--- a/drgeo-1.1.0-format-security.patch	
+++ a/drgeo-1.1.0-format-security.patch	
@@ -0,0 +1,82 @@ 
+These are actually arrays of string literals, but there doesn't seem to
+be a way of convincing gcc of that
+
+--- a/geo/drgeo_postscriptdrawable.cc
++++ b/geo/drgeo_postscriptdrawable.cc
+@@ -130,8 +130,8 @@ drgeoPostScriptDrawable::drawPoint (drgeoStyle & style, drgeoPoint & point)
+   p = areaToPostScript (point);
+ 
+   /* we're initializing color and line width */
+-  fprintf (fileHandle, postscriptColor[style.color]);
+-  fprintf (fileHandle, postscriptLineWidth[drgeoThicknessNormal + 1]);
++  fprintf (fileHandle, "%s", postscriptColor[style.color]);
++  fprintf (fileHandle, "%s", postscriptLineWidth[drgeoThicknessNormal + 1]);
+ 
+   switch (style.pointShape)
+     {
+@@ -207,9 +207,9 @@ drawPolygon (drgeoStyle & style, drgeoPoint * point, gint number)
+   gint nb;
+ 
+   /* we're initializing color and line width */
+-  fprintf (fileHandle, postscriptColor[style.color]);
++  fprintf (fileHandle, "%s", postscriptColor[style.color]);
+   /* Invisible line. */
+-  fprintf (fileHandle, postscriptLineWidth[0]);
++  fprintf (fileHandle, "%s", postscriptLineWidth[0]);
+ 
+   fprintf (fileHandle, "%%Polygon\nnewpath\n");
+ 
+@@ -235,11 +235,11 @@ drawSegment (drgeoStyle & style, drgeoPoint & start, drgeoPoint & end)
+   p2 = areaToPostScript (end);
+   p1 = areaToPostScript (start);
+ 
+-  fprintf (fileHandle, postscriptColor[style.color]);
++  fprintf (fileHandle, "%s", postscriptColor[style.color]);
+   if (style.mask == yes)
+-    fprintf (fileHandle, postscriptLineWidth[0]);
++    fprintf (fileHandle, "%s", postscriptLineWidth[0]);
+   else
+-    fprintf (fileHandle, postscriptLineWidth[style.thick + 1]);
++    fprintf (fileHandle, "%s", postscriptLineWidth[style.thick + 1]);
+   fprintf (fileHandle,
+ 	   "%% Segment\n%f %f moveto %f %f lineto stroke\n",
+ 	   p1.getX () * PostScriptScale, p1.getY () * PostScriptScale,
+@@ -263,11 +263,11 @@ drawCircle (drgeoStyle & style, drgeoPoint & center, double radius)
+   drgeoPoint p;
+ 
+   p = areaToPostScript (center);
+-  fprintf (fileHandle, postscriptColor[style.color]);
++  fprintf (fileHandle, "%s", postscriptColor[style.color]);
+   if (style.mask == yes)
+-    fprintf (fileHandle, postscriptLineWidth[0]);
++    fprintf (fileHandle, "%s", postscriptLineWidth[0]);
+   else
+-    fprintf (fileHandle, postscriptLineWidth[style.thick + 1]);
++    fprintf (fileHandle, "%s", postscriptLineWidth[style.thick + 1]);
+   fprintf (fileHandle,
+ 	   /* is there a better way to draw a circle in ps ? */
+ 	   "%% Circle\n%f %f moveto %f %f %f 0 360 arc closepath stroke\n",
+@@ -285,11 +285,11 @@ drawArc (drgeoStyle & style, drgeoPoint & center, double radius,
+   drgeoPoint p, startPoint;
+ 
+   p = areaToPostScript (center);
+-  fprintf (fileHandle, postscriptColor[style.color]);
++  fprintf (fileHandle, "%s", postscriptColor[style.color]);
+   if (style.mask == yes)
+-    fprintf (fileHandle, postscriptLineWidth[0]);
++    fprintf (fileHandle, "%s", postscriptLineWidth[0]);
+   else
+-    fprintf (fileHandle, postscriptLineWidth[style.thick + 1]);
++    fprintf (fileHandle, "%s", postscriptLineWidth[style.thick + 1]);
+ 
+ 
+ 
+@@ -336,7 +336,7 @@ drawText (drgeoPoint & where, char *text, drgeoColorType fontColor)
+   // FIXME: how to handle this correctly ?
+   convString = g_convert (text, -1, "iso8859-1", "utf-8", NULL, NULL, NULL);
+ 
+-  fprintf (fileHandle, postscriptColor[fontColor]);
++  fprintf (fileHandle, "%s", postscriptColor[fontColor]);
+   /* The size of the font is arbitrary : 10 points */
+   fprintf (fileHandle,
+ 	   "%% Text\n/Times findfont 10 scalefont setfont %f %f moveto (%s) show\n",