From 736e14743c88b5bb7c1e7a73e8716df5f116c387 Mon Sep 17 00:00:00 2001 From: Randy MacLeod Date: Mon, 17 Nov 2025 16:46:23 -0500 Subject: [PATCH] iperf3: Upgrade 3.18 -> 3.20 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change summary from: https://software.es.net/iperf/news.html#iperf-3-19-released and RELNOTES links: iperf-3.20 fixes a number of bugs and also adds some minor enhancements. https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-320-2025-11-14 iperf-3.19.1 is a security fix release to address three issues reported by Han Lee of Apple Information Security. https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3191-2025-07-25 iperf-3.19 includes support for MP-TCPv1 under Linux, keepalives on the control connection, support for the MSG_TRUNC receive option, and a number of minor bug fixes. https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-319-2025-05-16 Drop 2 CVE patches that were backports. Drop 0001-configure.ac-check-for-CPP-prog.patch which is merged in: https://github.com/esnet/iperf/commit/beadb59b90e8 License-Update: The only changes were: ❯ git log --oneline 3.18..3.20 LICENSE 9f6dc21 Copyright updates for 2025. edf5c75 Fix typo in LICENSE Signed-off-by: Randy MacLeod Signed-off-by: Khem Raj --- .../iperf3/0001-fix-build-with-gcc-15.patch | 66 --------------- .../iperf3/iperf3/CVE-2025-54349.patch | 80 ------------------- .../iperf3/iperf3/CVE-2025-54350.patch | 24 ------ .../iperf3/{iperf3_3.18.bb => iperf3_3.20.bb} | 7 +- 4 files changed, 2 insertions(+), 175 deletions(-) delete mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/0001-fix-build-with-gcc-15.patch delete mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch delete mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch rename meta-oe/recipes-benchmark/iperf3/{iperf3_3.18.bb => iperf3_3.20.bb} (79%) diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/0001-fix-build-with-gcc-15.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/0001-fix-build-with-gcc-15.patch deleted file mode 100644 index d3f3e712c9..0000000000 --- a/meta-oe/recipes-benchmark/iperf3/iperf3/0001-fix-build-with-gcc-15.patch +++ /dev/null @@ -1,66 +0,0 @@ -From a46630d4e373e9a3ef974c1b67767f6816c66572 Mon Sep 17 00:00:00 2001 -From: Rudi Heitbaum -Date: Mon, 9 Dec 2024 10:13:02 +0000 -Subject: [PATCH] fix build with gcc-15 - -Upstream-Status: Submitted [https://github.com/esnet/iperf/pull/1805] - -Signed-off-by: Martin Jansa ---- - src/iperf_api.c | 8 ++++---- - src/iperf_api.h | 8 ++++---- - 2 files changed, 8 insertions(+), 8 deletions(-) - -diff --git a/src/iperf_api.c b/src/iperf_api.c -index 7fb741e..4bb5b2f 100644 ---- a/src/iperf_api.c -+++ b/src/iperf_api.c -@@ -599,25 +599,25 @@ iperf_set_mapped_v4(struct iperf_test *ipt, const int val) - } - - void --iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)()) -+iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)(struct iperf_stream *)) - { - ipt->on_new_stream = callback; - } - - void --iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)()) -+iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)) - { - ipt->on_test_start = callback; - } - - void --iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)()) -+iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)) - { - ipt->on_connect = callback; - } - - void --iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)()) -+iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)) - { - ipt->on_test_finish = callback; - } -diff --git a/src/iperf_api.h b/src/iperf_api.h -index 1313142..df10c38 100644 ---- a/src/iperf_api.h -+++ b/src/iperf_api.h -@@ -213,10 +213,10 @@ void iperf_set_dont_fragment( struct iperf_test* ipt, int dont_fragment ); - void iperf_set_test_congestion_control(struct iperf_test* ipt, char* cc); - void iperf_set_test_mss(struct iperf_test* ipt, int mss); - void iperf_set_mapped_v4(struct iperf_test* ipt, const int val); --void iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)()); --void iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)()); --void iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)()); --void iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)()); -+void iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)(struct iperf_stream *)); -+void iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)); -+void iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)); -+void iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)); - - #if defined(HAVE_SSL) - void iperf_set_test_client_username(struct iperf_test *ipt, const char *client_username); diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch deleted file mode 100644 index 61e1888685..0000000000 --- a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch +++ /dev/null @@ -1,80 +0,0 @@ -Subject: [PATCH] iperf3: Fix CVE-2025-54349 -CVE: CVE-2025-54349 -Upstream-Status: Backport [https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf] -Signed-off-by: Nitin Wankhade ---- -diff --git a/iperf_auth.c b/iperf_auth.c -index 72e85fc..91c4133 100644 ---- a/src/iperf_auth.c -+++ b/src/iperf_auth.c -@@ -288,6 +288,7 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch - } - - int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedtext_len, EVP_PKEY *private_key, unsigned char **plaintext, int use_pkcs1_padding) { -+ int ret =0; - #if OPENSSL_VERSION_MAJOR >= 3 - EVP_PKEY_CTX *ctx; - #else -@@ -310,7 +311,8 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt - keysize = RSA_size(rsa); - #endif - rsa_buffer = OPENSSL_malloc(keysize * 2); -- *plaintext = (unsigned char*)OPENSSL_malloc(keysize); -+ // Note: +1 for NULL -+ *plaintext = (unsigned char*)OPENSSL_malloc(keysize + 1); - - BIO *bioBuff = BIO_new_mem_buf((void*)encryptedtext, encryptedtext_len); - rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2); -@@ -322,11 +324,12 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt - #if OPENSSL_VERSION_MAJOR >= 3 - plaintext_len = keysize; - EVP_PKEY_decrypt_init(ctx); -- int ret = EVP_PKEY_CTX_set_rsa_padding(ctx, padding); -+ -+ ret = EVP_PKEY_CTX_set_rsa_padding(ctx, padding); - if (ret < 0){ - goto errreturn; - } -- EVP_PKEY_decrypt(ctx, *plaintext, &plaintext_len, rsa_buffer, rsa_buffer_len); -+ ret = EVP_PKEY_decrypt(ctx, *plaintext, &plaintext_len, rsa_buffer, rsa_buffer_len); - EVP_PKEY_CTX_free(ctx); - #else - plaintext_len = RSA_private_decrypt(rsa_buffer_len, rsa_buffer, *plaintext, rsa, padding); -@@ -337,7 +340,7 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt - BIO_free(bioBuff); - - /* Treat a decryption error as an empty string. */ -- if (plaintext_len < 0) { -+ if (plaintext_len <= 0) { - plaintext_len = 0; - } - -@@ -386,7 +389,7 @@ int decode_auth_setting(int enable_debug, const char *authtoken, EVP_PKEY *priva - int plaintext_len; - plaintext_len = decrypt_rsa_message(encrypted_b64, encrypted_len_b64, private_key, &plaintext, use_pkcs1_padding); - free(encrypted_b64); -- if (plaintext_len < 0) { -+ if (plaintext_len <= 0) { - return -1; - } - plaintext[plaintext_len] = '\0'; -@@ -394,16 +397,19 @@ int decode_auth_setting(int enable_debug, const char *authtoken, EVP_PKEY *priva - char *s_username, *s_password; - s_username = (char *) calloc(plaintext_len, sizeof(char)); - if (s_username == NULL) { -+ OPENSSL_free(plaintext); - return -1; - } - s_password = (char *) calloc(plaintext_len, sizeof(char)); - if (s_password == NULL) { -+ OPENSSL_free(plaintext); - free(s_username); - return -1; - } - - int rc = sscanf((char *) plaintext, auth_text_format, s_username, s_password, &utc_seconds); - if (rc != 3) { -+ OPENSSL_free(plaintext); - free(s_password); - free(s_username); - return -1; diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch deleted file mode 100644 index 12ca38b830..0000000000 --- a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch +++ /dev/null @@ -1,24 +0,0 @@ -Subject: [PATCH] iperf3: Fix CVE-2025-54350 -CVE: CVE-2025-54350 -Upstream-Status: Backport [https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a] -Comment: Patch is refreshed as per codebase of 3.18 -Signed-off-by: Nitin Wankhade ---- ---- a/src/iperf_auth.c 2025-09-12 10:21:48.186090000 +0530 -+++ b/src/iperf_auth.c 2025-09-15 11:13:21.123222080 +0530 -@@ -28,7 +28,6 @@ - #include "iperf_config.h" - - #include --#include - #include - #include - /* FreeBSD needs _WITH_GETLINE to enable the getline() declaration */ -@@ -152,7 +151,6 @@ - - BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Do not use newlines to flush buffer - *length = BIO_read(bio, *buffer, strlen(b64message)); -- assert(*length == decodeLen); //length should equal decodeLen, else something went horribly wrong - BIO_free_all(bio); - - return (0); //success diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.20.bb similarity index 79% rename from meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb rename to meta-oe/recipes-benchmark/iperf3/iperf3_3.20.bb index a8c74c1b45..7d4d6beeb8 100644 --- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb +++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.20.bb @@ -10,17 +10,14 @@ SECTION = "console/network" BUGTRACKER = "https://github.com/esnet/iperf/issues" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=f9873a72f714e240530e759e103ac7b2" +LIC_FILES_CHKSUM = "file://LICENSE;md5=b51332d7f45357a9410daa9a14a3655f" SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \ file://0002-Remove-pg-from-profile_CFLAGS.patch \ file://0001-configure.ac-check-for-CPP-prog.patch \ - file://0001-fix-build-with-gcc-15.patch \ - file://CVE-2025-54349.patch \ - file://CVE-2025-54350.patch \ " -SRCREV = "2a2984488d6de8f7a2d1f5938e03ca7be57e227c" +SRCREV = "0711330bacfaf1c2a804be66e7ecc26f481ede5d" RDEPENDS:${PN} = "libgcc"