# DP: Turn on -Wformat -Wformat-security by  default for C, C++, ObjC, ObjC++.

Index: b/src/gcc/doc/invoke.texi
===================================================================
--- a/src/gcc/doc/invoke.texi
+++ b/src/gcc/doc/invoke.texi
@@ -3573,6 +3573,11 @@ currently a subset of what @option{-Wfor
 in future warnings may be added to @option{-Wformat-security} that are not
 included in @option{-Wformat-nonliteral}.)
 
+NOTE: In Ubuntu 8.10 and later versions this option is enabled by default
+for C, C++, ObjC, ObjC++.  To disable, use @option{-Wno-format-security},
+or disable all format warnings with @option{-Wformat=0}.  To make format
+security warnings fatal, specify @option{-Werror=format-security}.
+
 @item -Wformat-y2k
 @opindex Wformat-y2k
 @opindex Wno-format-y2k
Index: b/src/gcc/gcc.c
===================================================================
--- a/src/gcc/gcc.c
+++ b/src/gcc/gcc.c
@@ -665,11 +665,14 @@ proper position among the other output f
 #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
 #endif
 
+/* no separate spec, just shove it into the ssp default spec */
+#define FORMAT_SECURITY_SPEC "%{!Wformat:%{!Wformat=2:%{!Wformat=0:%{!Wall:-Wformat} %{!Wno-format-security:-Wformat-security}}}}"
+
 #ifndef SSP_DEFAULT_SPEC
 #ifdef TARGET_LIBC_PROVIDES_SSP
-#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:-fstack-protector}}}}"
+#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:-fstack-protector}}}} " FORMAT_SECURITY_SPEC
 #else
-#define SSP_DEFAULT_SPEC ""
+#define SSP_DEFAULT_SPEC FORMAT_SECURITY_SPEC
 #endif
 #endif