<pre style='margin:0'>
Rainer Müller (raimue) pushed a commit to branch release-2.4
in repository macports-base.

</pre>
<p><a href="https://github.com/macports/macports-base/commit/5bfd917203a47c66866a1b19fc95ffaf431d3d4a">https://github.com/macports/macports-base/commit/5bfd917203a47c66866a1b19fc95ffaf431d3d4a</a></p>
<pre style="white-space: pre; background: #F8F8F8"><span style='display:block; white-space:pre;color:#808000;'>commit 5bfd917203a47c66866a1b19fc95ffaf431d3d4a
</span>Author: Joshua Root <jmr@macports.org>
AuthorDate: Wed Jun 14 22:49:54 2017 +1000

<span style='display:block; white-space:pre;color:#404040;'>    Add /dev/{u,}random to sandbox whitelist
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    Writing to these is a noop on Darwin, but some code such as apparently
</span><span style='display:block; white-space:pre;color:#404040;'>    C++'s std::random_device wants to open them for reading and writing
</span><span style='display:block; white-space:pre;color:#404040;'>    anyway. There should be no harm in allowing this.
</span><span style='display:block; white-space:pre;color:#404040;'>    
</span><span style='display:block; white-space:pre;color:#404040;'>    (cherry picked from commit c8c1565f42a60c2b9e85a204603a66052f444c43)
</span>---
 src/port1.0/portsandbox.tcl | 1 +
 1 file changed, 1 insertion(+)

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/src/port1.0/portsandbox.tcl b/src/port1.0/portsandbox.tcl
</span><span style='display:block; white-space:pre;color:#808080;'>index fcded1f..dfe8f3a 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/src/port1.0/portsandbox.tcl
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/src/port1.0/portsandbox.tcl
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -84,6 +84,7 @@ proc portsandbox::set_profile {target} {
</span> (allow file-write-data (literal \"/dev/null\") (literal \"/dev/zero\") \
 (literal \"/dev/dtracehelper\") (literal \"/dev/tty\") \
 (literal \"/dev/stdin\") (literal \"/dev/stdout\") (literal \"/dev/stderr\") \
<span style='display:block; white-space:pre;background:#e0ffe0;'>+(literal \"/dev/random\") (literal \"/dev/urandom\") \
</span> (regex #\"^/dev/fd/\")) (allow file-write* \
 (regex #\"^(/private)?(/var)?/tmp/\" #\"^(/private)?/var/folders/\"))"
 
</pre><pre style='margin:0'>

</pre>