File libpano-CVE-2021-20307.patch of Package libpano

Index: libpano13-2.9.19/file.c
===================================================================
--- libpano13-2.9.19.orig/file.c	2014-02-17 23:04:42.000000000 +0100
+++ libpano13-2.9.19/file.c	2021-04-20 12:39:40.305315545 +0200
@@ -2910,6 +2910,16 @@ int panoFileOutputNamesCreate(fullPath *
         }
         strcat(outputPrefix, DEFAULT_PREFIX_NUMBER_FORMAT);
     }
+    else {
+        // TODO: sanitize outputPrefix, only a single format specifier %??d or %??i
+        // is allowed, all other should be escaped
+        // until this is implemented refuse to process further if prefix string
+        // contains a percentage sign to prevent string vulnerability in 
+        // sprintf(outputFilename, outputPrefix ...) below
+        PrintError("Output prefix must not contain a percentage sign");
+        return 0;
+    }
+
 
     for (i =0; i< filesCount ; i++) {
         sprintf( outputFilename, outputPrefix, i );
Index: libpano13-2.9.19/tools/PTcrop.c
===================================================================
--- libpano13-2.9.19.orig/tools/PTcrop.c	2021-04-20 12:39:40.305315545 +0200
+++ libpano13-2.9.19/tools/PTcrop.c	2021-04-20 12:41:14.369859007 +0200
@@ -36,7 +36,7 @@
 
 #define PT_CROP_USAGE "PTuncrop [options] <inputFiles+>\n\n" \
     "Options:\n"                                                        \
-    "\t-p <prefix>\tPrefix for output files (defaults to " DEFAULT_PREFIX "%%4d)\n"	\
+    "\t-p <prefix>\tPrefix for output files (defaults to " DEFAULT_PREFIX ")\n"	\
     "\t-f\t\tForce processing: Overwrite output files if they exists (use with care)\n"      \
     "\t-x\t\tDelete source files (use with care)\n"\
     "\t-q\t\tQuiet run\n"\