build: Add _FORTIFY_SOURCE=3 support

Add support for _FORTIFY_SOURCE level 3.

This is supported with glibc and with musl libc.

Link: openwrt/openwrt#20313
Signed-off-by: Hauke Mehrtens <[email protected]>

Author: hauke

config/Config-build.in

@@ -358,9 +358,11 @@ menu "Global build settings"
 		config PKG_FORTIFY_SOURCE_NONE
 			bool "None"
 		config PKG_FORTIFY_SOURCE_1
-			bool "Conservative"
+			bool "Conservative Level 1"
 		config PKG_FORTIFY_SOURCE_2
-			bool "Aggressive"
+			bool "Aggressive Level 2"
+		config PKG_FORTIFY_SOURCE_3
+			bool "Aggressive Level 3"
 	endchoice
 
 	choice

include/hardening.mk

@@ -51,6 +51,11 @@ ifdef CONFIG_PKG_FORTIFY_SOURCE_2
     TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
   endif
 endif
+ifdef CONFIG_PKG_FORTIFY_SOURCE_3
+  ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
+    TARGET_CFLAGS += -D_FORTIFY_SOURCE=3
+  endif
+endif
 ifdef CONFIG_PKG_RELRO_PARTIAL
   ifeq ($(strip $(PKG_RELRO)),1)
     TARGET_CFLAGS += -Wl,-z,relro

toolchain/glibc/common.mk

@@ -68,6 +68,7 @@ GLIBC_CONFIGURE:= \
 		  $(if $(CONFIG_PKG_RELRO_FULL),--enable-bind-now) \
 		  $(if $(CONFIG_PKG_FORTIFY_SOURCE_1),--enable-fortify-source=1) \
 		  $(if $(CONFIG_PKG_FORTIFY_SOURCE_2),--enable-fortify-source=2) \
+		  $(if $(CONFIG_PKG_FORTIFY_SOURCE_3),--enable-fortify-source=3) \
 		--enable-kernel=6.6.0
 
 export libc_cv_ssp=no