So this on is a bit different. There is a small amount of arm64
assembly code; basically a copy of the assembly generated by openssl
perlasm. The assembly functions are not exposed directly but used by
C code that calls the assembly directly. So they don't need BTI
instructions. We can simply leave the ugly mess alone and declare the
library "safe" by adding the -mmark-bti-property to CCASFLAGS.
ok?
Index: security/gnutls/Makefile
===================================================================
RCS file: /cvs/ports/security/gnutls/Makefile,v
retrieving revision 1.181
diff -u -p -r1.181 Makefile
--- security/gnutls/Makefile 20 Feb 2023 09:39:04 -0000 1.181
+++ security/gnutls/Makefile 20 Apr 2023 20:30:40 -0000
@@ -2,6 +2,7 @@ COMMENT= GNU Transport Layer Security l
V= 3.8.0
DISTNAME= gnutls-${V}
+REVISION= 0
EXTRACT_SUFX= .tar.xz
CATEGORIES= security
@@ -54,12 +55,17 @@ CONFIGURE_ARGS= --disable-ssl3-support
# for tpm(4): http://bsssd.sourceforge.net/
CONFIGURE_ARGS += --without-tpm
+.if ${MACHINE_ARCH:Maarch64}
+CCASFLAGS+= -mmark-bti-property
+.endif
+
LDFLAGS= -L${LOCALBASE}/lib
.if ${MACHINE_ARCH:Mi386}
LDFLAGS+= -Wl,-z,notext
.endif
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
+ CCASFLAGS="${CCASFLAGS}" \
LDFLAGS="${LDFLAGS}"
DEBUG_PACKAGES= ${BUILD_PACKAGES}
