Source: glibc Version: 2.37-15 Severity: wishlist Tags: patch User: debian-...@lists.debian.org Usertags: arm64 Control: block -1 by 1057469
Hi, As discussed on the debian-glibc mailing list [1], please consider building glibc on arm64 with -mbranch-protection=standard to enable support for the PAC/BTI security features in Debian. The discussion on the mailing list ended up with an agreement on the attached patch proposed by Aurelien Jarno which works fine in my tests. In order to properly support PAC/BTI in Debian we need first GCC to enable support for the feature, and that has not happened yet. For this reason I'm marking this bug as blocked-by the relevant issue filed against gcc-12: #1057469. [1] https://lists.debian.org/debian-glibc/2023/12/msg00022.html
--- glibc-2.37/debian/sysdeps/arm64.mk +++ glibc-2.37/debian/sysdeps/arm64.mk @@ -1,2 +1,5 @@ # configuration options for all flavours extra_config_options = --enable-multi-arch --enable-memory-tagging + +CC = $(DEB_HOST_GNU_TYPE)-$(BASE_CC)$(DEB_GCC_VERSION) -mbranch-protection=standard +CXX = $(DEB_HOST_GNU_TYPE)-$(BASE_CXX)$(DEB_GCC_VERSION) -mbranch-protection=standard
