Package: libwebkitgtk-6.0-4 Version: 2.48.1-2 Severity: important Tags: upstream patch X-Debbugs-Cc: [email protected], [email protected], [email protected] User: [email protected] Usertags: arm64 Control: forwarded -1 https://bugs.webkit.org/show_bug.cgi?id=245697
Dear Maintainer, Earlier today we received a report in Bananas Team [1] that WebKitGTK is broken on arm64 when BTI is enabled (CONFIG_ARM64_BTI=y in Debian) and actually in use. Apparently, this is a longstanding bug (it was first reported to Fedora back in 2022, see [2]) of which upstream is aware [3]. Based on the latter, it seems a workaround is to switch from branch-protection=standard to branch-protection=pac-ret (see e.g. Fedora [4]). The user who reported this, Adam Reviczky (in c.c.), suggests to use [5] ``` DEB_BUILD_MAINT_OPTIONS = hardening=+all,-branch CXXFLAGS += -mbranch-protection=pac-ret ``` for arm64. I am flagging this bug as important, but it should probably be serious since IIUC it makes WebKitGTK unusable on these platforms. Cheers! [1] https://salsa.debian.org/bananas-team/bananas-tracker/-/issues/3 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2130009 [3] https://bugs.webkit.org/show_bug.cgi?id=245697 [4] https://src.fedoraproject.org/rpms/webkitgtk/c/fac6852e5695051ade276ed08835d7baa487bf32?branch=rawhide [5] https://github.com/reviczky/webkit-bti/commit/e7226117a8d976300e3be0037f999fafde3e7c0f
