From b78a5d579e9d33e72fda01536e5d1a3a6668cf42 Mon Sep 17 00:00:00 2001
From: gc-taifu <gc-taifu@linux.alibaba.com>
Date: Fri, 22 Nov 2024 11:12:33 +0800
Subject: [PATCH] Set FORTIFY_SOURCE default value to 3

---
 macros                 | 10 +++++++++-
 system-rpm-config.spec |  6 +++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/macros b/macros
index ae41866..b857245 100644
--- a/macros
+++ b/macros
@@ -372,13 +372,21 @@ print(result)
 %_clang_lto_cflags	-flto
 %_lto_cflags		%{expand:%%{_%{toolchain}_lto_cflags}}
 
+# Sync from https://src.fedoraproject.org/rpms/redhat-rpm-config/c/4c05f3cfa21b984db3d0a0c36253a6ac84cbc0f6?branch=rawhide
+# Sync from https://src.fedoraproject.org/rpms/redhat-rpm-config/c/1b98c066424131ffb9a421a6e77ee5c2f9ca8164?branch=rawhide
+# Default fortification level.            
+#   "%define _fortify_level 2" to downgrade and            
+#   "%define _fortify_level 0" or "%undefine _fortify_level" to disable            
+%_fortify_level        3            
+%_fortify_level_flags    %[ 0%{?_fortify_level} > 0 ? "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=%{_fortify_level}" : "" ]
+
 # Some linkers default to a build-id algoritim that is not supported by rpmbuild,
 # so we need to specify the right algorithm to use.
 %_build_id_flags	-Wl,--build-id=sha1
 
 %_general_options       -O2 %{?_lto_cflags} -fexceptions -g -grecord-gcc-switches -pipe
 %_warning_options       -Wall -Werror=format-security
-%_preprocessor_defines  -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
+%_preprocessor_defines  %{_fortify_level_flags} -Wp,-D_GLIBCXX_ASSERTIONS
 
 # Common variables are no longer generated by default by gcc and clang
 # If they are needed then add "%define _legacy_common_support 1" to the spec file.
diff --git a/system-rpm-config.spec b/system-rpm-config.spec
index 9cab03f..2c5460d 100644
--- a/system-rpm-config.spec
+++ b/system-rpm-config.spec
@@ -1,4 +1,4 @@
-%define anolis_release 36
+%define anolis_release 37
 
 Summary: Anolis OS specific rpm configuration files
 Name: system-rpm-config
@@ -211,6 +211,10 @@ install -p -m 644 -t %{buildroot}%{_rpmluadir}/anolis/srpm forge.lua
 %license MulanPSL
 
 %changelog
+* Fri Nov 22 2024 gaochang <gc-taifu@linux.alibaba.com> - 1:23-37
+- Set FORTIFY_SOURCE default value to 3. Fix warning reported
+ "error: -D_FORTIFY_SOURCE defined but value is too low" when compiling
+
 * Wed Jul 17 2024 Chunmei Xu <xuchunmei@linux.alibaba.com> - 1:23-36
 - brp-mangle-shebangs: remove python2 related
 
-- 
Gitee