Create kea state directories with mode 0750 per restrictions added in 2.6.3
Refresh patches
Fixes the following CVEs:
* CVE-2025-32803: Change the umask to no group write and no other access
at the entry of Kea server/agent binaries
* CVE-2025-32801: kea-dhcp4, kea-dhcp6, kea-dhcp-ddns, and kea-ctrl-agent will
now only load hook libraries from the default installation directory
Full upstream changelogs are available at:
https://downloads.isc.org/isc/kea/2.6.1/Kea-2.6.1-ReleaseNotes.txt
https://downloads.isc.org/isc/kea/2.6.2/Kea-2.6.2-ReleaseNotes.txt
https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt
https://downloads.isc.org/isc/kea/2.6.4/Kea-2.6.4-ReleaseNotes.txt
Signed-off-by: Noah Meyerhans <[email protected]>
include $(TOPDIR)/rules.mk
PKG_NAME:=kea
-PKG_VERSION:=2.6.0
+PKG_VERSION:=2.6.4
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://ftp.isc.org/isc/kea/$(PKG_VERSION)
-PKG_HASH:=207ceae33eb3b81ec4e6ac5605249a85b93779333b62aadf39e489f11dbcdc8d
+PKG_HASH:=6806405e4d559abc10febd2c273dc6e2bc6ac42767afa5ca20b118ffba84a671
PKG_LICENSE:=MPL-2.0
PKG_LICENSE_FILES:=COPYING
CONF_PATH="/etc/kea"
start_service() {
- mkdir -p /var/run/kea
+ mkdir -p /var/run/kea /var/lib/kea
+ chmod 0750 /var/run/kea /var/lib/kea
config_load "kea"
config_foreach start_kea "service"
+SUBDIRS = .
AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/src/lib
- AM_CPPFLAGS += $(BOOST_INCLUDES)
+ AM_CPPFLAGS += -DDEFAULT_HOOKS_PATH=\"$(libdir)/kea/hooks\"
--- a/src/lib/http/Makefile.am
+++ b/src/lib/http/Makefile.am
@@ -1,4 +1,4 @@
--- a/src/bin/keactrl/keactrl.in
+++ b/src/bin/keactrl/keactrl.in
-@@ -112,7 +112,8 @@ get_pid_from_file() {
+@@ -116,7 +116,8 @@ get_pid_from_file() {
# Extract the name portion (from last slash to last dot) of the config file name.
local conf_name
projects / feed / packages.git / commitdiff