Add a build knob for _FORTIFY_SOURCE
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled, otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0 unconditionally to ease bisect across older versions without the new symbols, and we'll put out a call for testing. include/*.h include their ssp/*.h equivalents as needed based on the knob. Programs and users are allowed to override FORTIFY_SOURCE in their Makefiles or src.conf/make.conf to force it off. Reviewed by: des, markj Relnotes: yes Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D32308
This commit is contained in:
@@ -294,11 +294,18 @@ CFLAGS.clang+= -Qunused-arguments
|
||||
# but not yet.
|
||||
CXXFLAGS.clang+= -Wno-c++11-extensions
|
||||
|
||||
# XXX This should be defaulted to 2 when WITH_SSP is in use after further
|
||||
# testing and soak time.
|
||||
FORTIFY_SOURCE?= 0
|
||||
.if ${MK_SSP} != "no"
|
||||
# Don't use -Wstack-protector as it breaks world with -Werror.
|
||||
SSP_CFLAGS?= -fstack-protector-strong
|
||||
CFLAGS+= ${SSP_CFLAGS}
|
||||
.endif # SSP
|
||||
.if ${FORTIFY_SOURCE} > 0
|
||||
CFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE}
|
||||
CXXFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE}
|
||||
.endif
|
||||
|
||||
# Additional flags passed in CFLAGS and CXXFLAGS when MK_DEBUG_FILES is
|
||||
# enabled.
|
||||
|
||||
Reference in New Issue
Block a user