From 75d7914331b702744d04920cc8e6dea60e9e25db Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Mon, 9 Feb 2015 20:54:42 -0700
Subject: [PATCH] Use -fstack-protector-strong in preference to
 -fstack-protector-all or -fstack-protector.

--HG--
branch : 1.7
---
 configure.in | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/configure.in b/configure.in
index 72f8e3c45..33969b664 100644
--- a/configure.in
+++ b/configure.in
@@ -3084,24 +3084,31 @@ fi
 
 dnl
 dnl Check for -fstack-protector and -z relro support
-dnl This must be towards the end as it turns warnings
-dnl into fatal errors (and there is no way to undo that)
+dnl This test relies on AC_LANG_WERROR
 dnl
 if test "$enable_hardening" != "no"; then
     if test -n "$GCC"; then
-	AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
-	    AX_CHECK_LINK_FLAG([-fstack-protector-all], [
-		SSP_CFLAGS="-fstack-protector-all"
-		SSP_LDFLAGS="-fstack-protector-all"
+	AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [
+	    AX_CHECK_LINK_FLAG([-fstack-protector-strong], [
+		SSP_CFLAGS="-fstack-protector-strong"
+		SSP_LDFLAGS="-Wc,-fstack-protector-strong"
 	    ])
 	])
 	if test -z "$SSP_CFLAGS"; then
-	    AX_CHECK_COMPILE_FLAG([-fstack-protector], [
-		AX_CHECK_LINK_FLAG([-fstack-protector], [
-		    SSP_CFLAGS="-fstack-protector"
-		    SSP_LDFLAGS="-fstack-protector"
+	    AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
+		AX_CHECK_LINK_FLAG([-fstack-protector-all], [
+		    SSP_CFLAGS="-fstack-protector-all"
+		    SSP_LDFLAGS="-Wc,-fstack-protector-all"
 		])
 	    ])
+	    if test -z "$SSP_CFLAGS"; then
+		AX_CHECK_COMPILE_FLAG([-fstack-protector], [
+		    AX_CHECK_LINK_FLAG([-fstack-protector], [
+			SSP_CFLAGS="-fstack-protector"
+			SSP_LDFLAGS="-Wc,-fstack-protector"
+		    ])
+		])
+	    fi
 	fi
     fi
     AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])
-- 
2.40.0