Bug#831694: RFS: shadowsocks-libev/2.4.7+20160630+ds-3 -- lightweight and secure socks5 proxy
I'm not a DD, so I can't sponsor, but:
On 07/18/2016 04:53 PM, Roger Shimizu wrote:
> * debian/rules:
> - Add param "--disable-ssp" to dh_auto_configure command.
> Thanks to Aaron M. Ucko and Boyuan Yang. (Closes: #829498)
Please don't disable the SSP unconditionally, because it's a useful
defense-in-depth strategy. Especially since you are packaging a
network service, I would really recommend not doing that.
The actual problem appears to be that the build system of your
package sets -Werror (see the build log [1]), because normally
using -fstack-protector* on unsupported architectures is harmless
and just produces a warning.
-Werror is a really bad idea for Debian packages anyway. It's great
for development to squash bugs, but -Werror can also easily break
binNMUs with a later compiler version that introduced a new warning.
(This has happened many times in the past.)
So I would really suggest you disable -Werror for package builds
(there's probably another configure flag for that; if not, ask
upstream for one), then you don't have to disable the SSP and on
platforms that don't support it you'll just get a warning in the
build logs. (And once they do support SSP at some point in the
future with a newer compiler version, then a simple binNMU will
suffice to make use of that.)
> - Cherry-Pick two patch from upstream as 0004 and 0005
Generally you should describe in the changelog what these patches
do. I would hence suggest an entry like:
- Cherry-pick the following upstream patches:
* Fix typo in argument passed to manager command.
* Use SO_REUSEADDR for remote socket
Regards,
Christian
Reply to: