Your message dated Tue, 24 Mar 2026 08:23:35 +0000
with message-id <[email protected]>
and subject line Bug#1124892: fixed in python-utmp 0.9-2
has caused the Debian Bug report #1124892,
regarding python-utmp: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1124892: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124892
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-utmp
Version: 0.9-1
User: [email protected]
Usertags: hardening-buildflags
python-utmp is not currently using the default build flags set by
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that python-utmp builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
python-utmp, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see https://hal.science/hal-05334704/
--- End Message ---
--- Begin Message ---
Source: python-utmp
Source-Version: 0.9-2
Done: Andreas Tille <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-utmp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated python-utmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 14 Mar 2026 08:30:45 +0100
Source: python-utmp
Architecture: source
Version: 0.9-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Andreas Tille <[email protected]>
Closes: 1081726 1124892 1128564
Changes:
python-utmp (0.9-2) unstable; urgency=medium
.
* Maintain package in Debian Python Team
Closes: #1128564
* Add Homepage
Closes: #1081726
* Add watch file
* Short dh using pybuild
* debhelper-compat (= 13)
* cme fix dpkg-control
* Spelling of Python in description
* Patch to use the default build flags
Closes: #1124892
* d/copyright: DEP5
Checksums-Sha1:
bf26d83a0e8f7609f44446c52eae7cea669f9f4f 2037 python-utmp_0.9-2.dsc
0a9b48fb1508baff3bfc635bcafdcd032dbcf755 3688 python-utmp_0.9-2.debian.tar.xz
11b7cbf1bb26d42bb12c0ded73351d56a4328a8b 6654 python-utmp_0.9-2_amd64.buildinfo
Checksums-Sha256:
0fb759bfaccf20ec2bff9bc345d3649ef683a352ccbfdb63faf6ce7cc2ee0dcd 2037
python-utmp_0.9-2.dsc
468d552c98f60680042cd631c45df708f214596e60a3f52b7aad65404a626481 3688
python-utmp_0.9-2.debian.tar.xz
de9298e1f474a6217c7eca78a13f0b603dae640c915c8929a94d76255edd2653 6654
python-utmp_0.9-2_amd64.buildinfo
Files:
bc830b4f55d2f421be4b7da335d9219c 2037 python optional python-utmp_0.9-2.dsc
8250057286036728d6c597ba7a8beb1a 3688 python optional
python-utmp_0.9-2.debian.tar.xz
d8cb71fa2dd1d4ebfad8c87659109632 6654 python optional
python-utmp_0.9-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmm1DyIRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtFHQg/+Lqb/GKYB+pCEElfzStZPUmJuYVKI474Q
ghdhZnk6UCNBpQgWQU2LNgxjWMva+WFqcwSNz90SgfpN0TpnhcEK7xTlrbMQhZJb
897lc7gGn9uP7Rdi+BJ104nNTgI6qEKrLwWF9wbv3vzyrkta4HSW3/euSC7pVggN
6DHl99BAPNGZp5ANlVIx7Q5wl5faaSTbxXivgO3fNweZbcbje7ZtuYHtvn5AqZg5
kK9EzWvSUYmzTpm13jJ9A4bodHy6aZTq8A0nSoZRvAqAe5ibRE5+Fx1+Tdh/hiC7
F3wIdtQYz2Np3eSY//K2zPvVtoVX6Xb8aPwsl6sHRqZKjc/i2sGsm3lscsKw4lQ9
meqw9AHGNcfz/iU70J3c8jaGxDR0G6nhRIrdNYXAL8vV+MoC7UqVV040yiiENSHk
K07888JMN/r9bnlxQjrvfK4ZL8LdS+QmrmoZ+1s7k3N5Jno4YYGJ5DGbKLTa2J64
7OCkwJXI7OJ4fmZizBfAsKDyAPMjxNlKXYwXmfHFkR4wUQ2CTgT7Xsar8U5kYmrp
rRHtVhvhaBpHI3bUuQ7ZlFqkasMgbujUP44HXIMjVBJ3OT16LpG2j4rm6r34wmZl
M+Por3ri6IHrttnaysheIA195DsQzDFL+NDRJA42o5a5+szk3+hnC7SIYZ0AH3dy
609wOTp49zY=
=2WU2
-----END PGP SIGNATURE-----
pgpltxOmHzSty.pgp
Description: PGP signature
--- End Message ---
