Source: libffi Version: 3.4.8-2 Dear Maintainer(s),
Static trampolines support was disabled in 3.4.2-2 in d/rules via --disable-exec-static-tramp. There was no bug mentioned, and the package is not in git so no git commit either to explain the reason for this. This makes it impossible to use anything that relies on code integrity (e.g.: IPE https://kernel.org/doc/html/latest/security/ipe.html ) and disabling writable+executable memory like systemd's MemoryDenyWriteExecute= sandboxing setting. Static trampolines were added for the main architectures to support this use case. As far as I can tell, on architectures where it's not supported the W+X implementation will be used automatically as a fallback. Please consider dropping --disable-exec-static-tramp from d/rules. Thanks.
