Make our stack noexec

The change to use ld and objcopy for resources
had some side-effects: it leaked a few symbols
and made our stack executable. We don't want that.

Use -z nonexecstack and --strip-all to avoid this.

Bug: https://gitlab.gnome.org/GNOME/gtk/-/issues/4598

Gbp-Pq: Name Make-our-stack-noexec.patch

diff --git a/gtk/meson.build b/gtk/meson.build
index 91aefe1b1736e74615195e8ab551b0bf56b8df0d..6ce2c18320d701cfd7d1483f01cc1e20fc7b4be3 100644 (file)
--- a/gtk/meson.build
+++ b/gtk/meson.build
@@ -927,6 +927,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy.
       input : gtk_gresource,
       output : 'gtkresources_blob.o',
       command : [ld,
+                 '-z', 'noexecstack',
                  '-r',
                  '-b','binary',
                  '@INPUT@',
@@ -937,6 +938,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy.
     input : gtk_resources_binary,
     output : 'gtkresources_blob2.o',
     command : [objcopy,
+                 '--strip-all',
                  '--add-symbol','_gtk_resource_data=.data:0',
                  '@INPUT@',
                  '@OUTPUT@'])