diff --git a/0001-Set-FD_CLOEXEC-on-the-LMDB-FD-manually.patch b/0001-Set-FD_CLOEXEC-on-the-LMDB-FD-manually.patch
new file mode 100644
index 0000000..964a1ac
--- /dev/null
+++ b/0001-Set-FD_CLOEXEC-on-the-LMDB-FD-manually.patch
@@ -0,0 +1,53 @@
+From 7e4b99464fc9463082465f4ccdae5d69ff001682 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fvogt@suse.de>
+Date: Thu, 12 Nov 2020 09:29:55 +0100
+Subject: [PATCH] Set FD_CLOEXEC on the LMDB FD manually
+
+Currently the FD referring to the appstreacm-cache-FOO.mdb is leaked into
+child processes. The only way to fix is in a race-free way is by passing
+O_CLOEXEC when opening it inside LMDB, but that's currently not done.
+---
+ src/as-cache.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/as-cache.c b/src/as-cache.c
+index 831d94a9..777b40bb 100644
+--- a/src/as-cache.c
++++ b/src/as-cache.c
+@@ -35,6 +35,8 @@
+ 
+ #include <lmdb.h>
+ #include <errno.h>
++#include <fcntl.h>
++#include <unistd.h>
+ #include <glib/gstdio.h>
+ 
+ #include "as-utils-private.h"
+@@ -723,6 +725,7 @@ as_cache_open (AsCache *cache, const gchar *fname, const gchar *locale, GError *
+ 	gboolean nosync;
+ 	gboolean readonly;
+ 	g_autoptr(GMutexLocker) locker = NULL;
++	int db_fd, db_fd_flags = -1;
+ 
+ 	/* close cache in case it was open */
+ 	as_cache_close (cache);
+@@ -829,6 +832,16 @@ as_cache_open (AsCache *cache, const gchar *fname, const gchar *locale, GError *
+ 		goto fail;
+ 	}
+ 
++	/* set FD_CLOEXEC manually. LMDB should do that, but it doesn't:
++	   https://www.openldap.org/lists/openldap-bugs/201702/msg00003.html */
++	rc = mdb_env_get_fd (priv->db_env, &db_fd);
++	if (rc == MDB_SUCCESS) {
++		db_fd_flags = fcntl (db_fd, F_GETFD);
++	}
++	if (db_fd_flags != -1) {
++		fcntl (db_fd, F_SETFD, db_fd_flags | FD_CLOEXEC);
++	}
++
+ 	/* unlink the file, so it gets removed as soon as we don't need it anymore */
+ 	if (priv->volatile_db_fname != NULL)
+ 		g_unlink (priv->volatile_db_fname);
+-- 
+2.20.1
+
diff --git a/AppStream.changes b/AppStream.changes
index 79eb709..85ddc5a 100644
--- a/AppStream.changes
+++ b/AppStream.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Nov 12 08:39:54 UTC 2020 - Fabian Vogt <fabian@ritter-vogt.de>
+
+- Add patch to avoid FD leak:
+  * 0001-Set-FD_CLOEXEC-on-the-LMDB-FD-manually.patch
+
 -------------------------------------------------------------------
 Thu Jul  2 16:50:16 UTC 2020 - Fabian Vogt <fabian@ritter-vogt.de>
 
diff --git a/AppStream.spec b/AppStream.spec
index 0cee374..5fe8754 100644
--- a/AppStream.spec
+++ b/AppStream.spec
@@ -30,6 +30,8 @@ Source1:        http://www.freedesktop.org/software/appstream/releases/%{name}-%
 Source2:        %{name}.keyring
 # PATCH-FIX-UPSTREAM
 Patch1:         properly-escape-markup.patch
+# https://github.com/ximion/appstream/pull/287
+Patch2:         0001-Set-FD_CLOEXEC-on-the-LMDB-FD-manually.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       fix-build-gcc7.patch
 BuildRequires:  docbook-xsl-stylesheets