Bug#1119406: marked as done (elvis-tiny: please build using the default build flags)

To: Andreas Tille <tille@debian.org>
Subject: Bug#1119406: marked as done (elvis-tiny: please build using the default build flags)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 17 Dec 2025 10:15:07 +0000
Message-id: <[🔎] handler.1119406.D1119406.17659664472553950.ackdone@bugs.debian.org>
Reply-to: 1119406@bugs.debian.org
References: <E1vVoB1-006usI-2O@fasolo.debian.org> <aQJFk_jZqtIgz1XF@ariel.home>

Your message dated Wed, 17 Dec 2025 09:50:35 +0000
with message-id <E1vVoB1-006usI-2O@fasolo.debian.org>
and subject line Bug#1119406: fixed in elvis-tiny 1.4-26
has caused the Debian Bug report #1119406,
regarding elvis-tiny: please build using the default build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1119406: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119406
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: maintonly@bugs.debian.org
Subject: elvis-tiny: please build using the default build flags
From: Emanuele Rocca <ema@debian.org>
Date: Wed, 29 Oct 2025 17:49:23 +0100
Message-id: <aQJFk_jZqtIgz1XF@ariel.home>

Source: elvis-tiny
Version: 1.4-25
User: debian-security@lists.debian.org
Usertags: hardening-buildflags

elvis-tiny is not currently using the default build flags set by dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.

Please make sure that elvis-tiny builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.

In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
elvis-tiny, the flags are either ignored or overridden.

The most common reasons for this are:

Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles

Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.

In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":

 set(CMAKE_CXX_FLAGS "-O2")

If the intention is to append to CXXFLAGS, one should use the following
instead:

 set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")

See #655870 for a similar autotools example. 

Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags

Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).

Others attempt to append to the variables, but end up accidentally
overriding the defaults:

 #!/usr/bin/make -f
 export CFLAGS += -pipe -fPIC -Wall

 %:
 	dh $@

Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).

For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)

--- End Message ---

--- Begin Message ---

To: 1119406-close@bugs.debian.org
Subject: Bug#1119406: fixed in elvis-tiny 1.4-26
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 17 Dec 2025 09:50:35 +0000
Message-id: <E1vVoB1-006usI-2O@fasolo.debian.org>
Reply-to: Andreas Tille <tille@debian.org>

Source: elvis-tiny
Source-Version: 1.4-26
Done: Andreas Tille <tille@debian.org>

We believe that the bug you reported is fixed in the latest version of
elvis-tiny, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1119406@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <tille@debian.org> (supplier of updated elvis-tiny package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 17 Dec 2025 09:15:44 +0100
Source: elvis-tiny
Architecture: source
Version: 1.4-26
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Andreas Tille <tille@debian.org>
Closes: 1119406
Changes:
 elvis-tiny (1.4-26) unstable; urgency=medium
 .
   * QA upload.
   * Build using the default build flags
     Closes: #1119406
   * d/copyright: DEP5
   * Do not ignore blhc test in Salsa CI
Checksums-Sha1:
 f8b1bbbbd74ea9434f9f1c2cdc7b8a08bca8580e 1888 elvis-tiny_1.4-26.dsc
 82bb99bc391a9ad47cfc671a615805c9bcff85e7 36468 elvis-tiny_1.4-26.debian.tar.xz
 45baa4630d20771f76ca9c9b15f0d32180e7be7d 6023 elvis-tiny_1.4-26_amd64.buildinfo
Checksums-Sha256:
 cc9b5caf88a61a6aec24f4b8348a296a2fac6892a1fe9b2f0abd8e9567cd8518 1888 elvis-tiny_1.4-26.dsc
 18fa3d42834086d2d428833a2e9bb6a2484693d43b6efa3ba1f5cccfe93c0f5a 36468 elvis-tiny_1.4-26.debian.tar.xz
 75b2ff0376ffa4c2a6206a75ca654516b7bcb99d1b3c08b57b9e0202356f52cb 6023 elvis-tiny_1.4-26_amd64.buildinfo
Files:
 8a935cc1a6d6ee9f4c67f94b5006a5ff 1888 base standard elvis-tiny_1.4-26.dsc
 833be9424f3b7f226a4b96b0f48018cc 36468 base standard elvis-tiny_1.4-26.debian.tar.xz
 3b8178bac466658f302a5cd918046d08 6023 base standard elvis-tiny_1.4-26_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmlCdGERHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtHbGA//ay6LWCth9PGc+RgYqklfD1yiiK28FMOa
PcOHIIfx0uMMefZsUaqQed35Z01ZFu/lAGhavy6UaOWNaUZ72YosjfcF3PobxFQc
r+Ie+QGKUBkZDjNoLmULwQnj1feFQKI1QXqfz2+8fHid7MGNoe7mL8iNIYFugMSH
BWyVtOmJeFAXmdEPctNYuXtsIZB6ItvpYY7B5Of/35VlYijpNH0G2clGWkyhWOP8
DXgsk7oQnoYDI+pgQnamyVyS+Z9RzXi6LLucJFmTHXmBdTKusTt4DJVQ/inCXfjN
Cw7as7OX37nZ3iqIBfHo7X2q3nYmWSeiOntrUTbpb4CT/Be4i1iq8HjMa1iQ7me0
nWx/FxCB7ey406RZ0BS0jNLq4OSr8iY3Kr/uQy6fpPzKORDqmAmOMqfvrW9VpaZv
F2M2Lvxwt+rTXBApiaa41Csf8JGkZLiNK9ytMypoH/6WdrgNMryAoT0Cot4sWFKw
PztAPA1XS6/IkkD3stkpGYMngkZmHkWwc5B9aXT5iDccT52wx++F0kPXlpb+cEWY
VUVQrO8EslTEBkr4Z4Uq+1GUtPRrg5e35M48Hvoom/ApbNJheboyANP5f3NYkcAc
kb4cSScPF/gGtazuWvFtgWQNgVmvE44HcQwlceBGzRiG3H2m4tZo3bhVkjRHJ/mv
iUnOZWx1t0s=
=ecnX
-----END PGP SIGNATURE-----

Attachment: pgpw78UfGrkiE.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: Bug#1096694: marked as done (genparse: ftbfs with GCC-15)
Next by Date: d52_3.4.1+git20191024.ac20ebd-1_source.changes ACCEPTED into unstable
Previous by thread: Bug#1096694: marked as done (genparse: ftbfs with GCC-15)
Next by thread: d52_3.4.1+git20191024.ac20ebd-1_source.changes ACCEPTED into unstable
Index(es):
- Date
- Thread