1 files changed, 108 insertions, 0 deletions

diff --git a/debian/patches/71_ftbfs_format_security.patch b/debian/patches/71_ftbfs_format_security.patch
new file mode 100644
index 0000000..08be8c7
--- /dev/null
+++ b/debian/patches/71_ftbfs_format_security.patch
@@ -0,0 +1,108 @@
+---
+ lib/argp-parse.c   |    2 +-
+ telnet/utilities.c |   36 ++++++++++++++++++------------------
+ 2 files changed, 19 insertions(+), 19 deletions(-)
+
+--- a/telnet/utilities.c
++++ b/telnet/utilities.c
+@@ -876,7 +876,7 @@ printsub (char direction, unsigned char
+ 	      fprintf (NetTrace, "INFO ");
+ 	    env_common:
+ 	      {
+-		register int noquote = 2;
++		const char *quote = "";
+ #if defined ENV_HACK && defined OLD_ENVIRON
+ 		extern int old_env_var, old_env_value;
+ #endif
+@@ -891,15 +891,15 @@ printsub (char direction, unsigned char
+ 			  {
+ # ifdef	ENV_HACK
+ 			    if (old_env_var == OLD_ENV_VALUE)
+-			      fprintf (NetTrace, "\" (VALUE) " + noquote);
++			      fprintf (NetTrace, "%s(VALUE) ", quote);
+ 			    else
+ # endif
+-			      fprintf (NetTrace, "\" VAR " + noquote);
++			      fprintf (NetTrace, "%sVAR ", quote);
+ 			  }
+ 			else
+ #endif /* OLD_ENVIRON */
+-			  fprintf (NetTrace, "\" VALUE " + noquote);
+-			noquote = 2;
++			  fprintf (NetTrace, "%sVALUE ", quote);
++			quote = "";
+ 			break;
+ 
+ 		      case NEW_ENV_VAR:
+@@ -909,47 +909,47 @@ printsub (char direction, unsigned char
+ 			  {
+ # ifdef	ENV_HACK
+ 			    if (old_env_value == OLD_ENV_VAR)
+-			      fprintf (NetTrace, "\" (VAR) " + noquote);
++			      fprintf (NetTrace, "%s(VAR) ", quote);
+ 			    else
+ # endif
+-			      fprintf (NetTrace, "\" VALUE " + noquote);
++			      fprintf (NetTrace, "%sVALUE ", quote);
+ 			  }
+ 			else
+ #endif /* OLD_ENVIRON */
+-			  fprintf (NetTrace, "\" VAR " + noquote);
+-			noquote = 2;
++			  fprintf (NetTrace, "%sVAR ", quote);
++			quote = "";
+ 			break;
+ 
+ 		      case ENV_ESC:
+-			fprintf (NetTrace, "\" ESC " + noquote);
+-			noquote = 2;
++			fprintf (NetTrace, "%sESC ", quote);
++			quote = "";
+ 			break;
+ 
+ 		      case ENV_USERVAR:
+-			fprintf (NetTrace, "\" USERVAR " + noquote);
+-			noquote = 2;
++			fprintf (NetTrace, "%sUSERVAR ", quote);
++			quote = "";
+ 			break;
+ 
+ 		      default:
+ 			if (isprint (pointer[i]) && pointer[i] != '"')
+ 			  {
+-			    if (noquote)
++			    if (quote[0] == '\0')
+ 			      {
+ 				putc ('"', NetTrace);
+-				noquote = 0;
++				quote = "\" ";
+ 			      }
+ 			    putc (pointer[i], NetTrace);
+ 			  }
+ 			else
+ 			  {
+-			    fprintf (NetTrace, "\" %03o " + noquote,
++			    fprintf (NetTrace, "%s%03o ", quote,
+ 				     pointer[i]);
+-			    noquote = 2;
++			    quote = "";
+ 			  }
+ 			break;
+ 		      }
+ 		  }
+-		if (!noquote)
++		if (quote[0] != '\0')
+ 		  putc ('"', NetTrace);
+ 		break;
+ 	      }
+--- a/lib/argp-parse.c
++++ b/lib/argp-parse.c
+@@ -154,7 +154,7 @@ argp_version_parser (int key, char *arg,
+       else if (argp_program_version)
+         fprintf (state->out_stream, "%s\n", argp_program_version);
+       else
+-        __argp_error (state, dgettext (state->root_argp->argp_domain,
++        __argp_error (state, "%s", dgettext (state->root_argp->argp_domain,
+                                        "(PROGRAM ERROR) No version known!?"));
+       if (! (state->flags & ARGP_NO_EXIT))
+         exit (0);