[#3978] Correct reference to kea-lfc in 5.3.1

[#3848] Adapt packaging in Hammer to the -X changes

[#3848] Fix fuzzers after security enforcement

[#3848] Addressed review comments

modified:   src/bin/keactrl/kea-ctrl-agent.conf.pre

[#3848] Remove user from  default agent file

modified:   src/bin/keactrl/kea-ctrl-agent.conf.pre

[#3980] Removed outdated reference to SF portal

[#3848] Fix duplicated log ids

modified:   src/bin/dhcp4/dhcp4_messages.mes
modified:   src/bin/dhcp6/dhcp6_messages.mes
modified:   src/lib/d2srv/d2_messages.mes

[#3848] Fix element position reporting

modified:   src/lib/cc/data.cc
    altered data::copy() to also copy the source element's position

modified:   src/bin/dhcp4/json_config_parser.cc
modified:   src/hooks/dhcp/lease_query/tests/lease_query_impl4_unittest.cc
modified:   src/lib/http/tests/basic_auth_config_unittests.cc

[#3848] Change risk to policy

modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst

[#3848] Replace WARN with WARNING some more

[#3848] Make message IDs consistent

[#3848] Fixed whitespace

[#3848] Addressed review comments

 Fixed minor nits

modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst
modified:   src/bin/dhcp4/main.cc
modified:   src/bin/dhcp6/main.cc
modified:   src/hooks/dhcp/host_cache/tests/command_unittests.cc
modified:   src/hooks/dhcp/lease_cmds/lease_cmds.cc
modified:   src/hooks/dhcp/lease_cmds/lease_cmds_messages.cc
modified:   src/hooks/dhcp/lease_cmds/lease_cmds_messages.h
modified:   src/hooks/dhcp/lease_cmds/lease_cmds_messages.mes
modified:   src/hooks/dhcp/lease_cmds/libloadtests/lease_cmds4_unittest.cc
modified:   src/lib/d2srv/d2_config.cc
modified:   src/lib/hooks/tests/hooks_manager_unittest.cc
modified:   src/lib/http/tests/basic_auth_config_unittests.cc
modified:   src/lib/process/d_controller.cc
modified:   src/lib/util/filesystem.cc
modified:   src/lib/util/filesystem.h

[#3848] Updated the ARM

new file:   changelog_unreleased/3848-security-policy-security-strict-relaxed
modified:   doc/sphinx/arm/agent.rst
modified:   doc/sphinx/arm/ddns.rst
modified:   doc/sphinx/arm/dhcp4-srv.rst
modified:   doc/sphinx/arm/dhcp6-srv.rst
modified:   doc/sphinx/arm/security.rst

[#3848] Warn if running as root

Servers now all warn if they are running
as root.

[#3848] Detect authentication risks

Throw or Warn if API end points do not use some form
of authentication

Throw or Warn if 'user', 'password' - API end points
Throw or Warn if 'secret' is used  - TSIG

Disable/enable security for UTs as needed

modified:   src/bin/agent/tests/ca_cfg_mgr_unittests.cc
modified:   src/bin/agent/tests/ca_response_creator_unittests.cc
modified:   src/bin/agent/tests/get_config_unittest.cc
modified:   src/bin/d2/tests/d2_cfg_mgr_unittests.cc
modified:   src/bin/d2/tests/d2_command_unittest.cc
modified:   src/bin/d2/tests/d2_controller_unittests.cc
modified:   src/bin/d2/tests/d2_http_command_unittest.cc
modified:   src/bin/d2/tests/d2_process_unittests.cc
modified:   src/bin/d2/tests/d2_simple_parser_unittest.cc
modified:   src/bin/d2/tests/get_config_unittest.cc
modified:   src/bin/dhcp4/tests/config_parser_unittest.cc
modified:   src/bin/dhcp4/tests/dhcp4_srv_unittest.cc
modified:   src/bin/dhcp4/tests/dhcp4_test_utils.cc
modified:   src/bin/dhcp4/tests/get_config_unittest.cc
modified:   src/bin/dhcp4/tests/get_config_unittest.cc.skel
modified:   src/bin/dhcp4/tests/http_control_socket_unittest.cc
modified:   src/bin/dhcp6/tests/config_parser_unittest.cc
modified:   src/bin/dhcp6/tests/dhcp6_srv_unittest.cc
modified:   src/bin/dhcp6/tests/dhcp6_test_utils.cc
modified:   src/bin/dhcp6/tests/get_config_unittest.cc
modified:   src/bin/dhcp6/tests/get_config_unittest.cc.skel
modified:   src/bin/dhcp6/tests/http_control_socket_unittest.cc
modified:   src/lib/config/tests/http_command_config_unittests.cc
modified:   src/lib/d2srv/d2_config.cc
modified:   src/lib/d2srv/d2_messages.cc
modified:   src/lib/d2srv/d2_messages.h
modified:   src/lib/d2srv/d2_messages.mes
modified:   src/lib/http/auth_messages.cc
modified:   src/lib/http/auth_messages.h
modified:   src/lib/http/auth_messages.mes
modified:   src/lib/http/basic_auth_config.cc
modified:   src/lib/http/tests/basic_auth_config_unittests.cc
modified:   src/lib/testutils/dhcp_test_lib.sh.in

[#3848] Throw or Warn if API sockets are unsecured

/src/lib/config/config_messages.*
    COMMAND_HTTP_SOCKET_SECURITY_WARN - new message

/src/lib/config/http_command_config.*
    HttpCommandConfig::HttpCommandConfig() - throw or warn when
    socket is unsecured
    HttpCommandConfig::checkTlsSetup() - return true if valid TLS
    is configured

/src/lib/config/tests/http_command_config_unittests.cc
/src/lib/config/tests/http_command_mgr_unittests.cc
/src/lib/config/tests/http_command_response_creator_factory_unittests.cc
/src/lib/config/tests/http_command_response_creator_unittests.cc
    Udpated tests

[#3848] Warn on socket permissions

Warn if control socket path is valid but
socket permissions are wrong and security is
disabled.

modified:   src/lib/config/config_messages.cc
modified:   src/lib/config/config_messages.h
modified:   src/lib/config/config_messages.mes
modified:   src/lib/config/tests/unix_command_config_unittests.cc
modified:   src/lib/config/unix_command_config.cc

[#3848] Warn on invalid paths when security disabled

Warn but still use invalid paths when security is
disabled.

[#3967] release checklist update

[#3979] bump up kea version in meson.build

[#3973] release changes

[#3907] added ChangeLog entry

[#3907] use strict format for clients in yang

[#3907] NETCONF: Turn authentication.clients into a string just like hooks-libraries.parameters

[#3907] Progressed some more with YANG modules

[#3907] Progressed some more with YANG modules

[#3907] fixed some UTs

[#3907] clean up modules

[#3907] updated yang modules

[#3907] use tls for control-socket

[#3907] Get rid of skips in yang. Skip was always true

[#3907] fixed http-header yang parsing

[#3907] Add TranslatorControlSocket::getControlSocketHttpHeaders

[#3907] Update control sockets in YANG modules

[#3907] Update copyright dates

[#3907] Fix some paths about reinstall.sh

[#3907] Fix check-hashes.sh

[#3907] updated control-socket in yang modules

[#3907] updated yang modules

[#3968] lib version bump up for 3.0.0

[#3966] Added note about LTS

[#3966] security.md update

[#3919] Remove leftover incomplete sentence in bison.dox

[#3919] Spelling

[#3919] Get rid of most .gitignore files. No longer needed after switch to Meson

[#3919] Meson: Fix uml target

[#3919] Update meson docs

[#3919] Update Python dependencies

[#3919] Fix update-python-dependencies not writing to file

[#3919] Fix some TODOs related to autotools removal

[#3962] Meson: Fix "-D netconf=auto"

[#3881] Fixed config flag in the ARM

[#3881] Added ChangeLog for #3881

[#3881] Changes after review

[#3881] Right ref name this time maybe?

[#3881] Fix RST syntax snafus

[#3881] Typo fixes (hopefully final)

[#3881] Adapt d85666cf to this rewrite

[#3881] Overhaul my overhaul

[#3881] Future "planned" vs "will"

[#3881] Note Stork+Kea+CB issues

[#3881] Fix a few loose ends

[#3881] More comments regards sections

[#3881] Non-CB DB can conflict like JSON

[#3881] Add example scenario

[#3881] Move "Incompatibilities" further up

[#3881] "Incompatible": Revise, expand, wrap

[#3881] Major edit of "Duplicate Definitions"

[#3881] Copy edit "Incompatible Software"

Intensify avoidance of subnet_cmds hook.
Add: Stork is not currently compatible.

[#3881] copy edit sects: Install, Components

[#3881] Move "Configuration Files Inclusion"

The RST section on the JSON <?include> feature was put after the
RST include directive for the config-backend.rst file, resulting
in the "Configuration Files Inclusion" content accientally
appearing within the CB section.  Move it to fix and add an RST
comment to make the structure more obvious.

[#3881] Add subsect "Preparation is Required"

[#3881] Add/rename sections, move content within

New section "Installation"
Rename section "Capabilities and Limitations"
  to "Limitations and Warnings".
  It has little content about capabilities currently, except in the negative.
Add subsection headings within "Limitations".
Remove redundent leading "CB" from section names.
Move content around to better fit the section titles.
Demote some notes as they now have their own sections.
Minimal changes to content itself in this commit.

[#3881] Starting reorg of CB docs

[#3680] Minor: make check -> meson test

[#3680] Unroll NETCONF fallback subproject into the main meson.build to have all the sub dependencies available for pkg-config

[#3680] Meson: Add the more common dependencies to pkg-config as well

[#3680] Fix generating .pc file when dependencies are not detected through pkg-config

meson.build:1051:4: ERROR: requires argument not a string, library with pkgconfig-generated file or pkgconfig-dependency object, got <ExternalLibrary log4cplus: True>

[#3680] Minor: add missing newline at EOF of unreleased changelog file

[#3953] Remove @dotlibs@ leftover from autotools removal

[#3953] Update fuzz devel guide

[#3953] Do not run fuzzers with sudo. No longer required

[#3953] Remove fuzz configs. No longer required

[#3953] Put fuzzers in a for loop in meson

[#3953] No longer install fuzz input. It was never required

[#3953] Add rpath to fuzzers

[#3953] Fix a static initialization race in fuzzers. Turn KEA_FUZZ_DIR into a function

[#3953] Use the same sudo trick on fuzzers and get rid of kludgy fuzz test scripts

[#3930] Fix cppcheck after adoption of meson

- Was running on build dir which had little to no sources.
- Use the compile_commands.json file provided by meson which enables
  cppcheck to know about compiler flags used in compilation.
- Make the cppcheck target write to cppcheck-result.xml which is
  expected in the cppcheck-htmlreport target.
- Add library=googletest so it correctly decodes gtest macros.
- Remove suppression list. A lot of the suppressions were fixed with
  proper use of cppcheck or are no longer reported.

[#3628] Two grammarly nits added

[#3628] Added Changelog for #3628

[#3628] Subnet selectors in default conf

[#3680] Document the use of the kea.pc file

[#3680] Add pkg-config .pc file

[#3940] address review comments

[#3940] reword changelog

[#3940] fix changelog

[#3940] man doc update

[#3940] ARM doc update