Package: release.debian.org
Severity: normal
Tags: bullseye
User: [email protected]
Usertags: pu
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:dhcpcd5

[ Reason ]
Backporting a fix for a minor CVE reported by the maintainer dashboard.

CVE-2025-70102 was fixed in the following Debian versions:

dhcpcd5 9.4.1-24~deb12u5
dhcpcd  1:10.1.0-11+deb13u3

The issue has been fixed upstream since 10.3.1 (Sid has 10.3.2).

[ Impact ]
Minor issue; NULL deref only via malformed local dhcpcd.conf; not 
network-reachable.

[ Tests ]
None. I don't have any Bullseye host to test with. However, the same one-line 
fix is
verifided to work on Bookworm (9.4.1-24~deb12u5) and Trixie 
(1:10.1.0-11+deb13u3).

[ Risks ]
Minor. Single character fix for a NULL defref.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
dhcpcd5 (7.1.0-2+deb11u1) bullseye; urgency=medium
  * [patches]
    + Cherry-pick upstream fix for CVE-2025-70102 (commit 117742d).
    = Refresh all patches.
  * [control]
    = Putting myself as Maintainer since I maintain current releases.
  * [salsa-ci.yml]
    + Implement basic CI support using the stock Debian pipeline include.
diff -Nru dhcpcd5-7.1.0/debian/changelog dhcpcd5-7.1.0/debian/changelog
--- dhcpcd5-7.1.0/debian/changelog      2019-05-05 16:55:14.000000000 +0300
+++ dhcpcd5-7.1.0/debian/changelog      2026-07-13 12:45:39.000000000 +0300
@@ -1,3 +1,15 @@
+dhcpcd5 (7.1.0-2+deb11u1) bullseye; urgency=medium
+
+  * [patches]
+    + Cherry-pick upstream fix for CVE-2025-70102 (commit 117742d).
+    = Refresh all patches.
+  * [control]
+    = Putting myself as Maintainer since I maintain current releases.
+  * [salsa-ci.yml]
+    + Implement basic CI support using the stock Debian pipeline include.
+
+ -- Martin-Éric Racine <[email protected]>  Mon, 13 Jul 2026 12:45:39 
+0300
+
 dhcpcd5 (7.1.0-2) unstable; urgency=high
 
   * Apply upstream patches to fix potential security vulnerabilities:
diff -Nru dhcpcd5-7.1.0/debian/control dhcpcd5-7.1.0/debian/control
--- dhcpcd5-7.1.0/debian/control        2019-05-03 16:14:43.000000000 +0300
+++ dhcpcd5-7.1.0/debian/control        2026-07-13 12:45:39.000000000 +0300
@@ -1,7 +1,7 @@
 Source: dhcpcd5
 Section: net
 Priority: optional
-Maintainer: Scott Leggett <[email protected]>
+Maintainer: Martin-Éric Racine <[email protected]>
 Build-Depends:
  debhelper (>= 11)
 Standards-Version: 4.3.0
diff -Nru dhcpcd5-7.1.0/debian/patches/0001-Fix-typo-in-manpage.patch 
dhcpcd5-7.1.0/debian/patches/0001-Fix-typo-in-manpage.patch
--- dhcpcd5-7.1.0/debian/patches/0001-Fix-typo-in-manpage.patch 2019-05-05 
16:55:14.000000000 +0300
+++ dhcpcd5-7.1.0/debian/patches/0001-Fix-typo-in-manpage.patch 2026-07-13 
12:45:39.000000000 +0300
@@ -6,11 +6,9 @@
  src/dhcpcd.conf.5.in | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/src/dhcpcd.conf.5.in b/src/dhcpcd.conf.5.in
-index f792b15..b950fa0 100644
 --- a/src/dhcpcd.conf.5.in
 +++ b/src/dhcpcd.conf.5.in
-@@ -83,7 +83,7 @@ is
+@@ -83,7 +83,7 @@
  .Ar token
  then
  .Ar algorithm is
diff -Nru 
dhcpcd5-7.1.0/debian/patches/0002-DHCPv6-Fix-a-potential-buffer-overflow-reading-NA-TA.patch
 
dhcpcd5-7.1.0/debian/patches/0002-DHCPv6-Fix-a-potential-buffer-overflow-reading-NA-TA.patch
--- 
dhcpcd5-7.1.0/debian/patches/0002-DHCPv6-Fix-a-potential-buffer-overflow-reading-NA-TA.patch
        2019-05-05 16:55:14.000000000 +0300
+++ 
dhcpcd5-7.1.0/debian/patches/0002-DHCPv6-Fix-a-potential-buffer-overflow-reading-NA-TA.patch
        2026-07-13 12:45:39.000000000 +0300
@@ -12,11 +12,9 @@
  src/dhcp6.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
-diff --git a/src/dhcp6.c b/src/dhcp6.c
-index 6fef989..26db219 100644
 --- a/src/dhcp6.c
 +++ b/src/dhcp6.c
-@@ -2016,12 +2016,12 @@ dhcp6_findna(struct interface *ifp, uint16_t ot, const 
uint8_t *iaid,
+@@ -2016,12 +2016,12 @@
                nd = o + ol;
                l -= (size_t)(nd - d);
                d = nd;
diff -Nru 
dhcpcd5-7.1.0/debian/patches/0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
 
dhcpcd5-7.1.0/debian/patches/0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
--- 
dhcpcd5-7.1.0/debian/patches/0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
        2019-05-05 16:55:14.000000000 +0300
+++ 
dhcpcd5-7.1.0/debian/patches/0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
        2026-07-13 12:45:39.000000000 +0300
@@ -12,11 +12,9 @@
  src/dhcp.c | 10 ++++++----
  1 file changed, 6 insertions(+), 4 deletions(-)
 
-diff --git a/src/dhcp.c b/src/dhcp.c
-index 1816034..502c592 100644
 --- a/src/dhcp.c
 +++ b/src/dhcp.c
-@@ -212,6 +212,12 @@ get_option(struct dhcpcd_ctx *ctx,
+@@ -212,6 +212,12 @@
                }
                l = *p++;
  
@@ -29,7 +27,7 @@
                if (o == DHO_OPTSOVERLOADED) {
                        /* Ensure we only get this option once by setting
                         * the last bit as well as the value.
-@@ -246,10 +252,6 @@ get_option(struct dhcpcd_ctx *ctx,
+@@ -246,10 +252,6 @@
                                bp += ol;
                        }
                        ol = l;
diff -Nru 
dhcpcd5-7.1.0/debian/patches/0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
 
dhcpcd5-7.1.0/debian/patches/0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
--- 
dhcpcd5-7.1.0/debian/patches/0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
     2019-05-05 16:55:14.000000000 +0300
+++ 
dhcpcd5-7.1.0/debian/patches/0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
     2026-07-13 12:45:39.000000000 +0300
@@ -24,9 +24,6 @@
  3 files changed, 51 insertions(+), 1 deletion(-)
  create mode 100644 compat/consttime_memequal.h
 
-diff --git a/compat/consttime_memequal.h b/compat/consttime_memequal.h
-new file mode 100644
-index 0000000..9830648
 --- /dev/null
 +++ b/compat/consttime_memequal.h
 @@ -0,0 +1,28 @@
@@ -58,11 +55,9 @@
 +      return (1 & ((res - 1) >> 8));
 +}
 +#endif /* CONSTTIME_MEMEQUAL_H */
-diff --git a/configure b/configure
-index d0a80ba..0dce3bd 100755
 --- a/configure
 +++ b/configure
-@@ -13,6 +13,7 @@ IPV4LL=
+@@ -13,6 +13,7 @@
  INET6=
  ARC4RANDOM=
  CLOSEFROM=
@@ -70,7 +65,7 @@
  STRLCPY=
  UDEV=
  OS=
-@@ -846,6 +847,27 @@ if [ "$STRTOI" = no ]; then
+@@ -846,6 +847,27 @@
        echo "#include                  \"compat/strtoi.h\"" >>$CONFIG_H
  fi
  
@@ -98,11 +93,9 @@
  if [ -z "$DPRINTF" ]; then
        printf "Testing for dprintf ... "
        cat <<EOF >_dprintf.c
-diff --git a/src/auth.c b/src/auth.c
-index 9e24998..ce97051 100644
 --- a/src/auth.c
 +++ b/src/auth.c
-@@ -354,7 +354,7 @@ gottoken:
+@@ -354,7 +354,7 @@
        }
  
        free(mm);
diff -Nru 
dhcpcd5-7.1.0/debian/patches/0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
 
dhcpcd5-7.1.0/debian/patches/0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
--- 
dhcpcd5-7.1.0/debian/patches/0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
        2019-05-05 16:55:14.000000000 +0300
+++ 
dhcpcd5-7.1.0/debian/patches/0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
        2026-07-13 12:45:39.000000000 +0300
@@ -21,11 +21,9 @@
  src/dhcp6.c | 42 ++++++++++++++++++++----------------------
  1 file changed, 20 insertions(+), 22 deletions(-)
 
-diff --git a/src/dhcp6.c b/src/dhcp6.c
-index 26db219..92e6c90 100644
 --- a/src/dhcp6.c
 +++ b/src/dhcp6.c
-@@ -2153,40 +2153,38 @@ dhcp6_findpd(struct interface *ifp, const uint8_t 
*iaid,
+@@ -2153,40 +2153,38 @@
                        state->expire = a->prefix_vltime;
                i++;
  
diff -Nru 
dhcpcd5-7.1.0/debian/patches/117742d755b591764036dd4218f314f748a3d2b7.patch 
dhcpcd5-7.1.0/debian/patches/117742d755b591764036dd4218f314f748a3d2b7.patch
--- dhcpcd5-7.1.0/debian/patches/117742d755b591764036dd4218f314f748a3d2b7.patch 
1970-01-01 02:00:00.000000000 +0200
+++ dhcpcd5-7.1.0/debian/patches/117742d755b591764036dd4218f314f748a3d2b7.patch 
2026-07-13 12:45:39.000000000 +0300
@@ -0,0 +1,24 @@
+From 117742d755b591764036dd4218f314f748a3d2b7 Mon Sep 17 00:00:00 2001
+From: Roy Marples <[email protected]>
+Date: Sun, 21 Dec 2025 08:31:52 +0000
+Subject: [PATCH] options: Ensure ldop is not NULL dereferenced (#568)
+
+ldop itself cannot be non NULL as it points to the location.
+but *ldop CAN be NULL.
+
+Fixes #567.
+---
+ src/if-options.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/if-options.c
++++ b/src/if-options.c
+@@ -1586,7 +1586,7 @@
+                       if (*edop) {
+                               dop = &(*edop)->embopts;
+                               dop_len = &(*edop)->embopts_len;
+-                      } else if (ldop) {
++                      } else if (*ldop) {
+                               dop = &(*ldop)->embopts;
+                               dop_len = &(*ldop)->embopts_len;
+                       } else {
diff -Nru dhcpcd5-7.1.0/debian/patches/series 
dhcpcd5-7.1.0/debian/patches/series
--- dhcpcd5-7.1.0/debian/patches/series 2019-05-05 16:55:14.000000000 +0300
+++ dhcpcd5-7.1.0/debian/patches/series 2026-07-13 12:41:06.000000000 +0300
@@ -3,3 +3,5 @@
 0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
 0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
 0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
+#7.1.0-2+deb11u1
+117742d755b591764036dd4218f314f748a3d2b7.patch
diff -Nru dhcpcd5-7.1.0/debian/salsa-ci.yml dhcpcd5-7.1.0/debian/salsa-ci.yml
--- dhcpcd5-7.1.0/debian/salsa-ci.yml   1970-01-01 02:00:00.000000000 +0200
+++ dhcpcd5-7.1.0/debian/salsa-ci.yml   2026-06-28 12:02:44.000000000 +0300
@@ -0,0 +1,3 @@
+---
+include:
+    - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml

Reply via email to