Bug#1104703: libwebkitgtk-6.0-4: JTI broken on arm64 with BTI enabled
NoisyCoil
noisycoil at tutanota.com
Sun May 4 22:31:12 BST 2025
Package: libwebkitgtk-6.0-4
Version: 2.48.1-2
Severity: important
Tags: upstream patch
X-Debbugs-Cc: debian-arm at lists.debian.org, noisycoil at tutanota.com, adam.reviczky at kclalumni.net
User: debian-arm at lists.debian.org
Usertags: arm64
Control: forwarded -1 https://bugs.webkit.org/show_bug.cgi?id=245697
Dear Maintainer,
Earlier today we received a report in Bananas Team [1] that WebKitGTK is
broken on arm64 when BTI is enabled (CONFIG_ARM64_BTI=y in Debian) and
actually in use. Apparently, this is a longstanding bug (it was first
reported to Fedora back in 2022, see [2]) of which upstream is aware [3].
Based on the latter, it seems a workaround is to switch from
branch-protection=standard to branch-protection=pac-ret (see e.g. Fedora [4]).
The user who reported this, Adam Reviczky (in c.c.), suggests to use [5]
```
DEB_BUILD_MAINT_OPTIONS = hardening=+all,-branch
CXXFLAGS += -mbranch-protection=pac-ret
```
for arm64. I am flagging this bug as important, but it should probably be
serious since IIUC it makes WebKitGTK unusable on these platforms.
Cheers!
[1] https://salsa.debian.org/bananas-team/bananas-tracker/-/issues/3
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2130009
[3] https://bugs.webkit.org/show_bug.cgi?id=245697
[4] https://src.fedoraproject.org/rpms/webkitgtk/c/fac6852e5695051ade276ed08835d7baa487bf32?branch=rawhide
[5] https://github.com/reviczky/webkit-bti/commit/e7226117a8d976300e3be0037f999fafde3e7c0f
More information about the Pkg-webkit-maintainers
mailing list