On Thu, Apr 20, 2023 at 10:40:42PM +0200, Mark Kettenis wrote:
> So this on is a bit different. There is a small amount of arm64
> assembly code; basically a copy of the assembly generated by openssl
> perlasm. The assembly functions are not exposed directly but used by
> C code that calls the assembly directly. So they don't need BTI
> instructions. We can simply leave the ugly mess alone and declare the
> library "safe" by adding the -mmark-bti-property to CCASFLAGS.
>
> ok?
OK aja
>
>
> Index: security/gnutls/Makefile
> ===================================================================
> RCS file: /cvs/ports/security/gnutls/Makefile,v
> retrieving revision 1.181
> diff -u -p -r1.181 Makefile
> --- security/gnutls/Makefile 20 Feb 2023 09:39:04 -0000 1.181
> +++ security/gnutls/Makefile 20 Apr 2023 20:30:40 -0000
> @@ -2,6 +2,7 @@ COMMENT= GNU Transport Layer Security l
>
> V= 3.8.0
> DISTNAME= gnutls-${V}
> +REVISION= 0
> EXTRACT_SUFX= .tar.xz
>
> CATEGORIES= security
> @@ -54,12 +55,17 @@ CONFIGURE_ARGS= --disable-ssl3-support
> # for tpm(4): http://bsssd.sourceforge.net/
> CONFIGURE_ARGS += --without-tpm
>
> +.if ${MACHINE_ARCH:Maarch64}
> +CCASFLAGS+= -mmark-bti-property
> +.endif
> +
> LDFLAGS= -L${LOCALBASE}/lib
> .if ${MACHINE_ARCH:Mi386}
> LDFLAGS+= -Wl,-z,notext
> .endif
>
> CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
> + CCASFLAGS="${CCASFLAGS}" \
> LDFLAGS="${LDFLAGS}"
>
> DEBUG_PACKAGES= ${BUILD_PACKAGES}
--
Antoine
