diff --git a/SPECS/dhcpcd/CVE-2026-56113.patch b/SPECS/dhcpcd/CVE-2026-56113.patch new file mode 100644 index 00000000000..9a9bba5ac7f --- /dev/null +++ b/SPECS/dhcpcd/CVE-2026-56113.patch @@ -0,0 +1,85 @@ +From eda8207c979883bf3d55601e5f91e4147f1641e3 Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Mon, 29 Jun 2026 14:28:23 +0000 +Subject: [PATCH] DHCPv6: When deprecating addresses, restart on prefix + deletions + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25.patch +--- + src/dhcp6.c | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +diff --git a/src/dhcp6.c b/src/dhcp6.c +index 8dc42d9..64b66d3 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -2507,12 +2507,13 @@ dhcp6_findia(struct interface *ifp, struct dhcp6_message *m, size_t l, + } + + #ifndef SMALL +-static void ++static bool + dhcp6_deprecatedele(struct ipv6_addr *ia) + { + struct ipv6_addr *da, *dan, *dda; + struct timespec now; + struct dhcp6_state *state; ++ bool freed = false; + + timespecclear(&now); + TAILQ_FOREACH_SAFE(da, &ia->pd_pfxs, pd_next, dan) { +@@ -2538,11 +2539,14 @@ dhcp6_deprecatedele(struct ipv6_addr *ia) + if (IN6_ARE_ADDR_EQUAL(&dda->addr, &da->addr)) + break; + } +- if (dda != NULL) { ++ if (dda != ia && dda != NULL) { + TAILQ_REMOVE(&state->addrs, dda, next); + ipv6_freeaddr(dda); ++ freed = true; + } + } ++ ++ return freed; + } + #endif + +@@ -2550,7 +2554,11 @@ static void + dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs) + { + struct ipv6_addr *ia, *ian; ++#ifndef SMALL ++ bool again; ++#endif + ++again: + TAILQ_FOREACH_SAFE(ia, addrs, next, ian) { + if (ia->flags & IPV6_AF_EXTENDED) + ; +@@ -2572,7 +2580,9 @@ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs) + /* If we delegated from this prefix, deprecate or remove + * the delegations. */ + if (ia->flags & IPV6_AF_DELEGATEDPFX) +- dhcp6_deprecatedele(ia); ++ again = dhcp6_deprecatedele(ia); ++ else ++ again = false; + #endif + + if (ia->flags & IPV6_AF_REQUEST) { +@@ -2585,6 +2595,11 @@ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs) + if (ia->flags & IPV6_AF_EXTENDED) + ipv6_deleteaddr(ia); + ipv6_freeaddr(ia); ++#ifndef SMALL ++ /* Deletion may invalidate the next pointer so restart */ ++ if (again) ++ goto again; ++#endif + } + } + +-- +2.45.4 + diff --git a/SPECS/dhcpcd/dhcpcd.spec b/SPECS/dhcpcd/dhcpcd.spec index 7958adb80c5..afd8955041b 100644 --- a/SPECS/dhcpcd/dhcpcd.spec +++ b/SPECS/dhcpcd/dhcpcd.spec @@ -1,7 +1,7 @@ Summary: A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support Name: dhcpcd Version: 10.0.8 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD-2-Clause AND ISC AND MIT Url: https://github.com/NetworkConfiguration/%{name} Source0: https://github.com/NetworkConfiguration/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -11,6 +11,7 @@ Source3: systemd-sysusers.conf Patch0: CVE-2026-56114.patch Patch1: CVE-2026-56116.patch Patch2: CVE-2026-56117.patch +Patch3: CVE-2026-56113.patch Group: System Environment/Base Vendor: Microsoft Corporation Distribution: Azure Linux @@ -78,6 +79,9 @@ install -d %{buildroot}%{_sharedstatedir}/%{_name} %{_sharedstatedir}/%{name} %changelog +* Mon Jun 29 2026 Azure Linux Security Servicing Account - 10.0.8-3 +- Patch for CVE-2026-56113 + * Sat Jun 27 2026 Azure Linux Security Servicing Account - 10.0.8-2 - Patch for CVE-2026-56117, CVE-2026-56116, CVE-2026-56114