From: Simon McVittie Date: Tue, 4 Jan 2022 15:53:39 +0000 (+0000) Subject: d/p/Make-our-stack-noexec.patch: Use upstream's fix for GResource embedding X-Git-Tag: archive/raspbian/4.6.5+ds-1+rpi1~1^2~79 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=377b405765e6baedbcb7a14d35d47d454ee29d39;p=gtk4.git d/p/Make-our-stack-noexec.patch: Use upstream's fix for GResource embedding --- diff --git a/debian/patches/Make-our-stack-noexec.patch b/debian/patches/Make-our-stack-noexec.patch new file mode 100644 index 0000000000..46b5d6814c --- /dev/null +++ b/debian/patches/Make-our-stack-noexec.patch @@ -0,0 +1,35 @@ +From: Matthias Clasen +Date: Tue, 4 Jan 2022 07:51:56 -0500 +Subject: Make our stack noexec + +The change to use ld and objcopy for resources +had some side-effects: it leaked a few symbols +and made our stack executable. We don't want that. + +Use -z nonexecstack and --strip-all to avoid this. + +Bug: https://gitlab.gnome.org/GNOME/gtk/-/issues/4598 +--- + gtk/meson.build | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/gtk/meson.build b/gtk/meson.build +index 91aefe1..6ce2c18 100644 +--- a/gtk/meson.build ++++ b/gtk/meson.build +@@ -927,6 +927,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy. + input : gtk_gresource, + output : 'gtkresources_blob.o', + command : [ld, ++ '-z', 'noexecstack', + '-r', + '-b','binary', + '@INPUT@', +@@ -937,6 +938,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy. + input : gtk_resources_binary, + output : 'gtkresources_blob2.o', + command : [objcopy, ++ '--strip-all', + '--add-symbol','_gtk_resource_data=.data:0', + '@INPUT@', + '@OUTPUT@']) diff --git a/debian/patches/debian/Stub-out-optimized-GResource-processing.patch b/debian/patches/debian/Stub-out-optimized-GResource-processing.patch deleted file mode 100644 index 846ef72b80..0000000000 --- a/debian/patches/debian/Stub-out-optimized-GResource-processing.patch +++ /dev/null @@ -1,57 +0,0 @@ -From: Simon McVittie -Date: Mon, 3 Jan 2022 21:45:09 +0000 -Subject: Stub out optimized GResource processing - -This results in use of an executable stack and some unwanted symbol -exports, which we can otherwise avoid. - -Bug: https://gitlab.gnome.org/GNOME/gtk/-/issues/4598 -Forwarded: no, a better solution will need discussion with upstream ---- - demos/gtk-demo/meson.build | 3 --- - demos/widget-factory/meson.build | 3 --- - gtk/meson.build | 3 --- - 3 files changed, 9 deletions(-) - -diff --git a/demos/gtk-demo/meson.build b/demos/gtk-demo/meson.build -index 5b79dfa..d8ef4bd 100644 ---- a/demos/gtk-demo/meson.build -+++ b/demos/gtk-demo/meson.build -@@ -158,9 +158,6 @@ demos_h = custom_target('gtk4 demo header', - - objcopy_supports_add_symbol = false - objcopy = find_program('objcopy', required : false) --if objcopy.found() -- objcopy_supports_add_symbol = run_command(objcopy, '--help').stdout().contains('--add-symbol') --endif - - ld = find_program('ld', required : false) - -diff --git a/demos/widget-factory/meson.build b/demos/widget-factory/meson.build -index 800230b..14bdf15 100644 ---- a/demos/widget-factory/meson.build -+++ b/demos/widget-factory/meson.build -@@ -2,9 +2,6 @@ - - objcopy_supports_add_symbol = false - objcopy = find_program('objcopy', required : false) --if objcopy.found() -- objcopy_supports_add_symbol = run_command(objcopy, '--help').stdout().contains('--add-symbol') --endif - - ld = find_program('ld', required : false) - -diff --git a/gtk/meson.build b/gtk/meson.build -index 91aefe1..1897862 100644 ---- a/gtk/meson.build -+++ b/gtk/meson.build -@@ -866,9 +866,6 @@ endif - - objcopy_supports_add_symbol = false - objcopy = find_program('objcopy', required : false) --if objcopy.found() -- objcopy_supports_add_symbol = run_command(objcopy, '--help').stdout().contains('--add-symbol') --endif - - ld = find_program('ld', required : false) - diff --git a/debian/patches/series b/debian/patches/series index 232cfb1ea5..ef4bf013a3 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,7 +1,7 @@ +Make-our-stack-noexec.patch reftest_compare_surfaces-Report-how-much-the-images-diffe.patch reftests-Allow-minor-differences-to-be-tolerated.patch debian/Disable-web-fonts-for-now.patch debian/templates-Remove-html5shiv.patch debian/Skip-some-known-failing-tests-on-mips-family-architecture.patch debian/Disable-clipboard-test.patch -debian/Stub-out-optimized-GResource-processing.patch