--- /dev/null
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Tue, 4 Jan 2022 07:51:56 -0500
+Subject: Make our stack noexec
+
+The change to use ld and objcopy for resources
+had some side-effects: it leaked a few symbols
+and made our stack executable. We don't want that.
+
+Use -z nonexecstack and --strip-all to avoid this.
+
+Bug: https://gitlab.gnome.org/GNOME/gtk/-/issues/4598
+---
+ gtk/meson.build | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/gtk/meson.build b/gtk/meson.build
+index 91aefe1..6ce2c18 100644
+--- a/gtk/meson.build
++++ b/gtk/meson.build
+@@ -927,6 +927,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy.
+ input : gtk_gresource,
+ output : 'gtkresources_blob.o',
+ command : [ld,
++ '-z', 'noexecstack',
+ '-r',
+ '-b','binary',
+ '@INPUT@',
+@@ -937,6 +938,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy.
+ input : gtk_resources_binary,
+ output : 'gtkresources_blob2.o',
+ command : [objcopy,
++ '--strip-all',
+ '--add-symbol','_gtk_resource_data=.data:0',
+ '@INPUT@',
+ '@OUTPUT@'])
+++ /dev/null
-From: Simon McVittie <smcv@debian.org>
-Date: Mon, 3 Jan 2022 21:45:09 +0000
-Subject: Stub out optimized GResource processing
-
-This results in use of an executable stack and some unwanted symbol
-exports, which we can otherwise avoid.
-
-Bug: https://gitlab.gnome.org/GNOME/gtk/-/issues/4598
-Forwarded: no, a better solution will need discussion with upstream
----
- demos/gtk-demo/meson.build | 3 ---
- demos/widget-factory/meson.build | 3 ---
- gtk/meson.build | 3 ---
- 3 files changed, 9 deletions(-)
-
-diff --git a/demos/gtk-demo/meson.build b/demos/gtk-demo/meson.build
-index 5b79dfa..d8ef4bd 100644
---- a/demos/gtk-demo/meson.build
-+++ b/demos/gtk-demo/meson.build
-@@ -158,9 +158,6 @@ demos_h = custom_target('gtk4 demo header',
-
- objcopy_supports_add_symbol = false
- objcopy = find_program('objcopy', required : false)
--if objcopy.found()
-- objcopy_supports_add_symbol = run_command(objcopy, '--help').stdout().contains('--add-symbol')
--endif
-
- ld = find_program('ld', required : false)
-
-diff --git a/demos/widget-factory/meson.build b/demos/widget-factory/meson.build
-index 800230b..14bdf15 100644
---- a/demos/widget-factory/meson.build
-+++ b/demos/widget-factory/meson.build
-@@ -2,9 +2,6 @@
-
- objcopy_supports_add_symbol = false
- objcopy = find_program('objcopy', required : false)
--if objcopy.found()
-- objcopy_supports_add_symbol = run_command(objcopy, '--help').stdout().contains('--add-symbol')
--endif
-
- ld = find_program('ld', required : false)
-
-diff --git a/gtk/meson.build b/gtk/meson.build
-index 91aefe1..1897862 100644
---- a/gtk/meson.build
-+++ b/gtk/meson.build
-@@ -866,9 +866,6 @@ endif
-
- objcopy_supports_add_symbol = false
- objcopy = find_program('objcopy', required : false)
--if objcopy.found()
-- objcopy_supports_add_symbol = run_command(objcopy, '--help').stdout().contains('--add-symbol')
--endif
-
- ld = find_program('ld', required : false)
-
+Make-our-stack-noexec.patch
reftest_compare_surfaces-Report-how-much-the-images-diffe.patch
reftests-Allow-minor-differences-to-be-tolerated.patch
debian/Disable-web-fonts-for-now.patch
debian/templates-Remove-html5shiv.patch
debian/Skip-some-known-failing-tests-on-mips-family-architecture.patch
debian/Disable-clipboard-test.patch
-debian/Stub-out-optimized-GResource-processing.patch
projects / gtk4.git / commitdiff