From 06b9e05a208c480d496dec977921782f50360750 Mon Sep 17 00:00:00 2001 From: Vladimir Morozov Date: Thu, 8 Sep 2022 21:43:22 -0700 Subject: [PATCH 1/2] Fix application of security flags --- API/hermes/CMakeLists.txt | 3 +++ API/inspector/CMakeLists.txt | 3 +++ cmake/modules/Hermes.cmake | 6 ++++-- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/API/hermes/CMakeLists.txt b/API/hermes/CMakeLists.txt index b7d094b3734..e0b5f9429ae 100644 --- a/API/hermes/CMakeLists.txt +++ b/API/hermes/CMakeLists.txt @@ -92,6 +92,9 @@ if("${CMAKE_CXX_COMPILER_ID}" MATCHES "MSVC") # Generate PDBs set(compile_flags "${compile_flags} /Zi") + # Security flags + set(compile_flags "${compile_flags} /guard:cf /Qspectre /sdl /ZH:SHA_256") + set(link_flags_debug "/DEBUG") # Use /OPT:NOICF because hermes associates function pointer with its name. # The optimization that merges functions with the same body breaks that code. diff --git a/API/inspector/CMakeLists.txt b/API/inspector/CMakeLists.txt index c8aafcc402f..878bc03c47e 100644 --- a/API/inspector/CMakeLists.txt +++ b/API/inspector/CMakeLists.txt @@ -131,6 +131,9 @@ set(compile_flags "${compile_flags} /GR") # Generate PDBs set(compile_flags "${compile_flags} /Zi") +# Security flags +set(compile_flags "${compile_flags} /guard:cf /Qspectre /sdl /ZH:SHA_256") + set(link_flags_debug "/DEBUG") set(link_flags_release "/DEBUG;/OPT:REF;/OPT:ICF;/INCREMENTAL:NO") if(CMAKE_VS_PLATFORM_NAME MATCHES "^(x64|x86|Win32)$") diff --git a/cmake/modules/Hermes.cmake b/cmake/modules/Hermes.cmake index f8ea3ae8489..70adfbfd0d7 100644 --- a/cmake/modules/Hermes.cmake +++ b/cmake/modules/Hermes.cmake @@ -124,6 +124,10 @@ function(hermes_update_compile_flags name) endif () endif () + if (MSVC) + set(flags "${flags} /guard:cf /Qspectre /sdl /ZH:SHA_256") + endif() + if (update_src_props) foreach (fn ${sources}) get_filename_component(suf ${fn} EXT) @@ -281,8 +285,6 @@ if (MSVC) # Note: Security warnings need to be fixed / baselined to be sdl clean - 4146, 4244 and 4267 (currently disabled) set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /DYNAMICBASE /guard:cf") set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /DYNAMICBASE /guard:cf") - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /guard:cf /Qspectre /sdl /ZH:SHA_256") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /guard:cf /Qspectre /sdl /ZH:SHA_256") # Tell MSVC to use the Unicode version of the Win32 APIs instead of ANSI. # add_definitions( From 2d044427fde7ea27b68accccc3fecaf18748a695 Mon Sep 17 00:00:00 2001 From: Vladimir Morozov Date: Fri, 9 Sep 2022 11:27:55 -0700 Subject: [PATCH 2/2] Update version --- CMakeLists.txt | 2 +- npm/package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0ac9dcbc505..b80f54b84a4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -62,7 +62,7 @@ endif() # - npm/package.json # - hermes-engine.podspec project(Hermes - VERSION 0.71.0.20220908 + VERSION 0.71.0.20220909 LANGUAGES C CXX) list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/") diff --git a/npm/package.json b/npm/package.json index 34a50a1ffbd..fb5e74f273c 100644 --- a/npm/package.json +++ b/npm/package.json @@ -1,5 +1,5 @@ { - "version": "0.71.0.20220908", + "version": "0.71.0.20220909", "scripts": { "unpack-builds": "node unpack-builds.js", "unpack-builds-dev": "node unpack-builds.js --dev",