dropbear: bump to 2022.83

[openwrt/staging/robimarko.git] / package / network / services / dropbear / patches / 900-configure-hardening.patch

diff --git a/package/network/services/dropbear/patches/900-configure-hardening.patch b/package/network/services/dropbear/patches/900-configure-hardening.patch
index 4f806f8b2511f7d157448dcc562a46f31e0b1a9d..5dc84849befdc86f62137261e03192bb7bc20849 100644 (file)
--- a/package/network/services/dropbear/patches/900-configure-hardening.patch
+++ b/package/network/services/dropbear/patches/900-configure-hardening.patch
@@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -74,53 +74,6 @@ AC_ARG_ENABLE(harden,
+@@ -87,54 +87,6 @@ AC_ARG_ENABLE(harden,
  
  if test "$hardenbuild" -eq 1; then
        AC_MSG_NOTICE(Checking for available hardened build flags:)
@@ -11,15 +11,15 @@
 -
 -              OLDLDFLAGS="$LDFLAGS"
 -              TESTFLAGS="-Wl,-pie"
--              LDFLAGS="$LDFLAGS $TESTFLAGS"
--              AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
--                      [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+-              LDFLAGS="$TESTFLAGS $LDFLAGS"
+-              AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+-                      [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 -                      [
 -                              LDFLAGS="$OLDLDFLAGS"
 -                              TESTFLAGS="-pie"
--                              LDFLAGS="$LDFLAGS $TESTFLAGS"
--                              AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
--                                      [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+-                              LDFLAGS="$TESTFLAGS $LDFLAGS"
+-                              AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+-                                      [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 -                                      [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 -                                      )
 -                      ]
@@ -27,30 +27,31 @@
 -              # readonly elf relocation sections (relro)
 -              OLDLDFLAGS="$LDFLAGS"
 -              TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
--              LDFLAGS="$LDFLAGS $TESTFLAGS"
--              AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
--                      [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+-              LDFLAGS="$TESTFLAGS $LDFLAGS"
+-              AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+-                      [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 -                      [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 -                      )
 -      fi # non-static
 -      # stack protector. -strong is good but only in gcc 4.9 or later
 -      OLDCFLAGS="$CFLAGS"
 -      TESTFLAGS="-fstack-protector-strong"
--      CFLAGS="$CFLAGS $TESTFLAGS"
--      AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
--          [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+-      CFLAGS="$TESTFLAGS $CFLAGS"
+-      AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+-          [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 -          [
 -                      CFLAGS="$OLDCFLAGS"
 -                      TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
--                      CFLAGS="$CFLAGS $TESTFLAGS"
--                      AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
--                          [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+-                      CFLAGS="$TESTFLAGS $CFLAGS"
+-                      AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+-                          [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 -                          [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
 -                          )
 -          ]
 -          )
 -      # FORTIFY_SOURCE
 -      DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
- 
+-
        # Spectre v2 mitigations
        DB_TRYADDCFLAGS([-mfunction-return=thunk])
+       DB_TRYADDCFLAGS([-mindirect-branch=thunk])