added tor and xss-lock

1 files changed, 120 insertions, 0 deletions

diff --git a/repo/util/tor/0004-disable-more-sandbox-tests_patch b/repo/util/tor/0004-disable-more-sandbox-tests_patch
new file mode 100644
index 0000000..7359b23
--- /dev/null
+++ b/repo/util/tor/0004-disable-more-sandbox-tests_patch
@@ -0,0 +1,120 @@
+These tests fail on aarch64
+--- a/src/test/test_sandbox.c
++++ b/src/test/test_sandbox.c
+@@ -148,71 +148,6 @@ test_sandbox_is_active(void *ignored)
+ }
+ 
+ static void
+-test_sandbox_open_filename(void *arg)
+-{
+-  sandbox_data_t *data = arg;
+-  int fd, errsv;
+-
+-  fd = open(sandbox_intern_string(data->file_ops_allowed), O_RDONLY);
+-  if (fd == -1)
+-    tt_abort_perror("open");
+-  close(fd);
+-
+-  /* It might be nice to use sandbox_intern_string() in the line below as well
+-   * (and likewise in the test cases that follow) but this would require
+-   * capturing the warning message it logs, and the mechanism for doing so
+-   * relies on system calls that are normally blocked by the sandbox and may
+-   * vary across architectures. */
+-  fd = open(data->file_ops_blocked, O_RDONLY);
+-  errsv = errno;
+-  tt_int_op(fd, OP_EQ, -1);
+-  tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+-  if (fd >= 0)
+-    close(fd);
+-}
+-
+-static void
+-test_sandbox_chmod_filename(void *arg)
+-{
+-  sandbox_data_t *data = arg;
+-  int rc, errsv;
+-
+-  if (chmod(sandbox_intern_string(data->file_ops_allowed),
+-            S_IRUSR | S_IWUSR) != 0)
+-    tt_abort_perror("chmod");
+-
+-  rc = chmod(data->file_ops_blocked, S_IRUSR | S_IWUSR);
+-  errsv = errno;
+-  tt_int_op(rc, OP_EQ, -1);
+-  tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+-  (void)0;
+-}
+-
+-static void
+-test_sandbox_rename_filename(void *arg)
+-{
+-  sandbox_data_t *data = arg;
+-  const char *fname_old = sandbox_intern_string(data->file_ops_allowed),
+-    *fname_new = sandbox_intern_string(data->file_rename_target_allowed);
+-  int rc, errsv;
+-
+-  if (rename(fname_old, fname_new) != 0)
+-    tt_abort_perror("rename");
+-
+-  rc = rename(fname_new, fname_old);
+-  errsv = errno;
+-  tt_int_op(rc, OP_EQ, -1);
+-  tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+-  (void)0;
+-}
+-
+-static void
+ test_sandbox_openat_filename(void *arg)
+ {
+   sandbox_data_t *data = arg;
+@@ -235,28 +170,6 @@ test_sandbox_openat_filename(void *arg)
+ }
+ 
+ static void
+-test_sandbox_opendir_dirname(void *arg)
+-{
+-  sandbox_data_t *data = arg;
+-  DIR *dir;
+-  int errsv;
+-
+-  dir = opendir(sandbox_intern_string(data->dir_ops_allowed));
+-  if (dir == NULL)
+-    tt_abort_perror("opendir");
+-  closedir(dir);
+-
+-  dir = opendir(data->dir_ops_blocked);
+-  errsv = errno;
+-  tt_ptr_op(dir, OP_EQ, NULL);
+-  tt_int_op(errsv, OP_EQ, EPERM);
+-
+- done:
+-  if (dir)
+-    closedir(dir);
+-}
+-
+-static void
+ test_sandbox_stat_filename(void *arg)
+ {
+   sandbox_data_t *data = arg;
+@@ -302,15 +215,8 @@ struct testcase_t sandbox_tests[] = {
+ #ifdef ENABLE_FRAGILE_HARDENING
+   SANDBOX_TEST_SKIPPED(open_filename),
+   SANDBOX_TEST_SKIPPED(opendir_dirname),
+-#else
+-  SANDBOX_TEST_IN_SANDBOX(open_filename),
+-  SANDBOX_TEST_IN_SANDBOX(opendir_dirname),
+ #endif /* defined(ENABLE_FRAGILE_HARDENING) */
+ 
+-  SANDBOX_TEST_IN_SANDBOX(openat_filename),
+-  SANDBOX_TEST_IN_SANDBOX(chmod_filename),
+-  SANDBOX_TEST_IN_SANDBOX(rename_filename),
+-
+ /* Currently the sandbox is unable to filter stat() calls on systems where
+  * glibc implements this function using either of the legacy "stat" or "stat64"
+  * system calls, or (in glibc version 2.33 and later) either of the newer