Theo pointed out the NOBTCFI reversal here.  Now the reason that we
still see SIGILL despite fixes to the assembly code is because the
-mbranch-protection=pac-ret option added by the configure script
actually downgrades our default of enabling both BTI and PAC to just
enabling PAC.  So the necessary BTI instructrions were missing from
the C code.

With the diff below things seem to work fine on Apple M2.  There is
one failure in the testsuite:

  1) Failure:
TestIO_Console#test_failed_path [/home/ports/pobj/ruby-3.3.3/ruby-3.3.3/test/io/console/test_io_console.rb:46]:
[Errno::ENODEV, Errno::ENOTTY, Errno::EBADF, Errno::ENXIO] exception expected, not #<Errno::EOPNOTSUPP: Operation not supported - /dev/null>.

but I'm pretty sure that is unrelated to BTI support.


Index: lang/ruby/3.3/Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/3.3/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- lang/ruby/3.3/Makefile	21 Jun 2024 16:01:52 -0000	1.8
+++ lang/ruby/3.3/Makefile	22 Jun 2024 11:34:53 -0000
@@ -1,5 +1,4 @@
-USE_NOBTCFI-aarch64 =	Yes
-REVISION-main =		0
+REVISION-main =		1
 
 VERSION =		3.3.3
 DISTNAME =		ruby-${VERSION}
Index: lang/ruby/3.3/patches/patch-configure
===================================================================
RCS file: /cvs/ports/lang/ruby/3.3/patches/patch-configure,v
retrieving revision 1.3
diff -u -p -r1.3 patch-configure
--- lang/ruby/3.3/patches/patch-configure	14 Jun 2024 19:41:34 -0000	1.3
+++ lang/ruby/3.3/patches/patch-configure	22 Jun 2024 11:34:53 -0000
@@ -6,6 +6,15 @@ so ports don't have to be bumped when Op
 Index: configure
 --- configure.orig
 +++ configure
+@@ -10913,7 +10913,7 @@ esac
+     case "$target_cpu" in #(
+   aarch64) :
+ 
+-	for opt in -mbranch-protection=pac-ret -msign-return-address=all
++	for opt in -mbranch-protection=standard -msign-return-address=all
+ do :
+ 
+ 
 @@ -31909,7 +31909,7 @@ fi
  	 ;; #(
    openbsd*|mirbsd*) :