mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-27 01:11:14 +00:00
65256aee23
- update dropbear to latest stable 2022.82; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES - use $(AUTORELEASE) in PKG_RELEASE - use https for all uris - refresh all patches - rewrite patches: - 100-pubkey_path.patch - 130-ssh_ignore_x_args.patch binary/pkg size changes: - ath79/generic, mips: - binary: 215112 -> 219228 (+4116) - pkg: 111914 -> 113404 (+1490) - ath79/tiny, mips: - binary: 172501 -> 172485 (-16) - pkg: 89871 -> 90904 (+1033) Tested-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
57 lines
1.7 KiB
Diff
57 lines
1.7 KiB
Diff
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -74,53 +74,6 @@ AC_ARG_ENABLE(harden,
|
|
|
|
if test "$hardenbuild" -eq 1; then
|
|
AC_MSG_NOTICE(Checking for available hardened build flags:)
|
|
- # relocation flags don't make sense for static builds
|
|
- if test "$STATIC" -ne 1; then
|
|
- # pie
|
|
- DB_TRYADDCFLAGS([-fPIE])
|
|
-
|
|
- OLDLDFLAGS="$LDFLAGS"
|
|
- TESTFLAGS="-Wl,-pie"
|
|
- LDFLAGS="$LDFLAGS $TESTFLAGS"
|
|
- AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
|
|
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
|
|
- [
|
|
- LDFLAGS="$OLDLDFLAGS"
|
|
- TESTFLAGS="-pie"
|
|
- LDFLAGS="$LDFLAGS $TESTFLAGS"
|
|
- AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
|
|
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
|
|
- [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
|
|
- )
|
|
- ]
|
|
- )
|
|
- # readonly elf relocation sections (relro)
|
|
- OLDLDFLAGS="$LDFLAGS"
|
|
- TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
|
|
- LDFLAGS="$LDFLAGS $TESTFLAGS"
|
|
- AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
|
|
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
|
|
- [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
|
|
- )
|
|
- fi # non-static
|
|
- # stack protector. -strong is good but only in gcc 4.9 or later
|
|
- OLDCFLAGS="$CFLAGS"
|
|
- TESTFLAGS="-fstack-protector-strong"
|
|
- CFLAGS="$CFLAGS $TESTFLAGS"
|
|
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
|
|
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
|
|
- [
|
|
- CFLAGS="$OLDCFLAGS"
|
|
- TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
|
|
- CFLAGS="$CFLAGS $TESTFLAGS"
|
|
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
|
|
- [AC_MSG_NOTICE([Setting $TESTFLAGS])],
|
|
- [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
|
|
- )
|
|
- ]
|
|
- )
|
|
- # FORTIFY_SOURCE
|
|
- DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
|
|
|
|
# Spectre v2 mitigations
|
|
DB_TRYADDCFLAGS([-mfunction-return=thunk])
|