|
|
|
|
Changelog for iperf-3.17.1-85.8.i586.rpm :
* Wed May 15 2024 Dirk Müller - update to 3.17.1 (bsc#1224262, CVE-2024-26306): * BREAKING CHANGE: iperf3\'s authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the padding applied to encrypted strings. This change is not backwards compatible with older versions of iperf3 (before 3.17). To restore the older (vulnerable) behavior, and hence backwards-compatibility, use the --use-pkcs1-padding flag. The iperf3 team thanks Hubert Kario from RedHat for reporting this issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695) * iperf3 no longer changes its current working directory in --daemon mode. This results in more predictable behavior with relative paths, in particular finding key and credential files for authentication. (PR#1672) * A new --json-stream option has been added to enable a streaming output format, consisting of a series of JSON objects (for the start of the test, each measurement interval, and the end of the test) separated by newlines (#444, #923, #1098). * UDP tests now work correctly between different endian hosts * The --fq-rate parameter now works for --reverse tests * The statistics reporting interval is now available in the --json start test object (#1663). * A negative time test duration is now properly flagged as an error (IS#1662 / PR#1666). * Wed Dec 27 2023 Dirk Müller - update to 3.16: * Multiple test streams started with -P/--parallel will now be serviced by different threads. This allows iperf3 to take advantage of multiple CPU cores on modern processors, and will generally result in significant throughput increases * OpenSSL 3 is now detected at build time. If OpenSSL 3 is found, various older, deprecated, APIs will not be used. iperf3 will continue to work with OpenSSL 1.1.1. OpenSSL is used as a part of the iperf3 authentication functionality * The authorized users file used by the authentication functionality is now checked for accessibility much earlier during the program startup, as opposed to being checked near the start of a test (Issue #1583, PR #1585). * BREAKING CHANGE: iperf3 now requires pthreads and C atomic variables to compile and run. * Sat Sep 23 2023 Dirk Müller - update to 3.15 (bsc#1215662, ESNET-SECADV-2023-0002): * Several bugs that could allow the iperf3 server to hang waiting for input on the control connection has been fixed (ESnet Software Security Advisory ESNET-SECADV-2023-0002) * A bug that caused garbled output with UDP tests on 32-bit hosts has been fixed (PR #1554, PR #1556). This bug was introduced in iperf-3.14. * A bug in counting UDP messages has been fixed * Thu Jul 20 2023 Dirk Müller - update to 3.14 (bsc#1213430, CVE-2023-38403): * fixes a memory allocation hazard that allowed a remote user to crash an iperf3 process * see https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc * obsoletes CVE-2023-38403.patch in older dists * Tue Mar 07 2023 Dirk Müller - update to 3.13: * Added missing bind_dev getter and setter. * a fix for A resource leak bug in function iperf_create_pidfile (#1443) * doc: Fix copy-and-paste error leading to wrong error message * Fix crash on rcv-timeout with JSON logfile * Sat Dec 03 2022 Dirk Müller - update to 3.12: * cJSON has been updated to version 1.7.15 (#1383). * The --bind % option syntax now works properly (#1360 / * A server-side file descriptor leak with the --logfile option has been fixed (#1369 / #1360 / #1369 / #1389 / #1393). * A bug that caused some large values from TCP_INFO to be misprinted as negative numbers has been fixed (#1372). * Using the -k or -n flags with --reverse no longer leak into future tests (#1363 / #1364). * There are now various debug level options available with the - -debug option. These can be used to adjust the amount of debugging output (#1327). * A new --snd-timeout option has been added to set a termination timeout for idle TCP connections (#1215 / #1282). * iperf3 is slightly more robust to out-of-order packets during UDP connection setup in --reverse mode (#914 / #1123 / #1182 / #1212 / * iperf3 will now use different ports for each direction when the - -cport and --bdir options are set (#1249 / #1259). * The iperf3 server will now exit if it can\'t open its log file * Various help message and output fixes have been made (#1299 / * Various compiler warnings have been fixed (#1211 / #1316). * Operation of bootstrap.sh has been fixed and simplified (#1335 / * Flow label support / compatibility under Linux has been improved * Various minor memory leaks have been fixed (#1332 / #1333). * A getter/setter has been added for the bind_port parameter (--cport option). (#1303, #1305) * Various internal documentation improvements (#1265 / #1285 / #1304). * Thu Mar 03 2022 Michal Svec - update to 3.11: * Update links to Discussions in documentation * Fix DSCP so that TOS = DSCP * 4 (#1162) * Fix --bind-dev for TCP streams (#1153) * Fix interface specification so doesn\'t overlap with IPv6 link-local addresses for -c and -B (#1157, #1180) * Add get/set test_unit_format function declaration to iperf_api.h * Auto adjustment of test-end condition for file transfers (-F), if no end condition is set, it will automatically adjust it to file size in bytes * Exit if idle time expires waiting for a connection in one-off mode (#1187, #1197) * Support zerocopy by reverse mode (#1204) * Update help and manpage text for #1157, support bind device * Consistently print target_bandwidth in JSON start section (#1177) * Test bitrate added to JSON output (#1168) * Remove fsync call after every write to receiving --file (#1176, #1159) * Update documentation for -w (#1175) * Fix for #952, different JSON object names for bidir reverse channel * Mon Jun 07 2021 Michal Svec - update to 3.10.1: * Fixed a problem with autoconf scripts that made builds fail in some environments (#1154 / #1155). * GNU autoconf 2.71 or newer is now required to regenerate iperf3\'s configure scripts. * Mon Jun 07 2021 Michal Svec - update to 3.10: * Fix a bug where some --reverse tests didn\'t terminate (#982 / [#1054]). * Responsiveness of control connections is slightly improved (#1045 / #1046 / #1063). * The allowable clock skew when doing authentication between client and server is now configurable with the new --time-skew-threshold (#1065 / #1070). * Bitrate throttling using the -b option now works when a burst size is specified (#1090). * A bug with calculating CPU utilization has been fixed (#1076 / [#1077]). * A --bind-dev option to support binding sockets to a given network interface has been added to make iperf3 work better with multi-homed machines and/or VRFs (#817 / #1089 / #1097). * --pidfile now works with --client mode (#1110). * The server is now less likely to get stuck due to network errors (#1101, #1125), controlled by the new --rcv-timeout option. * Fixed a few bugs in termination conditions for byte or block-limited tests (#1113, #1114, #1115). * Added tcp_info.snd_wnd to JSON output (#1148). * Some bugs with garbled JSON output have been fixed (#1086, #1118, [#1143] / #1146). * Support for setting the IPv4 don\'t-fragment (DF) bit has been added with the new --dont-fragment option (#1119). * A failure with not being able to read the congestion control algorithm under WSL1 has been fixed (#1061 / #1126). * Error handling and error messages now make more sense in cases where sockets were not successfully opened (#1129 / #1132 / [#1136], #1135 / #1138, #1128 / #1139). * Some buffer overflow hazards were fixed (#1134). * It is now possible to use the API to set/get the congestion control algorithm (#1036 / #1112). * Mon Sep 14 2020 Dirk Mueller - update to 3.9: * A --timestamps flag has been added, which prepends a timestamp to each output line. An optional argument to this flag, which is a format specification to strftime(3), allows for custom timestamp formats (#909, #1028). * A --server-bitrate-limit flag has been added as a server-side command-line argument. It allows a server to enforce a maximum throughput rate; client connections that specify a higher bitrate or exceed this bitrate during a test will be terminated. The bitrate is expressed in bits per second, with an optional trailing slash and integer count that specifies an averaging interval over which to enforce the limit (#999). * A bug that caused increased CPU usage with the --bidir option has been fixed (#1011). * Fixed various minor memory leaks (#1023).
|
|
|