File t1lib-5.1.2-format-security.patch of Package t1lib

Index: t1lib-5.1.2/lib/t1lib/t1subset.c
===================================================================
--- t1lib-5.1.2.orig/lib/t1lib/t1subset.c
+++ t1lib-5.1.2/lib/t1lib/t1subset.c
@@ -759,7 +759,7 @@ char *T1_SubsetFont( int FontID,
 	     tr_len);
     T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf,
 		 T1LOG_DEBUG);
-    l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript trailer */
+    l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript trailer */
   }
   
   /* compute size of output file */
Index: t1lib-5.1.2/lib/type1/objects.c
===================================================================
--- t1lib-5.1.2.orig/lib/type1/objects.c
+++ t1lib-5.1.2/lib/type1/objects.c
@@ -957,7 +957,7 @@ struct xobject *TypeErr(name, obj, expec
  
        sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n",
                   name, TypeFmt(expect), TypeFmt(obj->type));
-       IfTrace0(TRUE,typemsg);
+       IfTrace1(TRUE,"%s",typemsg);
  
        ObjectPostMortem(obj);
  
Index: t1lib-5.1.2/lib/type1/objects.h
===================================================================
--- t1lib-5.1.2.orig/lib/type1/objects.h
+++ t1lib-5.1.2/lib/type1/objects.h
@@ -214,7 +214,7 @@ struct xobject {
 /*SHARED*/
 /* NDW: personally, I want to see status and error messages! */
 #define IfTrace0(condition,model)                                 \
-        {if (condition) printf(model);}
+        {if (condition) printf("%s", model);}
 #define IfTrace1(condition,model,arg0)                            \
         {if (condition) printf(model,arg0);}
 #define IfTrace2(condition,model,arg0,arg1)                       \