Bug#1119363: marked as done (boolector: please build using the default build flags)

[Debian Bug Tracking System]

Your message dated Fri, 30 Jan 2026 14:34:11 +0000
with message-id <e1vlpzb-0000000ekqf-0...@fasolo.debian.org>
and subject line Bug#1119363: fixed in boolector 3.2.4-1
has caused the Debian Bug report #1119363,
regarding boolector: please build using the default build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1119363: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119363
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: boolector
Version: 1.5.118.6b56be4.121013-1.3
User: debian-secur...@lists.debian.org
Usertags: hardening-buildflags

boolector is not currently using the default build flags set by 
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.

Please make sure that boolector builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.

In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
boolector, the flags are either ignored or overridden.

The most common reasons for this are:

Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles

Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.

In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":

 set(CMAKE_CXX_FLAGS "-O2")

If the intention is to append to CXXFLAGS, one should use the following
instead:

 set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")

See #655870 for a similar autotools example. 

Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags

Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).

Others attempt to append to the variables, but end up accidentally
overriding the defaults:

 #!/usr/bin/make -f
 export CFLAGS += -pipe -fPIC -Wall

 %:
        dh $@

Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).

For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)

--- End Message ---

--- Begin Message ---

Source: boolector
Source-Version: 3.2.4-1
Done: Andreas Tille <ti...@debian.org>

We believe that the bug you reported is fixed in the latest version of
boolector, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1119...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <ti...@debian.org> (supplier of updated boolector package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 30 Jan 2026 15:17:25 +0100
Source: boolector
Architecture: source
Version: 3.2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Maintainers 
<debian-science-maintain...@lists.alioth.debian.org>
Changed-By: Andreas Tille <ti...@debian.org>
Closes: 922877 1043884 1111926 1119363
Changes:
 boolector (3.2.4-1) unstable; urgency=medium
 .
   * New upstream version
     Closes: #922877, #1043884
   * Maintain package in Debian Science team
     Closes: #1111926
   * Update Homepage
   * Fix watch file, version=5
   * debhelper-compat 13 (routine-update)
   * Remove old boilerplate from debian/rules (routine-update)
   * Remove trailing whitespace in debian/copyright (routine-update)
   * Remove trailing whitespace in debian/rules (routine-update)
   * Trim trailing whitespace.
   * d/rules: Switch to short dh
     Closes: #1119363
   * d/copyright: DEP5
   * Make sure package builds with CMake 4
   * Standards-Version: 4.7.3 (routine-update)
   * Remove Priority field to comply with Debian Policy 4.7.3 (routine-
     update)
   * Prevent static linking
Checksums-Sha1:
 8a607c4af9f418042072e6b8b5ff33a345d884d0 2043 boolector_3.2.4-1.dsc
 eece967e0c7cdb770178d736214bca5c3abd7911 1567983 boolector_3.2.4.orig.tar.gz
 e0fe63d370f5d72c780147bd3e637f9d4f65f219 3276 boolector_3.2.4-1.debian.tar.xz
 ca51379743c84eae6efd9163633d5f05e7cb8bb2 7230 boolector_3.2.4-1_amd64.buildinfo
Checksums-Sha256:
 2b9a505e9a392218320d458c9293ed6395e9fe3efafaf4fd5f49c53507458f58 2043 
boolector_3.2.4-1.dsc
 249c6dbf4e52ea6e8df1ddf7965d47f5c30f2c14905dce9b8f411756b05878bf 1567983 
boolector_3.2.4.orig.tar.gz
 a16d5c2b0eb83470cf24f744db3e038ad7b738652ba976c48db7702aa5864cb9 3276 
boolector_3.2.4-1.debian.tar.xz
 bf68f9868dd9303a28f5d1f86684dc9428b0ab5e7a9b6f90ca844f075aeb8521 7230 
boolector_3.2.4-1_amd64.buildinfo
Files:
 26de97c2b2e401c62a9449f862d71767 2043 science optional boolector_3.2.4-1.dsc
 8dc8026d5d3801bffecc262c6b878abf 1567983 science optional 
boolector_3.2.4.orig.tar.gz
 b913d8cc4897284fadf79ad5786a9817 3276 science optional 
boolector_3.2.4-1.debian.tar.xz
 da43d2bc7312757fcdf46392113aca17 7230 science optional 
boolector_3.2.4-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAml8vfERHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtEMzg/+OucuHBX6Y92i5iBjzSktNSfhTXZtXqZt
JX9Imc73t/pS41/jfOuU7aa+qjvAsOM/9fxy4vvggWqsWbDsDtRpqnxYu9G/2umA
3awcyC/NqMlUcx7QxPJSA8dDcz2GR6ofCPjZRLs1FHnXH4GE7kEXtNJsyRNUvp7r
a8thWCWzKr5YZ1zs5dB7s5DR+/OM0YRDSn0kgBlEjBkkizB77Jne0hLt53/b8G2q
Hkw2ozS2aICvTVcB3RegqUUF9ZDDuoI3mohKtqtUTmTsEv9xiZNZxs4W65PSEiyj
7oyHxbWOFuVxcTSFchXHnEIF0wi4SIT8NMM3GwrbGr8zq1UdInXSv9rWhyKtNL0v
JvsMqHZd/GQOlpGOBWyr8dSMO7b1FHKCQbuk91ECRtc0zvjB6EYGq+ChG3pNkXn7
509fyrFwHkIyjQWjfYAD6Sh3VrzuGudbQzjVsN0r8HlYRGmv3QVGo4klGOMy4U41
ruFS76edLISUkv1FB9CmAluExTj6h17Q1d41ncuXUa6jYq+vsNga/s1B/L8cVoQu
JoD7LxOzoG0oDpPl5Ce4LgyYX47ppYMAeehel4AStNg1he32zmCFvNQ4IeNo+0AE
kn4ZT050zNyIhtos3MXab0+QaGUY7z3GHemLzF9IopZfijPoLddxnau/ixi+XN7H
jpbhzBOYyc4=
=hIKf
-----END PGP SIGNATURE-----

pgpoSohZxwfzh.pgp
Description: PGP signature

--- End Message ---