[tbb-bugs] #16472 [Applications/Tor Browser]: Upgrade Binutils to 2.25+ for Tor Browser builds

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 28 21:32:43 UTC 2018


#16472: Upgrade Binutils to 2.25+ for Tor Browser builds
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-rbm, boklm201802,                |  Actual Points:
  TorBrowserTeam201802R                          |
Parent ID:  #12968                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:33 boklm]:
 > Replying to [comment:32 gk]:
 > > Good stuff! I am a bit confused about why the upgrade to binutils 2.30
 suddenly needs all those `nsis` related build changes. I mean the
 hardening flags are not really changing just with the binutils update...
 So, what's up with that?
 >
 > The reason is that binutils 2.25 added this change:
 > {{{
 > * PE binaries now once again contain real timestamps by default.  To
 disable
 >   the inclusion of a timestamp in a PE binary, use the --no-insert-
 timestamp
 >   command line option.
 > }}}
 >
 > So we need to add the `--no-insert-timestamp` flag to make the build
 reproducible, which was not necessary with binutils 2.24.

 I understand that part and that's not the thing that confuses me. Before
 the patch we had
 "# remove hardening wrappers" but now we have "# Some of the hardening
 flags are causing the build to fail, so we overwrite the helpers with only
 the flags required to make the build reproducible." So, why do we have
 suddenly the need for the hardening option `-Wl,--enable-reloc-section`?
 Just because we need to deal with `--no-insert-timestamp`?

 > Alternatively, we could patch `ld/emultempl/pe.em` and change this line
 to make it false by default:
 > {{{
 > static bfd_boolean insert_timestamp = TRUE;
 > }}}

 I think we don't want that.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16472#comment:35>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list