Package: release.debian.org
Severity: normal
Tags: bullseye
User: [email protected]
Usertags: pu
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:dhcpcd5
[ Reason ]
Backporting a fix for a minor CVE reported by the maintainer dashboard.
CVE-2025-70102 was fixed in the following Debian versions:
dhcpcd5 9.4.1-24~deb12u5
dhcpcd 1:10.1.0-11+deb13u3
The issue has been fixed upstream since 10.3.1 (Sid has 10.3.2).
[ Impact ]
Minor issue; NULL deref only via malformed local dhcpcd.conf; not
network-reachable.
[ Tests ]
None. I don't have any Bullseye host to test with. However, the same one-line
fix is
verifided to work on Bookworm (9.4.1-24~deb12u5) and Trixie
(1:10.1.0-11+deb13u3).
[ Risks ]
Minor. Single character fix for a NULL defref.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
dhcpcd5 (7.1.0-2+deb11u1) bullseye; urgency=medium
* [patches]
+ Cherry-pick upstream fix for CVE-2025-70102 (commit 117742d).
= Refresh all patches.
* [control]
= Putting myself as Maintainer since I maintain current releases.
* [salsa-ci.yml]
+ Implement basic CI support using the stock Debian pipeline include.
diff -Nru dhcpcd5-7.1.0/debian/changelog dhcpcd5-7.1.0/debian/changelog
--- dhcpcd5-7.1.0/debian/changelog 2019-05-05 16:55:14.000000000 +0300
+++ dhcpcd5-7.1.0/debian/changelog 2026-07-13 12:45:39.000000000 +0300
@@ -1,3 +1,15 @@
+dhcpcd5 (7.1.0-2+deb11u1) bullseye; urgency=medium
+
+ * [patches]
+ + Cherry-pick upstream fix for CVE-2025-70102 (commit 117742d).
+ = Refresh all patches.
+ * [control]
+ = Putting myself as Maintainer since I maintain current releases.
+ * [salsa-ci.yml]
+ + Implement basic CI support using the stock Debian pipeline include.
+
+ -- Martin-Éric Racine <[email protected]> Mon, 13 Jul 2026 12:45:39
+0300
+
dhcpcd5 (7.1.0-2) unstable; urgency=high
* Apply upstream patches to fix potential security vulnerabilities:
diff -Nru dhcpcd5-7.1.0/debian/control dhcpcd5-7.1.0/debian/control
--- dhcpcd5-7.1.0/debian/control 2019-05-03 16:14:43.000000000 +0300
+++ dhcpcd5-7.1.0/debian/control 2026-07-13 12:45:39.000000000 +0300
@@ -1,7 +1,7 @@
Source: dhcpcd5
Section: net
Priority: optional
-Maintainer: Scott Leggett <[email protected]>
+Maintainer: Martin-Éric Racine <[email protected]>
Build-Depends:
debhelper (>= 11)
Standards-Version: 4.3.0
diff -Nru dhcpcd5-7.1.0/debian/patches/0001-Fix-typo-in-manpage.patch
dhcpcd5-7.1.0/debian/patches/0001-Fix-typo-in-manpage.patch
--- dhcpcd5-7.1.0/debian/patches/0001-Fix-typo-in-manpage.patch 2019-05-05
16:55:14.000000000 +0300
+++ dhcpcd5-7.1.0/debian/patches/0001-Fix-typo-in-manpage.patch 2026-07-13
12:45:39.000000000 +0300
@@ -6,11 +6,9 @@
src/dhcpcd.conf.5.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/dhcpcd.conf.5.in b/src/dhcpcd.conf.5.in
-index f792b15..b950fa0 100644
--- a/src/dhcpcd.conf.5.in
+++ b/src/dhcpcd.conf.5.in
-@@ -83,7 +83,7 @@ is
+@@ -83,7 +83,7 @@
.Ar token
then
.Ar algorithm is
diff -Nru
dhcpcd5-7.1.0/debian/patches/0002-DHCPv6-Fix-a-potential-buffer-overflow-reading-NA-TA.patch
dhcpcd5-7.1.0/debian/patches/0002-DHCPv6-Fix-a-potential-buffer-overflow-reading-NA-TA.patch
---
dhcpcd5-7.1.0/debian/patches/0002-DHCPv6-Fix-a-potential-buffer-overflow-reading-NA-TA.patch
2019-05-05 16:55:14.000000000 +0300
+++
dhcpcd5-7.1.0/debian/patches/0002-DHCPv6-Fix-a-potential-buffer-overflow-reading-NA-TA.patch
2026-07-13 12:45:39.000000000 +0300
@@ -12,11 +12,9 @@
src/dhcp6.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/src/dhcp6.c b/src/dhcp6.c
-index 6fef989..26db219 100644
--- a/src/dhcp6.c
+++ b/src/dhcp6.c
-@@ -2016,12 +2016,12 @@ dhcp6_findna(struct interface *ifp, uint16_t ot, const
uint8_t *iaid,
+@@ -2016,12 +2016,12 @@
nd = o + ol;
l -= (size_t)(nd - d);
d = nd;
diff -Nru
dhcpcd5-7.1.0/debian/patches/0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
dhcpcd5-7.1.0/debian/patches/0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
---
dhcpcd5-7.1.0/debian/patches/0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
2019-05-05 16:55:14.000000000 +0300
+++
dhcpcd5-7.1.0/debian/patches/0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
2026-07-13 12:45:39.000000000 +0300
@@ -12,11 +12,9 @@
src/dhcp.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
-diff --git a/src/dhcp.c b/src/dhcp.c
-index 1816034..502c592 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
-@@ -212,6 +212,12 @@ get_option(struct dhcpcd_ctx *ctx,
+@@ -212,6 +212,12 @@
}
l = *p++;
@@ -29,7 +27,7 @@
if (o == DHO_OPTSOVERLOADED) {
/* Ensure we only get this option once by setting
* the last bit as well as the value.
-@@ -246,10 +252,6 @@ get_option(struct dhcpcd_ctx *ctx,
+@@ -246,10 +252,6 @@
bp += ol;
}
ol = l;
diff -Nru
dhcpcd5-7.1.0/debian/patches/0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
dhcpcd5-7.1.0/debian/patches/0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
---
dhcpcd5-7.1.0/debian/patches/0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
2019-05-05 16:55:14.000000000 +0300
+++
dhcpcd5-7.1.0/debian/patches/0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
2026-07-13 12:45:39.000000000 +0300
@@ -24,9 +24,6 @@
3 files changed, 51 insertions(+), 1 deletion(-)
create mode 100644 compat/consttime_memequal.h
-diff --git a/compat/consttime_memequal.h b/compat/consttime_memequal.h
-new file mode 100644
-index 0000000..9830648
--- /dev/null
+++ b/compat/consttime_memequal.h
@@ -0,0 +1,28 @@
@@ -58,11 +55,9 @@
+ return (1 & ((res - 1) >> 8));
+}
+#endif /* CONSTTIME_MEMEQUAL_H */
-diff --git a/configure b/configure
-index d0a80ba..0dce3bd 100755
--- a/configure
+++ b/configure
-@@ -13,6 +13,7 @@ IPV4LL=
+@@ -13,6 +13,7 @@
INET6=
ARC4RANDOM=
CLOSEFROM=
@@ -70,7 +65,7 @@
STRLCPY=
UDEV=
OS=
-@@ -846,6 +847,27 @@ if [ "$STRTOI" = no ]; then
+@@ -846,6 +847,27 @@
echo "#include \"compat/strtoi.h\"" >>$CONFIG_H
fi
@@ -98,11 +93,9 @@
if [ -z "$DPRINTF" ]; then
printf "Testing for dprintf ... "
cat <<EOF >_dprintf.c
-diff --git a/src/auth.c b/src/auth.c
-index 9e24998..ce97051 100644
--- a/src/auth.c
+++ b/src/auth.c
-@@ -354,7 +354,7 @@ gottoken:
+@@ -354,7 +354,7 @@
}
free(mm);
diff -Nru
dhcpcd5-7.1.0/debian/patches/0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
dhcpcd5-7.1.0/debian/patches/0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
---
dhcpcd5-7.1.0/debian/patches/0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
2019-05-05 16:55:14.000000000 +0300
+++
dhcpcd5-7.1.0/debian/patches/0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
2026-07-13 12:45:39.000000000 +0300
@@ -21,11 +21,9 @@
src/dhcp6.c | 42 ++++++++++++++++++++----------------------
1 file changed, 20 insertions(+), 22 deletions(-)
-diff --git a/src/dhcp6.c b/src/dhcp6.c
-index 26db219..92e6c90 100644
--- a/src/dhcp6.c
+++ b/src/dhcp6.c
-@@ -2153,40 +2153,38 @@ dhcp6_findpd(struct interface *ifp, const uint8_t
*iaid,
+@@ -2153,40 +2153,38 @@
state->expire = a->prefix_vltime;
i++;
diff -Nru
dhcpcd5-7.1.0/debian/patches/117742d755b591764036dd4218f314f748a3d2b7.patch
dhcpcd5-7.1.0/debian/patches/117742d755b591764036dd4218f314f748a3d2b7.patch
--- dhcpcd5-7.1.0/debian/patches/117742d755b591764036dd4218f314f748a3d2b7.patch
1970-01-01 02:00:00.000000000 +0200
+++ dhcpcd5-7.1.0/debian/patches/117742d755b591764036dd4218f314f748a3d2b7.patch
2026-07-13 12:45:39.000000000 +0300
@@ -0,0 +1,24 @@
+From 117742d755b591764036dd4218f314f748a3d2b7 Mon Sep 17 00:00:00 2001
+From: Roy Marples <[email protected]>
+Date: Sun, 21 Dec 2025 08:31:52 +0000
+Subject: [PATCH] options: Ensure ldop is not NULL dereferenced (#568)
+
+ldop itself cannot be non NULL as it points to the location.
+but *ldop CAN be NULL.
+
+Fixes #567.
+---
+ src/if-options.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/if-options.c
++++ b/src/if-options.c
+@@ -1586,7 +1586,7 @@
+ if (*edop) {
+ dop = &(*edop)->embopts;
+ dop_len = &(*edop)->embopts_len;
+- } else if (ldop) {
++ } else if (*ldop) {
+ dop = &(*ldop)->embopts;
+ dop_len = &(*ldop)->embopts_len;
+ } else {
diff -Nru dhcpcd5-7.1.0/debian/patches/series
dhcpcd5-7.1.0/debian/patches/series
--- dhcpcd5-7.1.0/debian/patches/series 2019-05-05 16:55:14.000000000 +0300
+++ dhcpcd5-7.1.0/debian/patches/series 2026-07-13 12:41:06.000000000 +0300
@@ -3,3 +3,5 @@
0003-DHCP-Fix-a-potential-1-byte-read-overflow-with-DHO_O.patch
0004-auth-Use-consttime_memequal-3-to-compare-hashes.patch
0005-DHCPv6-Fix-a-potential-read-overflow-with-D6_OPTION_.patch
+#7.1.0-2+deb11u1
+117742d755b591764036dd4218f314f748a3d2b7.patch
diff -Nru dhcpcd5-7.1.0/debian/salsa-ci.yml dhcpcd5-7.1.0/debian/salsa-ci.yml
--- dhcpcd5-7.1.0/debian/salsa-ci.yml 1970-01-01 02:00:00.000000000 +0200
+++ dhcpcd5-7.1.0/debian/salsa-ci.yml 2026-06-28 12:02:44.000000000 +0300
@@ -0,0 +1,3 @@
+---
+include:
+ -
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml