Hi,
I have prepared a non-maintainer upload of pesign, including the
upstream patch mentioned above.
I have uploaded this version to the 5 day delayed queue.
I'm attaching the debdiff of the NMU version. I will also send this as a
merge request in salsa, in case that's your preferred workflow.
--
Regards,
Marga
diff -Nru pesign-116/debian/changelog pesign-116/debian/changelog
--- pesign-116/debian/changelog 2024-07-14 19:47:52.000000000 +0200
+++ pesign-116/debian/changelog 2025-04-06 15:28:31.000000000 +0200
@@ -1,3 +1,11 @@
+pesign (116-8.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add upstream patch to fix calloc parameter order, that was causing an
+ FTBFS with GCC-14. Closes: #1075379.
+
+ -- Margarita Manterola <ma...@debian.org> Sun, 06 Apr 2025 15:28:31 +0200
+
pesign (116-8) unstable; urgency=medium
* Stop installing things outside of /usr. Closes: #1073639.
diff -Nru pesign-116/debian/patches/fix-calloc-parameter-order.patch pesign-116/debian/patches/fix-calloc-parameter-order.patch
--- pesign-116/debian/patches/fix-calloc-parameter-order.patch 1970-01-01 01:00:00.000000000 +0100
+++ pesign-116/debian/patches/fix-calloc-parameter-order.patch 2025-04-06 15:28:31.000000000 +0200
@@ -0,0 +1,38 @@
+From 1f9e2fa0b4d872fdd01ca3ba81b04dfb1211a187 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgall...@redhat.com>
+Date: Fri, 2 Feb 2024 09:32:48 -0500
+Subject: [PATCH] Fix reversed calloc() arguments
+
+The prototype is "void *calloc(size_t nelem, size_t elsize);"
+
+These two instances had them reversed, almost certainly leading to
+buffer overflow issues. This was detected by
+-Werror=calloc-transposed-args on gcc.
+
+Signed-off-by: Stephen Gallagher <sgall...@redhat.com>
+---
+ src/pesigcheck.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/pesigcheck.c b/src/pesigcheck.c
+index 6dc67f7..8119cf1 100644
+--- a/src/pesigcheck.c
++++ b/src/pesigcheck.c
+@@ -240,7 +240,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
+
+ cert_iter iter;
+
+- reasonps = calloc(sizeof(struct reason), 512);
++ reasonps = calloc(512, sizeof(struct reason));
+ if (!reasonps)
+ err(1, "check_signature");
+
+@@ -281,7 +281,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
+
+ num_reasons += 16;
+
+- new_reasons = calloc(sizeof(struct reason), num_reasons);
++ new_reasons = calloc(num_reasons, sizeof(struct reason));
+ if (!new_reasons)
+ err(1, "check_signature");
+ reasonps = new_reasons;
diff -Nru pesign-116/debian/patches/series pesign-116/debian/patches/series
--- pesign-116/debian/patches/series 2024-07-14 19:47:52.000000000 +0200
+++ pesign-116/debian/patches/series 2025-04-06 15:28:31.000000000 +0200
@@ -2,3 +2,4 @@
0001-Make.defaults-Use-relative-path-to-include-dir.patch
stop_arm_linker_wchar_warnings.patch
t64-fix.patch
+fix-calloc-parameter-order.patch
