import dhcp-4.3.6-44.el8_4.1

SOURCES/dhcp-statement_parser.patch

@@ -0,0 +1,21 @@
+diff --git a/common/parse.c b/common/parse.c
+index e78223c2..656b378b 100644
+--- a/common/parse.c
++++ b/common/parse.c
+@@ -5790,13 +5790,14 @@ int parse_X (cfile, buf, max)
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
+-			convert_num (cfile, &buf [len], val, 16, 8);
+-			if (len++ > max) {
++			if (len >= max) {
+ 				parse_warn (cfile,
+ 					    "hexadecimal constant too long.");
+ 				skip_to_semi (cfile);
+ 				return 0;
+ 			}
++			convert_num (cfile, &buf [len], val, 16, 8);
++			len++;
+ 			token = peek_token (&val, (unsigned *)0, cfile);
+ 			if (token == COLON)
+ 				token = next_token (&val,

SPECS/dhcp.spec

@@ -16,7 +16,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.3.6
-Release:  44%{?dist}
+Release:  44%{?dist}.1
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -83,6 +83,7 @@ Patch47:  dhcp-isc_heap_delete.patch
 Patch48:  dhcp-bind-9.11.patch
 Patch49:  dhcp-detect-system-time-jumps.patch
 Patch50:  dhcp-key_algorithm.patch
+Patch51:  dhcp-statement_parser.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -361,6 +362,9 @@ rm bind/bind.tar.gz
 # https://github.com/isc-projects/dhcp/commit/e6ffc27f24321017a5ad9af3707f4e2e54bbac74
 %patch50 -p1 -b .key-alg
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1963807
+%patch51 -p1
+
 # Update paths in all man pages
 for page in client/dhclient.conf.5 client/dhclient.leases.5 \
             client/dhclient-script.8 client/dhclient.8 ; do
@@ -694,6 +698,9 @@ done
 %endif
 
 %changelog
+* Thu May 27 2021 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-44.1
+- Fix for  CVE-2021-25217
+
 * Fri Dec 11 2020 Pavel Zhukov <pzhukov@redhat.com> - 12:4.3.6-44
 - Rebuild with new bind (#1904613)