[slashem] apply patch to avoid format-security errors (RHBZ#1037330)
Iain Arnell
iarnell at fedoraproject.org
Wed Dec 4 16:40:19 UTC 2013
commit 4cd63b0552306b2381b734dfeb3941a0be2b3a21
Author: Iain Arnell <iarnell at gmail.com>
Date: Wed Dec 4 09:24:57 2013 -0700
apply patch to avoid format-security errors (RHBZ#1037330)
slashem-format-security.patch | 1622 +++++++++++++++++++++++++++++++++++++++++
slashem.spec | 8 +-
2 files changed, 1629 insertions(+), 1 deletions(-)
---
diff --git a/slashem-format-security.patch b/slashem-format-security.patch
new file mode 100644
index 0000000..915cb6c
--- /dev/null
+++ b/slashem-format-security.patch
@@ -0,0 +1,1622 @@
+diff -up slashem-0.0.8E0F1/src/apply.c.format-security slashem-0.0.8E0F1/src/apply.c
+--- slashem-0.0.8E0F1/src/apply.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/apply.c 2013-12-04 09:04:25.268502628 -0700
+@@ -66,7 +66,7 @@ use_camera(obj)
+ if(!getdir((char *)0)) return(0);
+
+ if (obj->spe <= 0) {
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ return (1);
+ }
+ consume_obj_charge(obj, TRUE);
+@@ -1005,7 +1005,7 @@ struct obj **optr;
+ if (!obj->cursed)
+ (void) openit();
+ else
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+
+ } else if (obj->cursed) {
+ coord mm;
+@@ -1037,7 +1037,7 @@ struct obj **optr;
+ }
+ res += openit();
+ switch (res) {
+- case 0: pline(nothing_happens); break;
++ case 0: pline("%s",nothing_happens); break;
+ case 1: pline("%s opens...", Something);
+ learno = TRUE; break;
+ default: pline("Things open around you...");
+@@ -1049,7 +1049,7 @@ struct obj **optr;
+ amii_speaker( obj, "AeFeaeFeAefegw", AMII_OKAY_VOLUME );
+ #endif
+ if (findit() != 0) learno = TRUE;
+- else pline(nothing_happens);
++ else pline("%s",nothing_happens);
+ }
+
+ } /* charged BofO */
+@@ -1122,7 +1122,7 @@ struct obj **optr;
+ char qbuf[QBUFSZ];
+
+ if(u.uswallow) {
+- You(no_elbow_room);
++ You("%s",no_elbow_room);
+ return;
+ }
+ if(Underwater) {
+@@ -1388,7 +1388,7 @@ struct obj *obj;
+ {
+ struct obj *otmp = NULL;
+ if (u.uswallow) {
+- You(no_elbow_room);
++ You("%s",no_elbow_room);
+ return 0;
+ }
+ if (Underwater) {
+@@ -1424,7 +1424,7 @@ light_cocktail(obj)
+ #endif
+
+ if (u.uswallow) {
+- You(no_elbow_room);
++ You("%s",no_elbow_room);
+ return;
+ }
+
+@@ -1517,12 +1517,12 @@ dorub()
+ update_inventory();
+ } else if (rn2(2) && !Blind)
+ You("see a puff of smoke.");
+- else pline(nothing_happens);
++ else pline("%s",nothing_happens);
+ } else if (obj->otyp == BRASS_LANTERN) {
+ /* message from Adventure */
+ pline("Rubbing the electric lamp is not particularly rewarding.");
+ pline("Anyway, nothing exciting happens.");
+- } else pline(nothing_happens);
++ } else pline("%s",nothing_happens);
+ return 1;
+ }
+
+@@ -1778,13 +1778,13 @@ register struct obj *obj;
+ can->spe = -1; /* Mark tinned tins. No spinach allowed... */
+ if (carried(corpse)) {
+ if (corpse->unpaid)
+- verbalize(you_buy_it);
++ verbalize("%s",you_buy_it);
+ useup(corpse);
+ } else if (mcarried(corpse)) {
+ m_useup(corpse->ocarry, corpse);
+ } else {
+ if (costly_spot(corpse->ox, corpse->oy) && !corpse->no_charge)
+- verbalize(you_buy_it);
++ verbalize("%s",you_buy_it);
+ useupf(corpse, 1L);
+ }
+ can = hold_another_object(can, "You make, but cannot pick up, %s.",
+@@ -1863,7 +1863,7 @@ struct obj *obj;
+ }
+
+ if (trouble_count == 0) {
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ return;
+ } else if (trouble_count > 1) { /* shuffle */
+ int i, j, k;
+@@ -2432,7 +2432,7 @@ struct obj *tstone;
+ }
+
+ if (Blind) {
+- pline(scritch);
++ pline("%s",scritch);
+ return;
+ } else if (Hallucination) {
+ pline("Oh wow, man: Fractals!");
+@@ -2514,7 +2514,7 @@ struct obj *tstone;
+ else if (streak_color)
+ pline("You see %s streaks on the %s.", streak_color, stonebuf);
+ else
+- pline(scritch);
++ pline("%s",scritch);
+ return;
+ }
+
+@@ -2720,7 +2720,7 @@ struct obj *obj;
+ You("wrap your bullwhip around %s on the %s.",
+ an(singular(otmp, xname)), surface(u.ux, u.uy));
+ if (rnl(6) || pickup_object(otmp, 1L, TRUE) < 1)
+- pline(msg_slipsfree);
++ pline("%s",msg_slipsfree);
+ return 1;
+ }
+ }
+@@ -2761,7 +2761,7 @@ struct obj *obj;
+ wrapped_what = strcpy(buf, mon_nam(mtmp));
+ } else if (proficient) {
+ if (attack(mtmp)) return 1;
+- else pline(msg_snap);
++ else pline("%s",msg_snap);
+ }
+ }
+ if (!wrapped_what) {
+@@ -2783,10 +2783,10 @@ struct obj *obj;
+ vision_full_recalc = 1;
+ }
+ } else {
+- pline(msg_slipsfree);
++ pline("%s",msg_slipsfree);
+ }
+ if (mtmp) wakeup(mtmp);
+- } else pline(msg_snap);
++ } else pline("%s",msg_snap);
+
+ } else if (mtmp) {
+ if (!canspotmon(mtmp) &&
+@@ -2878,7 +2878,7 @@ struct obj *obj;
+ break;
+ }
+ } else {
+- pline(msg_slipsfree);
++ pline("%s",msg_slipsfree);
+ }
+ wakeup(mtmp);
+ } else {
+@@ -2888,7 +2888,7 @@ struct obj *obj;
+ else You("flick your bullwhip towards %s.", mon_nam(mtmp));
+ if (proficient) {
+ if (attack(mtmp)) return 1;
+- else pline(msg_snap);
++ else pline("%s",msg_snap);
+ }
+ }
+
+@@ -2897,7 +2897,7 @@ struct obj *obj;
+ You("snap your whip through thin air.");
+
+ } else {
+- pline(msg_snap);
++ pline("%s",msg_snap);
+
+ }
+ return 1;
+@@ -2925,7 +2925,7 @@ use_pole (obj)
+
+ /* Are you allowed to use the pole? */
+ if (u.uswallow) {
+- pline(not_enough_room);
++ pline("%s",not_enough_room);
+ return (0);
+ }
+ if (obj != uwep) {
+@@ -2934,7 +2934,7 @@ use_pole (obj)
+ }
+
+ /* Prompt for a location */
+- pline(where_to_hit);
++ pline("%s",where_to_hit);
+ cc.x = u.ux;
+ cc.y = u.uy;
+ if (getpos(&cc, TRUE, "the spot to hit") < 0)
+@@ -2959,10 +2959,10 @@ use_pole (obj)
+ } else if (!cansee(cc.x, cc.y) &&
+ ((mtmp = m_at(cc.x, cc.y)) == (struct monst *)0 ||
+ !canseemon(mtmp))) {
+- You(cant_see_spot);
++ You("%s",cant_see_spot);
+ return (res);
+ } else if (!couldsee(cc.x, cc.y)) { /* Eyes of the Overworld */
+- You(cant_reach);
++ You("%s",cant_reach);
+ return res;
+ }
+
+@@ -3069,7 +3069,7 @@ use_pole (obj)
+ u.uconduct.weaphit++;
+ } else
+ /* Now you know that nothing is there... */
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ return (1);
+ }
+
+@@ -3123,7 +3123,7 @@ use_grapple (obj)
+
+ /* Are you allowed to use the hook? */
+ if (u.uswallow) {
+- pline(not_enough_room);
++ pline("%s",not_enough_room);
+ return (0);
+ }
+ if (obj != uwep) {
+@@ -3133,7 +3133,7 @@ use_grapple (obj)
+ /* assert(obj == uwep); */
+
+ /* Prompt for a location */
+- pline(where_to_hit);
++ pline("%s",where_to_hit);
+ cc.x = u.ux;
+ cc.y = u.uy;
+ if (getpos(&cc, TRUE, "the spot to hit") < 0)
+@@ -3148,7 +3148,7 @@ use_grapple (obj)
+ pline("Too far!");
+ return (res);
+ } else if (!cansee(cc.x, cc.y)) {
+- You(cant_see_spot);
++ You("%s",cant_see_spot);
+ return (res);
+ }
+
+@@ -3228,7 +3228,7 @@ use_grapple (obj)
+ }
+ break;
+ }
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ return (1);
+ }
+
+@@ -3304,7 +3304,7 @@ wand_explode(obj, hero_broke)
+ setnotworn(obj); /* so we need to do this ourselves */
+
+ if (obj->spe <= 0) {
+- pline(nothing_else_happens);
++ pline("%s",nothing_else_happens);
+ goto discard_broken_wand;
+ }
+ obj->ox = u.ux;
+@@ -3320,7 +3320,7 @@ wand_explode(obj, hero_broke)
+ case WAN_ENLIGHTENMENT:
+ case WAN_OPENING:
+ case WAN_SECRET_DOOR_DETECTION:
+- pline(nothing_else_happens);
++ pline("%s",nothing_else_happens);
+ goto discard_broken_wand;
+ case WAN_DEATH:
+ case WAN_LIGHTNING:
+@@ -3798,7 +3798,7 @@ doapply()
+ if (u.uhp > u.uhpmax) u.uhp = u.uhpmax;
+ You_feel("better.");
+ flags.botl = TRUE;
+- } else pline(nothing_happens);
++ } else pline("%s",nothing_happens);
+ } else if (!rn2(3))
+ pline("Nothing seems to happen.");
+ else if (!Sick)
+@@ -3846,7 +3846,7 @@ doapply()
+ (const char *)0);
+ makeknown(HORN_OF_PLENTY);
+ } else
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ break;
+ case LAND_MINE:
+ case BEARTRAP:
+diff -up slashem-0.0.8E0F1/src/artifact.c.format-security slashem-0.0.8E0F1/src/artifact.c
+--- slashem-0.0.8E0F1/src/artifact.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/artifact.c 2013-12-04 09:27:31.080393162 -0700
+@@ -1478,7 +1478,7 @@ arti_invoke(obj)
+ if(obj->otyp == CRYSTAL_BALL)
+ use_crystal_ball(obj);
+ else
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ return 1;
+ }
+
+diff -up slashem-0.0.8E0F1/src/botl.c.format-security slashem-0.0.8E0F1/src/botl.c
+--- slashem-0.0.8E0F1/src/botl.c.format-security 2013-12-04 08:37:37.470992033 -0700
++++ slashem-0.0.8E0F1/src/botl.c 2013-12-04 08:38:26.260703473 -0700
+@@ -224,9 +224,9 @@ botl_player()
+ mbot[k] += 'A' - 'a';
+ k++;
+ }
+- Sprintf(eos(nb), mbot);
++ Sprintf(eos(nb), "%s", mbot);
+ } else
+- Sprintf(eos(nb), rank());
++ Sprintf(eos(nb), "%s", rank());
+ return player;
+ }
+
+diff -up slashem-0.0.8E0F1/src/cmd.c.format-security slashem-0.0.8E0F1/src/cmd.c
+--- slashem-0.0.8E0F1/src/cmd.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/cmd.c 2013-12-04 08:40:50.705903485 -0700
+@@ -863,7 +863,7 @@ specialpower() /* Special class abi
+ else u.uhp += (u.ulevel * 4);
+ if (u.uhp > u.uhpmax) u.uhp = u.uhpmax;
+ u.unextuse = 3000;
+- } else pline(nothing_happens);
++ } else pline("%s",nothing_happens);
+ break;
+ case 'S':
+ You("scream \"KIIILLL!\"");
+@@ -1033,7 +1033,7 @@ wiz_level_change()
+ else ret = sscanf(buf, "%d", &newlevel);
+
+ if (ret != 1) {
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return 0;
+ }
+ if (newlevel == u.ulevel) {
+@@ -3303,7 +3303,7 @@ coord *cc;
+ {
+ xchar new_x, new_y;
+ if (!getdir(prompt)) {
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return 0;
+ }
+ new_x = x + u.dx;
+@@ -3312,7 +3312,7 @@ coord *cc;
+ cc->x = new_x;
+ cc->y = new_y;
+ } else {
+- if (emsg) pline(emsg);
++ if (emsg) pline("%s",emsg);
+ return 0;
+ }
+ return 1;
+@@ -3625,7 +3625,7 @@ parse()
+ if (multi > 9) {
+ clear_nhwindow(WIN_MESSAGE);
+ Sprintf(in_line, "Count: %d", multi);
+- pline(in_line);
++ pline("%s",in_line);
+ mark_synch();
+ }
+ last_multi = multi;
+diff -up slashem-0.0.8E0F1/src/detect.c.format-security slashem-0.0.8E0F1/src/detect.c
+--- slashem-0.0.8E0F1/src/detect.c.format-security 2013-12-04 08:42:12.503469557 -0700
++++ slashem-0.0.8E0F1/src/detect.c 2013-12-04 08:46:46.052496266 -0700
+@@ -823,7 +823,7 @@ struct obj *obj;
+ case 3 : if (!resists_blnd(&youmonst)) {
+ pline("%s your vision!", Tobjnam(obj, "damage"));
+ make_blinded(Blinded + rnd(100),FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ } else {
+ pline("%s your vision.", Tobjnam(obj, "assault"));
+ You("are unaffected!");
+@@ -872,7 +872,7 @@ struct obj *obj;
+ ch = yn_function("What do you look for?", (char *)0, '\0');
+ /* Don't filter out ' ' here; it has a use */
+ if ((ch != def_monsyms[S_GHOST]) && index(quitchars,ch)) {
+- if (flags.verbose) pline(Never_mind);
++ if (flags.verbose) pline("%s",Never_mind);
+ return;
+ }
+ You("peer into %s...", the(xname(obj)));
+diff -up slashem-0.0.8E0F1/src/dig.c.format-security slashem-0.0.8E0F1/src/dig.c
+--- slashem-0.0.8E0F1/src/dig.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/dig.c 2013-12-04 08:43:48.689117735 -0700
+@@ -416,7 +416,7 @@ dig()
+ feel_location(dpx, dpy);
+ else
+ newsym(dpx, dpy);
+- if(digtxt && !digging.quiet) pline(digtxt); /* after newsym */
++ if(digtxt && !digging.quiet) pline("%s",digtxt); /* after newsym */
+ if(dmgtxt)
+ pay_for_damage(dmgtxt, FALSE);
+
+@@ -655,7 +655,7 @@ int ttyp;
+ schedule_goto(&newlevel, FALSE, TRUE, FALSE,
+ You_fall, (char *)0);
+ } else {
+- pline(You_fall);
++ pline("%s",You_fall);
+ goto_level(&newlevel, FALSE, TRUE, FALSE);
+ /* messages for arriving in special rooms */
+ spoteffects(FALSE);
+diff -up slashem-0.0.8E0F1/src/do.c.format-security slashem-0.0.8E0F1/src/do.c
+--- slashem-0.0.8E0F1/src/do.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/do.c 2013-12-04 08:35:15.745840279 -0700
+@@ -1365,7 +1365,7 @@ boolean at_stairs, falling, portal;
+ Sprintf(buf, mesg, !Blind ? "looks" : "seems");
+ mesg = buf;
+ }
+- if (mesg) pline(mesg);
++ if (mesg) pline("%s",mesg);
+ }
+
+ #ifdef REINCARNATION
+@@ -1513,7 +1513,7 @@ deferred_goto()
+ int typmask = u.utotype; /* save it; goto_level zeroes u.utotype */
+
+ assign_level(&dest, &u.utolev);
+- if (dfr_pre_msg) pline(dfr_pre_msg);
++ if (dfr_pre_msg) pline("%s",dfr_pre_msg);
+ goto_level(&dest, !!(typmask&1), !!(typmask&2), !!(typmask&4));
+ if (typmask & 0200) { /* remove portal */
+ struct trap *t = t_at(u.ux, u.uy);
+@@ -1523,7 +1523,7 @@ deferred_goto()
+ newsym(u.ux, u.uy);
+ }
+ }
+- if (dfr_post_msg) pline(dfr_post_msg);
++ if (dfr_post_msg) pline("%s",dfr_post_msg);
+ }
+ u.utotype = 0; /* our caller keys off of this */
+ if (dfr_pre_msg)
+diff -up slashem-0.0.8E0F1/src/dothrow.c.format-security slashem-0.0.8E0F1/src/dothrow.c
+--- slashem-0.0.8E0F1/src/dothrow.c.format-security 2013-12-04 08:42:12.507469535 -0700
++++ slashem-0.0.8E0F1/src/dothrow.c 2013-12-04 08:49:09.840928963 -0700
+@@ -899,7 +899,7 @@ boolean hitsroof;
+ pline("It blinds you!");
+ u.ucreamed += blindinc;
+ make_blinded(Blinded + (long)blindinc, FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ }
+ break;
+ default:
+diff -up slashem-0.0.8E0F1/src/dungeon.c.format-security slashem-0.0.8E0F1/src/dungeon.c
+--- slashem-0.0.8E0F1/src/dungeon.c.format-security 2013-12-04 08:51:40.999274208 -0700
++++ slashem-0.0.8E0F1/src/dungeon.c 2013-12-04 08:51:58.575189028 -0700
+@@ -678,7 +678,7 @@ init_dungeons()
+ interject_assistance(1, INTERJECT_PANIC, (genericptr_t)tbuf,
+ (genericptr_t)fqn_prefix[DATAPREFIX]);
+ #endif
+- panic(tbuf);
++ panic("%s",tbuf);
+ }
+
+ /* validate the data's version against the program's version */
+diff -up slashem-0.0.8E0F1/src/eat.c.format-security slashem-0.0.8E0F1/src/eat.c
+--- slashem-0.0.8E0F1/src/eat.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/eat.c 2013-12-04 08:49:33.056833121 -0700
+@@ -471,7 +471,7 @@ boolean message;
+ occupation = 0; /* do this early, so newuhs() knows we're done */
+ newuhs(FALSE);
+ if (nomovemsg) {
+- if (message) pline(nomovemsg);
++ if (message) pline("%s",nomovemsg);
+ nomovemsg = 0;
+ } else if (message)
+ You("finish %s %s.", victual.piece->odrained ? "draining" :
+@@ -1443,7 +1443,7 @@ struct obj *obj;
+ } else if(!rn2(4) && !Blind) {
+ pline("Everything suddenly goes dark.");
+ make_blinded((long)d(2,10),FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ } else if(!rn2(3)) {
+ const char *what, *where;
+ if (!Blind)
+diff -up slashem-0.0.8E0F1/src/engrave.c.format-security slashem-0.0.8E0F1/src/engrave.c
+--- slashem-0.0.8E0F1/src/engrave.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/engrave.c 2013-12-04 08:49:27.095857799 -0700
+@@ -982,7 +982,7 @@ doengrave()
+ c = yn_function("Do you want to add to the current engraving?",
+ ynqchars, 'y');
+ if (c == 'q') {
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return(0);
+ }
+ }
+@@ -1075,7 +1075,7 @@ doengrave()
+ Tobjnam(otmp, "glow"), otense(otmp, "fade"));
+ return(1);
+ } else {
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return(0);
+ }
+ }
+@@ -1192,12 +1192,12 @@ doengrave()
+
+ make_engr_at(u.ux, u.uy, buf, (moves - multi), type);
+
+- if (post_engr_text[0]) pline(post_engr_text);
++ if (post_engr_text[0]) pline("%s",post_engr_text);
+
+ if (doblind && !resists_blnd(&youmonst)) {
+ You("are blinded by the flash!");
+ make_blinded((long)rnd(50),FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ }
+
+ return(1);
+diff -up slashem-0.0.8E0F1/src/hack.c.format-security slashem-0.0.8E0F1/src/hack.c
+--- slashem-0.0.8E0F1/src/hack.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/hack.c 2013-12-04 08:59:53.201874641 -0700
+@@ -754,7 +754,7 @@ still_chewing(x,y)
+
+ unblock_point(x, y); /* vision */
+ newsym(x, y);
+- if (digtxt) You(digtxt); /* after newsym */
++ if (digtxt) You("%s",digtxt); /* after newsym */
+ if (dmgtxt) pay_for_damage(dmgtxt, FALSE);
+ (void) memset((genericptr_t)&digging, 0, sizeof digging);
+ return 0;
+@@ -2582,7 +2582,7 @@ const char *msg_override;
+ multi = 0; /* caller will usually have done this already */
+ if (msg_override) nomovemsg = msg_override;
+ else if (!nomovemsg) nomovemsg = You_can_move_again;
+- if (*nomovemsg) pline(nomovemsg);
++ if (*nomovemsg) pline("%s",nomovemsg);
+ nomovemsg = 0;
+ u.usleep = 0;
+ if (afternmv) (*afternmv)();
+@@ -2771,7 +2771,7 @@ const char *str;
+ {
+ if(near_capacity() >= EXT_ENCUMBER) {
+ if(str)
+- pline(str);
++ pline("%s",str);
+ else
+ You_cant("do that while carrying so much stuff.");
+ return 1;
+diff -up slashem-0.0.8E0F1/src/invent.c.format-security slashem-0.0.8E0F1/src/invent.c
+--- slashem-0.0.8E0F1/src/invent.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/invent.c 2013-12-04 08:43:21.873202290 -0700
+@@ -1153,7 +1153,7 @@ register const char *let,*word;
+ }
+ if(index(quitchars,ilet)) {
+ if(flags.verbose)
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return((struct obj *)0);
+ }
+ if(ilet == '-') {
+@@ -1220,7 +1220,7 @@ register const char *let,*word;
+ PICK_ONE, allowall ? allow_all : allow_ugly);
+ if (n<0) {
+ if (flags.verbose)
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return (struct obj *)0;
+ } else if (!n)
+ continue;
+@@ -1250,7 +1250,7 @@ register const char *let,*word;
+ }
+ if(ilet == '\033') {
+ if(flags.verbose)
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return((struct obj *)0);
+ }
+ /* they typed a letter (not a space) at the prompt */
+@@ -2536,7 +2536,7 @@ boolean picked_some;
+ }
+
+ if (!otmp || is_lava(u.ux,u.uy) || (is_pool(u.ux,u.uy) && !Underwater)) {
+- if (dfeature) pline(fbuf);
++ if (dfeature) pline("%s",fbuf);
+ sense_engr_at(u.ux, u.uy, FALSE); /* Eric Backus */
+ if (!skip_objects && (Blind || !dfeature))
+ You("%s no objects here.", verb);
+@@ -2545,14 +2545,14 @@ boolean picked_some;
+ /* we know there is something here */
+
+ if (skip_objects) {
+- if (dfeature) pline(fbuf);
++ if (dfeature) pline("%s",fbuf);
+ sense_engr_at(u.ux, u.uy, FALSE); /* Eric Backus */
+ There("are %s%s objects here.",
+ (obj_cnt <= 10) ? "several" : "many",
+ picked_some ? " more" : "");
+ } else if (!otmp->nexthere) {
+ /* only one object */
+- if (dfeature) pline(fbuf);
++ if (dfeature) pline("%s",fbuf);
+ sense_engr_at(u.ux, u.uy, FALSE); /* Eric Backus */
+ #ifdef INVISIBLE_OBJECTS
+ if (otmp->oinvis && !See_invisible) verb = "feel";
+@@ -3052,7 +3052,7 @@ doorganize() /* inventory organizer by D
+ Sprintf(qbuf, "Adjust letter to what [%s]?",buf);
+ let = yn_function(qbuf, (char *)0, '\0');
+ if(index(quitchars,let)) {
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return(0);
+ }
+ if (let == '@' || !letter(let))
+diff -up slashem-0.0.8E0F1/src/lock.c.format-security slashem-0.0.8E0F1/src/lock.c
+--- slashem-0.0.8E0F1/src/lock.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/lock.c 2013-12-04 08:35:15.750840248 -0700
+@@ -1157,7 +1157,7 @@ int x, y;
+ default: impossible("magic (%d) attempted on door.", otmp->otyp);
+ break;
+ }
+- if (msg && cansee(x,y)) pline(msg);
++ if (msg && cansee(x,y)) pline("%s",msg);
+ if (loudness > 0) {
+ /* door was destroyed */
+ wake_nearto(x, y, loudness);
+diff -up slashem-0.0.8E0F1/src/mail.c.format-security slashem-0.0.8E0F1/src/mail.c
+--- slashem-0.0.8E0F1/src/mail.c.format-security 2013-12-04 09:02:47.996993311 -0700
++++ slashem-0.0.8E0F1/src/mail.c 2013-12-04 09:03:11.273875906 -0700
+@@ -319,7 +319,7 @@ md_rush(md,tx,ty)
+ if (fx == tx && fy == ty) break;
+
+ if ((mon = m_at(fx,fy)) != 0) /* save monster at this position */
+- verbalize(md_exclamations());
++ verbalize("%s",md_exclamations());
+ else if (fx == u.ux && fy == u.uy)
+ verbalize("Excuse me.");
+
+diff -up slashem-0.0.8E0F1/src/makemon.c.format-security slashem-0.0.8E0F1/src/makemon.c
+--- slashem-0.0.8E0F1/src/makemon.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/makemon.c 2013-12-04 08:35:15.751840242 -0700
+@@ -2507,7 +2507,7 @@ struct obj *bag;
+ if (!bag || bag->otyp != BAG_OF_TRICKS) {
+ impossible("bad bag o' tricks");
+ } else if (bag->spe < 1) {
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ } else {
+ boolean gotone = FALSE;
+ int cnt = 1;
+diff -up slashem-0.0.8E0F1/src/mcastu.c.format-security slashem-0.0.8E0F1/src/mcastu.c
+--- slashem-0.0.8E0F1/src/mcastu.c.format-security 2013-12-04 08:48:14.202154120 -0700
++++ slashem-0.0.8E0F1/src/mcastu.c 2013-12-04 08:49:22.319877552 -0700
+@@ -692,7 +692,7 @@ int spellnum;
+ (num_eyes == 1) ?
+ body_part(EYE) : makeplural(body_part(EYE)));
+ make_blinded(Half_spell_damage ? 100L : 200L, FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ dmg = 0;
+ } else
+ impossible("no reason for monster to cast blindness spell?");
+diff -up slashem-0.0.8E0F1/src/mhitu.c.format-security slashem-0.0.8E0F1/src/mhitu.c
+--- slashem-0.0.8E0F1/src/mhitu.c.format-security 2013-12-04 08:48:14.204154112 -0700
++++ slashem-0.0.8E0F1/src/mhitu.c 2013-12-04 08:49:42.842792392 -0700
+@@ -1315,7 +1315,7 @@ hitmu(mtmp, mattk)
+ if (can_blnd(mtmp, &youmonst, mattk->aatyp, (struct obj*)0)) {
+ if (!Blind) pline("%s blinds you!", Monnam(mtmp));
+ make_blinded(Blinded+(long)dmg,FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ }
+ dmg = 0;
+ break;
+@@ -2112,7 +2112,7 @@ gulpmu(mtmp, mattk) /* monster swallows
+ if(!Blind) {
+ You_cant("see in here!");
+ make_blinded((long)tmp,FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ } else
+ /* keep him blind until disgorged */
+ make_blinded(Blinded+1,FALSE);
+@@ -2228,7 +2228,7 @@ common:
+ if (mon_visible(mtmp) || (rnd(tmp /= 2) > u.ulevel)) {
+ You("are blinded by a blast of light!");
+ make_blinded((long)tmp, FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ } else if (flags.verbose)
+ You("get the impression it was not terribly bright.");
+ }
+@@ -2355,7 +2355,7 @@ gazemu(mtmp, mattk) /* monster gazes at
+ /* not blind at this point implies you're wearing
+ the Eyes of the Overworld; make them block this
+ particular stun attack too */
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ else make_stunned((long)d(1,3),TRUE);
+ }
+ break;
+diff -up slashem-0.0.8E0F1/src/mon.c.format-security slashem-0.0.8E0F1/src/mon.c
+--- slashem-0.0.8E0F1/src/mon.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/mon.c 2013-12-04 09:07:39.391523205 -0700
+@@ -1592,7 +1592,7 @@ struct monst *mtmp;
+ int visible;
+ char buf[BUFSZ];
+
+- sprintf(buf, Monnam(mtmp));
++ sprintf(buf, "%s", Monnam(mtmp));
+
+ /* If there is a timer == monster was poly'ed */
+ if (stop_timer(UNPOLY_MON, (genericptr_t) mtmp)) {
+@@ -2675,7 +2675,7 @@ struct monst *mon;
+ You("cannot polymorph %s into that.", mon_nam(mon));
+ else break;
+ } while(++tries < 5);
+- if (tries==5) pline(thats_enough_tries);
++ if (tries==5) pline("%s",thats_enough_tries);
+ }
+ #endif /*WIZARD*/
+ if (mndx == NON_PM) mndx = rn1(SPECIAL_PM - LOW_PM, LOW_PM);
+diff -up slashem-0.0.8E0F1/src/mthrowu.c.format-security slashem-0.0.8E0F1/src/mthrowu.c
+--- slashem-0.0.8E0F1/src/mthrowu.c.format-security 2013-12-04 08:48:14.200154128 -0700
++++ slashem-0.0.8E0F1/src/mthrowu.c 2013-12-04 08:49:18.593892958 -0700
+@@ -533,7 +533,7 @@ m_throw(mon, x, y, dx, dy, range, obj)
+ if (blindinc) {
+ u.ucreamed += blindinc;
+ make_blinded(Blinded + (long)blindinc, FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ }
+ }
+
+diff -up slashem-0.0.8E0F1/src/muse.c.format-security slashem-0.0.8E0F1/src/muse.c
+--- slashem-0.0.8E0F1/src/muse.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/muse.c 2013-12-04 08:35:15.753840230 -0700
+@@ -81,7 +81,7 @@ struct obj *obj;
+ m_useup(mon, obj);
+ mtmp = makemon(&mons[PM_GHOST], cc.x, cc.y, NO_MM_FLAGS);
+ if (!mtmp) {
+- if (vis) pline(empty);
++ if (vis) pline("%s",empty);
+ } else {
+ if (vis) {
+ pline("As %s opens the bottle, an enormous %s emerges!",
+@@ -104,7 +104,7 @@ struct obj *obj;
+ m_useup(mon, obj);
+ mtmp = makemon(&mons[PM_DJINNI], cc.x, cc.y, NO_MM_FLAGS);
+ if (!mtmp) {
+- if (vis) pline(empty);
++ if (vis) pline("%s",empty);
+ } else {
+ if (vis)
+ pline("In a cloud of smoke, %s emerges!",
+diff -up slashem-0.0.8E0F1/src/polyself.c.format-security slashem-0.0.8E0F1/src/polyself.c
+--- slashem-0.0.8E0F1/src/polyself.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/polyself.c 2013-12-04 08:58:51.644176793 -0700
+@@ -290,7 +290,7 @@ boolean forcecontrol;
+ if(!Polymorph_control && !forcecontrol && !draconian && !iswere &&
+ !isvamp && !Race_if(PM_DOPPELGANGER)) {
+ if (rn2(12) > ACURR(A_CON)) {
+- You(shudder_for_moment);
++ You("%s",shudder_for_moment);
+ losehp(rnd(30), "system shock", KILLED_BY_AN);
+ exercise(A_CON, FALSE);
+ return;
+@@ -312,7 +312,7 @@ boolean forcecontrol;
+ You("cannot polymorph into that.");
+ else break;
+ } while(++tries < 5);
+- if (tries==5) pline(thats_enough_tries);
++ if (tries==5) pline("%s",thats_enough_tries);
+ /* allow skin merging, even when polymorph is controlled */
+ if (draconian &&
+ (mntmp == armor_to_dragon(uarm->otyp) || tries == 5))
+@@ -348,7 +348,7 @@ boolean forcecontrol;
+
+ else break;
+ } while(++tries < 5);
+- if (tries==5) pline(thats_enough_tries);
++ if (tries==5) pline("%s",thats_enough_tries);
+ /* allow skin merging, even when polymorph is controlled */
+ if (draconian &&
+ (mntmp == armor_to_dragon(uarm->otyp) || tries == 5))
+diff -up slashem-0.0.8E0F1/src/potion.c.format-security slashem-0.0.8E0F1/src/potion.c
+--- slashem-0.0.8E0F1/src/potion.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/potion.c 2013-12-04 08:49:30.163845039 -0700
+@@ -1135,7 +1135,7 @@ register const char *txt;
+ You("have a %s feeling for a moment, then it passes.",
+ Hallucination ? "normal" : "strange");
+ else
+- pline(txt);
++ pline("%s",txt);
+
+ if(!obj) /* e.g., crystal ball finds no traps */
+ return;
+@@ -1609,7 +1609,7 @@ register struct obj *obj;
+ pline("It suddenly gets dark.");
+ }
+ make_blinded(itimeout_incr(Blinded, rnd(5)), FALSE);
+- if (!Blind && !u.usleep) Your(vision_clears);
++ if (!Blind && !u.usleep) Your("%s",vision_clears);
+ break;
+ case POT_WATER:
+ if(u.umonnum == PM_GREMLIN) {
+@@ -2774,7 +2774,7 @@ dodip()
+ obj == uball || obj == uskin ||
+ obj_resists(obj->otyp == POT_POLYMORPH ?
+ potion : obj, 5, 95)) {
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ } else {
+ boolean was_wep = FALSE, was_swapwep = FALSE, was_quiver = FALSE;
+ short save_otyp = obj->otyp;
+diff -up slashem-0.0.8E0F1/src/pray.c.format-security slashem-0.0.8E0F1/src/pray.c
+--- slashem-0.0.8E0F1/src/pray.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/pray.c 2013-12-04 08:35:15.756840212 -0700
+@@ -1233,7 +1233,7 @@ offer_oracle (mtmp, otmp)
+
+ /* Make sure it's a corpse */
+ if (otmp->otyp != CORPSE) {
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ return (1);
+ }
+
+@@ -1514,7 +1514,7 @@ verbalize("In return for thy service, I
+ } /* fake Amulet */
+
+ if (value == 0) {
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ return (1);
+ }
+
+diff -up slashem-0.0.8E0F1/src/priest.c.format-security slashem-0.0.8E0F1/src/priest.c
+--- slashem-0.0.8E0F1/src/priest.c.format-security 2013-12-04 09:02:48.000993290 -0700
++++ slashem-0.0.8E0F1/src/priest.c 2013-12-04 09:03:36.555748387 -0700
+@@ -375,8 +375,8 @@ register int roomno;
+ msg1 = buf;
+ }
+ if (can_speak) {
+- verbalize(msg1);
+- if (msg2) verbalize(msg2);
++ verbalize("%s",msg1);
++ if (msg2) verbalize("%s",msg2);
+ }
+ if(!sanctum) {
+ /* !tended -> !shrined */
+@@ -445,7 +445,7 @@ register struct monst *priest;
+ priest->mcanmove = 1;
+ }
+ priest->mpeaceful = 0;
+- verbalize(cranky_msg[rn2(3)]);
++ verbalize("%s",cranky_msg[rn2(3)]);
+ return;
+ }
+
+diff -up slashem-0.0.8E0F1/src/questpgr.c.format-security slashem-0.0.8E0F1/src/questpgr.c
+--- slashem-0.0.8E0F1/src/questpgr.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/questpgr.c 2013-12-04 09:11:32.077331945 -0700
+@@ -365,7 +365,7 @@ struct qtmsg *qt_msg;
+ for (size = 0; size < qt_msg->size; size += (long)strlen(in_line)) {
+ (void) dlb_fgets(in_line, 80, msg_file);
+ convert_line();
+- pline(out_line);
++ pline("%s",out_line);
+ }
+
+ }
+diff -up slashem-0.0.8E0F1/src/read.c.format-security slashem-0.0.8E0F1/src/read.c
+--- slashem-0.0.8E0F1/src/read.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/read.c 2013-12-04 08:43:40.587143575 -0700
+@@ -270,14 +270,14 @@ static void
+ stripspe(obj)
+ register struct obj *obj;
+ {
+- if (obj->blessed) pline(nothing_happens);
++ if (obj->blessed) pline("%s",nothing_happens);
+ else {
+ if (obj->spe > 0) {
+ obj->spe = 0;
+ if (obj->otyp == OIL_LAMP || obj->otyp == BRASS_LANTERN)
+ obj->age = 0;
+ Your("%s %s briefly.",xname(obj), otense(obj, "vibrate"));
+- } else pline(nothing_happens);
++ } else pline("%s",nothing_happens);
+ }
+ }
+
+@@ -391,7 +391,7 @@ int curse_bless;
+ } else if (obj->oclass == SPBOOK_CLASS) {
+
+ if (obj->otyp == SPE_BOOK_OF_THE_DEAD) {
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ return;
+ }
+
+@@ -493,7 +493,7 @@ int curse_bless;
+ if (obj->spe < 3)
+ Your("marker seems permanently dried out.");
+ else
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ } else if (is_blessed) {
+ n = rn1(16,15); /* 15..30 */
+ if (obj->spe + n <= 50)
+@@ -576,7 +576,7 @@ int curse_bless;
+ if (obj->spe < 5) {
+ obj->spe++;
+ p_glow1(obj);
+- } else pline(nothing_happens);
++ } else pline("%s",nothing_happens);
+ }
+ break;
+ case HORN_OF_PLENTY:
+@@ -1597,7 +1597,7 @@ register struct obj *sobj;
+ cc.x = u.ux;
+ cc.y = u.uy;
+ if (getpos(&cc, TRUE, "the desired position") < 0) {
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return 0;
+ }
+ if (!cansee(cc.x, cc.y) || distu(cc.x, cc.y) >= 32) {
+@@ -1755,7 +1755,7 @@ do_class_genocide()
+
+ for(j=0; ; j++) {
+ if (j >= 5) {
+- pline(thats_enough_tries);
++ pline("%s",thats_enough_tries);
+ return;
+ }
+ do {
+@@ -1945,7 +1945,7 @@ int how;
+ } else {
+ for(i = 0; ; i++) {
+ if(i >= 5) {
+- pline(thats_enough_tries);
++ pline("%s",thats_enough_tries);
+ return;
+ }
+ getlin("What monster do you want to genocide? [type the name]",
+@@ -2068,7 +2068,7 @@ int how;
+ if (cnt)
+ pline("Sent in some %s.", makeplural(buf));
+ else
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ }
+ }
+
+@@ -2188,7 +2188,7 @@ create_particular()
+ } while (++tries < 5);
+
+ if (tries == 5) {
+- pline(thats_enough_tries);
++ pline("%s",thats_enough_tries);
+ } else {
+ (void) cant_create(&which, FALSE);
+ whichpm = &mons[which];
+diff -up slashem-0.0.8E0F1/src/region.c.format-security slashem-0.0.8E0F1/src/region.c
+--- slashem-0.0.8E0F1/src/region.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/region.c 2013-12-04 08:35:15.758840200 -0700
+@@ -448,7 +448,7 @@ xchar
+ !regions[i]->attach_2_u && !inside_region(regions[i], x, y)) {
+ clear_hero_inside(regions[i]);
+ if (regions[i]->leave_msg != NULL)
+- pline(regions[i]->leave_msg);
++ pline("%s",regions[i]->leave_msg);
+ if ((f_indx = regions[i]->leave_f) != NO_CALLBACK)
+ (void) (*callbacks[f_indx])(regions[i], (genericptr_t) 0);
+ }
+@@ -459,7 +459,7 @@ xchar
+ !regions[i]->attach_2_u && inside_region(regions[i], x, y)) {
+ set_hero_inside(regions[i]);
+ if (regions[i]->enter_msg != NULL)
+- pline(regions[i]->enter_msg);
++ pline("%s",regions[i]->enter_msg);
+ if ((f_indx = regions[i]->enter_f) != NO_CALLBACK)
+ (void) (*callbacks[f_indx])(regions[i], (genericptr_t) 0);
+ }
+diff -up slashem-0.0.8E0F1/src/restore.c.format-security slashem-0.0.8E0F1/src/restore.c
+--- slashem-0.0.8E0F1/src/restore.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/restore.c 2013-12-04 08:35:15.759840194 -0700
+@@ -778,7 +778,7 @@ boolean ghostly;
+ else
+ Sprintf(trickbuf, "This is level %d, not %d!", dlvl, lev);
+ #ifdef WIZARD
+- if (wizard) pline(trickbuf);
++ if (wizard) pline("%s",trickbuf);
+ #endif
+ trickery(trickbuf);
+ }
+diff -up slashem-0.0.8E0F1/src/rumors.c.format-security slashem-0.0.8E0F1/src/rumors.c
+--- slashem-0.0.8E0F1/src/rumors.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/rumors.c 2013-12-04 08:35:15.759840194 -0700
+@@ -152,7 +152,7 @@ int mechanism;
+ return;
+ else if (Blind) {
+ if (mechanism == BY_COOKIE)
+- pline(fortune_msg);
++ pline("%s",fortune_msg);
+ pline("What a pity that you cannot read it!");
+ return;
+ }
+@@ -170,7 +170,7 @@ int mechanism;
+ exercise(A_WIS, TRUE);
+ return;
+ case BY_COOKIE:
+- pline(fortune_msg);
++ pline("%s",fortune_msg);
+ /* FALLTHRU */
+ case BY_PAPER:
+ pline("It reads:");
+diff -up slashem-0.0.8E0F1/src/shk.c.format-security slashem-0.0.8E0F1/src/shk.c
+--- slashem-0.0.8E0F1/src/shk.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/shk.c 2013-12-04 09:03:55.968650418 -0700
+@@ -644,7 +644,7 @@ register char *enterstring;
+ if (!index(empty_shops, *enterstring) &&
+ in_rooms(u.ux, u.uy, SHOPBASE) !=
+ in_rooms(u.ux0, u.uy0, SHOPBASE))
+- pline(no_shk);
++ pline("%s",no_shk);
+ Strcpy(empty_shops, u.ushops);
+ u.ushops[0] = '\0';
+ return;
+@@ -656,7 +656,7 @@ register char *enterstring;
+ /* dump core when referenced */
+ eshkp->bill_p = (struct bill_x *) -1000;
+ if (!index(empty_shops, *enterstring))
+- pline(no_shk);
++ pline("%s",no_shk);
+ Strcpy(empty_shops, u.ushops);
+ u.ushops[0] = '\0';
+ return;
+@@ -1671,7 +1671,7 @@ proceed:
+ else Strcat(sbuf,
+ "for gold picked up and the use of merchandise.");
+ } else Strcat(sbuf, "for the use of merchandise.");
+- pline(sbuf);
++ pline("%s",sbuf);
+ #ifndef GOLDOBJ
+ if (u.ugold + eshkp->credit < dtmp) {
+ pline("But you don't%s have enough gold%s.",
+@@ -5084,9 +5084,9 @@ struct monst *shkp;
+
+ /* Here we go */
+ if (service > 0)
+- verbalize(we_offer);
++ verbalize("%s",we_offer);
+ else
+- pline(Never_mind);
++ pline("%s",Never_mind);
+
+ switch(service) {
+ case 0:
+@@ -5217,7 +5217,7 @@ shk_armor_works(slang, shkp)
+ n = select_menu(tmpwin, PICK_ONE, &selected);
+ destroy_nhwindow(tmpwin);
+
+- verbalize(we_offer);
++ verbalize("%s",we_offer);
+
+ if (n > 0)
+ switch(selected[0].item.a_int) {
+diff -up slashem-0.0.8E0F1/src/sounds.c.format-security slashem-0.0.8E0F1/src/sounds.c
+--- slashem-0.0.8E0F1/src/sounds.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/sounds.c 2013-12-04 09:17:06.580614512 -0700
+@@ -75,7 +75,7 @@ dosounds()
+ "the splashing of a naiad.",
+ "a soda fountain!",
+ };
+- You_hear(fountain_msg[rn2(3)+hallu]);
++ You_hear("%s",fountain_msg[rn2(3)+hallu]);
+ }
+ #ifdef SINK
+ if (level.flags.nsinks && !rn2(300)) {
+@@ -84,7 +84,7 @@ dosounds()
+ "a gurgling noise.",
+ "dishes being washed!",
+ };
+- You_hear(sink_msg[rn2(2)+hallu]);
++ You_hear("%s",sink_msg[rn2(2)+hallu]);
+ }
+ #endif
+ if (level.flags.has_court && !rn2(200)) {
+@@ -103,7 +103,7 @@ dosounds()
+ /* finding one is enough, at least for now */
+ int which = rn2(3)+hallu;
+
+- if (which != 2) You_hear(throne_msg[which]);
++ if (which != 2) You_hear("%s",throne_msg[which]);
+ else pline(throne_msg[2], uhis());
+ return;
+ }
+@@ -115,7 +115,7 @@ dosounds()
+ "smell marsh gas!", /* so it's a smell...*/
+ "hear Donald Duck!",
+ };
+- You(swamp_msg[rn2(2)+hallu]);
++ You("%s",swamp_msg[rn2(2)+hallu]);
+ return;
+ }
+ if (level.flags.spooky && !rn2(200)) {
+@@ -145,7 +145,7 @@ dosounds()
+ "hear someone praising your valor!",
+ "hear someone singing: \"Jingle bells, jingle bells...\"",
+ };
+- You(spooky_msg[rn2(15)+hallu*9]);
++ You("%s",spooky_msg[rn2(15)+hallu*9]);
+ return;
+ }
+ if (level.flags.has_vault && !rn2(200)) {
+@@ -253,7 +253,7 @@ dosounds()
+ mon_in_room(mtmp, BARRACKS) &&
+ /* sleeping implies not-yet-disturbed (usually) */
+ (mtmp->msleeping || ++count > 5)) {
+- You_hear(barracks_msg[rn2(3)+hallu]);
++ You_hear("%s",barracks_msg[rn2(3)+hallu]);
+ return;
+ }
+ }
+@@ -268,7 +268,7 @@ dosounds()
+ if (DEADMONSTER(mtmp)) continue;
+ if ((mtmp->msleeping || is_animal(mtmp->data)) &&
+ mon_in_room(mtmp, ZOO)) {
+- You_hear(zoo_msg[rn2(2)+hallu]);
++ You_hear("%s",zoo_msg[rn2(2)+hallu]);
+ return;
+ }
+ }
+@@ -286,7 +286,7 @@ dosounds()
+ "the chime of a cash register.",
+ "Neiman and Marcus arguing!",
+ };
+- You_hear(shop_msg[rn2(2)+hallu]);
++ You_hear("%s",shop_msg[rn2(2)+hallu]);
+ }
+ return;
+ }
+@@ -306,7 +306,7 @@ dosounds()
+ };
+ /* KMH -- Give funny messages on Groundhog Day */
+ if (flags.groundhogday) hallu = 1;
+- You_hear(ora_msg[rn2(3)+hallu*2]);
++ You_hear("%s",ora_msg[rn2(3)+hallu*2]);
+ }
+ return;
+ }
+@@ -318,7 +318,7 @@ dosounds()
+ "Somebody whispers: \"Food rations? Only 900 zorkmids.\"",
+ "You feel like searching for more gold.",
+ };
+- pline(blkmar_msg[rn2(2)+hallu]);
++ pline("%s",blkmar_msg[rn2(2)+hallu]);
+ }
+ #endif /* BLACKMARKET */
+ }
+@@ -942,7 +942,7 @@ register struct monst *mtmp;
+ }
+
+ if (pline_msg) pline("%s %s", Monnam(mtmp), pline_msg);
+- else if (verbl_msg) verbalize(verbl_msg);
++ else if (verbl_msg) verbalize("%s",verbl_msg);
+ return(1);
+ }
+
+diff -up slashem-0.0.8E0F1/src/spell.c.format-security slashem-0.0.8E0F1/src/spell.c
+--- slashem-0.0.8E0F1/src/spell.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/spell.c 2013-12-04 08:35:15.763840170 -0700
+@@ -1059,14 +1059,14 @@ boolean atme;
+ break;
+ case SPE_JUMPING:
+ if (!jump(max(role_skill,1)))
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ break;
+ case SPE_RESIST_POISON:
+ if(!(HPoison_resistance & INTRINSIC)) {
+ You("feel healthy ..... for the moment at least.");
+ incr_itimeout(&HPoison_resistance, rn1(1000, 500) +
+ spell_damage_bonus(spellid(spell))*100);
+- } else pline(nothing_happens); /* Already have as intrinsic */
++ } else pline("%s",nothing_happens); /* Already have as intrinsic */
+ break;
+ case SPE_RESIST_SLEEP:
+ if(!(HSleep_resistance & INTRINSIC)) {
+@@ -1076,14 +1076,14 @@ boolean atme;
+ You("no longer feel tired.");
+ incr_itimeout(&HSleep_resistance, rn1(1000, 500) +
+ spell_damage_bonus(spellid(spell))*100);
+- } else pline(nothing_happens); /* Already have as intrinsic */
++ } else pline("%s",nothing_happens); /* Already have as intrinsic */
+ break;
+ case SPE_ENDURE_COLD:
+ if(!(HCold_resistance & INTRINSIC)) {
+ You("feel warmer.");
+ incr_itimeout(&HCold_resistance, rn1(1000, 500) +
+ spell_damage_bonus(spellid(spell))*100);
+- } else pline(nothing_happens); /* Already have as intrinsic */
++ } else pline("%s",nothing_happens); /* Already have as intrinsic */
+ break;
+ case SPE_ENDURE_HEAT:
+ if(!(HFire_resistance & INTRINSIC)) {
+@@ -1093,7 +1093,7 @@ boolean atme;
+ You("feel colder.");
+ incr_itimeout(&HFire_resistance, rn1(1000, 500) +
+ spell_damage_bonus(spellid(spell))*100);
+- } else pline(nothing_happens); /* Already have as intrinsic */
++ } else pline("%s",nothing_happens); /* Already have as intrinsic */
+ break;
+ case SPE_INSULATE:
+ if(!(HShock_resistance & INTRINSIC)) {
+@@ -1103,7 +1103,7 @@ boolean atme;
+ You("are not at all shocked by this feeling.");
+ incr_itimeout(&HShock_resistance, rn1(1000, 500) +
+ spell_damage_bonus(spellid(spell))*100);
+- } else pline(nothing_happens); /* Already have as intrinsic */
++ } else pline("%s",nothing_happens); /* Already have as intrinsic */
+ break;
+ case SPE_ENLIGHTEN:
+ You("feel self-knowledgeable...");
+diff -up slashem-0.0.8E0F1/src/steed.c.format-security slashem-0.0.8E0F1/src/steed.c
+--- slashem-0.0.8E0F1/src/steed.c.format-security 2013-12-04 08:42:12.505469546 -0700
++++ slashem-0.0.8E0F1/src/steed.c 2013-12-04 08:43:05.043253952 -0700
+@@ -58,7 +58,7 @@ use_saddle(otmp)
+
+ /* Select an animal */
+ if (u.uswallow || Underwater || !getdir((char *)0)) {
+- pline(Never_mind);
++ pline("%s",Never_mind);
+ return 0;
+ }
+ if (!u.dx && !u.dy) {
+diff -up slashem-0.0.8E0F1/src/tech.c.format-security slashem-0.0.8E0F1/src/tech.c
+--- slashem-0.0.8E0F1/src/tech.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/tech.c 2013-12-04 08:58:34.531260505 -0700
+@@ -735,7 +735,7 @@ int tech_no;
+ healup(techlev(tech_no) * 4, 0, FALSE, FALSE);
+ t_timeout = 3000;
+ } else
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ break;
+ case T_KIII:
+ You("scream \"KIIILLL!\"");
+@@ -1098,7 +1098,7 @@ int tech_no;
+ break;
+ case T_REVIVE:
+ if (u.uswallow) {
+- You(no_elbow_room);
++ You("%s",no_elbow_room);
+ return 0;
+ }
+ num = 100 - techlev(tech_no); /* WAC make this depend on mon? */
+diff -up slashem-0.0.8E0F1/src/teleport.c.format-security slashem-0.0.8E0F1/src/teleport.c
+--- slashem-0.0.8E0F1/src/teleport.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/teleport.c 2013-12-04 08:59:33.678971034 -0700
+@@ -497,7 +497,7 @@ wiz_debug_cmd() /* in this case, run wpa
+ char buf[BUFSIZ];
+ for(i = 0; ; i++) {
+ if(i >= 5) {
+- pline(thats_enough_tries);
++ pline("%s",thats_enough_tries);
+ return;
+ }
+ getlin("What monster do you want to test? [type the name]", buf);
+@@ -934,7 +934,7 @@ dotele()
+ else tele();
+ (void) next_to_u();
+ } else {
+- You(shudder_for_moment);
++ You("%s",shudder_for_moment);
+ return(0);
+ }
+ if (!trap) morehungry(10);
+@@ -1066,7 +1066,7 @@ level_tele()
+ Is_blackmarket(&u.uz) ||
+ #endif
+ Is_aligned_quest(&u.uz)) && newlev > 0) {
+- You(shudder_for_moment);
++ You("%s",shudder_for_moment);
+ return;
+ }
+ /* if in Quest, the player sees "Home 1", etc., on the status
+@@ -1083,13 +1083,13 @@ level_tele()
+ random_levtport:
+ newlev = random_teleport_level();
+ if (newlev == depth(&u.uz)) {
+- You(shudder_for_moment);
++ You("%s",shudder_for_moment);
+ return;
+ }
+ }
+
+ if (!next_to_u()) {
+- You(shudder_for_moment);
++ You("%s",shudder_for_moment);
+ return;
+ }
+ #ifdef WIZARD
+@@ -1229,7 +1229,7 @@ register struct trap *ttmp;
+ struct d_level target_level;
+
+ if (!next_to_u()) {
+- You(shudder_for_moment);
++ You("%s",shudder_for_moment);
+ return;
+ }
+
+@@ -1263,7 +1263,7 @@ struct trap *trap;
+ shieldeff(u.ux, u.uy);
+ You_feel("a wrenching sensation.");
+ } else if (!next_to_u()) {
+- You(shudder_for_moment);
++ You("%s",shudder_for_moment);
+ } else if (trap->once) {
+ deltrap(trap);
+ newsym(u.ux,u.uy); /* get rid of trap symbol */
+diff -up slashem-0.0.8E0F1/src/timeout.c.format-security slashem-0.0.8E0F1/src/timeout.c
+--- slashem-0.0.8E0F1/src/timeout.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/timeout.c 2013-12-04 08:58:43.258217814 -0700
+@@ -33,7 +33,7 @@ stoned_dialogue()
+ register long i = (Stoned & TIMEOUT);
+
+ if (i > 0L && i <= SIZE(stoned_texts))
+- pline(stoned_texts[SIZE(stoned_texts) - i]);
++ pline("%s",stoned_texts[SIZE(stoned_texts) - i]);
+ if (i == 5L)
+ HFast = 0L;
+ if (i == 3L) {
+@@ -60,7 +60,7 @@ vomiting_dialogue()
+
+ if ((((Vomiting & TIMEOUT) % 3L) == 2) && (i >= 0)
+ && (i < SIZE(vomiting_texts)))
+- You(vomiting_texts[SIZE(vomiting_texts) - i - 1]);
++ You("%s",vomiting_texts[SIZE(vomiting_texts) - i - 1]);
+
+ switch ((int) i) {
+ case 0:
+@@ -107,7 +107,7 @@ choke_dialogue()
+ if (index(str, '%'))
+ pline(str, hcolor(NH_BLUE));
+ else
+- pline(str);
++ pline("%s",str);
+ }
+ }
+ exercise(A_STR, FALSE);
+@@ -137,7 +137,7 @@ slime_dialogue()
+ } else
+ pline(str, an(Hallucination ? rndmonnam() : "green slime"));
+ } else
+- pline(str);
++ pline("%s",str);
+ }
+ if (i == 3L) { /* limbs becoming oozy */
+ HFast = 0L; /* lose intrinsic speed */
+diff -up slashem-0.0.8E0F1/src/trap.c.format-security slashem-0.0.8E0F1/src/trap.c
+--- slashem-0.0.8E0F1/src/trap.c.format-security 2013-12-04 08:48:14.198154136 -0700
++++ slashem-0.0.8E0F1/src/trap.c 2013-12-04 08:59:18.059047552 -0700
+@@ -365,7 +365,7 @@ boolean td; /* td == TRUE : trap door or
+ dont_fall = "are jerked back by your pet!";
+ }
+ if (dont_fall) {
+- You(dont_fall);
++ You("%s",dont_fall);
+ /* hero didn't fall through, but any objects here might */
+ impact_drop((struct obj *)0, u.ux, u.uy, 0);
+ if (!td) {
+@@ -2613,7 +2613,7 @@ domagictrap()
+ if (!resists_blnd(&youmonst)) {
+ You("are momentarily blinded by a flash of light!");
+ make_blinded((long)rn1(5,10),FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ } else if (!Blind) {
+ You("see a flash of light!");
+ } else
+diff -up slashem-0.0.8E0F1/src/uhitm.c.format-security slashem-0.0.8E0F1/src/uhitm.c
+diff -up slashem-0.0.8E0F1/src/u_init.c.format-security slashem-0.0.8E0F1/src/u_init.c
+diff -up slashem-0.0.8E0F1/src/wizard.c.format-security slashem-0.0.8E0F1/src/wizard.c
+diff -up slashem-0.0.8E0F1/src/zap.c.format-security slashem-0.0.8E0F1/src/zap.c
+--- slashem-0.0.8E0F1/src/zap.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/src/zap.c 2013-12-04 09:20:04.245704225 -0700
+@@ -2180,7 +2180,7 @@ dozap()
+ check_unpaid(obj);
+
+ /* zappable addition done by GAN 11/03/86 */
+- if(!zappable(obj)) pline(nothing_happens);
++ if(!zappable(obj)) pline("%s",nothing_happens);
+ else if(obj->cursed && !rn2(5)) {
+ /* WAC made this rn2(5) from rn2(100)*/
+ backfire(obj); /* the wand blows up in your face! */
+@@ -2383,9 +2383,9 @@ boolean ordinary;
+ destroy_item(WAND_CLASS, AD_ELEC);
+ destroy_item(RING_CLASS, AD_ELEC);
+ if (!resists_blnd(&youmonst)) {
+- You(are_blinded_by_the_flash);
++ You("%s",are_blinded_by_the_flash);
+ make_blinded((long)rnd(100),FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ }
+ break;
+
+@@ -2599,10 +2599,10 @@ boolean ordinary;
+ #endif
+ damage += rnd(25);
+ if (!resists_blnd(&youmonst)) {
+- You(are_blinded_by_the_flash);
++ You("%s",are_blinded_by_the_flash);
+ make_blinded((long)damage, FALSE);
+ makeknown(obj->otyp);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ }
+ damage = 0; /* reset */
+ break;
+@@ -2908,7 +2908,7 @@ struct obj *obj; /* wand or spell */
+ case SPE_STONE_TO_FLESH:
+ if (Is_airlevel(&u.uz) || Is_waterlevel(&u.uz) ||
+ Underwater || (Is_qstart(&u.uz) && u.dz < 0)) {
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ } else if (u.dz < 0) { /* we should do more... */
+ pline("Blood drips on your %s.", body_part(FACE));
+ } else if (u.dz > 0 && !OBJ_AT(u.ux, u.uy)) {
+@@ -2919,7 +2919,7 @@ struct obj *obj; /* wand or spell */
+ e = engr_at(u.ux, u.uy);
+ if (!(e && e->engr_type == ENGRAVE)) {
+ if (is_pool(u.ux, u.uy) || is_ice(u.ux, u.uy))
+- pline(nothing_happens);
++ pline("%s",nothing_happens);
+ else
+ pline("Blood %ss %s your %s.",
+ is_lava(u.ux, u.uy) ? "boil" : "pool",
+@@ -4199,9 +4199,9 @@ register int dx,dy;
+ pline("%s whizzes by you!", The(fltxt));
+ }
+ if (abstype == ZT_LIGHTNING && !resists_blnd(&youmonst)) {
+- You(are_blinded_by_the_flash);
++ You("%s",are_blinded_by_the_flash);
+ make_blinded((long)d(nd,50),FALSE);
+- if (!Blind) Your(vision_clears);
++ if (!Blind) Your("%s",vision_clears);
+ }
+ stop_occupation();
+ nomul(0);
+@@ -4374,7 +4374,7 @@ boolean *shopdamage;
+ if (ttmp) ttmp->tseen = 1;
+ if (cansee(x,y)) msgtxt = "The water evaporates.";
+ }
+- Norep(msgtxt);
++ Norep("%s",msgtxt);
+ if (lev->typ == ROOM) newsym(x,y);
+ } else if(IS_FOUNTAIN(lev->typ)) {
+ if (cansee(x,y))
+@@ -4506,12 +4506,12 @@ boolean *shopdamage;
+ lev->doormask = new_doormask;
+ unblock_point(x, y); /* vision */
+ if (cansee(x, y)) {
+- pline(see_txt);
++ pline("%s",see_txt);
+ newsym(x, y);
+ } else if (sense_txt) {
+- You(sense_txt);
++ You("%s",sense_txt);
+ } else if (hear_txt) {
+- if (flags.soundok) You_hear(hear_txt);
++ if (flags.soundok) You_hear("%s",hear_txt);
+ }
+ if (picking_at(x, y)) {
+ stop_occupation();
+@@ -4941,7 +4941,7 @@ retry:
+ if (!otmp) {
+ pline("Nothing fitting that description exists in the game.");
+ if (++tries < 5) goto retry;
+- pline(thats_enough_tries);
++ pline("%s",thats_enough_tries);
+ otmp = readobjnam((char *)0, (struct obj *)0, TRUE);
+ if (!otmp) return; /* for safety; should never happen */
+ } else if (otmp == ¬hing) {
+diff -up slashem-0.0.8E0F1/sys/amiga/txt2iff.c.format-security slashem-0.0.8E0F1/sys/amiga/txt2iff.c
+diff -up slashem-0.0.8E0F1/sys/amiga/winchar.c.format-security slashem-0.0.8E0F1/sys/amiga/winchar.c
+diff -up slashem-0.0.8E0F1/sys/amiga/winmenu.c.format-security slashem-0.0.8E0F1/sys/amiga/winmenu.c
+--- slashem-0.0.8E0F1/sys/amiga/winmenu.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/sys/amiga/winmenu.c 2013-12-04 08:35:15.769840133 -0700
+@@ -822,7 +822,7 @@ DoMenuScroll( win, blocking, how, retmip
+ reset_counting = TRUE;
+ }
+ sprintf(countString, "Count: %d", count);
+- pline(countString);
++ pline("%s",countString);
+ }
+ } else if( code == CTRL('D') || code == CTRL('U') ||
+ code == MENU_NEXT_PAGE || code == MENU_PREVIOUS_PAGE ||
+diff -up slashem-0.0.8E0F1/sys/share/nhlan.c.format-security slashem-0.0.8E0F1/sys/share/nhlan.c
+--- slashem-0.0.8E0F1/sys/share/nhlan.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/sys/share/nhlan.c 2013-12-04 08:35:15.770840127 -0700
+@@ -66,7 +66,7 @@ char *lan_username()
+ # ifdef LAN_MAIL
+ #if 0
+ static void
+-mail_by_pline(msg)
++mail_by_pline("%s",msg)
+ struct lan_mail_struct *msg;
+ {
+ long size;
+@@ -74,7 +74,7 @@ struct lan_mail_struct *msg;
+ for (size = 0; size < qt_msg->size; size += (long)strlen(in_line)) {
+ (void) dlb_fgets(in_line, 80, msg_file);
+ convert_line();
+- pline(out_line);
++ pline("%s",out_line);
+ }
+
+ }
+diff -up slashem-0.0.8E0F1/sys/vms/vmsmail.c.format-security slashem-0.0.8E0F1/sys/vms/vmsmail.c
+diff -up slashem-0.0.8E0F1/util/makedefs.c.format-security slashem-0.0.8E0F1/util/makedefs.c
+--- slashem-0.0.8E0F1/util/makedefs.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/util/makedefs.c 2013-12-04 08:35:15.771840121 -0700
+@@ -384,7 +384,7 @@ do_rumors()
+ perror(filename);
+ exit(EXIT_FAILURE);
+ }
+- Fprintf(ofp,Dont_Edit_Data);
++ Fprintf(ofp,"%s",Dont_Edit_Data);
+
+ Sprintf(infile, DATA_IN_TEMPLATE, RUMOR_FILE);
+ Strcat(infile, ".tru");
+@@ -608,7 +608,7 @@ do_date()
+ exit(EXIT_FAILURE);
+ }
+ Fprintf(ofp,"/*\tSCCS Id: @(#)date.h\t3.4\t2002/02/03 */\n\n");
+- Fprintf(ofp,Dont_Edit_Code);
++ Fprintf(ofp,"%s",Dont_Edit_Code);
+
+ #ifdef KR1ED
+ (void) time(&clocktim);
+@@ -1388,7 +1388,7 @@ do_dungeon()
+ perror(filename);
+ exit(EXIT_FAILURE);
+ }
+- Fprintf(ofp,Dont_Edit_Data);
++ Fprintf(ofp,"%s",Dont_Edit_Data);
+
+ while (fgets(in_line, sizeof in_line, ifp) != 0) {
+ SpinCursor(3);
+@@ -1513,7 +1513,7 @@ do_monstr()
+ perror(filename);
+ exit(EXIT_FAILURE);
+ }
+- Fprintf(ofp,Dont_Edit_Code);
++ Fprintf(ofp,"%s",Dont_Edit_Code);
+ Fprintf(ofp,"#include \"config.h\"\n");
+ Fprintf(ofp,"\nconst int monstr[] = {\n");
+ for (ptr = &mons[0], j = 0; ptr->mlet; ptr++) {
+@@ -1554,7 +1554,7 @@ do_permonst()
+ exit(EXIT_FAILURE);
+ }
+ Fprintf(ofp,"/*\tSCCS Id: @(#)pm.h\t3.4\t2002/02/03 */\n\n");
+- Fprintf(ofp,Dont_Edit_Code);
++ Fprintf(ofp,"%s",Dont_Edit_Code);
+ Fprintf(ofp,"#ifndef PM_H\n#define PM_H\n");
+
+ if (strcmp(mons[0].mname, "playermon") != 0)
+@@ -1869,7 +1869,7 @@ do_objs()
+ exit(EXIT_FAILURE);
+ }
+ Fprintf(ofp,"/*\tSCCS Id: @(#)onames.h\t3.4\t2002/02/03 */\n\n");
+- Fprintf(ofp,Dont_Edit_Code);
++ Fprintf(ofp,"%s",Dont_Edit_Code);
+ Fprintf(ofp,"#ifndef ONAMES_H\n#define ONAMES_H\n\n");
+
+ for(i = 0; !i || objects[i].oc_class != ILLOBJ_CLASS; i++) {
+@@ -2024,7 +2024,7 @@ do_vision()
+ perror(filename);
+ exit(EXIT_FAILURE);
+ }
+- Fprintf(ofp,Dont_Edit_Code);
++ Fprintf(ofp,"%s",Dont_Edit_Code);
+ Fprintf(ofp,"#ifdef VISION_TABLES\n");
+ #ifdef VISION_TABLES
+ H_close_gen();
+@@ -2049,7 +2049,7 @@ do_vision()
+ Unlink(filename);
+ exit(EXIT_FAILURE);
+ }
+- Fprintf(ofp,Dont_Edit_Code);
++ Fprintf(ofp,"%s",Dont_Edit_Code);
+ Fprintf(ofp,"#include \"config.h\"\n");
+ Fprintf(ofp,"#ifdef VISION_TABLES\n");
+ Fprintf(ofp,"#include \"vis_tab.h\"\n");
+@@ -2381,7 +2381,7 @@ do_filenames()
+ exit(EXIT_FAILURE);
+ }
+ Fprintf(ofp,"/*\tSCCS Id: @(#)filename.h\t3.2\t96/05/17 */\n\n");
+- Fprintf(ofp,Dont_Edit_Code);
++ Fprintf(ofp,"%s",Dont_Edit_Code);
+
+ /*OPEN file*/
+ Sprintf(infile, INCLUDE_TEMPLATE, FILE_H);
+diff -up slashem-0.0.8E0F1/win/proxy/winproxy.c.format-security slashem-0.0.8E0F1/win/proxy/winproxy.c
+--- slashem-0.0.8E0F1/win/proxy/winproxy.c.format-security 2006-12-30 06:04:53.000000000 -0700
++++ slashem-0.0.8E0F1/win/proxy/winproxy.c 2013-12-04 08:35:15.771840121 -0700
+@@ -422,7 +422,7 @@ const char *error;
+ (void) fflush(stderr);
+ hangup(0);
+ } else {
+- pline(error);
++ pline("%s",error);
+ pline("Program in disorder - perhaps you'd better #quit.");
+ }
+ }
+diff -up slashem-0.0.8E0F1/win/win32/winhack.c.format-security slashem-0.0.8E0F1/win/win32/winhack.c
diff --git a/slashem.spec b/slashem.spec
index 7cb0f35..fbbb0d3 100644
--- a/slashem.spec
+++ b/slashem.spec
@@ -1,6 +1,6 @@
Name: slashem
Version: 0.0.8
-Release: 0.13.E0F1%{?dist}
+Release: 0.14.E0F1%{?dist}
Summary: Super Lotsa Added Stuff Hack - Extended Magic
Group: Amusements/Games
@@ -13,6 +13,8 @@ Patch0: slashem-config.patch
Patch1: slashem-libpng-1.5.patch
# update config.guess and config.sub to recognize aarch64
Patch2: slashem-aarch64.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1037330
+Patch3: slashem-format-security.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: ncurses-devel
@@ -58,6 +60,7 @@ SLASH'EM is the (continuing) saga of one such variant...
%patch0 -p 1 -b .config
%patch1 -p 1 -b .libpng
%patch2 -p 1 -b .aarch64
+%patch3 -p 1 -b .format-security
sed -i \
-e 's:^\(#define FILE_AREA_VAR\).*:\1 "%{fa_var}/":' \
@@ -158,6 +161,9 @@ rm -rf %{buildroot}
%changelog
+* Wed Dec 04 2013 Iain Arnell <iarnell at gmail.com> 0.0.8-0.14.E0F1
+- apply patch to avoid format-security errors (RHBZ#1037330)
+
* Sat Aug 10 2013 Iain Arnell <iarnell at gmail.com> 0.0.8-0.13.E0F1
- use _pkgdocdir macro
More information about the scm-commits
mailing list