For clarification purposes, I'm attaching interdiff output between the updated version of the gcc-default-ssp.diff and the version in gcc 4.9.0-4ubuntu2 currently in utopic-proposed. The differences are threefold:
1) update the definition of the SSP_DEFAULT_SPEC macro to default to -fstack-protector-strong, and to disable that definition additionally if -fstack-protector is given on the command line.
2) Adjust the invocation documentation to inform users that the default is now -fstack-protector-strong by default.
3) Adjust in the invocation documentation the location of the description of the default minimum ssp-buffer-size to actually fall under the section for 'ssp-buffer-size' as due to fuzzy patching, it was getting applied incorrectly under the section on 'min-size-for-stack-sharing'
(The reason we lowered the minimum buffer size in Ubuntu 10.10 that gcc would consider for determining whether to apply stack protection to that function or not was to get a few more functions covered by -fstack-protector without going to -fstack-protector-all and paying the costs thereof.)
For clarification purposes, I'm attaching interdiff output between the updated version of the gcc-default- ssp.diff and the version in gcc 4.9.0-4ubuntu2 currently in utopic-proposed. The differences are threefold:
1) update the definition of the SSP_DEFAULT_SPEC macro to default to -fstack- protector- strong, and to disable that definition additionally if -fstack-protector is given on the command line.
2) Adjust the invocation documentation to inform users that the default is now -fstack- protector- strong by default.
3) Adjust in the invocation documentation the location of the description of the default minimum ssp-buffer-size to actually fall under the section for 'ssp-buffer-size' as due to fuzzy patching, it was getting applied incorrectly under the section on 'min-size- for-stack- sharing'
(The reason we lowered the minimum buffer size in Ubuntu 10.10 that gcc would consider for determining whether to apply stack protection to that function or not was to get a few more functions covered by -fstack-protector without going to -fstack- protector- all and paying the costs thereof.)