From 2c4e78d95b2bc42c43ba09163e9c2d0744d9ac7b Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 3 Jul 2016 17:47:45 +0200
Subject: [PATCH 1/4] sandboxing: allow open() of stats dir

When sandboxing is enabled, we could not write any stats to disk.
check_or_create_data_subdir("stats"), which prepares the private stats
directory, calls check_private_dir(), which also opens and not just stats() the
directory.  Therefore, we need to also allow open() for the stats dir in our
sandboxing setup.
---
 changes/bug19556 | 6 ++++++
 src/or/main.c    | 1 +
 2 files changed, 7 insertions(+)
 create mode 100644 changes/bug19556

diff --git a/changes/bug19556 b/changes/bug19556
new file mode 100644
index 000000000..fb1e60139
--- /dev/null
+++ b/changes/bug19556
@@ -0,0 +1,6 @@
+  o Minor bugfixes (sandboxing):
+    - When sandboxing is enabled, we could not write any stats to
+      disk.  check_or_create_data_subdir("stats"), which prepares the
+      private stats directory, calls check_private_dir(), which also
+      opens and not just stats() the directory.  Therefore, we need to
+      also allow open() for the stats dir in our sandboxing setup.
diff --git a/src/or/main.c b/src/or/main.c
index f585f0be6..0562f8424 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3568,6 +3568,7 @@ sandbox_init_filter(void)
              get_datadir_fname2("keys", "secret_onion_key_ntor.old"));
 
     STAT_DATADIR("keys");
+    OPEN_DATADIR("stats");
     STAT_DATADIR("stats");
     STAT_DATADIR2("stats", "dirreq-stats");
   }

From 51b5d09c9406ad58a2ae45b036c381637379fc0a Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 3 Jul 2016 18:04:33 +0200
Subject: [PATCH 2/4] Note which bug this fixes in the changes entry

---
 changes/bug19556 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/changes/bug19556 b/changes/bug19556
index fb1e60139..f4ac894f4 100644
--- a/changes/bug19556
+++ b/changes/bug19556
@@ -4,3 +4,4 @@
       private stats directory, calls check_private_dir(), which also
       opens and not just stats() the directory.  Therefore, we need to
       also allow open() for the stats dir in our sandboxing setup.
+      Fixes bug 19556.

From 55d380f3dfbc2e0c1c4aa748e38d73593454069b Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 3 Jul 2016 18:03:26 +0200
Subject: [PATCH 3/4] sandboxing: allow writing to stats/hidserv-stats

Our sandboxing code would not allow us to write to stats/hidserv-stats,
causing tor to abort while trying to write stats.  This was previously
masked by bug#19556.
---
 changes/bug19557 | 4 ++++
 src/or/main.c    | 1 +
 2 files changed, 5 insertions(+)
 create mode 100644 changes/bug19557

diff --git a/changes/bug19557 b/changes/bug19557
new file mode 100644
index 000000000..9036cdc8e
--- /dev/null
+++ b/changes/bug19557
@@ -0,0 +1,4 @@
+  o Major bugfixes (sandboxing):
+    - Our sandboxing code would not allow us to write to stats/hidserv-stats,
+      causing tor to abort while trying to write stats.  This was previously
+      masked by bug 19556.  Fixes bug 19557.
diff --git a/src/or/main.c b/src/or/main.c
index 0562f8424..6b5619c7d 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3530,6 +3530,7 @@ sandbox_init_filter(void)
     OPEN_DATADIR2_SUFFIX("stats", "exit-stats", ".tmp");
     OPEN_DATADIR2_SUFFIX("stats", "buffer-stats", ".tmp");
     OPEN_DATADIR2_SUFFIX("stats", "conn-stats", ".tmp");
+    OPEN_DATADIR2_SUFFIX("stats", "hidserv-stats", ".tmp");
 
     OPEN_DATADIR("approved-routers");
     OPEN_DATADIR_SUFFIX("fingerprint", ".tmp");

From 3f33a5b1e7c0be15e37a07ffb301ad746b4b8839 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Sun, 3 Jul 2016 18:44:13 +0000
Subject: [PATCH 4/4] Run asciidoc in UTC timezone for build reproducibility.

asciidoc adds a timestamp at the end of a generated HTML file.
This timestamp is based on the date of the file but it can change
depending on the TZ environment variable.
---
 changes/asciidoc-UTC   | 4 ++++
 doc/asciidoc-helper.sh | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 changes/asciidoc-UTC

diff --git a/changes/asciidoc-UTC b/changes/asciidoc-UTC
new file mode 100644
index 000000000..21fbfc1d6
--- /dev/null
+++ b/changes/asciidoc-UTC
@@ -0,0 +1,4 @@
+  o Minor bugfixes (build):
+    - When building manual pages, set the timezone to "UTC", so that the
+      output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha.
+      Patch from intrigeri.
diff --git a/doc/asciidoc-helper.sh b/doc/asciidoc-helper.sh
index c06b57026..a3ef53f88 100755
--- a/doc/asciidoc-helper.sh
+++ b/doc/asciidoc-helper.sh
@@ -19,7 +19,7 @@ if [ "$1" = "html" ]; then
     base=${output%%.html.in}
 
     if [ "$2" != none ]; then
-      "$2" -d manpage -o $output $input;
+      TZ=UTC "$2" -d manpage -o $output $input;
     else
       echo "==================================";
       echo;