From 2c4e78d95b2bc42c43ba09163e9c2d0744d9ac7b Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 3 Jul 2016 17:47:45 +0200
Subject: sandboxing: allow open() of stats dir

When sandboxing is enabled, we could not write any stats to disk.
check_or_create_data_subdir("stats"), which prepares the private stats
directory, calls check_private_dir(), which also opens and not just stats() the
directory.  Therefore, we need to also allow open() for the stats dir in our
sandboxing setup.
---
 changes/bug19556 | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 changes/bug19556

(limited to 'changes')

diff --git a/changes/bug19556 b/changes/bug19556
new file mode 100644
index 0000000000..fb1e601390
--- /dev/null
+++ b/changes/bug19556
@@ -0,0 +1,6 @@
+  o Minor bugfixes (sandboxing):
+    - When sandboxing is enabled, we could not write any stats to
+      disk.  check_or_create_data_subdir("stats"), which prepares the
+      private stats directory, calls check_private_dir(), which also
+      opens and not just stats() the directory.  Therefore, we need to
+      also allow open() for the stats dir in our sandboxing setup.
-- 
cgit v1.2.3-54-g00ecf


From 51b5d09c9406ad58a2ae45b036c381637379fc0a Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 3 Jul 2016 18:04:33 +0200
Subject: Note which bug this fixes in the changes entry

---
 changes/bug19556 | 1 +
 1 file changed, 1 insertion(+)

(limited to 'changes')

diff --git a/changes/bug19556 b/changes/bug19556
index fb1e601390..f4ac894f46 100644
--- a/changes/bug19556
+++ b/changes/bug19556
@@ -4,3 +4,4 @@
       private stats directory, calls check_private_dir(), which also
       opens and not just stats() the directory.  Therefore, we need to
       also allow open() for the stats dir in our sandboxing setup.
+      Fixes bug 19556.
-- 
cgit v1.2.3-54-g00ecf


From 55d380f3dfbc2e0c1c4aa748e38d73593454069b Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 3 Jul 2016 18:03:26 +0200
Subject: sandboxing: allow writing to stats/hidserv-stats

Our sandboxing code would not allow us to write to stats/hidserv-stats,
causing tor to abort while trying to write stats.  This was previously
masked by bug#19556.
---
 changes/bug19557 | 4 ++++
 src/or/main.c    | 1 +
 2 files changed, 5 insertions(+)
 create mode 100644 changes/bug19557

(limited to 'changes')

diff --git a/changes/bug19557 b/changes/bug19557
new file mode 100644
index 0000000000..9036cdc8e8
--- /dev/null
+++ b/changes/bug19557
@@ -0,0 +1,4 @@
+  o Major bugfixes (sandboxing):
+    - Our sandboxing code would not allow us to write to stats/hidserv-stats,
+      causing tor to abort while trying to write stats.  This was previously
+      masked by bug 19556.  Fixes bug 19557.
diff --git a/src/or/main.c b/src/or/main.c
index 0562f84242..6b5619c7d6 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3530,6 +3530,7 @@ sandbox_init_filter(void)
     OPEN_DATADIR2_SUFFIX("stats", "exit-stats", ".tmp");
     OPEN_DATADIR2_SUFFIX("stats", "buffer-stats", ".tmp");
     OPEN_DATADIR2_SUFFIX("stats", "conn-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "hidserv-stats", ".tmp");
 
     OPEN_DATADIR("approved-routers");
     OPEN_DATADIR_SUFFIX("fingerprint", ".tmp");
-- 
cgit v1.2.3-54-g00ecf


From 3f33a5b1e7c0be15e37a07ffb301ad746b4b8839 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Sun, 3 Jul 2016 18:44:13 +0000
Subject: Run asciidoc in UTC timezone for build reproducibility.

asciidoc adds a timestamp at the end of a generated HTML file.
This timestamp is based on the date of the file but it can change
depending on the TZ environment variable.
---
 changes/asciidoc-UTC   | 4 ++++
 doc/asciidoc-helper.sh | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 changes/asciidoc-UTC

(limited to 'changes')

diff --git a/changes/asciidoc-UTC b/changes/asciidoc-UTC
new file mode 100644
index 0000000000..21fbfc1d67
--- /dev/null
+++ b/changes/asciidoc-UTC
@@ -0,0 +1,4 @@
+  o Minor bugfixes (build):
+    - When building manual pages, set the timezone to "UTC", so that the
+      output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha.
+      Patch from intrigeri.
diff --git a/doc/asciidoc-helper.sh b/doc/asciidoc-helper.sh
index c06b57026b..a3ef53f884 100755
--- a/doc/asciidoc-helper.sh
+++ b/doc/asciidoc-helper.sh
@@ -19,7 +19,7 @@ if [ "$1" = "html" ]; then
     base=${output%%.html.in}
 
     if [ "$2" != none ]; then
-      "$2" -d manpage -o $output $input;
+      TZ=UTC "$2" -d manpage -o $output $input;
     else
       echo "==================================";
       echo;
-- 
cgit v1.2.3-54-g00ecf