From 5df87d344bca6fac51c7b72f5204d1b31bfe85f3898a96fc39dc5c20d011db37 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Wed, 15 May 2024 10:56:09 +0000 Subject: [PATCH] - update to 3.17.1 (bsc#1224262, CVE-2024-26306): * BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the padding applied to encrypted strings. This change is not backwards compatible with older versions of iperf3 (before 3.17). To restore the older (vulnerable) behavior, and hence backwards-compatibility, use the --use-pkcs1-padding flag. The iperf3 team thanks Hubert Kario from RedHat for reporting this issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695) * iperf3 no longer changes its current working directory in --daemon mode. This results in more predictable behavior with relative paths, in particular finding key and credential files for authentication. (PR#1672) * A new --json-stream option has been added to enable a streaming output format, consisting of a series of JSON objects (for the start of the test, each measurement interval, and the end of the test) separated by newlines (#444, #923, #1098). * UDP tests now work correctly between different endian hosts * The --fq-rate parameter now works for --reverse tests * The statistics reporting interval is now available in the --json start test object (#1663). * A negative time test duration is now properly flagged as an error (IS#1662 / PR#1666). OBS-URL: https://build.opensuse.org/package/show/network:utilities/iperf?expand=0&rev=71 --- iperf-3.16.tar.gz | 3 --- iperf-3.16.tar.gz.sha256 | 1 - iperf-3.17.1.tar.gz | 3 +++ iperf-3.17.1.tar.gz.sha256 | 1 + iperf.changes | 29 +++++++++++++++++++++++++++++ iperf.spec | 4 ++-- 6 files changed, 35 insertions(+), 6 deletions(-) delete mode 100644 iperf-3.16.tar.gz delete mode 100644 iperf-3.16.tar.gz.sha256 create mode 100644 iperf-3.17.1.tar.gz create mode 100644 iperf-3.17.1.tar.gz.sha256 diff --git a/iperf-3.16.tar.gz b/iperf-3.16.tar.gz deleted file mode 100644 index 7dce018..0000000 --- a/iperf-3.16.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cc740c6bbea104398cc3e466befc515a25896ec85e44a662d5f4a767b9cf713e -size 664751 diff --git a/iperf-3.16.tar.gz.sha256 b/iperf-3.16.tar.gz.sha256 deleted file mode 100644 index 3a89e3b..0000000 --- a/iperf-3.16.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -cc740c6bbea104398cc3e466befc515a25896ec85e44a662d5f4a767b9cf713e iperf-3.16.tar.gz diff --git a/iperf-3.17.1.tar.gz b/iperf-3.17.1.tar.gz new file mode 100644 index 0000000..0bc6852 --- /dev/null +++ b/iperf-3.17.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:84404ca8431b595e86c473d8f23d8bb102810001f15feaf610effd3b318788aa +size 670547 diff --git a/iperf-3.17.1.tar.gz.sha256 b/iperf-3.17.1.tar.gz.sha256 new file mode 100644 index 0000000..22c5d6e --- /dev/null +++ b/iperf-3.17.1.tar.gz.sha256 @@ -0,0 +1 @@ +84404ca8431b595e86c473d8f23d8bb102810001f15feaf610effd3b318788aa iperf-3.17.1.tar.gz diff --git a/iperf.changes b/iperf.changes index 75c2b16..57d5a4a 100644 --- a/iperf.changes +++ b/iperf.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Wed May 15 10:53:18 UTC 2024 - Dirk Müller + +- update to 3.17.1 (bsc#1224262, CVE-2024-26306): + * BREAKING CHANGE: iperf3's authentication features, when used + with OpenSSL prior to 3.2.0, contain a vulnerability to a + side-channel timing attack. To address this flaw, a change + has been made to the padding applied to encrypted strings. + This change is not backwards compatible with older versions of + iperf3 (before 3.17). To restore + the older (vulnerable) behavior, and hence + backwards-compatibility, use the --use-pkcs1-padding flag. The + iperf3 team thanks Hubert Kario from RedHat for reporting this + issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695) + * iperf3 no longer changes its current working directory in --daemon + mode. This results in more predictable behavior with relative + paths, in particular finding key and credential files for + authentication. (PR#1672) + * A new --json-stream option has been added to enable a streaming + output format, consisting of a series of JSON objects (for the + start of the test, each measurement interval, and the end of the + test) separated by newlines (#444, #923, #1098). + * UDP tests now work correctly between different endian hosts + * The --fq-rate parameter now works for --reverse tests + * The statistics reporting interval is now available in the --json + start test object (#1663). + * A negative time test duration is now properly flagged as an error + (IS#1662 / PR#1666). + ------------------------------------------------------------------- Wed Dec 27 11:25:27 UTC 2023 - Dirk Müller diff --git a/iperf.spec b/iperf.spec index 5a6dd75..810dc50 100644 --- a/iperf.spec +++ b/iperf.spec @@ -1,7 +1,7 @@ # # spec file for package iperf # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define soname 0 Name: iperf -Version: 3.16 +Version: 3.17.1 Release: 0 Summary: A tool to measure network performance License: BSD-3-Clause