Hi Matthias, you can find an updated patch attached, it allows to disable the flag by building with DEB_BUILD_MAINT_OPTIONS=hardening=-branch.
It does the right thing on libgcc-13-dev built on arm64 as well as libgcc-13-dev-arm64-cross built on amd64. I haven't tested it on cross-builds of the native compiler as that currently fails due to unsatisfied dependencies in sid. That case should work fine too though. Thanks, ema
diff -Nru gcc-13-13.3.0/debian/rules2 gcc-13-13.3.0/debian/rules2 --- gcc-13-13.3.0/debian/rules2 2024-03-23 11:56:05.000000000 +0100 +++ gcc-13-13.3.0/debian/rules2 2024-07-01 14:32:35.000000000 +0200 @@ -199,6 +199,35 @@ STAGE1_LDFLAGS = endif +ifeq ($(DEB_TARGET_ARCH),arm64) + # Build with PAC/BTI support if enabled in the build flags + # https://wiki.debian.org/ToolChain/PACBTI + ifneq (,$(findstring -mbranch-protection=standard,$(shell DEB_HOST_ARCH=arm64 dpkg-buildflags --get CFLAGS))) + CFLAGS_SECURE = -mbranch-protection=standard + else + CFLAGS_SECURE = + endif + ifneq (,$(findstring -mbranch-protection=standard,$(shell DEB_HOST_ARCH=arm64 dpkg-buildflags --get CXXFLAGS))) + CXXFLAGS_SECURE = -mbranch-protection=standard + else + CXXFLAGS_SECURE = + endif + + ifeq ($(DEB_CROSS),yes) + # Building cross compilers + CFLAGS_FOR_TARGET += $(CFLAGS_SECURE) + CXXFLAGS_FOR_TARGET += $(CXXFLAGS_SECURE) + else ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) + # Cross build of the native compiler + CFLAGS_FOR_TARGET += $(CFLAGS_SECURE) + CXXFLAGS_FOR_TARGET += $(CXXFLAGS_SECURE) + else + # Native build + CFLAGS += $(CFLAGS_SECURE) + CXXFLAGS += $(CXXFLAGS_SECURE) + endif +endif + # set CFLAGS/LDFLAGS for the configure step only, maybe be modifed for some target # all other flags are passed to the make step. pass_vars = $(foreach v,$(1),$(if $($(v)),$(v)="$($(v))"))
