Add a build knob for _FORTIFY_SOURCE
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled, otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0 unconditionally to ease bisect across older versions without the new symbols, and we'll put out a call for testing. include/*.h include their ssp/*.h equivalents as needed based on the knob. Programs and users are allowed to override FORTIFY_SOURCE in their Makefiles or src.conf/make.conf to force it off. Reviewed by: des, markj Relnotes: yes Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D32308
This commit is contained in:
@@ -11,6 +11,9 @@ LDFLAGS+= -Wl,--rpath=/usr/lib${COMPAT_libcompat}
|
||||
|
||||
.include <src.opts.mk>
|
||||
MK_SSP= no
|
||||
# SSP forced off already implies FORTIFY_SOURCE=0, but we must make sure that
|
||||
# one cannot turn it back on.
|
||||
FORTIFY_SOURCE= 0
|
||||
|
||||
LIB=thr
|
||||
SHLIB_MAJOR= 3
|
||||
|
||||
Reference in New Issue
Block a user