Pier Angelo Vendrame pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build
Commits: 1044b8c7 by Pier Angelo Vendrame at 2023-03-30T09:30:10+02:00 Bug 40822: --disable-reloc-section on NSIS stubs.
Out binutils version adds the reloc sections by default, but NSIS does not work with them. So, we need to pass a flag to disable them, otherwise users with mandatory ASLR turned on will not be able to install Tor Browser.
- - - - -
3 changed files:
- projects/nsis/build - projects/nsis/config - + projects/nsis/no-reloc-section.diff
Changes:
===================================== projects/nsis/build ===================================== @@ -13,6 +13,12 @@ cd /var/tmp/build/nsis-[% c('version') %]-src # only valid for the Windows linker. Therefore we add it using a patch # to the cross-compilation part only. Still needed as of 3.06.1, see: #40090. patch -p1 < $rootdir/no-insert-timestamp.patch +# tor-browser-build#40822: NSIS adds a flag to tell it supports ASLR, but it +# does so only to pass MS certifications. According to the NSIS forums, they +# intended not to ship the .reloc to save space. But, according to the bug +# tracker, binutils 2.36 started adding a .reloc section by default, and we need +# to disable it with this patch. +patch -p1 < $rootdir/no-reloc-section.diff
[% IF c("var/windows-x86_64") %] # Seems like setting TARGET_ARCH is not enough so we need to patch build.cpp
===================================== projects/nsis/config ===================================== @@ -24,6 +24,7 @@ input_files: URL: 'https://downloads.sourceforge.net/nsis/nsis-%5B% c("version") %]-src.tar.bz2' sha256sum: a85270ad5386182abecb2470e3d7e9bec9fe4efd95210b13551cb386830d1e87 - filename: no-insert-timestamp.patch + - filename: no-reloc-section.diff - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - name: zlib
===================================== projects/nsis/no-reloc-section.diff ===================================== @@ -0,0 +1,14 @@ +diff -Naur nsis-3.08-orig/SCons/Config/gnu nsis-3.08-src/SCons/Config/gnu +--- nsis-3.08-orig/SCons/Config/gnu 2023-03-23 09:22:46.315471779 +0100 ++++ nsis-3.08-src/SCons/Config/gnu 2023-03-23 09:24:05.260933879 +0100 +@@ -103,6 +103,10 @@ + stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align + stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file + ++# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303, ++# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303/e90f ++stub_env.Append(LINKFLAGS = ['-Wl,--disable-reloc-section']) ++ + conf = FlagsConfigure(stub_env) + conf.CheckCompileFlag('-fno-tree-loop-distribute-patterns') # GCC 10: Don't generate msvcrt!memmove calls (bug #1248) + conf.Finish()
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/10...
tor-commits@lists.torproject.org