From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 14 Dec 2023 11:56:11 +0000 (+0100)
Subject: CI: Enable more compiler hardening options during our CI run
X-Git-Tag: auth-4.9.0-alpha1~19^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11c5018a47bf6531cbbb44a15ba3cc1ab6b1eb93;p=thirdparty%2Fpdns.git

CI: Enable more compiler hardening options during our CI run

Based on the OpenSSF compiler options hardening guide for C and
C++: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++
---

diff --git a/tasks.py b/tasks.py
index e745d5ee77..599f769056 100644
--- a/tasks.py
+++ b/tasks.py
@@ -406,6 +406,9 @@ def get_cflags():
         "-Werror=shadow",
         "-Wformat=2",
         "-Werror=format-security",
+        "-fstack-clash-protection",
+        "-fstack-protector-strong",
+        "-fcf-protection=full",
         "-Werror=string-plus-int" if is_compiler_clang() else '',
     ])