@@ -16,6 +16,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma
file://dhcpcd@.service \
file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \
file://CVE-2026-56113.patch \
+ file://CVE-2026-56114.patch \
"
SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862"
new file mode 100644
@@ -0,0 +1,34 @@
+From fd86ded940524f60174582faa96f583c168589ef Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Tue, 23 Jun 2026 02:06:55 +0100
+Subject: [PATCH] DHCPv6: Prefix exclude option can be 17 octets (#671)
+
+Well that's a simple off by one error
+
+Reported-by: CuB3y0nd <root@cubeyond.net>
+
+(cherry picked from commit 2f00c7bfc408b6582d331932dfa47829c4819029)
+
+CVE: CVE-2026-56114
+Upstream-Status: Backport [https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029]
+Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
+---
+ src/dhcp6.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dhcp6.c b/src/dhcp6.c
+index 5154bf41..1eac9f23 100644
+--- a/src/dhcp6.c
++++ b/src/dhcp6.c
+@@ -1006,7 +1006,7 @@ dhcp6_makemessage(struct interface *ifp)
+
+ /* RFC6603 Section 4.2 */
+ if (ap->prefix_exclude_len) {
+- uint8_t exb[16], *ep, u8;
++ uint8_t exb[17], *ep, u8;
+ const uint8_t *pp;
+
+ n = (size_t)((ap->prefix_exclude_len -
+--
+2.43.0
+