Up to [cvs.NetBSD.org] / pkgsrc / net / uftp
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch
net: Remove SHA1 hashes for distfiles
uftp: Update to 5.0 Version 5.0 - 4/22/2020 Major security updates. The key exchange and key derivation algorithms were modified and supported algorithms were pruned using TLS 1.3 as a basis. This includes: - HKDF used in multiple stages for key derivation from raw shared secrets. - Included addtional context in key derivation and signatures to protect against replay attacks and downgrade attacks. - Reduced set of supported EC curves to those supported by TLS 1.3 - Removed RSA key exchange which does not provide perfect forward secrecy. All key exchanges now use ECDH. - Removed support for SHA-1 hashes in key exchanges. - Supported symmetric ciphers are AES in AEAD mode (GCM or CCM). - Increased supported RSA key sizes Encrypted sessions are now enabled by default. It can be disabled by specifying "none" for the key type in the server's -Y option. Backward compatibility retained for version 4.x in clients and proxies. When communicating with a 4.x server, only allow algorithms and key exchange modes permitted in the new version. Clients and proxies no longer need to use signature keys that match the type and size used by the server. As a result, the -k and -K options to the client now only accept a single key instead of multiple. The proxy still supports multiple keys for 4.x compatibility, however only the first key listed is used for any version 5.x session. Proxies now send their keys in a separate message instead of injecting them in the ANNOUNCE sent by the server. This allows clients to be fully aware of proixes and allows them to authenticate servers and proxies separately, as well as Format of client's server list modified to specify the proxy that a server communicates through. Fingerprints listed in this file now always specify the server as opposed to having the proxy's key in some cases. Added -R option to client to specify a list of proxies along with their public key fingerprints. The old use of -R to specify a version 4.x response proxy has moved to -r. Previously, using -S in the client or proxy to specify a server list would automatically enable source specific multicast (SSM). The use of SSM is now enabled separately via the -o option on both the client and proxy. Fixed a bug that caused ECDSA signatures created on Linux with curve secp521r1 from being verified successfully on Windows. Fixed cleanup on clients and proxies to prevent occasional crashes on shutdown under Windows. Update timstamps in messages to use 64-bit microseconds since the epoch, addressing Y2038 issues.
uftp: Update to 4.10 Note: this now supports OpenSSL 1.1. Version 4.10 - 7/10/2019 Allow specifying transmission rates of up to 1 Tbps. This involved changing a number of variables tracking the rate from 32 bit to 64 bit types. It also changed the tracking of wait times between data packet transmissions from microseconds to nanoseconds. Fixed a bug when getting the list of network interfaces in the event that an interface does not have an interface index number. Version 4.9.11 - 5/13/2019 The error check added in 4.9.10 on chdir wasn't checking the correct value, causing the client and proxy to not start in background mode. Bug fixed. Version 4.9.10 - 5/9/2019 The initial CLR selection was picking the receiver with the lowest RTT instead of the higest. Fixed to select the receiver with the highest RTT. While the server is sending, check for CTRL-C by the user at least once a second instead of waiting for a GRTT cycle if it is longer. Fixed rate calculation bug when TFMCC is specified with -R -1. Minor error checking / log format fixes Version 4.9.9 - 2/17/2019 Fixed handling of min_time in TFMCC mode Version 4.9.8 - 8/29/2018 When compiling with MSVC 2017, the IP_MTU_DISCOVER flag is defined but not implemented, resulting in errors when attempting to set it. Added check for the case if the flag is not implemented. Machines with a blank IP address for the first interface were getting a default UID of 0. When this happens, check for a non-blank interface to derive the UID from. Cleaned up setting of key exchange random numbers to avoid aliasing violation Version 4.9.7 - 5/27/2018 Fixed delay in server sending thread causing transfer of large files to time out. The block number to send was being incremented once per iteration of the main sending loop. This main loop also locks and unlocks a mutex to update data shared by the receiving thread. When a large number of consecutive blocks do not need to be sent, the lock/unlock cycles resulted in delays where no data was sent. Changed to increment the block number until a block to send is found without reiterating the main loop. Version 4.9.6 - 4/17/2018 When a response proxy sends a PROXY_KEY message, send it on all public multicast addresses, not just the first one Version 4.9.5 - 12/16/2017 Upated encryption module to support OpenSSL 1.1.x and 1.0.x. Removed support for OpenSSL 0.9.8 Changed install directory of uftpd uftpproxyd to /usr/bin Added CPPFLAGS to makefile for build hardening as requested by Debian Version 4.9.4 - 10/7/2017 When initializing TFMCC loss history, use datapacketsize if no recent packets found or if counter wraps. This fixes a divide-by-zero bug. Only run postreceive script when the incoming file has not yet been closed. This prevents the script from running twice if a duplicate DONE is received. Clarified documentation regarding incompatibility of temp dir and sync mode. Version 4.9.3 - 1/21/2017 Fixed a race condition in the server between the sending and receiving threads when building CONG_CTRL messages. The receiving thread was not locking when placing messages on a queue. Added proper locking. Minor updates to includes and typedefs to support 64-bit Windows builds. Now requires Visual Studio 2015 or higher. Changed manpage formatting and makefile options as suggested by Debian team. Added missing include for sys/time.h Version 4.9.2 - 4/3/2016 Under TFMCC when a client first experiences loss, it calculates the average packet size of the packets received either in the last GRTT or the last 64K packets, whichever is less. In the event the sequence number of the first lost packet is the same as the first packet received (which can happen due to wraparound), this wasn't being captures properly resulting in a divide by zero bug. Made a fix to properly account for sequence number wraparound. When calculating the average packet size above, a cast was used that could result in a negative number being returned for this value. Removed the offending cast. Fixed off-by-one bug when counting the number of DONE messages sent by the server before declaring clients as lost. Version 4.9.1 - 3/15/2016 A bug was introduced in 4.8.1 when a fix was made for received files having extra bytes appended when packets were received out of order. When a file's size is an exact multiple of the block size, the last block was getting truncated. Made a fix to account for this case. Version 4.9 - 2/28/2016 Added the -a option to the server, which specifies the maximum number of passes through transmitting a file before aborting any clients that have not yet received the entire file. When specifying TFMCC mode, the initial, minimum, and maximum rates were being read as bytes per second instead of the documented Kbps. These fields are now being properly read as Kbps. In TFMCC mode, when the CLR received a CONG_CTRL message, it was responding with a CC_ACK before updating its RTT value, resulting in the CLR reporting an outdated RTT. Made a fix to first update the RTT, then send the CC_ACK. Version 4.8.1 - 2/4/2016 When the last data block in the file arrived at the receiver out-of-order, additional null bytes were being appended to the end of the file. This was due to a bug in calculating the current cache size. Bug fixed. Clients normally check for sufficient free space before attempting to receive a file. This was not working correctly when -t was specified. Bug fixed. Version 4.8 - 1/5/2016 Added support for initial and minimum rates for TFMCC as well as a max rate. These may be specified as follows: -C tfmcc:min=min_rate:init=init_rate:max=max_rate See the man page for more details. Changed logging level for "invalid message" messages from level 1 to level 4. This should cut down on unnecessary log messages at lower levels. Fixed man page typos. Version 4.7 - 5/16/2015 Added group instance ID (i.e. restart number) to all log messages. Make sure that the client flushes the disk cache when a session is aborted. This wasn't being done previously, resulting in unnecessary retransmissions on the subsequent restart session. Previously, when a client registers via a proxy, the server added that client to the list of clients serviced by that proxy. There was a bug that allowed a client sending back multiple registers to be added to this list multiple times, resulting in a buffer overrun if there are a large number of clients registering via a given proxy. Fixed the bug by removing the list altogether, since the server doesn't really care which proxy a client registers via. Version 4.6.1 - 3/15/2015 At the start of the transfer phase with congestion control enabled, the server would sometimes select a client that had dropped out earlier in the session as the initial CLR, slowing down the file transfer. Fixed. In restart mode for a partially sent file, the server sends a DONE right away before sending data to get NAKs from the clients. The clients normally have a short delay before responding to a DONE to ensure that out of order data packets arrive. In this case, since no data has been sent yet, the clients will now respond right away to avoid the unneeded delay. When the clients joins or leaves a multicast group, it checks to see if any other active sessions are using that group before doing so. Fixed a bug that prevented the client from searching the whole list. Version 4.6 - 12/30/2014 Added the -F option to the client to print status info to a file. Like the server's -s option, passing in @LOG mixes this info with the regular logging output. The client now prints the hostname/IP address where an ANNOUNCE originates from, which may be either the server itself or a proxy. The -q option was added to prevent DNS lookups in the event it causes delays. Several spelling fixes in documentation and code comments. Fixed a memory leak in the fingerprint parsing routine. Version 4.5.1 - 9/14/2014 On the rare occasion a seek call made by the client errors or returns a file offset that was unexpected, a second call to seek is made to set the destination file offset to the proper place. However, this second seek was jumping to the wrong place in the file. This has been fixed, and a similar fix was made on the server as well. Allow the -s (status file) option on the server to take a special value of @LOG, which allows status info to be mixed with the regular logging output. This behavior is consistent with older versions that did this when sync mode was enabled. Version 4.5 - 8/26/2014 Added disk caching on the client, greatly improving high speed throughput. The cache size is controlled via the -c option. Changed logging levels on several log statements so that effectively level 0 is "error" and level 1 is "warning". The default log level of 2 will continue to contain semi-detailed logging. Increased client timeout for REG_CONF and DONE_CONF to 4*robust*grtt. This helps to prevent client from timing out too early. When the server receives a REGISTER or FILEINFO_ACK from a client and calculates its round trip time, enforce a lower limit of 0.01 seconds. This prevent client from timing out too quickly. Occurrences of SIGPIPE while writing to a log could result in an infinite loop. SIGPIPE is now ignored, relying on normal error handling instead. Version 4.4 - 7/22/2014 Added max rate option to TFMCC implementation Added -U option to server to specify the server's UID Removed stale UFTP3 congestion control code Version 4.3.1 - 7/3/2014 Have clients send an ABORT for all active sessions on shutdown Fixed #ifs that enable dual mode sockets Removed -O0 from BSD section of makefile Version 4.3 - 5/27/2014 Added support for ECN (Explicit Congestion Notification) in the TFMCC implementation in the server and client. Proxy support is forthcoming. See the man pages for known supported systems. Fixed warning in encrypt_openssl.c when compiling under FreeBSD x64. Explicitly enable dual mode IPv4/IPv6 sockets when IPv6 is used on systems that support it. Version 4.2 - 5/12/2014 Added distinct exit codes for various error conditions In client and proxy, check if private address is already in use before joining Fixed log rolling under Windows Version 4.1.5 - 3/1/2014 Fixed casting bug in server TFMCC operations when calculating client rate. Fixed server proxy bug where group round trip time was being read from client messages when it should only be read from server messages. Version 4.1.4 - 12/5/2013 During a restart session, a bug caused the full file to be resent on the first pass, and client wouldn't send back NAKs for the first session. This has been fixed. Fixed incorrect reading of client ID lists in DONE, DONE_CONF, and CONG_CTRL messages. Added group ID and file ID to server logging when timestamps are enabled. Added more warning checks for Linux and corrected warnings. Cleaned up error checking code for malloc and calloc calls. Version 4.1.3 - 10/13/2013 Since 4.0, compilation failed on MacOSX. This has been fixed.
Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Make sure we add an rpath to OpenSSL libraries, fixes check-shlibs-elf.awk Take the opportunity to make this package look more like a normal pkgsrc package and pkglint clean.
add uftp, a multicast file transfer tool