Bug#646470: t1lib: diff for NMU version 5.1.2-3.1

Sat, 03 Dec 2011 13:03:16 -0800 

Dear maintainer,

I've prepared an NMU for t1lib (versioned as 5.1.2-3.1) with the previous 
contributions.

Thanks for your work!

diff -u t1lib-5.1.2/debian/changelog t1lib-5.1.2/debian/changelog
--- t1lib-5.1.2/debian/changelog
+++ t1lib-5.1.2/debian/changelog
@@ -1,3 +1,13 @@
+t1lib (5.1.2-3.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * format-security.diff: use relevant "%s" format when passing a 
+    variable string to a printf() function and replace printf() 
+    with puts() for the model-only IfTrace0 macro. Thanks to Colin Watson
+    and Loïc Minier! (Closes: #646470) 
+
+ -- Mònica Ramírez Arceda <mon...@probeta.net>  Sat, 03 Dec 2011 21:28:31 +0100
+
 t1lib (5.1.2-3) unstable; urgency=low
 
   * New Maintainer (Closes: #430611) 
diff -u t1lib-5.1.2/debian/patches/series t1lib-5.1.2/debian/patches/series
--- t1lib-5.1.2/debian/patches/series
+++ t1lib-5.1.2/debian/patches/series
@@ -4,0 +5 @@
+format-security.diff
only in patch2:
unchanged:
--- t1lib-5.1.2.orig/debian/patches/format-security.diff
+++ t1lib-5.1.2/debian/patches/format-security.diff
@@ -0,0 +1,33 @@
+--- a/lib/type1/objects.c
++++ b/lib/type1/objects.c
+@@ -957,7 +957,7 @@
+  
+        sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n",
+                   name, TypeFmt(expect), TypeFmt(obj->type));
+-       IfTrace0(TRUE,typemsg);
++       IfTrace1(TRUE, "%s", typemsg);
+  
+        ObjectPostMortem(obj);
+  
+--- a/lib/t1lib/t1subset.c
++++ b/lib/t1lib/t1subset.c
+@@ -759,7 +759,7 @@
+ 	     tr_len);
+     T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf,
+ 		 T1LOG_DEBUG);
+-    l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript trailer */
++    l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript trailer */
+   }
+   
+   /* compute size of output file */
+--- a/lib/type1/objects.h
++++ b/lib/type1/objects.h
+@@ -214,7 +214,7 @@
+ /*SHARED*/
+ /* NDW: personally, I want to see status and error messages! */
+ #define IfTrace0(condition,model)                                 \
+-        {if (condition) printf(model);}
++        {if (condition) fputs(model,stdout);}
+ #define IfTrace1(condition,model,arg0)                            \
+         {if (condition) printf(model,arg0);}
+ #define IfTrace2(condition,model,arg0,arg1)                       \

Reply via email to