From 47f0e826395b82ba4ca1e3a9a4e9fe76d45d4d47 Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 3 Nov 2025 07:12:01 +0000 Subject: [PATCH] net-misc/iperf: Sync with Gentoo It's from Gentoo commit 2131a43750682b20cac0ac095a0f5173956b75c6. Signed-off-by: Flatcar Buildbot --- .../portage-stable/net-misc/iperf/Manifest | 3 - .../iperf/files/iperf-2.0.12-ipv6.patch | 23 -- .../net-misc/iperf/files/iperf-2.0.14a.patch | 132 ---------- .../iperf/files/iperf-3.17.1-c23.patch | 58 ---- .../files/iperf-3.19.1-openssl-3.5.3.patch | 247 ++++++++++++++++++ .../net-misc/iperf/iperf-2.0.14a.ebuild | 42 --- .../net-misc/iperf/iperf-3.18.ebuild | 54 ---- ...erf-3.19.ebuild => iperf-3.19.1-r1.ebuild} | 7 +- 8 files changed, 251 insertions(+), 315 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-2.0.12-ipv6.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-2.0.14a.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-3.17.1-c23.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-3.19.1-openssl-3.5.3.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-2.0.14a.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.18.ebuild rename sdk_container/src/third_party/portage-stable/net-misc/iperf/{iperf-3.19.ebuild => iperf-3.19.1-r1.ebuild} (74%) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/iperf/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/iperf/Manifest index e2a566d9c9..3d405159a0 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/iperf/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-misc/iperf/Manifest @@ -1,5 +1,2 @@ -DIST iperf-2.0.13.tar.gz 326148 BLAKE2B 2a40aea9e2d7fdc935b91be5e4e586bf68dd27604375d2570570145e5db1ea5837469a4989f47586986932bef33cba05ed19ed3a9ce40c0a5531581c6d3ba982 SHA512 40fcfb8f4d27887f53a743ac07396511fb2a7ac59f4b300fe36896bd0241e191945fa253705990711772ee776d5e4227ed62760fc92abebdfebcedd11c27c0ea DIST iperf-2.2.1.tar.gz 509514 BLAKE2B 9075df9513e98beeaed5c2f6799f62f72fbfd8fc63696674018b7435dae87d5edeca3fb0541775c37c188bd61bd8394c3125a8a8c07e0c4ba1c2efa86a602404 SHA512 07a08afe647e87939e05c9cd55601ca1227c91f44ef32fdf305a0e15e524d1de29d38e9a3f66253d7308585224e54db395d7dec654d31eea746f45c6947ebc2a -DIST iperf-3.18.tar.gz 688037 BLAKE2B 64272ab8288cb217603d4fa438bc547967baa964bc518c91f9f1f1c85d9a0a9a7ca5b4c558b3e2c68507c1cb76b40592fd9a80f0bb4cc8a1716e029b32289276 SHA512 a458292c34c29a60cce60eb6be4afd15220d4cf29f225a1c1be9ec8ef86baa85fa4e174e747cacfa5711c6957ad16d448c2d3d4029b6bfd58db9c39269f30caa DIST iperf-3.19.1.tar.gz 698445 BLAKE2B fae065d3e8131c072bd70666c87067c85b2ea56fcee70197bea1d5b82266b1d2f4dbb9318b566fdd4add08776dadb1feebe9915108531d3af9e13a777e2b60e7 SHA512 7239eddf55197c45aa751d05b6518a0782ec4f2ce4d9b4246b74c41dc21077102f3f5cc3359129c32c6842d482f4a9557a92ab84d96e0a9c7063052c9cbed4f6 -DIST iperf-3.19.tar.gz 694741 BLAKE2B b6f5e9bdef5ee3fc38bef893144bc6ad003ccbc7b3db4793dbd2aec5998faa55cac215a0db06ab37729dc1c05787ebacbf09db8a6e6517f82492a6c67ec3d9e6 SHA512 f0631cd1158a90dc402fa30563e6f26dbdbc5d5b0665bed25248f9153118f55296913abeb89bf0b1db760ca2c68f60e0c9cf2df82aa096318ca618ca09176388 diff --git a/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-2.0.12-ipv6.patch b/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-2.0.12-ipv6.patch deleted file mode 100644 index cd189f6210..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-2.0.12-ipv6.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- a/src/Listener.cpp -+++ b/src/Listener.cpp -@@ -670,6 +670,7 @@ - - // Now optimize packet flow up the raw socket - // Establish the flow BPF to forward up only "connected" packets to this raw socket -+#ifdef HAVE_IPV6 - if (l->sa_family == AF_INET6) { - struct in6_addr *v6peer = SockAddr_get_in6_addr(&server->peer); - struct in6_addr *v6local = SockAddr_get_in6_addr(&server->local); -@@ -682,9 +683,12 @@ - WARN_errno( rc == SOCKET_ERROR, "l2 v4in6 connect ip bpf"); - } - } else { -+#endif - rc = SockAddr_v4_Connect_BPF(server->mSock, ((struct sockaddr_in *)(l))->sin_addr.s_addr, ((struct sockaddr_in *)(p))->sin_addr.s_addr, ((struct sockaddr_in *)(l))->sin_port, ((struct sockaddr_in *)(p))->sin_port); - WARN_errno( rc == SOCKET_ERROR, "l2 connect ip bpf"); -+#ifdef HAVE_IPV6 - } -+#endif - if (rc < 0) - return -1; - else diff --git a/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-2.0.14a.patch b/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-2.0.14a.patch deleted file mode 100644 index 07fbd0c96b..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-2.0.14a.patch +++ /dev/null @@ -1,132 +0,0 @@ -commit 12254fa398e627949af923afd0d48cd9b814f0a0 -Author: rmcmahon -Date: Tue Jan 29 23:11:18 2019 -0800 - - new version 2.0.14a, fix for -P w/server and summing - -diff --git a/configure b/configure -index f1a9983..706e7a3 100755 ---- a/configure -+++ b/configure -@@ -1,6 +1,6 @@ - #! /bin/sh - # Guess values for system-dependent variables and create Makefiles. --# Generated by GNU Autoconf 2.69 for Iperf 2.0.13. -+# Generated by GNU Autoconf 2.69 for Iperf 2.0.14a. - # - # - # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. -@@ -577,8 +577,8 @@ MAKEFLAGS= - # Identity of this package. - PACKAGE_NAME='Iperf' - PACKAGE_TARNAME='iperf' --PACKAGE_VERSION='2.0.13' --PACKAGE_STRING='Iperf 2.0.13' -+PACKAGE_VERSION='2.0.14a' -+PACKAGE_STRING='Iperf 2.0.14a' - PACKAGE_BUGREPORT='' - PACKAGE_URL='' - -@@ -1313,7 +1313,7 @@ if test "$ac_init_help" = "long"; then - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat <<_ACEOF --\`configure' configures Iperf 2.0.13 to adapt to many kinds of systems. -+\`configure' configures Iperf 2.0.14a to adapt to many kinds of systems. - - Usage: $0 [OPTION]... [VAR=VALUE]... - -@@ -1383,7 +1383,7 @@ fi - - if test -n "$ac_init_help"; then - case $ac_init_help in -- short | recursive ) echo "Configuration of Iperf 2.0.13:";; -+ short | recursive ) echo "Configuration of Iperf 2.0.14a:";; - esac - cat <<\_ACEOF - -@@ -1493,7 +1493,7 @@ fi - test -n "$ac_init_help" && exit $ac_status - if $ac_init_version; then - cat <<\_ACEOF --Iperf configure 2.0.13 -+Iperf configure 2.0.14a - generated by GNU Autoconf 2.69 - - Copyright (C) 2012 Free Software Foundation, Inc. -@@ -2236,7 +2236,7 @@ cat >config.log <<_ACEOF - This file contains any messages produced by compilers while - running configure, to aid debugging if configure makes a mistake. - --It was created by Iperf $as_me 2.0.13, which was -+It was created by Iperf $as_me 2.0.14a, which was - generated by GNU Autoconf 2.69. Invocation command line was - - $ $0 $@ -@@ -3101,7 +3101,7 @@ fi - - # Define the identity of the package. - PACKAGE='iperf' -- VERSION='2.0.13' -+ VERSION='2.0.14a' - - - cat >>confdefs.h <<_ACEOF -@@ -8854,7 +8854,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - # report actual input values of CONFIG_FILES etc. instead of their - # values after options handling. - ac_log=" --This file was extended by Iperf $as_me 2.0.13, which was -+This file was extended by Iperf $as_me 2.0.14a, which was - generated by GNU Autoconf 2.69. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES -@@ -8920,7 +8920,7 @@ _ACEOF - cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" - ac_cs_version="\\ --Iperf config.status 2.0.13 -+Iperf config.status 2.0.14a - configured by $0, generated by GNU Autoconf 2.69, - with options \\"\$ac_cs_config\\" - -diff --git a/configure.ac b/configure.ac -index cd3c9a0..4c93328 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -5,7 +5,7 @@ dnl =================================================================== - - - AC_PREREQ(2.59) --AC_INIT(Iperf,2.0.13) -+AC_INIT(Iperf,2.0.14a) - AC_CONFIG_HEADER([config.h]) - AM_INIT_AUTOMAKE() - -diff --git a/include/version.h b/include/version.h -index 87279a7..d6f9d89 100644 ---- a/include/version.h -+++ b/include/version.h -@@ -1,4 +1,4 @@ --#define IPERF_VERSION "2.0.13" --#define IPERF_VERSION_DATE "21 Jan 2019" -+#define IPERF_VERSION "2.0.14a" -+#define IPERF_VERSION_DATE "29 Jan 2019" - #define IPERF_VERSION_MAJORHEX 0x00020000 --#define IPERF_VERSION_MINORHEX 0x000D0003 -+#define IPERF_VERSION_MINORHEX 0x000E0000 -diff --git a/src/Reporter.c b/src/Reporter.c -index 80891aa..d5164ef 100644 ---- a/src/Reporter.c -+++ b/src/Reporter.c -@@ -151,7 +151,9 @@ MultiHeader* InitMulti( thread_Settings *agent, int inID) { - memset( multihdr, 0, sizeof(MultiHeader) ); - Condition_Initialize( &multihdr->barrier ); - multihdr->groupID = inID; -- multihdr->threads = agent->mThreads; -+ if (agent->mThreadMode == kMode_Client) { -+ multihdr->threads = agent->mThreads; -+ } - if ( isMultipleReport( agent ) ) { - int i; - ReporterData *data = NULL; diff --git a/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-3.17.1-c23.patch b/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-3.17.1-c23.patch deleted file mode 100644 index 80c432156f..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-3.17.1-c23.patch +++ /dev/null @@ -1,58 +0,0 @@ -https://bugs.gentoo.org/944381 -https://github.com/esnet/iperf/pull/1805 - -From beadb59b90e8d3339d31f9f15525108072fde135 Mon Sep 17 00:00:00 2001 -From: Rudi Heitbaum -Date: Mon, 9 Dec 2024 10:13:02 +0000 -Subject: [PATCH] fix build with gcc-15 - ---- a/src/iperf_api.c -+++ b/src/iperf_api.c -@@ -603,25 +603,25 @@ iperf_set_mapped_v4(struct iperf_test *ipt, const int val) - } - - void --iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)()) -+iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)(struct iperf_stream *)) - { - ipt->on_new_stream = callback; - } - - void --iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)()) -+iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)) - { - ipt->on_test_start = callback; - } - - void --iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)()) -+iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)) - { - ipt->on_connect = callback; - } - - void --iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)()) -+iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)) - { - ipt->on_test_finish = callback; - } ---- a/src/iperf_api.h -+++ b/src/iperf_api.h -@@ -213,10 +213,10 @@ void iperf_set_dont_fragment( struct iperf_test* ipt, int dont_fragment ); - void iperf_set_test_congestion_control(struct iperf_test* ipt, char* cc); - void iperf_set_test_mss(struct iperf_test* ipt, int mss); - void iperf_set_mapped_v4(struct iperf_test* ipt, const int val); --void iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)()); --void iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)()); --void iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)()); --void iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)()); -+void iperf_set_on_new_stream_callback(struct iperf_test* ipt, void (*callback)(struct iperf_stream *)); -+void iperf_set_on_test_start_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)); -+void iperf_set_on_test_connect_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)); -+void iperf_set_on_test_finish_callback(struct iperf_test* ipt, void (*callback)(struct iperf_test *)); - - #if defined(HAVE_SSL) - void iperf_set_test_client_username(struct iperf_test *ipt, const char *client_username); - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-3.19.1-openssl-3.5.3.patch b/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-3.19.1-openssl-3.5.3.patch new file mode 100644 index 0000000000..5c6bd671d7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/iperf/files/iperf-3.19.1-openssl-3.5.3.patch @@ -0,0 +1,247 @@ +https://bugs.gentoo.org/963583 +https://github.com/esnet/iperf/issues/1951 +https://github.com/esnet/iperf/pull/1956 + +From aab262afe1770b55bb865fd4dad2d5e737c758a6 Mon Sep 17 00:00:00 2001 +From: Michael Lowman +Date: Wed, 8 Oct 2025 22:40:07 +0200 +Subject: [PATCH 1/5] Set output buffer size prior to encrypt operation + +When calling EVP_PKEY_encrypt with a non-null output buffer, +the output buffer length must be provided. Attempts to write +beyond this length will fail. +--- + src/iperf_auth.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/iperf_auth.c b/src/iperf_auth.c +index eda015099..774e1b701 100644 +--- a/src/iperf_auth.c ++++ b/src/iperf_auth.c +@@ -252,6 +252,7 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch + #endif + rsa_buffer = OPENSSL_malloc(keysize * 2); + *encryptedtext = (unsigned char*)OPENSSL_malloc(keysize); ++ encryptedtext_len = keysize; + + BIO *bioBuff = BIO_new_mem_buf((void*)plaintext, (int)strlen(plaintext)); + rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2); + +From 00840604c85c598f7aaeffd21db0c62472d8ab34 Mon Sep 17 00:00:00 2001 +From: Michael Lowman +Date: Wed, 8 Oct 2025 22:29:12 +0200 +Subject: [PATCH 2/5] Rename keysize to output_buffer_len + +This more accurately represents the meaning; it is the minimum +buffer allocation necessary for an encrypt or decrypt operation +to succeed. This is the same size for both ciphertext and +cleartext, as padding is applied. +--- + src/iperf_auth.c | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/src/iperf_auth.c b/src/iperf_auth.c +index 774e1b701..ea516904f 100644 +--- a/src/iperf_auth.c ++++ b/src/iperf_auth.c +@@ -236,26 +236,26 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch + #endif + unsigned char *rsa_buffer = NULL; + size_t encryptedtext_len = 0; +- int rsa_buffer_len, keysize; ++ int rsa_buffer_len, output_buffer_len; + + #if OPENSSL_VERSION_MAJOR >= 3 + int rc; + ctx = EVP_PKEY_CTX_new_from_pkey(NULL, public_key, ""); + /* See evp_pkey_rsa(7) and provider-keymgmt(7) */ +- rc = EVP_PKEY_get_int_param(public_key, OSSL_PKEY_PARAM_MAX_SIZE, &keysize); /* XXX not really keysize */ ++ rc = EVP_PKEY_get_int_param(public_key, OSSL_PKEY_PARAM_MAX_SIZE, &output_buffer_len); + if (!rc) { + goto errreturn; + } + #else + rsa = EVP_PKEY_get1_RSA(public_key); +- keysize = RSA_size(rsa); ++ output_buffer_len = RSA_size(rsa); + #endif +- rsa_buffer = OPENSSL_malloc(keysize * 2); +- *encryptedtext = (unsigned char*)OPENSSL_malloc(keysize); +- encryptedtext_len = keysize; ++ rsa_buffer = OPENSSL_malloc(output_buffer_len * 2); ++ *encryptedtext = (unsigned char*)OPENSSL_malloc(output_buffer_len); ++ encryptedtext_len = output_buffer_len; + + BIO *bioBuff = BIO_new_mem_buf((void*)plaintext, (int)strlen(plaintext)); +- rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2); ++ rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, output_buffer_len * 2); + + int padding = RSA_PKCS1_OAEP_PADDING; + if (use_pkcs1_padding){ +@@ -295,26 +295,26 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt + #endif + unsigned char *rsa_buffer = NULL; + size_t plaintext_len = 0; +- int rsa_buffer_len, keysize; ++ int rsa_buffer_len, output_buffer_len; + + #if OPENSSL_VERSION_MAJOR >= 3 + int rc; + ctx = EVP_PKEY_CTX_new_from_pkey(NULL, private_key, ""); + /* See evp_pkey_rsa(7) and provider-keymgmt(7) */ +- rc = EVP_PKEY_get_int_param(private_key, OSSL_PKEY_PARAM_MAX_SIZE, &keysize); /* XXX not really keysize */ ++ rc = EVP_PKEY_get_int_param(private_key, OSSL_PKEY_PARAM_MAX_SIZE, &output_buffer_len); + if (!rc) { + goto errreturn; + } + #else + rsa = EVP_PKEY_get1_RSA(private_key); +- keysize = RSA_size(rsa); ++ output_buffer_len = RSA_size(rsa); + #endif +- rsa_buffer = OPENSSL_malloc(keysize * 2); ++ rsa_buffer = OPENSSL_malloc(output_buffer_len * 2); + // Note: +1 for NULL +- *plaintext = (unsigned char*)OPENSSL_malloc(keysize + 1); ++ *plaintext = (unsigned char*)OPENSSL_malloc(output_buffer_len + 1); + + BIO *bioBuff = BIO_new_mem_buf((void*)encryptedtext, encryptedtext_len); +- rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2); ++ rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, output_buffer_len * 2); + + int padding = RSA_PKCS1_OAEP_PADDING; + if (use_pkcs1_padding){ +@@ -322,7 +322,7 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt + } + #if OPENSSL_VERSION_MAJOR >= 3 + +- plaintext_len = keysize; ++ plaintext_len = output_buffer_len; + EVP_PKEY_decrypt_init(ctx); + + ret = EVP_PKEY_CTX_set_rsa_padding(ctx, padding); + +From f30aaa3be199313c079d585f7eaf20a0745186b9 Mon Sep 17 00:00:00 2001 +From: Michael Lowman +Date: Wed, 8 Oct 2025 16:46:20 +0200 +Subject: [PATCH 3/5] Avoid out-of-bounds access when base64 decoding short + strings + +Check the length before reading memory. +--- + src/iperf_auth.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/iperf_auth.c b/src/iperf_auth.c +index ea516904f..eddc5a85f 100644 +--- a/src/iperf_auth.c ++++ b/src/iperf_auth.c +@@ -130,9 +130,9 @@ int Base64Encode(const unsigned char* buffer, const size_t length, char** b64tex + + size_t calcDecodeLength(const char* b64input) { //Calculates the length of a decoded string + size_t len = strlen(b64input), padding = 0; +- if (b64input[len-1] == '=' && b64input[len-2] == '=') //last two chars are = ++ if (len >= 2 && b64input[len-1] == '=' && b64input[len-2] == '=') //last two chars are = + padding = 2; +- else if (b64input[len-1] == '=') //last char is = ++ else if (len >= 1 && b64input[len-1] == '=') //last char is = + padding = 1; + + return (len*3)/4 - padding; + +From 1cca42a1e77df8fba83ef6340388cad34625087c Mon Sep 17 00:00:00 2001 +From: Michael Lowman +Date: Wed, 8 Oct 2025 17:57:37 +0200 +Subject: [PATCH 4/5] Don't over-allocate followed by partial reads + +We know how much we expect to read; the input buffer +has a defined size. Allocate the exact buffer expected +instead of a larger one with a read expected to return +only partial data. This makes it simpler to follow the +logic and to avoid off-by-one errors. +--- + src/iperf_auth.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/src/iperf_auth.c b/src/iperf_auth.c +index eddc5a85f..d582c615a 100644 +--- a/src/iperf_auth.c ++++ b/src/iperf_auth.c +@@ -235,7 +235,7 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch + RSA *rsa = NULL; + #endif + unsigned char *rsa_buffer = NULL; +- size_t encryptedtext_len = 0; ++ size_t encryptedtext_len = 0, plaintext_len = 0; + int rsa_buffer_len, output_buffer_len; + + #if OPENSSL_VERSION_MAJOR >= 3 +@@ -250,12 +250,13 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch + rsa = EVP_PKEY_get1_RSA(public_key); + output_buffer_len = RSA_size(rsa); + #endif +- rsa_buffer = OPENSSL_malloc(output_buffer_len * 2); ++ plaintext_len = strlen(plaintext); ++ rsa_buffer = OPENSSL_malloc(output_buffer_len); + *encryptedtext = (unsigned char*)OPENSSL_malloc(output_buffer_len); + encryptedtext_len = output_buffer_len; + +- BIO *bioBuff = BIO_new_mem_buf((void*)plaintext, (int)strlen(plaintext)); +- rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, output_buffer_len * 2); ++ BIO *bioBuff = BIO_new_mem_buf((void*)plaintext, (int)plaintext_len); ++ rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, plaintext_len); + + int padding = RSA_PKCS1_OAEP_PADDING; + if (use_pkcs1_padding){ +@@ -309,12 +310,12 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt + rsa = EVP_PKEY_get1_RSA(private_key); + output_buffer_len = RSA_size(rsa); + #endif +- rsa_buffer = OPENSSL_malloc(output_buffer_len * 2); ++ rsa_buffer = OPENSSL_malloc(output_buffer_len); + // Note: +1 for NULL + *plaintext = (unsigned char*)OPENSSL_malloc(output_buffer_len + 1); + + BIO *bioBuff = BIO_new_mem_buf((void*)encryptedtext, encryptedtext_len); +- rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, output_buffer_len * 2); ++ rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, encryptedtext_len); + + int padding = RSA_PKCS1_OAEP_PADDING; + if (use_pkcs1_padding){ + +From 92f288ff6230dbe186e95688c910268f6942e214 Mon Sep 17 00:00:00 2001 +From: Michael Lowman +Date: Wed, 8 Oct 2025 17:58:52 +0200 +Subject: [PATCH 5/5] Add warnings on silent truncation + +Input should not be this long, but makes the expectations +of the code clearer. +--- + src/iperf_auth.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/iperf_auth.c b/src/iperf_auth.c +index d582c615a..4c38fa938 100644 +--- a/src/iperf_auth.c ++++ b/src/iperf_auth.c +@@ -251,6 +251,9 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch + output_buffer_len = RSA_size(rsa); + #endif + plaintext_len = strlen(plaintext); ++ if (plaintext_len > output_buffer_len) { ++ fprintf(stderr, "Plaintext of size %zd truncated to %d; data is lost.\n", plaintext_len, output_buffer_len); ++ } + rsa_buffer = OPENSSL_malloc(output_buffer_len); + *encryptedtext = (unsigned char*)OPENSSL_malloc(output_buffer_len); + encryptedtext_len = output_buffer_len; +@@ -310,6 +313,9 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt + rsa = EVP_PKEY_get1_RSA(private_key); + output_buffer_len = RSA_size(rsa); + #endif ++ if (encryptedtext_len > output_buffer_len) { ++ fprintf(stderr, "Encrypted text of size %d truncated to %d; likely invalid input.\n", encryptedtext_len, output_buffer_len); ++ } + rsa_buffer = OPENSSL_malloc(output_buffer_len); + // Note: +1 for NULL + *plaintext = (unsigned char*)OPENSSL_malloc(output_buffer_len + 1); + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-2.0.14a.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-2.0.14a.ebuild deleted file mode 100644 index 0f31712001..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-2.0.14a.ebuild +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit toolchain-funcs - -DESCRIPTION="Tool to measure IP bandwidth using UDP or TCP" -HOMEPAGE="https://sourceforge.net/projects/iperf2/" -SRC_URI="https://downloads.sourceforge.net/${PN}2/${PN}-2.0.13.tar.gz" -S="${WORKDIR}/${PN}-2.0.13" - -LICENSE="HPND" -SLOT="2" -KEYWORDS="amd64 ~arm ~hppa ppc ppc64 ~riscv ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" -IUSE="ipv6 threads debug" - -DOCS=( INSTALL README ) - -PATCHES=( - "${FILESDIR}"/${PN}-2.0.12-ipv6.patch - "${FILESDIR}"/${P}.patch -) - -src_configure() { - econf \ - $(use_enable debug debuginfo) \ - $(use_enable ipv6) \ - $(use_enable threads) -} - -src_compile() { - emake AR="$(tc-getAR)" -} - -src_install() { - default - - dodoc doc/* - newinitd "${FILESDIR}"/${PN}.initd-r1 ${PN} - newconfd "${FILESDIR}"/${PN}.confd ${PN} -} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.18.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.18.ebuild deleted file mode 100644 index 3c46fad222..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.18.ebuild +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools systemd - -DESCRIPTION="A TCP, UDP, and SCTP network bandwidth measurement tool" -HOMEPAGE="https://github.com/esnet/iperf" -SRC_URI="https://github.com/esnet/iperf/releases/download/${PV}/${P}.tar.gz" - -LICENSE="BSD" -SLOT="3" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" -IUSE="sctp" - -DEPEND=" - >=dev-libs/cJSON-1.7.15 - dev-libs/openssl:= - sctp? ( net-misc/lksctp-tools ) -" -RDEPEND="${DEPEND}" -BDEPEND="virtual/pkgconfig" - -DOCS=( README.md RELNOTES.md ) - -PATCHES=( - "${FILESDIR}"/${PN}-3.10.1-drop-forced-debugging-symbols.patch - "${FILESDIR}"/${PN}-3.18-unbundle-cJSON.patch - "${FILESDIR}"/${PN}-3.17.1-c23.patch -) - -src_prepare() { - default - - # Drop bundled cjson - rm src/cjson.{c,h} || die - - eautoreconf -} - -src_configure() { - econf $(use_with sctp) -} - -src_install() { - default - - newconfd "${FILESDIR}"/iperf.confd iperf3 - newinitd "${FILESDIR}"/iperf3.initd iperf3 - systemd_dounit contrib/iperf3.service - - find "${ED}" -name '*.la' -type f -delete || die -} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.19.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.19.1-r1.ebuild similarity index 74% rename from sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.19.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.19.1-r1.ebuild index 2755d1fa24..fa3e54ce04 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.19.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/iperf/iperf-3.19.1-r1.ebuild @@ -5,13 +5,13 @@ EAPI=8 inherit autotools systemd -DESCRIPTION="A TCP, UDP, and SCTP network bandwidth measurement tool" -HOMEPAGE="https://github.com/esnet/iperf" +DESCRIPTION="TCP, UDP, and SCTP network bandwidth measurement tool" +HOMEPAGE="https://software.es.net/iperf/ https://github.com/esnet/iperf" SRC_URI="https://github.com/esnet/${PN}/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz" LICENSE="BSD" SLOT="3" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" IUSE="sctp" DEPEND=" @@ -27,6 +27,7 @@ DOCS=( README.md RELNOTES.md ) PATCHES=( "${FILESDIR}"/${PN}-3.10.1-drop-forced-debugging-symbols.patch "${FILESDIR}"/${PN}-3.18-unbundle-cJSON.patch + "${FILESDIR}"/${PN}-3.19.1-openssl-3.5.3.patch ) src_prepare() {