kea: bump to 3.0.3

[commodo]

📦 Package Details

Maintainer: @pprindeville

Description:

3.0.3 is a security/vulnerability release on the stable 3.0 series.

Notable fixes since 3.0.2:

• CVE-2026-3608 — A large number of bracket pairs in a JSON payload
  sent to any endpoint caused a stack overflow during recursive parsing.
  The exploit does not need a syntactically valid command, so it bypasses
  RBAC and the command filters on the High-Availability endpoints
  (upstream hfsprogs: fix when not linking aginst glibc #4275 / feature request: "iotop" package #4288 / Symlink soversions #4387).

• Null dereference when configuring the Control Agent with a socket
  entry that lacks the mandatory socket-name is now caught
  (sysrepo: add patch for disabling autostart #4388, python packages: move all things python under lang/python #4365).

• UNIX command sockets are created group-writable so Stork 2.4.0+ and
  other tooling using the configured group can talk to the daemon
  (dnscrypt-proxy: update dnscrypt-resolvers.csv #4398, Fatal errors in privoxy v. 3.0.26-2 #4260).

Upstream's release notes flag "no incompatible changes" and "no known
issues" for this bump.

All current patches still apply cleanly.

Release notes:
https://ftp.isc.org/isc/kea/3.0.3/Kea-3.0.3-ReleaseNotes.txt

---

🧪 Run Testing Details

• OpenWrt Version:
• OpenWrt Target/Subtarget:
• OpenWrt Device:

---

✅ Formalities

• I have reviewed the CONTRIBUTING.md file for detailed contributing guidelines.

[pprindeville]

LGTM

[pprindeville]

@commodo @fxdupont: Was hoping to have merged to 3.2.0 by now but it keeps getting pushed out...

[BKPepe]

CI/CD fails due to this issue:

2026-05-29T19:44:37.0604115Z FAILED: [code=1] src/lib/dns/libkea-dns.so.71.0.0.p/rdataclass.cc.o 
2026-05-29T19:44:37.0617980Z aarch64-openwrt-linux-musl-g++ -Isrc/lib/dns/libkea-dns.so.71.0.0.p -Isrc/lib/dns -I../src/lib/dns -I. -I.. -Isrc -I../src -Isrc/bin -I../src/bin -Isrc/lib -I../src/lib -I/builder/staging_dir/toolchain-aarch64_generic_gcc-14.3.0_musl/usr/include -I/builder/staging_dir/toolchain-aarch64_generic_gcc-14.3.0_musl/include -I/builder/staging_dir/toolchain-aarch64_generic_gcc-14.3.0_musl/include/fortify -I/builder/staging_dir/target-aarch64_generic_musl/usr/include -fdiagnostics-color=always -D_GLIBCXX_ASSERTIONS=1 -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -DBOOST_ALL_NO_LIB -pthread -Os -pipe -mcpu=generic -fno-caller-saves -fno-plt -fhonour-copts -ffile-prefix-map=/builder/build_dir/target-aarch64_generic_musl/kea-3.0.3=kea-3.0.3 -ffunction-sections -fdata-sections -Wl,-z,max-page-size=4096 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -Wl,-z,pack-relative-relocs -ffunction-sections -fdata-sections -fPIC -MD -MQ src/lib/dns/libkea-dns.so.71.0.0.p/rdataclass.cc.o -MF src/lib/dns/libkea-dns.so.71.0.0.p/rdataclass.cc.o.d -o src/lib/dns/libkea-dns.so.71.0.0.p/rdataclass.cc.o -c ../src/lib/dns/rdataclass.cc
2026-05-29T19:44:37.0626373Z ../src/lib/dns/rdataclass.cc: In member function 'uint32_t isc::dns::rdata::generic::SOA::getMinimum() const':
2026-05-29T19:44:37.0628057Z ../src/lib/dns/rdataclass.cc:1401:5: error: 'BOOST_STATIC_ASSERT' was not declared in this scope; did you mean 'BOOST_HAS_STATIC_ASSERT'?
2026-05-29T19:44:37.0629205Z  1401 |     BOOST_STATIC_ASSERT(sizeof(numdata_) ==
2026-05-29T19:44:37.0629818Z       |     ^~~~~~~~~~~~~~~~~~~
2026-05-29T19:44:37.0630358Z       |     BOOST_HAS_STATIC_ASSERT
2026-05-29T19:44:37.0785105Z [75/651] Compiling C++ object src/lib/dns/libkea-dns.so.71.0.0.p/rrclass.cc.o
2026-05-29T19:44:37.4130293Z [76/651] Compiling C++ object src/lib/dns/libkea-dns.so.71.0.0.p/rdata.cc.o
2026-05-29T19:44:38.0887404Z [77/651] Compiling C++ object src/lib/dns/libkea-dns.so.71.0.0.p/rrset.cc.o
2026-05-29T19:44:38.2343140Z [78/651] Compiling C++ object src/lib/dns/libkea-dns.so.71.0.0.p/rrttl.cc.o
2026-05-29T19:44:38.9567751Z [79/651] Compiling C++ object src/lib/dns/libkea-dns.so.71.0.0.p/rrparamregistry.cc.o
2026-05-29T19:44:38.9568286Z ninja: build stopped: subcommand failed.
2026-05-29T19:44:38.9573099Z make[2]: *** [Makefile:290: /builder/build_dir/target-aarch64_generic_musl/kea-3.0.3/.built] Error 1
2026-05-29T19:44:38.9573938Z make[2]: Leaving directory '/feed/net/kea'
2026-05-29T19:44:38.9578506Z time: package/feeds/packages_ci/kea/compile#98.11#10.64#34.73
2026-05-29T19:44:38.9587754Z     ERROR: package/feeds/packages_ci/kea failed to build.
2026-05-29T19:44:38.9592822Z make[1]: *** [package/Makefile:198: package/feeds/packages_ci/kea/compile] Error 1

[commodo]

CI/CD fails due to this issue:

yes, that goes with this PR #29577

i've split this up, to also make that as backport for 25.12 should it be needed;
but i forgot that 3.0.3 update is blocked by the static-assert;

i'm a bit uncertain how buildbots work;
sometimes things get fixed, and then new failures pop-up;
it's as if buildbots have certain limits to which errors can show up