cmake: use add_compile_option & add new security flags

- Replacement of CMAKE_CXX_FLAGS by add_compile_option where it was
  possible
- Addition of new compiler flags which are interesting in terms of
  software security
- Do not mix coverage flags with -O0 and -g

.travis.yml

@@ -10,7 +10,7 @@ matrix:
       dist: xenial
       sudo: required
       compiler: gcc
-      env: COVERAGE=1 CMAKE_OPTIONS="-DCMAKE_BUILD_TYPE=Release -DEXIV2_ENABLE_VIDEO=ON -DEXIV2_ENABLE_WEBREADY=ON -DEXIV2_BUILD_UNIT_TESTS=ON -DBUILD_WITH_COVERAGE=ON -DEXIV2_ENABLE_CURL=ON"
+      env: COVERAGE=1 CMAKE_OPTIONS="-DCMAKE_BUILD_TYPE=Debug -DEXIV2_ENABLE_VIDEO=ON -DEXIV2_ENABLE_WEBREADY=ON -DEXIV2_BUILD_UNIT_TESTS=ON -DBUILD_WITH_COVERAGE=ON -DEXIV2_ENABLE_CURL=ON"
 
     - os: linux
       dist: xenial

cmake/compilerFlags.cmake

@@ -20,17 +20,24 @@ if ( MINGW OR UNIX OR MSYS ) # MINGW, Linux, APPLE, CYGWIN
         endif()
     endif()
 
-    if (COMPILER_IS_GCC OR COMPILER_IS_CLANG)
+    if (COMPILER_IS_GCC)
+        add_compile_options(-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS)
+        if (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL 8.0 )
+            add_compile_options(-fstack-clash-protection -fcf-protection)
+        endif()
+    endif()
 
+    if (COMPILER_IS_GCC OR COMPILER_IS_CLANG)
         if(BUILD_WITH_COVERAGE)
-            set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g ")
-            set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O0")
-            set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs")
-            set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -ftest-coverage")
+            # Note: We tried to use here add_compile_options but we got linker errors on Travis-CI
+            set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} --coverage -fprofile-arcs -ftest-coverage")
             set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} --coverage")
         endif()
 
-        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wcast-align -Wpointer-arith -Wformat-security -Wmissing-format-attribute -Woverloaded-virtual -W")
+        add_compile_options(-Wall -Wcast-align -Wpointer-arith -Wformat-security -Wmissing-format-attribute -Woverloaded-virtual -W)
+        add_compile_options(-fstack-protector-strong)
+        add_compile_options(-fasynchronous-unwind-tables)
+
 
         if ( EXIV2_TEAM_USE_SANITIZERS )
             # ASAN is available in gcc from 4.8 and UBSAN from 4.9
@@ -61,82 +68,8 @@ if ( MINGW OR UNIX OR MSYS ) # MINGW, Linux, APPLE, CYGWIN
                 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${SANITIZER_FLAGS}")
                 set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} ${SANITIZER_FLAGS}")
             endif()
-
         endif()
-
-        if ( EXIV2_TEAM_EXTRA_WARNINGS )
-            # Note that this is intended to be used only by Exiv2 developers/contributors.
-
-            if ( COMPILER_IS_GCC )
-                if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.0 )
-                    string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
-                        " -Wextra"
-                        " -Wlogical-op"
-                        " -Wdouble-promotion"
-                        " -Wshadow"
-                        " -Wuseless-cast"
-                        " -Wpointer-arith" # This warning is also enabled by -Wpedantic
-                        " -Wformat=2"
-                        #" -Wold-style-cast"
-                    )
-                endif ()
-
-                if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 5.0 )
-                  string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
-                    " -Warray-bounds=2"
-                    )
-                endif ()
-
-                if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 6.0 )
-                    string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
-                        " -Wduplicated-cond"
-                    )
-                endif ()
-
-                if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 7.0 )
-                    string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
-                        " -Wduplicated-branches"
-                        " -Wrestrict"
-                    )
-                endif ()
-            endif ()
-
-            if ( COMPILER_IS_CLANG )
-                # https://clang.llvm.org/docs/DiagnosticsReference.html
-                # These variables are at least available since clang 3.9.1
-                string(CONCAT EXTRA_COMPILE_FLAGS "-Wextra"
-                    " -Wshadow"
-                    " -Wassign-enum"
-                    " -Wmicrosoft"
-                    " -Wcomments"
-                    " -Wconditional-uninitialized"
-                    " -Wdirect-ivar-access"
-                    " -Weffc++"
-                    " -Wpointer-arith"
-                    " -Wformat=2"
-                    #" -Warray-bounds" # Enabled by default
-                    # These two raises lot of warnings. Use them wisely
-                    #" -Wconversion"
-                    #" -Wold-style-cast"
-                )
-                # -Wdouble-promotion flag is not available in clang 3.4.2
-                if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 3.4.2 )
-                    string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
-                        " -Wdouble-promotion"
-                    )
-                endif ()
-                # -Wcomma flag is not available in clang 3.8.1
-                if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 3.8.1 )
-                    string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
-                        " -Wcomma"
-                    )
-                endif ()
-            endif ()
-
-
-        endif ()
     endif()
-
 endif ()
 
 # http://stackoverflow.com/questions/10113017/setting-the-msvc-runtime-in-cmake
@@ -185,8 +118,6 @@ if(MSVC)
     endif ()
 
     # Object Level Parallelism
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /MP")
-
+    add_compile_options(/MP)
     add_definitions(-DNOMINMAX -DWIN32_LEAN_AND_MEAN)
-
 endif()

cmake/compilerFlagsExiv2.cmake

@@ -1,15 +1,84 @@
 # These flags only applies to exiv2lib, and the applications, but not to the xmp code
 
-if (MINGW OR UNIX) # MINGW, Linux, APPLE, CYGWIN
+if (COMPILER_IS_GCC OR COMPILER_IS_CLANG) # MINGW, Linux, APPLE, CYGWIN
     if ( EXIV2_TEAM_WARNINGS_AS_ERRORS )
-        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror")
-        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-error=deprecated-declarations")
+        add_compile_options(-Werror -Wno-error=deprecated-declarations)
+    endif ()
+
+    if ( EXIV2_TEAM_EXTRA_WARNINGS )
+        # Note that this is intended to be used only by Exiv2 developers/contributors.
+
+        if ( COMPILER_IS_GCC )
+            if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.0 )
+                string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
+                    " -Wextra"
+                    " -Wlogical-op"
+                    " -Wdouble-promotion"
+                    " -Wshadow"
+                    " -Wuseless-cast"
+                    " -Wpointer-arith" # This warning is also enabled by -Wpedantic
+                    " -Wformat=2"
+                    #" -Wold-style-cast"
+                )
+            endif ()
+
+            if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 5.0 )
+              string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
+                " -Warray-bounds=2"
+                )
+            endif ()
+
+            if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 6.0 )
+                string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
+                    " -Wduplicated-cond"
+                )
+            endif ()
+
+            if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 7.0 )
+                string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
+                    " -Wduplicated-branches"
+                    " -Wrestrict"
+                )
+            endif ()
+        endif ()
+
+        if ( COMPILER_IS_CLANG )
+            # https://clang.llvm.org/docs/DiagnosticsReference.html
+            # These variables are at least available since clang 3.9.1
+            string(CONCAT EXTRA_COMPILE_FLAGS "-Wextra"
+                " -Wshadow"
+                " -Wassign-enum"
+                " -Wmicrosoft"
+                " -Wcomments"
+                " -Wconditional-uninitialized"
+                " -Wdirect-ivar-access"
+                " -Weffc++"
+                " -Wpointer-arith"
+                " -Wformat=2"
+                #" -Warray-bounds" # Enabled by default
+                # These two raises lot of warnings. Use them wisely
+                #" -Wconversion"
+                #" -Wold-style-cast"
+            )
+            # -Wdouble-promotion flag is not available in clang 3.4.2
+            if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 3.4.2 )
+                string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
+                    " -Wdouble-promotion"
+                )
+            endif ()
+            # -Wcomma flag is not available in clang 3.8.1
+            if ( CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 3.8.1 )
+                string(CONCAT EXTRA_COMPILE_FLAGS ${EXTRA_COMPILE_FLAGS}
+                    " -Wcomma"
+                )
+            endif ()
+        endif ()
     endif ()
 endif()
 
 if (MSVC)
     if ( EXIV2_TEAM_WARNINGS_AS_ERRORS )
-        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /WX")
+        add_compile_options(/WX)
         set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /WX")
         set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} /WX")
         set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /WX")

cmake/printSummary.cmake

@@ -8,6 +8,14 @@ macro( OptionOutput _outputstring )
     message( STATUS "${_outputstring}${_var}" )
 endmacro( OptionOutput _outputstring )
 
+function(printList items)
+    foreach (item ${items})
+        message("\t ${item}")
+    endforeach()
+endfunction()
+
+get_property(COMPILER_OPTIONS     DIRECTORY ${CMAKE_SOURCE_DIR} PROPERTY COMPILE_OPTIONS)
+
 message( STATUS "Install prefix:    ${CMAKE_INSTALL_PREFIX}")
 message( STATUS "------------------------------------------------------------------" )
 message( STATUS "CMake Generator:   ${CMAKE_GENERATOR}" )
@@ -15,6 +23,7 @@ message( STATUS "CMAKE_BUILD_TYPE:  ${CMAKE_BUILD_TYPE}" )
 message( STATUS "Compiler info: ${CMAKE_CXX_COMPILER_ID} (${CMAKE_CXX_COMPILER}) ; version: ${CMAKE_CXX_COMPILER_VERSION}")
 message( STATUS " --- Compiler flags --- ")
 message( STATUS "General:           ${CMAKE_CXX_FLAGS}" )
+printList("${COMPILER_OPTIONS}")
 message( STATUS "Extra:             ${EXTRA_COMPILE_FLAGS}" )
 message( STATUS "Debug:             ${CMAKE_CXX_FLAGS_DEBUG}" )
 message( STATUS "Release:           ${CMAKE_CXX_FLAGS_RELEASE}" )
@@ -32,9 +41,6 @@ OptionOutput( "Warnings as errors:                 " EXIV2_WARNINGS_AS_ERRORS
 OptionOutput( "Use extra compiler warning flags:   " EXIV2_EXTRA_WARNINGS            )
 message( STATUS "" )
 
-
-message( STATUS "Compiler info: ${CMAKE_CXX_COMPILER_ID} (${CMAKE_CXX_COMPILER}) ; version: ${CMAKE_CXX_COMPILER_VERSION}")
-
 message( STATUS "------------------------------------------------------------------" )
 OptionOutput( "Building shared library:            " BUILD_SHARED_LIBS               )
 OptionOutput( "Building PNG support:               " EXIV2_ENABLE_PNG AND ZLIB_FOUND )