diff --git a/arch/distcc-avahi/PKGBUILD b/arch/distcc-avahi/PKGBUILD
index 699b3117c..e41a2e796 100644
--- a/arch/distcc-avahi/PKGBUILD
+++ b/arch/distcc-avahi/PKGBUILD
@@ -10,7 +10,7 @@
 pkgname=distcc-avahi
 _pkgname=distcc
 pkgver=3.4
-pkgrel=16
+pkgrel=17
 pkgdesc="Distributed compilation service for C, C++ and Objective-C (with Avahi/Zeroconf support)"
 arch=('x86_64' 'aarch64')
 url="https://github.com/distcc/distcc"
@@ -27,16 +27,19 @@ source=(
     "distccd.conf"
     "distccd.service"
     "distcc.tmpfiles"
+    "fix-gcc-rewrite-fqn-overflow.patch"
 )
 sha256sums=(
     '37a34c9555498a1168fea026b292ab07e7bb394715d87d8403e0c33b16d2d008'
     '38cb1912bfa15efd762dd868e049bdbcd58f1a46065255bc4648f821ba516d65'
     'a4f1d1bb21d61d41f22e918b448cfb852a6d95b0d3b922bd82805090cb2ce41a'
     'd8aee2eb895c02a39e0f2b76fd4a5c9dce91405f1c443286ca324628eadbf3f1'
+    '7ff56af2ea505bfbf65ceeb0c8f752295f73ffb1173c26a6e978840fad04f651'
 )
 
 prepare() {
     cd "${_pkgname}-${pkgver}"
+    patch -p1 -i "${srcdir}/fix-gcc-rewrite-fqn-overflow.patch"
     autoreconf -fiv
 }
 
diff --git a/arch/distcc-avahi/fix-gcc-rewrite-fqn-overflow.patch b/arch/distcc-avahi/fix-gcc-rewrite-fqn-overflow.patch
new file mode 100644
index 000000000..04c39b32c
--- /dev/null
+++ b/arch/distcc-avahi/fix-gcc-rewrite-fqn-overflow.patch
@@ -0,0 +1,21 @@
+Description: fix off-by-paren in dcc_gcc_rewrite_fqn buffer sizing
+ src/compile.c's dcc_gcc_rewrite_fqn() allocates a buffer for
+ "<target>-<argv[0]>\0" but writes strlen(argv[0] + 1) — pointer
+ arithmetic *then* strlen, which under-allocates by 2 bytes and trips
+ glibc FORTIFY_SOURCE=2 with "*** buffer overflow detected ***"
+ on any `distcc gcc …` invocation.
+ Intent was strlen(argv[0]) + 1 (length plus terminator).
+Bug-reauktion: marfrit/marfrit-packages#3
+Author: Markus Fritsche <mfritsche@reauktion.de>
+
+--- a/src/compile.c
++++ b/src/compile.c
+@@ -579,7 +579,7 @@ static int dcc_gcc_rewrite_fqn(char **argv)
+         return -ENOENT;
+
+
+-    newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0] + 1);
++    newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0]) + 1;
+     newcmd = malloc(newcmd_len);
+     if (!newcmd)
+         return -ENOMEM;