Bug#997190: marked as done (qrq: FTBFS: qrq.c:1073:31: error: format not a string literal and no format arguments [-Werror=format-security])

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 23 Oct 2021 21:49:37 +0000
with message-id <E1meOtV-00025D-OW@fasolo.debian.org>
and subject line Bug#997190: fixed in qrq 0.3.3-4
has caused the Debian Bug report #997190,
regarding qrq: FTBFS: qrq.c:1073:31: error: format not a string literal and no format arguments [-Werror=format-security]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
997190: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997190
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: qrq: FTBFS: qrq.c:1073:31: error: format not a string literal and no format arguments [-Werror=format-security]
• From: Lucas Nussbaum <lucas@debian.org>
• Date: Sat, 23 Oct 2021 21:08:35 +0200
• Message-id: <[🔎] YXRds56vXsXj7gC1@xanadu.blop.info>

Source: qrq
Version: 0.3.3-3
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs

Hi,

During a rebuild of all packages in sid, your package failed to build
on amd64.


Relevant part (hopefully):
> gcc -Wall -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -D DESTDIR=\"/usr\" -D VERSION=\"0.3.3\" -I. -D PA -pthread -c pulseaudio.c
> qrq.c: In function ‘main’:
> qrq.c:262:24: warning: format ‘%d’ expects argument of type ‘int’, but argument 2 has type ‘long unsigned int’ [-Wformat=]
>   262 |         printw("done. %d calls read.\n\n", nrofcalls);
>       |                       ~^                   ~~~~~~~~~
>       |                        |                   |
>       |                        int                 long unsigned int
>       |                       %ld
> qrq.c: In function ‘update_parameter_dialog’:
> qrq.c:765:40: warning: format ‘%d’ expects argument of type ‘int’, but argument 6 has type ‘long unsigned int’ [-Wformat=]
>   765 |                 mvwprintw(conf_w,11,2, "Callsign database:     %-15s"
>       |                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   766 |                                         "      d (%d)", basename(cbfilename),nrofcalls);
>       |                                                                              ~~~~~~~~~
>       |                                                                              |
>       |                                                                              long unsigned int
> qrq.c:766:52: note: format string is defined here
>   766 |                                         "      d (%d)", basename(cbfilename),nrofcalls);
>       |                                                   ~^
>       |                                                    |
>       |                                                    int
>       |                                                   %ld
> qrq.c: In function ‘close_summary_file’:
> qrq.c:1073:31: error: format not a string literal and no format arguments [-Werror=format-security]
>  1073 |         mvwprintw(mid_w,14,2, filename);
>       |                               ^~~~~~~~
> qrq.c: In function ‘update_score’:
> qrq.c:1086:41: warning: too many arguments for format [-Wformat-extra-args]
>  1086 |                 mvwprintw(top_w, 1, 27, "[training mode]", score);
>       |                                         ^~~~~~~~~~~~~~~~~
> qrq.c: In function ‘read_config’:
> qrq.c:1395:60: warning: format ‘%d’ expects argument of type ‘int’, but argument 3 has type ‘long int’ [-Wformat=]
>  1395 |                         printw("  line  %2d: sample rate: %d\n", line, samplerate);
>       |                                                           ~^           ~~~~~~~~~~
>       |                                                            |           |
>       |                                                            int         long int
>       |                                                           %ld
> qrq.c: In function ‘find_files’:
> qrq.c:1896:40: warning: too many arguments for format [-Wformat-extra-args]
>  1896 |                                 printw("Files copied. You might want to edit "
>       |                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘check_toplist’:
> qrq.c:1752:9: warning: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
>  1752 |         fgets(tmp, 35, fh);
>       |         ^~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘statistics’:
> qrq.c:1979:17: warning: ignoring return value of ‘system’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
>  1979 |                 system("gnuplot -p /tmp/qrq-plot 2> /dev/null &");
>       |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘display_toplist’:
> qrq.c:967:16: warning: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
>   967 |         (void) fgets(tmp, 34, fh);              /* first line not used */
>       |                ^~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘add_to_toplist’:
> qrq.c:1172:9: warning: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
>  1172 |         fgets(tmp, 35, fh);
>       |         ^~~~~~~~~~~~~~~~~~
> qrq.c:1191:9: warning: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’ [-Wunused-result]
>  1191 |         fread(part1, sizeof(char), (size_t) j, fh);
>       |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘close_summary_file’:
> qrq.c:1058:38: warning: ‘%s’ directive output may be truncated writing up to 14 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]
>  1058 |     snprintf(filename, PATH_MAX, "%s/%s-%s.txt", sumfilepath, mycall, time_fmt);
>       |                                      ^~                       ~~~~~~
> In file included from /usr/include/stdio.h:866,
>                  from /usr/include/curses.h:232,
>                  from qrq.c:28:
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:70:10: note: ‘__builtin___snprintf_chk’ output between 7 and 4371 bytes into a destination of size 4096
>    70 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
>       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    71 |                                    __bos (__s), __fmt, __va_arg_pack ());
>       |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘save_config.isra’:
> qrq.c:1648:49: warning: ‘%s’ directive writing up to 4095 bytes into a region of size between 4017 and 4096 [-Wformat-overflow=]
>  1648 |                                 sprintf(tmp, "%s%s ", confopts[i], dspdevice);
>       |                                                 ^~                 ~~~~~~~~~
> In file included from /usr/include/stdio.h:866,
>                  from /usr/include/curses.h:232,
>                  from qrq.c:28:
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:38:10: note: ‘__builtin___sprintf_chk’ output between 2 and 4176 bytes into a destination of size 4096
>    38 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
>       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    39 |                                   __bos (__s), __fmt, __va_arg_pack ());
>       |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c:1645:49: warning: ‘%s’ directive writing up to 4095 bytes into a region of size between 4017 and 4096 [-Wformat-overflow=]
>  1645 |                                 sprintf(tmp, "%s%s ", confopts[i], cbfilename);
>       |                                                 ^~                 ~~~~~~~~~~
> In file included from /usr/include/stdio.h:866,
>                  from /usr/include/curses.h:232,
>                  from qrq.c:28:
> /usr/include/x86_64-linux-gnu/bits/stdio2.h:38:10: note: ‘__builtin___sprintf_chk’ output between 2 and 4176 bytes into a destination of size 4096
>    38 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
>       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    39 |                                   __bos (__s), __fmt, __va_arg_pack ());
>       |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> qrq.c: In function ‘morse’:
> qrq.c:1409:68: warning: ‘fwdotlen’ may be used uninitialized in this function [-Wmaybe-uninitialized]
>  1409 |         int c, fulldotlen, dotlen, dashlen, charspeed, farnsworth, fwdotlen;
>       |                                                                    ^~~~~~~~
> In file included from /usr/include/string.h:519,
>                  from qrq.c:30:
> In function ‘strncpy’,
>     inlined from ‘main’ at qrq.c:523:3:
> /usr/include/x86_64-linux-gnu/bits/string_fortified.h:91:10: warning: ‘__builtin_strncpy’ specified bound 80 equals destination size [-Wstringop-truncation]
>    91 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
>       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: some warnings being treated as errors
> make[1]: *** [Makefile:80: qrq.o] Error 1


The full build log is available from:
http://qa-logs.debian.net/2021/10/23/qrq_0.3.3-3_unstable.log

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

If you reassign this bug to another package, please marking it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects

If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.

--- End Message ---

--- Begin Message ---

• To: 997190-close@bugs.debian.org
• Subject: Bug#997190: fixed in qrq 0.3.3-4
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sat, 23 Oct 2021 21:49:37 +0000
• Message-id: <E1meOtV-00025D-OW@fasolo.debian.org>
• Reply-to: tony mancill <tmancill@debian.org>

Source: qrq
Source-Version: 0.3.3-4
Done: tony mancill <tmancill@debian.org>

We believe that the bug you reported is fixed in the latest version of
qrq, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 997190@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill <tmancill@debian.org> (supplier of updated qrq package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 23 Oct 2021 14:30:09 -0700
Source: qrq
Architecture: source
Version: 0.3.3-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
Changed-By: tony mancill <tmancill@debian.org>
Closes: 990598 997190
Changes:
 qrq (0.3.3-4) unstable; urgency=medium
 .
   * Team upload.
   * Use debhelper-compat 13
   * Remove Colin Tuckley from Uploaders. (Closes: #990598)
   * Bump Standards-Version to 4.6.0
   * Add warnings-as-errors.patch to address FTBFS (Closes: #997190)
   * debian/rules: debhelper >= 11 handles setting strip for INSTALL
Checksums-Sha1:
 afe2adbbdf0c6a391bb9357ea387ddfda295cf89 2037 qrq_0.3.3-4.dsc
 208b7ed4167d287bee0476fc14d0c61f9ed4a525 7120 qrq_0.3.3-4.debian.tar.xz
 dc0c07d73a8f62d175629ab81b94e2e6385f4bcb 7779 qrq_0.3.3-4_amd64.buildinfo
Checksums-Sha256:
 7c237fa7a81676652a9bb3d9085498f38ac99d6f069a9753685419f495d48e6d 2037 qrq_0.3.3-4.dsc
 fd836caab36b236e1dc3fa32a8a2586de002e9c3c9bd6d1a52bb333f0bdaa65b 7120 qrq_0.3.3-4.debian.tar.xz
 cad360cfc2288bc54a7e8dfa3d95de1fa48526e5b9559e6da18dd29092a78edf 7779 qrq_0.3.3-4_amd64.buildinfo
Files:
 d2fc9dfc53c9bc448619d344f845b73a 2037 hamradio optional qrq_0.3.3-4.dsc
 5f69a3782766cab3b08be786ba9e0e53 7120 hamradio optional qrq_0.3.3-4.debian.tar.xz
 ebbfbcbfb3e81c6bb48b7feb017d954a 7779 hamradio optional qrq_0.3.3-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmF0gI8UHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpbo4BAAozZ5Hvego7WJkO7LsW9Dq9wJz4N+
aUi2+eRlcZ+JaWBgjLmUSUp3Aq/udRkfedxvyjU4woSOg9IGd1KQw2fCL7irjmS4
fiGz2vccWb48UN1m58MUHB4IKyu+ivkNPc6lZb+kakXM1rN2ussgBkk7g0nMoM5O
CLZ+F6tkpZwmwI4/4VyeMLca4onOUZz0Ss2F3N7l7yRrIRp0sXI5KvMcxY4mgRAB
dKf6xxAJRVnVK/e6/UNHvDmkCr80GAMgCSeiPscqWww3x53YJXHJ4+lAaahnhVap
Cx9tQD0NgpZzM3H8jvBMVBEgPlLDxnTcLUdM4HrQnoIDV0vdxmEWmGSvR7FveRpR
snGWHZO+0lObdzgNrSGzDl19q2w43lg6M8pda51xooXSNGJhZ+E+Xs9Z+ef+r3e7
woFYXH3rKygVrK1b6l6fg8TwuFTmYAsG0OcuD1WTG5FZTsmwQi1PN7ocxkY6ZsjW
Om7qdB+C4cOtpvYFN5Nvkv/xp8vYBYbOEMCDXqf/dvbOGB7DMu4pUxpPHUIihW3d
ZfJ9BokeSyJjfKZCEkG2CKwAFV1s96UqLSrEKutymSZPSyGUuZww5ZBeEhlAWKGl
xy2tYd2/yb9DjgIym23C2Tx5kpStVpcwRhMsBnMcyCoTj6syXrxZZcPSFYoz/4hw
9jMH4d57Ccat7AM=
=NWZb
-----END PGP SIGNATURE-----

--- End Message ---