Your message dated Mon, 06 Jul 2026 07:19:25 +0000
with message-id <[email protected]>
and subject line Bug#1119410: fixed in falselogin 0.3-5
has caused the Debian Bug report #1119410,
regarding falselogin: please build using the default build flags
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1119410: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119410
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: falselogin
Version: 0.3-4.3
User: [email protected]
Usertags: hardening-buildflags

falselogin is not currently using the default build flags set by 
dpkg-buildflags(1).
The default flags are chosen for multiple reasons including security,
performance, reproducibility, adherence to standards, and error handling.

Please make sure that falselogin builds using the default build flags. blhc(1p)
and hardening-check(1) can be used to confirm that the issue is fixed.

In the general case, packages honoring CFLAGS, LDFLAGS, and other
similar environment variables get the default build flags for free
without the need for any work on the maintainer side. In the case of
falselogin, the flags are either ignored or overridden.

The most common reasons for this are:

Hand-written Makefiles
----------------------
Some upstream Makefiles either override the values of variables such as
CFLAGS and similar or do not use them at all. See:
https://wiki.debian.org/HardeningWalkthrough#Handwritten_Makefiles

Misconfigured build systems
---------------------------
If the upstream code uses autotools, CMake, or other popular build
systems, it usually requires no further modifications. If might however
be that some variables are hardcoded in some way.

In this CMake snippet, the value of CXXFLAGS is overwritten with "-O2":

 set(CMAKE_CXX_FLAGS "-O2")

If the intention is to append to CXXFLAGS, one should use the following
instead:

 set(CMAKE_CXX_FLAGS "-O2 ${CMAKE_CXX_FLAGS}")

See #655870 for a similar autotools example. 

Very old debhelper usage
------------------------
Packages not using dh(1), or those using a debhelper compatibility level
less than 9, need to manually include /usr/share/dpkg/buildflags.mk in
order for the dpkg-buildflags variables to be set:
https://wiki.debian.org/Hardening#dpkg-buildflags

Flags hardcoded in debian/rules (either voluntarily or not)
-----------------------------------------------------------
Some packages voluntarily hardcode the values of CFLAGS and friends in
debian/rules, ignoring the defaults set by dpkg-buildflags(1).

Others attempt to append to the variables, but end up accidentally
overriding the defaults:

 #!/usr/bin/make -f
 export CFLAGS += -pipe -fPIC -Wall

 %:
        dh $@

Debhelper only sets CFLAGS if it is not set yet. In the example above,
when dh is invoked the value of CFLAGS is "-pipe -fPIC -Wall", hence the
hardened defaults are not used. The right way to append to CFLAGS is
using DEB_CFLAGS_MAINT_APPEND instead, as documented in
dpkg-buildflags(1).

For a detailed analysis of this issue, see:
https://people.debian.org/~ema/nocflags_paper.pdf (eprint: hal-05334704)

--- End Message ---
--- Begin Message ---
Source: falselogin
Source-Version: 0.3-5
Done: Andreas Tille <[email protected]>

We believe that the bug you reported is fixed in the latest version of
falselogin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <[email protected]> (supplier of updated falselogin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 06 Jul 2026 07:32:50 +0200
Source: falselogin
Architecture: source
Version: 0.3-5
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <[email protected]>
Changed-By: Andreas Tille <[email protected]>
Closes: 1119410
Changes:
 falselogin (0.3-5) unstable; urgency=medium
 .
   * QA upload.
   * Orphan package
   * Maintain package in Debian team on Salsa
   * Remove redundant Priority: optional from source stanza.
   * Replace FSF postal address with a reference to
     https://www.gnu.org/licenses/.
   * Add missing ${misc:Depends} to Depends for falselogin.
   * cme fix dpkg-control
   * d/rules: short dh
   * Do not require root permissions in install target
   * Use default build flags
     Closes: #1119410
   * Hardening
Checksums-Sha1:
 19c97d9c4837e489227cf02f9a993db05c422ebf 1823 falselogin_0.3-5.dsc
 9be414112a0077ded5bf51439d83bceff7e89ecd 6192 falselogin_0.3-5.debian.tar.xz
 a11ad32357ebb61cff8a4746b96d4d8ee2173ba7 5938 falselogin_0.3-5_amd64.buildinfo
Checksums-Sha256:
 2df8873ea44c24e30a96c66baeb62e19cfe242f4569794bd1dec370986285152 1823 
falselogin_0.3-5.dsc
 72ddfc16d4338056515c9bb223ce40659e15c3878bb089826e591337fb8aa033 6192 
falselogin_0.3-5.debian.tar.xz
 187e519a640a85ee5964fb6f30968492cf81b9e4095cd04321f11b2661ccfffa 5938 
falselogin_0.3-5_amd64.buildinfo
Files:
 c2a00d90fd1a6b3ad4ce1ff3da2d3af1 1823 utils optional falselogin_0.3-5.dsc
 37ce994be396486675ab5c37a7761e8b 6192 utils optional 
falselogin_0.3-5.debian.tar.xz
 48ca7c0a6b7d27a41ce36d5c439f7e68 5938 utils optional 
falselogin_0.3-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmpLUcwRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtFvRw/9GZieJ8pLP4euUBdgiY8gg6KNtdCIvd3s
Q3RySsEJjUUTc1cMaXUbiXbGnLhlDbVdA7rcE4EqXxvYJVnzpgOjpCJ15tQNH2vN
c2IBSG8zE49leF6dgNiIuKhtReLXWDnx80UhzjicPkdwde7IC1s3BLWwW1MPVLJI
WC9wrkIQD+2qTPU3b9viC0cQp+YccqiVdEfyP2PCOjnc18dUvNyTi9Zp4z4IYlYv
BnJ6vPh+IHxNUm01sfE17waOhseePY7eeXftDTHn4hHv7WGefjPz1vEtxuSoDJ0C
cT8yrvGzOnfO4rXyIA/ybwAvKeJXzReovG8pESVLdSJt5UIrLNP5JPNmlMD6EV23
u4DLX02irdKjXdvuq/aNJ9pgzMsg8lDT6FssXifyskbdslxoyAz85W5+q96gjGDm
OqppWXBaSkqjT5WgxRraOHoXlwxqEKzQALV86HQ2HKd9R6Alov5l04eUQdM269hj
Pr68ndiM32oT8y8KsHvbJw3o8baU3Lh5zrBwLRCPL3Kz5FSP76K29j3Xvl3ZdTWf
WewerV1vzyttTvD23QFdq0+dHsB004qAJjyx7QozZi9yZaaT8M6VK4w26ykf9w7/
uQPji3Af3ZGmZ9pxIFGv2EjfbrMYKEqT3xC20vaOAKEbO1R8GErROCEtbmsAsv6c
FAR12xrjxtA=
=UnKF
-----END PGP SIGNATURE-----

Attachment: pgpMuQCIZ0CU6.pgp
Description: PGP signature


--- End Message ---

Reply via email to