Skip to content

kea: bump to 3.0.3#29942

Open
liuyuf78fk wants to merge 1 commit into
openwrt:openwrt-25.12from
liuyuf78fk:kea-3.0.3
Open

kea: bump to 3.0.3#29942
liuyuf78fk wants to merge 1 commit into
openwrt:openwrt-25.12from
liuyuf78fk:kea-3.0.3

Conversation

@liuyuf78fk

@liuyuf78fk liuyuf78fk commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

This PR backports the Kea 3.0.3 security update from master to the stable openwrt-25.12 branch.

It includes critical fixes for CVE-2026-3608 (JSON payload stack overflow), a Control Agent null dereference issue, and UNIX command socket permission improvements.


📦 Package Details

Maintainer: Philip Prindeville, Noah Meyerhans

Description:
Backport the Kea 3.0.3 security update from master to the openwrt-25.12 branch.


🧪 Run Testing Details

  • OpenWrt Version: OpenWrt 25.12-SNAPSHOT r33059-056aa185d9
  • OpenWrt Target/Subtarget: bcm27xx/bcm2712
  • OpenWrt Device: Raspberry Pi 5 Model B Rev 1.1

Test Log Evidence:

The service starts successfully with multi-threading enabled and handles client requests smoothly:

2026-07-07 12:51:53.307 INFO  [kea-dhcp4.dhcp4/13440.547607889104] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
2026-07-07 12:51:53.307 INFO  [kea-dhcp4.dhcp4/13440.547607889104] DHCP4_STARTED Kea DHCPv4 server version 3.0.3 started
2026-07-07 12:51:59.758 INFO  [kea-dhcp4.packets/13440.547586939528] DHCP4_PACKET_RECEIVED [hwtype=1 02:0c:f4:aa:1d:67], cid=[01:02:0c:f4:aa:1d:67], tid=0x473b9168: DHCPREQUEST (type 3) received from 0.0.0.0 to 255.255.255.255 on interface br-ap
2026-07-07 12:51:59.758 INFO  [kea-dhcp4.leases/13440.547586939528] DHCP4_INIT_REBOOT [hwtype=1 02:0c:f4:aa:1d:67], cid=[01:02:0c:f4:aa:1d:67], tid=0x473b9168: client is in INIT-REBOOT state and requests address 192.168.3.109
2026-07-07 12:52:01.181 INFO  [kea-dhcp4.packets/13440.547586796168] DHCP4_PACKET_RECEIVED [hwtype=1 02:0c:f4:aa:1d:67], cid=[01:02:0c:f4:aa:1d:67], tid=0x473b9168: DHCPREQUEST (type 3) received from 0.0.0.0 to 255.255.255.255 on interface br-ap

✅ Formalities

  • I have reviewed the CONTRIBUTING.md file for detailed contributing guidelines.

3.0.3 is a security/vulnerability release on the stable 3.0 series.

Notable fixes since 3.0.2:

* **CVE-2026-3608** — A large number of bracket pairs in a JSON payload
  sent to any endpoint caused a stack overflow during recursive parsing.
  The exploit does not need a syntactically valid command, so it bypasses
  RBAC and the command filters on the High-Availability endpoints
  (upstream openwrt#4275 / openwrt#4288 / openwrt#4387).

* Null dereference when configuring the Control Agent with a socket
  entry that lacks the mandatory ``socket-name`` is now caught
  (openwrt#4388, openwrt#4365).

* UNIX command sockets are created group-writable so Stork 2.4.0+ and
  other tooling using the configured group can talk to the daemon
  (openwrt#4398, openwrt#4260).

Upstream's release notes flag "no incompatible changes" and "no known
issues" for this bump.

All current patches still apply cleanly.

Release notes:
https://ftp.isc.org/isc/kea/3.0.3/Kea-3.0.3-ReleaseNotes.txt

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit eb538bd)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

release/25.12 Issues/PR on branch 25.12

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants