Your message dated Wed, 29 Oct 2025 18:04:51 +0000
with message-id <[email protected]>
and subject line Bug#1119348: fixed in array-info 0.16-12
has caused the Debian Bug report #1119348,
regarding array-info: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119348
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: array-info
Version: 0.16-11
User: [email protected]
Usertags: hardening-buildflags
array-info is not currently using the default build flags set by
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that array-info builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
array-info, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: array-info
Source-Version: 0.16-12
Done: Petter Reinholdtsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
array-info, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <[email protected]> (supplier of updated array-info package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 29 Oct 2025 18:50:35 +0100
Source: array-info
Architecture: source
Version: 0.16-12
Distribution: unstable
Urgency: medium
Maintainer: Petter Reinholdtsen <[email protected]>
Changed-By: Petter Reinholdtsen <[email protected]>
Closes: 1119348
Changes:
array-info (0.16-12) unstable; urgency=medium
.
* Added 1010-build-flags.patch adjusting build to use default build flags
(Closes: #1119348).
* Updated Standards-Version from 4.7.0 to 4.7.2.
* Added 1020-readme-utf-8.patch to switch README to UTF-8.
Checksums-Sha1:
1dc1967885f5f90a1e7eded858b468c2aba4c64b 1874 array-info_0.16-12.dsc
00b1b924749a674329456e1ddeb64a5d0adfe36c 4964 array-info_0.16-12.debian.tar.xz
8808feb9316f9f69ca7f0a44e3f1b04e5d8483d6 8878
array-info_0.16-12_source.buildinfo
Checksums-Sha256:
1a21fbaa40fa9ec2eba55c768dd55d8944af38f970c33a74b2637d680f8f4cf5 1874
array-info_0.16-12.dsc
f02a8ea24eb11aafeb73bd12a8ae273f178bd67b3b0a65e8dc9c7b1e026d5156 4964
array-info_0.16-12.debian.tar.xz
cc1883095a242561a178a44f543dcec205b13f78d71f90b82d809cac913ecad3 8878
array-info_0.16-12_source.buildinfo
Files:
efb11fa0e003e2cc650586d93cc528fa 1874 admin optional array-info_0.16-12.dsc
0b20f055f79941bacd9882438a988397 4964 admin optional
array-info_0.16-12.debian.tar.xz
e7dd5e2e6320f7d5c27c72ee578660ef 8878 admin optional
array-info_0.16-12_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmkCVGQACgkQgSgKoIe6
+w4fzw/+Ko6EWy2ol97aqjPeQCxIwffdJFBuEfs7tyoYuMKVxMC6uCr7pkAZrXGq
OsWmyO/pu1s+fHoAGcXFPN5mg/gUkuL73WnxRqfhTZo7LLaXc6BwcGyt8bz3JeIg
RIut+gtavvhw4oixAzDgC9JC3AzOp+qWtHY7h8RlX2dqqnEEh3UVu60EeEf5xOuS
26Y4Vf+CkiG7DA4GtMXe41BP7rclktgzdltmXe0GJwIKFl20BjxZSa4XF4yYgcMW
RhBibnEGNjECSiQHGZfGP7jsrwBzoigNpRcnyKEHpaiYs76hhTMvxJssaTVqSiIC
4mdQDKv+ONsn9Xw2iyJK4g2pYZGfPiGgIk7oH8FrF97j8IyJulGiL+CP//UnwxSD
FsgJHhW18Juvj8MtmywhgaSPFgS4oQvnRpRY5CDyKJeTzqP5230PuroM934XdIU2
+/VQUUvrmWJBuJ9q4pxykcAoEZl38uacoUBBVuvnUoCt3iWT2U1YoaNwk750Hk64
nw0xJVR94GCiebwfX04l6RfFnTg52GoOKzs31AnGOF/fyahqdCaw5VsanQ4cUIN/
FdwwtIb4pD1P8iVN2YJhBqkCbTPTXS/EuNd1oIwOm3ATJEdVPZO0jNDybL9Y95Yk
4JlbZcFaZq8jFGbAQeH+AVqHRayjx43iSotDyLc69CRUaRPMz/c=
=MDFR
-----END PGP SIGNATURE-----
pgp3qbJ3PBkV1.pgp
Description: PGP signature
--- End Message ---
