Your message dated Thu, 14 May 2026 19:20:40 +0000
with message-id <[email protected]>
and subject line Bug#1119551: fixed in rssguard 4.8.6+dfsg-1
has caused the Debian Bug report #1119551,
regarding rssguard: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119551: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119551
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rssguard
Version: 4.0.4+dfsg-1.1+b1
User: [email protected]
Usertags: hardening-buildflags
rssguard is not currently using the default build flags set by
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that rssguard builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
rssguard, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: rssguard
Source-Version: 4.8.6+dfsg-1
Done: Bastian Germann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rssguard, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <[email protected]> (supplier of updated rssguard package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 14 May 2026 18:20:51 +0200
Source: rssguard
Architecture: source
Version: 4.8.6+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <[email protected]>
Changed-By: Bastian Germann <[email protected]>
Closes: 1032458 1090780 1119551 1133352 1134387
Changes:
rssguard (4.8.6+dfsg-1) unstable; urgency=medium
.
* QA upload.
* New upstream version 4.8.6. (Closes: #1090780)
* Drop archived Vcs fields. (Closes: #1133352)
* Add Homepage. (Closes: #1134387)
* Build with cmake. (Closes: #1032458, #1119551)
* Drop invalid lintian overrides.
* Drop gbp configuration.
Checksums-Sha1:
843efde222fd005378f4a497aba0aea3addf9316 1760 rssguard_4.8.6+dfsg-1.dsc
0a5ff4b90a870fbc48abf6518641a0da94a0ee86 11847568
rssguard_4.8.6+dfsg.orig.tar.xz
d55d2eb207adb786b6c4186b070e103e7a277cb5 15324
rssguard_4.8.6+dfsg-1.debian.tar.xz
c7f35b50e532e104e75188b2fa8991141330d360 19235
rssguard_4.8.6+dfsg-1_source.buildinfo
Checksums-Sha256:
8b3dff0546f038f6137a58662e081be5dad464361c934dd2187a92600e412a15 1760
rssguard_4.8.6+dfsg-1.dsc
41c940478005e6eb48344dafcbef88b71d6fc42a65b20288e56b20b97c34eeff 11847568
rssguard_4.8.6+dfsg.orig.tar.xz
1388176005e4648ef61c302e10ca1fd27dc1f67bf393b8c0c57d3afcc1004255 15324
rssguard_4.8.6+dfsg-1.debian.tar.xz
f81262881d280607d3c6ba050c88a75ba126fd62f875bb819cd4956b61a241e4 19235
rssguard_4.8.6+dfsg-1_source.buildinfo
Files:
c3fde4750cf4d088b0df60efa66d5f3a 1760 kde optional rssguard_4.8.6+dfsg-1.dsc
7bd74695057b275ee6d787ae9106b65c 11847568 kde optional
rssguard_4.8.6+dfsg.orig.tar.xz
a467fa1677c3b002f70807bb1e345918 15324 kde optional
rssguard_4.8.6+dfsg-1.debian.tar.xz
d79eb3d22b66c5a81a735cc922753035 19235 kde optional
rssguard_4.8.6+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmoGHAkQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFAm2DADI9HJ1Vf0lWz3LkU1lCy+aM2a6ExWGJuqD
02E4B8K+U6bRpI6isZEA4Yz/aTBe/nnsoIgIHzKPus23SR6HAJDpagb1J9DB64Al
P8CDxzSKRhizKYCWHO2vUElXTTeD0BrwVXhfmvnv0uzbIuqrTtgLSzvvjEZghgw9
vUZYH82359J8mGWBY3N4wnlu31JVhTVEppZB2cm85njCa4EWyTEi1o/jbNwUGUbY
elOu/NjiuUXuMzymFA6bmD6KZzWB07jvtce1HN7dxkSAeEXW7ChtiGJHFf2Trvjs
cHA3tYX/KB87EK9lpvZ6PH6Nj0nOTSuS1SrxC0DGdOZJv7ZK9Kis3ECSu5LLUG/+
MJDKs5kXl8DUQII8ZiHoqV+gZOh3rBIrgHCpptlIzc4xY9P1gDYPYXu+ofOigAAi
T5zCXoP7qQS4krKq/Cg04NrB15QI3QegvJy3DzY8D8WTpIfPUpzuSzZDQAvAe6Pi
R+o3brfgWmUEtAHWtlle86xgzPiJvOA=
=ioPC
-----END PGP SIGNATURE-----
pgpazeHjSU4l_.pgp
Description: PGP signature
--- End Message ---
