openwrt/package/network/services/dropbear/patches/900-configure-hardening.patch

--- a/configure.ac
+++ b/configure.ac
@@ -80,54 +80,6 @@ AC_ARG_ENABLE(harden,
 
 if test "$hardenbuild" -eq 1; then
 	AC_MSG_NOTICE(Checking for available hardened build flags:)
-	# relocation flags don't make sense for static builds
-	if test "$STATIC" -ne 1; then
-		# pie
-		DB_TRYADDCFLAGS([-fPIE])
-
-		OLDLDFLAGS="$LDFLAGS"
-		TESTFLAGS="-Wl,-pie"
-		LDFLAGS="$TESTFLAGS $LDFLAGS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
-			[
-				LDFLAGS="$OLDLDFLAGS"
-				TESTFLAGS="-pie"
-				LDFLAGS="$TESTFLAGS $LDFLAGS"
-				AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
-					[AC_MSG_NOTICE([Setting $TESTFLAGS])],
-					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
-					)
-			]
-			)
-		# readonly elf relocation sections (relro)
-		OLDLDFLAGS="$LDFLAGS"
-		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
-		LDFLAGS="$TESTFLAGS $LDFLAGS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
-			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
-			)
-	fi # non-static
-	# stack protector. -strong is good but only in gcc 4.9 or later
-	OLDCFLAGS="$CFLAGS"
-	TESTFLAGS="-fstack-protector-strong"
-	CFLAGS="$TESTFLAGS $CFLAGS"
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
-	    [
-			CFLAGS="$OLDCFLAGS"
-			TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
-			CFLAGS="$TESTFLAGS $CFLAGS"
-			AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
-			    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
-			    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
-			    )
-	    ]
-	    )
-	# FORTIFY_SOURCE
-	DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])
-
 	# Spectre v2 mitigations
 	DB_TRYADDCFLAGS([-mfunction-return=thunk])
 	DB_TRYADDCFLAGS([-mindirect-branch=thunk])