projects / openwrt / openwrt.git / blob
? search:


4f806f8b2511f7d157448dcc562a46f31e0b1a9d
[openwrt/openwrt.git] / package / network / services / dropbear / patches / 900-configure-hardening.patch
1 --- a/configure.ac
2 +++ b/configure.ac
3 @@ -74,53 +74,6 @@ AC_ARG_ENABLE(harden,
4
5 if test "$hardenbuild" -eq 1; then
6 AC_MSG_NOTICE(Checking for available hardened build flags:)
7 - # relocation flags don't make sense for static builds
8 - if test "$STATIC" -ne 1; then
9 - # pie
10 - DB_TRYADDCFLAGS([-fPIE])
11 -
12 - OLDLDFLAGS="$LDFLAGS"
13 - TESTFLAGS="-Wl,-pie"
14 - LDFLAGS="$LDFLAGS $TESTFLAGS"
15 - AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
16 - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
17 - [
18 - LDFLAGS="$OLDLDFLAGS"
19 - TESTFLAGS="-pie"
20 - LDFLAGS="$LDFLAGS $TESTFLAGS"
21 - AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
22 - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
23 - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
24 - )
25 - ]
26 - )
27 - # readonly elf relocation sections (relro)
28 - OLDLDFLAGS="$LDFLAGS"
29 - TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
30 - LDFLAGS="$LDFLAGS $TESTFLAGS"
31 - AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
32 - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
33 - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
34 - )
35 - fi # non-static
36 - # stack protector. -strong is good but only in gcc 4.9 or later
37 - OLDCFLAGS="$CFLAGS"
38 - TESTFLAGS="-fstack-protector-strong"
39 - CFLAGS="$CFLAGS $TESTFLAGS"
40 - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
41 - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
42 - [
43 - CFLAGS="$OLDCFLAGS"
44 - TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
45 - CFLAGS="$CFLAGS $TESTFLAGS"
46 - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
47 - [AC_MSG_NOTICE([Setting $TESTFLAGS])],
48 - [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
49 - )
50 - ]
51 - )
52 - # FORTIFY_SOURCE
53 - DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
54
55 # Spectre v2 mitigations
56 DB_TRYADDCFLAGS([-mfunction-return=thunk])
OpenWrt Source Repository