Your message dated Wed, 19 Nov 2025 08:34:52 +0000
with message-id <[email protected]>
and subject line Bug#1119503: fixed in nkf 1:2.1.5-1.1
has caused the Debian Bug report #1119503,
regarding nkf: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119503: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119503
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nkf
Version: 1:2.1.5-1+b7
User: [email protected]
Usertags: hardening-buildflags
nkf is not currently using the default build flags set by dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that nkf builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
nkf, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: nkf
Source-Version: 1:2.1.5-1.1
Done: Andreas Tille <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nkf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated nkf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 14 Nov 2025 08:28:31 +0100
Source: nkf
Architecture: source
Version: 1:2.1.5-1.1
Distribution: unstable
Urgency: medium
Maintainer: NOKUBI Takatsugu <[email protected]>
Changed-By: Andreas Tille <[email protected]>
Closes: 437638 1047193 1102815 1119503
Changes:
nkf (1:2.1.5-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
.
[ NOKUBI Takatsugu ]
* d/watch: fix mangling
.
[ Debian Janitor ]
* Trim trailing whitespace.
.
[ Andreas Tille ]
* Homepage moved to Github
* d/watch:
- Version=5
- Point to Github
* Build-Depends: perl-xs-dev
Closes: #1102815
* Standards-Version: 4.7.2 (routine-update)
* debhelper-compat 13 (routine-update)
* Reorder sequence of d/control fields by cme (routine-update)
* Remove trailing whitespace in debian/copyright (routine-update)
* Use default build flags
Closes: #1119503
* Fix clean target
Closes: #1047193
* Verify that nostrip is working
Closes: #437638
* Permit failure of blhc in Salsa CI
Checksums-Sha1:
c81d864837cd99f9c9c38a3a63188be5978597b4 1872 nkf_2.1.5-1.1.dsc
0de3ca83bed03a3ed7baf040f57fb5158de8d48d 6084 nkf_2.1.5-1.1.debian.tar.xz
ca0b03880934e7cb9496c7f664ae5db790eddc05 6298 nkf_2.1.5-1.1_amd64.buildinfo
Checksums-Sha256:
428c89f66bf7bb13c1e69536fd54025df5914e1401cdfa5c3f16e489aaee6cdc 1872
nkf_2.1.5-1.1.dsc
9480a5a58e9affea0e2a348784a7bb4369b640357c380308d7574b96e6fd57d9 6084
nkf_2.1.5-1.1.debian.tar.xz
e03d08619640b8c99d0a74666ecbadadc4d4f9c50c55510ef74f6b099b27bcdc 6298
nkf_2.1.5-1.1_amd64.buildinfo
Files:
4e582a2a79ff2c42cb957174f3c935d5 1872 text optional nkf_2.1.5-1.1.dsc
6ff9f92c12708b6cf6ce047b5cfbea93 6084 text optional nkf_2.1.5-1.1.debian.tar.xz
3f2ef7b1b381a81a3a93ecccd1f66d5b 6298 text optional
nkf_2.1.5-1.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmkW23ARHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtGhfA/8Ds77RadqCt5fDOhB0ThTLs7rbXVwNYzv
QPNmYKif5ZXNvkHTxDb6XaS4x5gbUnoUhigJ+O0DsJu9uwB0lnt2NJpdMeIY1d5N
vdM8sE8RRHWZOkK0a+yiNdNcUXBxJaSuh94atlDaggc0gQBFDFLm+VcFjDp2U/zM
OORESPMOtXL1H7W54HSqmmzloh2OcEH+NB4Jh0SUXh9IjrefQv/+J5uBVXvjAh4p
qeR/tMfHtAXpO7fMaYJJfCdQtVlGWMoCzoYUO8YxVi1KZeQslum2oTLBIKBPMH03
LH6/47/RVNAul9akqBAdWwtqbqfwNeCxG+kqkVevaKs8NhSSIo8GYp4zq7sL4bA7
CK4asCa+wqwCV/osXfVcFNV1s3guC/Te2NfQdnYKgawfEIxk42viHpqjNF8cjCyJ
syslhY08/yuBC8sF5R7hXZQGmyI3i30RPj8m+NhrsF+kK1MohDFa02gSnbC9jTVP
WxPskCvp1bJ94Wif4IsrrYh3mrHfW9zV1Iq8+D/KXRsHp+jdcbGuguIK7eBL2fFX
W0SmPawOT2PlHvwa7wbAPr1X7em/0TwwD4hvG7b1hM2ndWlSUCroXCg8sjR35Rwm
uEU+txOAWmUHO2Hi1uTwcq1zbWnfZOof86F8Clj+kWqCI1ggNKdWLt1M93XNq7hs
4T4Tlz7900I=
=EPyJ
-----END PGP SIGNATURE-----
pgpUr3dis9udu.pgp
Description: PGP signature
--- End Message ---
