CI: Enable more compiler hardening options during our CI run

author Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 14 Dec 2023 11:56:11 +0000 (12:56 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 14 Dec 2023 11:56:11 +0000 (12:56 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 14 Dec 2023 11:56:11 +0000 (12:56 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 14 Dec 2023 11:56:11 +0000 (12:56 +0100)
diff --git a/tasks.py b/tasks.py

index e745d5ee7788a220b8633eba14c7d3e2b3abaf66..599f7690565d7e69d6a5cbf078a6fe0e41abf065 100644 (file)
--- a/tasks.py
+++ b/tasks.py
@@ -406,6 +406,9 @@ def get_cflags():
          "-Werror=shadow",
          "-Wformat=2",
          "-Werror=format-security",
+        "-fstack-clash-protection",
+        "-fstack-protector-strong",
+        "-fcf-protection=full",
          "-Werror=string-plus-int" if is_compiler_clang() else '',
      ])
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 14 Dec 2023 11:56:11 +0000 (12:56 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 14 Dec 2023 11:56:11 +0000 (12:56 +0100)