[tor-commits] [Git][tpo/applications/tor-browser-build][maint-12.0] Bug 40822: --disable-reloc-section on NSIS stubs.

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Thu Mar 30 07:30:24 UTC 2023 


Pier Angelo Vendrame pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build


Commits:
1044b8c7 by Pier Angelo Vendrame at 2023-03-30T09:30:10+02:00
Bug 40822: --disable-reloc-section on NSIS stubs.

Out binutils version adds the reloc sections by default, but NSIS does
not work with them.
So, we need to pass a flag to disable them, otherwise users with
mandatory ASLR turned on will not be able to install Tor Browser.

- - - - -


3 changed files:

- projects/nsis/build
- projects/nsis/config
- + projects/nsis/no-reloc-section.diff


Changes:

=====================================
projects/nsis/build
=====================================
@@ -13,6 +13,12 @@ cd /var/tmp/build/nsis-[% c('version') %]-src
 # only valid for the Windows linker. Therefore we add it using a patch
 # to the cross-compilation part only. Still needed as of 3.06.1, see: #40090.
 patch -p1 < $rootdir/no-insert-timestamp.patch
+# tor-browser-build#40822: NSIS adds a flag to tell it supports ASLR, but it
+# does so only to pass MS certifications. According to the NSIS forums, they
+# intended not to ship the .reloc to save space. But, according to the bug
+# tracker, binutils 2.36 started adding a .reloc section by default, and we need
+# to disable it with this patch.
+patch -p1 < $rootdir/no-reloc-section.diff
 
 [% IF c("var/windows-x86_64") %]
   # Seems like setting TARGET_ARCH is not enough so we need to patch build.cpp


=====================================
projects/nsis/config
=====================================
@@ -24,6 +24,7 @@ input_files:
     URL: 'https://downloads.sourceforge.net/nsis/nsis-[% c("version") %]-src.tar.bz2'
     sha256sum: a85270ad5386182abecb2470e3d7e9bec9fe4efd95210b13551cb386830d1e87
   - filename: no-insert-timestamp.patch
+  - filename: no-reloc-section.diff
   - name: '[% c("var/compiler") %]'
     project: '[% c("var/compiler") %]'
   - name: zlib


=====================================
projects/nsis/no-reloc-section.diff
=====================================
@@ -0,0 +1,14 @@
+diff -Naur nsis-3.08-orig/SCons/Config/gnu nsis-3.08-src/SCons/Config/gnu
+--- nsis-3.08-orig/SCons/Config/gnu	2023-03-23 09:22:46.315471779 +0100
++++ nsis-3.08-src/SCons/Config/gnu	2023-03-23 09:24:05.260933879 +0100
+@@ -103,6 +103,10 @@
+ stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG'])        # 512 bytes align
+ stub_env.Append(LINKFLAGS = ['$MAP_FLAG'])          # generate map file
+
++# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303,
++# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303/e90f
++stub_env.Append(LINKFLAGS = ['-Wl,--disable-reloc-section'])
++
+ conf = FlagsConfigure(stub_env)
+ conf.CheckCompileFlag('-fno-tree-loop-distribute-patterns')  # GCC 10: Don't generate msvcrt!memmove calls (bug #1248)
+ conf.Finish()



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1044b8c7280c9634536ca347c5ffeaa34eaac988

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1044b8c7280c9634536ca347c5ffeaa34eaac988
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230330/883c45a5/attachment-0001.htm>

More information about the tor-commits mailing list