Configure support for --enable-stack-protector [BZ #7065]

This adds =all and =strong, with obvious semantics, defaulting to off.

We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.

We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts.  (This helps us overcome
another existing limitation, that glibc doesn't work with GCCs hacked
to pass in -fstack-protector by default.)

We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value
appropriate for the stack-protection level in use for each file in
particular.

1 files changed, 13 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 0dd96f2d0f..f1b95e0e79 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2016-12-26  Nick Alcock  <nick.alcock@oracle.com>
+
+	[BZ #7065]
+	* configure.ac (libc_cv_ssp): Move up.
+	(libc_cv_ssp_strong): Likewise.
+	(libc_cv_ssp_all): New.
+	(stack_protector): Augment, adding -fstack-protector-all.
+	(no_stack_protector): New.
+	(STACK_PROTECTOR_LEVEL): New.
+	(AC_ARG_ENABLE(stack-protector)): New configure flag.
+	* manual/install.texi (--enable-stack-protector): Document it.
+	* config.h.in (STACK_PROTECTOR_LEVEL): New macro.
+
 2016-12-24  Carlos O'Donell  <carlos@redhat.com>
 
 	* README.pretty-printers: Must specify CPPFLAGS-* also.