--- Begin Message ---
Source: wine-development
Version: 1.7.28-2
Severity: wishlist
Tags: patch
Hello!
Would you mind to add option in debian/rules to build without stack protection?
Patch is available.
--
SY,
Konstantin Demin
description: add option to disable stack protection in debian/rules
author: Konstantin Demin <rockdrilla@gmail.com>
diff --git a/debian/rules b/debian/rules
index a71b228..3fa7583 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,24 @@ export DH_VERBOSE=1
# wine build fails with pie enabled
export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+# stack smashing protection
+# enable = <any non-empty value>
+# disable = <empty>
+GCC_SSP ?= yes
+
+ifeq ($(DEB_BUILD_ARCH_CPU), amd64)
+GCC_STACK_BOUNDS=4
+else
+GCC_STACK_BOUNDS=2
+endif
+# '2' raised to the power of GCC_STACK_BOUNDS is used as actual stack boundary value.
+ifeq (,$(GCC_SSP))
+DEB_BUILD_MAINT_OPTIONS :=$(DEB_BUILD_MAINT_OPTIONS),-stackprotector
+GCC_STACK_OPTS =-fno-stack-protector -mstackrealign -mincoming-stack-boundary=$(GCC_STACK_BOUNDS)
+CFLAGS +=$(GCC_STACK_OPTS)
+CXXFLAGS +=$(GCC_STACK_OPTS)
+endif
+
VERSION=$(shell dpkg-parsechangelog | grep ^Source | cut -d\ -f2 | sed s/wine//g)
DATADIR=/usr/share/wine$(VERSION)
@@ -36,13 +54,18 @@ CONFLAGS=--without-hal \
--mandir=/$(MANDIR) \
--datarootdir=$(DATADIR) \
--includedir=$(INCLUDEDIR) \
- LDFLAGS="$(LDFLAGS)" \
# enable wine64 on amd64
ifeq ($(DEB_BUILD_ARCH_CPU), amd64)
CONFLAGS+=--enable-win64
endif
+CONFLAGS+= \
+ CPPFLAGS="$(CPPFLAGS)" \
+ CFLAGS="$(CFLAGS)" \
+ CXXFLAGS="$(CXXFLAGS)" \
+ LDFLAGS="$(LDFLAGS)"
+
# additional files to generate
INSTALLS=$(shell ls debian/*VERSION* | sed s/VERSION/$(VERSION)/)
--- End Message ---
--- Begin Message ---
On Fri, Oct 10, 2014 at 2:04 AM, Konstantin Demin wrote:
> Btw, I think it's better to provide that option via DEB_BUILD_OPTIONS,
> i.e. "nossp".
$ export DEB_BUILD_MAINT_OPTIONS=hardening=-stackprotector
already does that. See the dpkg-buildflags man page for more info.
Best wishes,
Mike
--- End Message ---