--- libc/sysdeps/linux/common/ssp.c.mps	2005-01-13 10:20:00 +0100
+++ libc/sysdeps/linux/common/ssp.c	2005-01-13 10:44:00 +0100
@@ -29,7 +29,7 @@
 #include <sys/un.h>
 #include <sys/syslog.h>
 #include <sys/time.h>
-#ifdef HAVE_DEV_ERANDOM
+#ifdef __SSP_USE_ERANDOM__
 #include <sys/sysctl.h>
 #endif
 
@@ -43,12 +43,13 @@
 
 unsigned long __guard = 0UL;
 
+void __guard_setup(void) __attribute__ ((constructor));
 void __guard_setup(void)
 {
 	size_t size;
 	struct timeval tv;
 
-#ifdef HAVE_DEV_ERANDOM
+#ifdef __SSP_USE_ERANDOM__
 	int mib[3];
 #endif
 
@@ -56,14 +57,14 @@
 		return;
 
 #ifndef __SSP_QUICK_CANARY__
-#ifdef HAVE_DEV_ERANDOM
+#ifdef __SSP_USE_ERANDOM__
 	/* Random is another depth in Linux, hence an array of 3. */
 	mib[0] = CTL_KERN;
 	mib[1] = KERN_RANDOM;
 	mib[2] = RANDOM_ERANDOM;
 
 	size = sizeof(unsigned long);
-	if (__sysctl(mib, 3, &__guard, &size, NULL, 0) != (-1))
+	if (sysctl(mib, 3, &__guard, &size, NULL, 0) != (-1))
 		if (__guard != 0UL)
 			return;
 #endif
@@ -74,7 +75,7 @@
 	{
 		int fd;
 
-#ifdef HAVE_DEV_ERANDOM
+#ifdef __SSP_USE_ERANDOM__
 		if ((fd = open("/dev/erandom", O_RDONLY)) == (-1))
 #endif
 			fd = open("/dev/urandom", O_RDONLY);
@@ -96,6 +97,7 @@
 	__guard ^= tv.tv_usec ^ tv.tv_sec;
 }
 
+void __stack_smash_handler(char func[], int damaged __attribute__ ((unused)));
 void __stack_smash_handler(char func[], int damaged)
 {
 	extern char *__progname;
@@ -106,13 +108,13 @@
 	sigfillset(&mask);
 
 	sigdelset(&mask, SSP_SIGTYPE);	/* Block all signal handlers */
-	sigprocmask(SIG_BLOCK, &mask, NULL);	/* except SIGABRT */
+	sigprocmask(SIG_BLOCK, &mask, NULL);	/* except SSP_SIGTYPE */
 
-	/* print error message to stderr and syslog */
+	/* Print error message to stderr and syslog */
 	fprintf(stderr, "%s%s%s()\n", __progname, message, func);
 	syslog(LOG_INFO, "%s%s%s()", __progname, message, func);
 
-	/* Make sure the default handler is associated with the our signal handler */
+	/* Make the default handler associated with the signal handler */
 	memset(&sa, 0, sizeof(struct sigaction));
 	sigfillset(&sa.sa_mask);	/* Block all signals */
 	sa.sa_flags = 0;
--- extra/Configs/Config.in.mps	2005-01-13 10:44:14 +0100
+++ extra/Configs/Config.in	2005-01-13 10:52:32 +0100
@@ -1119,6 +1119,16 @@
 	  /dev/*random.
 	  Most people will answer N.
 
+config SSP_USE_ERANDOM
+	bool "Propolice uses /dev/erandom as canary source"
+	depends on UCLIBC_HAS_SSP && !SSP_QUICK_CANARY
+	default n
+	help
+	  Propolice uses /dev/erandom as canary source.
+	  This requires a modified kernel.
+	  For more info see http://frandom.sourceforge.net/.
+	  Most people will answer N.
+
 choice
 	prompt "Propolice protection blocking signal"
 	depends on UCLIBC_HAS_SSP
@@ -1149,7 +1159,6 @@
 
 config UCLIBC_BUILD_SSP
 	bool "Build uClibc with propolice protection"
-	depends on UCLIBC_SECURITY
 	depends on UCLIBC_HAS_SSP
 	default n
 	help