Your message dated Tue, 06 Jan 2026 21:19:31 +0000
with message-id <[email protected]>
and subject line Bug#1119520: fixed in parsinsert 1.04-17
has caused the Debian Bug report #1119520,
regarding parsinsert: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119520
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: parsinsert
Version: 1.04-15
User: [email protected]
Usertags: hardening-buildflags
parsinsert is not currently using the default build flags set by
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that parsinsert builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
parsinsert, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: parsinsert
Source-Version: 1.04-17
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
parsinsert, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated parsinsert package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 Jan 2026 21:54:42 +0100
Source: parsinsert
Architecture: source
Version: 1.04-17
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1119520
Changes:
parsinsert (1.04-17) unstable; urgency=medium
.
* d/rules: activate hardening flags. (Closes: #1119520)
* d/lintian-overrides: delete: hardening is fixed.
* d/control: drop redundant Priority: optional.
* d/control: declare compliance to standards 4.7.3.
Checksums-Sha1:
26f3b554cbdbe439e58c82d2e6bf3b572646fdba 2259 parsinsert_1.04-17.dsc
04fbaa384ae03b5b8d49e70f9081bc6f7f7a380e 2841184
parsinsert_1.04-17.debian.tar.xz
Checksums-Sha256:
4cc5b8b240a520e833fb33f1a2d4b6a80794c98455c2b6d8c6871975f0d55dba 2259
parsinsert_1.04-17.dsc
25a4730fa05ba6350ac5d3efb7bb5eb6b4f3c006dbba66a857f1f0bde40e0561 2841184
parsinsert_1.04-17.debian.tar.xz
Files:
8650604acc912785ad3d102174fdda99 2259 science optional parsinsert_1.04-17.dsc
07bc8fb062068fcf167a1473a9a36370 2841184 science optional
parsinsert_1.04-17.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmldeJEUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdoFrw/8C1B1Fv5NBOX5kyPcccETaX8DFWyf
vrO1jv3t2iRa80U/85Pazt6pgME8Mx/8KHWl8ZfnSxc2TAI68Jq1OpKsfWcxDV2p
Y6Rnb6sGf7Mr9A/RqF8t72MDOi5ugDeImabsLhyVrw/Nfkedz/mlxMrvAjYplikO
kMtkGM9HBBkcMFGRbjWEUuzYO0uUTGS9hLOs3fOD0qdBol1zg9BhZEY6/E3r2+66
OtXPMI4W2v7slaDNdLWwFrP6ZxEzuba58S+SSrGj8mVgxNJf+dunhjQ75zFjdQPU
S/95xpCpPxgEb7qtv14AQ3IEX6/+Rk9mMnqCqOmAaSsvfv9LMxTUMpzBGX1+Ocbb
fg97uV1AFL9o8CpjSwweJDJLII2Kyh6n6SlGHvA7Hq6pBh6LHaev3257MxnkXPFw
0aOUqiaCTSYWXaOdjrmtG9DQAl3h14EQ2AZymw229+qb+alym+xG4wFvrVrS2kkN
mvNMFz9dR8zKEnsF3gb78L2DrHPzg9HCzD0iSIpSfwBarh1qpO7HJAeYeHJhAalj
OBTGDluDXwSTpGaKUkfVffGoFWt05Yx6H9EVixSE8CAEJ7Nmw7Rb9EBoQY5+nllv
mRWlUsBIXwA2q9yKBFu7k0WO0btSmm7SmG/FWX6Ablqo772O6k2J90XW4gDv18hL
bzNr4ri6nyQdIeM=
=zxT9
-----END PGP SIGNATURE-----
pgpOtrwpvuS_P.pgp
Description: PGP signature
--- End Message ---
