iperf3: security bump to version 3.1.3

Fixes:
ESNET-SECADV-2016-0001 - A malicious process can connect to an iperf3
server and, by sending a malformed message on the control channel,
corrupt the server process's heap area.  This can lead to a crash (and a
denial of service), or theoretically a remote code execution as the user
running the iperf3 server. A malicious iperf3 server could potentially
mount a similar attack on an iperf3 client.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/iperf3/iperf3.hash b/package/iperf3/iperf3.hash
index 48a2b2a807c80025521ed41fb8a549ec6adeace3..1accccd04a218fa19460df8e17b49f79cbfb896a 100644 (file)
--- a/package/iperf3/iperf3.hash
+++ b/package/iperf3/iperf3.hash
@@ -1,2 +1,2 @@
-# Locally calculated
-sha256  48b5c783bb4a9c44f2bdcfe52c5d45b77ab1e1c82de3d0131f692457950811f9  iperf3-3.1.2.tar.gz
+# From http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released
+sha256  60d8db69b1d74a64d78566c2317c373a85fef691b8d277737ee5d29f448595bf  iperf-3.1.3.tar.gz

diff --git a/package/iperf3/iperf3.mk b/package/iperf3/iperf3.mk
index 2438955f6437dab4d2e21380d3a2d82b3ca2446c..3d2a7086ebd32e3675f3a3a888fb50daa122f13b 100644 (file)
--- a/package/iperf3/iperf3.mk
+++ b/package/iperf3/iperf3.mk
@@ -4,8 +4,9 @@
 #
 ################################################################################
 
-IPERF3_VERSION = 3.1.2
-IPERF3_SITE = $(call github,esnet,iperf,$(IPERF3_VERSION))
+IPERF3_VERSION = 3.1.3
+IPERF3_SITE = http://downloads.es.net/pub/iperf
+IPERF3_SOURCE = iperf-$(IPERF3_VERSION).tar.gz
 IPERF3_LICENSE = BSD-3c, BSD-2c, MIT
 IPERF3_LICENSE_FILES = LICENSE