From 043d53c7891e7f9437221acaf0fe0fd09a318b41 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Wed, 17 Jan 2018 14:31:51 +0100
Subject: Add switches for Spectre variant 1 mitigation

---
 win32/build/confutils.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/win32/build/confutils.js b/win32/build/confutils.js
index a75546c86c..d8a8e34307 100644
--- a/win32/build/confutils.js
+++ b/win32/build/confutils.js
@@ -3068,6 +3068,19 @@ function toolset_setup_common_cflags()
 			// Set some debug/release specific options
 			ADD_FLAG('CFLAGS', ' /RTC1 ');
 		} else {
+			if (PHP_DEBUG == "no" && PHP_SECURITY_FLAGS == "yes") {
+				/* Mitigations for Spectre variant 1, see
+					https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-msvc/ 
+					TODO backport for all supported VS versions when they release it. */
+				if (VCVERS >= 1912) {
+					if (VCVERS >= 1913) {
+						ADD_FLAG('CFLAGS', "/Qspectre");
+					} else {
+						/* Undocumented. */
+						ADD_FLAG('CFLAGS', "/d2guardspecload");
+					}
+				}
+			}
 			if (VCVERS >= 1900) {
 				if (PHP_SECURITY_FLAGS == "yes") {
 					ADD_FLAG('CFLAGS', "/guard:cf");
-- 
cgit v1.2.1