From c46a0b590716144d772eeba83ca88d96ee12c2f1 Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Thu, 30 Apr 2026 21:57:51 -0500 Subject: [PATCH] build: provide a FORTIFY_SOURCE. override For native files we can do more minimal fixes to avoid this large of a hammer, but for third party files it may not be worth the effort to try and patch them. NetBSD has the original _FORTIFY_SOURCE implementation that ours is based on, for instance, but tests sourced from there can't do an __ssp_real(foo) without being certain that `foo` actually has a fortified definition. This change does always define _FORTIFY_SOURCE as a result, so gate it on CFLAGS not already containing _FORTIFY_SOURCE definitions. PR: 294881 Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D56733 --- share/mk/bsd.sys.mk | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk index 93e7c857231..5bd8cd3362d 100644 --- a/share/mk/bsd.sys.mk +++ b/share/mk/bsd.sys.mk @@ -321,9 +321,12 @@ SSP_CFLAGS?= -fstack-protector-strong .endif CFLAGS+= ${SSP_CFLAGS} .endif # SSP -.if ${FORTIFY_SOURCE} > 0 -CFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE} -CXXFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE} + +.if empty(CFLAGS:M-D_FORTIFY_SOURCE*) +CFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE.${.IMPSRC:T}:U${FORTIFY_SOURCE}} +.endif +.if empty(CXXFLAGS:M-D_FORTIFY_SOURCE*) +CXXFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE.${.IMPSRC:T}:U${FORTIFY_SOURCE}} .endif # Additional flags passed in CFLAGS and CXXFLAGS when MK_DEBUG_FILES is