Your message dated Tue, 06 Jan 2026 02:36:16 +0000
with message-id <[email protected]>
and subject line Bug#1119508: fixed in nuttcp 8.2.2.rpm-2
has caused the Debian Bug report #1119508,
regarding nuttcp: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119508: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119508
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nuttcp
Version: 8.2.2.rpm-1
User: [email protected]
Usertags: hardening-buildflags
nuttcp is not currently using the default build flags set by dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that nuttcp builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
nuttcp, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: nuttcp
Source-Version: 8.2.2.rpm-2
Done: наб <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nuttcp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
наб <[email protected]> (supplier of updated nuttcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Jan 2026 20:41:45 +0100
Source: nuttcp
Architecture: source
Version: 8.2.2.rpm-2
Distribution: unstable
Urgency: medium
Maintainer: Package Salvaging Team <[email protected]>
Changed-By: наб <[email protected]>
Closes: 1119508
Changes:
nuttcp (8.2.2.rpm-2) unstable; urgency=medium
.
* Team upload
* d/p/06-hardening.patch: Don't override CFLAGS and honor CPPFLAGS as well
(Closes: #1119508)
Checksums-Sha1:
c626715cca41b6489c800337b6547ef6768174f5 1944 nuttcp_8.2.2.rpm-2.dsc
17b1d4cabf4d5dc359a0dc7ec927e841aac14ad5 73075 nuttcp_8.2.2.rpm.orig.tar.bz2
f96b9cb9e4cffb58f25cba602c46bf40acf275e8 8028 nuttcp_8.2.2.rpm-2.debian.tar.xz
23f07dee386f4a55b0cb63e38cd4ecbf8f28d28a 6938
nuttcp_8.2.2.rpm-2_source.buildinfo
Checksums-Sha256:
c718451b38a81f1848c5110607bcf9981333576ad96aafed1b015afabb8da4df 1944
nuttcp_8.2.2.rpm-2.dsc
1dce197cea766e2c2119824af78cf6580db28ad908044158e4578ee78b9159c0 73075
nuttcp_8.2.2.rpm.orig.tar.bz2
5b32f0705716aeab8501158a565abb6d451cccb798cef70b1fea6324522d4d6a 8028
nuttcp_8.2.2.rpm-2.debian.tar.xz
60690124b31dac82f73d3cb96faaa1d7d3ec3a6b7c21dc4fb72645b80d14773d 6938
nuttcp_8.2.2.rpm-2_source.buildinfo
Files:
37a627fcab4182482530e8e27e5c21c5 1944 net optional nuttcp_8.2.2.rpm-2.dsc
e5059e3bf3ab58ba22f3ad12ede65fef 73075 net optional
nuttcp_8.2.2.rpm.orig.tar.bz2
bb64ee01bb4403e22039c075c868a504 8028 net optional
nuttcp_8.2.2.rpm-2.debian.tar.xz
eab59e809cfdffa7aa6785b9359c4d18 6938 net optional
nuttcp_8.2.2.rpm-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJWBAEBCgBAFiEEfWlHToQCjFzAxEFjvP0LAY0mWPEFAmlcbNgiHG5hYmlqYWN6
bGV3ZWxpQG5hYmlqYWN6bGV3ZWxpLnh5egAKCRC8/QsBjSZY8Rb4D/9DAyvmJ4Yc
IyJEpeOO8Mt12lU73PoLsYMbG+fAYl69hszv9H8Icz1ak5bjruhRZU2PV0KPvKwI
zj+FwgYKH102aEVzjqqa2+LccrVF8XZ6Yv+AKPSWxfWl2SoME7qwyJkP9JmJPo1I
gkGWiUiCL5AJkrDBCQtBVnXbpRpWKYhDmBCuE/379OYNUJk66FnglOkxlbt5cmj2
aUvAKFdQ1N8n/KgXgklXBeov8WymktEZdhpQ+KHQog/4VtDPlMwjS4Fgb/VgFvvm
4ayUiJQX1VTl8YJbzsYlHjpBAMY2ALUdBp8QHMf7nDzIZb0sVpT6wZv2p7qXZFEj
gAhDMVR0PtQf8SgYHczafMYv8fxyk1inXgd6pBbc+6sUbNJWVQpdyBTahaoRoJwQ
F3uQZ78vSR94LMjwXgYJBHQCwAqwhDASBZJJ5VqfTWj0ojmK13vIAlcvLPKy9uYz
MBu6TGFkxflwMfA66ASe6uCLbCcn/+EtAcGv9PEsgBXE4goDwx/pCLfvGJTnNHCs
A2liwcnL0VOWVot+Cd3nataE4U6kxenphbPpnimKLz1dCXMAlL/WEbqveWxKVWu3
BC7fxjJWJi70qSc2cCBPp1l/vBZ4APuVvMN/h29Kzyl5flaDwnc5HVoj5DbjxCZF
C5jbRVtqATbRBM9O/kerZo9SWPh7wp/nAA==
=mojp
-----END PGP SIGNATURE-----
pgpq0cPItzF4U.pgp
Description: PGP signature
--- End Message ---
