Closed Bug 1482268 Opened 3 years ago Closed 3 years ago

Builds with LLD don't have RELRO


(Firefox Build System :: General, enhancement)

Not set


(firefox63 fixed)

Tracking Status
firefox63 --- fixed


(Reporter: glandium, Assigned: glandium)


(Blocks 2 open bugs)



(1 file)

By pure chance, I found that stripping lld-linked binaries removes the GNU_RELRO segment, removing the hardening from bug 1359912.

This seems like a bug in binutils, and upgrading binutils should be enough, but since that changes many things, we need to handle this with care.
Blocks: 1481721
Duplicate of this bug: 1485556
Depends on: 1482266
Blocks: 1482266
Depends on: 1486998
No longer depends on: 1482266
Assignee: nobody → mh+mozilla
All the Linux builds using GCC uses the binutils bundled with GCC. This
gives us some leeway to update the binutils used for clang builds (using
the binutils toolchain as of bug 1486998) separately.

Since we only ship builds using GCC, we're more free to upgrade
binutils for clang builds, without worrying about the next merge.

This upgrades to the last released version of binutils, and applies the
patch from on top,
so that asan fuzzing builds don't fail.

The GPG key used to sign the upstream tarball is unfortunately not
connected to the web of trust. I verified the contents matched what's in
the Debian archive (which has a different tarball, because some files
are removed/modified in Debian for license reasons ; there were no
differences besides those).

Depends on D4740
Depends on: 1487330
Comment on attachment 9005576 [details]
Bug 1482268 - Upgrade binutils for clang builds to 2.31.1.

Nathan Froyd [:froydnj] has approved the revision.
Attachment #9005576 - Flags: review+
Attachment #9005576 - Attachment description: Bug 1482268 - Upgrade binutils for clang builds to 2.31.1. r?build → Bug 1482268 - Upgrade binutils for clang builds to 2.31.1.
Pushed by
Upgrade binutils for clang builds to 2.31.1. r=froydnj
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.