Control: tags -1 pending On Sun, May 04, 2025 at 11:31:12PM +0200, NoisyCoil wrote:
> The user who reported this, Adam Reviczky (in c.c.), suggests to use [5] > ``` > DEB_BUILD_MAINT_OPTIONS = hardening=+all,-branch > CXXFLAGS += -mbranch-protection=pac-ret > ``` Hi, and thanks for the report. Overriding DEB_BUILD_MAINT_OPTIONS at this point does nothing since this variable is used by /usr/share/dpkg/buildflags.mk, included earlier at the beginning of the file. Anyway, since what we have to do is: 1) Remove -mbranch-protection=standard (with hardening=+all,-branch) 2) Add -mbranch-protection=pac-ret I propose this approach: CFLAGS := $(patsubst -mbranch-protection=%,-mbranch-protection=pac-ret,$(CFLAGS)) CXXFLAGS := $(patsubst -mbranch-protection=%,-mbranch-protection=pac-ret,$(CXXFLAGS)) I'll prepare the upload. Berto
