Changelog
haveged (1.9.8-3) unstable; urgency=medium
* debian/haveged.service
+ Sync with upstream's version
- Service ordering changes
- Start after systemd-tmpfiles-setup-dev.service
This is required, otherwise /dev/random might not yet exist.
- Start before systemd-journald
- Set WantedBy=sysinit.target (rather than multi-user.target)
- Drop `NoNewPrivileges` (useless, as haveged keeps running as root)
- Update SuccessExitStatus
- Always restart the service
- Allow running haveged in containers
- Normalise on Boolean “true” instead of “yes”
+ Tighten-down security settings
- Apply a syscall filter to the service
- Set ProtectHostname, ProtectKernel{Logs,Modules}
- Set Restrict{Namespaces,Realtime}, preventing access to
potentially-vulnerable kernel features.
- Set LockPersonality, MemoryDenyWriteExecute
* Declare compliance with policy v4.5.0.
No change required.
* Remove obsolete debian/source/include-binaries
-- Nicolas Braud-Santoni <email address hidden> Fri, 31 Jan 2020 05:16:40 +0100