1 files changed, 31 insertions, 0 deletions

diff --git a/debian/patches/seccomp-getrandom.patch b/debian/patches/seccomp-getrandom.patch
new file mode 100644
index 0000000..67a0d67
--- /dev/null
+++ b/debian/patches/seccomp-getrandom.patch
@@ -0,0 +1,31 @@
+From b54bd5d3b7b1a60cc69b7df243b906f3e94d4d3c Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Wed, 21 Aug 2019 14:30:42 +0100
+Subject: sandbox: Allow getrandom, used by Hardened Malloc
+
+Fixes Savannah bug #56767.
+
+* lib/sandbox.c (make_seccomp_filter): Allow getrandom.
+
+Origin: upstream, https://gitlab.com/man-db/man-db/-/commit/0951f82c611c4a3c14271b0fa9c4919c84b7afe7
+Bug: https://savannah.nongnu.org/bugs/?56767
+Bug-Debian: https://bugs.debian.org/1061870
+Last-Update: 2024-01-31
+
+Patch-Name: seccomp-getrandom.patch
+---
+ lib/sandbox.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/sandbox.c b/lib/sandbox.c
+index c097482b..ce91936e 100644
+--- a/lib/sandbox.c
++++ b/lib/sandbox.c
+@@ -488,6 +488,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
+ 	SC_ALLOW ("brk");
+ 	SC_ALLOW ("fadvise64");
+ 	SC_ALLOW ("fadvise64_64");
++	SC_ALLOW ("getrandom");
+ 	if (permissive)
+ 		SC_ALLOW ("ioctl");
+ 	else {