Source: pam
Version: 1.3.1-1
Severity: important
Justification: bootstrap set
User: debian-cr...@lists.debian.org
Usertags: ftcbfs
X-Debbugs-Cc: Andreas Henriksson <andr...@fatal.se>
Hi,
since we now enabled PAC/BTI flags, distinguishing build flags and host
flags has become important. pam already does this, but about four years
ago Andreas added a fix-autoreconf.patch that breaks this distinction.
In essence, I think Andreas meant to ensure that CFLAGS passed by a user
are not discarded but passed to actual build invocations and that's what
his patch does in effect.
Cross compilation poses the opposite requirement: Flags passed via
CFLAGS must not propagate to some of the compiler invocations, because
the compiler may be unable to understand them as is the case with e.g.
-mbranch-protection=standard.
I note that in a native build, configure.ac already sets
BUILD_CFLAGS=${CFLAGS}, so this assignment should be harmless for native
builds. If it really was, Andreas probably wouldn't have patched it, so
rather than simply reverting the patch, we should understand the problem
he was trying to solve and I quite obviously miss something important.
Can I leave this up to you? To verify the cross build failure, please
use amd64 or arm64 as host architecture. These are the only ones with
architecture-specific compiler flags.
Helmut
