Public bug reported:
On arm64 we use -mbranch-protection=standard in the CFLAGS, but since
GCC-15 it also has effects at the linking stage. Without it, the final
ELF binary doesn't expose the various properties such as BTI, GCS, etc
in the ELF notes.
Most packages will usually use CFLAGS everywhere so it often doesn't
matter, but in rare cases they actually only apply LDFLAGS (and that's
rather legit IMHO), e.g. db5.3.
** Affects: dpkg (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
On arm64 we use -mbranch-protection=standard in the CFLAGS, but since
- GCC-15 it also has effects at the linking stage.
+ GCC-15 it also has effects at the linking stage. Without it, the final
+ ELF binary doesn't expose the various properties such as BTI, GCS, etc
+ in the ELF notes.
Most packages will usually use CFLAGS everywhere so it often doesn't
matter, but in rare cases they actually only apply LDFLAGS (and that's
rather legit IMHO), e.g. db5.3.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2122602
Title:
dpkg-buildflags: -mbranch-protection=standard should be in LDFLAGS
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122602/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
