Bug 40822: --disable-reloc-section on NSIS stubs.

Merge Info

Related Issues

• #40822 (closed)
• etc

Backport Timeline

• Immediate - patchsets for critical bug fixes or other major blocker (e.g. fixes for a 0-day exploit) OR patchsets with trivial changes which do not need testing (e.g. fixes for typos or fixes easily verified in a local developer build)
• Next Minor Stable Release - patchset that needs to be verified in nightly before backport
• Eventually - patchset that needs to be verified in alpha before backport
• No Backport - patchset for the next major stable

The change does not affect the product, but only the installers.

I think it won't affect most of the users, but it solves a problem that prevents some users to install Tor Browser.

So, I'd say that it's a good candidate for backport to stable.

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Change Description

The issue describes how to test that currently our installers don't work with mandatory ASLR.

From this old discussion:

Note that IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE is probably not going to relocate the .exe in memory since we strip the relocations to reduce the size.

It seems that for cross compiling, this relied on these section not to be created on the first place.

However, from this bug report:

Since binutils 2.36, ld will include a .reloc section by default when linking. Compiling NSIS with said binutils version required modifying SConstruct in order to pass -Wl,--disable-reloc-section to the stubs environment. It appears that APPEND_LINKFLAGS is not being passed through.

The APPEND_LINKFLAGS problem is a known one, and another comment said how to pass that flag properly:

The stub environment flags are set in "./SCons/Config/gnu", add this line and see if this works:

stub_env.Append(LINKFLAGS = ['-Wl,--disable-reloc-section'])

So, I've created a diff file to apply with patch in the nsis project.

It seems to fix the problem.