new file mode 100644
@@ -0,0 +1,41 @@
+Fix printf formats to use format qualifiers
+fixes
+
+error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Pending
+
+--- a/lib/type1/objects.c
++++ b/lib/type1/objects.c
+@@ -957,7 +957,7 @@
+
+ sprintf(typemsg, "Wrong object type in %s; expected %s, found %s.\n",
+ name, TypeFmt(expect), TypeFmt(obj->type));
+- IfTrace0(TRUE,typemsg);
++ IfTrace1(TRUE, "%s", typemsg);
+
+ ObjectPostMortem(obj);
+
+--- a/lib/t1lib/t1subset.c
++++ b/lib/t1lib/t1subset.c
+@@ -759,7 +759,7 @@
+ tr_len);
+ T1_PrintLog( "T1_SubsetFont()", err_warn_msg_buf,
+ T1LOG_DEBUG);
+- l+=sprintf( &(trailerbuf[l]), linebuf); /* contains the PostScript trailer */
++ l+=sprintf( &(trailerbuf[l]), "%s", linebuf); /* contains the PostScript trailer */
+ }
+
+ /* compute size of output file */
+--- a/lib/type1/objects.h
++++ b/lib/type1/objects.h
+@@ -214,7 +214,7 @@
+ /*SHARED*/
+ /* NDW: personally, I want to see status and error messages! */
+ #define IfTrace0(condition,model) \
+- {if (condition) printf(model);}
++ {if (condition) fputs(model,stdout);}
+ #define IfTrace1(condition,model,arg0) \
+ {if (condition) printf(model,arg0);}
+ #define IfTrace2(condition,model,arg0,arg1) \
@@ -9,7 +9,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b \
SRC_URI = "${DEBIAN_MIRROR}/main/t/t1lib/t1lib_${PV}.orig.tar.gz \
file://configure.patch \
- file://libtool.patch"
+ file://libtool.patch \
+ file://format_security.patch"
SRC_URI[md5sum] = "a5629b56b93134377718009df1435f3c"
SRC_URI[sha256sum] = "821328b5054f7890a0d0cd2f52825270705df3641dbd476d58d17e56ed957b59"
Signed-off-by: Khem Raj <raj.khem@gmail.com> --- .../t1lib/t1lib-5.1.2/format_security.patch | 41 ++++++++++++++++++++++ meta-oe/recipes-extended/t1lib/t1lib_5.1.2.bb | 3 +- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-extended/t1lib/t1lib-5.1.2/format_security.patch -- 2.12.0 -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel