Bug#1119549: marked as done (rotter: please build using the default build flags)

To: Alexandre Detiste <tchet@debian.org>
Subject: Bug#1119549: marked as done (rotter: please build using the default build flags)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 28 Dec 2025 17:21:03 +0000
Message-id: <[🔎] handler.1119549.D1119549.17669423573824159.ackdone@bugs.debian.org>
Reply-to: 1119549@bugs.debian.org
References: <E1vZuQC-00CcGe-2b@fasolo.debian.org> <aQJHHFW48KiASgpf@ariel.home>

Your message dated Sun, 28 Dec 2025 17:19:12 +0000
with message-id <E1vZuQC-00CcGe-2b@fasolo.debian.org>
and subject line Bug#1119549: fixed in rotter 0.9-5
has caused the Debian Bug report #1119549,
regarding rotter: please build using the default build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1119549: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119549
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: maintonly@bugs.debian.org
Subject: rotter: please build using the default build flags
From: Emanuele Rocca <ema@debian.org>
Date: Wed, 29 Oct 2025 17:55:56 +0100
Message-id: <aQJHHFW48KiASgpf@ariel.home>

Source: rotter
Version: 0.9-4
User: debian-security@lists.debian.org
Usertags: hardening-buildflags

rotter is not currently using the default build flags set by dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.

Please make sure that rotter builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.

In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
rotter, the flags are either ignored or overridden.

The most common reasons for this are:

Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles

Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.

In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":

 set(CMAKE_CXX_FLAGS "-O2")

If the intention is to append to CXXFLAGS, one should use the following
instead:

 set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")

See #655870 for a similar autotools example. 

Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags

Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).

Others attempt to append to the variables, but end up accidentally
overriding the defaults:

 #!/usr/bin/make -f
 export CFLAGS += -pipe -fPIC -Wall

 %:
 	dh $@

Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).

For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)

--- End Message ---

--- Begin Message ---

To: 1119549-close@bugs.debian.org
Subject: Bug#1119549: fixed in rotter 0.9-5
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 28 Dec 2025 17:19:12 +0000
Message-id: <E1vZuQC-00CcGe-2b@fasolo.debian.org>
Reply-to: Alexandre Detiste <tchet@debian.org>

Source: rotter
Source-Version: 0.9-5
Done: Alexandre Detiste <tchet@debian.org>

We believe that the bug you reported is fixed in the latest version of
rotter, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1119549@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexandre Detiste <tchet@debian.org> (supplier of updated rotter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 28 Dec 2025 17:54:55 +0100
Source: rotter
Architecture: source
Version: 0.9-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Alexandre Detiste <tchet@debian.org>
Closes: 1039351 1119549
Changes:
 rotter (0.9-5) unstable; urgency=medium
 .
   * Team upload.
   * Bump d/watch to v4
   * Switch to debhelper-compat 10 (Closes: #1119549)
   * Bump Standards-Version to 4.7.3, drop Priority: tag
   * Add debian/salsa-ci.yml
   * Fix copy-paster error in sysvinit script
   * Commit the generated systemd service (Closes: #1039351)
Checksums-Sha1:
 1952a5ff69adba3c73799a576b82486eb2a70fda 1991 rotter_0.9-5.dsc
 1a50337c763891205de5253f537a0f8d20e65b17 4884 rotter_0.9-5.debian.tar.xz
 99c1c42f39bda8f223bf5664b4f3b1de314358f0 6694 rotter_0.9-5_source.buildinfo
Checksums-Sha256:
 dfdb1bc1394dfd9de463fa3cd929284ab9e6aed052e8dac76a43867dc6589076 1991 rotter_0.9-5.dsc
 540a4cb20b282636eeb3321f496ef10275fb5f4b47f3b8afecb2cdab8d21bca4 4884 rotter_0.9-5.debian.tar.xz
 3db6d081aeebc9d26f1b50f021db9d5b9ba407a05040489da639f78c63353f81 6694 rotter_0.9-5_source.buildinfo
Files:
 c2fb1b0815e41836485a8acc6d9d31ed 1991 sound optional rotter_0.9-5.dsc
 b445459280563e4c1feee789241bb9e7 4884 sound optional rotter_0.9-5.debian.tar.xz
 dc8be94635afaa1156473889fb81ab6a 6694 sound optional rotter_0.9-5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEj23hBDd/OxHnQXSHMfMURUShdBoFAmlRYvkRHHRjaGV0QGRl
Ymlhbi5vcmcACgkQMfMURUShdBpmbQ/9HjOvNrgiYf3J00oh+ca+EmTyppxn22ce
VEZrY1dZ5gtLiVCQfPIioF/lDajl8TzTXZE0waRUWrZWP+6XxuzAbEEQp5DpeYS2
qOIbM60EoPx69kyWWh+/Yj8rynJFGoeuLwFX7EnirTiel/T75vl6st9r0OBGh146
8Q68S1WWUgHKwTtCEHvPzGBdAqLWDrLwWj+2Yv4X+RPmo6Nh70Gb8Ze/3Iv/cwRb
Gj95AVlVoRzU5ZokK8huRiecevFV7b20/y10bD33JIHh0ZY3mfV8mOQyNagr38mb
bOLu4cF/mvbXRul/upBZikObSMItRzgFIF3k0wnA6regT4Q1CJWTL6QRZnIlGjzU
gnEuTLgAFAXZWCifEDTQ7ry+ATcena+q/FLO8aG6q/G3sXJHWaBSokj3TkW/6lx8
Irwq/EvCYnMNNg6S9k7Ob663UhVXcMPRAHbolIM71Mt242UVpqhvRn53pWV2fuGv
Hrli9YYcx1R0bR9z3snMbYO8wPGbDe87IlNubVQmkxx/B+JWzcL2Vvywd4ozkkg0
sA7kP5R+tnsjUyYyD0gUabHpUKUoaEvpSQyXWTsPDaOHSJjXVOEU+32HPoaI2fjH
/f3fRBxAGpvBukaJyogjYbZqiS7NkystsTvkBBCs+NTqsta4XIZViWN8onxDdpZO
UWebcdqBtUk=
=q+VY
-----END PGP SIGNATURE-----

Attachment: pgpPbVn3T3L2s.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: rotter_0.9-5_source.changes ACCEPTED into unstable
Next by Date: Processing of rotter_0.9-5_source.changes
Previous by thread: rotter_0.9-5_source.changes ACCEPTED into unstable
Next by thread: Processing of rotter_0.9-5_source.changes
Index(es):
- Date
- Thread