbol file. * Bump Standards-Version, no changes required. -- Jérémy Bobbio Wed, 26 Feb 2014 11:39:40 +0000 haveged (1.7c-1) unstable; urgency=low * Imported Upstream version 1.7c: - Remove obsolete patch for MIPS alignment issues. * Ship a systemd service file using dh-systemd -- Jérémy Bobbio Tue, 20 Aug 2013 09:09:43 +0200 haveged (1.7b-2) unstable; urgency=low * Add a patch to fix alignment issues on MIPS. -- Jérémy Bobbio Fri, 07 Jun 2013 23:19:42 +0200 haveged (1.7b-1) unstable; urgency=low * New upstream version. * Refer to the file with the actual GPL version in debian/copyright. -- Jérémy Bobbio Fri, 07 Jun 2013 12:00:31 +0200 haveged (1.7a-1) unstable; urgency=low * New upstream version. * Include improved debian/watch from Bart Martens. * Bump Standards-Version to 3.9.4, no changes required. -- Jérémy Bobbio Tue, 07 May 2013 08:50:31 +0000 haveged (1.7-1) experimental; urgency=low * New upstream version: (Closes: #689673) - Since haveged 1.5, entropy is tested at runtime. (Closes: #651980) * Refresh Debian patches. * Update debian/copyright. * Add missing license paragraph in debian/copyright. * Switch to debhelper compatibility level 9 for hardening and multi-arch. * Switch to multiple binary packages as upstream has extracted most features to a library. We now ship libhavege1, libhavege1-dbg and libhavege-dev on top of haveged itself. * Add upstream answers to concerns regarding HAVEGE in virtualized environments in README.Debian. -- Jérémy Bobbio Mon, 11 Feb 2013 14:18:59 +0100 haveged (1.4-4) unstable; urgency=low * Disable NIST test suite on mips and mipsel as it takes way too long on these architectures. At least long enough to prevent the package build to complete properly. -- Jérémy Bobbio Fri, 13 Apr 2012 15:58:39 +0200 haveged (1.4-3) unstable; urgency=low * Add patch by Sven Hartge to overcome mips build failures: let's make the CUSUM and RANDOM EXCURSION tests be a little more verbose about their progress. That should help us stay under the 5 allowed minutes of inactivity. -- Jérémy Bobbio Tue, 10 Apr 2012 21:48:13 +0200 haveged (1.4-2) unstable; urgency=low * Restore patch to remove broken support for CPUID on ia64. * Update Format line in debian/copyright. * Bump Standards-Version to 3.9.3, no changes required. -- Jérémy Bobbio Fri, 06 Apr 2012 17:44:55 +0200 haveged (1.4-1) unstable; urgency=low * New upstream version. (Closes: #660198) * Drop obsolete Debian patches. * Refresh debian/copyright. -- Jérémy Bobbio Fri, 17 Feb 2012 13:20:51 +0100 haveged (1.3a-1) unstable; urgency=low * New upstream version. (Closes: #657683) -- Jérémy Bobbio Mon, 30 Jan 2012 12:52:28 +0100 haveged (1.1-2) unstable; urgency=low * Simplify extended description. * Remove buggy support for CPUID on ia64. -- Jérémy Bobbio Sun, 24 Apr 2011 21:38:20 +0200 haveged (1.1-1) unstable; urgency=low [ Sven Hartge ] * New upstream release. (Closes: #563938, #594379) * Build with default gcc. (Closes: #594284) * Correct LSB header, use $remote_fs instead of $local_fs twice. (Closes: #587535) [ Jérémy Bobbio ] * Take over maintenance. * Update debian/copyright. * Use debhelper 7 properly in debian/rules. * Remove useless debian/dirs and empty maintainer scripts. * Don't ship an empty NEWS file. * Remove the article from the start of the short description. * Bump Standards-Version, no changes required. * Rework initscript and default files. * Fix "haveged" casing in extended description. * Switch package source format to 3.0 (quilt). * Implement a generic time retrieval function. (Closes: #576375) * Also test haveged using NIST tests. * Fix Architecture field in debian/control (haveged is Linux only). * Add Vcs-* fields to debian/control. * Add debian/README.source. -- Jérémy Bobbio Fri, 15 Apr 2011 15:39:43 +0200 haveged (0.9-3) unstable; urgency=low * Cleaned up init.d script dependencies: missing $remote_fs (lintian warning), extraneous $named and $network * Added debian/watch file (lintian warning) * Re-enabled STARTTIME= in debian/init.d (Closes: #565755) -- Steve Kostecke Wed, 20 Jan 2010 16:14:22 -0500 haveged (0.9-2) unstable; urgency=low * Removed '--' from init script start_daemon line. It was preventing haveged from using the options passed from the default file. * Set '-w 1024' in the defaults file to raise the low water mark and increase the average depth of the entropy pool. * Added build-dep for gcc-4.3 (Closes: #563938). Thanks to Sven Hartge for solving this. * Replaced dh_clean -k with dh_prep (lintian warning) * Updated standards to 3.8.3 -- Steve Kostecke Sun, 17 Jan 2010 21:34:39 -0500 haveged (0.9-1) unstable; urgency=low * Initial release (Closes: #559096) -- Steve Kostecke Tue, 01 Dec 2009 16:00:55 -0500