On Thu, Dec 01, 2011, Colin Watson wrote:
> IMO a better fix for this part would be to fix the IfTrace0 macro
> directly. That way we don't have to play whack-a-mole with any other
> users that may be added later.
It's a good idea; I actually thought of converting the whole series
into a variadic macro, but it would have been too large a diff.
Attaching a new debdiff with this change
Thanks,
--
Loïc Minier
diff -u t1lib-5.1.2/debian/changelog t1lib-5.1.2/debian/changelog
--- t1lib-5.1.2/debian/changelog
+++ t1lib-5.1.2/debian/changelog
@@ -1,3 +1,18 @@
+t1lib (5.1.2-3ubuntu2) precise; urgency=low
+
+ * Update patch "format-security" with suggestion from Colin Watson to
+ replace printf() with puts() for the model-only IfTrace0 macro.
+
+ -- Loïc Minier <loic.min...@ubuntu.com> Thu, 01 Dec 2011 23:24:27 +0100
+
+t1lib (5.1.2-3ubuntu1) precise; urgency=low
+
+ * New "format-security" patch, fixes FTBFS with -Werror=format-security by
+ using relevant "%s" format when passing a variable string to a printf()
+ function; Debian #646470.
+
+ -- Loïc Minier <loic.min...@ubuntu.com> Thu, 01 Dec 2011 00:25:53 +0100
+
t1lib (5.1.2-3build1) lucid; urgency=low
* rebuild rest of main for armel armv7/thumb2 optimization;
diff -u t1lib-5.1.2/debian/patches/series t1lib-5.1.2/debian/patches/series
--- t1lib-5.1.2/debian/patches/series
+++ t1lib-5.1.2/debian/patches/series
@@ -4,0 +5 @@
+format-security.diff
only in patch2:
unchanged:
--- t1lib-5.1.2.orig/debian/patches/format-security.diff
+++ t1lib-5.1.2/debian/patches/format-security.diff
@@ -0,0 +1,33 @@
+--- a/lib/type1/objects.c
++++ b/lib/type1/objects.c
+@@ -957,7 +957,7 @@
+
+ sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n",
+ name, TypeFmt(expect), TypeFmt(obj->type));
+- IfTrace0(TRUE,typemsg);
++ IfTrace1(TRUE, "%s", typemsg);
+
+ ObjectPostMortem(obj);
+
+--- a/lib/t1lib/t1subset.c
++++ b/lib/t1lib/t1subset.c
+@@ -759,7 +759,7 @@
+ tr_len);
+ T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf,
+ T1LOG_DEBUG);
+- l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript
trailer */
++ l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript
trailer */
+ }
+
+ /* compute size of output file */
+--- a/lib/type1/objects.h
++++ b/lib/type1/objects.h
+@@ -214,7 +214,7 @@
+ /*SHARED*/
+ /* NDW: personally, I want to see status and error messages! */
+ #define IfTrace0(condition,model) \
+- {if (condition) printf(model);}
++ {if (condition) fputs(model,stdout);}
+ #define IfTrace1(condition,model,arg0) \
+ {if (condition) printf(model,arg0);}
+ #define IfTrace2(condition,model,arg0,arg1) \
