- Update from version 3.16 to 3.19
- Update of rootfile not required
- CVE fix in version 3.18 and another in 3.17. The CVE fix in 3.17 results in a
breaking
change. The vulnerable option can be enabled in the build but that doesn't
seem to be
a good approach for IPFire. I am not sure that the non backwards compatible
changed
padding on encrypted strings would create a problem for us. I suspect this
is more
if iperf3 is being used in a continuous measuring mode and in IPFire it is
an addon
that is used to measure throughput rates when required.
- Changelog
3.19
Notable user-visible changes
iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux
with the use of the -m or --mptcp flag. (PR #1661)
iperf3 now supports a --cntl-ka option to enable TCP keepalives
on the control connection. (#812, #835, PR #1423)
iperf3 now supports the MSG_TRUNC receive option, specified by
the --skip-rx-copy. This theoretically improves the rated
throughput of tests at high bitrates by not delivering network
payload data to userspace. (#1678, PR #1717)
A bug that caused the bitrate setting to be ignored when bursts
are set, has been fixed. (#1773, #1820, PR #1821, PR #1848)
The congestion control protocol setting, if used, is now
properly reset between tests. (PR #1812)
iperf3 now exits with a non-error 0 exit code if exiting via a
SIGTERM, SIGHUP, or SIGINT. (#1009, PR# 1829)
The current behavior of iperf3 with respect to the -n and -k
options is now documented as correct. (#1768, #1775, #596, PR
#1800)
Notable developer-visible changes
iperf3 now supports a callback function to get the JSON output
strings. (#1711, PR #1798)
iperf3 now builds correctly with gcc-15 (#1838, PR #1805)
Various memory leaks were fixed (#1881, PR#1823, #1814, PR#1822)
A potential segfault crash was fixed (#1807)
Improved warning messages when reading malformed JSON messages
(PR #1817)
The Github CI configuration was changed to use a more up-to-date
set of runners (PR #1864)
3.18
Notable user-visible changes
SECURITY NOTE: Thanks to Leonid Krolle Bi.Zone for discovering a
JSON type security vulnerability that caused a
segmentation fault in the
server. (CVE-2024-53580) This has now been
fixed. (PR#1810)
UDP packets per second now reports the correct number of
packets, by reporting NET_SOFTERROR if there's a EAGAIN/EINTR
errno if no data was sent (#1367/PR#1379).
Several segmentation faults related to threading were fixed. One
where pthread_cancel was called on an improperly initialized
thread (#1801), another where threads were being recycled
(#1760/PR#1761), and another where threads were improperly
handling signals (#1750/PR#1752).
A segmentation fault from calling freeaddrinfo with NULL was
fixed (PR#1755).
Some JSON options were fixed, including checking the size for
json_read (PR#1709), but the size limit was removed for
received server output (PR#1779).
A rcv-timeout error has been fixed. The Nread timeout was
hardcoded and timed out before the --rcv-timeout option
(PR#1744).
There is no longer a limit on the omit time period
(#1770/PR#1774).
Fixed an output crash under 32-bit big-endian systems (PR#1713).
An issue was fixed where CPU utilization was unexpectedly high
during limited baud rate tests. The --pacing-timer option was
removed, but it is still available in the library
(#1741/PR#1743).
Add SCTP information to --json output and fixed compile error
when SCTP is not supported (#1731).
--fq-rate was changed from a uint to a uint64 to allow pacing
above
32G. Not yet tested on big-endian systems (PR#1728).
Notable developer-visible changes
Clang compilation failure on Android were fixed (PR#1687).
iperf_time_add() was optimizated to improve performance
(PR#1742).
Debug messages were added when the state changes (PR#1734).
To increase performance, the old UDP prot_listener is cleared
and removed after each test (PR#1708).
A file descriptor leak was closed (PR#1619).
3.17.1
Notable user-visible changes
Version number has been corrected. (#1699)
Notable developer-visible changes
No longer signing tags
3.17
Notable user-visible changes
BREAKING CHANGE: iperf3's authentication features, when used
with
OpenSSL prior to 3.2.0, contain a vulnerability to a
side-channel
timing attack. To address this flaw, a change has been made to
the
padding applied to encrypted strings. This change is not
backwards
compatible with older versions of iperf3 (before 3.17). To
restore
the older (vulnerable) behavior, and hence
backwards-compatibility, use the --use-pkcs1-padding flag. The
iperf3 team thanks Hubert Kario from RedHat for reporting this
issue and providing feedback on the fix.
(CVE-2024-26306)(PR#1695)
iperf3 no longer changes its current working directory in
--daemon
mode. This results in more predictable behavior with relative
paths, in particular finding key and credential files for
authentication. (PR#1672)
A new --json-stream option has been added to enable a streaming
output format, consisting of a series of JSON objects (for the
start of the test, each measurement interval, and the end of
the
test) separated by newlines (#444, #923, #1098).
UDP tests now work correctly between different endian hosts
(#1415).
The --fq-rate parameter now works for --reverse tests (#1632,
PR#1667).
The statistics reporting interval is now available in the --json
start test object (#1663).
A negative time test duration is now properly flagged as an
error
(IS#1662 / PR#1666).
Notable developer-visible changes
Fixes have been made to better (unofficially) support builds on
Android (#1641 / #1651) and VxWorks (#1595).
iperf3 now builds correctly on architectures without native
support for 64-bit atomic types, by linking with the libatomic
library (#1611).
Signed-off-by: Adolf Belka <[email protected]>
---
lfs/iperf3 | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/lfs/iperf3 b/lfs/iperf3
index 4ea5a7e69..dbbc5a5ce 100644
--- a/lfs/iperf3
+++ b/lfs/iperf3
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <[email protected]> #
+# Copyright (C) 2007-2025 IPFire Team <[email protected]> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = A tool to measure network performance
-VER = 3.16
+VER = 3.19
THISAPP = iperf-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = iperf3
-PAK_VER = 7
+PAK_VER = 8
DEPS =
@@ -51,7 +51,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 =
4ca930b58c54d5ae5b0c8b14aca2556224ff2c7b943d32e65486dc2a7e1abd2d26b229e9f759358c326be8754e88a203e11a3ab0f029daa982375a880c3f1cbd
+$(DL_FILE)_BLAKE2 =
b6f5e9bdef5ee3fc38bef893144bc6ad003ccbc7b3db4793dbd2aec5998faa55cac215a0db06ab37729dc1c05787ebacbf09db8a6e6517f82492a6c67ec3d9e6
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
@@ -84,7 +84,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
--
2.49.0
