head 1.23; access; symbols pkgsrc-2026Q2:1.23.0.2 pkgsrc-2026Q2-base:1.23 pkgsrc-2026Q1:1.21.0.2 pkgsrc-2026Q1-base:1.21 pkgsrc-2025Q4:1.19.0.2 pkgsrc-2025Q4-base:1.19 pkgsrc-2025Q3:1.15.0.4 pkgsrc-2025Q3-base:1.15 pkgsrc-2025Q2:1.15.0.2 pkgsrc-2025Q2-base:1.15 pkgsrc-2025Q1:1.14.0.2 pkgsrc-2025Q1-base:1.14 pkgsrc-2024Q4:1.10.0.2 pkgsrc-2024Q4-base:1.10 pkgsrc-2024Q3:1.8.0.6 pkgsrc-2024Q3-base:1.8 pkgsrc-2024Q2:1.8.0.4 pkgsrc-2024Q2-base:1.8 pkgsrc-2024Q1:1.8.0.2 pkgsrc-2024Q1-base:1.8 pkgsrc-2023Q4:1.5.0.2 pkgsrc-2023Q4-base:1.5 pkgsrc-2023Q3:1.3.0.4 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.2 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.2.0.2 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.1.0.2 pkgsrc-2022Q4-base:1.1; locks; strict; comment @# @; 1.23 date 2026.06.07.18.26.00; author adam; state Exp; branches; next 1.22; commitid HLS9FhRM62uCBTIG; 1.22 date 2026.05.15.09.58.59; author adam; state Exp; branches; next 1.21; commitid AbaMQjZsFUtxxTFG; 1.21 date 2026.01.07.08.48.19; author wiz; state Exp; branches; next 1.20; commitid 1wQ3ICD8eebefrpG; 1.20 date 2025.12.28.15.13.53; author adam; state Exp; branches; next 1.19; commitid hto6RtFAa9FAIboG; 1.19 date 2025.10.27.15.46.56; author adam; state Exp; branches; next 1.18; commitid dOeFwzN9x5dnTdgG; 1.18 date 2025.10.23.20.38.48; author wiz; state Exp; branches; next 1.17; commitid 1V2hBZn9ypXaCJfG; 1.17 date 2025.09.27.09.57.32; author wiz; state Exp; branches; next 1.16; commitid GSXfRJoW2938VkcG; 1.16 date 2025.09.21.21.37.07; author wiz; state Exp; branches; next 1.15; commitid LZ9X7vvyU4ftZCbG; 1.15 date 2025.06.05.15.00.44; author taca; state Exp; branches; next 1.14; commitid wlfYf18Z4VtCgIXF; 1.14 date 2025.03.04.09.37.38; author nia; state Exp; branches; next 1.13; commitid 3AqUK592SmfxsJLF; 1.13 date 2025.02.06.00.00.44; author riastradh; state Exp; branches; next 1.12; commitid 677G2LKOrzJ87lIF; 1.12 date 2025.01.15.06.05.13; author wiz; state Exp; branches; next 1.11; commitid KbcpSGfwledEPxFF; 1.11 date 2024.12.29.15.09.57; author adam; state Exp; branches; next 1.10; commitid oeKjyQMgtu2FopDF; 1.10 date 2024.11.13.14.37.28; author taca; state Exp; branches; next 1.9; commitid F8vgAf64V32fHuxF; 1.9 date 2024.10.04.03.49.33; author ryoon; state Exp; branches; next 1.8; commitid W6qyL3zvAllroisF; 1.8 date 2024.02.26.21.37.07; author nros; state Exp; branches; next 1.7; commitid 2VXmtblIPvvqpZZE; 1.7 date 2024.01.10.00.53.53; author gutteridge; state Exp; branches; next 1.6; commitid Uv2WYdDfASzp2QTE; 1.6 date 2023.12.29.18.24.55; author adam; state Exp; branches; next 1.5; commitid CbzM4kTH4d8WeoSE; 1.5 date 2023.10.28.21.51.36; author sekiya; state Exp; branches; next 1.4; commitid MR7VPfKuJCjunrKE; 1.4 date 2023.10.24.22.10.20; author wiz; state Exp; branches; next 1.3; commitid MTsrqKm6aGrQAVJE; 1.3 date 2023.04.23.14.26.29; author adam; state Exp; branches; next 1.2; commitid Laj8GRA8jxylXemE; 1.2 date 2023.01.22.16.28.35; author ryoon; state Exp; branches; next 1.1; commitid aiP40A5zgFwvyyaE; 1.1 date 2022.12.19.07.44.50; author sekiya; state Exp; branches; next ; commitid cTtR56FiVuTFK86E; desc @@ 1.23 log @kea: updated to 3.1.9 Kea 3.1.9 (development) released on May 27, 2026 2477. [build] andrei The library version numbers have been bumped up for the Kea 3.1.9 development release. 2476. [func] fdupont Added the "ignore-bad-direction" workaround flag to the GSS-TSIG hook library to accept DNS update responses with the request signature sent by bogus servers. 2475. [func]* fdupont Disallowed leading zeros in JSON floating point values. Now incorrect number values in Kea config files are still accepted but raise warnings. Also fixed the bug which made leading plus '+' not be always rejected. 2474. [func] fdupont Removed the 'socket-name' vs 'socket-address' exclusivity check when parsing config files. Note that configuring both for the same control socket is still rejected but because 'socket-name' makes sense only for the 'unix' type, and 'socket-address' for the 'http' and 'https' types. 2473. [func] tmark IA_TA lease6 lease type has been removed from the MySQL and PostgreSQL schemas. 2472. [bug] fdupont Corrected an issue that prevented using pools of only one element (e.g. address or prefix) with either the Random or FLQ allocators. 2471. [bug] tmark Corrected an issue in PostgreSQL SFLQ allocation that was generating one too many free leases. SFLQ pool creation automatically rebuilds pools whose delegated length has changed (MySQL and PostgreSQL). These changes required a schema update. 2470. [func] tmark Added API commands for managing SFLQ Allocator pools to lease-cmds hook library. 2469. [build] fdupont Kea can now be cross-compiled using Meson. 2468. [func]* fdupont Added support for the last DHCP RFC 9915 including the deprecation of the unicast option. 2467. [bug] fdupont The from JSON double value to string no longer produces an incorrect output when there is only an exponent part. 2466. [doc] tmark Added documentation for the Shared FLQ Allocator to the ARM. 2465. [func]* fdupont Disallowed leading zeros in JSON integer values as required by the standard to become compatible with some other JSON tools e.g. the go implementation used by Stork. Now incorrect integer values in Kea config files are still accepted but raise warnings. 2464. [func] fdupont Extended the parser to accepted an empty "client-classes" list in Kea server configuration files. 2463. [bug] razvan Fixed kea-netconf communication over HTTP sockets with the kea dhcp demons. The control socket type is now mandatory for each server in the "managed-servers" configuration map. 2462. [func] razvan Added 'interface-add', 'interface-list' and 'interface-redetect' which can be used to add interfaces, list currently detected interfaces and issue a re-detect procedure which updates the interface configuration respectively. The re-detect procedure only adds newly discovered interfaces and addresses, without removing any previously detected interfaces or addresses. @ text @# $NetBSD: Makefile,v 1.22 2026/05/15 09:58:59 adam Exp $ DISTNAME= kea-3.1.9 CATEGORIES= net MASTER_SITES= https://ftp.isc.org/isc/kea/${PKGVERSION_NOREV}/ EXTRACT_SUFX= .tar.xz MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= https://www.isc.org/kea/ COMMENT= Next-generation ISC Dynamic Host Configuration Protocol (DHCP) Server LICENSE= mpl-2.0 USE_LANGUAGES= c c++ USE_LIBTOOL= yes USE_TOOLS+= pkg-config .include "options.mk" .include "../../mk/bsd.prefs.mk" BUILD_DEFS+= VARBASE MAKE_DIRS+= ${VARBASE}/lib/kea MAKE_DIRS+= ${VARBASE}/run/kea MESON_ARGS+= -Drunstatedir=${VARBASE} PY_PATCHPLIST= yes RCD_SCRIPTS= kea .if ${USE_CROSS_COMPILE:tl} == "yes" # This appears to store an absolute path to the bison(1) executable # which lives in TOOLBASE (or possibly in TOOLS_DIR). CHECK_WRKREF_SKIP+= lib/libkea-process* .endif INSTALLATION_DIRS+= share/examples/kea post-install: ${RM} -fr ${DESTDIR}${PREFIX}/share/examples/kea && \ ${MV} ${DESTDIR}${PKG_SYSCONFDIR}/kea \ ${DESTDIR}${PREFIX}/share/examples/kea .include "../../devel/boost-libs/buildlink3.mk" .include "../../devel/log4cplus/buildlink3.mk" .include "../../devel/meson/build.mk" .include "../../devel/zlib/buildlink3.mk" .include "../../lang/python/extension.mk" .include "../../lang/python/tool.mk" .include "../../textproc/libxml2/buildlink3.mk" .include "../../mk/atomic64.mk" .include "../../mk/krb5.buildlink3.mk" .include "../../mk/bsd.pkg.mk" @ 1.22 log @revbump for boost-libs @ text @d1 1 a1 7 # $NetBSD: Makefile,v 1.21 2026/01/07 08:48:19 wiz Exp $ DISTNAME= kea-3.1.4 COMMENT= Next-generation ISC Dynamic Host Configuration Protocol (DHCP) Server PKGREVISION= 2 .include "options.mk" d3 1 d10 1 d13 5 a17 2 USE_LANGUAGES= c c++ USE_LIBTOOL= yes d49 1 @ 1.21 log @*: recursive bump for icu 78.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2025/12/28 15:13:53 adam Exp $ d5 1 a5 1 PKGREVISION= 1 @ 1.20 log @kea: updated to 3.1.4 Welcome to Kea 3.1.4, a maintenance release of the 3.1 development series. As with any other development release, use this with caution: development releases are not recommended for production use. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2025/10/27 15:46:56 adam Exp $ d5 1 @ 1.19 log @kea: updated to 3.1.2 3.1.2 The following bug fixes and features have been implemented since the previous release: 1. **Statistics**: New global address counters, packet statistics, and statistic commands (`statistics-global-get-all`) were introduced. A fix for the address miscount was introduced. The new statistics are: - `pkt4-service-disabled` and `pkt6-service-disabled` - `assigned-addresses`, `assigned-nas` and `assigned-pds` 2. **Security**: Kea High Availability (HA) now allows specifying HTTP authentication details in the password file using the `basic-auth-user-file` parameter. Kea no longer logs the database password as clear text when `kea-dhcp4` or `kea-dhcp6` initializes the schema. 3. **Flex-id hook**: The flex-id hook library parameter `identifier-expression` is now optional; previously, it was mandatory. 4. **RADIUS**: The RADIUS dictionary has been extended to support includes, vendor attributes, and integer translations to the RADIUS hook library. 5. **API**: We expanded the `config-get` command to include the location of the lease file in the "csv-lease-file" entry. 6. **Logging**: Debug-level logging has been expanded with additional packet details. 7. **Bug fixes**: Kea now rejects the `config-set` and `config-reload` commands while the lease file cleanup process is running, to avoid file corruption. We fixed a race condition where starting two Kea servers could result in deletion of one of the PID files. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2025/10/23 20:38:48 wiz Exp $ d3 1 a3 1 DISTNAME= kea-3.1.2 @ 1.18 log @*: recursive bump for pcre2 Running an old binary against the new pcre doesn't work: /usr/pkg/lib/libpcre2-8.so.0: version PCRE2_10.47 required by /usr/pkg/lib/libglib-2.0.so.0 not defined @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2025/09/27 09:57:32 wiz Exp $ d3 1 a3 1 DISTNAME= kea-${VERSION} a4 1 PKGREVISION= 2 d8 7 a14 2 CATEGORIES= net MASTER_SITES= https://ftp.isc.org/isc/kea/${VERSION}/ d16 2 a17 5 MAINTAINER= pkgsrc-users@@NetBSD.org HOMEPAGE= https://www.isc.org/kea/ LICENSE= mpl-2.0 VERSION= 2.6.3 d21 6 a26 24 GNU_CONFIGURE= yes USE_LIBTOOL= yes PKG_SYSCONFSUBDIR= kea USE_TOOLS+= autoconf gmake USE_LANGUAGES+= c++ c RCD_SCRIPTS= kea pre-configure: cd ${WRKSRC} && ${PKGSRC_SETENV} ${CONFIGURE_ENV} autoconf -f post-install: cd ${DESTDIR} && \ mkdir -p ${DESTDIR}${PREFIX}/share/examples/kea && \ mv ${DESTDIR}${PKG_SYSCONFDIR}/*.conf \ ${DESTDIR}${PREFIX}/share/examples/kea/ BUILD_DEFS+= VARBASE CONFIGURE_ARGS+= --localstatedir=${VARBASE} MAKE_DIRS+= ${VARBASE}/lib/kea MAKE_DIRS+= ${VARBASE}/run/kea d34 7 a40 2 .include "../../devel/zlib/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" d43 5 a47 1 @ 1.17 log @*: recursive bump for boost 1.89 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2025/09/21 21:37:07 wiz Exp $ d5 1 a5 1 PKGREVISION= 1 @ 1.16 log @*: reset maintainer @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2025/06/05 15:00:44 taca Exp $ d5 1 @ 1.15 log @net/kea: update to 2.6.3 2.6.2 (2025-03-26) 1. Fix for inaccurate statistics: Kea was miscalculating declined and assigned leases. [#3758, a backport of #3565] 2. Fix for lease conflicts and NAK: Conflicting entries were created when two relayed HA instances tried to update a shared lease DB at the same time. [#3798, a backport of #3648] 3. Fix for subnetX-del not removing subnets completely: subnetX-del was not correctly deleting the subnet declaration from the shared network configuration section. [#3756, a backport of #3455] 4. Fix for config-write and retry-on-startup parameter: config-write was improperly storing the retry-on-startup parameter in the config file, causing Kea to fail when restarting. [#3755, a backport of #3578] 5. Fix for incorrect DB schema entry: A typo prevented the upgrade script from working in certain circumstances. [#3753, a backport of #3631] 6. Fix for mishandling malformed DISCOVER packets: [#3750, a backport of #3712]. 7. Fix for excessive memory utilization when receiving frequent SIGHUP: Kea was storing a history of configs in memory with each restart. [#3757, a backport of #3652]. 8. Fix for config-set with output_options: config-set was omitting the output_options section when spelled with "_". [#3754, a backport of #3594] 9. Fix for store-extended-info breaking lease limits: A specific combination of vendor classes and storing extended info caused limits to not be applied. [#3760, a backport of #3702] 10. Fix for DB connection recovery: [#3751, a backport of #3727] 11. Fix for build system: [#3752, a backport of #3697] 12. DB upgrade scripts: DB upgrade could fail on some distributions. [#3794] 2.6.3 (2025-05-28) 1. Security: Default configuration: Running Kea with access to its API insufficiently secured poses significant risks and is strongly discouraged. The default configuration for the Kea Control Agent (CA) has been updated to enable basic HTTP authentication. Access to the Kea API will thus require a password. It also contains additional examples of stronger authentication, based on TLS certificates that only allow access to clients presenting valid TLS certificates. These changes address CVE-2025-32801, CVE-2025-32802, and CVE-2025-32803 [#3825, #3856]. 2. Security: Hooks files: To limit the severity of an attack via an insufficiently protected API, kea-dhcp4, kea-dhcp6, kea-dhcp-ddns, and kea-ctrl-agent now only load hook libraries from the default installation directory. Kea will not load the hook library if a path other than the default is specified. For ease of use, the path may be omitted. This change addresses CVE-2025-32801 [#3830, #3838]. 3. Security: Config files: To limit the scope of an attack on an insufficiently protected API, the API command config-write will now only write to the same directory as the configuration file used when Kea was started (passed as a —c argument). This change addresses CVE-2025-32802 [#3830, #3838]. 4. Security: Lease files: To mitigate the severity of an attack on an insufficiently protected API, lease files can now only be loaded from a defined data directory. The default data directory is determined during compilation: [kea-install-dir]/var/lib/kea. This path may be overridden at startup by setting the environment variable KEA_DHCP_DATA_DIR to the desired path. If a path outside the defined data directory is used in lease-database.name, Kea returns an error and refuses to start or, if already running, aborts and exits. For ease of use in specifying a custom file name, simply omit the path component from name. This change addresses CVE-2025-32802 [#3831, #3840]. 5. Security: Log files: To mitigate the severity of an attack on an insufficiently protected API, log files can now only be written to a defined output directory. The default directory is determined during compilation: [kea-install-dir]/var/log/kea. This path may be overridden at startup by setting the environment variable KEA_LOG_FILE_DIR to the desired path. If a path outside the defined output directory is used in loggers.output_options.output, Kea returns an error and refuses to start or, if already running, aborts and exits. For ease of use, simply omit the path component from output and specify only the file name. This change addresses CVE-2025-32802 [#3831, #3840]. 6. Security: File permissions: To prevent exposure of potentially confidential data, files created by Kea now have more restrictive file permissions. Write access by group and any access by others is now forbidden. This change addresses CVE-2025-32803 [#3832, #3842]. 7. Security: Sockets: To prevent unauthorized access and potential denial of service, sockets can no longer be created in a world-writable directory, such as /tmp. Sockets must now be created in the more restricted [kea-install-dir]/var/run/kea. This change addresses CVE-2025-32802 [#3831, #3840]. 8. Security: Documentation: Many sample configuration files have been updated to reflect changes introduced in this release. In the ARM, the Kea Security section has been moved to a more prominent location, and a new section concerning securing the Kea Control Agent has been added. These changes address CVE-2025-32801, CVE-2025-32802, and CVE-2025-32803 [#3833, #3844]. 9. Build improvements: The source code was updated to build with the latest Boost 1.87 [#3696, #3823]. 10. Documentation update: Backported a clarification in the ARM about subnet4-delta-add [#3773, #3869]. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2025/03/04 09:37:38 nia Exp $ d11 1 a11 1 MAINTAINER= sekiya@@NetBSD.org @ 1.14 log @*: Assume that the user has a C99-capable compiler. A compiler that supports -std=c99 is required for bootstrap, so it doesn't make sense to specify a c99 compiler everywhere in package makefiles. At any rate, I would bet my entire life's savings that this is a small fraction of the total number of packages requiring c99. Note that compilers that default to c89 but support c99 are still supported... @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2025/02/06 00:00:44 riastradh Exp $ a4 1 PKGREVISION= 2 d15 1 a15 1 VERSION= 2.6.1 @ 1.13 log @net/kea: Fix cross-build by suppressing wrkdir checks. Suppressed only for cross-builds -- no change to checks in native builds. And this makes no change to the resulting package, so no revbump. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2025/01/15 06:05:13 wiz Exp $ a25 1 USE_CC_FEATURES+= c99 @ 1.12 log @kea: add upstream patches to fix built with latest boost Patches reported working by NAKAJI Hiroyuki in PR 58993. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2024/12/29 15:09:57 adam Exp $ d46 6 @ 1.11 log @revbump after updating boost @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2024/11/13 14:37:28 taca Exp $ d5 1 a5 1 PKGREVISION= 1 @ 1.10 log @net/kea: update to 2.6.1 A patch to fix build problem on NetBSD is provided from Yoshitaka Tokugawa. Changes are too many to write here, please refer these relase notes. 2.6.0 (2024-05-29) https://downloads.isc.org/isc/kea/2.6.0/Kea-2.6.0-ReleaseNotes.txt 2.6.1 (2024-07-31) https://downloads.isc.org/isc/kea/2.6.1/Kea-2.6.1-ReleaseNotes.txt @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2024/10/04 03:49:33 ryoon Exp $ d5 1 @ 1.9 log @*: Recursive revbump from Boost 1.86.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2024/02/26 21:37:07 nros Exp $ a3 1 PKGREVISION= 4 d15 1 a15 1 VERSION= 2.4.0 d23 1 a23 1 USE_TOOLS+= gmake d29 3 @ 1.8 log @revbump due to security/botan2 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2024/01/10 00:53:53 gutteridge Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.7 log @kea: bump for libyang2 (though it's not a default option) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2023/12/29 18:24:55 adam Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.6 log @revbump for boost-libs @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2023/10/28 21:51:36 sekiya Exp $ d4 1 a4 1 #PKGREVISION= 1 a5 1 PKGREVISION= 1 @ 1.5 log @Update to kea-2.4.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2023/10/24 22:10:20 wiz Exp $ d6 1 @ 1.4 log @*: bump for openssl 3 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2023/04/23 14:26:29 adam Exp $ a5 1 PKGREVISION= 3 d16 1 a16 1 VERSION= 2.2.0 d25 2 a26 1 USE_LANGUAGES+= c99 c++ @ 1.3 log @revbump for boost @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2023/01/22 16:28:35 ryoon Exp $ d6 1 a6 1 PKGREVISION= 2 @ 1.2 log @*: Recursive revbump from Boost 1.81.0 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2022/12/19 07:44:50 sekiya Exp $ d6 1 a6 1 PKGREVISION= 1 @ 1.1 log @Add kea-2.2.0 Kea is the next generation of DHCP software, developed by Internet Systems Consortium (ISC). It supports both the DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2022/08/06 17:22:07 he Exp $ d6 1 @