From d0dbbc1a1988c995771c0bbb85894e723049b5ef Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 14 Sep 2016 10:26:06 +0200
Subject: [PATCH] Added getrandom to the list of allowed syscalls (#1375851)

---
 ocserv-0.11.4-getrandom.patch | 24 ++++++++++++++++++++++++
 ocserv.spec                   |  8 +++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 ocserv-0.11.4-getrandom.patch

diff --git a/ocserv-0.11.4-getrandom.patch b/ocserv-0.11.4-getrandom.patch
new file mode 100644
index 0000000..ffe15ea
--- /dev/null
+++ b/ocserv-0.11.4-getrandom.patch
@@ -0,0 +1,24 @@
+From cc1dbf1c246375c175b4392e3c6ca2139b0c355a Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 14 Sep 2016 10:20:41 +0200
+Subject: [PATCH] seccomp: added getrandom() to the accepted list of calls
+
+---
+ src/worker-privs.c | 1 +
+ 1 file changed, 1 insertion(+), 0 deletions(-)
+
+diff --git a/src/worker-privs.c b/src/worker-privs.c
+index 1557c59..33dc46c 100644
+--- a/src/worker-privs.c
++++ b/src/worker-privs.c
+@@ -61,6 +61,7 @@ int disable_system_calls(struct worker_st *ws)
+ 	ADD_SYSCALL(alarm, 0);
+ 	ADD_SYSCALL(getpid, 0);
+ 	ADD_SYSCALL(brk, 0);
++	ADD_SYSCALL(getrandom, 0); /* used by gnutls 3.5.x */
+ 
+ 	ADD_SYSCALL(recvmsg, 0);
+ 	ADD_SYSCALL(sendmsg, 0);
+--
+libgit2 0.24.0
+
diff --git a/ocserv.spec b/ocserv.spec
index 7b89dbe..8bf3700 100644
--- a/ocserv.spec
+++ b/ocserv.spec
@@ -2,7 +2,7 @@
 
 Name:		ocserv
 Version:	0.11.4
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	OpenConnect SSL VPN server
 
 # For a breakdown of the licensing, see PACKAGE-LICENSING 
@@ -19,6 +19,7 @@ Source6:	PACKAGE-LICENSING
 Source8:	ocserv-genkey
 Source9:	ocserv-script
 Source10:	gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
+Patch0:		ocserv-0.11.4-getrandom.patch
 
 # Taken from upstream:
 # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
@@ -78,6 +79,8 @@ to provide the secure VPN service.
 gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} || gpgv2 --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0}
 %setup -q
 
+%patch0 -p1 -b .getrandom
+
 rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
 rm -rf src/protobuf/protobuf-c/
 rm -rf src/ccan/talloc
@@ -162,6 +165,9 @@ rm -rf %{buildroot}
 %{_localstatedir}/lib/ocserv/profile.xml
 
 %changelog
+* Wed Sep 14 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.4-3
+- Added getrandom to the list of allowed syscalls (#1375851)
+
 * Thu Sep  8 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.4-2
 - Rebuild to address http-parser breakage (#1374081)