Your message dated Sat, 10 Jan 2026 16:34:14 +0000
with message-id <[email protected]>
and subject line Bug#1124922: fixed in yajl-tcl 1.8.1-3
has caused the Debian Bug report #1124922,
regarding yajl-tcl: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1124922: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124922
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: yajl-tcl
Version: 1.8.1-2
User: [email protected]
Usertags: hardening-buildflags
yajl-tcl is not currently using the default build flags set by
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that yajl-tcl builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
yajl-tcl, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see https://hal.science/hal-05334704/
--- End Message ---
--- Begin Message ---
Source: yajl-tcl
Source-Version: 1.8.1-3
Done: Massimo Manghi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
yajl-tcl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Massimo Manghi <[email protected]> (supplier of updated yajl-tcl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Dec 2025 00:43:53 +0100
Source: yajl-tcl
Architecture: source
Version: 1.8.1-3
Distribution: unstable
Urgency: medium
Maintainer: Massimo Manghi <[email protected]>
Changed-By: Massimo Manghi <[email protected]>
Closes: 1124922
Changes:
yajl-tcl (1.8.1-3) unstable; urgency=medium
.
* Standards version 4.7.3 compliance
* Add target override_dh_gencontrol in order to call tcltk-depends
and check for missing depends
* Building for both Tcl9.0 and Tcl8.6
* Add debian/clean file to remove existing leftovers from previous builds
* As per new Debian directions remove Rules-Requires-Root: (and Priority:)
from debian/control as not mandatory if the default value is used
* Installing final binaries into arch-dependent directories
* Build depend on pkgconf (pkg-config was obsoleted)
* We don't set the CFLAGS anymore in order not to override dpkg-buildflags
compilation flags (Closes: #1124922)
Checksums-Sha1:
e6605e205a2bd493d36aebffe4122eee68d5ae04 1791 yajl-tcl_1.8.1-3.dsc
4f05813f8c5c5ff3b7b873841df9fb31da4b689d 7724 yajl-tcl_1.8.1-3.debian.tar.xz
e8c2cd22bc519d59a67fa59eb3e56692fd55116b 6723 yajl-tcl_1.8.1-3_amd64.buildinfo
Checksums-Sha256:
0bd37d1209c96fa4f9263c29db27cdafb3ed1e98ebe9bdca4862d37f3a15b304 1791
yajl-tcl_1.8.1-3.dsc
a6324f1db3d3fc51365f2510b21ff4662788fa035c71249c4594fa1a310e5f8d 7724
yajl-tcl_1.8.1-3.debian.tar.xz
59b59ba41f668e3e6e39f0c9a7828e083f317bec20cd61c68ea839402d959015 6723
yajl-tcl_1.8.1-3_amd64.buildinfo
Files:
eaac4cbb2d4e8245571e82671cfbfb3c 1791 devel optional yajl-tcl_1.8.1-3.dsc
caa0638910272c6b68cc7e3f986f5669 7724 devel optional
yajl-tcl_1.8.1-3.debian.tar.xz
26d8a857e93f44529b807a446afaba29 6723 devel optional
yajl-tcl_1.8.1-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmlifN8ACgkQTyrk60tj
54csGw/8CAdxL7DeDimo6gIS8DXA/21LvalwKqMef2oOEcs/F5Kj7gKyPhnXXYtJ
vg2yGMk9waBh4a7OWfNWudYiK1xCUVX1jzGONvGIQrQleCyLyaojQtDBsmImS4E+
UDxMZCtARYemmGxhD8YPMVEjNaLBlzHEtTe9thgoR7FG2b/w4up0VsAPdHgnOmne
DxwghoUB6DZ8byvRSAreHpfCZPKmPZEKkJz3A+x/Rq5fHogGYZggH3M5PZcoEL2S
MTitzq9xB9KSbXLSoRMncCRFkB37OFW/R1orkf3vheb6IXfAFGqbQYvgs2WEFeLb
1ebQmRtyqGxHcmBZa8KO/g/khsUaDWGp6Ym8Gz+tlGuOcrKZUxXd1oPyfnT2cF8h
hyqmJ18CQ6gaZxpTiLRJEsVxniZAbZYdynasVYuL29OMWhA5OiPdnSDdklKYI5mD
+ybHnfZHi20Qn3kiDpq+19tHRirZyxTT6vraXSPH0ToNyVCILF1fW35+8BSKd7aJ
OXfn/cJYFsBefWXyAw03UfeEmAn3z2Err/KgcAAovjEZ0dcaAiei4tkEcm4C2dMT
CvIQPJjXwIfJSQWkXyYAVLgO31dedzDvgnWme0bErp7hv+6+iXo6Su6f2Nc4hlc9
nDwKOBMRoSMNr6kxkXsKSRU7YwZ3sls8d0YwG4H9hh/PvPHcQGA=
=tnTd
-----END PGP SIGNATURE-----
pgpqkjAgSCaJf.pgp
Description: PGP signature
--- End Message ---
