app-text/barcode: fix format security issue

Closes: https://bugs.gentoo.org/521128
Signed-off-by: Matthias Maier <tamiko@gentoo.org>

2 files changed, 20 insertions, 0 deletions

diff --git a/app-text/barcode/barcode-0.99-r1.ebuild b/app-text/barcode/barcode-0.99-r1.ebuild
index 7afa62168be7..9e4012d3f2a0 100644
--- a/app-text/barcode/barcode-0.99-r1.ebuild
+++ b/app-text/barcode/barcode-0.99-r1.ebuild
@@ -19,6 +19,7 @@ DEPEND="${RDEPEND}"
 PATCHES=(
 	"${FILESDIR}"/${P}-fno-common.patch
 	"${FILESDIR}"/${P}-install-static-lib.patch
+	"${FILESDIR}"/${P}-not-a-literal-string.patch
 )
 
 src_prepare() {
diff --git a/app-text/barcode/files/barcode-0.99-not-a-literal-string.patch b/app-text/barcode/files/barcode-0.99-not-a-literal-string.patch
new file mode 100644
index 000000000000..63b49d25c058
--- /dev/null
+++ b/app-text/barcode/files/barcode-0.99-not-a-literal-string.patch
@@ -0,0 +1,19 @@
+Taken from: https://lists.gnu.org/archive/html/bug-barcode/2021-09/msg00000.html
+Author: https://lists.gnu.org/archive/html/bug-barcode/2021-09/msg00000.html
+---
+ plessey.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plessey.c b/plessey.c
+index 2f59e39..3089a3c 100644
+--- a/plessey.c
++++ b/plessey.c
+@@ -149,7 +149,7 @@ int Barcode_pls_encode(struct Barcode_Item *bc)
+                         checkptr[i+j] ^= check[j];
+     }
+     for (i = 0; i < 8; i++) {
+-        sprintf(ptr, patterns[checkptr[strlen(text) * 4 + i]]);
++        sprintf(ptr, "%s", patterns[checkptr[strlen(text) * 4 + i]]);
+ 	ptr += 2;
+     }
+     fprintf(stderr, _("CRC: "));