diff --git a/anthy-unicode-HEAD.patch b/anthy-unicode-HEAD.patch
index 98253ef..b2ac5e6 100644
--- a/anthy-unicode-HEAD.patch
+++ b/anthy-unicode-HEAD.patch
@@ -1,6 +1,6 @@
-From 1f791ba8f108b581956ab5d8b11f3f2ff42fdde8 Mon Sep 17 00:00:00 2001
+From c9f365df28640b1e5dd518f532e77e33fcb4451c Mon Sep 17 00:00:00 2001
 From: fujiwarat <takao.fujiwara1@gmail.com>
-Date: Mon, 12 Jul 2021 20:59:10 +0900
+Date: Tue, 13 Jul 2021 08:34:34 +0900
 Subject: [PATCH] Code reviews
 
 ---
@@ -4368,7 +4368,7 @@ index 79725e2..e0d53dc 100644
      }
      if (ws.line[ws.offset] == ' ') {
 diff --git a/test/check.c b/test/check.c
-index f67dbac..51837a8 100644
+index f67dbac..24163ca 100644
 --- a/test/check.c
 +++ b/test/check.c
 @@ -1,6 +1,8 @@
@@ -4404,7 +4404,8 @@ index f67dbac..51837a8 100644
  
 +/* compliant_rand:
 + * dont_call: "rand" should not be used for security-related applications,
-+ * because linear congruential algorithms are too easy to break.
++ * because linear congruential algorithms are too easy to break
++ * but we don't need the strict randoms here.
 + */
 +static long int
 +compliant_rand(void)
@@ -4414,8 +4415,7 @@ index f67dbac..51837a8 100644
 +    printf("Failed timespec_get\n");
 +    assert(0);
 +  }
-+  srandom(ts.tv_nsec ^ ts.tv_sec);
-+  return random();
++  return ts.tv_nsec;
 +}
 +
  static int
diff --git a/anthy-unicode.spec b/anthy-unicode.spec
index c8eb9de..a80ec5b 100644
--- a/anthy-unicode.spec
+++ b/anthy-unicode.spec
@@ -4,7 +4,7 @@
 
 Name:  anthy-unicode
 Version: 1.0.0.20201109
-Release: 5%{?dist}
+Release: 6%{?dist}
 # The entire source code is LGPLv2+ and dictionaries is GPLv2. the corpus data is under Public Domain.
 License: LGPLv2+ and GPLv2 and Public Domain
 URL:  https://github.com/fujiwarat/anthy-unicode/wiki
@@ -161,6 +161,9 @@ cd ..
 
 
 %changelog
+* Tue Jul 13 2021 Takao Fujiwara <fujiwara@redhat.com> 1.0.0.20201109-6
+- Fix covscan report
+
 * Mon Jul 12 2021 Takao Fujiwara <fujiwara@redhat.com> 1.0.0.20201109-5
 - Fix covscan report