diff --git a/SPECS/iperf3/CVE-2025-54351.patch b/SPECS/iperf3/CVE-2025-54351.patch new file mode 100644 index 00000000000..18d021f9cf1 --- /dev/null +++ b/SPECS/iperf3/CVE-2025-54351.patch @@ -0,0 +1,89 @@ +From c51318216c96ae745499c75d42d2399f8b3b0c7e Mon Sep 17 00:00:00 2001 +From: Azure Linux Security Servicing Account + +Date: Mon, 4 Aug 2025 11:21:06 +0000 +Subject: [PATCH] Fix CVE CVE-2025-54351 in iperf3 + +Upstream Patch Reference: https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0.patch +--- + iperf-3.17.1/src/net.c.rej | 68 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 68 insertions(+) + create mode 100644 iperf-3.17.1/src/net.c.rej + +diff --git a/iperf-3.17.1/src/net.c.rej b/iperf-3.17.1/src/net.c.rej +new file mode 100644 +index 0000000..5471a3e +--- /dev/null ++++ b/iperf-3.17.1/src/net.c.rej +@@ -0,0 +1,68 @@ ++--- net.c +++++ net.c ++@@ -383,9 +383,7 @@ int ++ Nrecv(int fd, char *buf, size_t count, int prot, int sock_opt) ++ { ++ register ssize_t r; ++- // `nleft` must be signed as it may get negative value for SKIP-RX-COPY UDP (MSG_TRUNC in sock_opt). ++- register ssize_t nleft = count; ++- register size_t total = 0; +++ register size_t nleft = count; ++ struct iperf_time ftimeout = { 0, 0 }; ++ ++ fd_set rfdset; ++@@ -428,9 +426,15 @@ Nrecv(int fd, char *buf, size_t count, int prot, int sock_opt) ++ } else if (r == 0) ++ break; ++ ++- total += r; ++- nleft -= r; ++- buf += r; +++ if (sock_opt & MSG_TRUNC) { +++ size_t bytes_copied = (r > nleft)? nleft: r; +++ nleft -= bytes_copied; +++ buf += bytes_copied; +++ } +++ else { +++ nleft -= r; +++ buf += r; +++ } ++ ++ /* ++ * We need some more bytes but don't want to wait around ++@@ -465,7 +469,7 @@ Nrecv(int fd, char *buf, size_t count, int prot, int sock_opt) ++ } ++ } ++ } ++- return total; +++ return count - nleft; ++ } ++ ++ /********************************************************************/ ++@@ -491,6 +495,7 @@ Nrecv_no_select(int fd, char *buf, size_t count, int prot, int sock_opt) ++ r = recv(fd, buf, nleft, sock_opt); ++ else ++ r = read(fd, buf, nleft); +++ ++ if (r < 0) { ++ /* XXX EWOULDBLOCK can't happen without non-blocking sockets */ ++ if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) ++@@ -500,8 +505,16 @@ Nrecv_no_select(int fd, char *buf, size_t count, int prot, int sock_opt) ++ } else if (r == 0) ++ break; ++ ++- nleft -= r; ++- buf += r; +++ if (sock_opt & MSG_TRUNC) { +++ size_t bytes_copied = (r > nleft)? nleft: r; +++ nleft -= bytes_copied; +++ buf += bytes_copied; +++ } +++ else { +++ nleft -= r; +++ buf += r; +++ } +++ ++ ++ } ++ return count - nleft; +-- +2.45.4 + diff --git a/SPECS/iperf3/iperf3.spec b/SPECS/iperf3/iperf3.spec index 6b5adf200cc..76c3de09fcb 100644 --- a/SPECS/iperf3/iperf3.spec +++ b/SPECS/iperf3/iperf3.spec @@ -1,7 +1,7 @@ Summary: A network performance benchmark tool. Name: iperf3 Version: 3.17.1 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD and MIT and Public Domain Vendor: Microsoft Corporation Distribution: Azure Linux @@ -10,6 +10,7 @@ URL: https://github.com/esnet/iperf Source0: https://github.com/esnet/iperf/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch1: disablepg.patch Patch2: CVE-2024-53580.patch +Patch3: CVE-2025-54351.patch BuildRequires: autoconf >= 2.71 BuildRequires: automake @@ -67,6 +68,9 @@ make %{?_smp_mflags} check %{_mandir}/man3/libiperf.3.gz %changelog +* Mon Aug 04 2025 Azure Linux Security Servicing Account - 3.17.1-3 +- Patch for CVE-2025-54351 + * Tue Dec 31 2024 Kanishk Bansal - 3.17.1-2 - Address CVE-2024-53580 using an upstream patch.