meson.build has been enabling ASLR _only_ for debug builds since
commit d2147e04f95f ("configure: move Windows flags detection to meson",
2022-05-07); instead it was supposed to disable it for debug builds.

However, the flag has been enabled for DLLs upstream for roughly 2
years (https://sourceware.org/bugzilla/show_bug.cgi?id=19011), and
also by some distros including Debian for 6 years even
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836365).

Enable it unconditionally; we can fix the reversed logic of commit
d2147e04f95f later if there are any reports, but for now just
enable the hardening.

Also add -Wl,--high-entropy-va, which also controls ASLR.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 meson.build | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/meson.build b/meson.build
index 5c6b5a1c757f..d61c7a82f112 100644
--- a/meson.build
+++ b/meson.build
@@ -193,10 +193,7 @@ qemu_ldflags += cc.get_supported_link_arguments('-Wl,-z,relro', '-Wl,-z,now')
 
 if targetos == 'windows'
   qemu_ldflags += cc.get_supported_link_arguments('-Wl,--no-seh', '-Wl,--nxcompat')
-  # Disable ASLR for debug builds to allow debugging with gdb
-  if get_option('optimization') == '0'
-    qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase')
-  endif
+  qemu_ldflags += cc.get_supported_link_arguments('-Wl,--dynamicbase', '-Wl,--high-entropy-va')
 endif
 
 if get_option('gprof')
-- 
2.38.1