Your message dated Sun, 11 Jan 2026 16:33:29 +0000
with message-id <[email protected]>
and subject line Bug#1119395: fixed in drawterm 20240821-0.1
has caused the Debian Bug report #1119395,
regarding drawterm: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119395: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119395
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: drawterm
Version: 20170818-1+b1
User: [email protected]
Usertags: hardening-buildflags
drawterm is not currently using the default build flags set by
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that drawterm builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
drawterm, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: drawterm
Source-Version: 20240821-0.1
Done: Andreas Tille <[email protected]>
We believe that the bug you reported is fixed in the latest version of
drawterm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated drawterm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 01 Jan 2026 16:31:11 +0100
Source: drawterm
Architecture: source
Version: 20240821-0.1
Distribution: unstable
Urgency: medium
Maintainer: Martina Ferrari <[email protected]>
Changed-By: Andreas Tille <[email protected]>
Closes: 1119395
Changes:
drawterm (20240821-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
.
[ Ondřej Nový ]
* d/copyright: Use https protocol in Format field
* d/control: Deprecating priority extra as per policy 4.0.1
* d/control: Set Vcs-* to salsa.debian.org
.
[ Martina Ferrari ]
* Switch to 9front fork.
* Update my name and email address.
* Various automated updates to packaging.
* Use upstream's manpage.
* d/rules: Fix compilation.
* d/watch: Bump version.
* d/docs: Include README.
* Package a new snapshot from 9front.
.
[ Andreas Tille ]
* d/watch
- Version=5
- Use latest Git commit
* New upstream version
* Respect Debian build flags
Closes: #1119395
* Standards-Version: 4.7.3 (routine-update)
* Remove Priority field to comply with Debian Policy 4.7.3 (routine-
update)
Checksums-Sha1:
0737686446b1833004374074fdf6877507fb4fb2 1879 drawterm_20240821-0.1.dsc
05bbc7a65230be3239b00985e2ad2b4c3fe59545 377044 drawterm_20240821.orig.tar.xz
b327760c056b005411022854e366a061d212273e 6644
drawterm_20240821-0.1.debian.tar.xz
5f27945c0b24ec582d07469b4d2ef54a00cdc475 6511
drawterm_20240821-0.1_amd64.buildinfo
Checksums-Sha256:
302372dd83a65f41ef2cbbf5436581c4578f32cbe9c4b58b45bb0cef74cc42b8 1879
drawterm_20240821-0.1.dsc
0edf475e560986bb3a64f037152e6e20d8f756b4cdfdc89cf08cd0dde549ce31 377044
drawterm_20240821.orig.tar.xz
b8b16b438c50d38730d66c92a2e8fd88eb42198d20b166ab5e638333c96d3ce7 6644
drawterm_20240821-0.1.debian.tar.xz
59dec29ee4ea12b7b29f539aebe1dbd970cd77d1efb90529dc5fdec5ed81cf80 6511
drawterm_20240821-0.1_amd64.buildinfo
Files:
69443ab6349b9b7843fdf75214a3caf5 1879 x11 optional drawterm_20240821-0.1.dsc
8c3f677c1bc3dd04697810aa4382d661 377044 x11 optional
drawterm_20240821.orig.tar.xz
0fca576b8d3d14f0498273b572ad8bcd 6644 x11 optional
drawterm_20240821-0.1.debian.tar.xz
c4bff92420771ad2e814cfab27796939 6511 x11 optional
drawterm_20240821-0.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmlWljQRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtHhUhAAiW5nHwckvI3AufpxdE7CZSf9m9fIPCCV
zDbuHFdnchtbQoD8/ZRURGaJhBHQy+auSfLjcnca/8+nrG9HqBQoQAitpO8cjkgu
2e9yZrlj9KoE8cgVaPuwb7xNMm938zSLjMvyuTd8HYnFt5/dfxhEV/dXyQ2jM+TS
5b7n6knoDJpCObuvnB0Bt1iwBgyPsJR9VPXSgSbd6kSOBHk8yOc/MTR0kepLmEgE
t8Yy/RY8xfiMG2O550Xt12EZEHqb7ijHybdHgju1nnzbNzQSF4RBY170wW37yyBv
+FDMNQrx73LBIjUVv5hSM/SRgNuCupLGETVmIH1vca7f0lhig73BT+sFju5sfjDK
43dBxpHSn1IQd7OpNYwh9b9pjAtcUwSwKRh9nGfkR7Up6HPMwb+K9Ij9hNQE+9rG
NQmejucQmDepUrenRpAF5R0CbQwDWi4wAD8xkBnJ5jbQas39J7D+b5JVhS7dAkSE
XggR8P31q42suU5vQdyJuKnTKcG/fuYbxHd7nPmqsQn7Np/EtS26YR/W/kngZdlC
PnVzczUrbCaaXzS9bMiK7WdQ03zMHhvs6N1A/x6F+8epjZP4JGMfqASzM/oKOfiU
I5SrwhKHP3iEltrCUn+r0USwpyui0T44ZF8gN2sBiHUnEHkozfR39XBHs2qeI3pT
2vfzqetBJrE=
=6vsQ
-----END PGP SIGNATURE-----
pgpHlitXBQosK.pgp
Description: PGP signature
--- End Message ---
