Source: bearssl
Version: 0.6+dfsg.1-6
Severity: serious
User: [email protected]
Usertags: gcs
Hi,
bearssl's test "02ecdh-x25519" fails on arm64 starting with glibc
2.42-6, which enabled a security feature called Guarded Control Stack
(GCS).
To help with GCS adoption, the linker warns about shared libraries built
without GCS. A library used by bearssl's autopkgtest, lib25519, does not
support GCS yet (#1123048). Being printed to standard error the warning
causes tests such as 02ecdh-x25519 to fail.
The attached patch fixes 02ecdh-x25519 on arm64 by silencing the
warning.
Please see https://wiki.debian.org/ToolChain/GCS for further details.
diff --git a/debian/tests/02ecdh-x25519 b/debian/tests/02ecdh-x25519
index 0971d2e..4c7176a 100644
--- a/debian/tests/02ecdh-x25519
+++ b/debian/tests/02ecdh-x25519
@@ -21,6 +21,10 @@ trap "cleanup" EXIT TERM INT
# parse libs from .c file
libs=`grep '^#include <' "${dir}/${fn}.c" | grep '/* -l' | cut -d '*' -f2`
+if [ "$(dpkg --print-architecture)" = "arm64" ]; then
+ export DEB_LDFLAGS_MAINT_APPEND="-Wl,-z,gcs-report-dynamic=none"
+fi
+
# CC/CLFLAGS/LDFLAGS
CC=cc
CFLAGS=`dpkg-buildflags --get CFLAGS`
