1482268 - Builds with LLD don't have RELRO

Status: RESOLVED FIXED

(Firefox Build System :: General, enhancement)

Description

[Mike Hommey [:glandium]]

By pure chance, I found that stripping lld-linked binaries removes the GNU_RELRO segment, removing the hardening from bug 1359912.

This seems like a bug in binutils, and upgrading binutils should be enough, but since that changes many things, we need to handle this with care.

Comment 2

[Mike Hommey [:glandium]]

Attachment: Bug 1482268 - Upgrade binutils for clang builds to 2.31.1.

All the Linux builds using GCC uses the binutils bundled with GCC. This
gives us some leeway to update the binutils used for clang builds (using
the binutils toolchain as of bug 1486998) separately.

Since we only ship builds using GCC, we're more free to upgrade
binutils for clang builds, without worrying about the next merge.

This upgrades to the last released version of binutils, and applies the
patch from https://sourceware.org/bugzilla/show_bug.cgi?id=23591 on top,
so that asan fuzzing builds don't fail.

The GPG key used to sign the upstream tarball is unfortunately not
connected to the web of trust. I verified the contents matched what's in
the Debian archive (which has a different tarball, because some files
are removed/modified in Debian for license reasons ; there were no
differences besides those).

Depends on D4740

Comment 3

[Nathan Froyd [:froydnj]]

Comment on attachment 9005576 [details]
Bug 1482268 - Upgrade binutils for clang builds to 2.31.1.

Nathan Froyd [:froydnj] has approved the revision.

Comment 4

[Pulsebot]

Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/f3caf291fde8
Upgrade binutils for clang builds to 2.31.1. r=froydnj

Comment 5

[Cosmin Sabou [:CosminS]]

https://hg.mozilla.org/mozilla-central/rev/f3caf291fde8