Re: [OTR-dev] Fwd: DEP and ASLR on Windows don't appear to be really enabled in the 4.0.0 pidgin-otr release

[Ian Goldberg]

OK, I think I figured it out.  Here are the diffs for libotr and
pidgin-otr.

Daniel, can you try out

http://www.cypherpunks.ca/otr/binaries/windows/pidgin-otr-4.0.0-1beta1.exe

and tell me if that build looks better with respect to DEP/ALSR?

Thanks,

   - Ian

diff --git a/ChangeLog b/ChangeLog
index 9104ee3..bbe0356 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-09-09
+
+	* configure.ac: Make linker hardening [DEP, ALSR] work on
+	Windows builds.  Thanks to Daniel Atallah <datal...@pidgin.im>
+	for noticing that it wasn't working before.
+
 2012-09-04
 
 	* README: Release 4.0.0
diff --git a/configure.ac b/configure.ac
index e523d67..ccaaffd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -159,8 +159,8 @@ if test x$enable_gcc_hardening != xno; then
     else
         OTR_CHECK_CFLAGS(-fPIE)
         OTR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
-        OTR_CHECK_LDFLAGS(--dynamicbase, "$all_ldflags_for_check", "$all_libs_for_check")
-        OTR_CHECK_LDFLAGS(--nxcompat, "$all_ldflags_for_check", "$all_libs_for_check")
+        OTR_CHECK_LDFLAGS([-Wl,--dynamicbase], "$all_ldflags_for_check", "$all_libs_for_check")
+        OTR_CHECK_LDFLAGS([-Wl,--nxcompat], "$all_ldflags_for_check", "$all_libs_for_check")
     fi
 fi
 

diff --git a/ChangeLog b/ChangeLog
index 74fad13..6e7f942 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-09-09
+
+	* Makefile.mingw: Make ld hardening [DEP, ALSR] work on Windows
+	builds.  Thanks to Daniel Atallah <datal...@pidgin.im>
+	for noticing that it wasn't working before.
+
 2012-09-06
 
 	* gtk-dialog.c:
diff --git a/Makefile.mingw b/Makefile.mingw
index 4a0bd8d..8e8ba1c 100644
--- a/Makefile.mingw
+++ b/Makefile.mingw
@@ -65,8 +65,8 @@ CC_HARDENING_OPTIONS ?= -fstack-protector-all -Wstack-protector -fwrapv \
 	--param ssp-buffer-size=1 -fno-strict-overflow -Wall -Wextra \
 	-Wno-unused-parameter -Wno-missing-field-initializers -Wformat-security
 # In theory, we'd also like the following:
-# LD_HARDENING_OPTIONS ?= -dynamicbase --nxcompat -pie -z relro -z now
-LD_HARDENING_OPTIONS ?= --dynamicbase --nxcompat
+# LD_HARDENING_OPTIONS ?= -Wl,-dynamicbase -Wl,--nxcompat -pie -z relro -z now
+LD_HARDENING_OPTIONS ?= -Wl,--dynamicbase -Wl,--nxcompat
 
 CC = i586-mingw32msvc-gcc
 LDFLAGS = -Wl,--enable-auto-image-base $(LD_HARDENING_OPTIONS)
diff --git a/packaging/windows/pidgin-otr.nsi b/packaging/windows/pidgin-otr.nsi
index 26d8b30..fdcd74d 100644
--- a/packaging/windows/pidgin-otr.nsi
+++ b/packaging/windows/pidgin-otr.nsi
@@ -3,6 +3,7 @@
 ;
 ; known issue. installer induced uninstaller abortion causes overwrite
 ; by installer without uninstall.
+; v4.0.0-1 - Include linker hardening [DEP, ALSR] for Windows build
 ; v4.0.0   - New source version.
 ; v3.2.0   - New source version.
 ; v3.1.0   - New source version.  Install and uninstall i18n files.
@@ -26,7 +27,7 @@
 ; todo: SetBrandingImage
 ; HM NIS Edit Wizard helper defines
 !define PRODUCT_NAME "pidgin-otr"
-!define PRODUCT_VERSION "4.0.0-0"
+!define PRODUCT_VERSION "4.0.0-1"
 !define PRODUCT_PUBLISHER "Cypherpunks CA"
 !define PRODUCT_WEB_SITE "http://otr.cypherpunks.ca/";
 !define PRODUCT_UNINST_KEY "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PRODUCT_NAME}"

_______________________________________________
OTR-dev mailing list
OTR-dev@lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev