Bug 40822: --disable-reloc-section on NSIS stubs.
Merge Info
Related Issues
- #40822 (closed)
- etc
Backport Timeline
-
Immediate - patchsets for critical bug fixes or other major blocker (e.g. fixes for a 0-day exploit) OR patchsets with trivial changes which do not need testing (e.g. fixes for typos or fixes easily verified in a local developer build) -
Next Minor Stable Release - patchset that needs to be verified in nightly before backport -
Eventually - patchset that needs to be verified in alpha before backport -
No Backport - patchset for the next major stable
The change does not affect the product, but only the installers.
I think it won't affect most of the users, but it solves a problem that prevents some users to install Tor Browser.
So, I'd say that it's a good candidate for backport to stable.
Issue Tracking
-
Link resolved issues with appropriate Release Prep issue for changelog generation
Change Description
The issue describes how to test that currently our installers don't work with mandatory ASLR.
From this old discussion:
Note that IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE is probably not going to relocate the .exe in memory since we strip the relocations to reduce the size.
It seems that for cross compiling, this relied on these section not to be created on the first place.
However, from this bug report:
Since binutils 2.36, ld will include a .reloc section by default when linking. Compiling NSIS with said binutils version required modifying SConstruct in order to pass
-Wl,--disable-reloc-sectionto the stubs environment. It appears thatAPPEND_LINKFLAGSis not being passed through.
The APPEND_LINKFLAGS problem is a known one, and another comment said how to pass that flag properly:
The stub environment flags are set in "./SCons/Config/gnu", add this line and see if this works:
stub_env.Append(LINKFLAGS = ['-Wl,--disable-reloc-section'])
So, I've created a diff file to apply with patch in the nsis project.
It seems to fix the problem.