Bug#1075379: Uploaded fixed version as NMU
Thanks Marga, just merged your MR. IMHO this is one of the worst
things the gcc folks have done in years, but we to cope with it. :-/
Cheers,
Steve
On Sun, Apr 06, 2025 at 03:52:07PM +0200, Margarita Manterola wrote:
>Hi,
>
>I have prepared a non-maintainer upload of pesign, including the upstream
>patch mentioned above.
>
>I have uploaded this version to the 5 day delayed queue.
>
>I'm attaching the debdiff of the NMU version. I will also send this as a
>merge request in salsa, in case that's your preferred workflow.
>
>--
>Regards,
>Marga
>diff -Nru pesign-116/debian/changelog pesign-116/debian/changelog
>--- pesign-116/debian/changelog 2024-07-14 19:47:52.000000000 +0200
>+++ pesign-116/debian/changelog 2025-04-06 15:28:31.000000000 +0200
>@@ -1,3 +1,11 @@
>+pesign (116-8.1) unstable; urgency=medium
>+
>+ * Non-maintainer upload.
>+ * Add upstream patch to fix calloc parameter order, that was causing an
>+ FTBFS with GCC-14. Closes: #1075379.
>+
>+ -- Margarita Manterola <marga@debian.org> Sun, 06 Apr 2025 15:28:31 +0200
>+
> pesign (116-8) unstable; urgency=medium
>
> * Stop installing things outside of /usr. Closes: #1073639.
>diff -Nru pesign-116/debian/patches/fix-calloc-parameter-order.patch pesign-116/debian/patches/fix-calloc-parameter-order.patch
>--- pesign-116/debian/patches/fix-calloc-parameter-order.patch 1970-01-01 01:00:00.000000000 +0100
>+++ pesign-116/debian/patches/fix-calloc-parameter-order.patch 2025-04-06 15:28:31.000000000 +0200
>@@ -0,0 +1,38 @@
>+From 1f9e2fa0b4d872fdd01ca3ba81b04dfb1211a187 Mon Sep 17 00:00:00 2001
>+From: Stephen Gallagher <sgallagh@redhat.com>
>+Date: Fri, 2 Feb 2024 09:32:48 -0500
>+Subject: [PATCH] Fix reversed calloc() arguments
>+
>+The prototype is "void *calloc(size_t nelem, size_t elsize);"
>+
>+These two instances had them reversed, almost certainly leading to
>+buffer overflow issues. This was detected by
>+-Werror=calloc-transposed-args on gcc.
>+
>+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
>+---
>+ src/pesigcheck.c | 4 ++--
>+ 1 file changed, 2 insertions(+), 2 deletions(-)
>+
>+diff --git a/src/pesigcheck.c b/src/pesigcheck.c
>+index 6dc67f7..8119cf1 100644
>+--- a/src/pesigcheck.c
>++++ b/src/pesigcheck.c
>+@@ -240,7 +240,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
>+
>+ cert_iter iter;
>+
>+- reasonps = calloc(sizeof(struct reason), 512);
>++ reasonps = calloc(512, sizeof(struct reason));
>+ if (!reasonps)
>+ err(1, "check_signature");
>+
>+@@ -281,7 +281,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,
>+
>+ num_reasons += 16;
>+
>+- new_reasons = calloc(sizeof(struct reason), num_reasons);
>++ new_reasons = calloc(num_reasons, sizeof(struct reason));
>+ if (!new_reasons)
>+ err(1, "check_signature");
>+ reasonps = new_reasons;
>diff -Nru pesign-116/debian/patches/series pesign-116/debian/patches/series
>--- pesign-116/debian/patches/series 2024-07-14 19:47:52.000000000 +0200
>+++ pesign-116/debian/patches/series 2025-04-06 15:28:31.000000000 +0200
>@@ -2,3 +2,4 @@
> 0001-Make.defaults-Use-relative-path-to-include-dir.patch
> stop_arm_linker_wchar_warnings.patch
> t64-fix.patch
>+fix-calloc-parameter-order.patch
--
Steve McIntyre, Cambridge, UK. steve@einval.com
Getting a SCSI chain working is perfectly simple if you remember that there
must be exactly three terminations: one on one end of the cable, one on the
far end, and the goat, terminated over the SCSI chain with a silver-handled
knife whilst burning *black* candles. --- Anthony DeBoer
Reply to: