Bug#1119535: marked as done (proftpd-mod-vroot: please build using the default build flags)

[Debian Bug Tracking System]

Your message dated Sat, 22 Nov 2025 16:36:28 +0000
with message-id <e1vmqb6-00dl9m...@fasolo.debian.org>
and subject line Bug#1119535: fixed in proftpd-mod-vroot 0.9.12-2
has caused the Debian Bug report #1119535,
regarding proftpd-mod-vroot: please build using the default build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1119535: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119535
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: proftpd-mod-vroot
Version: 0.9.12-1+b2
User: debian-secur...@lists.debian.org
Usertags: hardening-buildflags

proftpd-mod-vroot is not currently using the default build flags set by 
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.

Please make sure that proftpd-mod-vroot builds using the default build flags. 
blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.

In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
proftpd-mod-vroot, the flags are either ignored or overridden.

The most common reasons for this are:

Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles

Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.

In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":

 set(CMAKE_CXX_FLAGS "-O2")

If the intention is to append to CXXFLAGS, one should use the following
instead:

 set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")

See #655870 for a similar autotools example. 

Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags

Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).

Others attempt to append to the variables, but end up accidentally
overriding the defaults:

 #!/usr/bin/make -f
 export CFLAGS += -pipe -fPIC -Wall

 %:
        dh $@

Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).

For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)

--- End Message ---

--- Begin Message ---

Source: proftpd-mod-vroot
Source-Version: 0.9.12-2
Done: Hilmar Preuße <hill...@debian.org>

We believe that the bug you reported is fixed in the latest version of
proftpd-mod-vroot, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1119...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilmar Preuße <hill...@debian.org> (supplier of updated proftpd-mod-vroot 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 22 Nov 2025 17:16:47 +0100
Source: proftpd-mod-vroot
Architecture: source
Version: 0.9.12-2
Distribution: unstable
Urgency: medium
Maintainer: ProFTPD Maintainance Team 
<pkg-proftpd-maintain...@alioth-lists.debian.net>
Changed-By: Hilmar Preuße <hill...@debian.org>
Closes: 1119535
Changes:
 proftpd-mod-vroot (0.9.12-2) unstable; urgency=medium
 .
   * Enable Reprotest on Salsa CI.
   * Build using the default build flags (Closes: #1119535);
     enable blhc test on Salsa CI.
   * Remove useless content from 01_built_outside_tree.
   * Remove libsodium-dev & libhiredis-dev from B-D.
   * Move Make.rules from patches/01_built_outside_tree to subdir
     "debian/".
   * Bump Standards version, no changes needed.
Checksums-Sha1:
 d4e50d7722376a5495e79939f5787a424adc436e 2266 proftpd-mod-vroot_0.9.12-2.dsc
 78c22c7e8645beae487066412094744c65dbb07f 6200 
proftpd-mod-vroot_0.9.12-2.debian.tar.xz
 738181e7195f75aaa709b79fa6f98989147c0fb5 5578 
proftpd-mod-vroot_0.9.12-2_source.buildinfo
Checksums-Sha256:
 e49c5411a31c3f8c8da4c58408bc013e09c884d973b530c629101e89fcda2e66 2266 
proftpd-mod-vroot_0.9.12-2.dsc
 9c3d8345e12fd8d14cd2f24fdcd63148f286c68efa99c5d75dd05aab2c1d760f 6200 
proftpd-mod-vroot_0.9.12-2.debian.tar.xz
 d6d81b225bf4998940fe815e7f5077e73f499918626e00e16bd426d8e5eaf217 5578 
proftpd-mod-vroot_0.9.12-2_source.buildinfo
Files:
 686ce5c3ad94c481ee5459c41192c503 2266 net optional 
proftpd-mod-vroot_0.9.12-2.dsc
 88ff57fa6348df67f0fc08dccac87f6d 6200 net optional 
proftpd-mod-vroot_0.9.12-2.debian.tar.xz
 9e03aba400029145dc4e84b59f077b80 5578 net optional 
proftpd-mod-vroot_0.9.12-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEaXGmC/nkbIhxf16kxiZYRqvgLIsFAmkh4iFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY5
NzFBNjBCRjlFNDZDODg3MTdGNUVBNEM2MjY1ODQ2QUJFMDJDOEIACgkQxiZYRqvg
LIsOshAAuSYJFmvYNxqGc4rPMEBitMoZt6Fd+b0NnCBjgqKYfqpeL0MgOiTVcOrH
Kgelg6AviRGFD5iXk8Ish7LZfXBMHOtU6AEUYZR9fRVn+8++5nZjIXJJZeeQmcUN
spsJbbIhEhs2f9/xLXVGVfYE+lwXDvGKRblk9QdC9nQzaH99ybWEi00rugldprTt
PoTb4BvwaLXkXCKrmYTBUyKb1ws4ahdPFPKmIMizcA6Wu/lNEc5uO3nJsK6/S6+z
NKsB1+i635P5z9QxEj3GyXIgJWArmS8389LDnfexviDg+1rLm4b7P2apxUTK1AyR
YU+qSJK7pZ++LOtxH09Fm3CKr3sjLPxIB5r3J1fsZUkiwHfEcL2WYLr/kQb5p/dY
hmh+dGPWRVB/Kw1ZiQFKbQPHaaKNdD+M1ypPEbwnvmC5fG83Bqu0eyoASAl3Suva
U+uuld6jW3Zszh+3GgJflSRD5WDPaEAAwg7RhoLnySTapXEE7LQEq2AZK9Hv21dB
i7VRNJ2yB+p3aoONqon3rDrT8S8xS9O+1jKMbrScm/ffr9gOI0JknnaJBIY0V4KQ
u67lGJK1uJcR28dsS8WDDVFHA5TKK1X6cBkckE4R4vZZ9YMJhJNRCdVK2Hv1OTsj
varQuMm0ieGOlWAAv+LZ8OKmju62TK9JucAUbrVWDJ5iGcJOA7w=
=i+68
-----END PGP SIGNATURE-----

pgpx0axLlk5wl.pgp
Description: PGP signature

--- End Message ---