From 6ab674ebff5e60c62b126d0ac2e774e581916afe Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Mon, 19 Oct 2015 13:07:28 -0400
Subject: use -fstack-protector-strong when available

With gcc-4.9, a new -fstack-protector-strong flag is available that is
between -fstack-protector (pretty weak) and -fstack-protector-all (pretty
strong) that provides good trade-offs between overhead but still providing
good coverage.  Update the places in glibc that use ssp to use this flag
when it's available.

This also kills off the indirection of hardcoding the flag name in the
Makefiles and adding it based on a have-ssp boolean.  Instead, the build
always expands the $(stack-protector) variable to the best ssp setting.
This makes the build logic a bit simpler and allows people to easily set
to a diff flag like:
	make stack-protector=-fstack-protector-all
---
 config.make.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config.make.in')

diff --git a/config.make.in b/config.make.in
index 7f561eb333..a791922738 100644
--- a/config.make.in
+++ b/config.make.in
@@ -56,7 +56,7 @@ old-glibc-headers = @old_glibc_headers@
 unwind-find-fde = @libc_cv_gcc_unwind_find_fde@
 have-forced-unwind = @libc_cv_forced_unwind@
 have-fpie = @libc_cv_fpie@
-have-ssp = @libc_cv_ssp@
+stack-protector = @stack_protector@
 have-selinux = @have_selinux@
 have-libaudit = @have_libaudit@
 have-libcap = @have_libcap@
-- 
cgit 1.4.1