Thanks Marga, just merged your MR. IMHO this is one of the worst things the gcc folks have done in years, but we to cope with it. :-/
Cheers, Steve On Sun, Apr 06, 2025 at 03:52:07PM +0200, Margarita Manterola wrote: >Hi, > >I have prepared a non-maintainer upload of pesign, including the upstream >patch mentioned above. > >I have uploaded this version to the 5 day delayed queue. > >I'm attaching the debdiff of the NMU version. I will also send this as a >merge request in salsa, in case that's your preferred workflow. > >-- >Regards, >Marga >diff -Nru pesign-116/debian/changelog pesign-116/debian/changelog >--- pesign-116/debian/changelog 2024-07-14 19:47:52.000000000 +0200 >+++ pesign-116/debian/changelog 2025-04-06 15:28:31.000000000 +0200 >@@ -1,3 +1,11 @@ >+pesign (116-8.1) unstable; urgency=medium >+ >+ * Non-maintainer upload. >+ * Add upstream patch to fix calloc parameter order, that was causing an >+ FTBFS with GCC-14. Closes: #1075379. >+ >+ -- Margarita Manterola <ma...@debian.org> Sun, 06 Apr 2025 15:28:31 +0200 >+ > pesign (116-8) unstable; urgency=medium > > * Stop installing things outside of /usr. Closes: #1073639. >diff -Nru pesign-116/debian/patches/fix-calloc-parameter-order.patch >pesign-116/debian/patches/fix-calloc-parameter-order.patch >--- pesign-116/debian/patches/fix-calloc-parameter-order.patch 1970-01-01 >01:00:00.000000000 +0100 >+++ pesign-116/debian/patches/fix-calloc-parameter-order.patch 2025-04-06 >15:28:31.000000000 +0200 >@@ -0,0 +1,38 @@ >+From 1f9e2fa0b4d872fdd01ca3ba81b04dfb1211a187 Mon Sep 17 00:00:00 2001 >+From: Stephen Gallagher <sgall...@redhat.com> >+Date: Fri, 2 Feb 2024 09:32:48 -0500 >+Subject: [PATCH] Fix reversed calloc() arguments >+ >+The prototype is "void *calloc(size_t nelem, size_t elsize);" >+ >+These two instances had them reversed, almost certainly leading to >+buffer overflow issues. This was detected by >+-Werror=calloc-transposed-args on gcc. >+ >+Signed-off-by: Stephen Gallagher <sgall...@redhat.com> >+--- >+ src/pesigcheck.c | 4 ++-- >+ 1 file changed, 2 insertions(+), 2 deletions(-) >+ >+diff --git a/src/pesigcheck.c b/src/pesigcheck.c >+index 6dc67f7..8119cf1 100644 >+--- a/src/pesigcheck.c >++++ b/src/pesigcheck.c >+@@ -240,7 +240,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons, >+ >+ cert_iter iter; >+ >+- reasonps = calloc(sizeof(struct reason), 512); >++ reasonps = calloc(512, sizeof(struct reason)); >+ if (!reasonps) >+ err(1, "check_signature"); >+ >+@@ -281,7 +281,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons, >+ >+ num_reasons += 16; >+ >+- new_reasons = calloc(sizeof(struct reason), >num_reasons); >++ new_reasons = calloc(num_reasons, sizeof(struct >reason)); >+ if (!new_reasons) >+ err(1, "check_signature"); >+ reasonps = new_reasons; >diff -Nru pesign-116/debian/patches/series pesign-116/debian/patches/series >--- pesign-116/debian/patches/series 2024-07-14 19:47:52.000000000 +0200 >+++ pesign-116/debian/patches/series 2025-04-06 15:28:31.000000000 +0200 >@@ -2,3 +2,4 @@ > 0001-Make.defaults-Use-relative-path-to-include-dir.patch > stop_arm_linker_wchar_warnings.patch > t64-fix.patch >+fix-calloc-parameter-order.patch -- Steve McIntyre, Cambridge, UK. st...@einval.com Getting a SCSI chain working is perfectly simple if you remember that there must be exactly three terminations: one on one end of the cable, one on the far end, and the goat, terminated over the SCSI chain with a silver-handled knife whilst burning *black* candles. --- Anthony DeBoer
