summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/tor-sandbox-i686.patch36
-rw-r--r--gnu/packages/tor.scm5
3 files changed, 40 insertions, 2 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 50f43df1e6..46f6800a6f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1811,6 +1811,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/tk-find-library.patch			\
   %D%/packages/patches/tla2tools-build-xml.patch		\
   %D%/packages/patches/tlf-support-hamlib-4.2+.patch		\
+  %D%/packages/patches/tor-sandbox-i686.patch			\
   %D%/packages/patches/transcode-ffmpeg.patch	\
   %D%/packages/patches/transmission-honor-localedir.patch	\
   %D%/packages/patches/ttf2eot-cstddef.patch			\
diff --git a/gnu/packages/patches/tor-sandbox-i686.patch b/gnu/packages/patches/tor-sandbox-i686.patch
new file mode 100644
index 0000000000..34b0a053b1
--- /dev/null
+++ b/gnu/packages/patches/tor-sandbox-i686.patch
@@ -0,0 +1,36 @@
+This patch fixes sandboxing on i686 by allowing 'statx'.  Without this,
+'src/test/test_include.sh' would fail.
+
+Patch adapted from:
+
+  https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/480
+
+From 001d880d1082f5d124e10554e2718e407c7e88c6 Mon Sep 17 00:00:00 2001
+From: Simon South <simon@simonsouth.net>
+Date: Fri, 5 Nov 2021 10:10:10 -0400
+Subject: [PATCH] sandbox: Allow "statx" syscall on i386 for glibc 2.33
+
+glibc versions 2.33 and newer use the modern "statx" system call in their
+implementations of stat() and opendir() for Linux on i386.  Prevent failures in
+the sandbox unit tests by modifying the sandbox to allow this system call
+without restriction on i386 when it is available, and update the test suite to
+skip the "sandbox/stat_filename" test in this case as it is certain to fail.
+---
+ src/lib/sandbox/sandbox.c | 3 +++
+ src/test/test_sandbox.c   | 7 ++++---
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
+index fb02a345ab..a15f99ad76 100644
+--- a/src/lib/sandbox/sandbox.c
++++ b/src/lib/sandbox/sandbox.c
+@@ -252,6 +252,9 @@ static int filter_nopar_gen[] = {
+     SCMP_SYS(sigreturn),
+ #endif
+     SCMP_SYS(stat),
++#if defined(__i386__) && defined(__NR_statx)
++    SCMP_SYS(statx),
++#endif
+     SCMP_SYS(uname),
+     SCMP_SYS(wait4),
+     SCMP_SYS(write),
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 3cd7983827..11b81a1234 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017, 2018, 2020, 2021 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Nikita <nikita@n0.is>
@@ -64,7 +64,8 @@
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0sj7qn6d6js6gk4vjfkc7p9g021czbfaq00yfq3mn5ycnhvimkhm"))))
+               "0sj7qn6d6js6gk4vjfkc7p9g021czbfaq00yfq3mn5ycnhvimkhm"))
+             (patches (search-patches "tor-sandbox-i686.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags