Hi Matthias, On 2023-11-24 02:29, Matthias Klose wrote: > please send a test patch, that doesn't turn off this flag by default.
I'm not sure if I understand the question, but with the attached patch all .o and .a files shipped by libgcc-13-dev have the right BTI, PAC properties according to readelf -n. Build logs here for reference: https://people.debian.org/~ema/gcc-13_13.2.0-7.1_arm64.build Let me know if this is what you were looking for. Note that of all files without BTI in the notes section mentioned in https://bugs.debian.org/1055711#5, libgcc-13-dev ships crtbeginS.o and crtendS.o. Those are fixed with the proposed patch. The remaining files (Scrt1.o, crti.o, and crtn.o) are instead installed by libc6-dev. We'll need to fix them separately in glibc. Thanks, Emanuele
diff -Nru gcc-13-13.2.0/debian/changelog gcc-13-13.2.0/debian/changelog --- gcc-13-13.2.0/debian/changelog 2023-11-24 11:53:24.000000000 +0100 +++ gcc-13-13.2.0/debian/changelog 2023-11-27 17:22:11.000000000 +0100 @@ -1,3 +1,11 @@ +gcc-13 (13.2.0-7.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Add -mbranch-protection=standard to CFLAGS and CXXFLAGS on arm64 + (Closes: #1055711) + + -- Emanuele Rocca <e...@debian.org> Mon, 27 Nov 2023 17:22:11 +0100 + gcc-13 (13.2.0-7) unstable; urgency=medium * Update to git 20231124 from the gcc-13 branch. diff -Nru gcc-13-13.2.0/debian/rules2 gcc-13-13.2.0/debian/rules2 --- gcc-13-13.2.0/debian/rules2 2023-10-24 14:39:05.000000000 +0200 +++ gcc-13-13.2.0/debian/rules2 2023-11-27 17:22:11.000000000 +0100 @@ -195,6 +195,11 @@ STAGE1_LDFLAGS = endif +ifeq ($(DEB_TARGET_ARCH),arm64) + CFLAGS += -mbranch-protection=standard + CXXFLAGS += -mbranch-protection=standard +endif + # set CFLAGS/LDFLAGS for the configure step only, maybe be modifed for some target # all other flags are passed to the make step. pass_vars = $(foreach v,$(1),$(if $($(v)),$(v)="$($(v))"))