From 93ceed55cd26146919435836599a90e17a5dddba Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyfox@gentoo.org>
Date: Fri, 3 Apr 2020 23:37:33 +0100
Subject: [PATCH] sys-libs/glibc: switch -fstack-protector-all to -strong, bug
 #712356

Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
---
 sys-libs/glibc/glibc-2.29-r8.ebuild | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sys-libs/glibc/glibc-2.29-r8.ebuild b/sys-libs/glibc/glibc-2.29-r8.ebuild
index c869cce61d55..c95d7016c40f 100644
--- a/sys-libs/glibc/glibc-2.29-r8.ebuild
+++ b/sys-libs/glibc/glibc-2.29-r8.ebuild
@@ -812,7 +812,11 @@ glibc_do_configure() {
 			myconf+=( --enable-stack-protector=no )
 			;;
 		*)
-			myconf+=( --enable-stack-protector=$(usex ssp all no) )
+			# Use '=strong' instead of '=all' to protect only functions
+			# worth protecting from stack smashes.
+			# '=all' is also known to have a problem in IFUNC resolution
+			# tests: https://sourceware.org/PR25680, bug #712356.
+			myconf+=( --enable-stack-protector=$(usex ssp strong no) )
 			;;
 	esac
 	myconf+=( --enable-stackguard-randomization )
-- 
2.26.2