build: provide a FORTIFY_SOURCE.<src file> override

For native files we can do more minimal fixes to avoid this large of a
hammer, but for third party files it may not be worth the effort to try
and patch them.  NetBSD has the original _FORTIFY_SOURCE implementation
that ours is based on, for instance, but tests sourced from there can't
do an __ssp_real(foo) without being certain that `foo` actually has a
fortified definition.

This change does always define _FORTIFY_SOURCE as a result, so gate it
on CFLAGS not already containing _FORTIFY_SOURCE definitions.

PR:		294881
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D56733
This commit is contained in:
Kyle Evans
2026-04-30 21:57:51 -05:00
parent 839d3266d8
commit c46a0b5907
+6 -3
View File
@@ -321,9 +321,12 @@ SSP_CFLAGS?= -fstack-protector-strong
.endif
CFLAGS+= ${SSP_CFLAGS}
.endif # SSP
.if ${FORTIFY_SOURCE} > 0
CFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE}
CXXFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE}
.if empty(CFLAGS:M-D_FORTIFY_SOURCE*)
CFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE.${.IMPSRC:T}:U${FORTIFY_SOURCE}}
.endif
.if empty(CXXFLAGS:M-D_FORTIFY_SOURCE*)
CXXFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE.${.IMPSRC:T}:U${FORTIFY_SOURCE}}
.endif
# Additional flags passed in CFLAGS and CXXFLAGS when MK_DEBUG_FILES is