Enable -D_FORTIFY_SOURCE=2 by default.


--- a/gcc/c-family/c-cppbuiltin.c
+++ b/gcc/c-family/c-cppbuiltin.c
@@ -951,6 +951,9 @@ c_cpp_builtins (cpp_reader *pfile)
   builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
   builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
 
+  /* Fortify Source enabled by default w/optimization.  */
+  cpp_define (pfile, "_FORTIFY_SOURCE=((defined __OPTIMIZE__ && __OPTIMIZE__ > 0) ? 2 : 0)");
+
   /* Misc.  */
   if (flag_gnu89_inline)
     cpp_define (pfile, "__GNUC_GNU_INLINE__");
--- a/gcc/doc/gcc.info
+++ b/gcc/doc/gcc.info
@@ -6255,6 +6255,11 @@ find out the exact set of optimizations that are enabled at each level.
      Please note the warning under '-fgcse' about invoking '-O2' on
      programs that use computed gotos.
 
+     NOTE: In Gentoo, `-D_FORTIFY_SOURCE=2' is set by default, and is
+     activated when `-O' is set to 2 or higher.  This enables additional
+     compile-time and run-time checks for several libc functions.  To disable,
+     specify either `-U_FORTIFY_SOURCE' or `-D_FORTIFY_SOURCE=0'.
+
 '-O3'
      Optimize yet more.  '-O3' turns on all optimizations specified by
      '-O2' and also turns on the '-finline-functions',