From 20baa7049f64ab6c81d52bfa4a61d008a6125dd934640c4208285b9f5649298c Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dimstar@opensuse.org>
Date: Fri, 7 Jan 2022 14:23:46 +0000
Subject: [PATCH] Accepting request 944686 from home:teohhanhui

- Add gtk4-make-our-stack-noexec.patch: Make our stack noexec.

OBS-URL: https://build.opensuse.org/request/show/944686
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gtk4?expand=0&rev=82
---
 gtk4-make-our-stack-noexec.patch | 38 ++++++++++++++++++++++++++++++++
 gtk4.changes                     |  5 +++++
 gtk4.spec                        |  5 ++++-
 3 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 gtk4-make-our-stack-noexec.patch

diff --git a/gtk4-make-our-stack-noexec.patch b/gtk4-make-our-stack-noexec.patch
new file mode 100644
index 0000000..729f8a5
--- /dev/null
+++ b/gtk4-make-our-stack-noexec.patch
@@ -0,0 +1,38 @@
+From 46509b6dd28c58ae8dd7e2c02a82a3ccb2751e88 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Tue, 4 Jan 2022 07:51:56 -0500
+Subject: [PATCH] Make our stack noexec
+
+The change to use ld and objcopy for resources
+had some side-effects: it leaked a few symbols
+and made our stack executable. We don't want that.
+
+Use -z nonexecstack and --strip-all to avoid this.
+
+Fixes: #4598
+---
+ gtk/meson.build | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/gtk/meson.build b/gtk/meson.build
+index 91aefe1b17..6ce2c18320 100644
+--- a/gtk/meson.build
++++ b/gtk/meson.build
+@@ -927,6 +927,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy.
+       input : gtk_gresource,
+       output : 'gtkresources_blob.o',
+       command : [ld,
++                 '-z', 'noexecstack',
+                  '-r',
+                  '-b','binary',
+                  '@INPUT@',
+@@ -937,6 +938,7 @@ if not meson.is_cross_build() and build_machine.system() == 'linux' and objcopy.
+     input : gtk_resources_binary,
+     output : 'gtkresources_blob2.o',
+     command : [objcopy,
++                 '--strip-all',
+                  '--add-symbol','_gtk_resource_data=.data:0',
+                  '@INPUT@',
+                  '@OUTPUT@'])
+-- 
+GitLab
diff --git a/gtk4.changes b/gtk4.changes
index e801f72..c9ce098 100644
--- a/gtk4.changes
+++ b/gtk4.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Jan  7 08:26:33 UTC 2022 - Teoh Han Hui <teohhanhui@gmail.com>
+
+- Add gtk4-make-our-stack-noexec.patch: Make our stack noexec.
+
 -------------------------------------------------------------------
 Thu Dec 30 15:43:25 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
 
diff --git a/gtk4.spec b/gtk4.spec
index 2aad665..bb7991b 100644
--- a/gtk4.spec
+++ b/gtk4.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package gtk4
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 # Copyright (c) 2010 Dominique Leuenebrger, Amsterdam, Netherlands
 #
 # All modifications and additions to the file contributed by third parties
@@ -34,6 +34,9 @@ Source2:        settings.ini
 Source3:        macros.gtk4
 Source99:       gtk4-rpmlintrc
 
+# PATCH-FIX-UPSTREAM  gtk4-make-our-stack-noexec.patch glgo#GNOME/gtk!4330 teohhanhui@gmail.com -- Make our stack noexec
+Patch0:         gtk4-make-our-stack-noexec.patch
+
 BuildRequires:  cups-devel >= 2.0
 # We do not support building against cups 2.3 betas
 BuildConflicts: (cups-devel > 2.3 with cups-devel < 2.3.0)