diff options
| author | luigi1111 <luigi1111w@gmail.com> | 2019-10-25 13:48:25 -0500 |
|---|---|---|
| committer | luigi1111 <luigi1111w@gmail.com> | 2019-10-25 13:48:25 -0500 |
| commit | 4e2b139e7252fc4f72b63ea475e4611153f9b339 (patch) | |
| tree | 93ad44ad9288de8e68640b799224a92ff970c236 | |
| parent | Merge pull request #6019 (diff) | |
| parent | Windows: enable high-entropy ASLR where available (diff) | |
| download | monero-4e2b139e7252fc4f72b63ea475e4611153f9b339.tar.xz | |
Merge pull request #6020
3816ac2 build: fix building on Windows due to _FORTIFY_SOURCE changes in MSYS2 (iDunk5400)
78b076c Windows: enable high-entropy ASLR where available (iDunk5400)
| -rw-r--r-- | CMakeLists.txt | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index a8b2569fa..03ede0483 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -620,7 +620,7 @@ else() add_cxx_flag_if_supported(-Wformat-security CXX_SECURITY_FLAGS) # -fstack-protector - if (NOT WIN32 AND NOT OPENBSD) + if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) add_c_flag_if_supported(-fstack-protector C_SECURITY_FLAGS) add_cxx_flag_if_supported(-fstack-protector CXX_SECURITY_FLAGS) add_c_flag_if_supported(-fstack-protector-strong C_SECURITY_FLAGS) @@ -628,9 +628,11 @@ else() endif() # New in GCC 8.2 - if (NOT WIN32 AND NOT OPENBSD) + if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) add_c_flag_if_supported(-fcf-protection=full C_SECURITY_FLAGS) add_cxx_flag_if_supported(-fcf-protection=full CXX_SECURITY_FLAGS) + endif() + if (NOT WIN32 AND NOT OPENBSD) add_c_flag_if_supported(-fstack-clash-protection C_SECURITY_FLAGS) add_cxx_flag_if_supported(-fstack-clash-protection CXX_SECURITY_FLAGS) endif() @@ -642,8 +644,8 @@ else() endif() # linker - if (NOT WIN32) - # Windows binaries die on startup with PIE + if (NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) + # Windows binaries die on startup with PIE when compiled with GCC <9.x add_linker_flag_if_supported(-pie LD_SECURITY_FLAGS) endif() add_linker_flag_if_supported(-Wl,-z,relro LD_SECURITY_FLAGS) @@ -667,6 +669,7 @@ else() if (WIN32) add_linker_flag_if_supported(-Wl,--dynamicbase LD_SECURITY_FLAGS) add_linker_flag_if_supported(-Wl,--nxcompat LD_SECURITY_FLAGS) + add_linker_flag_if_supported(-Wl,--high-entropy-va LD_SECURITY_FLAGS) endif() message(STATUS "Using C security hardening flags: ${C_SECURITY_FLAGS}") |