]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ea56fc8)
Add switches for Spectre variant 1 mitigation
authorAnatol Belski <ab@php.net>
Wed, 17 Jan 2018 13:31:51 +0000 (14:31 +0100)
committerAnatol Belski <ab@php.net>
Wed, 17 Jan 2018 13:33:08 +0000 (14:33 +0100)
win32/build/confutils.js patch | blob | history

diff --git a/win32/build/confutils.js b/win32/build/confutils.js
index a75546c86ce23011a4dff254e77b3fa52f5cc154..d8a8e34307a235d93d5ebe54760e92707847bcab 100644 (file)
--- a/win32/build/confutils.js
+++ b/win32/build/confutils.js
@@ -3068,6 +3068,19 @@ function toolset_setup_common_cflags()
                        // Set some debug/release specific options
                        ADD_FLAG('CFLAGS', ' /RTC1 ');
                } else {
+                       if (PHP_DEBUG == "no" && PHP_SECURITY_FLAGS == "yes") {
+                               /* Mitigations for Spectre variant 1, see
+                                       https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-msvc/ 
+                                       TODO backport for all supported VS versions when they release it. */
+                               if (VCVERS >= 1912) {
+                                       if (VCVERS >= 1913) {
+                                               ADD_FLAG('CFLAGS', "/Qspectre");
+                                       } else {
+                                               /* Undocumented. */
+                                               ADD_FLAG('CFLAGS', "/d2guardspecload");
+                                       }
+                               }
+                       }
                        if (VCVERS >= 1900) {
                                if (PHP_SECURITY_FLAGS == "yes") {
                                        ADD_FLAG('CFLAGS', "/guard:cf");
Unnamed repository; edit this file 'description' to name the repository.