Debian Bug report logs - #652164
rakarrack: FTBFS: ../../src/rakarrack.cxx:22892:37: error: format not a string literal and no format arguments [-Werror=format-security]

version graph

Package: src:rakarrack; Maintainer for src:rakarrack is Tiago Bortoletto Vaz <tiago@debian.org>;

Reported by: Mònica Ramírez Arceda <monica@probeta.net>

Date: Thu, 15 Dec 2011 10:21:02 UTC

Severity: serious

Tags: patch, sid, wheezy

Found in version rakarrack/0.6.1-3

Fixed in version rakarrack/0.6.1-4

Done: Tiago Bortoletto Vaz <tiago@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Tiago Bortoletto Vaz <tiago@debian.org>:
Bug#652164; Package src:rakarrack. (Thu, 15 Dec 2011 10:21:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mònica Ramírez Arceda <monica@probeta.net>:
New Bug report received and forwarded. Copy sent to Tiago Bortoletto Vaz <tiago@debian.org>. (Thu, 15 Dec 2011 10:21:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Mònica Ramírez Arceda <monica@probeta.net>
To: submit@bugs.debian.org
Subject: rakarrack: FTBFS: ../../src/rakarrack.cxx:22892:37: error: format not a string literal and no format arguments [-Werror=format-security]
Date: Thu, 15 Dec 2011 11:16:39 +0100
Source: rakarrack
Version: 0.6.1-3
Severity: serious
Tags: wheezy sid
User: debian-qa@lists.debian.org
Usertags: qa-ftbfs-20111210 qa-ftbfs
Justification: FTBFS on amd64

Hi,

During a rebuild of all packages in sid, your package failed to build on
amd64.

Relevant part:
> if x86_64-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I../../src -I.     -Wall -msse2 -mfpmath=sse  -ffast-math -pipe  -fsigned-char  -I/usr/include/freetype2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security   -D_THREAD_SAFE -D_REENTRANT     -g -O2 -MT rakarrack.o -MD -MP -MF ".deps/rakarrack.Tpo" -c -o rakarrack.o ../../src/rakarrack.cxx; \
> 	then mv -f ".deps/rakarrack.Tpo" ".deps/rakarrack.Po"; else rm -f ".deps/rakarrack.Tpo"; exit 1; fi
> ../../src/rakarrack.cxx: In member function 'virtual void Analyzer::draw()':
> ../../src/rakarrack.cxx:36:11: warning: variable 'hy' set but not used [-Wunused-but-set-variable]
> ../../src/rakarrack.cxx: In constructor 'RKRGUI::RKRGUI(int, char**, RKR*)':
> ../../src/rakarrack.cxx:21851:5: warning: variable 'num_fonts' set but not used [-Wunused-but-set-variable]
> ../../src/rakarrack.cxx: In member function 'void RKRGUI::preset_click_i(Fl_Button*, void*)':
> ../../src/rakarrack.cxx:22892:37: error: format not a string literal and no format arguments [-Werror=format-security]
> ../../src/rakarrack.cxx: In member function 'void RKRGUI::make_window_banks()':
> ../../src/rakarrack.cxx:22955:35: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> ../../src/rakarrack.cxx: In member function 'void RKRGUI::delpreset(Fl_Widget*, int)':
> ../../src/rakarrack.cxx:27246:35: error: format not a string literal and no format arguments [-Werror=format-security]
> ../../src/rakarrack.cxx: In member function 'void RKRGUI::make_table_window()':
> ../../src/rakarrack.cxx:27288:35: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> ../../src/rakarrack.cxx:27295:35: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
> cc1plus: some warnings being treated as errors
> 
> make[3]: *** [rakarrack.o] Error 1

The full build log is available from:
   http://people.debian.org/~lucas/logs/2011/12/10/rakarrack_0.6.1-3_lsid64.buildlog

A list of current common problems and possible solutions is available at 
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

About the archive rebuild: The rebuild was done on about 50 AMD64 nodes
of the Grid'5000 platform, using a clean chroot.  Internet was not
accessible from the build systems.




Information forwarded to debian-bugs-dist@lists.debian.org, Tiago Bortoletto Vaz <tiago@debian.org>:
Bug#652164; Package src:rakarrack. (Sat, 24 Dec 2011 22:09:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel T Chen <seven.steps@gmail.com>:
Extra info received and forwarded to list. Copy sent to Tiago Bortoletto Vaz <tiago@debian.org>. (Sat, 24 Dec 2011 22:09:04 GMT) Full text and rfc822 format available.

Message #10 received at 652164@bugs.debian.org (full text, mbox):

From: Daniel T Chen <seven.steps@gmail.com>
To: Debian Bug Tracking System <652164@bugs.debian.org>
Subject: Re: FTBFS: ../../src/rakarrack.cxx:22892:37: error: format not a string literal and no format arguments [-Werror=format-security]
Date: Sat, 24 Dec 2011 17:04:00 -0500
Package: rakarrack
Version: 0.6.1-3
Followup-For: Bug #652164
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch

In Ubuntu Precise, the following patch was applied to resolve the FTBFS.
Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
 APT prefers oneiric-updates
 APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric-proposed'), (500, 'oneiric')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-14-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


*** format-security.debdiff.diff.2
diff -u rakarrack-0.6.1/debian/patches/series rakarrack-0.6.1/debian/patches/series
--- rakarrack-0.6.1/debian/patches/series
+++ rakarrack-0.6.1/debian/patches/series
@@ -1,0 +2 @@
+format-security.diff
only in patch2:
unchanged:
--- rakarrack-0.6.1.orig/debian/patches/format-security.diff
+++ rakarrack-0.6.1/debian/patches/format-security.diff
@@ -0,0 +1,71 @@
+Index: rakarrack-0.6.1/src/rakarrack.cxx
+===================================================================
+--- rakarrack-0.6.1.orig/src/rakarrack.cxx	2011-12-24 15:31:22.000000000 -0500
++++ rakarrack-0.6.1/src/rakarrack.cxx	2011-12-24 15:31:24.000000000 -0500
+@@ -22889,7 +22889,7 @@
+   Fl_Widget *m = fl_message_icon();
+   m->parent()->copy_label(rkr->jackcliname);
+   sprintf(temp2,"Overwrite? \"%s\"",w->label());
+-  ok=fl_choice(temp2,"No","Yes",NULL);
++  ok=fl_choice("%s",temp2,"No","Yes",NULL);
+  if (!ok)
+  { 
+  o->value(0);
+@@ -24142,7 +24142,7 @@
+  w->parent()->copy_label(rkr->jackcliname);
+  
+ 
+- ok=fl_choice("Bank was modified, but not saved","Discard","Save",NULL);
++ ok=fl_choice("%s","Bank was modified, but not saved","Discard","Save",NULL);
+ 
+ 
+ 
+@@ -27243,7 +27243,7 @@
+ } 
+ 
+ sprintf(temp2,"Delete? \"%s\"",s->text());
+-ok=fl_choice(temp2,"No","Yes",NULL);
++ok=fl_choice("%s",temp2,"No","Yes",NULL);
+ if (!ok) return;
+ memset(Rname,0,sizeof(Rname));
+ sprintf(Rname,"%s",s->text());
+Index: rakarrack-0.6.1/src/fileio.C
+===================================================================
+--- rakarrack-0.6.1.orig/src/fileio.C	2011-12-24 15:31:22.000000000 -0500
++++ rakarrack-0.6.1/src/fileio.C	2011-12-24 15:31:24.000000000 -0500
+@@ -1641,7 +1641,7 @@
+ 
+    case 3:
+     memset (temp, 0, sizeof (temp));
+-    sprintf (temp, BankFilename);
++    sprintf (temp, "%s", BankFilename);
+     break;
+    
+    }
+@@ -2786,4 +2786,4 @@
+ 
+ }
+ 
+- 
+\ No newline at end of file
++
+Index: rakarrack-0.6.1/src/varios.C
+===================================================================
+--- rakarrack-0.6.1.orig/src/varios.C	2011-12-24 16:36:58.000000000 -0500
++++ rakarrack-0.6.1/src/varios.C	2011-12-24 16:37:49.000000000 -0500
+@@ -41,7 +41,7 @@
+   w->image (a);
+   w->align (FL_ALIGN_TOP | FL_ALIGN_INSIDE);
+   w->parent ()->copy_label (labelwin);
+-  fl_message (message_text);
++  fl_message ("%s", message_text);
+   return (0);
+ 
+ };
+@@ -399,4 +399,4 @@
+ 
+ 
+ 
+-  
+\ No newline at end of file
++


-- System Information:
Debian Release: wheezy/sid
  APT prefers oneiric-updates
  APT policy: (900, 'oneiric-updates'), (800, 'oneiric'), (10, 'precise')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-14-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




Added tag(s) patch. Request was from Dan Chen <seven.steps@gmail.com> to control@bugs.debian.org. (Sat, 24 Dec 2011 22:09:05 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from tiago@debian.org to control@bugs.debian.org. (Tue, 27 Dec 2011 17:18:07 GMT) Full text and rfc822 format available.

Reply sent to Tiago Bortoletto Vaz <tiago@debian.org>:
You have taken responsibility. (Tue, 27 Dec 2011 17:21:11 GMT) Full text and rfc822 format available.

Notification sent to Mònica Ramírez Arceda <monica@probeta.net>:
Bug acknowledged by developer. (Tue, 27 Dec 2011 17:21:11 GMT) Full text and rfc822 format available.

Message #19 received at 652164-close@bugs.debian.org (full text, mbox):

From: Tiago Bortoletto Vaz <tiago@debian.org>
To: 652164-close@bugs.debian.org
Subject: Bug#652164: fixed in rakarrack 0.6.1-4
Date: Tue, 27 Dec 2011 17:18:15 +0000
Source: rakarrack
Source-Version: 0.6.1-4

We believe that the bug you reported is fixed in the latest version of
rakarrack, which is due to be installed in the Debian FTP archive:

rakarrack_0.6.1-4.debian.tar.gz
  to main/r/rakarrack/rakarrack_0.6.1-4.debian.tar.gz
rakarrack_0.6.1-4.dsc
  to main/r/rakarrack/rakarrack_0.6.1-4.dsc
rakarrack_0.6.1-4_i386.deb
  to main/r/rakarrack/rakarrack_0.6.1-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 652164@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tiago Bortoletto Vaz <tiago@debian.org> (supplier of updated rakarrack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 27 Dec 2011 11:51:00 -0500
Source: rakarrack
Binary: rakarrack
Architecture: source i386
Version: 0.6.1-4
Distribution: unstable
Urgency: low
Maintainer: Tiago Bortoletto Vaz <tiago@debian.org>
Changed-By: Tiago Bortoletto Vaz <tiago@debian.org>
Description: 
 rakarrack  - Simple and easy guitar effects processor for GNU/Linux
Closes: 652164
Changes: 
 rakarrack (0.6.1-4) unstable; urgency=low
 .
   * Switch to dpkg-source 3.0 (quilt) format
   * Fixes format-security issue in rakarrack.cxx. Thanks to Mònica Ramírez
     Arceda and Daniel T Chen. (Closes: #652164)
Checksums-Sha1: 
 a9922a4936b8e5612bfde815f738e752c98823b3 1336 rakarrack_0.6.1-4.dsc
 bf559a8c5f316b529340114c9156979a43a2ee7b 6240 rakarrack_0.6.1-4.debian.tar.gz
 04251b2f377a3ad5505bb7b14c673b551d9390b7 2614506 rakarrack_0.6.1-4_i386.deb
Checksums-Sha256: 
 d8be18bcbe4ec371cfb118ec41b859e3898f74a441d3db29047e7abe0e4a737b 1336 rakarrack_0.6.1-4.dsc
 d893dd27f637d3d329b6f43bb254ff8e443511a07979f2e59a0fb9628539000c 6240 rakarrack_0.6.1-4.debian.tar.gz
 149e4a83ae6beacb8b0ea9e6b182f87579027c0345ce44cfda3a5e1579128a84 2614506 rakarrack_0.6.1-4_i386.deb
Files: 
 f6eb2df12a8b3f26e57387791442616c 1336 sound extra rakarrack_0.6.1-4.dsc
 4ce24cc6d1beb87c2100bd2a5b9f7c9c 6240 sound extra rakarrack_0.6.1-4.debian.tar.gz
 dd243238ef99684aea38a6e7b2f77212 2614506 sound extra rakarrack_0.6.1-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk75+ycACgkQaQ1iFKUE/sr0ZwCdG0k4+3y7xtHwKVB7/CfERbnN
PZgAnjXPnYAS51wrpv9DJ9xO485sZ09g
=T7Ox
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 25 Jan 2012 07:41:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 05:59:02 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.