iperf3: Update to version 3.21
Commit Message
- Update from version 3.19 to 3.21
- No change to rootfile
- 3 CVE fixes were applied in version 3.19.1
- Changelog
3.21
* Notable user-visible changes
* Support has been added for Global Segmentation Offload (GSO) and
Global Receive Offload (GRO) under Linux (PR #1926, PR #2007,
also note that a number of other pull requests were submitted
towards this functionality).
* The `--bind-dev` option is now supported on macOS (PR #1945).
* Support has been added on macOS for the equivalent of the
`tcp_info` structure (#1411, PR #2008). This change results in
TCP window information being printed in human-readable output
and a number of TCP statistics being added to the JSON output.
* The iperf3 server provides more information about various error
conditions to the client (PR #1914, PR #1931, PR #1950).
* The maximum value for the `--set-mss` option is now 32K (PR
#1816). Note that this option still does not work reliably in
all cases.
* The cancellation type of child threads was changed from
`PTHREAD_CANCEL_ASYNCHRONOUS` to `PTHREAD_CANCEL_DEFERRED`
(#1991, #2003, PR #2004). This change fixes some hangs that
could occur at the end of a test.
* A race condition leading to a crash when closing sockets at the
end of a test has been fixed (PR #1990).
* iperf3 no longer erroneously prints that zero UDP packets were
lost during a lossy UDP test (#1984, PR #1988).
* A division by zero error has been avoided (PR #2002).
* The security posture of the `iperf3.service` file has been
improved considerably by updating a number of settings (PR
#1855). Note that this file is neither installed nor activated
by default.
* Notable developer-visible changes
* iperf3 finally performs `ldconfig` as a part of `make install`
on platforms that require it (#1995, PR #2005).
* Various bug fixes (PR #1960, PR #1981, PR #2001).
* Various documentation fixes (PR #1972, PR #1974, PR #1993).
3.20
* Notable user-visible changes
* Millisecond-resolution representations have been added to JSON
timestamps. (PR #1846)
* The reorder_seen metric, where available, is now available in
the JSON output. (PR #1278)
* A division by zero error has been fixed. (PR #1906)
* Some command-line options were not properly restricted to the
client or server; this problem has been fixed. (#1892 / PR #1894)
* The combination of `--udp` and `--file` is now explicitly
disallowed. (PR #1909)
* It is now possible to get both the full JSON result object as
well as streaming intermediate JSON result objects. This
functionality is enabled by using the new `--json-stream-full`
command-line flag, in addition to the existing `--json-stream`
flag (PR #1903)
* Sends with `--zerocopy` are now properly seeded with data
instead of being all-zeroes. (PR #1949)
* The `--server-max-duration` flag is now allowed on the iperf3 server to impose
a maximum duration on timed tests. (PR #1684)
* The `--rcv-timeout` flag is now ignored for `--bidir`
tests. This change prevents premature termination of
bidirectional tests. (#1766 / PR #1946)
* Several errors in the authentication code were uncovered when
building with OpenSSL 3.5.3 and later versions. These were
fixed. (#1951 / PR #1956)
* Various issues in the iperf3 manual page were fixed up. (PR
#1887, PR #1927, PR #1936, PR #1941, #1891 / PR #1952)
* Notable developer-visible changes
* A build failure with uClibc has been fixed. (#1888 / PR #1890)
* It is now possible to use the API to load RSA keys from a file.
(PR #1889)
* Some calls to sprintf() were replaced with calls to
snprintf(). There were no hazards in the code as written, but
this change might help silence some compiler warnings and
potentially prevent future vulnerabilities. (PR #1929)
* Proper error handling has been added to the `unit_atoX()`
functions. (PR #1394)
* Some memory handling errors in `t_auth` were fixed. (PR #1953)
* Minor enhancements and fixes to GitHub Actions workflows (PR
#1919, PR #1928, PR #1942).
3.19.1
* Notable user-visible changes
* SECURITY NOTE: Thanks to Han Lee with Apple Information Security
for finding and reporting several memory errors
including a buffer overflow within the
`--skip-rx-copy` option, and two memory errors
within authentication, including a heap overflow
in the plaintext password and an assert.
* An off-by-one heap overflow has been fixed in authentication.
(CVE-2025-54349, ESNET-SECADV-2025-0003)
* An assert in authentication has been removed. (CVE-2025-54350,
ESNET-SECADV-2025-0002)
* A buffer overflow in the `--skip-rx-copy` option for zerocopy
has been fixed. (CVE-2025-54351, ESNET-SECADV-2025-0001)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
lfs/iperf3 | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = A tool to measure network performance
-VER = 3.19
+VER = 3.21
THISAPP = iperf-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = iperf3
-PAK_VER = 8
+PAK_VER = 9
DEPS =
@@ -51,7 +51,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = b6f5e9bdef5ee3fc38bef893144bc6ad003ccbc7b3db4793dbd2aec5998faa55cac215a0db06ab37729dc1c05787ebacbf09db8a6e6517f82492a6c67ec3d9e6
+$(DL_FILE)_BLAKE2 = 696a13caaa5cf52a69c65566ae4d2d8788a4225d689d32e73306f5174dad141c92ea3acdda9a929803a1e57eee6844350be2da749e5f44c48bf0ab7890e97745
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))