[Bug 2122602] [NEW] dpkg-buildflags: -mbranch-protection=standard should be in LDFLAGS
Simon Chopin
2122602 at bugs.launchpad.net
Thu Sep 11 14:58:40 UTC 2025
Public bug reported:
On arm64 we use -mbranch-protection=standard in the CFLAGS, but since
GCC-15 it also has effects at the linking stage. Without it, the final
ELF binary doesn't expose the various properties such as BTI, GCS, etc
in the ELF notes.
Most packages will usually use CFLAGS everywhere so it often doesn't
matter, but in rare cases they actually only apply LDFLAGS (and that's
rather legit IMHO), e.g. db5.3.
** Affects: dpkg (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
On arm64 we use -mbranch-protection=standard in the CFLAGS, but since
- GCC-15 it also has effects at the linking stage.
+ GCC-15 it also has effects at the linking stage. Without it, the final
+ ELF binary doesn't expose the various properties such as BTI, GCS, etc
+ in the ELF notes.
Most packages will usually use CFLAGS everywhere so it often doesn't
matter, but in rare cases they actually only apply LDFLAGS (and that's
rather legit IMHO), e.g. db5.3.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dpkg in Ubuntu.
https://bugs.launchpad.net/bugs/2122602
Title:
dpkg-buildflags: -mbranch-protection=standard should be in LDFLAGS
Status in dpkg package in Ubuntu:
New
Bug description:
On arm64 we use -mbranch-protection=standard in the CFLAGS, but since
GCC-15 it also has effects at the linking stage. Without it, the final
ELF binary doesn't expose the various properties such as BTI, GCS, etc
in the ELF notes.
Most packages will usually use CFLAGS everywhere so it often doesn't
matter, but in rare cases they actually only apply LDFLAGS (and that's
rather legit IMHO), e.g. db5.3.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2122602/+subscriptions
More information about the foundations-bugs
mailing list