3 files changed, 89 insertions, 4 deletions

diff --git a/net/dhcpcd/Makefile b/net/dhcpcd/Makefile
index 672f608ce5f0..acf4c397cef2 100644
--- a/net/dhcpcd/Makefile
+++ b/net/dhcpcd/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	dhcpcd
-DISTVERSION=	10.2.4
+DISTVERSION=	10.3.0
+PORTREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	https://github.com/NetworkConfiguration/${PORTNAME}/releases/download/v${DISTVERSION}/
 
diff --git a/net/dhcpcd/distinfo b/net/dhcpcd/distinfo
index 7d88e0269e56..f4c96d61e86f 100644
--- a/net/dhcpcd/distinfo
+++ b/net/dhcpcd/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1748841759
-SHA256 (dhcpcd-10.2.4.tar.xz) = 6721e606609226dbf4d864a78802a9e96beec0ee034a1bd84138b3e037bba7d9
-SIZE (dhcpcd-10.2.4.tar.xz) = 276444
+TIMESTAMP = 1763136225
+SHA256 (dhcpcd-10.3.0.tar.xz) = 06e4c1aaf958523f3fd1c57258c613c6c7ae56b8f1d678fa7943495d5ea6aeb5
+SIZE (dhcpcd-10.3.0.tar.xz) = 279100
diff --git a/net/dhcpcd/files/patch-src_privsep-root.c b/net/dhcpcd/files/patch-src_privsep-root.c
new file mode 100644
index 000000000000..c57d5422622d
--- /dev/null
+++ b/net/dhcpcd/files/patch-src_privsep-root.c
@@ -0,0 +1,84 @@
+--- src/privsep-root.c.orig	2025-11-14 15:38:04 UTC
++++ src/privsep-root.c
+@@ -86,6 +86,7 @@ ps_root_readerrorcb(struct psr_ctx *psr_ctx)
+ 		{ .iov_base = psr_error, .iov_len = sizeof(*psr_error) },
+ 		{ .iov_base = NULL, .iov_len = 0 },
+ 	};
++	struct msghdr msg = { .msg_iov = iov, .msg_iovlen = __arraycount(iov) };
+ 	ssize_t len;
+ 
+ #define PSR_ERROR(e)				\
+@@ -98,37 +99,58 @@ ps_root_readerrorcb(struct psr_ctx *psr_ctx)
+ 	if (eloop_waitfd(fd) == -1)
+ 		PSR_ERROR(errno);
+ 
+-	len = recv(fd, psr_error, sizeof(*psr_error), MSG_PEEK);
++	/* We peek at the psr_error structure to tell us how much of a buffer
++	 * we need to read the whole packet. */
++	len = recvmsg(fd, &msg, MSG_PEEK | MSG_WAITALL);
+ 	if (len == -1)
+ 		PSR_ERROR(errno);
+-	else if ((size_t)len < sizeof(*psr_error))
+-		PSR_ERROR(EINVAL);
+ 
+-	if (psr_error->psr_datalen > SSIZE_MAX)
+-		PSR_ERROR(ENOBUFS);
++	/* After this point, we MUST do another recvmsg even on a failure
++	 * to remove the message after peeking. */
++	if ((size_t)len < sizeof(*psr_error))
++		goto recv;
++
+ 	if (psr_ctx->psr_usemdata &&
+ 	    psr_error->psr_datalen > psr_ctx->psr_mdatalen)
+ 	{
+ 		void *d = realloc(psr_ctx->psr_mdata, psr_error->psr_datalen);
+-		if (d == NULL)
+-			PSR_ERROR(errno);
+-		psr_ctx->psr_mdata = d;
+-		psr_ctx->psr_mdatalen = psr_error->psr_datalen;
++
++		/* If we failed to malloc then psr_mdatalen will be smaller
++		 * than psr_datalen.
++		 * The following recvmsg will get MSG_TRUNC so the malloc error
++		 * will be reported there but more importantly the
++		 * message will be correctly discarded from the queue. */
++		if (d != NULL) {
++			psr_ctx->psr_mdata = d;
++			psr_ctx->psr_mdatalen = psr_error->psr_datalen;
++		}
+ 	}
+ 	if (psr_error->psr_datalen != 0) {
+-		if (psr_ctx->psr_usemdata)
++		if (psr_ctx->psr_usemdata) {
+ 			iov[1].iov_base = psr_ctx->psr_mdata;
+-		else {
+-			if (psr_error->psr_datalen > psr_ctx->psr_datalen)
+-				PSR_ERROR(ENOBUFS);
++			/* psr_mdatalen could be smaller then psr_datalen
++			 * if the above malloc failed. */
++			iov[1].iov_len =
++			    MIN(psr_ctx->psr_mdatalen, psr_error->psr_datalen);
++		} else {
+ 			iov[1].iov_base = psr_ctx->psr_data;
++			/* This should never be the case */
++			iov[1].iov_len =
++			    MIN(psr_ctx->psr_datalen, psr_error->psr_datalen);
+ 		}
+-		iov[1].iov_len = psr_error->psr_datalen;
+ 	}
+ 
+-	len = readv(fd, iov, __arraycount(iov));
++recv:
++	/* fd is SOCK_SEQPACKET and we mark the boundary with MSG_EOR
++	 * so this can never stall if the receive buffers are bigger
++	 * than the actual message. */
++	len = recvmsg(fd, &msg, MSG_WAITALL);
+ 	if (len == -1)
+ 		PSR_ERROR(errno);
++	else if ((size_t)len < sizeof(*psr_error))
++		PSR_ERROR(EINVAL);
++	else if (msg.msg_flags & MSG_TRUNC)
++		PSR_ERROR(ENOBUFS);
+ 	else if ((size_t)len != sizeof(*psr_error) + psr_error->psr_datalen)
+ 		PSR_ERROR(EINVAL);
+ 	return len;