sys-libs/glibc: switch -fstack-protector-all to -strong, bug #712356

Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

diff --git a/sys-libs/glibc/glibc-2.29-r8.ebuild b/sys-libs/glibc/glibc-2.29-r8.ebuild
index c869cce61d55ae2b9e487144177111330c93556a..c95d7016c40f40e05910a6a9a47c9cb0183d1020 100644 (file)
--- a/sys-libs/glibc/glibc-2.29-r8.ebuild
+++ b/sys-libs/glibc/glibc-2.29-r8.ebuild
@@ -812,7 +812,11 @@ glibc_do_configure() {
                        myconf+=( --enable-stack-protector=no )
                        ;;
                *)
-                       myconf+=( --enable-stack-protector=$(usex ssp all no) )
+                       # Use '=strong' instead of '=all' to protect only functions
+                       # worth protecting from stack smashes.
+                       # '=all' is also known to have a problem in IFUNC resolution
+                       # tests: https://sourceware.org/PR25680, bug #712356.
+                       myconf+=( --enable-stack-protector=$(usex ssp strong no) )
                        ;;
        esac
        myconf+=( --enable-stackguard-randomization )