rpms/iperf3
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Resolves: RHEL-17069 - possible denial of service

Browse Source
This commit is contained in:
Michal Ruprich 2024-06-04 10:32:08 +02:00
parent 45156ced42
commit e5d9de6fb9
3 changed files with 503 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
cve-2023-38403.patch → 0004-cve-2023-38403.patch
View File

497
0005-cve-2023-7250.patch Normal file
View File

@ -0,0 +1,497 @@
From 5e3704dd850a5df2fb2b3eafd117963d017d07b4 Mon Sep 17 00:00:00 2001
From: "Bruce A. Mah" <bmah@es.net>
Date: Tue, 1 Aug 2023 14:02:54 -0700
Subject: [PATCH] Implement fixes to make the control connection more robust.
These include various timeouts in Nread() to guarantee that it will
eventually exit, a 10-second timeout for each attempt to read data
from the network and an approximately 30-second overall timeout per
Nread() call.
Also the iperf3 server now checks the length of the received session
cookie, and errors out if this happens to be incorrect.
Reported by Jorge Sancho Larraz - Canonical.
---
src/iperf_server_api.c | 7 ++++-
src/net.c | 62 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 68 insertions(+), 1 deletion(-)
diff --git a/src/iperf_server_api.c b/src/iperf_server_api.c
index 5fa1dd7..c528d5f 100644
--- a/src/iperf_server_api.c
+++ b/src/iperf_server_api.c
@@ -118,7 +118,12 @@ iperf_accept(struct iperf_test *test)
if (test->ctrl_sck == -1) {
/* Server free, accept new client */
test->ctrl_sck = s;
- if (Nread(test->ctrl_sck, test->cookie, COOKIE_SIZE, Ptcp) < 0) {
+ if (Nread(test->ctrl_sck, test->cookie, COOKIE_SIZE, Ptcp) != COOKIE_SIZE) {
+ /*
+ * Note this error covers both the case of a system error
+ * or the inability to read the correct amount of data
+ * (i.e. timed out).
+ */
i_errno = IERECVCOOKIE;
return -1;
}
diff --git a/src/iperf_time.c b/src/iperf_time.c
new file mode 100644
index 0000000..a435dd3
--- /dev/null
+++ b/src/iperf_time.c
@@ -0,0 +1,156 @@
+/*
+ * iperf, Copyright (c) 2014-2018, The Regents of the University of
+ * California, through Lawrence Berkeley National Laboratory (subject
+ * to receipt of any required approvals from the U.S. Dept. of
+ * Energy). All rights reserved.
+ *
+ * If you have questions about your rights to use or distribute this
+ * software, please contact Berkeley Lab's Technology Transfer
+ * Department at TTD@lbl.gov.
+ *
+ * NOTICE. This software is owned by the U.S. Department of Energy.
+ * As such, the U.S. Government has been granted for itself and others
+ * acting on its behalf a paid-up, nonexclusive, irrevocable,
+ * worldwide license in the Software to reproduce, prepare derivative
+ * works, and perform publicly and display publicly. Beginning five
+ * (5) years after the date permission to assert copyright is obtained
+ * from the U.S. Department of Energy, and subject to any subsequent
+ * five (5) year renewals, the U.S. Government is granted for itself
+ * and others acting on its behalf a paid-up, nonexclusive,
+ * irrevocable, worldwide license in the Software to reproduce,
+ * prepare derivative works, distribute copies to the public, perform
+ * publicly and display publicly, and to permit others to do so.
+ *
+ * This code is distributed under a BSD style license, see the LICENSE
+ * file for complete information.
+ */
+
+
+#include <stddef.h>
+
+#include "iperf_config.h"
+#include "iperf_time.h"
+
+#ifdef HAVE_CLOCK_GETTIME
+
+#include <time.h>
+
+int
+iperf_time_now(struct iperf_time *time1)
+{
+ struct timespec ts;
+ int result;
+ result = clock_gettime(CLOCK_MONOTONIC, &ts);
+ if (result == 0) {
+ time1->secs = (uint32_t) ts.tv_sec;
+ time1->usecs = (uint32_t) ts.tv_nsec / 1000;
+ }
+ return result;
+}
+
+#else
+
+#include <sys/time.h>
+
+int
+iperf_time_now(struct iperf_time *time1)
+{
+ struct timeval tv;
+ int result;
+ result = gettimeofday(&tv, NULL);
+ time1->secs = tv.tv_sec;
+ time1->usecs = tv.tv_usec;
+ return result;
+}
+
+#endif
+
+/* iperf_time_add_usecs
+ *
+ * Add a number of microseconds to a iperf_time.
+ */
+void
+iperf_time_add_usecs(struct iperf_time *time1, uint64_t usecs)
+{
+ time1->secs += usecs / 1000000L;
+ time1->usecs += usecs % 1000000L;
+ if ( time1->usecs >= 1000000L ) {
+ time1->secs += time1->usecs / 1000000L;
+ time1->usecs %= 1000000L;
+ }
+}
+
+uint64_t
+iperf_time_in_usecs(struct iperf_time *time)
+{
+ return time->secs * 1000000LL + time->usecs;
+}
+
+double
+iperf_time_in_secs(struct iperf_time *time)
+{
+ return time->secs + time->usecs / 1000000.0;
+}
+
+/* iperf_time_compare
+ *
+ * Compare two timestamps
+ *
+ * Returns -1 if time1 is earlier, 1 if time1 is later,
+ * or 0 if the timestamps are equal.
+ */
+int
+iperf_time_compare(struct iperf_time *time1, struct iperf_time *time2)
+{
+ if (time1->secs < time2->secs)
+ return -1;
+ if (time1->secs > time2->secs)
+ return 1;
+ if (time1->usecs < time2->usecs)
+ return -1;
+ if (time1->usecs > time2->usecs)
+ return 1;
+ return 0;
+}
+
+/* iperf_time_diff
+ *
+ * Calculates the time from time2 to time1, assuming time1 is later than time2.
+ * The diff will always be positive, so the return value should be checked
+ * to determine if time1 was earlier than time2.
+ *
+ * Returns 1 if the time1 is less than or equal to time2, otherwise 0.
+ */
+int
+iperf_time_diff(struct iperf_time *time1, struct iperf_time *time2, struct iperf_time *diff)
+{
+ int past = 0;
+ int cmp = 0;
+
+ cmp = iperf_time_compare(time1, time2);
+ if (cmp == 0) {
+ diff->secs = 0;
+ diff->usecs = 0;
+ past = 1;
+ }
+ else if (cmp == 1) {
+ diff->secs = time1->secs - time2->secs;
+ diff->usecs = time1->usecs;
+ if (diff->usecs < time2->usecs) {
+ diff->secs -= 1;
+ diff->usecs += 1000000;
+ }
+ diff->usecs = diff->usecs - time2->usecs;
+ } else {
+ diff->secs = time2->secs - time1->secs;
+ diff->usecs = time2->usecs;
+ if (diff->usecs < time1->usecs) {
+ diff->secs -= 1;
+ diff->usecs += 1000000;
+ }
+ diff->usecs = diff->usecs - time1->usecs;
+ past = 1;
+ }
+
+ return past;
+}
diff --git a/src/iperf_time.h b/src/iperf_time.h
new file mode 100644
index 0000000..588ee26
--- /dev/null
+++ b/src/iperf_time.h
@@ -0,0 +1,49 @@
+/*
+ * iperf, Copyright (c) 2014-2018, The Regents of the University of
+ * California, through Lawrence Berkeley National Laboratory (subject
+ * to receipt of any required approvals from the U.S. Dept. of
+ * Energy). All rights reserved.
+ *
+ * If you have questions about your rights to use or distribute this
+ * software, please contact Berkeley Lab's Technology Transfer
+ * Department at TTD@lbl.gov.
+ *
+ * NOTICE. This software is owned by the U.S. Department of Energy.
+ * As such, the U.S. Government has been granted for itself and others
+ * acting on its behalf a paid-up, nonexclusive, irrevocable,
+ * worldwide license in the Software to reproduce, prepare derivative
+ * works, and perform publicly and display publicly. Beginning five
+ * (5) years after the date permission to assert copyright is obtained
+ * from the U.S. Department of Energy, and subject to any subsequent
+ * five (5) year renewals, the U.S. Government is granted for itself
+ * and others acting on its behalf a paid-up, nonexclusive,
+ * irrevocable, worldwide license in the Software to reproduce,
+ * prepare derivative works, distribute copies to the public, perform
+ * publicly and display publicly, and to permit others to do so.
+ *
+ * This code is distributed under a BSD style license, see the LICENSE
+ * file for complete information.
+ */
+#ifndef __IPERF_TIME_H
+#define __IPERF_TIME_H
+
+#include <stdint.h>
+
+struct iperf_time {
+ uint32_t secs;
+ uint32_t usecs;
+};
+
+int iperf_time_now(struct iperf_time *time1);
+
+void iperf_time_add_usecs(struct iperf_time *time1, uint64_t usecs);
+
+int iperf_time_compare(struct iperf_time *time1, struct iperf_time *time2);
+
+int iperf_time_diff(struct iperf_time *time1, struct iperf_time *time2, struct iperf_time *diff);
+
+uint64_t iperf_time_in_usecs(struct iperf_time *time);
+
+double iperf_time_in_secs(struct iperf_time *time);
+
+#endif
diff --git a/src/iperf.h b/src/iperf.h
index f55994f..f137b07 100755
--- a/src/iperf.h
+++ b/src/iperf.h
@@ -61,6 +61,7 @@
#include "timer.h"
#include "queue.h"
#include "cjson.h"
+#include "iperf_time.h"
typedef uint64_t iperf_size_t;
diff --git a/src/net.c b/src/net.c
index fd525ee..8804a39 100644
--- a/src/net.c
+++ b/src/net.c
@@ -60,10 +60,14 @@
#include <poll.h>
#endif /* HAVE_POLL_H */
+#include "iperf.h"
#include "iperf_util.h"
#include "net.h"
#include "timer.h"
+static int nread_read_timeout = 10;
+static int nread_overall_timeout = 30;
+
/*
* timeout_connect adapted from netcat, via OpenBSD and FreeBSD
* Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
@@ -313,6 +317,32 @@ Nread(int fd, char *buf, size_t count, int prot)
{
register ssize_t r;
register size_t nleft = count;
+ struct iperf_time ftimeout = { 0, 0 };
+
+ fd_set rfdset;
+ struct timeval timeout = { nread_read_timeout, 0 };
+
+ /*
+ * fd might not be ready for reading on entry. Check for this
+ * (with timeout) first.
+ *
+ * This check could go inside the while() loop below, except we're
+ * currently considering whether it might make sense to support a
+ * codepath that bypassese this check, for situations where we
+ * already know that fd has data on it (for example if we'd gotten
+ * to here as the result of a select() call.
+ */
+ {
+ FD_ZERO(&rfdset);
+ FD_SET(fd, &rfdset);
+ r = select(fd + 1, &rfdset, NULL, NULL, &timeout);
+ if (r < 0) {
+ return NET_HARDERROR;
+ }
+ if (r == 0) {
+ return 0;
+ }
+ }
while (nleft > 0) {
r = read(fd, buf, nleft);
@@ -326,6 +356,39 @@ Nread(int fd, char *buf, size_t count, int prot)
nleft -= r;
buf += r;
+
+ /*
+ * We need some more bytes but don't want to wait around
+ * forever for them. In the case of partial results, we need
+ * to be able to read some bytes every nread_timeout seconds.
+ */
+ if (nleft > 0) {
+ struct iperf_time now;
+
+ /*
+ * Also, we have an approximate upper limit for the total time
+ * that a Nread call is supposed to take. We trade off accuracy
+ * of this timeout for a hopefully lower performance impact.
+ */
+ iperf_time_now(&now);
+ if (ftimeout.secs == 0) {
+ ftimeout = now;
+ iperf_time_add_usecs(&ftimeout, nread_overall_timeout * 1000000L);
+ }
+ if (iperf_time_compare(&ftimeout, &now) < 0) {
+ break;
+ }
+
+ FD_ZERO(&rfdset);
+ FD_SET(fd, &rfdset);
+ r = select(fd + 1, &rfdset, NULL, NULL, &timeout);
+ if (r < 0) {
+ return NET_HARDERROR;
+ }
+ if (r == 0) {
+ break;
+ }
+ }
}
return count - nleft;
}
diff --git a/src/Makefile.am b/src/Makefile.am
index 9184e84..1c24b62 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -21,6 +21,8 @@ libiperf_la_SOURCES = \
iperf_server_api.c \
iperf_tcp.c \
iperf_tcp.h \
+ iperf_time.c \
+ iperf_time.h \
iperf_udp.c \
iperf_udp.h \
iperf_sctp.c \
diff --git a/src/Makefile.in b/src/Makefile.in
index 714f601..6e75194 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -142,7 +142,8 @@ libiperf_la_LIBADD =
am_libiperf_la_OBJECTS = cjson.lo iperf_api.lo iperf_error.lo \
iperf_auth.lo iperf_client_api.lo iperf_locale.lo \
iperf_server_api.lo iperf_tcp.lo iperf_udp.lo iperf_sctp.lo \
- iperf_util.lo dscp.lo net.lo tcp_info.lo timer.lo units.lo
+ iperf_util.lo iperf_time.lo dscp.lo net.lo tcp_info.lo \
+ timer.lo units.lo
libiperf_la_OBJECTS = $(am_libiperf_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -165,6 +166,7 @@ am__objects_1 = iperf3_profile-cjson.$(OBJEXT) \
iperf3_profile-iperf_udp.$(OBJEXT) \
iperf3_profile-iperf_sctp.$(OBJEXT) \
iperf3_profile-iperf_util.$(OBJEXT) \
+ iperf3_profile-iperf_time.$(OBJEXT) \
iperf3_profile-dscp.$(OBJEXT) iperf3_profile-net.$(OBJEXT) \
iperf3_profile-tcp_info.$(OBJEXT) \
iperf3_profile-timer.$(OBJEXT) iperf3_profile-units.$(OBJEXT)
@@ -220,6 +222,7 @@ am__depfiles_remade = ./$(DEPDIR)/cjson.Plo ./$(DEPDIR)/dscp.Plo \
./$(DEPDIR)/iperf3_profile-iperf_sctp.Po \
./$(DEPDIR)/iperf3_profile-iperf_server_api.Po \
./$(DEPDIR)/iperf3_profile-iperf_tcp.Po \
+ ./$(DEPDIR)/iperf3_profile-iperf_time.Po \
./$(DEPDIR)/iperf3_profile-iperf_udp.Po \
./$(DEPDIR)/iperf3_profile-iperf_util.Po \
./$(DEPDIR)/iperf3_profile-main.Po \
@@ -230,11 +233,12 @@ am__depfiles_remade = ./$(DEPDIR)/cjson.Plo ./$(DEPDIR)/dscp.Plo \
./$(DEPDIR)/iperf_auth.Plo ./$(DEPDIR)/iperf_client_api.Plo \
./$(DEPDIR)/iperf_error.Plo ./$(DEPDIR)/iperf_locale.Plo \
./$(DEPDIR)/iperf_sctp.Plo ./$(DEPDIR)/iperf_server_api.Plo \
- ./$(DEPDIR)/iperf_tcp.Plo ./$(DEPDIR)/iperf_udp.Plo \
- ./$(DEPDIR)/iperf_util.Plo ./$(DEPDIR)/net.Plo \
- ./$(DEPDIR)/t_timer-t_timer.Po ./$(DEPDIR)/t_units-t_units.Po \
- ./$(DEPDIR)/t_uuid-t_uuid.Po ./$(DEPDIR)/tcp_info.Plo \
- ./$(DEPDIR)/timer.Plo ./$(DEPDIR)/units.Plo
+ ./$(DEPDIR)/iperf_tcp.Plo ./$(DEPDIR)/iperf_time.Plo \
+ ./$(DEPDIR)/iperf_udp.Plo ./$(DEPDIR)/iperf_util.Plo \
+ ./$(DEPDIR)/net.Plo ./$(DEPDIR)/t_timer-t_timer.Po \
+ ./$(DEPDIR)/t_units-t_units.Po ./$(DEPDIR)/t_uuid-t_uuid.Po \
+ ./$(DEPDIR)/tcp_info.Plo ./$(DEPDIR)/timer.Plo \
+ ./$(DEPDIR)/units.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -613,6 +613,8 @@ libiperf_la_SOURCES = \
iperf_server_api.c \
iperf_tcp.c \
iperf_tcp.h \
+ iperf_time.c \
+ iperf_time.h \
iperf_udp.c \
iperf_udp.h \
iperf_sctp.c \
@@ -850,6 +854,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf3_profile-iperf_sctp.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf3_profile-iperf_server_api.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf3_profile-iperf_tcp.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf3_profile-iperf_time.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf3_profile-iperf_udp.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf3_profile-iperf_util.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf3_profile-main.Po@am__quote@ # am--include-marker
@@ -865,6 +870,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf_sctp.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf_server_api.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf_tcp.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf_time.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf_udp.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iperf_util.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/net.Plo@am__quote@ # am--include-marker
@@ -1084,6 +1090,20 @@ iperf3_profile-iperf_util.obj: iperf_util.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iperf3_profile_CFLAGS) $(CFLAGS) -c -o iperf3_profile-iperf_util.obj `if test -f 'iperf_util.c'; then $(CYGPATH_W) 'iperf_util.c'; else $(CYGPATH_W) '$(srcdir)/iperf_util.c'; fi`
+iperf3_profile-iperf_time.o: iperf_time.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iperf3_profile_CFLAGS) $(CFLAGS) -MT iperf3_profile-iperf_time.o -MD -MP -MF $(DEPDIR)/iperf3_profile-iperf_time.Tpo -c -o iperf3_profile-iperf_time.o `test -f 'iperf_time.c' || echo '$(srcdir)/'`iperf_time.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/iperf3_profile-iperf_time.Tpo $(DEPDIR)/iperf3_profile-iperf_time.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='iperf_time.c' object='iperf3_profile-iperf_time.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iperf3_profile_CFLAGS) $(CFLAGS) -c -o iperf3_profile-iperf_time.o `test -f 'iperf_time.c' || echo '$(srcdir)/'`iperf_time.c
+
+iperf3_profile-iperf_time.obj: iperf_time.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iperf3_profile_CFLAGS) $(CFLAGS) -MT iperf3_profile-iperf_time.obj -MD -MP -MF $(DEPDIR)/iperf3_profile-iperf_time.Tpo -c -o iperf3_profile-iperf_time.obj `if test -f 'iperf_time.c'; then $(CYGPATH_W) 'iperf_time.c'; else $(CYGPATH_W) '$(srcdir)/iperf_time.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/iperf3_profile-iperf_time.Tpo $(DEPDIR)/iperf3_profile-iperf_time.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='iperf_time.c' object='iperf3_profile-iperf_time.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iperf3_profile_CFLAGS) $(CFLAGS) -c -o iperf3_profile-iperf_time.obj `if test -f 'iperf_time.c'; then $(CYGPATH_W) 'iperf_time.c'; else $(CYGPATH_W) '$(srcdir)/iperf_time.c'; fi`
+
iperf3_profile-dscp.o: dscp.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(iperf3_profile_CFLAGS) $(CFLAGS) -MT iperf3_profile-dscp.o -MD -MP -MF $(DEPDIR)/iperf3_profile-dscp.Tpo -c -o iperf3_profile-dscp.o `test -f 'dscp.c' || echo '$(srcdir)/'`dscp.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/iperf3_profile-dscp.Tpo $(DEPDIR)/iperf3_profile-dscp.Po
@@ -1634,6 +1654,7 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_sctp.Po
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_server_api.Po
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_tcp.Po
+ -rm -f ./$(DEPDIR)/iperf3_profile-iperf_time.Po
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_udp.Po
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_util.Po
-rm -f ./$(DEPDIR)/iperf3_profile-main.Po
@@ -1649,6 +1670,7 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/iperf_sctp.Plo
-rm -f ./$(DEPDIR)/iperf_server_api.Plo
-rm -f ./$(DEPDIR)/iperf_tcp.Plo
+ -rm -f ./$(DEPDIR)/iperf_time.Plo
-rm -f ./$(DEPDIR)/iperf_udp.Plo
-rm -f ./$(DEPDIR)/iperf_util.Plo
-rm -f ./$(DEPDIR)/net.Plo
@@ -1716,6 +1738,7 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_sctp.Po
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_server_api.Po
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_tcp.Po
+ -rm -f ./$(DEPDIR)/iperf3_profile-iperf_time.Po
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_udp.Po
-rm -f ./$(DEPDIR)/iperf3_profile-iperf_util.Po
-rm -f ./$(DEPDIR)/iperf3_profile-main.Po
@@ -1731,6 +1754,7 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/iperf_sctp.Plo
-rm -f ./$(DEPDIR)/iperf_server_api.Plo
-rm -f ./$(DEPDIR)/iperf_tcp.Plo
+ -rm -f ./$(DEPDIR)/iperf_time.Plo
-rm -f ./$(DEPDIR)/iperf_udp.Plo
-rm -f ./$(DEPDIR)/iperf_util.Plo
-rm -f ./$(DEPDIR)/net.Plo

8
iperf3.spec
View File

@ -1,6 +1,6 @@
Name: iperf3
Version: 3.5
Release: 8%{?dist}
Release: 9%{?dist}
Summary: Measurement tool for TCP/UDP bandwidth performance
Group: Applications/Internet
@ -13,7 +13,8 @@ BuildRequires: openssl-devel
Patch0002: 0002-udp-counters-manpage.patch
Patch0003: 0003-covscan-sctp.patch
Patch0004: cve-2023-38403.patch
Patch0004: 0004-cve-2023-38403.patch
Patch0005: 0005-cve-2023-7250.patch
%description
Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of
@ -61,6 +62,9 @@ rm -f %{buildroot}%{_libdir}/libiperf.la
%{_libdir}/*.so
%changelog
* Tue Jun 04 2024 Michal Ruprich <mruprich@redhat.com> - 3.5-9
- Resolves: RHEL-17069 - possible denial of service
* Fri Jul 28 2023 Michal Ruprich <mruprich@redhat.com> - 3.5-8
- Related: #2222205 - bumping nvr for correct update path