scons: fix strict hardened builds on Gentoo

(cherry-picked from commit 0c3ba36)

SConstruct

@@ -376,6 +376,9 @@ if env["prereqs"]:
         conf.CheckBoostLocaleBackends(["icu", "winapi"]) \
             or Warning("Only icu and winapi backends of Boost Locale are supported. Bugs/crashes are very likely with other backends")
 
+    if env['harden']:
+        env["have_fortify"] = conf.CheckFortifySource()
+
     env = conf.Finish()
 
     client_env = env.Clone()
@@ -503,11 +506,11 @@ for env in [test_env, client_env, env]:
 
         if env['harden'] and env["PLATFORM"] != 'win32':
             env.AppendUnique(CCFLAGS = ["-fPIE", "-fstack-protector-strong"])
-            env.AppendUnique(CPPDEFINES = ["_FORTIFY_SOURCE=2"])
+            if not env["have_fortify"] : env.AppendUnique(CPPDEFINES = ["_FORTIFY_SOURCE=2"])
 
             if env["enable_lto"] == True:
                 env.AppendUnique(LINKFLAGS = ["-fstack-protector-strong"])
-            
+
             if env["PLATFORM"] == 'darwin':
                 env.AppendUnique(LINKFLAGS = ["-fPIE", "-Wl,-pie"])
             else:

scons/cplusplus.py

@@ -38,4 +38,19 @@ def CheckCPlusPlus(context, gcc_version = None):
         context.Result("no")
         return False
 
-config_checks = { "CheckCPlusPlus" : CheckCPlusPlus }
+def CheckFortifySource(context):
+    message = "Checking whether compiler has built-in -D_FORTIFY_SOURCE... "
+    test_program = """
+    #ifndef _FORTIFY_SOURCE
+    #error _FORTIFY_SOURCE not defined
+    #endif
+    """
+    context.Message(message)
+    if context.TryBuild(context.env.Object, test_program, ".c") == 1:
+        context.Result("yes")
+        return True
+    else:
+        context.Result("no")
+        return False
+
+config_checks = { "CheckCPlusPlus" : CheckCPlusPlus, "CheckFortifySource" : CheckFortifySource }