From: Andrei Pavel Date: Mon, 27 Oct 2025 12:33:25 +0000 (+0200) Subject: [#4192] release changes X-Git-Tag: Kea-3.1.3~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1e71d29d2683917145a629c33393a4e84f0289f5;p=thirdparty%2Fkea.git [#4192] release changes --- diff --git a/ChangeLog b/ChangeLog index 6db8f993c8..396641b370 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,40 @@ +Kea 3.1.3 (development) released on October 29, 2025 + +2412. [build] andrei + The library version numbers have been bumped up for the Kea 3.1.3 + development release. + (Gitlab #4175) + +2411. [sec] tmark + When a hostname or FQDN received from a client is + reduced to an empty string by hostname sanitizing, + kea-dhcp4 and kea-dhcp6 will now drop the option. + CVE:2025-11232 + (Gitlab #4142) + +2410. [build] andrei + -Wshadow was added to the compiler flags and its warnings + addressed. + (Gitlab #3451) + +2409. [build] andrei + Kea now builds with Clang 21. Thanks to Khem Raj for reporting + the problem and suggesting a fix. + (Gitlab #4100) + +2408. [bug] andrei + Fixed a bug introduced in flex-id in 3.1.2 which caused the + expression to always be empty even when a value was configured + under "identifier-expression". + (Gitlab #4181) + +2407. [bug] tmark + Corrected an issue that was causing an + HA peer to not restart its dedicated listener + after handling a config-test command. + Applies to both kea-dhcp4 and kea-dhcp6. + (Gitlab #4145) + 2406. [bug] razvan Removed logging an error in ping check hook library if using lease cache treshold. diff --git a/changelog_unreleased/3451-add-shadowing-detection-for-gnu-and-clang b/changelog_unreleased/3451-add-shadowing-detection-for-gnu-and-clang deleted file mode 100644 index 0add5db20c..0000000000 --- a/changelog_unreleased/3451-add-shadowing-detection-for-gnu-and-clang +++ /dev/null @@ -1,4 +0,0 @@ -[build] andrei - -Wshadow was added to the compiler flags and its warnings - addressed. - (Gitlab #3451) diff --git a/changelog_unreleased/4100-kea-build-fail-with-llvm-libc-21 b/changelog_unreleased/4100-kea-build-fail-with-llvm-libc-21 deleted file mode 100644 index 528ad4c2d5..0000000000 --- a/changelog_unreleased/4100-kea-build-fail-with-llvm-libc-21 +++ /dev/null @@ -1,4 +0,0 @@ -[build] andrei - Kea now builds with Clang 21. Thanks to Khem Raj for reporting - the problem and suggesting a fix. - (Gitlab #4100) diff --git a/changelog_unreleased/4145-an-empty-config-test-command-can-affect-ha-connections b/changelog_unreleased/4145-an-empty-config-test-command-can-affect-ha-connections deleted file mode 100644 index 0e0a404ae4..0000000000 --- a/changelog_unreleased/4145-an-empty-config-test-command-can-affect-ha-connections +++ /dev/null @@ -1,6 +0,0 @@ -[bug] tmark - Corrected an issue that was causing an - HA peer to not restart its dedicated listener - after handling a config-test command. - Applies to both kea-dhcp4 and kea-dhcp6. - (Gitlab #4145) diff --git a/changelog_unreleased/4175-bump-up-library-versions-for-3-1-3 b/changelog_unreleased/4175-bump-up-library-versions-for-3-1-3 deleted file mode 100644 index d4b792763e..0000000000 --- a/changelog_unreleased/4175-bump-up-library-versions-for-3-1-3 +++ /dev/null @@ -1,4 +0,0 @@ -[build] andrei - The library version numbers have been bumped up for the Kea 3.1.3 - development release. - (Gitlab #4175) diff --git a/changelog_unreleased/4181-expression-is-effectively-always-empty-in-flex-id b/changelog_unreleased/4181-expression-is-effectively-always-empty-in-flex-id deleted file mode 100644 index b6025f1207..0000000000 --- a/changelog_unreleased/4181-expression-is-effectively-always-empty-in-flex-id +++ /dev/null @@ -1,5 +0,0 @@ -[bug] andrei - Fixed a bug introduced in flex-id in 3.1.2 which caused the - expression to always be empty even when a value was configured - under "identifier-expression". - (Gitlab #4181) diff --git a/changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname b/changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname deleted file mode 100644 index 79fb39677a..0000000000 --- a/changelog_unreleased/CVE-2025-11232-catch-empty-sanitized-hostname +++ /dev/null @@ -1,6 +0,0 @@ -[sec] tmark - When a hostname or FQDN received from a client is - reduced to an empty string by hostname sanitizing, - kea-dhcp4 and kea-dhcp6 will now drop the option. - CVE:2025-11232 - (Gitlab #4142) diff --git a/doc/sphinx/debug-messages.rst b/doc/sphinx/debug-messages.rst index 0ec6321b2b..62e76c523a 100644 --- a/doc/sphinx/debug-messages.rst +++ b/doc/sphinx/debug-messages.rst @@ -918,8 +918,10 @@ Messages printed on debuglevel 50 - DHCP4_BUFFER_WAIT_SIGNAL - DHCP4_CLIENTID_IGNORED_FOR_LEASES - DHCP4_CLIENT_FQDN_PROCESS +- DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY - DHCP4_CLIENT_HOSTNAME_MALFORMED - DHCP4_CLIENT_HOSTNAME_PROCESS +- DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY - DHCP4_DEFERRED_OPTION_MISSING - DHCP4_DEFERRED_OPTION_UNPACK_FAIL - DHCP4_DHCP4O6_BAD_PACKET @@ -949,6 +951,7 @@ Messages printed on debuglevel 50 - DHCP6_ADD_STATUS_CODE_FOR_IA - DHCP6_BUFFER_UNPACK - DHCP6_BUFFER_WAIT_SIGNAL +- DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY - DHCP6_DDNS_CREATE_ADD_NAME_CHANGE_REQUEST - DHCP6_DDNS_GENERATE_FQDN - DHCP6_DDNS_RECEIVE_FQDN @@ -1129,6 +1132,7 @@ Messages printed on debuglevel 50 - PING_CHECK_MGR_RECEIVED_UNEXPECTED_UNREACHABLE_MSG - PING_CHECK_MGR_RECEIVED_UNREACHABLE_MSG - PING_CHECK_MGR_REPLY_TIMEOUT_EXPIRED +- PING_CHECK_NO_LEASE_OR_LEASE_REUSED - TCP_CONNECTION_REJECTED_BY_FILTER - TCP_IDLE_CONNECTION_TIMEOUT_OCCURRED - TCP_REQUEST_RECEIVE_START diff --git a/doc/sphinx/kea-messages.rst b/doc/sphinx/kea-messages.rst index c2fd3a29c6..87f2c19320 100644 --- a/doc/sphinx/kea-messages.rst +++ b/doc/sphinx/kea-messages.rst @@ -4118,6 +4118,19 @@ This debug message is issued when the server starts processing the Client FQDN option sent in the client's query. The argument includes the client and transaction identification information. +DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY +================================ + +.. code-block:: text + + %1: sanitizing client's FQDN option '%2' yielded an empty string + +Logged at debug log level 50. +This debug message is issued when the result of sanitizing the +FQDN option(81) sent by the client is an empty string. When this occurs +the server will ignore the FQDN option. The arguments include the +client and the FQDN option it sent. + DHCP4_CLIENT_HOSTNAME_DATA ========================== @@ -4157,6 +4170,19 @@ This debug message is issued when the server starts processing the Hostname option sent in the client's query. The argument includes the client and transaction identification information. +DHCP4_CLIENT_HOSTNAME_SCRUBBED_EMPTY +==================================== + +.. code-block:: text + + %1: sanitizing client's Hostname option '%2' yielded an empty string + +Logged at debug log level 50. +This debug message is issued when the result of sanitizing the +hostname option(12) sent by the client is an empty string. When this occurs +the server will ignore the hostname option. The arguments include the +client and the hostname option it sent. + DHCP4_CLIENT_NAME_PROC_FAIL =========================== @@ -5317,7 +5343,7 @@ DHCP4_PACKET_DROP_0011 .. code-block:: text - dropped as sent by the same client than a packet being processed by another thread: dropped %1, %2 by thread %3 as duplicate of %4, %5 processed by %6 + dropped as sent by the same client than a packet being processed by another thread: dropped %1, %2 by thread %3 as duplicate of %4, %5 processed by thread %6 Logged at debug log level 15. Currently multi-threading processing avoids races between packets sent by @@ -5331,7 +5357,7 @@ DHCP4_PACKET_DROP_0012 .. code-block:: text - dropped as sent by the same client than a packet being processed by another thread: dropped %1, %2 by thread %3 as duplicate of %4, %5 processed by %6 + dropped as sent by the same client than a packet being processed by another thread: dropped %1, %2 by thread %3 as duplicate of %4, %5 processed by thread %6 Logged at debug log level 15. Currently multi-threading processing avoids races between packets sent by @@ -6438,6 +6464,19 @@ which cannot be found in the configuration. Either a hook written before the classification was added to Kea is used, or class naming is inconsistent. +DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY +================================ + +.. code-block:: text + + %1: sanitizing client's FQDN option '%2' yielded an empty string + +Logged at debug log level 50. +This debug message is issued when the result of sanitizing the +FQDN option(39) sent by the client is an empty string. When this occurs +the server will ignore the FQDN option. The arguments include the +client and the FQDN option it sent. + DHCP6_CONFIG_COMPLETE ===================== @@ -7551,7 +7590,7 @@ DHCP6_PACKET_DROP_DUPLICATE .. code-block:: text - dropped as sent by the same client than a packet being processed by another thread: dropped %1 %2 by thread %3 as duplicate of %4 %5 processed by %6 + dropped as sent by the same client than a packet being processed by another thread: dropped %1 %2 by thread %3 as duplicate of %4 %5 processed by thread %6 Logged at debug log level 15. Currently multi-threading processing avoids races between packets sent by @@ -9964,6 +10003,16 @@ DHCPSRV_MEMFILE_LFC_EXECUTE An informational message issued when the memfile lease database backend starts a new process to perform Lease File Cleanup. +DHCPSRV_MEMFILE_LFC_FAIL_PID_CREATE +=================================== + +.. code-block:: text + + Lease File Cleanup pid file create: %1 + +This error message is issued if the LFC execute code detects a failure +when trying to create the PID file. It includes a more specific error string. + DHCPSRV_MEMFILE_LFC_LEASE_FILE_RENAME_FAIL ========================================== @@ -9999,6 +10048,16 @@ An informational message issued when the memfile lease database backend rescheduled the periodic Lease File Cleanup at the reception of a "kea-lfc-start" command. +DHCPSRV_MEMFILE_LFC_RUNNING +=========================== + +.. code-block:: text + + Lease File Cleanup instance already running + +This informational message is issued when the LFC execute code detects that +a previous instance of the LFC process is still running via the PID check. + DHCPSRV_MEMFILE_LFC_SETUP ========================= @@ -18057,7 +18116,7 @@ LIMITS_LEASE_LIMIT_EXCEEDED Logged at debug log level 40. Debug message logged to indicate that the current number of leased addresses or -prefixes for a client class or a subnet is exceeding the limit. +prefixes for a client class or a subnet has exceeded the limit. LIMITS_LEASE_WITHIN_LIMITS ========================== @@ -18068,7 +18127,7 @@ LIMITS_LEASE_WITHIN_LIMITS Logged at debug log level 40. Debug message logged to indicate that the current number of leased addresses or -prefixes for a client class or a subnet is exceeding the limit. +prefixes for a client class or a subnet has not exceeded the limit. LIMITS_PACKET_WIIH_SUBNET_ID_RATE_NO_SUBNET =========================================== @@ -24579,6 +24638,19 @@ and its 'user-context' contains invalid 'ping-check' configuration. The server will log the error once and then use global ping-check parameters for the subnet until the configuration is corrected. +PING_CHECK_NO_LEASE_OR_LEASE_REUSED +=================================== + +.. code-block:: text + + Ping check skipped: no lease + +Logged at debug log level 50. +This debug message is emitted when the ping check request made by the +server does not contain a lease. This typically happens when a lease is +being reused. The ping check will be skipped and the offer processing will +continue as normal. + PING_CHECK_PAUSE_FAILED ======================= diff --git a/src/bin/dhcp4/dhcp4_messages.mes b/src/bin/dhcp4/dhcp4_messages.mes index 19eb56d75d..484b58423c 100644 --- a/src/bin/dhcp4/dhcp4_messages.mes +++ b/src/bin/dhcp4/dhcp4_messages.mes @@ -143,6 +143,13 @@ This debug message is issued when the server starts processing the Client FQDN option sent in the client's query. The argument includes the client and transaction identification information. +% DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string +Logged at debug log level 50. +This debug message is issued when the result of sanitizing the +FQDN option(81) sent by the client is an empty string. When this occurs +the server will ignore the FQDN option. The arguments include the +client and the FQDN option it sent. + % DHCP4_CLIENT_HOSTNAME_DATA %1: client sent Hostname option: %2 Logged at debug log level 55. This debug message includes the detailed information extracted from the @@ -171,13 +178,6 @@ hostname option(12) sent by the client is an empty string. When this occurs the server will ignore the hostname option. The arguments include the client and the hostname option it sent. -% DHCP4_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string -Logged at debug log level 50. -This debug message is issued when the result of sanitizing the -FQDN option(81) sent by the client is an empty string. When this occurs -the server will ignore the FQDN option. The arguments include the -client and the FQDN option it sent. - % DHCP4_CLIENT_NAME_PROC_FAIL %1: failed to process the fqdn or hostname sent by a client: %2 Logged at debug log level 55. This debug message is issued when the DHCP server was unable to process the diff --git a/src/bin/dhcp6/dhcp6_messages.mes b/src/bin/dhcp6/dhcp6_messages.mes index 82a6a011db..6d33555ab8 100644 --- a/src/bin/dhcp6/dhcp6_messages.mes +++ b/src/bin/dhcp6/dhcp6_messages.mes @@ -144,6 +144,13 @@ which cannot be found in the configuration. Either a hook written before the classification was added to Kea is used, or class naming is inconsistent. +% DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string +Logged at debug log level 50. +This debug message is issued when the result of sanitizing the +FQDN option(39) sent by the client is an empty string. When this occurs +the server will ignore the FQDN option. The arguments include the +client and the FQDN option it sent. + % DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: %1 This is an informational message announcing the successful processing of a new configuration. it is output during server startup, and when an updated @@ -1173,10 +1180,3 @@ such modification. The clients will remember previous server-id, and will use it to extend their leases. As a result, they will have to go through a rebinding phase to re-acquire their leases and associate them with a new server id. - -% DHCP6_CLIENT_FQDN_SCRUBBED_EMPTY %1: sanitizing client's FQDN option '%2' yielded an empty string -Logged at debug log level 50. -This debug message is issued when the result of sanitizing the -FQDN option(39) sent by the client is an empty string. When this occurs -the server will ignore the FQDN option. The arguments include the -client and the FQDN option it sent. diff --git a/src/lib/util/multi_threading_mgr.h b/src/lib/util/multi_threading_mgr.h index a9fdc3a8f2..468842b11e 100644 --- a/src/lib/util/multi_threading_mgr.h +++ b/src/lib/util/multi_threading_mgr.h @@ -1,4 +1,4 @@ -// Copyright (C) 2019-2024 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2019-2025 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/src/lib/util/tests/multi_threading_mgr_unittest.cc b/src/lib/util/tests/multi_threading_mgr_unittest.cc index 733c474f0f..68fcff367a 100644 --- a/src/lib/util/tests/multi_threading_mgr_unittest.cc +++ b/src/lib/util/tests/multi_threading_mgr_unittest.cc @@ -1,4 +1,4 @@ -// Copyright (C) 2019-2023 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2019-2025 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this