[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1050588: bookworm-pu: package nsis/3.08-3+deb12u1



Le samedi, 3 février 2024, 10.46:29 h CET Adam D. Barratt a écrit :
> On Sat, 2024-02-03 at 10:33 +0100, Thomas Gaugler wrote:
> > I am the maintainer of Nullsoft Scriptable Install System (NSIS) and
> > propose the changes committed into the debian/bookworm branch on the
> > 27th January 2024 to be released as updated nsis 3.08-3+deb12u1
> > packages
> > (<https://salsa.debian.org/debian/nsis/-/commits/debian/bookworm>).
> 
> Thanks, but you've still not attached a debdiff of a prepared package,
> as requsted. Pointers to git are useful, but they're not the same as an
> actual package debdiff, which sometimes reveals changes that aren't
> immediately obvious from git.
> 
> (A debdiff attached to the bug is also there in perpetuity.)

Here comes the debdiff as I would upload it.

Thanks for the reminder.

Best,
    OdyX
diff -Nru nsis-3.08/debian/changelog nsis-3.08/debian/changelog
--- nsis-3.08/debian/changelog	2022-08-15 07:58:35.000000000 +0200
+++ nsis-3.08/debian/changelog	2024-02-05 11:18:05.000000000 +0100
@@ -1,3 +1,12 @@
+nsis (3.08-3+deb12u1) bookworm; urgency=medium
+
+  * Cherry-pick upstream commits to fix CVE-2023-37378 (Closes: #1040880)
+  * Use common options for nsis-doc installation
+  * Exclude Debian revison suffix from VER_REVISION
+  * Backport upstream commit to disable stub relocations (Closes: #1050288)
+
+ -- Thomas Gaugler <thomas@dadie.net>  Mon, 05 Feb 2024 11:18:05 +0100
+
 nsis (3.08-3) unstable; urgency=medium
 
   [ Thomas Gaugler ]
diff -Nru nsis-3.08/debian/patches/CVE-2023-37378_Don-t-allow-everyone-to-delete.patch nsis-3.08/debian/patches/CVE-2023-37378_Don-t-allow-everyone-to-delete.patch
--- nsis-3.08/debian/patches/CVE-2023-37378_Don-t-allow-everyone-to-delete.patch	1970-01-01 01:00:00.000000000 +0100
+++ nsis-3.08/debian/patches/CVE-2023-37378_Don-t-allow-everyone-to-delete.patch	2024-02-05 11:18:05.000000000 +0100
@@ -0,0 +1,27 @@
+Origin: upstream, https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467.patch
+Bug: https://sf.net/p/nsis/bugs/1296
+Bug-Debian: https://bugs.debian.org/1040880
+
+From 409b5841479c44fbf33a6ba97c1146e46f965467 Mon Sep 17 00:00:00 2001
+From: Anders <anders_k@users.sourceforge.net>
+Date: Wed, 21 Jun 2023 23:38:48 +0000
+Subject: [PATCH] Don't allow everyone to delete the uninstaller directory
+
+git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@7396 212acab6-be3b-0410-9dea-997c60f758d6
+---
+ Source/exehead/util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Source/exehead/util.c b/Source/exehead/util.c
+index ba682f6f75..634d4a69f8 100644
+--- a/Source/exehead/util.c
++++ b/Source/exehead/util.c
+@@ -62,7 +62,7 @@ const UINT32 g_restrictedacl[] = {
+   0x10000000, // ACCESS_ALLOWED_ACE:ACCESS_MASK: GENERIC_ALL
+   0x00000201, 0x05000000, 0x00000020, 0x00000220, // ACCESS_ALLOWED_ACE:SID (BUILTIN\Administrators) NOTE: GetAdminGrpSid() relies on this being the first SID in the ACL
+   0x00140300, // ACCESS_ALLOWED_ACE:ACE_HEADER (ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE)
+-  0x00130041, // ACCESS_ALLOWED_ACE:ACCESS_MASK: DELETE|READ_CONTROL|SYNCHRONIZE|FILE_DELETE_CHILD|FILE_LIST_DIRECTORY
++  0x001200c1, // ACCESS_ALLOWED_ACE:ACCESS_MASK: SYNCHRONIZE|READ_CONTROL|FILE_LIST_DIRECTORY|FILE_DELETE_CHILD|FILE_READ_ATTRIBUTES
+   0x00000101, 0x01000000, 0x00000000 // ACCESS_ALLOWED_ACE:SID (WORLD\Everyone)
+ };
+ 
diff -Nru nsis-3.08/debian/patches/CVE-2023-37378_Don-t-delete-old-uninstaller.patch nsis-3.08/debian/patches/CVE-2023-37378_Don-t-delete-old-uninstaller.patch
--- nsis-3.08/debian/patches/CVE-2023-37378_Don-t-delete-old-uninstaller.patch	1970-01-01 01:00:00.000000000 +0100
+++ nsis-3.08/debian/patches/CVE-2023-37378_Don-t-delete-old-uninstaller.patch	2024-02-05 11:18:05.000000000 +0100
@@ -0,0 +1,32 @@
+Origin: upstream, https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0.patch
+Bug: https://sf.net/p/nsis/bugs/1296
+Bug-Debian: https://bugs.debian.org/1040880
+
+From c40cf78994e74a1a3a381a850c996b251e3277c0 Mon Sep 17 00:00:00 2001
+From: Anders <anders_k@users.sourceforge.net>
+Date: Sat, 3 Jun 2023 15:10:54 +0000
+Subject: [PATCH] Don't delete old uninstaller if it points somewhere else
+
+git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@7394 212acab6-be3b-0410-9dea-997c60f758d6
+---
+ Source/exehead/Main.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Source/exehead/Main.c b/Source/exehead/Main.c
+index 78ff558c6e..e39c631671 100644
+--- a/Source/exehead/Main.c
++++ b/Source/exehead/Main.c
+@@ -376,10 +376,10 @@ EXTERN_C void NSISWinMainNOCRT()
+ 
+         if (ec)
+         {
+-          // Delete previous uninstaller
+-          if (DeleteFile(unexe))
++          // Delete previous uninstaller (if it is safe to do so)
++          if (!(GetFileAttributes(unexe) & FILE_ATTRIBUTE_REPARSE_POINT) && DeleteFile(unexe))
+           {
+-            myDelete(state_temp_dir, DEL_DIR|DEL_RECURSE);
++            myDelete(state_temp_dir, DEL_DIR);
+             if (!retry++) goto retry_un_dir;
+           }
+         }
diff -Nru nsis-3.08/debian/patches/CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch nsis-3.08/debian/patches/CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch
--- nsis-3.08/debian/patches/CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch	1970-01-01 01:00:00.000000000 +0100
+++ nsis-3.08/debian/patches/CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch	2024-02-05 11:18:05.000000000 +0100
@@ -0,0 +1,164 @@
+Origin: upstream, https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967.patch
+Bug: https://sf.net/p/nsis/bugs/1296
+Bug-Debian: https://bugs.debian.org/1040880
+
+From 281e2851fe669d10e0650fc89d0e7fb74a598967 Mon Sep 17 00:00:00 2001
+From: Anders <anders_k@users.sourceforge.net>
+Date: Sun, 21 May 2023 16:15:16 +0000
+Subject: [PATCH] Use isolated uninstaller temp directory
+
+git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@7388 212acab6-be3b-0410-9dea-997c60f758d6
+(cherry picked from commit 281e2851fe669d10e0650fc89d0e7fb74a598967)
+---
+ Source/build.cpp      |  4 +-
+ Source/exehead/Main.c | 85 ++++++++++++++++++++++++-------------------
+ Source/exehead/util.c |  6 +--
+ 3 files changed, 50 insertions(+), 45 deletions(-)
+
+diff --git a/Source/build.cpp b/Source/build.cpp
+index 90e6dd0bf1..2f64a4ca0a 100644
+--- a/Source/build.cpp
++++ b/Source/build.cpp
+@@ -2326,8 +2326,8 @@ void CEXEBuild::AddStandardStrings()
+ #ifdef NSIS_CONFIG_UNINSTALL_SUPPORT
+   if (uninstall_mode)
+   {
+-    cur_header->str_uninstchild = add_asciistring(_T("$TEMP\\Un_$1.exe"));
+-    cur_header->str_uninstcmd = add_asciistring(_T("\"$TEMP\\Un_$1.exe\" $0 _?=$INSTDIR\\"));
++    cur_header->str_uninstchild = add_asciistring(_T("$TEMP\\Un.exe"));
++    cur_header->str_uninstcmd = add_asciistring(_T("\"$TEMP\\Un.exe\" $0 _?=$INSTDIR\\"));
+   }
+ #endif//NSIS_CONFIG_UNINSTALL_SUPPORT
+ #ifdef NSIS_SUPPORT_MOVEONREBOOT
+diff --git a/Source/exehead/Main.c b/Source/exehead/Main.c
+index 3e0d417b56..78ff558c6e 100644
+--- a/Source/exehead/Main.c
++++ b/Source/exehead/Main.c
+@@ -348,60 +348,69 @@ EXTERN_C void NSISWinMainNOCRT()
+     }
+     else
+     {
+-      int x, admin = UserIsAdminGrpMember();
+-
+-      mystrcat(state_temp_dir,_T("~nsu"));
+-      if (admin) mystrcat(state_temp_dir,_T("A")); // Don't lock down the directory used by non-admins
+-      mystrcat(state_temp_dir,_T(".tmp"));
+-
+-      // check if already running from uninstaller temp dir
+-      // this prevents recursive uninstaller calls
+-      if (!lstrcmpi(state_temp_dir,state_exe_directory))
+-        goto end;
+-
+-      admin ? CreateRestrictedDirectory(state_temp_dir) : CreateNormalDirectory(state_temp_dir);
+-      SetCurrentDirectory(state_temp_dir);
+-
+-      if (!(*state_install_directory))
+-        mystrcpy(state_install_directory,state_exe_directory);
++      int admin = UserIsAdminGrpMember();
++      WORD tries; // 0xfffe attempts or bust
++      size_t cchtmpslash = mystrlen(state_temp_dir);
++      LPTSTR unexe = g_usrvars[5], unexecmd = g_usrvars[6];
+ 
+       mystrcpy(g_usrvars[0], realcmds);
+-      SET2CHAR(g_usrvars[1], _T("A\0"));
+-
+-      for (x = 0; x < 26; x ++)
++      if (!(*state_install_directory))
+       {
+-        static TCHAR buf2[NSIS_MAX_STRLEN];
+-
+-        GetNSISString(buf2,g_header->str_uninstchild); // $TEMP\Un_$1.exe
++        mystrcpy(state_install_directory, state_exe_directory);
++      }
+ 
+-        DeleteFile(buf2); // clean up after all the other ones if they are there
++      for (tries = 0; ++tries != 0;)
++      {
++        DWORD retry = 0, ec;
++retry_un_dir:
++        wsprintf(state_temp_dir + cchtmpslash, _T("~nsu%X.tmp"), tries);
++        GetNSISString(unexe, g_header->str_uninstchild); // '$TEMP\Un.exe'
++        if (admin)
++        {
++          ec = CreateRestrictedDirectory(state_temp_dir);
++        }
++        else
++        {
++          ec = CreateNormalDirectory(state_temp_dir);
++        }
+ 
+-        if (m_Err) // not done yet
++        if (ec)
+         {
+-          // copy file
+-          if (CopyFile(state_exe_path,buf2,TRUE))
++          // Delete previous uninstaller
++          if (DeleteFile(unexe))
++          {
++            myDelete(state_temp_dir, DEL_DIR|DEL_RECURSE);
++            if (!retry++) goto retry_un_dir;
++          }
++        }
++        else
++        {
++          HANDLE hProc;
++          SetCurrentDirectory(state_temp_dir);
++#ifdef NSIS_SUPPORT_MOVEONREBOOT
++          MoveFileOnReboot(state_temp_dir, NULL);
++#endif
++          if (CopyFile(state_exe_path, unexe, TRUE))
+           {
+-            HANDLE hProc;
+ #ifdef NSIS_SUPPORT_MOVEONREBOOT
+-            MoveFileOnReboot(buf2,NULL);
++            MoveFileOnReboot(unexe, NULL);
+ #endif
+-            GetNSISString(buf2,g_header->str_uninstcmd); // '"$TEMP\Un_$1.exe" $0 _?=$INSTDIR\'
+-            hProc=myCreateProcess(buf2);
++            GetNSISString(unexecmd, g_header->str_uninstcmd); // '"$TEMP\Un.exe" $0 _?=$INSTDIR\'
++            hProc = myCreateProcess(unexecmd);
+             if (hProc)
+             {
+               CloseHandle(hProc);
+-              // success
+-              m_Err = 0;
++              m_Err = 0; // Success
++            }
++            else if (!retry++ && !file_exists(unexe))
++            {
++              // Another instance deleted us between CopyFile and CreateProcess
++              goto retry_un_dir;
+             }
+           }
++          break; // We called CreateProcess; success or failure, we are done.
+         }
+-        (*(((NSIS_STRING *)g_usrvars)[1]))++;
+       }
+-
+-#ifdef NSIS_SUPPORT_MOVEONREBOOT
+-      MoveFileOnReboot(state_temp_dir,NULL);
+-#endif
+-
+       goto end;
+     }
+   }
+diff --git a/Source/exehead/util.c b/Source/exehead/util.c
+index 59c5a5f646..ba682f6f75 100644
+--- a/Source/exehead/util.c
++++ b/Source/exehead/util.c
+@@ -68,14 +68,10 @@ const UINT32 g_restrictedacl[] = {
+ 
+ DWORD NSISCALL CreateRestrictedDirectory(LPCTSTR path)
+ {
+-  const SECURITY_INFORMATION si = OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION;
+   PSID admingrpsid = GetAdminGrpSid();
+   SECURITY_DESCRIPTOR sd = { 1, 0, SE_DACL_PRESENT, admingrpsid, admingrpsid, NULL, GetAdminGrpAcl() };
+   SECURITY_ATTRIBUTES sa = { sizeof(SECURITY_ATTRIBUTES), &sd, FALSE };
+-  DWORD ec = CreateDirectory(path, &sa) ? ERROR_SUCCESS : GetLastError();
+-  if (ERROR_ALREADY_EXISTS == ec)
+-    ec = SetFileSecurity(path, si, &sd) ? ERROR_SUCCESS : GetLastError();
+-  return ec;
++  return CreateDirectory(path, &sa) ? ERROR_SUCCESS : GetLastError();
+ }
+ DWORD NSISCALL CreateNormalDirectory(LPCTSTR path)
+ {
diff -Nru nsis-3.08/debian/patches/Disable_stub_relocations.patch nsis-3.08/debian/patches/Disable_stub_relocations.patch
--- nsis-3.08/debian/patches/Disable_stub_relocations.patch	1970-01-01 01:00:00.000000000 +0100
+++ nsis-3.08/debian/patches/Disable_stub_relocations.patch	2024-02-05 11:18:05.000000000 +0100
@@ -0,0 +1,169 @@
+Origin: backport, https://github.com/kichik/nsis/commit/4f13619f5a7bdad1968bc32343d3b161eabbd420.patch
+Bug: https://sf.net/p/nsis/bugs/1283
+Bug-Debian: https://bugs.debian.org/1050288
+
+From 4f13619f5a7bdad1968bc32343d3b161eabbd420 Mon Sep 17 00:00:00 2001
+From: Anders <anders_k@users.sourceforge.net>
+Date: Mon, 19 Sep 2022 16:40:30 +0000
+Subject: [PATCH] Disable stub relocations in newer GCC (bug #1283)
+
+git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@7365 212acab6-be3b-0410-9dea-997c60f758d6
+(cherry picked from commit 4f13619f5a7bdad1968bc32343d3b161eabbd420)
+---
+ SCons/Config/gnu     | 52 +++++++++++++++-----------------------------
+ SCons/utils.py       | 28 ++++++++++++++----------
+ 2 files changed, 34 insertions(+), 46 deletions(-)
+
+diff --git a/SCons/Config/gnu b/SCons/Config/gnu
+index ced5fe74a3..8318367bc2 100644
+--- a/SCons/Config/gnu
++++ b/SCons/Config/gnu
+@@ -24,6 +24,12 @@ def cross_env(env):
+ 
+ ### flags
+ 
++code_failonmswin = """
++	#ifdef _WIN32
++	#error Not supported on Windows
++	#endif
++"""
++
+ def entry(x,u):
+ 	if defenv['TARGET_ARCH'] == 'x86':
+ 		if x == 'NSISWinMainNOCRT':
+@@ -99,14 +105,14 @@
+ if not defenv['DEBUG'] and defenv['STRIP'] and defenv['STRIP_W32']:
+ 	stub_env.Append(LINKFLAGS = ['-s'])               # strip
+ stub_env.Append(LINKFLAGS = ['-mwindows'])          # build windows executables
+-stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG'])    # no standard libraries
+ stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG'])        # 512 bytes align
+ stub_env.Append(LINKFLAGS = ['$MAP_FLAG'])          # generate map file
+-
+ conf = FlagsConfigure(stub_env)
+ conf.CheckCompileFlag('-fno-tree-loop-distribute-patterns')  # GCC 10: Don't generate msvcrt!memmove calls (bug #1248)
++conf.CheckLinkFlag('-Wl,--disable-reloc-section') # binutils 2.36, ld will include a .reloc section by default (bug #1283)
+ conf.Finish()
+-
++stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG'])    # no standard libraries
++
+ stub_uenv = stub_env.Clone()
+ stub_uenv.Append(CPPDEFINES = ['_UNICODE', 'UNICODE'])
+ 
+@@ -239,22 +245,18 @@ def check_requirement(ctx, func, trigger):
+ 	ctx.Message('Checking for %s requirement... ' % func)
+ 
+ 	flags = ctx.env['LINKFLAGS']
+-
+ 	ctx.env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG'])
+-	ctx.env.Append(LINKFLAGS = ['-Wl,-e,___main'])
+ 
+-	test = """
+-		int __main() {
+-			%s
+-			return 0;
+-		}
++	codeprepend = """
++		#define CONFCHECK_CALLFUNC() check
++		static int check() { %s }
+ 	""" % trigger
+-
+-	result = not ctx.TryLink(test, '.c')
++	Import('GenerateTryLinkCode')
++	code = GenerateTryLinkCode(codeprepend = codeprepend)
++	result = not ctx.TryLink(code, '.c')
+ 	ctx.Result(result)
+ 
+ 	ctx.env['LINKFLAGS'] = flags
+-
+ 	return result
+ 
+ def add_file_to_emitter(env, emitter_name, file):
+@@ -289,17 +291,10 @@ cross_env(cenv)
+ conf = cenv.Configure(custom_tests = { 'CheckRequirement' : check_requirement })
+ 
+ memcpy_test = """
+-struct s // gcc 3
+-{
+-  char c[128];
+-} t = { "test" };
+-char a[] = // gcc 4
+-  {'/', 'F', 'I' ,'L', 'L', 'S', 'C', 'R', 'E', 'E', 'N', 0};
++struct s { char c[128]; } t = { "test" }; // gcc 3
++char a[] = {'/', 'F', 'I' ,'L', 'L', 'S', 'C', 'R', 'E', 'E', 'N', 0}; // gcc 4
+ int i;
+-for (i = 0; i < 100; i++) // avoid a and t being optimized out
+-{
+-  i += a[i] ^ t.c[i];
+-}
++for (i = 0; i < 100; i++) i += a[i % sizeof(a)] ^ t.c[i]; // avoid a and t being optimized out
+ return i;
+ """
+ 
+@@ -323,7 +318,7 @@ conf.Finish()
+ #
+ 
+ conf = FlagsConfigure(makensis_env)
+-conf.CheckLinkFlag('-pthread')
++conf.CheckLinkFlag('-pthread', codeprepend = code_failonmswin)
+ conf.Finish()
+ 
+ #
+diff --git a/SCons/utils.py b/SCons/utils.py
+index c6b5cbbbca..941e582193 100644
+--- a/SCons/utils.py
++++ b/SCons/utils.py
+@@ -85,6 +85,19 @@ def GetAvailableLibs(env, libs):
+ 
+ 	return avail_libs
+ 
++def GenerateTryLinkCode(codeprepend = ''):
++	code = codeprepend + """
++	int main() {
++		#ifdef CONFCHECK_CALLFUNC
++		CONFCHECK_CALLFUNC();
++		#endif
++		return 0;
++	}
++	int _main() { return main(); } // mingw GCC _WIN64
++	int __main() { return main(); } // mingw GCC -nostdlib: undefined reference to __main()
++	"""
++	return code
++
+ def check_compile_flag(ctx, flag):
+ 	"""
+ 	Checks if a compiler flag is valid.
+@@ -108,24 +126,19 @@
+ 
+ 	return result
+ 
+-def check_link_flag(ctx, flag, run = 0, extension = '.c', code = None):
++def check_link_flag(ctx, flag, run = 0, extension = '.c', code = None, codeprepend = ''):
+ 	"""
+ 	Checks if a linker flag is valid.
+ 	"""
+ 	ctx.Message('Checking for linker flag %s... ' % flag)
+-
+ 	old_flags = ctx.env['LINKFLAGS']
+ 	ctx.env.Append(LINKFLAGS = [flag])
+ 
+ 	if code:
+-		test =  code
++		test = code
+ 	else:
+-		test = """
+-			int main() {
+-				return 0;
+-			}
+-		"""
+-
++		test = GenerateTryLinkCode(codeprepend = codeprepend)
++
+ 	result = ctx.TryLink(test, extension)
+ 
+ 	if run:
+@@ -268,4 +276,4 @@ def MakeReproducibleAction(target, source, env):
+ def SilentActionEcho(target, source, env):
+ 	return None
+ 
+-Export('GetStdSysEnvVarList AddAvailableLibs AddZLib FlagsConfigure GetAvailableLibs GetOptionOrEnv SilentActionEcho IsPEExecutable SetPESecurityFlagsWorker MakeReproducibleAction')
++Export('GetStdSysEnvVarList AddAvailableLibs AddZLib GenerateTryLinkCode FlagsConfigure GetAvailableLibs GetOptionOrEnv SilentActionEcho IsPEExecutable SetPESecurityFlagsWorker MakeReproducibleAction')
diff -Nru nsis-3.08/debian/patches/series nsis-3.08/debian/patches/series
--- nsis-3.08/debian/patches/series	2022-08-15 07:58:35.000000000 +0200
+++ nsis-3.08/debian/patches/series	2024-02-05 11:18:05.000000000 +0100
@@ -1,3 +1,7 @@
 # list of patch file names in the order they are applied
 keep-seh.patch
 halibut-fputs-for-strings.patch
+CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch
+CVE-2023-37378_Don-t-delete-old-uninstaller.patch
+CVE-2023-37378_Don-t-allow-everyone-to-delete.patch
+Disable_stub_relocations.patch
diff -Nru nsis-3.08/debian/rules nsis-3.08/debian/rules
--- nsis-3.08/debian/rules	2022-08-15 07:58:35.000000000 +0200
+++ nsis-3.08/debian/rules	2024-02-05 11:18:05.000000000 +0100
@@ -27,7 +27,7 @@
 VERSION_DECOMPOSED=$(call SPLIT,$(VERSION),. - + ~)
 VER_MAJOR=$(firstword $(VERSION_DECOMPOSED))
 VER_MINOR=$(word 2,$(VERSION_DECOMPOSED))
-VER_REVISION=$(word 3,$(VERSION_DECOMPOSED))
+VER_REVISION=$(firstword $(subst +, ,$(word 3,$(VERSION_DECOMPOSED))))
 
 # Variables for Win32/Win64 cross compiler
 XGCC_W32_X86 = i686-w64-mingw32-gcc
@@ -102,8 +102,7 @@
 SCONSOPTS_HOST   := $(SCONSHOSTFLAGS) $(SCONSOPTS) \
   SKIPPLUGINS=all SKIPSTUBS=all \
   SKIPUTILS=$(IGNORE_UTILS_NSIS) SKIPDOC=COPYING
-SCONSOPTS_COMMON := APPEND_LINKFLAGS="--disable-reloc-section" \
-  $(SCONSOPTS) SKIPUTILS=$(IGNORE_UTILS_COMMON) \
+SCONSOPTS_COMMON := $(SCONSOPTS) SKIPUTILS=$(IGNORE_UTILS_COMMON) \
   SKIPDOC=COPYING
 
 INSTALL_nsis = install-utils install-compiler install-conf
@@ -113,7 +112,7 @@
 INSTALL_nsis-pluginapi = install-pluginapi
 INSTALL_FLAGS_nsis-pluginapi = $(SCONSOPTS_COMMON)
 INSTALL_nsis-doc = install-examples install-doc install-docs
-INSTALL_FLAGS_nsis-doc = $(SCONSHOSTFLAGS) $(SCONSOPTS) \
+INSTALL_FLAGS_nsis-doc = $(SCONSOPTS_COMMON) \
   SKIPUTILS=$(IGNORE_UTILS_COMMON) SKIPDOC=COPYING
 
 # Exclude test scripts which are not appropriate for POSIX platforms.

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: