Your message dated Sat, 08 Nov 2025 17:20:52 +0000
with message-id <[email protected]>
and subject line Bug#1119582: fixed in sysvbanner 1:1.0-19
has caused the Debian Bug report #1119582,
regarding sysvbanner: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119582: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119582
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: sysvbanner
Version: 1:1.0-18
User: [email protected]
Usertags: hardening-buildflags
sysvbanner is not currently using the default build flags set by
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that sysvbanner builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
sysvbanner, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: sysvbanner
Source-Version: 1:1.0-19
Done: Ricardo Mones <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sysvbanner, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ricardo Mones <[email protected]> (supplier of updated sysvbanner package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 08 Nov 2025 17:49:34 +0100
Source: sysvbanner
Architecture: source
Version: 1:1.0-19
Distribution: unstable
Urgency: medium
Maintainer: Ricardo Mones <[email protected]>
Changed-By: Ricardo Mones <[email protected]>
Closes: 1119582
Changes:
sysvbanner (1:1.0-19) unstable; urgency=medium
.
* Update Makefile patch not to override CFLAGS (Closes: #1119582)
* Refresh remaining patch with quilt
* Update Standards-Version to 4.7.2 with no other changes
* Add Rules-Requires-Root field
Checksums-Sha1:
341dd96dd84c078604485cad250613250b0487eb 1783 sysvbanner_1.0-19.dsc
56e91da75b63bcfcdcb3740ffacb92bbad763aee 4804 sysvbanner_1.0-19.debian.tar.xz
e52c3c11a098c12e969a8af772e9c294b9ac2753 5803 sysvbanner_1.0-19_amd64.buildinfo
Checksums-Sha256:
702a921d17e7a513d080e82d0d980c937910e925853290c0a1343a796e54a32c 1783
sysvbanner_1.0-19.dsc
5a2435e5a32c2e748cfea09b67dc2af1de7147fc3786964a65a5df77d592aff2 4804
sysvbanner_1.0-19.debian.tar.xz
6b84d1fd7295dfb0844d85a01690a33a359646b3f1d44e7c4dfb1f363c69c398 5803
sysvbanner_1.0-19_amd64.buildinfo
Files:
ea993aa1830002cf3416f35d338fc4d2 1783 misc optional sysvbanner_1.0-19.dsc
cc10b4d7b266f5f1de71b795bc4fdac9 4804 misc optional
sysvbanner_1.0-19.debian.tar.xz
0dad643e571d42dd715c78a9bad5e6d0 5803 misc optional
sysvbanner_1.0-19_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEQ7w2SxbfDCBevXWSHw8KiN5bzKYFAmkPd/8ACgkQHw8KiN5b
zKZB5hAAmU6y4LvRj4Pc7mlsOVTUJbAmT3fBDMRRdB87bvJVzMpusgOYztwh6UGl
4TmLPfch89d/RU30DOnM7bY6QGJJD3Yt+N7QFOGEZfPoB1kJzgyeuMkUNuwo5qJv
7Lt1Wo0In0kj3I7Ex0hqibaLNSinnE4A7XbGm1q3ocVrQ81Dc5mbd8NzUlxraPMi
r76M5oCeL+N2x8HBngCP8ZzwnrRybIDcjDzdYaVgEebeph/dfWyqsrVKfFHGaLCG
XiRr1KqdUhoaZCxD+zW0vSmPn3iGSFJ+QQOZJX5mgVEQLY3k1g1Olz0EfDrKLwk3
WcHpq8QMnVBhPwnGkBGLzq3W2XtftPRpOpXvNQf7ecOeqQ7tQXt5Wgu20LUaZ55I
Qu22AQMqe5U0/uQkco13Cm8lzUbM61aFQv/6gprijGc8jf2N8HlE3fWHdDayhTmy
IEufDkAP6/Lo2W359w6EWJjFN05wy4m8FHiJns4cD/s8pjjWFQEQbO2j24i1P6mC
A8LE5+qwN/N8yI/ZTp9+SAwHoDwKmvn0QpHHk0xqzLdyK4hiYQSBOpZrUgBdDl4u
yY+mMAjR6MtbmL8PcjfxLsEk0e6VeTVPojgB5585kfxuysxws+9L9RyeKjvZGn5F
zS7OiVc7gyFhupDTd+BlFdtrzA5b7KvO72m/EnSV9IFD5Mi82x4=
=KV5d
-----END PGP SIGNATURE-----
pgpyg6C4n8Z1c.pgp
Description: PGP signature
--- End Message ---
