From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4b1pf75T1wz33jF for ; Tue, 20 May 2025 09:09:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4b1pf42QGxz3368 for ; Tue, 20 May 2025 09:09:32 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4b1pf36C3xz4b1; Tue, 20 May 2025 09:09:31 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1747732171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mBofNLuXMMfqFxVnzuYqSSMU/mbZYYXOuJieuFrRHxQ=; b=NIZkzdmQtybkQwVKA7Sxlm7IIV5k0PPXZxgFzJgcKMVjr0IBo40ozoSDISVDiMnPVV2lQR H8a1A3vNicquecCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1747732171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mBofNLuXMMfqFxVnzuYqSSMU/mbZYYXOuJieuFrRHxQ=; b=Q68CF+uCExvjumzhlGWoAtacH3NTL3Vz1jZkkiADnMonF8rprivD83BWKi6ZbohAtHyT8w IHdRUtz/dCxZK7OJo41zhu2yPv6tdZWQuHV3toNkyYyQ7aHVDF24ve+q0t0scFTQ6rwFxN qA3Frrsn5H8TGeWXhMWL97JSmerdlmrHAnJ1x5BoP7t9MEyGOx3YXFl14ukdRduCuIQSC2 L/kIHAMkRUkj/RqUNdR+B+rFNTkmIZ5B3AFgBA65+D+YwvJ+zXKQijMLgYmPR66l43iLTB E8KmaQeNAB1QlwNVsNB3uDQKRe95K01VwW1dkOx/6Ae7xYiTxn8UcbHtKXhSYg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] iperf3: Update to version 3.19 Date: Tue, 20 May 2025 11:09:25 +0200 Message-ID: <20250520090927.3663-2-adolf.belka@ipfire.org> In-Reply-To: <20250520090927.3663-1-adolf.belka@ipfire.org> References: <20250520090927.3663-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit - Update from version 3.16 to 3.19 - Update of rootfile not required - CVE fix in version 3.18 and another in 3.17. The CVE fix in 3.17 results in a breaking change. The vulnerable option can be enabled in the build but that doesn't seem to be a good approach for IPFire. I am not sure that the non backwards compatible changed padding on encrypted strings would create a problem for us. I suspect this is more if iperf3 is being used in a continuous measuring mode and in IPFire it is an addon that is used to measure throughput rates when required. - Changelog 3.19 Notable user-visible changes iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the -m or --mptcp flag. (PR #1661) iperf3 now supports a --cntl-ka option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) iperf3 now supports the MSG_TRUNC receive option, specified by the --skip-rx-copy. This theoretically improves the rated throughput of tests at high bitrates by not delivering network payload data to userspace. (#1678, PR #1717) A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848) The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812) iperf3 now exits with a non-error 0 exit code if exiting via a SIGTERM, SIGHUP, or SIGINT. (#1009, PR# 1829) The current behavior of iperf3 with respect to the -n and -k options is now documented as correct. (#1768, #1775, #596, PR #1800) Notable developer-visible changes iperf3 now supports a callback function to get the JSON output strings. (#1711, PR #1798) iperf3 now builds correctly with gcc-15 (#1838, PR #1805) Various memory leaks were fixed (#1881, PR#1823, #1814, PR#1822) A potential segfault crash was fixed (#1807) Improved warning messages when reading malformed JSON messages (PR #1817) The Github CI configuration was changed to use a more up-to-date set of runners (PR #1864) 3.18 Notable user-visible changes SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a JSON type security vulnerability that caused a segmentation fault in the server. (CVE-2024-53580) This has now been fixed. (PR#1810) UDP packets per second now reports the correct number of packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR errno if no data was sent (#1367/PR#1379). Several segmentation faults related to threading were fixed. One where pthread_cancel was called on an improperly initialized thread (#1801), another where threads were being recycled (#1760/PR#1761), and another where threads were improperly handling signals (#1750/PR#1752). A segmentation fault from calling freeaddrinfo with NULL was fixed (PR#1755). Some JSON options were fixed, including checking the size for json_read (PR#1709), but the size limit was removed for received server output (PR#1779). A rcv-timeout error has been fixed. The Nread timeout was hardcoded and timed out before the --rcv-timeout option (PR#1744). There is no longer a limit on the omit time period (#1770/PR#1774). Fixed an output crash under 32-bit big-endian systems (PR#1713). An issue was fixed where CPU utilization was unexpectedly high during limited baud rate tests. The --pacing-timer option was removed, but it is still available in the library (#1741/PR#1743). Add SCTP information to --json output and fixed compile error when SCTP is not supported (#1731). --fq-rate was changed from a uint to a uint64 to allow pacing above 32G. Not yet tested on big-endian systems (PR#1728). Notable developer-visible changes Clang compilation failure on Android were fixed (PR#1687). iperf_time_add() was optimizated to improve performance (PR#1742). Debug messages were added when the state changes (PR#1734). To increase performance, the old UDP prot_listener is cleared and removed after each test (PR#1708). A file descriptor leak was closed (PR#1619). 3.17.1 Notable user-visible changes Version number has been corrected. (#1699) Notable developer-visible changes No longer signing tags 3.17 Notable user-visible changes BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the padding applied to encrypted strings. This change is not backwards compatible with older versions of iperf3 (before 3.17). To restore the older (vulnerable) behavior, and hence backwards-compatibility, use the --use-pkcs1-padding flag. The iperf3 team thanks Hubert Kario from RedHat for reporting this issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695) iperf3 no longer changes its current working directory in --daemon mode. This results in more predictable behavior with relative paths, in particular finding key and credential files for authentication. (PR#1672) A new --json-stream option has been added to enable a streaming output format, consisting of a series of JSON objects (for the start of the test, each measurement interval, and the end of the test) separated by newlines (#444, #923, #1098). UDP tests now work correctly between different endian hosts (#1415). The --fq-rate parameter now works for --reverse tests (#1632, PR#1667). The statistics reporting interval is now available in the --json start test object (#1663). A negative time test duration is now properly flagged as an error (IS#1662 / PR#1666). Notable developer-visible changes Fixes have been made to better (unofficially) support builds on Android (#1641 / #1651) and VxWorks (#1595). iperf3 now builds correctly on architectures without native support for 64-bit atomic types, by linking with the libatomic library (#1611). Signed-off-by: Adolf Belka --- lfs/iperf3 | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lfs/iperf3 b/lfs/iperf3 index 4ea5a7e69..dbbc5a5ce 100644 --- a/lfs/iperf3 +++ b/lfs/iperf3 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = A tool to measure network performance -VER = 3.16 +VER = 3.19 THISAPP = iperf-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = iperf3 -PAK_VER = 7 +PAK_VER = 8 DEPS = @@ -51,7 +51,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 4ca930b58c54d5ae5b0c8b14aca2556224ff2c7b943d32e65486dc2a7e1abd2d26b229e9f759358c326be8754e88a203e11a3ab0f029daa982375a880c3f1cbd +$(DL_FILE)_BLAKE2 = b6f5e9bdef5ee3fc38bef893144bc6ad003ccbc7b3db4793dbd2aec5998faa55cac215a0db06ab37729dc1c05787ebacbf09db8a6e6517f82492a6c67ec3d9e6 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) @@ -84,7 +84,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && ./configure \ + --prefix=/usr cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) -- 2.49.0