1 files changed, 171 insertions, 0 deletions
diff --git a/sys-apps/kbd/files/kbd-2.6.3-no-redefine-fortify-source.patch b/sys-apps/kbd/files/kbd-2.6.3-no-redefine-fortify-source.patch
new file mode 100644
index 000000000000..b18fb9f751cf
--- /dev/null
+++ b/sys-apps/kbd/files/kbd-2.6.3-no-redefine-fortify-source.patch
@@ -0,0 +1,171 @@
+https://github.com/legionus/kbd/pull/103
+
+From 3392e2038dee97361d7438512653736d72a02109 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 4 Oct 2023 14:47:33 +0100
+Subject: [PATCH] Use `AX_ADD_FORTIFY_SOURCE` to avoid redefining
+ `_FORTIFY_SOURCE`
+
+Some distributions are now setting -D_FORTIFY_SOURCE=3 by default in their
+toolchains rather than _F_S=2. By forcing _F_S=2, this causes both a warning
+and a downgrade in the effective protection.
+
+Use the autoconf-archive macro for this purpose (AX_ADD_FORTIFY_SOURCE)
+to add the fortification at the highest supported level if the compiler doesn't
+already default to it.
+
+Bug: https://bugs.gentoo.org/892834
+Signed-off-by: Sam James <sam@gentoo.org>
+---
+ configure.ac                |   5 +-
+ m4/ax_add_fortify_source.m4 | 119 ++++++++++++++++++++++++++++++++++++
+ 2 files changed, 122 insertions(+), 2 deletions(-)
+ create mode 100644 m4/ax_add_fortify_source.m4
+
+diff --git a/configure.ac b/configure.ac
+index 66023ff8..7fdbe7d6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -63,13 +63,14 @@ strspn strstr strtol strtoul setpgrp malloc realloc])
+ 
+ AC_SEARCH_LIBS([timer_create], [rt])
+ 
++AX_ADD_FORTIFY_SOURCE
++
+ # Optimization level
+ CC_O_LEVEL="-O2"
+-FORTIFY_SOURCE="-D_FORTIFY_SOURCE=2"
+ 
+ if test "$enable_code_coverage" = yes; then
+ 	CC_O_LEVEL="-O0"
+-	FORTIFY_SOURCE=
++	FORTIFY_SOURCE="-U_FORTIFY_SOURCE"
+ fi
+ 
+ case "$GCC,$ac_cv_prog_cc_g" in
+diff --git a/m4/ax_add_fortify_source.m4 b/m4/ax_add_fortify_source.m4
+new file mode 100644
+index 00000000..860c1598
+--- /dev/null
++++ b/m4/ax_add_fortify_source.m4
+@@ -0,0 +1,119 @@
++# ===========================================================================
++#  https://www.gnu.org/software/autoconf-archive/ax_add_fortify_source.html
++# ===========================================================================
++#
++# SYNOPSIS
++#
++#   AX_ADD_FORTIFY_SOURCE
++#
++# DESCRIPTION
++#
++#   Check whether -D_FORTIFY_SOURCE=2 can be added to CPPFLAGS without macro
++#   redefinition warnings, other cpp warnings or linker. Some distributions
++#   (such as Ubuntu or Gentoo Linux) enable _FORTIFY_SOURCE globally in
++#   their compilers, leading to unnecessary warnings in the form of
++#
++#     <command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
++#     <built-in>: note: this is the location of the previous definition
++#
++#   which is a problem if -Werror is enabled. This macro checks whether
++#   _FORTIFY_SOURCE is already defined, and if not, adds -D_FORTIFY_SOURCE=2
++#   to CPPFLAGS.
++#
++#   Newer mingw-w64 msys2 package comes with a bug in
++#   headers-git-7.0.0.5546.d200317d-1. It broke -D_FORTIFY_SOURCE support,
++#   and would need -lssp or -fstack-protector.  See
++#   https://github.com/msys2/MINGW-packages/issues/5803. Try to actually
++#   link it.
++#
++# LICENSE
++#
++#   Copyright (c) 2017 David Seifert <soap@gentoo.org>
++#   Copyright (c) 2019, 2023 Reini Urban <rurban@cpan.org>
++#
++#   Copying and distribution of this file, with or without modification, are
++#   permitted in any medium without royalty provided the copyright notice
++#   and this notice are preserved.  This file is offered as-is, without any
++#   warranty.
++
++#serial 10
++
++AC_DEFUN([AX_ADD_FORTIFY_SOURCE],[
++    ac_save_cflags=$CFLAGS
++    ac_cwerror_flag=yes
++    AX_CHECK_COMPILE_FLAG([-Werror],[CFLAGS="$CFLAGS -Werror"])
++    ax_add_fortify_3_failed=
++    AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=3 to CPPFLAGS])
++    AC_LINK_IFELSE([
++        AC_LANG_PROGRAM([],
++            [[
++                #ifndef _FORTIFY_SOURCE
++                    return 0;
++                #else
++                    _FORTIFY_SOURCE_already_defined;
++                #endif
++            ]]
++        )],
++        AC_LINK_IFELSE([
++            AC_LANG_SOURCE([[
++                #define _FORTIFY_SOURCE 3
++                #include <string.h>
++                int main(void) {
++                    char *s = " ";
++                    strcpy(s, "x");
++                    return strlen(s)-1;
++                }
++              ]]
++            )],
++            [
++              AC_MSG_RESULT([yes])
++              CFLAGS=$ac_save_cflags
++              CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=3"
++            ], [
++              AC_MSG_RESULT([no])
++              ax_add_fortify_3_failed=1
++            ],
++        ),
++        [
++          AC_MSG_RESULT([no])
++          ax_add_fortify_3_failed=1
++        ])
++    if test -n "$ax_add_fortify_3_failed"
++    then
++    AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS])
++    AC_LINK_IFELSE([
++        AC_LANG_PROGRAM([],
++            [[
++                #ifndef _FORTIFY_SOURCE
++                    return 0;
++                #else
++                    _FORTIFY_SOURCE_already_defined;
++                #endif
++            ]]
++        )],
++        AC_LINK_IFELSE([
++            AC_LANG_SOURCE([[
++                #define _FORTIFY_SOURCE 2
++                #include <string.h>
++                int main(void) {
++                    char *s = " ";
++                    strcpy(s, "x");
++                    return strlen(s)-1;
++                }
++              ]]
++            )],
++            [
++              AC_MSG_RESULT([yes])
++              CFLAGS=$ac_save_cflags
++              CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
++            ], [
++              AC_MSG_RESULT([no])
++              CFLAGS=$ac_save_cflags
++            ],
++        ),
++        [
++          AC_MSG_RESULT([no])
++          CFLAGS=$ac_save_cflags
++        ])
++    fi
++])
+