gnu: tor: Address glibc 2.33 compatibility issue on i686.

* gnu/packages/patches/tor-sandbox-i686.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tor.scm (tor): Use it.
This commit is contained in:
Ludovic Courtès 2021-11-26 22:49:21 +01:00
parent ef717037c8
commit c335c06115
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
3 changed files with 40 additions and 2 deletions

View file

@ -1811,6 +1811,7 @@ dist_patch_DATA = \
%D%/packages/patches/tk-find-library.patch \
%D%/packages/patches/tla2tools-build-xml.patch \
%D%/packages/patches/tlf-support-hamlib-4.2+.patch \
%D%/packages/patches/tor-sandbox-i686.patch \
%D%/packages/patches/transcode-ffmpeg.patch \
%D%/packages/patches/transmission-honor-localedir.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \

View file

@ -0,0 +1,36 @@
This patch fixes sandboxing on i686 by allowing 'statx'. Without this,
'src/test/test_include.sh' would fail.
Patch adapted from:
https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/480
From 001d880d1082f5d124e10554e2718e407c7e88c6 Mon Sep 17 00:00:00 2001
From: Simon South <simon@simonsouth.net>
Date: Fri, 5 Nov 2021 10:10:10 -0400
Subject: [PATCH] sandbox: Allow "statx" syscall on i386 for glibc 2.33
glibc versions 2.33 and newer use the modern "statx" system call in their
implementations of stat() and opendir() for Linux on i386. Prevent failures in
the sandbox unit tests by modifying the sandbox to allow this system call
without restriction on i386 when it is available, and update the test suite to
skip the "sandbox/stat_filename" test in this case as it is certain to fail.
---
src/lib/sandbox/sandbox.c | 3 +++
src/test/test_sandbox.c | 7 ++++---
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index fb02a345ab..a15f99ad76 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -252,6 +252,9 @@ static int filter_nopar_gen[] = {
SCMP_SYS(sigreturn),
#endif
SCMP_SYS(stat),
+#if defined(__i386__) && defined(__NR_statx)
+ SCMP_SYS(statx),
+#endif
SCMP_SYS(uname),
SCMP_SYS(wait4),
SCMP_SYS(write),

View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016, 2017, 2018, 2020, 2021 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017 Nikita <nikita@n0.is>
@ -64,7 +64,8 @@ (define-public tor
version ".tar.gz"))
(sha256
(base32
"0sj7qn6d6js6gk4vjfkc7p9g021czbfaq00yfq3mn5ycnhvimkhm"))))
"0sj7qn6d6js6gk4vjfkc7p9g021czbfaq00yfq3mn5ycnhvimkhm"))
(patches (search-patches "tor-sandbox-i686.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags