Comments (9)
Yes, I actually got five such emails myself today for packages of mine using Rcpp
.
The fix is simple thanks to PR #1288 we made two days ago. Install Rcpp 1.0.11.5 from the Rcpp
drat
repo via, e.g.,
Rscript -e 'install.packages("Rcpp", repos=c("https://RcppCore.github.io/drat", getOption("repos")))'
and then re-run compileAttributes()
. That will fix the RcppExports.cpp
file for you. You then need to upload your updated package to CRAN. It has no change in its run-time dependency on Rcpp
so you do not need to change anything in DESCRIPTION
related to Rcpp
(but a new upload of course needs a new version). Just re-run compileAttributes()
, and increment your version (and do whatever else R(-devel) CMD check --as-cran
may need).
from rcpp.
My pleasure! As you see in this ticket, I actually hit is myself updating a package a few days ago. r-devel
and a new g++
are good at this.
And I am sure we will hear more about it here, at StackOverflow, or on lists such as rcpp-devel
or r-package-devel
so when you see it by all means feel free to share the word 😀
from rcpp.
Rcpp 1.0.12 arrived at CRAN on Jan 9 as planned so this can be closed.
from rcpp.
Thanks for the quick fix and the comment on how to fix issues with packages linking to Rcpp.
from rcpp.
While I am at it: Which Rcpp version should be specified as the minimum requirement in DESCRIPTION?
That is what my comment is about: No change needed in DESCRIPTION as that determines a run-time dependency but we have no change in run-time here. Remember that these warnings come from a fixed, static, generated file RcppExports.cpp
that does not change no matter what version the user of your package has. Once Rcpp 1.0.12 is at CRAN come January you depend on that. Depending on the development version you used will create trouble as that version is not yet at CRAN.
Makes sense?
from rcpp.
Hello,
Today I was contacted by CRAN to take care of -Wformat-security
compiler warnings which are identical to yours, otherwise my package (https://github.com/DISOhda/PoissonBinomial) would be removed at 2023-12-12.
In the check log (https://www.r-project.org/nosvn/R.check/r-devel-linux-x86_64-debian-clang/PoissonBinomial-00check.html), there were 27 identical warnings like
RcppExports.cpp:45:18: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
All the indicated lines are identical:
Rf_error(CHAR(rcpp_msgSEXP_gen));
When looking at the install log (https://www.r-project.org/nosvn/R.check/r-devel-linux-x86_64-debian-clang/PoissonBinomial-00install.html), it becomes clear that the security warnings originate from Rcpp header print.h
:
/home/hornik/tmp/R.check/r-devel-clang/Work/build/Packages/Rcpp/include/Rcpp/print.h:30:26: warning: format string is not a string literal (potentially insecure) [-Wformat-security]
30 | Rf_warningcall(call, s.c_str());
| ^~~~~~~~~
/home/hornik/tmp/R.check/r-devel-clang/Work/build/Packages/Rcpp/include/Rcpp/print.h:30:26: note: treat the string as an argument to avoid this
30 | Rf_warningcall(call, s.c_str());
| ^
| "%s",
Seems to be the very issue that you pointed out. Maybe there are other packages that are affected by this, too.
Is there something I have to do or do I just have to wait for you to release a fixed package version and the warning to vanish?
Best
from rcpp.
You then need to upload your updated package to CRAN. It has no change in its run-time dependency on
Rcpp
so you do not need to change anything inDESCRIPTION
. Just re-runcompileAttributes()
.
I tried to resubmit my fixed package without changing DESCRIPTION
. But it was rejected because it is unchanged, i.e. I got warned that the date is quite old and that the version string is the same as the existing version's. So, I had to increase it and change the date to get it approved.
But still, thank you very much for your quick response. It is very much appreciated.
from rcpp.
So, I had to increase it and change the date to get it approved.
That is expected.
You actually changed code, so that requires a version that is strictly monotonically higher than the one it replaces.
PS I see where I confused you writing "so you do not need to change anything in DESCRIPTION". Will edit.
from rcpp.
PS I see where I confused you writing "so you do not need to change anything in DESCRIPTION". Will edit.
Purely my mistake. I should have known not to take that so literally. Anyway...
While I am at it: Which Rcpp version should be specified as the minimum requirement in DESCRIPTION
?
from rcpp.
Related Issues (20)
- Compiler warning on windows-arm64 (libc++) HOT 3
- Figure 3 incorrect caption in Rcpp-introduction vignette HOT 2
- Upstreaming `std::tuple<>` support HOT 10
- sourceCpp crashes R when called about 1000 times on same code HOT 10
- Integer overflow in `MatrixRow` offset calculations for large matrices HOT 8
- Switch from S4SXP to OBJSXP HOT 2
- pass by const refererence HOT 1
- 'CRAN package Rcpp' notice HOT 5
- Installation/Compiling Error for Package with Rcpp dependency - Ubuntu (rvmf.cpp?) HOT 5
- Exporting classes using `Rcpp::interfaces(cpp)` that are shared among multiple cpp files through header file HOT 13
- test_packageversion fails with Rcpp 1.0.12 HOT 3
- Question regarding replacement by reference of <RTYPE>Array class without making copy HOT 8
- Cannot make std::vector<int8_t> from NumericVector HOT 4
- issue building phangorn 2.11 for wasm HOT 3
- New warnings from -Wconversion -Wno-sign-conversion HOT 13
- compileAttributes and use of .External2() for calling native symbol routine HOT 6
- Exporting comments into function definitions HOT 3
- `Rcpp:::LdFlags()` does not work correctly with R 4.4.0, pulling in warnings from `R` as if they were objects for the linker HOT 6
- Warning from -Wdelete-non-virtual-dtor when using a .finalizer function HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rcpp.