Le samedi, 3 février 2024, 10.46:29 h CET Adam D. Barratt a écrit :
> On Sat, 2024-02-03 at 10:33 +0100, Thomas Gaugler wrote:
> > I am the maintainer of Nullsoft Scriptable Install System (NSIS) and
> > propose the changes committed into the debian/bookworm branch on the
> > 27th January 2024 to be released as updated nsis 3.08-3+deb12u1
> > packages
> > (<https://salsa.debian.org/debian/nsis/-/commits/debian/bookworm>).
>
> Thanks, but you've still not attached a debdiff of a prepared package,
> as requsted. Pointers to git are useful, but they're not the same as an
> actual package debdiff, which sometimes reveals changes that aren't
> immediately obvious from git.
>
> (A debdiff attached to the bug is also there in perpetuity.)
Here comes the debdiff as I would upload it.
Thanks for the reminder.
Best,
OdyXdiff -Nru nsis-3.08/debian/changelog nsis-3.08/debian/changelog
--- nsis-3.08/debian/changelog 2022-08-15 07:58:35.000000000 +0200
+++ nsis-3.08/debian/changelog 2024-02-05 11:18:05.000000000 +0100
@@ -1,3 +1,12 @@
+nsis (3.08-3+deb12u1) bookworm; urgency=medium
+
+ * Cherry-pick upstream commits to fix CVE-2023-37378 (Closes: #1040880)
+ * Use common options for nsis-doc installation
+ * Exclude Debian revison suffix from VER_REVISION
+ * Backport upstream commit to disable stub relocations (Closes: #1050288)
+
+ -- Thomas Gaugler <thomas@dadie.net> Mon, 05 Feb 2024 11:18:05 +0100
+
nsis (3.08-3) unstable; urgency=medium
[ Thomas Gaugler ]
diff -Nru nsis-3.08/debian/patches/CVE-2023-37378_Don-t-allow-everyone-to-delete.patch nsis-3.08/debian/patches/CVE-2023-37378_Don-t-allow-everyone-to-delete.patch
--- nsis-3.08/debian/patches/CVE-2023-37378_Don-t-allow-everyone-to-delete.patch 1970-01-01 01:00:00.000000000 +0100
+++ nsis-3.08/debian/patches/CVE-2023-37378_Don-t-allow-everyone-to-delete.patch 2024-02-05 11:18:05.000000000 +0100
@@ -0,0 +1,27 @@
+Origin: upstream, https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467.patch
+Bug: https://sf.net/p/nsis/bugs/1296
+Bug-Debian: https://bugs.debian.org/1040880
+
+From 409b5841479c44fbf33a6ba97c1146e46f965467 Mon Sep 17 00:00:00 2001
+From: Anders <anders_k@users.sourceforge.net>
+Date: Wed, 21 Jun 2023 23:38:48 +0000
+Subject: [PATCH] Don't allow everyone to delete the uninstaller directory
+
+git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@7396 212acab6-be3b-0410-9dea-997c60f758d6
+---
+ Source/exehead/util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Source/exehead/util.c b/Source/exehead/util.c
+index ba682f6f75..634d4a69f8 100644
+--- a/Source/exehead/util.c
++++ b/Source/exehead/util.c
+@@ -62,7 +62,7 @@ const UINT32 g_restrictedacl[] = {
+ 0x10000000, // ACCESS_ALLOWED_ACE:ACCESS_MASK: GENERIC_ALL
+ 0x00000201, 0x05000000, 0x00000020, 0x00000220, // ACCESS_ALLOWED_ACE:SID (BUILTIN\Administrators) NOTE: GetAdminGrpSid() relies on this being the first SID in the ACL
+ 0x00140300, // ACCESS_ALLOWED_ACE:ACE_HEADER (ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE)
+- 0x00130041, // ACCESS_ALLOWED_ACE:ACCESS_MASK: DELETE|READ_CONTROL|SYNCHRONIZE|FILE_DELETE_CHILD|FILE_LIST_DIRECTORY
++ 0x001200c1, // ACCESS_ALLOWED_ACE:ACCESS_MASK: SYNCHRONIZE|READ_CONTROL|FILE_LIST_DIRECTORY|FILE_DELETE_CHILD|FILE_READ_ATTRIBUTES
+ 0x00000101, 0x01000000, 0x00000000 // ACCESS_ALLOWED_ACE:SID (WORLD\Everyone)
+ };
+
diff -Nru nsis-3.08/debian/patches/CVE-2023-37378_Don-t-delete-old-uninstaller.patch nsis-3.08/debian/patches/CVE-2023-37378_Don-t-delete-old-uninstaller.patch
--- nsis-3.08/debian/patches/CVE-2023-37378_Don-t-delete-old-uninstaller.patch 1970-01-01 01:00:00.000000000 +0100
+++ nsis-3.08/debian/patches/CVE-2023-37378_Don-t-delete-old-uninstaller.patch 2024-02-05 11:18:05.000000000 +0100
@@ -0,0 +1,32 @@
+Origin: upstream, https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0.patch
+Bug: https://sf.net/p/nsis/bugs/1296
+Bug-Debian: https://bugs.debian.org/1040880
+
+From c40cf78994e74a1a3a381a850c996b251e3277c0 Mon Sep 17 00:00:00 2001
+From: Anders <anders_k@users.sourceforge.net>
+Date: Sat, 3 Jun 2023 15:10:54 +0000
+Subject: [PATCH] Don't delete old uninstaller if it points somewhere else
+
+git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@7394 212acab6-be3b-0410-9dea-997c60f758d6
+---
+ Source/exehead/Main.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Source/exehead/Main.c b/Source/exehead/Main.c
+index 78ff558c6e..e39c631671 100644
+--- a/Source/exehead/Main.c
++++ b/Source/exehead/Main.c
+@@ -376,10 +376,10 @@ EXTERN_C void NSISWinMainNOCRT()
+
+ if (ec)
+ {
+- // Delete previous uninstaller
+- if (DeleteFile(unexe))
++ // Delete previous uninstaller (if it is safe to do so)
++ if (!(GetFileAttributes(unexe) & FILE_ATTRIBUTE_REPARSE_POINT) && DeleteFile(unexe))
+ {
+- myDelete(state_temp_dir, DEL_DIR|DEL_RECURSE);
++ myDelete(state_temp_dir, DEL_DIR);
+ if (!retry++) goto retry_un_dir;
+ }
+ }
diff -Nru nsis-3.08/debian/patches/CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch nsis-3.08/debian/patches/CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch
--- nsis-3.08/debian/patches/CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch 1970-01-01 01:00:00.000000000 +0100
+++ nsis-3.08/debian/patches/CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch 2024-02-05 11:18:05.000000000 +0100
@@ -0,0 +1,164 @@
+Origin: upstream, https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967.patch
+Bug: https://sf.net/p/nsis/bugs/1296
+Bug-Debian: https://bugs.debian.org/1040880
+
+From 281e2851fe669d10e0650fc89d0e7fb74a598967 Mon Sep 17 00:00:00 2001
+From: Anders <anders_k@users.sourceforge.net>
+Date: Sun, 21 May 2023 16:15:16 +0000
+Subject: [PATCH] Use isolated uninstaller temp directory
+
+git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@7388 212acab6-be3b-0410-9dea-997c60f758d6
+(cherry picked from commit 281e2851fe669d10e0650fc89d0e7fb74a598967)
+---
+ Source/build.cpp | 4 +-
+ Source/exehead/Main.c | 85 ++++++++++++++++++++++++-------------------
+ Source/exehead/util.c | 6 +--
+ 3 files changed, 50 insertions(+), 45 deletions(-)
+
+diff --git a/Source/build.cpp b/Source/build.cpp
+index 90e6dd0bf1..2f64a4ca0a 100644
+--- a/Source/build.cpp
++++ b/Source/build.cpp
+@@ -2326,8 +2326,8 @@ void CEXEBuild::AddStandardStrings()
+ #ifdef NSIS_CONFIG_UNINSTALL_SUPPORT
+ if (uninstall_mode)
+ {
+- cur_header->str_uninstchild = add_asciistring(_T("$TEMP\\Un_$1.exe"));
+- cur_header->str_uninstcmd = add_asciistring(_T("\"$TEMP\\Un_$1.exe\" $0 _?=$INSTDIR\\"));
++ cur_header->str_uninstchild = add_asciistring(_T("$TEMP\\Un.exe"));
++ cur_header->str_uninstcmd = add_asciistring(_T("\"$TEMP\\Un.exe\" $0 _?=$INSTDIR\\"));
+ }
+ #endif//NSIS_CONFIG_UNINSTALL_SUPPORT
+ #ifdef NSIS_SUPPORT_MOVEONREBOOT
+diff --git a/Source/exehead/Main.c b/Source/exehead/Main.c
+index 3e0d417b56..78ff558c6e 100644
+--- a/Source/exehead/Main.c
++++ b/Source/exehead/Main.c
+@@ -348,60 +348,69 @@ EXTERN_C void NSISWinMainNOCRT()
+ }
+ else
+ {
+- int x, admin = UserIsAdminGrpMember();
+-
+- mystrcat(state_temp_dir,_T("~nsu"));
+- if (admin) mystrcat(state_temp_dir,_T("A")); // Don't lock down the directory used by non-admins
+- mystrcat(state_temp_dir,_T(".tmp"));
+-
+- // check if already running from uninstaller temp dir
+- // this prevents recursive uninstaller calls
+- if (!lstrcmpi(state_temp_dir,state_exe_directory))
+- goto end;
+-
+- admin ? CreateRestrictedDirectory(state_temp_dir) : CreateNormalDirectory(state_temp_dir);
+- SetCurrentDirectory(state_temp_dir);
+-
+- if (!(*state_install_directory))
+- mystrcpy(state_install_directory,state_exe_directory);
++ int admin = UserIsAdminGrpMember();
++ WORD tries; // 0xfffe attempts or bust
++ size_t cchtmpslash = mystrlen(state_temp_dir);
++ LPTSTR unexe = g_usrvars[5], unexecmd = g_usrvars[6];
+
+ mystrcpy(g_usrvars[0], realcmds);
+- SET2CHAR(g_usrvars[1], _T("A\0"));
+-
+- for (x = 0; x < 26; x ++)
++ if (!(*state_install_directory))
+ {
+- static TCHAR buf2[NSIS_MAX_STRLEN];
+-
+- GetNSISString(buf2,g_header->str_uninstchild); // $TEMP\Un_$1.exe
++ mystrcpy(state_install_directory, state_exe_directory);
++ }
+
+- DeleteFile(buf2); // clean up after all the other ones if they are there
++ for (tries = 0; ++tries != 0;)
++ {
++ DWORD retry = 0, ec;
++retry_un_dir:
++ wsprintf(state_temp_dir + cchtmpslash, _T("~nsu%X.tmp"), tries);
++ GetNSISString(unexe, g_header->str_uninstchild); // '$TEMP\Un.exe'
++ if (admin)
++ {
++ ec = CreateRestrictedDirectory(state_temp_dir);
++ }
++ else
++ {
++ ec = CreateNormalDirectory(state_temp_dir);
++ }
+
+- if (m_Err) // not done yet
++ if (ec)
+ {
+- // copy file
+- if (CopyFile(state_exe_path,buf2,TRUE))
++ // Delete previous uninstaller
++ if (DeleteFile(unexe))
++ {
++ myDelete(state_temp_dir, DEL_DIR|DEL_RECURSE);
++ if (!retry++) goto retry_un_dir;
++ }
++ }
++ else
++ {
++ HANDLE hProc;
++ SetCurrentDirectory(state_temp_dir);
++#ifdef NSIS_SUPPORT_MOVEONREBOOT
++ MoveFileOnReboot(state_temp_dir, NULL);
++#endif
++ if (CopyFile(state_exe_path, unexe, TRUE))
+ {
+- HANDLE hProc;
+ #ifdef NSIS_SUPPORT_MOVEONREBOOT
+- MoveFileOnReboot(buf2,NULL);
++ MoveFileOnReboot(unexe, NULL);
+ #endif
+- GetNSISString(buf2,g_header->str_uninstcmd); // '"$TEMP\Un_$1.exe" $0 _?=$INSTDIR\'
+- hProc=myCreateProcess(buf2);
++ GetNSISString(unexecmd, g_header->str_uninstcmd); // '"$TEMP\Un.exe" $0 _?=$INSTDIR\'
++ hProc = myCreateProcess(unexecmd);
+ if (hProc)
+ {
+ CloseHandle(hProc);
+- // success
+- m_Err = 0;
++ m_Err = 0; // Success
++ }
++ else if (!retry++ && !file_exists(unexe))
++ {
++ // Another instance deleted us between CopyFile and CreateProcess
++ goto retry_un_dir;
+ }
+ }
++ break; // We called CreateProcess; success or failure, we are done.
+ }
+- (*(((NSIS_STRING *)g_usrvars)[1]))++;
+ }
+-
+-#ifdef NSIS_SUPPORT_MOVEONREBOOT
+- MoveFileOnReboot(state_temp_dir,NULL);
+-#endif
+-
+ goto end;
+ }
+ }
+diff --git a/Source/exehead/util.c b/Source/exehead/util.c
+index 59c5a5f646..ba682f6f75 100644
+--- a/Source/exehead/util.c
++++ b/Source/exehead/util.c
+@@ -68,14 +68,10 @@ const UINT32 g_restrictedacl[] = {
+
+ DWORD NSISCALL CreateRestrictedDirectory(LPCTSTR path)
+ {
+- const SECURITY_INFORMATION si = OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION|PROTECTED_DACL_SECURITY_INFORMATION;
+ PSID admingrpsid = GetAdminGrpSid();
+ SECURITY_DESCRIPTOR sd = { 1, 0, SE_DACL_PRESENT, admingrpsid, admingrpsid, NULL, GetAdminGrpAcl() };
+ SECURITY_ATTRIBUTES sa = { sizeof(SECURITY_ATTRIBUTES), &sd, FALSE };
+- DWORD ec = CreateDirectory(path, &sa) ? ERROR_SUCCESS : GetLastError();
+- if (ERROR_ALREADY_EXISTS == ec)
+- ec = SetFileSecurity(path, si, &sd) ? ERROR_SUCCESS : GetLastError();
+- return ec;
++ return CreateDirectory(path, &sa) ? ERROR_SUCCESS : GetLastError();
+ }
+ DWORD NSISCALL CreateNormalDirectory(LPCTSTR path)
+ {
diff -Nru nsis-3.08/debian/patches/Disable_stub_relocations.patch nsis-3.08/debian/patches/Disable_stub_relocations.patch
--- nsis-3.08/debian/patches/Disable_stub_relocations.patch 1970-01-01 01:00:00.000000000 +0100
+++ nsis-3.08/debian/patches/Disable_stub_relocations.patch 2024-02-05 11:18:05.000000000 +0100
@@ -0,0 +1,169 @@
+Origin: backport, https://github.com/kichik/nsis/commit/4f13619f5a7bdad1968bc32343d3b161eabbd420.patch
+Bug: https://sf.net/p/nsis/bugs/1283
+Bug-Debian: https://bugs.debian.org/1050288
+
+From 4f13619f5a7bdad1968bc32343d3b161eabbd420 Mon Sep 17 00:00:00 2001
+From: Anders <anders_k@users.sourceforge.net>
+Date: Mon, 19 Sep 2022 16:40:30 +0000
+Subject: [PATCH] Disable stub relocations in newer GCC (bug #1283)
+
+git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@7365 212acab6-be3b-0410-9dea-997c60f758d6
+(cherry picked from commit 4f13619f5a7bdad1968bc32343d3b161eabbd420)
+---
+ SCons/Config/gnu | 52 +++++++++++++++-----------------------------
+ SCons/utils.py | 28 ++++++++++++++----------
+ 2 files changed, 34 insertions(+), 46 deletions(-)
+
+diff --git a/SCons/Config/gnu b/SCons/Config/gnu
+index ced5fe74a3..8318367bc2 100644
+--- a/SCons/Config/gnu
++++ b/SCons/Config/gnu
+@@ -24,6 +24,12 @@ def cross_env(env):
+
+ ### flags
+
++code_failonmswin = """
++ #ifdef _WIN32
++ #error Not supported on Windows
++ #endif
++"""
++
+ def entry(x,u):
+ if defenv['TARGET_ARCH'] == 'x86':
+ if x == 'NSISWinMainNOCRT':
+@@ -99,14 +105,14 @@
+ if not defenv['DEBUG'] and defenv['STRIP'] and defenv['STRIP_W32']:
+ stub_env.Append(LINKFLAGS = ['-s']) # strip
+ stub_env.Append(LINKFLAGS = ['-mwindows']) # build windows executables
+-stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG']) # no standard libraries
+ stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align
+ stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file
+-
+ conf = FlagsConfigure(stub_env)
+ conf.CheckCompileFlag('-fno-tree-loop-distribute-patterns') # GCC 10: Don't generate msvcrt!memmove calls (bug #1248)
++conf.CheckLinkFlag('-Wl,--disable-reloc-section') # binutils 2.36, ld will include a .reloc section by default (bug #1283)
+ conf.Finish()
+-
++stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG']) # no standard libraries
++
+ stub_uenv = stub_env.Clone()
+ stub_uenv.Append(CPPDEFINES = ['_UNICODE', 'UNICODE'])
+
+@@ -239,22 +245,18 @@ def check_requirement(ctx, func, trigger):
+ ctx.Message('Checking for %s requirement... ' % func)
+
+ flags = ctx.env['LINKFLAGS']
+-
+ ctx.env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG'])
+- ctx.env.Append(LINKFLAGS = ['-Wl,-e,___main'])
+
+- test = """
+- int __main() {
+- %s
+- return 0;
+- }
++ codeprepend = """
++ #define CONFCHECK_CALLFUNC() check
++ static int check() { %s }
+ """ % trigger
+-
+- result = not ctx.TryLink(test, '.c')
++ Import('GenerateTryLinkCode')
++ code = GenerateTryLinkCode(codeprepend = codeprepend)
++ result = not ctx.TryLink(code, '.c')
+ ctx.Result(result)
+
+ ctx.env['LINKFLAGS'] = flags
+-
+ return result
+
+ def add_file_to_emitter(env, emitter_name, file):
+@@ -289,17 +291,10 @@ cross_env(cenv)
+ conf = cenv.Configure(custom_tests = { 'CheckRequirement' : check_requirement })
+
+ memcpy_test = """
+-struct s // gcc 3
+-{
+- char c[128];
+-} t = { "test" };
+-char a[] = // gcc 4
+- {'/', 'F', 'I' ,'L', 'L', 'S', 'C', 'R', 'E', 'E', 'N', 0};
++struct s { char c[128]; } t = { "test" }; // gcc 3
++char a[] = {'/', 'F', 'I' ,'L', 'L', 'S', 'C', 'R', 'E', 'E', 'N', 0}; // gcc 4
+ int i;
+-for (i = 0; i < 100; i++) // avoid a and t being optimized out
+-{
+- i += a[i] ^ t.c[i];
+-}
++for (i = 0; i < 100; i++) i += a[i % sizeof(a)] ^ t.c[i]; // avoid a and t being optimized out
+ return i;
+ """
+
+@@ -323,7 +318,7 @@ conf.Finish()
+ #
+
+ conf = FlagsConfigure(makensis_env)
+-conf.CheckLinkFlag('-pthread')
++conf.CheckLinkFlag('-pthread', codeprepend = code_failonmswin)
+ conf.Finish()
+
+ #
+diff --git a/SCons/utils.py b/SCons/utils.py
+index c6b5cbbbca..941e582193 100644
+--- a/SCons/utils.py
++++ b/SCons/utils.py
+@@ -85,6 +85,19 @@ def GetAvailableLibs(env, libs):
+
+ return avail_libs
+
++def GenerateTryLinkCode(codeprepend = ''):
++ code = codeprepend + """
++ int main() {
++ #ifdef CONFCHECK_CALLFUNC
++ CONFCHECK_CALLFUNC();
++ #endif
++ return 0;
++ }
++ int _main() { return main(); } // mingw GCC _WIN64
++ int __main() { return main(); } // mingw GCC -nostdlib: undefined reference to __main()
++ """
++ return code
++
+ def check_compile_flag(ctx, flag):
+ """
+ Checks if a compiler flag is valid.
+@@ -108,24 +126,19 @@
+
+ return result
+
+-def check_link_flag(ctx, flag, run = 0, extension = '.c', code = None):
++def check_link_flag(ctx, flag, run = 0, extension = '.c', code = None, codeprepend = ''):
+ """
+ Checks if a linker flag is valid.
+ """
+ ctx.Message('Checking for linker flag %s... ' % flag)
+-
+ old_flags = ctx.env['LINKFLAGS']
+ ctx.env.Append(LINKFLAGS = [flag])
+
+ if code:
+- test = code
++ test = code
+ else:
+- test = """
+- int main() {
+- return 0;
+- }
+- """
+-
++ test = GenerateTryLinkCode(codeprepend = codeprepend)
++
+ result = ctx.TryLink(test, extension)
+
+ if run:
+@@ -268,4 +276,4 @@ def MakeReproducibleAction(target, source, env):
+ def SilentActionEcho(target, source, env):
+ return None
+
+-Export('GetStdSysEnvVarList AddAvailableLibs AddZLib FlagsConfigure GetAvailableLibs GetOptionOrEnv SilentActionEcho IsPEExecutable SetPESecurityFlagsWorker MakeReproducibleAction')
++Export('GetStdSysEnvVarList AddAvailableLibs AddZLib GenerateTryLinkCode FlagsConfigure GetAvailableLibs GetOptionOrEnv SilentActionEcho IsPEExecutable SetPESecurityFlagsWorker MakeReproducibleAction')
diff -Nru nsis-3.08/debian/patches/series nsis-3.08/debian/patches/series
--- nsis-3.08/debian/patches/series 2022-08-15 07:58:35.000000000 +0200
+++ nsis-3.08/debian/patches/series 2024-02-05 11:18:05.000000000 +0100
@@ -1,3 +1,7 @@
# list of patch file names in the order they are applied
keep-seh.patch
halibut-fputs-for-strings.patch
+CVE-2023-37378_Use-isolated-uninstaller-temp-directory.patch
+CVE-2023-37378_Don-t-delete-old-uninstaller.patch
+CVE-2023-37378_Don-t-allow-everyone-to-delete.patch
+Disable_stub_relocations.patch
diff -Nru nsis-3.08/debian/rules nsis-3.08/debian/rules
--- nsis-3.08/debian/rules 2022-08-15 07:58:35.000000000 +0200
+++ nsis-3.08/debian/rules 2024-02-05 11:18:05.000000000 +0100
@@ -27,7 +27,7 @@
VERSION_DECOMPOSED=$(call SPLIT,$(VERSION),. - + ~)
VER_MAJOR=$(firstword $(VERSION_DECOMPOSED))
VER_MINOR=$(word 2,$(VERSION_DECOMPOSED))
-VER_REVISION=$(word 3,$(VERSION_DECOMPOSED))
+VER_REVISION=$(firstword $(subst +, ,$(word 3,$(VERSION_DECOMPOSED))))
# Variables for Win32/Win64 cross compiler
XGCC_W32_X86 = i686-w64-mingw32-gcc
@@ -102,8 +102,7 @@
SCONSOPTS_HOST := $(SCONSHOSTFLAGS) $(SCONSOPTS) \
SKIPPLUGINS=all SKIPSTUBS=all \
SKIPUTILS=$(IGNORE_UTILS_NSIS) SKIPDOC=COPYING
-SCONSOPTS_COMMON := APPEND_LINKFLAGS="--disable-reloc-section" \
- $(SCONSOPTS) SKIPUTILS=$(IGNORE_UTILS_COMMON) \
+SCONSOPTS_COMMON := $(SCONSOPTS) SKIPUTILS=$(IGNORE_UTILS_COMMON) \
SKIPDOC=COPYING
INSTALL_nsis = install-utils install-compiler install-conf
@@ -113,7 +112,7 @@
INSTALL_nsis-pluginapi = install-pluginapi
INSTALL_FLAGS_nsis-pluginapi = $(SCONSOPTS_COMMON)
INSTALL_nsis-doc = install-examples install-doc install-docs
-INSTALL_FLAGS_nsis-doc = $(SCONSHOSTFLAGS) $(SCONSOPTS) \
+INSTALL_FLAGS_nsis-doc = $(SCONSOPTS_COMMON) \
SKIPUTILS=$(IGNORE_UTILS_COMMON) SKIPDOC=COPYING
# Exclude test scripts which are not appropriate for POSIX platforms.
Attachment:
signature.asc
Description: This is a digitally signed message part.