From patchwork Sun Apr 26 11:44:06 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9722 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4g3PyG3r2Zz3wbJ for ; Sun, 26 Apr 2026 11:45:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 4g3PyF6Qtyz79v for ; Sun, 26 Apr 2026 11:45:09 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4g3Pxy1fHFz37Qg for ; Sun, 26 Apr 2026 11:44:54 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4g3Pxk5pwrz33t6 for ; Sun, 26 Apr 2026 11:44:42 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4g3Pxk3pPLz79k; Sun, 26 Apr 2026 11:44:42 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1777203882; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JK66mF1fp0ShPh4ZdpaGD26vDFhFZYAC8YaplVbgaSA=; b=+Z2coI+k31RwG08+jRtyWAHpAYkl9JPrM1zghMw9ZqClz9/M5NPjpayhlhrPL0NOlP2cOa NMfG8ch1MaIkMBAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1777203882; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JK66mF1fp0ShPh4ZdpaGD26vDFhFZYAC8YaplVbgaSA=; b=IX4ymrqEdWBrQoaYe/sSJhWqNR6B6G/fmHFgOrRCRfeYbIzxUf4NKD5AUoMC48cJpxWxoH qagYJNR7DXbR4Eiq+WC7Ze0fTlNIAdh+K2LqXy67iwIy3FvEdWHBouWIk7uhBAOTKOgbFJ owDFNbIceavO1D0FHeVHelGF89UIwpNKBGJqxclE5mAej2l7kFrL/1EldsWKQxfLsci9c7 if3/OubPSsC31C8dnmgvEKrLFQhO4WH2DoqQGzJpCc7LoaT/t6lOssbZ6BGha475acuE77 oGSZvS5aFEEtBu4d0g+XjWyIhWK6JbavJeRESErzNJmGDsYDEAQ/F92o0UuGkg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] iperf3: Update to version 3.21 Date: Sun, 26 Apr 2026 13:44:06 +0200 Message-ID: <20260426114418.122889-17-adolf.belka@ipfire.org> In-Reply-To: <20260426114418.122889-1-adolf.belka@ipfire.org> References: <20260426114418.122889-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 3.19 to 3.21 - No change to rootfile - 3 CVE fixes were applied in version 3.19.1 - Changelog 3.21 * Notable user-visible changes * Support has been added for Global Segmentation Offload (GSO) and Global Receive Offload (GRO) under Linux (PR #1926, PR #2007, also note that a number of other pull requests were submitted towards this functionality). * The `--bind-dev` option is now supported on macOS (PR #1945). * Support has been added on macOS for the equivalent of the `tcp_info` structure (#1411, PR #2008). This change results in TCP window information being printed in human-readable output and a number of TCP statistics being added to the JSON output. * The iperf3 server provides more information about various error conditions to the client (PR #1914, PR #1931, PR #1950). * The maximum value for the `--set-mss` option is now 32K (PR #1816). Note that this option still does not work reliably in all cases. * The cancellation type of child threads was changed from `PTHREAD_CANCEL_ASYNCHRONOUS` to `PTHREAD_CANCEL_DEFERRED` (#1991, #2003, PR #2004). This change fixes some hangs that could occur at the end of a test. * A race condition leading to a crash when closing sockets at the end of a test has been fixed (PR #1990). * iperf3 no longer erroneously prints that zero UDP packets were lost during a lossy UDP test (#1984, PR #1988). * A division by zero error has been avoided (PR #2002). * The security posture of the `iperf3.service` file has been improved considerably by updating a number of settings (PR #1855). Note that this file is neither installed nor activated by default. * Notable developer-visible changes * iperf3 finally performs `ldconfig` as a part of `make install` on platforms that require it (#1995, PR #2005). * Various bug fixes (PR #1960, PR #1981, PR #2001). * Various documentation fixes (PR #1972, PR #1974, PR #1993). 3.20 * Notable user-visible changes * Millisecond-resolution representations have been added to JSON timestamps. (PR #1846) * The reorder_seen metric, where available, is now available in the JSON output. (PR #1278) * A division by zero error has been fixed. (PR #1906) * Some command-line options were not properly restricted to the client or server; this problem has been fixed. (#1892 / PR #1894) * The combination of `--udp` and `--file` is now explicitly disallowed. (PR #1909) * It is now possible to get both the full JSON result object as well as streaming intermediate JSON result objects. This functionality is enabled by using the new `--json-stream-full` command-line flag, in addition to the existing `--json-stream` flag (PR #1903) * Sends with `--zerocopy` are now properly seeded with data instead of being all-zeroes. (PR #1949) * The `--server-max-duration` flag is now allowed on the iperf3 server to impose a maximum duration on timed tests. (PR #1684) * The `--rcv-timeout` flag is now ignored for `--bidir` tests. This change prevents premature termination of bidirectional tests. (#1766 / PR #1946) * Several errors in the authentication code were uncovered when building with OpenSSL 3.5.3 and later versions. These were fixed. (#1951 / PR #1956) * Various issues in the iperf3 manual page were fixed up. (PR #1887, PR #1927, PR #1936, PR #1941, #1891 / PR #1952) * Notable developer-visible changes * A build failure with uClibc has been fixed. (#1888 / PR #1890) * It is now possible to use the API to load RSA keys from a file. (PR #1889) * Some calls to sprintf() were replaced with calls to snprintf(). There were no hazards in the code as written, but this change might help silence some compiler warnings and potentially prevent future vulnerabilities. (PR #1929) * Proper error handling has been added to the `unit_atoX()` functions. (PR #1394) * Some memory handling errors in `t_auth` were fixed. (PR #1953) * Minor enhancements and fixes to GitHub Actions workflows (PR #1919, PR #1928, PR #1942). 3.19.1 * Notable user-visible changes * SECURITY NOTE: Thanks to Han Lee with Apple Information Security for finding and reporting several memory errors including a buffer overflow within the `--skip-rx-copy` option, and two memory errors within authentication, including a heap overflow in the plaintext password and an assert. * An off-by-one heap overflow has been fixed in authentication. (CVE-2025-54349, ESNET-SECADV-2025-0003) * An assert in authentication has been removed. (CVE-2025-54350, ESNET-SECADV-2025-0002) * A buffer overflow in the `--skip-rx-copy` option for zerocopy has been fixed. (CVE-2025-54351, ESNET-SECADV-2025-0001) Signed-off-by: Adolf Belka --- lfs/iperf3 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/iperf3 b/lfs/iperf3 index dbbc5a5ce..7c4095ed9 100644 --- a/lfs/iperf3 +++ b/lfs/iperf3 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2025 IPFire Team # +# Copyright (C) 2007-2026 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = A tool to measure network performance -VER = 3.19 +VER = 3.21 THISAPP = iperf-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = iperf3 -PAK_VER = 8 +PAK_VER = 9 DEPS = @@ -51,7 +51,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b6f5e9bdef5ee3fc38bef893144bc6ad003ccbc7b3db4793dbd2aec5998faa55cac215a0db06ab37729dc1c05787ebacbf09db8a6e6517f82492a6c67ec3d9e6 +$(DL_FILE)_BLAKE2 = 696a13caaa5cf52a69c65566ae4d2d8788a4225d689d32e73306f5174dad141c92ea3acdda9a929803a1e57eee6844350be2da749e5f44c48bf0ab7890e97745 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects))