move FORTIFY_SOURCE into hardening options group

It's still on by default, but now it's possible to turn it off using
--without-hardening. This is useful since it's known to cause problems
with some -fsanitize options. ok dtucker@

diff --git a/configure.ac b/configure.ac
index 522f54b0583584b8df1e170d49508f0433cf4ff4..ebc2f33f32747fea1d2bdc9a09a2ad9ddceb46e9 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -163,8 +163,8 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
        OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
        OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
        OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
-       OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
     if test "x$use_toolchain_hardening" = "x1"; then
+       OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
        OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
        OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
        OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])