From: <Randy.MacLeod@windriver.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: [PATCH 1/2] iperf3: Upgrade 3.18 -> 3.20
Date: Mon, 17 Nov 2025 16:46:23 -0500 [thread overview]
Message-ID: <20251117214624.941380-1-Randy.MacLeod@windriver.com> (raw)
From: Randy MacLeod <Randy.MacLeod@windriver.com>
Change summary from:
https://software.es.net/iperf/news.html#iperf-3-19-released
and RELNOTES links:
iperf-3.20 fixes a number of bugs and also adds some minor enhancements.
https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-320-2025-11-14
iperf-3.19.1 is a security fix release to address three issues reported
by Han Lee of Apple Information Security.
https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-3191-2025-07-25
iperf-3.19 includes support for MP-TCPv1 under Linux, keepalives on the
control connection, support for the MSG_TRUNC receive option, and
a number of minor bug fixes.
https://github.com/esnet/iperf/blob/master/RELNOTES.md#iperf-319-2025-05-16
Drop 2 CVE patches that were backports.
Drop 0001-configure.ac-check-for-CPP-prog.patch
which is merged in:
https://github.com/esnet/iperf/commit/beadb59b90e8
License-Update: The only changes were:
❯ git log --oneline 3.18..3.20 LICENSE
9f6dc21 Copyright updates for 2025.
edf5c75 Fix typo in LICENSE
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
---
.../iperf3/0001-fix-build-with-gcc-15.patch | 66 ---------------
.../iperf3/iperf3/CVE-2025-54349.patch | 80 -------------------
.../iperf3/iperf3/CVE-2025-54350.patch | 24 ------
.../iperf3/{iperf3_3.18.bb => iperf3_3.20.bb} | 7 +-
4 files changed, 2 insertions(+), 175 deletions(-)
delete mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/0001-fix-build-with-gcc-15.patch
delete mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch
delete mode 100644 meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch
rename meta-oe/recipes-benchmark/iperf3/{iperf3_3.18.bb => iperf3_3.20.bb} (79%)
diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/0001-fix-build-with-gcc-15.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/0001-fix-build-with-gcc-15.patch
deleted file mode 100644
index d3f3e712c9..0000000000
--- a/meta-oe/recipes-benchmark/iperf3/iperf3/0001-fix-build-with-gcc-15.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From a46630d4e373e9a3ef974c1b67767f6816c66572 Mon Sep 17 00:00:00 2001
-From: Rudi Heitbaum <rudi@heitbaum.com>
-Date: Mon, 9 Dec 2024 10:13:02 +0000
-Subject: [PATCH] fix build with gcc-15
-
-Upstream-Status: Submitted [https://github.com/esnet/iperf/pull/1805]
-
-Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
----
- src/iperf_api.c | 8 ++++----
- src/iperf_api.h | 8 ++++----
- 2 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/src/iperf_api.c b/src/iperf_api.c
-index 7fb741e..4bb5b2f 100644
---- a/src/iperf_api.c
-+++ b/src/iperf_api.c
-@@ -599,25 +599,25 @@ iperf_set_mapped_v4(struct iperf_test *ipt, const int val)
- }
-
- void
--iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)())
-+iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)(struct iperf_stream *))
- {
- ipt->on_new_stream = callback;
- }
-
- void
--iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)())
-+iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *))
- {
- ipt->on_test_start = callback;
- }
-
- void
--iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)())
-+iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *))
- {
- ipt->on_connect = callback;
- }
-
- void
--iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)())
-+iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *))
- {
- ipt->on_test_finish = callback;
- }
-diff --git a/src/iperf_api.h b/src/iperf_api.h
-index 1313142..df10c38 100644
---- a/src/iperf_api.h
-+++ b/src/iperf_api.h
-@@ -213,10 +213,10 @@ void iperf_set_dont_fragment( struct iperf_test* ipt, int dont_fragment );
- void iperf_set_test_congestion_control(struct iperf_test* ipt, char* cc);
- void iperf_set_test_mss(struct iperf_test* ipt, int mss);
- void iperf_set_mapped_v4(struct iperf_test* ipt, const int val);
--void iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)());
--void iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)());
--void iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)());
--void iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)());
-+void iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)(struct iperf_stream *));
-+void iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *));
-+void iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *));
-+void iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *));
-
- #if defined(HAVE_SSL)
- void iperf_set_test_client_username(struct iperf_test *ipt, const char *client_username);
diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch
deleted file mode 100644
index 61e1888685..0000000000
--- a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54349.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-Subject: [PATCH] iperf3: Fix CVE-2025-54349
-CVE: CVE-2025-54349
-Upstream-Status: Backport [https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf]
-Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
----
-diff --git a/iperf_auth.c b/iperf_auth.c
-index 72e85fc..91c4133 100644
---- a/src/iperf_auth.c
-+++ b/src/iperf_auth.c
-@@ -288,6 +288,7 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch
- }
-
- int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedtext_len, EVP_PKEY *private_key, unsigned char **plaintext, int use_pkcs1_padding) {
-+ int ret =0;
- #if OPENSSL_VERSION_MAJOR >= 3
- EVP_PKEY_CTX *ctx;
- #else
-@@ -310,7 +311,8 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
- keysize = RSA_size(rsa);
- #endif
- rsa_buffer = OPENSSL_malloc(keysize * 2);
-- *plaintext = (unsigned char*)OPENSSL_malloc(keysize);
-+ // Note: +1 for NULL
-+ *plaintext = (unsigned char*)OPENSSL_malloc(keysize + 1);
-
- BIO *bioBuff = BIO_new_mem_buf((void*)encryptedtext, encryptedtext_len);
- rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
-@@ -322,11 +324,12 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
- #if OPENSSL_VERSION_MAJOR >= 3
- plaintext_len = keysize;
- EVP_PKEY_decrypt_init(ctx);
-- int ret = EVP_PKEY_CTX_set_rsa_padding(ctx, padding);
-+
-+ ret = EVP_PKEY_CTX_set_rsa_padding(ctx, padding);
- if (ret < 0){
- goto errreturn;
- }
-- EVP_PKEY_decrypt(ctx, *plaintext, &plaintext_len, rsa_buffer, rsa_buffer_len);
-+ ret = EVP_PKEY_decrypt(ctx, *plaintext, &plaintext_len, rsa_buffer, rsa_buffer_len);
- EVP_PKEY_CTX_free(ctx);
- #else
- plaintext_len = RSA_private_decrypt(rsa_buffer_len, rsa_buffer, *plaintext, rsa, padding);
-@@ -337,7 +340,7 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
- BIO_free(bioBuff);
-
- /* Treat a decryption error as an empty string. */
-- if (plaintext_len < 0) {
-+ if (plaintext_len <= 0) {
- plaintext_len = 0;
- }
-
-@@ -386,7 +389,7 @@ int decode_auth_setting(int enable_debug, const char *authtoken, EVP_PKEY *priva
- int plaintext_len;
- plaintext_len = decrypt_rsa_message(encrypted_b64, encrypted_len_b64, private_key, &plaintext, use_pkcs1_padding);
- free(encrypted_b64);
-- if (plaintext_len < 0) {
-+ if (plaintext_len <= 0) {
- return -1;
- }
- plaintext[plaintext_len] = '\0';
-@@ -394,16 +397,19 @@ int decode_auth_setting(int enable_debug, const char *authtoken, EVP_PKEY *priva
- char *s_username, *s_password;
- s_username = (char *) calloc(plaintext_len, sizeof(char));
- if (s_username == NULL) {
-+ OPENSSL_free(plaintext);
- return -1;
- }
- s_password = (char *) calloc(plaintext_len, sizeof(char));
- if (s_password == NULL) {
-+ OPENSSL_free(plaintext);
- free(s_username);
- return -1;
- }
-
- int rc = sscanf((char *) plaintext, auth_text_format, s_username, s_password, &utc_seconds);
- if (rc != 3) {
-+ OPENSSL_free(plaintext);
- free(s_password);
- free(s_username);
- return -1;
diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch b/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch
deleted file mode 100644
index 12ca38b830..0000000000
--- a/meta-oe/recipes-benchmark/iperf3/iperf3/CVE-2025-54350.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: [PATCH] iperf3: Fix CVE-2025-54350
-CVE: CVE-2025-54350
-Upstream-Status: Backport [https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a]
-Comment: Patch is refreshed as per codebase of 3.18
-Signed-off-by: Nitin Wankhade <nitin.wankhade333@gmail.com>
----
---- a/src/iperf_auth.c 2025-09-12 10:21:48.186090000 +0530
-+++ b/src/iperf_auth.c 2025-09-15 11:13:21.123222080 +0530
-@@ -28,7 +28,6 @@
- #include "iperf_config.h"
-
- #include <string.h>
--#include <assert.h>
- #include <time.h>
- #include <sys/types.h>
- /* FreeBSD needs _WITH_GETLINE to enable the getline() declaration */
-@@ -152,7 +151,6 @@
-
- BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Do not use newlines to flush buffer
- *length = BIO_read(bio, *buffer, strlen(b64message));
-- assert(*length == decodeLen); //length should equal decodeLen, else something went horribly wrong
- BIO_free_all(bio);
-
- return (0); //success
diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.20.bb
similarity index 79%
rename from meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb
rename to meta-oe/recipes-benchmark/iperf3/iperf3_3.20.bb
index a8c74c1b45..7d4d6beeb8 100644
--- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.18.bb
+++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.20.bb
@@ -10,17 +10,14 @@ SECTION = "console/network"
BUGTRACKER = "https://github.com/esnet/iperf/issues"
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9873a72f714e240530e759e103ac7b2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b51332d7f45357a9410daa9a14a3655f"
SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \
file://0002-Remove-pg-from-profile_CFLAGS.patch \
file://0001-configure.ac-check-for-CPP-prog.patch \
- file://0001-fix-build-with-gcc-15.patch \
- file://CVE-2025-54349.patch \
- file://CVE-2025-54350.patch \
"
-SRCREV = "2a2984488d6de8f7a2d1f5938e03ca7be57e227c"
+SRCREV = "0711330bacfaf1c2a804be66e7ecc26f481ede5d"
RDEPENDS:${PN} = "libgcc"
--
2.34.1
next reply other threads:[~2025-11-17 21:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-17 21:46 Randy.MacLeod [this message]
2025-11-17 21:46 ` [PATCH 2/2] nano: upgrade 8.6 -> 8.7 Randy.MacLeod
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251117214624.941380-1-Randy.MacLeod@windriver.com \
--to=randy.macleod@windriver.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.