-D_FORTIFY_SOURCE, not -D_FORTIFY_SOURCE_.
(It takes a value, so is -D_FORTIFY_SOURCE=2 actually, for example.)
openSUSE uses FORTIFY_SOURCE for all packages for quite some time now, I am somehow always
amazed how some popular distros lag behind simple features.
I also remember finding a buffer "overflow" (now corrected) in btrfs 0.10 - but only with
-D_FORTIFY_SOURCE=2 (it just did not fire without fortification, and you do not immediately
think of running valgrind on everything you get to execute), so this macro is really useful.