From 0661363df642470fd906f5d519e2844e74f0b8df Mon Sep 17 00:00:00 2001
From: Jindrich Novy <novyjindrich@gmail.com>
Date: Dec 27 2013 02:56:04 +0000
Subject: Fix printf() and friends to always contain format string (#1037351)


---

diff --git a/texlive.spec b/texlive.spec
index ce76a54..830c486 100644
--- a/texlive.spec
+++ b/texlive.spec
@@ -47,6 +47,7 @@ Obsoletes: texlive-texmf-errata-latex < %{tl_version}, texlive-texmf-errata-xete
 Conflicts: texlive-dvips = 2007
 Patch1: tl-kpfix.patch
 Patch2: tl-testfix.patch
+Patch3: tl-format.patch
 Source0: %{source_name}.tar.xz
 Source1: tl2rpm.c
 Source2: texlive.tlpdb
@@ -200838,6 +200839,7 @@ xz -dc %{SOURCE0} | tar x
 [ -e %{source_name} ] && mv %{source_name} source
 %patch1 -p0
 %patch2 -p0
+%patch3 -p0
 for l in `unxz -c %{SOURCE3} | tar t`; do
 ln -s %{_texdir}/licenses/$l $l
 done
@@ -343104,6 +343106,7 @@ fi
 - remove generated files upon update to avoid 'I'm stymified', etc.
 - update co_source - upstream SVN checkout script
 - disable Perl dependencies generation for F19 and older (#1023876)
+- always have format in printf() #1037351
 - fixes #921805, #952080, #1020941, #1025679, #1045794
 - Merry Christmas!
 
diff --git a/texlive.spec.template b/texlive.spec.template
index 9588e55..9553df3 100644
--- a/texlive.spec.template
+++ b/texlive.spec.template
@@ -47,6 +47,7 @@ Obsoletes: texlive-texmf-errata-latex < %{tl_version}, texlive-texmf-errata-xete
 Conflicts: texlive-dvips = 2007
 Patch1: tl-kpfix.patch
 Patch2: tl-testfix.patch
+Patch3: tl-format.patch
 Source0: %{source_name}.tar.xz
 Source1: tl2rpm.c
 Source2: texlive.tlpdb
@@ -108,6 +109,7 @@ xz -dc %{SOURCE0} | tar x
 [ -e %{source_name} ] && mv %{source_name} source
 %patch1 -p0
 %patch2 -p0
+%patch3 -p0
 for l in `unxz -c %{SOURCE3} | tar t`; do
 	ln -s %{_texdir}/licenses/$l $l
 done
@@ -384,6 +386,7 @@ fi
 - remove generated files upon update to avoid 'I'm stymified', etc.
 - update co_source - upstream SVN checkout script
 - disable Perl dependencies generation for F19 and older (#1023876)
+- always have format in printf() #1037351
 - fixes #921805, #952080, #1020941, #1025679, #1045794
 - Merry Christmas!
 
diff --git a/tl-format.patch b/tl-format.patch
new file mode 100644
index 0000000..91f6111
--- /dev/null
+++ b/tl-format.patch
@@ -0,0 +1,228 @@
+diff -up source/texk/devnag/src/devnag.c.format source/texk/devnag/src/devnag.c
+--- source/texk/devnag/src/devnag.c.format	2013-12-22 17:03:35.000000000 +0100
++++ source/texk/devnag/src/devnag.c	2013-12-26 20:13:56.390766885 +0100
+@@ -2395,7 +2395,7 @@ void put_macro(short macro) {
+ void err_ill(const char *str) {
+    fprintf(stderr, "Error: illegal character(s) \"%s\" detected at line %d:\n",
+ 	  str, linenumber);
+-   fprintf(stderr, inbuf);
++   fprintf(stderr, "%s", inbuf);
+    exit(1);
+ }
+ 
+diff -up source/texk/dvidvi/dvidvi.c.format source/texk/dvidvi/dvidvi.c
+--- source/texk/dvidvi/dvidvi.c.format	2013-12-22 17:03:36.000000000 +0100
++++ source/texk/dvidvi/dvidvi.c	2013-12-26 20:13:56.390766885 +0100
+@@ -327,7 +327,7 @@ static void stringdvibuf(integer p, inte
+  *   Print a usage error messsage, and quit.
+  */
+ static void usage(void) {
+-   (void)fprintf(stderr,banner);
++   (void)fprintf(stderr,"%s",banner);
+    (void)fprintf(stderr,"Usage:  dvidvi [options] input[.dvi] [output]\n");
+    (void)fprintf(stderr,"where options are:\n");
+    (void)fprintf(stderr,"    [-f n] first page printed     [-l n] last page printed\n");
+@@ -806,7 +806,7 @@ default:
+       } /* else argument with '-' */
+    }  /* for */
+    if (*iname == 0) {
+-       (void)fprintf(stderr, banner) ;
++       (void)fprintf(stderr, "%s", banner) ;
+        error("! no input file specified");
+    }
+    /* Inserted by djc@dsmail.hmi.de 3.8.1994 */
+@@ -817,7 +817,7 @@ default:
+    }
+ 
+    if (*oname != 0 && !quiet) {
+-       (void)fprintf(stderr, banner) ;
++       (void)fprintf(stderr, "%s", banner) ;
+        (void)fprintf(stderr, "%s -> %s\n",iname,oname);
+        temp = nextstring ;
+    }
+diff -up source/texk/dvi2tty/dvi2tty-5.3.4/DVI.format source/texk/dvi2tty/dvi2tty-5.3.4/DVI
+diff -up source/texk/ps2pkm/objects.h.format source/texk/ps2pkm/objects.h
+--- source/texk/ps2pkm/objects.h.format	2013-12-22 17:03:29.000000000 +0100
++++ source/texk/ps2pkm/objects.h	2013-12-26 20:13:56.390766885 +0100
+@@ -232,7 +232,7 @@ struct xobject {
+ /*SHARED*/
+ /* NDW: personally, I want to see status and error messages! */
+ #define IfTrace0(condition,model)                                 \
+-        {if (condition) printf(model);}
++        {if (condition) printf("%s",model);}
+ #define IfTrace1(condition,model,arg0)                            \
+         {if (condition) printf(model,arg0);}
+ #define IfTrace2(condition,model,arg0,arg1)                       \
+diff -up source/texk/web2c/cwebboot.cin.format source/texk/web2c/cwebboot.cin
+--- source/texk/web2c/cwebboot.cin.format	2013-12-22 17:03:30.000000000 +0100
++++ source/texk/web2c/cwebboot.cin	2013-12-26 20:13:56.390766885 +0100
+@@ -1090,7 +1090,7 @@ void
+  fatal(const char*s,const char*t)
+ #line 1182 "cwebdir/common.w"
+ {
+-if(*s)printf(s);
++if(*s)printf("%s",s);
+ err_print(t);
+ history= fatal_message;exit(wrap_up());
+ }
+diff -up source/texk/web2c/cwebdir/common.c.format source/texk/web2c/cwebdir/common.c
+--- source/texk/web2c/cwebdir/common.c.format	2013-12-22 17:03:31.000000000 +0100
++++ source/texk/web2c/cwebdir/common.c	2013-12-26 20:13:56.391766888 +0100
+@@ -1063,7 +1063,7 @@ void
+ fatal(s,t)
+ char*s,*t;
+ {
+-if(*s)printf(s);
++if(*s)printf("%s",s);
+ err_print(t);
+ history= fatal_message;exit(wrap_up());
+ }
+diff -up source/texk/web2c/cwebdir/common.w.format source/texk/web2c/cwebdir/common.w
+--- source/texk/web2c/cwebdir/common.w.format	2013-12-22 17:03:31.000000000 +0100
++++ source/texk/web2c/cwebdir/common.w	2013-12-26 20:13:56.391766888 +0100
+@@ -1180,7 +1180,7 @@ concatenated to print the final error me
+ fatal(s,t)
+   char *s,*t;
+ {
+-  if (*s) printf(s);
++  if (*s) printf("%s",s);
+   err_print(t);
+   history=fatal_message; exit(wrap_up());
+ }
+diff -up source/texk/web2c/cwebdir/cweave.w.format source/texk/web2c/cwebdir/cweave.w
+--- source/texk/web2c/cwebdir/cweave.w.format	2013-12-22 17:03:31.000000000 +0100
++++ source/texk/web2c/cwebdir/cweave.w	2013-12-26 20:13:56.392766891 +0100
+@@ -1784,7 +1784,7 @@ void
+ print_cat(c) /* symbolic printout of a category */
+ eight_bits c;
+ {
+-  printf(cat_name[c]);
++  printf("%s",cat_name[c]);
+ }
+ 
+ @ The token lists for translated \TEX/ output contain some special control
+diff -up source/texk/web2c/omegafonts/error_routines.c.format source/texk/web2c/omegafonts/error_routines.c
+--- source/texk/web2c/omegafonts/error_routines.c.format	2013-12-22 17:03:30.000000000 +0100
++++ source/texk/web2c/omegafonts/error_routines.c	2013-12-26 20:13:56.392766891 +0100
+@@ -36,7 +36,7 @@ void
+ lex_error_0(const_string fmt)
+ {
+     fprintf(stderr, "line %d (lexing): ", line_number);
+-    fprintf(stderr, fmt);
++    fprintf(stderr, "%s", fmt);
+     fprintf(stderr, "\n");
+ }
+ 
+@@ -68,7 +68,7 @@ void
+ yyerror(const_string fmt)
+ {
+     fprintf(stderr, "line %d (parsing): ", line_number);
+-    fprintf(stderr, fmt);
++    fprintf(stderr, "%s", fmt);
+     fprintf(stderr, "\n");
+ }
+ 
+@@ -77,7 +77,7 @@ void
+ warning_0(const_string fmt)
+ {
+     fprintf(stderr, "line %d (warning): ", line_number);
+-    fprintf(stderr, fmt);
++    fprintf(stderr, "%s", fmt);
+     fprintf(stderr, "\n");
+ }
+ 
+@@ -125,7 +125,7 @@ void
+ fatal_error_0(const_string fmt)
+ {
+     fprintf(stderr, "line %d (fatal): ", line_number);
+-    fprintf(stderr, fmt);
++    fprintf(stderr, "%s", fmt);
+     fprintf(stderr, "\n");
+     exit(1);
+ }
+@@ -161,7 +161,7 @@ void
+ internal_error_0(const_string fmt)
+ {
+     fprintf(stderr, "line %d (internal): ", line_number);
+-    fprintf(stderr, fmt);
++    fprintf(stderr, "%s", fmt);
+     fprintf(stderr, "\n");
+     exit(2);
+ }
+diff -up source/texk/web2c/omegafonts/out_routines.c.format source/texk/web2c/omegafonts/out_routines.c
+--- source/texk/web2c/omegafonts/out_routines.c.format	2013-12-22 17:03:30.000000000 +0100
++++ source/texk/web2c/omegafonts/out_routines.c	2013-12-26 20:13:56.392766891 +0100
+@@ -383,5 +383,5 @@ out_digits(unsigned counter)
+ void
+ out(const_string sval)
+ {
+-	fprintf(file_output, sval);
++	fprintf(file_output, "%s", sval);
+ }
+diff -up source/texk/web2c/tiedir/tie.c.format source/texk/web2c/tiedir/tie.c
+--- source/texk/web2c/tiedir/tie.c.format	2013-12-22 17:03:31.000000000 +0100
++++ source/texk/web2c/tiedir/tie.c	2013-12-26 20:13:56.392766891 +0100
+@@ -27,14 +27,14 @@
+  \
+ 
+ #define term_out stdout
+-#define print(a)fprintf(term_out,a)
++#define print(a)fprintf(term_out,"%s",a)
+ #define print2(a,b)fprintf(term_out,a,b)
+ #define print3(a,b,c)fprintf(term_out,a,b,c)
+ #define print_c(v)fputc(v,term_out);
+ #define new_line(v)fputc('\n',v)
+ #define term_new_line new_line(term_out) \
+ 
+-#define print_ln(v){fprintf(term_out,v);term_new_line;} \
++#define print_ln(v){fprintf(term_out,"%s",v);term_new_line;} \
+ 
+ #define print2_ln(a,b){print2(a,b);term_new_line;}
+ #define print3_ln(a,b,c){print3(a,b,c);term_new_line;} \
+diff -up source/texk/web2c/tiedir/tie.w.format source/texk/web2c/tiedir/tie.w
+--- source/texk/web2c/tiedir/tie.w.format	2013-12-22 17:03:31.000000000 +0100
++++ source/texk/web2c/tiedir/tie.w	2013-12-26 20:13:56.393766894 +0100
+@@ -465,7 +465,7 @@ for terminating an output line and writi
+ @d new_line(v)  fputc('\n',v) /* start new line */
+ @d term_new_line  new_line(term_out)
+ 	/* start new line of the terminal */
+-@d print_ln(v)  {fprintf(term_out,v);term_new_line;}
++@d print_ln(v)  {fprintf(term_out,"%s",v);term_new_line;}
+ 	/* `|print|' and then start new line */
+ @d print2_ln(a,b)  {print2(a,b);term_new_line;} /* same with two arguments */
+ @d print3_ln(a,b,c)  {print3(a,b,c);term_new_line;}
+diff -up source/texk/xdvik/gui/message-window.c.format source/texk/xdvik/gui/message-window.c
+--- source/texk/xdvik/gui/message-window.c.format	2013-12-22 17:03:30.000000000 +0100
++++ source/texk/xdvik/gui/message-window.c	2013-12-26 20:25:08.995961120 +0100
+@@ -713,7 +713,7 @@ internal_popup_window(Widget parent,
+     Widget ret;
+ 
+     ASSERT(type < (sizeof my_msg_map / sizeof my_msg_map[0]), "too few elements in my_msg_map");
+-    sprintf(win_title, my_msg_map[type].window_title);
++    sprintf(win_title, "%s", my_msg_map[type].window_title);
+ 
+ #if DEBUG
+     fprintf(stderr, "internal_popup_window called with prompt: \"%s\"\n", msg_buf);
+@@ -725,11 +725,11 @@ internal_popup_window(Widget parent,
+ 	   supposed to be printf-format strings (i.e. with doubled `%' to escape them)
+ 	*/
+ 	fprintf(stderr, "\n%s:\n", my_msg_map[type].window_title);
+-	fprintf(stderr, msg_buf);
++	fprintf(stderr, "%s", msg_buf);
+ 	fprintf(stderr, "\n");
+ 	if (helptext) {
+ 	    fprintf(stderr, "---------- helptext ----------\n");
+-	    fprintf(stderr, helptext);
++	    fprintf(stderr, "%s", helptext);
+ 	    fprintf(stderr, "\n---------- end of helptext ----------\n");
+ 	}
+ 	return NULL;
+@@ -741,7 +741,7 @@ internal_popup_window(Widget parent,
+     if (my_popup_num == MAX_POPUPS) {
+ 	/* already enough popups on screen, just dump it to stderr */
+ 	fprintf(stderr, "%s: ", win_title);
+-	fprintf(stderr, msg_buf);
++	fprintf(stderr, "%s", msg_buf);
+ 	fputc('\n', stderr);
+ 	/* Note: If a mad function continues to open popups, this will
+ 	 * stop after MAX_POPUPS, but open a new window for each