Fix compilation support on Ubuntu 24.04.1 LTS

[DL6ER]

What does this implement/fix?

Update source fortification from level 2 to 3:

This new level detects more buffer overflows and bugs which mitigates security issues in applications at run time.

Furthermore, fix compilation support on recent Ubuntu: I upgraded my development Pi-hole to Ubuntu 24.04.1 LTS yesterday evening. Much to my surprise, I had to find out this morning that compiling FTL is no longer possible with these cryptic error messages being there even when running ./build.sh clean:

This is caused by several Linux distributions (e.g. Fedora) and then gcc-13 and Ubuntu 24.04 having switched internally to a higher fortification level by default.

gcc's rationale:

_FORTIFY_SOURCE mitigates buffer overflows and is currently used in Ubuntu with _FORTIFY_SOURCE=2. This newer option is better at buffer size detection and has greater coverage. When Fedora assessed changing _FORTIFY_SOURCE=2 to _FORTIFY_SOURCE=3, they found mitigation coverage increased 240% on average. This is a default build flag in Gentoo Hardened (2022), Fedora (2023), OpenSUSE (2023), and has been approved to be enabled in Arch (2023). There is no real-world performance difference between _FORTIFY_SOURCE=2 and _FORTIFY_SOURCE=3.

Ubuntu's rationale:

First enabled as -D_FORTIFY_SOURCE=2 in Ubuntu 8.10 and updated to -D_FORTIFY_SOURCE=3 in Ubuntu 24.04. Updated to Provides compile-time best-practices errors for certain libc functions, and provides run-time checks of buffer lengths and memory regions. Only activated when compiled with -O1 or higher. Most problems are related to common unsafe uses of certain libc functions.
(typos herein fixed by me)

---

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

---

By submitting this pull request, I confirm the following:

1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the EUPL 1.2 license
5. I have squashed any insignificant commits. (git rebase)

Checklist:

• The code change is tested and works locally.
• I based my code and PRs against the repositories developmental branch.
• I signed off all commits. Pi-hole enforces the DCO for all contributions
• I signed all my commits. Pi-hole requires signatures to verify authorship
• I have read the above and my PR is ready for review.

[DL6ER]

Letting this here for future possible Google searches: When upgrading my Ubuntu server from 22.04 LTS to 24.04.1 LTS, compiling FTL returned the new error:

cmake: symbol lookup error: /lib/x86_64-linux-gnu/libgnutls.so.30: undefined symbol: nettle_siv_gcm_aes256_decrypt_message, version NETTLE_8

My first attempt at fixing this was downloading and installing the most recent nettle (3.10 at that time) but that did not help alone. I also had to do:

cd /usr/local/lib
sudo rm libhogweed.so* libnettle.so*

after re-installing (make install) latest nettle, the issue was resolved. I did also recompile mbedtls throughout this repairing attempt, but I don't think this was actually necessary. Also interesting: libgnutls is not used by pihole-FTL.