Your message dated Wed, 29 Oct 2025 21:20:59 +0000
with message-id <[email protected]>
and subject line Bug#1119487: fixed in mgetty 1.2.1-4
has caused the Debian Bug report #1119487,
regarding mgetty: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119487: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119487
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mgetty
Version: 1.2.1-3
User: [email protected]
Usertags: hardening-buildflags
mgetty is not currently using the default build flags set by dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that mgetty builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
mgetty, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: mgetty
Source-Version: 1.2.1-4
Done: наб <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mgetty, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
наб <[email protected]> (supplier of updated mgetty package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Oct 2025 20:58:27 +0100
Source: mgetty
Architecture: source
Version: 1.2.1-4
Distribution: unstable
Urgency: medium
Maintainer: Package Salvaging Team <[email protected]>
Changed-By: наб <[email protected]>
Closes: 1119487
Changes:
mgetty (1.2.1-4) unstable; urgency=medium
.
* Team upload.
* d/p/0033, d/rules: Don't override CFLAGS (Closes: #1119487)
* d/rules: don't needlessly chmod +x debian/fixpaths.pl
Checksums-Sha1:
05a8dccd4856fc7c091b3e2196b268f19b60a0d0 2277 mgetty_1.2.1-4.dsc
5992c300ad9149010f8ca60c707b873478a55a48 1176845 mgetty_1.2.1.orig.tar.gz
132275afb6f63501d01d5d080760c9ee15f08fc3 66444 mgetty_1.2.1-4.debian.tar.xz
3fdcea48aaf38d7b3cd54ee1dff6b1c1d2cca17f 9224 mgetty_1.2.1-4_source.buildinfo
Checksums-Sha256:
55e49d78f3cba31aba964391b4e0442ec75f335918dc8d864373d832985840d3 2277
mgetty_1.2.1-4.dsc
498796cc70b3f8fbdc5430ca77ddeee1d54028f4dde742f3a487726fd925a01f 1176845
mgetty_1.2.1.orig.tar.gz
5b0bd530f68f5135fdca9564c9e139804905885aa84300236150e753925a8c8e 66444
mgetty_1.2.1-4.debian.tar.xz
8e24ab8f0b4e095607e8eab6497038754a7ba80992cddff8b13e5eb20a86a406 9224
mgetty_1.2.1-4_source.buildinfo
Files:
f85742b6ef4f81f5034362185d9928a1 2277 comm optional mgetty_1.2.1-4.dsc
2bb3c91a663b61a9e7cb3bc031727773 1176845 comm optional mgetty_1.2.1.orig.tar.gz
3d86a53c647a22f95ce391754a0efb97 66444 comm optional
mgetty_1.2.1-4.debian.tar.xz
20a667f4ad6a85f4cd5cfc28cd1ededf 9224 comm optional
mgetty_1.2.1-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJWBAEBCgBAFiEEfWlHToQCjFzAxEFjvP0LAY0mWPEFAmkCctgiHG5hYmlqYWN6
bGV3ZWxpQG5hYmlqYWN6bGV3ZWxpLnh5egAKCRC8/QsBjSZY8QZlEACQnQvDihFF
mV3RPmVJl1Z28Uwdfi1a8GLgB0ZxC4b84Z1jrJd5D4Zoyc41HD2N7Cz1ms0xCsLp
AtCXh+CHBlvs2t5Gp1baWDJNvsFjXmRb67oqMuUi31Xc8i76J+n9zC5qVqq7A6e7
68RwhiDMlBil9GjnFPLpC+OqdVaH/PfNDgqVg+1sE4T2taBF8CUzMTYDwcAHPvmy
XASQIdNX9ULLAcqp+SDvIXb/laAoO8AVD29cAuSjfLGUFxxqk+uo44NxBfilqR3x
vmxLxy1pEvY4NMirsq9+zHiemnN0Zrr+4OROD8OV957nw9G7uSKuqaz1hgwQlaR2
OH/cZmGRfhcuIREMnnJ02aSNySu/F1SzxMYVJKJ4dILmAM9N2wSX1VcprknnZaO0
xMYwFfbv9y/nnHAKmvRwTHKESLLUfDaIj0dnOdNUZsfv2GCL8QgHKCblGukpxlcn
XbFHNeDULo3W+WoyEmrNS8nKIY68qWhtPcILv8CDJXPsr5OpbVsmLcJZUHg/dsFU
QWLHB5nMvw4+pq+b8KZqwzcJgrnPxLzd7VgN6H+eGSDf5S7iuvbKKJZ4yusUhw5M
Fo+n6u4KfMm794VcDHhaUT+bV1BOufjXdQ14puyLmA2LTj9OLJr3ZOm2YI3qIAQU
WEtZydeOo57vkr4ciXIDhxKkyjtqd3xSZA==
=0iJt
-----END PGP SIGNATURE-----
pgp26vgK5Z_Xk.pgp
Description: PGP signature
--- End Message ---
