From 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Sun, 22 Oct 2017 23:34:03 +0200
Subject: Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh

This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.

Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.

We might want to clean up things a bit more and/or move it
somewhere else.
---
 debian/control | 1 +
 1 file changed, 1 insertion(+)

(limited to 'debian/control')

diff --git a/debian/control b/debian/control
index 22567e193..de373a83d 100644
--- a/debian/control
+++ b/debian/control
@@ -20,6 +20,7 @@ Build-Depends: cmake (>= 3.4),
                libgnutls28-dev (>= 3.4.6),
                liblz4-dev (>= 0.0~r126),
                liblzma-dev,
+               libseccomp-dev [amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x hppa powerpc powerpcspe ppc64 x32],
                libudev-dev [linux-any],
                pkg-config,
                po4a (>= 0.34-2),
-- 
cgit v1.2.3