Add a build knob for _FORTIFY_SOURCE

In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0.  For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.

include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.

Reviewed by:	des, markj
Relnotes:	yes
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D32308
This commit is contained in:
Kyle Evans
2024-05-13 00:23:50 -05:00
parent e55512504d
commit 9bfd3b4076
10 changed files with 108 additions and 0 deletions
+3
View File
@@ -11,6 +11,9 @@ LDFLAGS+= -Wl,--rpath=/usr/lib${COMPAT_libcompat}
.include <src.opts.mk>
MK_SSP= no
# SSP forced off already implies FORTIFY_SOURCE=0, but we must make sure that
# one cannot turn it back on.
FORTIFY_SOURCE= 0
LIB=thr
SHLIB_MAJOR= 3