From 3816ac24f0269e538c5c015884a6215150de32f0 Mon Sep 17 00:00:00 2001 From: iDunk5400 Date: Thu, 24 Oct 2019 21:35:20 +0200 Subject: [PATCH] build: fix building on Windows due to _FORTIFY_SOURCE changes in MSYS2 Also, enable other hardening options that work on Windows with GCC 9.x --- CMakeLists.txt | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a8b2569fa..7e9dae833 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -620,7 +620,7 @@ else() add_cxx_flag_if_supported(-Wformat-security CXX_SECURITY_FLAGS) # -fstack-protector - if (NOT WIN32 AND NOT OPENBSD) + if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) add_c_flag_if_supported(-fstack-protector C_SECURITY_FLAGS) add_cxx_flag_if_supported(-fstack-protector CXX_SECURITY_FLAGS) add_c_flag_if_supported(-fstack-protector-strong C_SECURITY_FLAGS) @@ -628,9 +628,11 @@ else() endif() # New in GCC 8.2 - if (NOT WIN32 AND NOT OPENBSD) + if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) add_c_flag_if_supported(-fcf-protection=full C_SECURITY_FLAGS) add_cxx_flag_if_supported(-fcf-protection=full CXX_SECURITY_FLAGS) + endif() + if (NOT WIN32 AND NOT OPENBSD) add_c_flag_if_supported(-fstack-clash-protection C_SECURITY_FLAGS) add_cxx_flag_if_supported(-fstack-clash-protection CXX_SECURITY_FLAGS) endif() @@ -642,8 +644,8 @@ else() endif() # linker - if (NOT WIN32) - # Windows binaries die on startup with PIE + if (NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) + # Windows binaries die on startup with PIE when compiled with GCC <9.x add_linker_flag_if_supported(-pie LD_SECURITY_FLAGS) endif() add_linker_flag_if_supported(-Wl,-z,relro LD_SECURITY_FLAGS)