This is an automated email from the git hooks/post-receive script. nickm pushed a commit to branch main in repository tor. commit 531275b0f36b39fb6a5c6aaab47e26993ce6fa91 Author: Pierre Bourdon <delroth@gmail.com> AuthorDate: Sat Apr 30 11:52:59 2022 +0200 sandbox: fix openat filtering on AArch64 New glibc versions not sign-extending 32 bit negative constants seems to not be a thing on AArch64. I suspect that this might not be the only architecture where the sign-extensions is happening, and the correct fix might be instead to use a proper 32 bit comparison for the first openat parameter. For now, band-aid fix this so the sandbox can work again on AArch64. --- src/lib/sandbox/sandbox.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index e87edd8e21..4681d4795a 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -518,7 +518,12 @@ libc_uses_openat_for_opendir(void) static int libc_negative_constant_needs_cast(void) { +#if defined(__aarch64__) && defined(__LP64__) + /* Existing glibc versions always sign-extend to 64 bits on AArch64. */ + return 0; +#else return is_libc_at_least(2, 27); +#endif } /** Allow a single file to be opened. If <b>use_openat</b> is true, -- To stop receiving notification emails like this one, please contact the administrator of this repository.