Hi, Upstream seems to be using both a testing m4 script grabbed from Google[0] **and** a hardcoded list to determine whether -fstack-protector should be enabled. It's strange that the test was passed on hppa[1] and alpha[2]. Maybe the testing case is broken?
I may dig into it afterwards, but I can't find any alpha/hppa machine :-( +1 for using `--disable-ssp' globally and depend on dpkg-buildflags, if it works. Yet the problem may need be solved upstream later. -- Regards, Boyuan [0] https://github.com/shadowsocks/shadowsocks-libev/blob/master/m4/stack-protector.m4 [1] https://buildd.debian.org/status/fetch.php?pkg=shadowsocks-libev&arch=hppa&ver=2.4.7%2B20160630%2Bds-1&stamp=1467501230 [2] https://buildd.debian.org/status/fetch.php?pkg=shadowsocks-libev&arch=alpha&ver=2.4.7%2B20160630%2Bds-1&stamp=1467501341 -- 杨博远 / Boyuan Yang <[email protected]> Homepage: https://hosiet.me/ Twitter: @hosiet 2016-07-04 4:56 GMT+08:00 Aaron M. Ucko <[email protected]>: > Source: shadowsocks-libev > Version: 2.4.7+20160630+ds-1 > Severity: important > Justification: fails to build from source > > Builds of shadowsocks-libev on alpha and hppa have been failing: > > utils.c:1:0: error: -fstack-protector not supported for this target > [-Werror] > > It looks like this instance of -fstack-protector comes from upstream's > build system, which doesn't account for these architectures' lack of > support for it. Moreover, on the remaining architectures, dpkg-buildflags > already supplies -fstack-protector-strong, so -fstack-protector either is > redundant or results in less strong protection. > > Ideally, upstream's build system would test that -fstack-protector > actually works, rather than hardcoding a list of architectures on which > it's expected to. (It would be even better if the build system got out of > the way if it noticed -fstack-protector or -fstack-protector-strong > already in CFLAGS.) > > As it is, I would suggest unconditionally configuring with --disable-ssp > and deferring to dpkg-buildflags. > > Could you please take a look? > > Thanks! >
