Use -fstack-protector-strong in preference to -fstack-protector-all

or -fstack-protector.

--HG--
branch : 1.7

diff --git a/configure.in b/configure.in
index 72f8e3c45caacfe3322eebf715f3b750088e9231..33969b664f563b296a4d103657d5caf37fb5d499 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -3084,24 +3084,31 @@ fi
 
 dnl
 dnl Check for -fstack-protector and -z relro support
-dnl This must be towards the end as it turns warnings
-dnl into fatal errors (and there is no way to undo that)
+dnl This test relies on AC_LANG_WERROR
 dnl
 if test "$enable_hardening" != "no"; then
     if test -n "$GCC"; then
-       AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
-           AX_CHECK_LINK_FLAG([-fstack-protector-all], [
-               SSP_CFLAGS="-fstack-protector-all"
-               SSP_LDFLAGS="-fstack-protector-all"
+       AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [
+           AX_CHECK_LINK_FLAG([-fstack-protector-strong], [
+               SSP_CFLAGS="-fstack-protector-strong"
+               SSP_LDFLAGS="-Wc,-fstack-protector-strong"
            ])
        ])
        if test -z "$SSP_CFLAGS"; then
-           AX_CHECK_COMPILE_FLAG([-fstack-protector], [
-               AX_CHECK_LINK_FLAG([-fstack-protector], [
-                   SSP_CFLAGS="-fstack-protector"
-                   SSP_LDFLAGS="-fstack-protector"
+           AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
+               AX_CHECK_LINK_FLAG([-fstack-protector-all], [
+                   SSP_CFLAGS="-fstack-protector-all"
+                   SSP_LDFLAGS="-Wc,-fstack-protector-all"
                ])
            ])
+           if test -z "$SSP_CFLAGS"; then
+               AX_CHECK_COMPILE_FLAG([-fstack-protector], [
+                   AX_CHECK_LINK_FLAG([-fstack-protector], [
+                       SSP_CFLAGS="-fstack-protector"
+                       SSP_LDFLAGS="-Wc,-fstack-protector"
+                   ])
+               ])
+           fi
        fi
     fi
     AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])