git: c46a0b590716 - main - build: provide a FORTIFY_SOURCE.<src file> override
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 01 May 2026 02:59:02 UTC
The branch main has been updated by kevans:
URL: https://cgit.FreeBSD.org/src/commit/?id=c46a0b590716144d772eeba83ca88d96ee12c2f1
commit c46a0b590716144d772eeba83ca88d96ee12c2f1
Author: Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2026-05-01 02:57:51 +0000
Commit: Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2026-05-01 02:58:48 +0000
build: provide a FORTIFY_SOURCE.<src file> override
For native files we can do more minimal fixes to avoid this large of a
hammer, but for third party files it may not be worth the effort to try
and patch them. NetBSD has the original _FORTIFY_SOURCE implementation
that ours is based on, for instance, but tests sourced from there can't
do an __ssp_real(foo) without being certain that `foo` actually has a
fortified definition.
This change does always define _FORTIFY_SOURCE as a result, so gate it
on CFLAGS not already containing _FORTIFY_SOURCE definitions.
PR: 294881
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56733
---
share/mk/bsd.sys.mk | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/share/mk/bsd.sys.mk b/share/mk/bsd.sys.mk
index 93e7c8572310..5bd8cd3362d1 100644
--- a/share/mk/bsd.sys.mk
+++ b/share/mk/bsd.sys.mk
@@ -321,9 +321,12 @@ SSP_CFLAGS?= -fstack-protector-strong
.endif
CFLAGS+= ${SSP_CFLAGS}
.endif # SSP
-.if ${FORTIFY_SOURCE} > 0
-CFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE}
-CXXFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE}
+
+.if empty(CFLAGS:M-D_FORTIFY_SOURCE*)
+CFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE.${.IMPSRC:T}:U${FORTIFY_SOURCE}}
+.endif
+.if empty(CXXFLAGS:M-D_FORTIFY_SOURCE*)
+CXXFLAGS+= -D_FORTIFY_SOURCE=${FORTIFY_SOURCE.${.IMPSRC:T}:U${FORTIFY_SOURCE}}
.endif
# Additional flags passed in CFLAGS and CXXFLAGS when MK_DEBUG_FILES is