Make our compiler-hardening checks robust against MinGW

First, specify -Werror when we are testing each option; if it causes
a warning to appear, we shouldn't be adding it.

Second, do not attempt to add these options until after we have
found the libraries we want.  Previously, I would hit a bug where
the linker hardening options worked fine when we weren't linking
anything, but failed completely once we added openssl or libevent.

acinclude.m4

@@ -46,7 +46,7 @@ AC_DEFUN([TOR_CHECK_CFLAGS], [
   AS_VAR_PUSHDEF([VAR],[tor_cv_cflags_$1])
   AC_CACHE_CHECK([whether the compiler accepts $1], VAR, [
     tor_saved_CFLAGS="$CFLAGS"
-    CFLAGS="$CFLAGS -pedantic $1"
+    CFLAGS="$CFLAGS -pedantic -Werror $1"
     AC_TRY_COMPILE([], [return 0;],
                    [AS_VAR_SET(VAR,yes)],
                    [AS_VAR_SET(VAR,no)])
@@ -59,15 +59,23 @@ AC_DEFUN([TOR_CHECK_CFLAGS], [
 ])
 
 dnl 1:flags
+dnl 2:extra ldflags
+dnl 3:extra libraries
 AC_DEFUN([TOR_CHECK_LDFLAGS], [
   AS_VAR_PUSHDEF([VAR],[tor_cv_ldflags_$1])
   AC_CACHE_CHECK([whether the linker accepts $1], VAR, [
+    tor_saved_CFLAGS="$CFLAGS"
     tor_saved_LDFLAGS="$LDFLAGS"
-    LDFLAGS="$LDFLAGS -pedantic $1"
+    tor_saved_LIBS="$LIBS"
+    CFLAGS="$CFLAGS -pedantic -Werror"
+    LDFLAGS="$LDFLAGS $2 $1"
+    LIBS="$LIBS $3"
     AC_TRY_LINK([], [return 0;],
                    [AS_VAR_SET(VAR,yes)],
                    [AS_VAR_SET(VAR,no)])
+    CFLAGS="$tor_saved_CFLAGS"
     LDFLAGS="$tor_saved_LDFLAGS"
+    LIBS="$tor_saved_LIBS"
   ])
   if test x$VAR = xyes; then
     LDFLAGS="$LDFLAGS $1"

configure.in

@@ -171,21 +171,6 @@ AM_CONDITIONAL(NAT_PMP, test x$natpmp = xtrue)
 AM_CONDITIONAL(MINIUPNPC, test x$upnp = xtrue)
 AM_PROG_CC_C_O
 
-if test x$enable_gcc_hardening != xno; then
-    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
-    TOR_CHECK_CFLAGS(-Qunused-arguments)
-    TOR_CHECK_CFLAGS(-fstack-protector-all)
-    TOR_CHECK_CFLAGS(-Wstack-protector)
-    TOR_CHECK_CFLAGS(-fwrapv)
-    TOR_CHECK_CFLAGS(-fPIE)
-    TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
-    TOR_CHECK_LDFLAGS(-pie)
-fi
-
-if test x$enable_linker_hardening != xno; then
-    TOR_CHECK_LDFLAGS(-z relro -z now)
-fi
-
 ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
 AC_C_FLEXIBLE_ARRAY_MEMBER
 ], [
@@ -566,8 +551,29 @@ else
 fi
 AC_SUBST(TOR_ZLIB_LIBS)
 
-dnl Make sure to enable support for large off_t if available.
+dnl ---------------------------------------------------------------------
+dnl Now that we know about our major libraries, we can check for compiler
+dnl and linker hardening options.  We need to do this with the libraries known,
+dnl since sometimes the linker will like an option but not be willing to
+dnl use it with a build of a library.
 
+all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
+all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI"
+
+if test x$enable_gcc_hardening != xno; then
+    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
+    TOR_CHECK_CFLAGS(-Qunused-arguments)
+    TOR_CHECK_CFLAGS(-fstack-protector-all)
+    TOR_CHECK_CFLAGS(-Wstack-protector)
+    TOR_CHECK_CFLAGS(-fwrapv)
+    TOR_CHECK_CFLAGS(-fPIE)
+    TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
+    TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
+fi
+
+if test x$enable_linker_hardening != xno; then
+    TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
+fi
 
 dnl ------------------------------------------------------
 dnl Where do you live, libnatpmp?  And how do we call you?
@@ -609,6 +615,7 @@ if test "$upnp" = "true"; then
         [/usr/lib/])
 fi
 
+dnl Make sure to enable support for large off_t if available.
 AC_SYS_LARGEFILE
 
 AC_CHECK_HEADERS(