6 changed files with 102 additions and 120 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/iperf-3.5.tar.gz
+SOURCES/3.9.tar.gz
--- a/.iperf3.metadata
+++ b/.iperf3.metadata
@ -1 +1 @@
-b255fe0905159bcfe2578e4774ab3091f69f898f SOURCES/iperf-3.5.tar.gz
+52c9e7668d7cd371e5dabf187aab3123d0550145 SOURCES/3.9.tar.gz
--- a/SOURCES/0002-udp-counters-manpage.patch
+++ b/SOURCES/0002-udp-counters-manpage.patch
@ -1,18 +0,0 @@
-diff --git a/src/iperf3.1 b/src/iperf3.1
-index 05483a9..35a0873 100644
--- a/src/iperf3.1
-+++ b/src/iperf3.1
-@@ -329,6 +329,13 @@ If the client is run with \fB--json\fR, the server output is included
- in a JSON object; otherwise it is appended at the bottom of the
- human-readable output.
- .TP
-+.BR --udp-counters-64bit
-+Use 64-bit counters in UDP test packets.
-+The use of this option can help prevent counter overflows during long
-+or high-bitrate UDP tests.  Both client and server need to be running
-+at least version 3.1 for this option to work.  It may become the
-+default behavior at some point in the future.
-+.TP
- .BR --username " \fIusername\fR" 
- username to use for authentication to the iperf server (if built with
- OpenSSL support).
--- a/SOURCES/0003-covscan-sctp.patch
+++ b/SOURCES/0003-covscan-sctp.patch
@ -1,69 +0,0 @@
-diff --git a/src/iperf_sctp.c b/src/iperf_sctp.c
-index a0869a3..13f5cdf 100644
--- a/src/iperf_sctp.c
-+++ b/src/iperf_sctp.c
-@@ -130,12 +130,14 @@ iperf_sctp_accept(struct iperf_test * test)
- 
-     if (Nread(s, cookie, COOKIE_SIZE, Psctp) < 0) {
-         i_errno = IERECVCOOKIE;
-+        close(s);
-         return -1;
-     }
- 
-    if (strcmp(test->cookie, cookie) != 0) {
-+    if (strncmp(test->cookie, cookie, COOKIE_SIZE) != 0) {
-         if (Nwrite(s, (char*) &rbuf, sizeof(rbuf), Psctp) < 0) {
-             i_errno = IESENDMESSAGE;
-+            close(s);
-             return -1;
-         }
-         close(s);
-@@ -209,9 +211,11 @@ iperf_sctp_listen(struct iperf_test *test)
- 
-     /* servers must call sctp_bindx() _instead_ of bind() */
-     if (!TAILQ_EMPTY(&test->xbind_addrs)) {
-        freeaddrinfo(res);
-        if (iperf_sctp_bindx(test, s, IPERF_SCTP_SERVER))
-+        if (iperf_sctp_bindx(test, s, IPERF_SCTP_SERVER)) {
-+            close(s);
-+            freeaddrinfo(res);
-             return -1;
-+		}
-     } else
-     if (bind(s, (struct sockaddr *) res->ai_addr, res->ai_addrlen) < 0) {
-         saved_errno = errno;
-@@ -422,8 +426,11 @@ iperf_sctp_connect(struct iperf_test *test)
- 
-     /* clients must call bind() followed by sctp_bindx() before connect() */
-     if (!TAILQ_EMPTY(&test->xbind_addrs)) {
-        if (iperf_sctp_bindx(test, s, IPERF_SCTP_CLIENT))
-+        if (iperf_sctp_bindx(test, s, IPERF_SCTP_CLIENT)) {
-+            freeaddrinfo(server_res);
-+            close(s);
-             return -1;
-+        }
-     }
- 
-     /* TODO support sctp_connectx() to avoid heartbeating. */
-@@ -435,12 +442,12 @@ iperf_sctp_connect(struct iperf_test *test)
-         i_errno = IESTREAMCONNECT;
-         return -1;
-     }
-    freeaddrinfo(server_res);
- 
-     /* Send cookie for verification */
-     if (Nwrite(s, test->cookie, COOKIE_SIZE, Psctp) < 0) {
- 	saved_errno = errno;
- 	close(s);
-+   freeaddrinfo(server_res);
- 	errno = saved_errno;
-         i_errno = IESENDCOOKIE;
-         return -1;
-@@ -464,6 +471,7 @@ iperf_sctp_connect(struct iperf_test *test)
-         return -1;
-     }
- 
-+    freeaddrinfo(server_res);
-     return s;
- #else
-     i_errno = IENOSCTP;
--- a/SOURCES/cve-2023-38403.patch
+++ b/SOURCES/cve-2023-38403.patch
@ -0,0 +1,44 @@
+From 41f5129d402bcd14ec4d2cde875203ab51076352 Mon Sep 17 00:00:00 2001
+From: "Bruce A. Mah" <bmah@es.net>
+Date: Fri, 7 Jul 2023 11:03:43 -0700
+Subject: [PATCH] Fix memory allocation hazard (#1542).
+
+Reported by:	@someusername123 on GitHub
+---
+ src/iperf_api.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/iperf_api.c b/src/iperf_api.c
+index f2d416214..a95e02418 100644
+--- a/src/iperf_api.c
+++ b/src/iperf_api.c
+@@ -2670,6 +2670,7 @@ static cJSON *
+ JSON_read(int fd)
+ {
+     uint32_t hsize, nsize;
+    size_t strsize;
+     char *str;
+     cJSON *json = NULL;
+     int rc;
+@@ -2682,7 +2683,9 @@ JSON_read(int fd)
+     if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) {
+ 	hsize = ntohl(nsize);
+ 	/* Allocate a buffer to hold the JSON */
+-	str = (char *) calloc(sizeof(char), hsize+1);	/* +1 for trailing null */
+	strsize = hsize + 1;              /* +1 for trailing NULL */
+	if (strsize) {
+	str = (char *) calloc(sizeof(char), strsize);
+ 	if (str != NULL) {
+ 	    rc = Nread(fd, str, hsize, Ptcp);
+ 	    if (rc >= 0) {
+@@ -2701,6 +2704,10 @@ JSON_read(int fd)
+ 	    }
+ 	}
+ 	free(str);
+	}
+	else {
+	    printf("WARNING:  Data length overflow\n");
+	}
+     }
+     return json;
+ }
--- a/SPECS/iperf3.spec
+++ b/SPECS/iperf3.spec
@ -1,18 +1,18 @@
 Name:           iperf3
-Version:        3.5
-Release:        6%{?dist}
+Version:        3.9
+Release:        9%{?dist}.1.alma
 Summary:        Measurement tool for TCP/UDP bandwidth performance

-Group:          Applications/Internet
 License:        BSD
-URL:            http://github.com/esnet/iperf
-Source0:        http://downloads.es.net/pub/iperf/iperf-%{version}.tar.gz
-BuildRequires:  libuuid-devel git-core gcc make
+URL:            https://github.com/esnet/iperf
+Source0:        https://github.com/esnet/iperf/archive/%{version}.tar.gz
+# https://patch-diff.githubusercontent.com/raw/esnet/iperf/pull/1543.patch
+Patch:          cve-2023-38403.patch
+BuildRequires:  libuuid-devel
+BuildRequires:  gcc
 BuildRequires:  lksctp-tools-devel
 BuildRequires:  openssl-devel
-
-Patch0002:	0002-udp-counters-manpage.patch
-Patch0003:	0003-covscan-sctp.patch
+BuildRequires: make

 %description
 Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of
@ -21,7 +21,6 @@ jitter, data-gram loss.

 %package        devel
 Summary:        Development files for %{name}
-Group:          Development/Libraries
 Requires:       %{name}%{?_isa} = %{version}-%{release}

 %description    devel
@ -29,7 +28,7 @@ The %{name}-devel package contains libraries and header files for
 developing applications that use %{name}.

 %prep
-%autosetup -S git -n iperf-%{version}
+%autosetup -n iperf-%{version} -p1

 %build
 %configure --disable-static
@ -44,41 +43,67 @@ mkdir -p %{buildroot}%{_mandir}/man1
 rm -f %{buildroot}%{_libdir}/libiperf.la

 %files
-%defattr(-,root,root,-)
-%doc README.md LICENSE RELEASE_NOTES
+%doc README.md LICENSE RELNOTES.md
 %{_mandir}/man1/iperf3.1.gz
 %{_mandir}/man3/libiperf.3.gz
 %{_bindir}/iperf3
 %{_libdir}/*.so.*

-%post -p /sbin/ldconfig
-%postun -p /sbin/ldconfig
-
 %files          devel
-%defattr(-,root,root,-)
 %{_includedir}/iperf_api.h
 %{_libdir}/*.so

 %changelog
-* Tue May 05 2020 Michal Ruprich <michalruprich@gmail.com> - 3.5-6
- Related: #1665142 - Fixing a couple of covscan issues
+* Tue Jul 18 2023 Jonathan Wright <jonathan@almalinux.org> - 3.9-9.1.alma
+- Fix CVE-2023-38403

-* Fri Mar 13 2020 Michal Ruprich <michalruprich@gmail.com> - 3.5-5
- Related: #1665142 - Removing patch that deletes sctp from manpage
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.9-9
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688

-* Mon Mar 09 2020 Michal Ruprich <mruprich@redhat.com> - 3.5-4
- Resolves: #1665142 - [RFE] enable SCTP support in iperf3
- Resolves: #1656429 - option --udp-counters-64bit shown in --help output but not in man page
- Resolves: #1700497 - [RFE] enable SSL support in iperf3
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.9-8
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065

-* Sun Dec 16 2018 Michal Ruprich <mruprich@redhat.com> - 3.5-3
- Related: #1647413 - Removing nstreams and xbind from man since these are SCTP-related options
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.9-7
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

-* Thu Nov 22 2018 Michal Ruprich <mruprich@redhat.com> - 3.5-2
- Related: #1647413 - adding some BuildRequires
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

-* Thu Nov 22 2018 Michal Ruprich <mruprich@redhat.com> - 3.5-2
- Resolves: #1647413 - iperf3 with option --sctp in client mode fails with error 'iperf3: unrecognized option --sctp'
+* Sat Oct 31 2020 Kevin Fenzi <kevin@scrye.com> - 3.9-5
+- Update to 3.9. Fixes bug #1846161
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.7-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Feb 19 2020 Michal Ruprich <mruprich@redhat.com> - 3.7-4
+- Add openssl-devel to BuildRequires to enable authentization of client
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Jun 22 2019 Kevin Fenzi <kevin@scrye.com> - 3.7-1
+- Update to 3.7. Fixes bug #1723020
+
+* Tue Feb 26 2019 Tomas Korbar <tkorbar@redhat.com> - 3.6-5
+- Add lksctp-tools-devel to BuildRequires
+- Fix bug #1647385
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 20 2018 Kevin Fenzi <kevin@scrye.com> - 3.6-3
+- Fix FTBFS bug #1604377 by adding BuildRequires: gcc
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Jun 28 2018 Kevin Fenzi <kevin@scrye.com> - 3.6-1
+- Update to 3.6. Fixes bug #1594995

 * Sat Mar 03 2018 Kevin Fenzi <kevin@scrye.com> - 3.5-1
 - Update to 3.5. Fixes bug #1551166