From 92768553ffbd17b2f9a994ecacdb5d746cb36395 Mon Sep 17 00:00:00 2001
From: Joseph Herlant <aerostitch@google.com>
Date: Sat, 25 Jan 2020 07:37:45 -0800
Subject: add:cmake: add compilation flags to harden the security of navit
 (#969)

* add:cmake: add compilation flags to harden the security of navit

* Try to add the compiler flags outside of the GCC condition

* Simplify the addition of compiler flags and do not rely on non-recommended CMake variable

* Is the O2 level of optimization helping the invalid arg detection?

* Leaving the optimization level up to the preference of the person building

Co-authored-by: Stefan Wildemann <metalstrolch@users.noreply.github.com>
Co-authored-by: jkoan <jkoan@users.noreply.github.com>
---
 CMakeLists.txt | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

(limited to 'CMakeLists.txt')

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 214c638a6..f3f808b8f 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -826,17 +826,21 @@ CONFIGURE_FILE("${CMAKE_CURRENT_SOURCE_DIR}/config.h.in"
 #                        functions implementing the interface of a plugin.
 # -Wno-sign-compare: We currently just use int almost everywhere.
 #                    Unclear if it's really worth correcting.
-if(CMAKE_COMPILER_IS_GNUCC OR CCMAKE_COMPILER_IS_GNUCXX)
-	set(COMMON_COMPILER_FLAGS "-Wall -Wundef -Wcast-align -Wpointer-arith -Wno-unused-parameter -Wno-sign-compare")
-	set(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS} ${COMMON_COMPILER_FLAGS}")
-	set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} ${COMMON_COMPILER_FLAGS}")
-	# flags not available in old GCC versions, or not for both C and C++
-	add_compiler_flag_if_available("-Wno-missing-field-initializers")
-	add_compiler_flag_if_available("-Wextra")
-	add_compiler_flag_if_available("-Wmissing-prototypes")
-	add_compiler_flag_if_available("-Wstrict-prototypes")
-	add_compiler_flag_if_available("-Wformat-security")
-endif()
+add_compiler_flag_if_available("-Wall")
+add_compiler_flag_if_available("-Wno-unused-parameter")
+add_compiler_flag_if_available("-Wno-sign-compare")
+add_compiler_flag_if_available("-Wno-missing-field-initializers")
+add_compiler_flag_if_available("-Wundef")
+add_compiler_flag_if_available("-Wcast-align")
+add_compiler_flag_if_available("-Wpointer-arith")
+add_compiler_flag_if_available("-Wextra")
+add_compiler_flag_if_available("-Wdate-time")
+add_compiler_flag_if_available("-Wmissing-prototypes")
+add_compiler_flag_if_available("-Wstrict-prototypes")
+add_compiler_flag_if_available("-Wformat-security")
+add_compiler_flag_if_available("-Werror=format-security")
+add_compiler_flag_if_available("-fstack-protector-strong")
+add_compiler_flag_if_available("-D_FORTIFY_SOURCE=2")
 
 if (EXTRA_DEFINES)
 	add_definitions("${EXTRA_DEFINES}")
-- 
cgit v1.2.1