V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/4190_build_dropbear.sh

@@ -25,22 +25,31 @@ guard_sourcing
 #   0: on success
 #######################################
 build_dropbear() {
-  declare file
-  mkdir -p "${DIR_TMP}/build"
+  declare var_dropbear_version="2025.88"
+  declare var_tar="${VAR_SETUP_PATH}/upgrades/dropbear/dropbear-${var_dropbear_version}.tar.bz2"
+  declare var_build_dir="${DIR_TMP}/build/dropbear-${var_dropbear_version}"
 
-  cp "${VAR_SETUP_PATH}/upgrades/dropbear/dropbear-2025.88.tar.bz2" "${DIR_TMP}/build"
-  tar xjf "${DIR_TMP}/build/dropbear-2025.88.tar.bz2"
-  cp "${VAR_SETUP_PATH}/upgrades/dropbear/localoptions.h" "${DIR_TMP}/build/dropbear-2025.88"
-  cd "${DIR_TMP}/build/dropbear-2025.88" || return "${ERR_PATH_NOT_VALID}"
+  mkdir -p "${DIR_TMP}/build"
+  cp "${var_tar}" "${DIR_TMP}/build"
+  tar xjf "${DIR_TMP}/build/dropbear-${var_dropbear_version}.tar.bz2" -C "${DIR_TMP}/build" || return "${ERR_PATH_NOT_VALID}"
+  cp "${VAR_SETUP_PATH}/upgrades/dropbear/localoptions.h" "${var_build_dir}"
+  cd "${var_build_dir}" || return "${ERR_PATH_NOT_VALID}"
+
+  # Flag Purpose
+  #  -fPIE:               Generate position-independent executable code
+  #  -pie:                Link the executable as PIE (so that ASLR works)
+  #  -static:             Fully statically linked against musl
+  #  -s:                  Strip unnecessary symbols directly during linking
+  #  -Wl,-z,relro,-z,now: Enables full RELRO (symbol resolution at program startup)
 
   CC=musl-gcc \
-    CFLAGS="-Os -Wno-undef" \
-    LDFLAGS="-static -s -L/usr/local/lib" \
-    ./configure \
-      --enable-static \
-      --enable-openpty \
-      --disable-pam \
-      --disable-zlib
+  CFLAGS="-Os -fPIE -Wno-undef -fstack-protector-strong -D_FORTIFY_SOURCE=2" \
+  LDFLAGS="-static -pie -s -Wl,-z,relro,-z,now" \
+  ./configure \
+    --enable-static \
+    --enable-openpty \
+    --disable-pam \
+    --disable-zlib
 
   make -j"$(nproc)"