From: Peter Müller <peter.mueller@ipfire.org>
Date: Thu, 31 Mar 2022 07:24:25 +0000 (+0000)
Subject: Tor: Pick up upstream patch for fixing sandbox with glibc >= 2.34
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=65c6336aa321ccf004545efe346b57e4dfed875d;p=people%2Fms%2Fipfire-2.x.git

Tor: Pick up upstream patch for fixing sandbox with glibc >= 2.34

Fixes: #12807

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/lfs/tor b/lfs/tor
index 2eb2adcb1a..d732bc66e9 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tor
-PAK_VER    = 67
+PAK_VER    = 68
 
 DEPS       = libseccomp
 
@@ -89,6 +89,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 			--with-tor-user=tor \
 			--with-tor-group=tor
 
+	# https://bugzilla.ipfire.org/show_bug.cgi?id=12807
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
+
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 
diff --git a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch b/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
new file mode 100644
index 0000000000..e8c6957f23
--- /dev/null
+++ b/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
@@ -0,0 +1,13 @@
+diff -Naur tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c tor-0.4.6.10/src/lib/sandbox/sandbox.c
+--- tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c	2022-03-31 07:17:55.966217291 +0000
++++ tor-0.4.6.10/src/lib/sandbox/sandbox.c	2022-03-31 07:19:23.730134367 +0000
+@@ -151,6 +151,9 @@
+     SCMP_SYS(clock_gettime),
+     SCMP_SYS(close),
+     SCMP_SYS(clone),
++#ifdef __NR_clone3
++    SCMP_SYS(clone3),
++#endif
+     SCMP_SYS(dup),
+     SCMP_SYS(epoll_create),
+     SCMP_SYS(epoll_wait),