Source: lib25519 Version: 0~20241004-4 Severity: serious User: [email protected] Usertags: gcs
Hi, lib25519's test "test25519-shared" fails on arm64 starting with glibc 2.42-6, which enabled an arm64 security feature called Guarded Control Stack (GCS). To help with GCS adoption, the linker warns about shared libraries built without GCS. In the specific case of lib25519, the warning is: /usr/lib/gcc/aarch64-linux-gnu/15/../../../aarch64-linux-gnu/lib25519.so: warning: GCS is required by -z gcs, but this shared library lacks the necessary property note. The dynamic loader might not enable GCS or refuse to load the program unless all the shared library dependencies have the GCS marking. Being printed to standard error the warning causes test25519-shared to fail. See: https://ci.debian.net/packages/lib2/lib25519/testing/arm64/67118406/ The reason why lib25519 has GCS turned off is that software written in assembly needs specific modifcations for GCS to work, see: https://wiki.debian.org/ToolChain/GCS#Dealing_with_assembly_code Given that the feature is opt-in, for the time being I would suggest just disabling the warning by using something like this before setting LDFLAGS in debian/tests/test25519-shared: if [ "$(dpkg --print-architecture)" = "arm64" ]; then export DEB_LDFLAGS_MAINT_APPEND="-Wl,-z,gcs-report-dynamic=none" fi We should also raise the issue of GCS enablement with upstream, but that is not urgent. Please see https://wiki.debian.org/ToolChain/GCS for further details.
