Bug#1119477: marked as done (lx-gdb: please build using the default build flags)

Mon, 05 Jan 2026 06:57:20 -0800 

Your message dated Mon, 05 Jan 2026 14:56:20 +0000
with message-id <[email protected]>
and subject line Bug#1119477: fixed in lx-gdb 1.03-16.1
has caused the Debian Bug report #1119477,
regarding lx-gdb: please build using the default build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1119477: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119477
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: lx-gdb
Version: 1.03-16+b3
User: [email protected]
Usertags: hardening-buildflags

lx-gdb is not currently using the default build flags set by dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.

Please make sure that lx-gdb builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.

In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
lx-gdb, the flags are either ignored or overridden.

The most common reasons for this are:

Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles

Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.

In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":

 set(CMAKE_CXX_FLAGS "-O2")

If the intention is to append to CXXFLAGS, one should use the following
instead:

 set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")

See #655870 for a similar autotools example. 

Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags

Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).

Others attempt to append to the variables, but end up accidentally
overriding the defaults:

 #!/usr/bin/make -f
 export CFLAGS += -pipe -fPIC -Wall

 %:
        dh $@

Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).

For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)

--- End Message ---
--- Begin Message --- 
Source: lx-gdb
Source-Version: 1.03-16.1
Done: Andreas Tille <[email protected]>

We believe that the bug you reported is fixed in the latest version of
lx-gdb, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated lx-gdb package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Dec 2025 14:22:53 +0100
Source: lx-gdb
Architecture: source
Version: 1.03-16.1
Distribution: unstable
Urgency: medium
Maintainer: Mark W. Eichin <[email protected]>
Changed-By: Andreas Tille <[email protected]>
Closes: 1119477 1120034
Changes:
 lx-gdb (1.03-16.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
     Closes: #1120034
   * Set Homepage to packages.debian.org since there seems no other
     place with this version of the code in the internet any more
   * Maintain package in Debian team on Salsa
   * d/watch: Fake watch file
   * d/copyright: DEP5
   * debhelper-compat 13 (routine-update)
   * Remove trailing whitespace in debian/changelog (routine-update)
   * Trim trailing whitespace.
   * d/rules: Cleanup d/rules and add hardening options
     Closes: #1119477
   * Standards-Version: 4.7.3 (routine-update)
   * Remove Priority field to comply with Debian Policy 4.7.3 (routine-
     update)
Checksums-Sha1:
 a9ba0163c930f4e53b663038200b4dd6d6258077 1830 lx-gdb_1.03-16.1.dsc
 cbd05b6c01a273bab69f4a64e536de5919e23f97 5980 lx-gdb_1.03-16.1.debian.tar.xz
 58b9cf72d0fa39d9b3fbe22daa8cda3dbf5d6ad2 5900 lx-gdb_1.03-16.1_amd64.buildinfo
Checksums-Sha256:
 6da5d62c83beab34a992c5ab8b050a1ec9dbc15c3edf8a83cefb9f974c3d7d09 1830 
lx-gdb_1.03-16.1.dsc
 0a4afcb7abc807defc7199b49aa36974193a521127e6d7312b251b379bb3155b 5980 
lx-gdb_1.03-16.1.debian.tar.xz
 c1d86a3b9c3b4876078d6d72f7b8b651119803689a3e800d49da11323b6469df 5900 
lx-gdb_1.03-16.1_amd64.buildinfo
Files:
 45fcd076768d4d8345cbb31be9a24f59 1830 otherosfs optional lx-gdb_1.03-16.1.dsc
 6387a46452e68e51fb2a4d7119390c45 5980 otherosfs optional 
lx-gdb_1.03-16.1.debian.tar.xz
 c7dcb8296b7991242b21148c3b26fc7a 5900 otherosfs optional 
lx-gdb_1.03-16.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmlOjRIRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtEmAxAAmt1ENVYDlsmFhkWclBJMcU4ta/ynhd20
SYOSZSnDAw+bEFHShnU5bWROjbIaZJwSIY8Wd7Cp0ogpjAIE1wYeZLdjiSm6yKWk
hmPFpYovazh6T6jdi8xA3cgX/jml84L8I3lyNvmw8MWMi2sA9ZUz8RIv2OzHRSwF
1jHrKdjlqduufy3oCPZRNOGI2FKaSW8gIoHIe2q7zCIHbPCr4S5o0BqCLxdBMIug
KzQLU6/mMCJFDWjet584NETtZ1aRuIm6XdVftKIHE8py/71UVOzdbJOFsb1C7TAV
4huOMprhHC5v+21cNC5n1Pui5qLTXm9mNflylOdC4CxNm/zMXvlBH6hgysLPubBF
pfIy+Z4b09/dNP4krJeKCu4mEwFgzDsBGz+wbe+f9gTaJDeGVO1Tn/ypKwT+t6Of
LUQAz7T7R2yDDMgMbK47Q/N90fPfu64STe7OVXBiEt83OQcSknZxFjgN5QTb+oBQ
UuUQNZ+ZEjdAI34Rh5S4CJ4hL/yH3BP0POJ1U7JjA62hgJiKjtDY5J1ohk6hUiMt
caDfXdfbef7FU3a6gmhbo9oDBpDH/MmqCZfL0x1a0gdeh+VE9dfAneoo8N/dxLhG
K0CqE0GEqd1h7OenJt0CM+g6O3a5mj4psAUm9T05xN7AHoZCFZObFz2HAas9L+Rg
WRPqJfYaIi8=
=kwZk
-----END PGP SIGNATURE-----

Attachment: pgprFXDMuUB9F.pgp
Description: PGP signature


--- End Message ---

Reply via email to