Version in base suite: 3.18-2+deb13u1

Base version: iperf3_3.18-2+deb13u1
Target version: iperf3_3.18-2+deb13u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/i/iperf3/iperf3_3.18-2+deb13u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/i/iperf3/iperf3_3.18-2+deb13u2.dsc

 changelog                |    6 ++++++
 patches/03-openssl.patch |   19 +++++++++++++++++++
 patches/series           |    1 +
 3 files changed, 26 insertions(+)

diff -Nru iperf3-3.18/debian/changelog iperf3-3.18/debian/changelog
--- iperf3-3.18/debian/changelog	2025-08-30 22:59:40.000000000 +0000
+++ iperf3-3.18/debian/changelog	2025-11-17 19:51:16.000000000 +0000
@@ -1,3 +1,9 @@
+iperf3 (3.18-2+deb13u2) trixie; urgency=medium
+
+  * Fix FTBS in trixie with openssl >= 3.5.3 (Closes: #1120866)
+
+ -- Roberto Lumbreras <rover@debian.org>  Mon, 17 Nov 2025 20:51:16 +0100
+
 iperf3 (3.18-2+deb13u1) trixie; urgency=high
 
   * Fix no-dsa security issues:
diff -Nru iperf3-3.18/debian/patches/03-openssl.patch iperf3-3.18/debian/patches/03-openssl.patch
--- iperf3-3.18/debian/patches/03-openssl.patch	1970-01-01 00:00:00.000000000 +0000
+++ iperf3-3.18/debian/patches/03-openssl.patch	2025-11-17 19:51:16.000000000 +0000
@@ -0,0 +1,19 @@
+Description: Resolve issue with openssl 3.5.3 encrypt #1956
+ Set output buffer size prior to encrypt operation
+ When calling EVP_PKEY_encrypt with a non-null output buffer,
+ the output buffer length must be provided. Attempts to write
+ beyond this length will fail.
+Author: Michael Lowman (GitHub)
+Forwarded: yes
+Index: iperf3-3.18/src/iperf_auth.c
+===================================================================
+--- iperf3-3.18.orig/src/iperf_auth.c	2025-11-17 20:53:32.586242819 +0100
++++ iperf3-3.18/src/iperf_auth.c	2025-11-17 20:53:32.586242819 +0100
+@@ -252,6 +252,7 @@
+ #endif
+     rsa_buffer  = OPENSSL_malloc(keysize * 2);
+     *encryptedtext = (unsigned char*)OPENSSL_malloc(keysize);
++    encryptedtext_len = keysize;
+ 
+     BIO *bioBuff   = BIO_new_mem_buf((void*)plaintext, (int)strlen(plaintext));
+     rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
diff -Nru iperf3-3.18/debian/patches/series iperf3-3.18/debian/patches/series
--- iperf3-3.18/debian/patches/series	2025-08-04 21:53:41.000000000 +0000
+++ iperf3-3.18/debian/patches/series	2025-11-17 19:51:16.000000000 +0000
@@ -2,3 +2,4 @@
 02-gcc15.patch
 CVE-2025-54349.patch
 CVE-2025-54350.patch
+03-openssl.patch