Bug#1063515: glibc: Please build with -mbranch-protection=standard on arm64 to enable PAC/BTI support

[Emanuele Rocca <ema@debian.org>]

Hi,

On 2024-02-09 11:36, Emanuele Rocca wrote:
> In order to properly support PAC/BTI in Debian we need first GCC to
> enable support for the feature, and that has not happened yet.

PAC/BTI support is now turned on in GCC starting with 13.3.0-2. I have tried a
glibc rebuild in sid with the following patch, which was proposed some time ago
by Aurelien. The rebuild went fine and I double-checked that crti.o, Scrt1.o,
and crtn.o have BTI enabled.

Logs here: https://people.debian.org/~ema/glibc_2.38-15_arm64.build

Please consider applying the patch at the next glibc upload. Thanks!

diff -Nru glibc-2.38/debian/sysdeps/arm64.mk glibc-2.38/debian/sysdeps/arm64.mk
--- glibc-2.38/debian/sysdeps/arm64.mk	2024-07-04 21:53:20.000000000 +0200
+++ glibc-2.38/debian/sysdeps/arm64.mk	2024-07-10 07:25:30.000000000 +0200
@@ -3,3 +3,6 @@
 
 # main library
 libc_mvec = yes
+
+CC = $(DEB_HOST_GNU_TYPE)-$(BASE_CC)$(DEB_GCC_VERSION) -mbranch-protection=standard
+CXX = $(DEB_HOST_GNU_TYPE)-$(BASE_CXX)$(DEB_GCC_VERSION) -mbranch-protection=standard