build: fix building on Windows due to _FORTIFY_SOURCE changes in MSYS2

Also, enable other hardening options that work on Windows with GCC 9.x
This commit is contained in:
iDunk5400 2019-10-24 21:35:20 +02:00
parent 81f6c3745e
commit 3816ac24f0
No known key found for this signature in database
GPG key ID: 0F1715596D812FD8

View file

@ -620,7 +620,7 @@ else()
add_cxx_flag_if_supported(-Wformat-security CXX_SECURITY_FLAGS) add_cxx_flag_if_supported(-Wformat-security CXX_SECURITY_FLAGS)
# -fstack-protector # -fstack-protector
if (NOT WIN32 AND NOT OPENBSD) if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1)))
add_c_flag_if_supported(-fstack-protector C_SECURITY_FLAGS) add_c_flag_if_supported(-fstack-protector C_SECURITY_FLAGS)
add_cxx_flag_if_supported(-fstack-protector CXX_SECURITY_FLAGS) add_cxx_flag_if_supported(-fstack-protector CXX_SECURITY_FLAGS)
add_c_flag_if_supported(-fstack-protector-strong C_SECURITY_FLAGS) add_c_flag_if_supported(-fstack-protector-strong C_SECURITY_FLAGS)
@ -628,9 +628,11 @@ else()
endif() endif()
# New in GCC 8.2 # New in GCC 8.2
if (NOT WIN32 AND NOT OPENBSD) if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1)))
add_c_flag_if_supported(-fcf-protection=full C_SECURITY_FLAGS) add_c_flag_if_supported(-fcf-protection=full C_SECURITY_FLAGS)
add_cxx_flag_if_supported(-fcf-protection=full CXX_SECURITY_FLAGS) add_cxx_flag_if_supported(-fcf-protection=full CXX_SECURITY_FLAGS)
endif()
if (NOT WIN32 AND NOT OPENBSD)
add_c_flag_if_supported(-fstack-clash-protection C_SECURITY_FLAGS) add_c_flag_if_supported(-fstack-clash-protection C_SECURITY_FLAGS)
add_cxx_flag_if_supported(-fstack-clash-protection CXX_SECURITY_FLAGS) add_cxx_flag_if_supported(-fstack-clash-protection CXX_SECURITY_FLAGS)
endif() endif()
@ -642,8 +644,8 @@ else()
endif() endif()
# linker # linker
if (NOT WIN32) if (NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1)))
# Windows binaries die on startup with PIE # Windows binaries die on startup with PIE when compiled with GCC <9.x
add_linker_flag_if_supported(-pie LD_SECURITY_FLAGS) add_linker_flag_if_supported(-pie LD_SECURITY_FLAGS)
endif() endif()
add_linker_flag_if_supported(-Wl,-z,relro LD_SECURITY_FLAGS) add_linker_flag_if_supported(-Wl,-z,relro LD_SECURITY_FLAGS)