Fix warnings related to secruity concerns on varargs functions. By specifying
"%s" on single string calls to sprintf() (and related) it's not possible to
have a % in the input string causing random data to be read off the stack.
This is a non-POSIX/ISO-C header. It is ok to include this on Linux, but it
is obsolete on BSD; FreeBSD even throws an error if you include it with
__STDC__ defined. Every system should nowadays have malloc() defined in
stdlib.h.
Diff is largely mechanical, replacing malloc.h with stdlib.h where it is not
yet included anyway.
wmoxam