Your message dated Sun, 29 Mar 2026 20:49:03 +0000
with message-id <[email protected]>
and subject line Bug#1119401: fixed in texlive-bin 2026.20260303.78225+ds-1
has caused the Debian Bug report #1119401,
regarding dvidvi: please build using the default build flags
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119401: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119401
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dvidvi
Version: 1.0-10.2
User: [email protected]
Usertags: hardening-buildflags
dvidvi is not currently using the default build flags set by dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.
Please make sure that dvidvi builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.
In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
dvidvi, the flags are either ignored or overridden.
The most common reasons for this are:
Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles
Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.
In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":
set(CMAKE_CXX_FLAGS "-O2")
If the intention is to append to CXXFLAGS, one should use the following
instead:
set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")
See #655870 for a similar autotools example.
Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags
Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).
Others attempt to append to the variables, but end up accidentally
overriding the defaults:
#!/usr/bin/make -f
export CFLAGS += -pipe -fPIC -Wall
%:
dh $@
Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).
For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)
--- End Message ---
--- Begin Message ---
Source: texlive-bin
Source-Version: 2026.20260303.78225+ds-1
Done: Hilmar Preuße <[email protected]>
We believe that the bug you reported is fixed in the latest version of
texlive-bin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hilmar Preuße <[email protected]> (supplier of updated texlive-bin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 29 Mar 2026 22:32:49 +0200
Source: texlive-bin
Architecture: source
Version: 2026.20260303.78225+ds-1
Distribution: experimental
Urgency: medium
Maintainer: Debian TeX Task Force <[email protected]>
Changed-By: Hilmar Preuße <[email protected]>
Closes: 1006644 1114515 1119401
Changes:
texlive-bin (2026.20260303.78225+ds-1) experimental; urgency=medium
.
* TL 2026, refresh patches / disable obsolete patches.
- Can be built using GCC 15, remove "-std=gnu17" compiler flag.
(Closes: #1114515)
* Post release patch "dvipdfmx mishandling certain \special{PSfile=...}
filenames".
* We are back on Debian salsa; add debian/salsa-ci.yml.
* Lintian override: E: texlive-binaries: embedded-library libjpeg
...add debian/TODO.
* Start providing the dvidvi program.
- This solves the RFA issue (Closes: #1006644)
- TL is built using standard (hardening) flags (Closes: #1119401)
Checksums-Sha1:
92c5f359e4e1f30e06df12e8d741c7bfb1a1b729 3473
texlive-bin_2026.20260303.78225+ds-1.dsc
bd618b3c858aea99f5e96284ba53bd54b5a02ff3 40373844
texlive-bin_2026.20260303.78225+ds.orig.tar.xz
4362fc9d7c2fd09d83609b9b1b804d2de9dcbff4 531776
texlive-bin_2026.20260303.78225+ds-1.debian.tar.xz
a4470cb846fcb4c0cc388bd8f867d0f07b84a372 5600
texlive-bin_2026.20260303.78225+ds-1_source.buildinfo
Checksums-Sha256:
fc3ebbc681c5c15763763d68f84deaf9c4633feea34cb4c7db980092c1ae8a85 3473
texlive-bin_2026.20260303.78225+ds-1.dsc
6db668aef52c5f9e71c78a8498aee2b48617a508da52d37f0641d39791a733d0 40373844
texlive-bin_2026.20260303.78225+ds.orig.tar.xz
cbbb7b2ba5593b7573c1675b262bb74cb03c47714f0ad558c4e6f7296576fd6e 531776
texlive-bin_2026.20260303.78225+ds-1.debian.tar.xz
3b8d475d116a59b9d0403801eb8e5437e0cefd50569987a11a5366d5d0b8d0b5 5600
texlive-bin_2026.20260303.78225+ds-1_source.buildinfo
Files:
94fd1712ac8c8e888a2311c08ca57207 3473 tex optional
texlive-bin_2026.20260303.78225+ds-1.dsc
0d50924012fc45a0594dc35ccbb44588 40373844 tex optional
texlive-bin_2026.20260303.78225+ds.orig.tar.xz
62e7daf0220f7c01080a0b47014ea3fb 531776 tex optional
texlive-bin_2026.20260303.78225+ds-1.debian.tar.xz
b49ff7a4254194aeba5297e62171b22d 5600 tex optional
texlive-bin_2026.20260303.78225+ds-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEaXGmC/nkbIhxf16kxiZYRqvgLIsFAmnJjOpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY5
NzFBNjBCRjlFNDZDODg3MTdGNUVBNEM2MjY1ODQ2QUJFMDJDOEIACgkQxiZYRqvg
LIu+3BAAo2eYC5vkiyMUPCIy9TYUqHFI9RoSwvV5fNKVtdQzX1e7GEYSfVGRnsm5
fsgCfUafPaublxyYq6K83zM9KEoLZ5w7fDJE9vdyhZooGca4Q/yB0sJ6pqc/jtI/
8dD756fncfAzl/8ZiMUBDIyQp9qQSbiXai1MHlcNnGcMWy5LyMTOnzPiyFvS7h4l
FQRlA1neQkvBQUmwm0iPhPSwRblP+6Cp9GDsAJq3ntjZFVpgq8FmEDgwPoTDGtvT
DiN+lcA0hPSsAUVCIG1dhvYkfX6HYrqfUGSOTALFxWvpqlmNtd4Gun0P93PQYn/z
Hyy8LUfbf5QAcAn5ZYS4Zi6yT0Y9NfduyeBCInkR3MGVu//HzTYB1KN9XADYgI7Q
Naf1zTjH+0xHR2LQs5yJPbyVZPHuFRN+Oc13EXrjMzSnZa5QJt+UXL4pJ/DjYUoc
of6Nc206RH350ERYUDZ97CY/ja0ogQw11QEsEz2+gmmeCETSnhFHtVZUC7CCML2U
PzaYpTeR3z+Iz9k89hB7RwJkrV4eUNZUi57b2Vf86RI2muekjqk7M4HYXV01AQ55
wJNNuQI7piRm6UaRk3wuAVDxrlwNHfA1079NtQsTmb4Y8ojIB454iYr5cu9t71Em
lWLBYT9Fb2CnqN64rcvABvT069F6b59RgYIRwNJerPiE4HXxctU=
=B7T6
-----END PGP SIGNATURE-----
pgpP532ids0HV.pgp
Description: PGP signature
--- End Message ---
