src/ssh/CMakeLists.txt audit-hardening.md - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  src/ssh/CMakeLists.txt audit-hardening.md
De:       Deuc¨
Data:     Wed, 25 Mar 2026 23:06:00 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/5929267a9f0471fa537d2315
Modified Files:
	src/ssh/CMakeLists.txt audit-hardening.md
Log Message:
Implement OpenSSF compiler hardening flags (33 of 34)

All flags from the OpenSSF Compiler Options Hardening Guide are now
feature-probed at configure time via check_c_compiler_flag and
check_linker_flag, supporting back to GCC 8 / Clang 7.

Compile-time: -Wformat=2, -Wimplicit-fallthrough,
-Werror=format-security, -Werror=implicit,
-Werror=incompatible-pointer-types, -Werror=int-conversion,
-D_FORTIFY_SOURCE=3, -fstrict-flex-arrays=3,
-fstack-clash-protection, -fstack-protector-strong,
-ftrivial-auto-var-init=zero, -fno-delete-null-pointer-checks,
-fno-strict-overflow, -fno-strict-aliasing

GCC-only: -Wtrampolines, -Wbidi-chars=any,
-fzero-init-padding-bits=all

Architecture: -fcf-protection=full (x86_64),
-mbranch-protection=standard (aarch64)

Linker: -Wl,-z,nodlopen, -Wl,-z,noexecstack,
-Wl,--as-needed, -Wl,--no-copy-dt-needed-entries

Deferred: -Wconversion (requires code changes for signedness).

Co-Authored-By: Claude Opus 4.6 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]