Your message dated Sat, 16 May 2026 17:22:32 +0000
with message-id <[email protected]>
and subject line Bug#1119542: fixed in qwinff 0.2.1+git20201215-4
has caused the Debian Bug report #1119542,
regarding qwinff: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119542
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qwinff
Version: 0.2.1+git20201215-3
User: [email protected]
Usertags: hardening-buildflags
qwinff is not currently using the default build flags set by dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that qwinff builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
qwinff, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: qwinff
Source-Version: 0.2.1+git20201215-4
Done: Alex Myczko <[email protected]>
We believe that the bug you reported is fixed in the latest version of
qwinff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alex Myczko <[email protected]> (supplier of updated qwinff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 May 2026 16:56:00 +0000
Source: qwinff
Architecture: source
Version: 0.2.1+git20201215-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <[email protected]>
Changed-By: Alex Myczko <[email protected]>
Closes: 1119542
Changes:
qwinff (0.2.1+git20201215-4) unstable; urgency=medium
.
* Use the default build flags. (Closes: #1119542)
Checksums-Sha1:
dc05c524919842606d35f88b8ba279ef829c8f99 2041 qwinff_0.2.1+git20201215-4.dsc
f767d4e82dcfd5a0434e4e8d4e6509560fb66a50 67424
qwinff_0.2.1+git20201215-4.debian.tar.xz
d646ccee81391035a2f223c6e276f45d89f688bf 11202
qwinff_0.2.1+git20201215-4_source.buildinfo
Checksums-Sha256:
ec043ef170f7531d4cf5010724cb79d06dcf65b465f2cb993b03b0434a035434 2041
qwinff_0.2.1+git20201215-4.dsc
0c34607ca2749a4ae683a128d2db2e871dcd360b5e5084bf06ad09a760dfa26a 67424
qwinff_0.2.1+git20201215-4.debian.tar.xz
7740e35394dff2e5466c51696be2be844e837616dbfb5b191b33d905c44a1db3 11202
qwinff_0.2.1+git20201215-4_source.buildinfo
Files:
5c7b9c0be29548fe677f3014cdfe9e0b 2041 video optional
qwinff_0.2.1+git20201215-4.dsc
a8182b8a55b04401cb7096f780e959be 67424 video optional
qwinff_0.2.1+git20201215-4.debian.tar.xz
72780c3b8c4268ba9159c9188ddbd95a 11202 video optional
qwinff_0.2.1+git20201215-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmoIor8PHHRhckBkZWJp
YW4ub3JnAAoJEBFoUrzfdRXAlMgQAIDYHnja2JsQyDt8AS4jxDvfmIHJcg1N2uUU
QmSJa2Zu7Pe5B0t+vv5O58qEjLMYcg5MPHdC1fXbp4/fIZYilDhNKqlkPc3Jbye0
fClApEeV2dDfd9BmjxDRNPBWG1sihPFLiWCls0dmcj3B6NMrEjg+qYRmb0BisZ+a
HWtQkPxKWXbq6MrwEYBPunwJWBTfppbICTLeM55//5O8jV0DfLI3kCA/hgyUrv8w
aPcbJDtZsFbO2xWXSXijQZyRN3i6rLdRwXeC1d9b6Z5PH+oT96DvQ+Z0p95VzvHF
IU0kfV8lj+pFv4VgGLLQHPJlFf6UE+q51vefSG55lA+w4wYUKELrs6rvfp8gXkQ/
tBId6uOhNx2X6QNpwON1reDLnx0OmzAsjdMCu5dHqmDTeJq/bVrX0dKKkrghC6pf
0/OvPlkMRKqfD5kKuLm+GutYfgiFNFlctssxD/0H650LE8O0zxRBUcOXXXCb1SZY
cSLHTu0ISmniWoswxoOQbJ1BnSr/aym/Z1Tl2eye/rXn5pt3w4QK9lHocdQEqcH0
9QD8iPyAHow0lMGoRpPwOCYY96DIQSaqFfjw7Xa1xREYqHdIacKsMvpLCxLrq7eB
wsH5L+sod6TZ9ZTbqSX3hV3CE4gFeO/6Ncp4b4CbQCPy2lm/wv6SA5x1GLJY3mQk
jNRGKS8/
=Z8oR
-----END PGP SIGNATURE-----
pgpvjeW9vwgDq.pgp
Description: PGP signature
--- End Message ---
