./net/uftp, Encrypted multicast file transfer program

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 5.0nb1, Package name: uftp-5.0nb1, Maintainer: pkgsrc-users

UFTP is an encrypted multicast file transfer program, designed to securely,
reliably, and efficiently transfer files to multiple receivers simultaneously.


Required to run:
[security/openssl]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 234.034 KB

Version history: (Expand)


CVS history: (Expand)


   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958)
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
   2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962)
Log message:
net: Remove SHA1 hashes for distfiles
   2020-11-24 14:25:14 by Nia Alarie | Files touched by this commit (2) | Package updated
Log message:
uftp: Update to 5.0

Version 5.0 - 4/22/2020
  Major security updates.  The key exchange and key derivation algorithms
    were modified and supported algorithms were pruned using TLS 1.3 as a
    basis.  This includes:
  - HKDF used in multiple stages for key derivation from raw shared secrets.
  - Included addtional context in key derivation and signatures to protect
    against replay attacks and downgrade attacks.
  - Reduced set of supported EC curves to those supported by TLS 1.3
  - Removed RSA key exchange which does not provide perfect forward secrecy.
    All key exchanges now use ECDH.
  - Removed support for SHA-1 hashes in key exchanges.
  - Supported symmetric ciphers are AES in AEAD mode (GCM or CCM).
  - Increased supported RSA key sizes
  Encrypted sessions are now enabled by default.  It can be disabled by
    specifying "none" for the key type in the server's -Y option.
  Backward compatibility retained for version 4.x in clients and proxies.
    When communicating with a 4.x server, only allow algorithms and key
    exchange modes permitted in the new version.
  Clients and proxies no longer need to use signature keys that match the
    type and size used by the server.  As a result, the -k and -K options to
    the client now only accept a single key instead of multiple.  The proxy
    still supports multiple keys for 4.x compatibility, however only the first
    key listed is used for any version 5.x session.
  Proxies now send their keys in a separate message instead of injecting them
    in the ANNOUNCE sent by the server.  This allows clients to be fully
    aware of proixes and allows them to authenticate servers and proxies
    separately, as well as
  Format of client's server list modified to specify the proxy that a server
    communicates through.  Fingerprints listed in this file now always
    specify the server as opposed to having the proxy's key in some cases.
  Added -R option to client to specify a list of proxies along with their
    public key fingerprints.  The old use of -R to specify a version 4.x
    response proxy has moved to -r.
  Previously, using -S in the client or proxy to specify a server list would
    automatically enable source specific multicast (SSM).  The use of SSM is
    now enabled separately via the -o option on both the client and proxy.
  Fixed a bug that caused ECDSA signatures created on Linux with curve
    secp521r1 from being verified successfully on Windows.
  Fixed cleanup on clients and proxies to prevent occasional crashes on
    shutdown under Windows.
  Update timstamps in messages to use 64-bit microseconds since the epoch,
    addressing Y2038 issues.
   2020-03-20 12:58:37 by Nia Alarie | Files touched by this commit (640)
Log message:
*: Convert broken sourceforge HOMEPAGEs back to http
   2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046)
Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-09-13 12:42:05 by Nia Alarie | Files touched by this commit (4) | Package updated
Log message:
uftp: Update to 4.10

Note: this now supports OpenSSL 1.1.

Version 4.10 - 7/10/2019
  Allow specifying transmission rates of up to 1 Tbps.  This involved changing
    a number of variables tracking the rate from 32 bit to 64 bit types.  It
    also changed the tracking of wait times between data packet transmissions
    from microseconds to nanoseconds.
  Fixed a bug when getting the list of network interfaces in the event that
    an interface does not have an interface index number.

Version 4.9.11 - 5/13/2019
  The error check added in 4.9.10 on chdir wasn't checking the correct value,
    causing the client and proxy to not start in background mode.  Bug fixed.

Version 4.9.10 - 5/9/2019
  The initial CLR selection was picking the receiver with the lowest RTT
    instead of the higest.  Fixed to select the receiver with the highest RTT.
  While the server is sending, check for CTRL-C by the user at least once a
    second instead of waiting for a GRTT cycle if it is longer.
  Fixed rate calculation bug when TFMCC is specified with -R -1.
  Minor error checking / log format fixes

Version 4.9.9 - 2/17/2019
  Fixed handling of min_time in TFMCC mode

Version 4.9.8 - 8/29/2018
  When compiling with MSVC 2017, the IP_MTU_DISCOVER flag is defined but not
    implemented, resulting in errors when attempting to set it.  Added check
    for the case if the flag is not implemented.
  Machines with a blank IP address for the first interface were getting a
    default UID of 0.  When this happens, check for a non-blank interface
    to derive the UID from.
  Cleaned up setting of key exchange random numbers to avoid aliasing violation

Version 4.9.7 - 5/27/2018
  Fixed delay in server sending thread causing transfer of large files to
    time out.  The block number to send was being incremented once per
    iteration of the main sending loop.  This main loop also locks and unlocks
    a mutex to update data shared by the receiving thread.  When a large
    number of consecutive blocks do not need to be sent, the lock/unlock
    cycles resulted in delays where no data was sent.  Changed to increment
    the block number until a block to send is found without reiterating
    the main loop.

Version 4.9.6 - 4/17/2018
  When a response proxy sends a PROXY_KEY message, send it on all public
    multicast addresses, not just the first one

Version 4.9.5 - 12/16/2017
  Upated encryption module to support OpenSSL 1.1.x and 1.0.x.
    Removed support for OpenSSL 0.9.8
  Changed install directory of uftpd uftpproxyd to /usr/bin
  Added CPPFLAGS to makefile for build hardening as requested by Debian

Version 4.9.4 - 10/7/2017
  When initializing TFMCC loss history, use datapacketsize if no recent packets
    found or if counter wraps.  This fixes a divide-by-zero bug.
  Only run postreceive script when the incoming file has not yet been closed.
    This prevents the script from running twice if a duplicate DONE is received.
  Clarified documentation regarding incompatibility of temp dir and sync mode.

Version 4.9.3 - 1/21/2017
  Fixed a race condition in the server between the sending and receiving
    threads when building CONG_CTRL messages.  The receiving thread was
    not locking when placing messages on a queue.  Added proper locking.
  Minor updates to includes and typedefs to support 64-bit Windows builds.
    Now requires Visual Studio 2015 or higher.
  Changed manpage formatting and makefile options as suggested by Debian team.
  Added missing include for sys/time.h

Version 4.9.2 - 4/3/2016
  Under TFMCC when a client first experiences loss, it calculates the average
    packet size of the packets received either in the last GRTT or the last
    64K packets, whichever is less.  In the event the sequence number of the
    first lost packet is the same as the first packet received (which can
    happen due to wraparound), this wasn't being captures properly resulting
    in a divide by zero bug.  Made a fix to properly account for sequence
    number wraparound.
  When calculating the average packet size above, a cast was used that could
    result in a negative number being returned for this value.  Removed the
    offending cast.
  Fixed off-by-one bug when counting the number of DONE messages sent by the
    server before declaring clients as lost.

Version 4.9.1 - 3/15/2016
  A bug was introduced in 4.8.1 when a fix was made for received files having
    extra bytes appended when packets were received out of order.  When a
    file's size is an exact multiple of the block size, the last block was
    getting truncated.  Made a fix to account for this case.

Version 4.9 - 2/28/2016
  Added the -a option to the server, which specifies the maximum number of
    passes through transmitting a file before aborting any clients that have
    not yet received the entire file.
  When specifying TFMCC mode, the initial, minimum, and maximum rates were
    being read as bytes per second instead of the documented Kbps.  These
    fields are now being properly read as Kbps.
  In TFMCC mode, when the CLR received a CONG_CTRL message, it was responding
    with a CC_ACK before updating its RTT value, resulting in the CLR reporting
    an outdated RTT.  Made a fix to first update the RTT, then send the CC_ACK.

Version 4.8.1 - 2/4/2016
  When the last data block in the file arrived at the receiver out-of-order,
    additional null bytes were being appended to the end of the file.  This
    was due to a bug in calculating the current cache size.  Bug fixed.
  Clients normally check for sufficient free space before attempting to receive
    a file.  This was not working correctly when -t was specified.  Bug fixed.

Version 4.8 - 1/5/2016
  Added support for initial and minimum rates for TFMCC as well as a max rate.
    These may be specified as follows:
      -C tfmcc:min=min_rate:init=init_rate:max=max_rate
    See the man page for more details.
  Changed logging level for "invalid message" messages from level 1 to \ 
level 4.
    This should cut down on unnecessary log messages at lower levels.
  Fixed man page typos.

Version 4.7 - 5/16/2015
  Added group instance ID (i.e. restart number) to all log messages.
  Make sure that the client flushes the disk cache when a session is aborted.
    This wasn't being done previously, resulting in unnecessary retransmissions
    on the subsequent restart session.
  Previously, when a client registers via a proxy, the server added that client
    to the list of clients serviced by that proxy.  There was a bug that
    allowed a client sending back multiple registers to be added to this list
    multiple times, resulting in a buffer overrun if there are a large number
    of clients registering via a given proxy.  Fixed the bug by removing the
    list altogether, since the server doesn't really care which proxy a
    client registers via.

Version 4.6.1 - 3/15/2015
  At the start of the transfer phase with congestion control enabled, the
    server would sometimes select a client that had dropped out earlier in
    the session as the initial CLR, slowing down the file transfer.  Fixed.
  In restart mode for a partially sent file, the server sends a DONE right
    away before sending data to get NAKs from the clients.  The clients
    normally have a short delay before responding to a DONE to ensure that
    out of order data packets arrive.  In this case, since no data has been
    sent yet, the clients will now respond right away to avoid the unneeded
    delay.
  When the clients joins or leaves a multicast group, it checks to see if any
    other active sessions are using that group before doing so.  Fixed a bug
    that prevented the client from searching the whole list.

Version 4.6 - 12/30/2014
  Added the -F option to the client to print status info to a file.  Like
    the server's -s option, passing in @LOG mixes this info with the regular
    logging output.
  The client now prints the hostname/IP address where an ANNOUNCE originates
    from, which may be either the server itself or a proxy.  The -q option
    was added to prevent DNS lookups in the event it causes delays.
  Several spelling fixes in documentation and code comments.
  Fixed a memory leak in the fingerprint parsing routine.

Version 4.5.1 - 9/14/2014
  On the rare occasion a seek call made by the client errors or returns a
    file offset that was unexpected, a second call to seek is made to set the
    destination file offset to the proper place.  However, this second seek
    was jumping to the wrong place in the file.  This has been fixed, and
    a similar fix was made on the server as well.
  Allow the -s (status file) option on the server to take a special value of
    @LOG, which allows status info to be mixed with the regular logging output.
    This behavior is consistent with older versions that did this when sync
    mode was enabled.

Version 4.5 - 8/26/2014
  Added disk caching on the client, greatly improving high speed throughput.
    The cache size is controlled via the -c option.
  Changed logging levels on several log statements so that effectively
    level 0 is "error" and level 1 is "warning".  The \ 
default log level of 2
    will continue to contain semi-detailed logging.
  Increased client timeout for REG_CONF and DONE_CONF to 4*robust*grtt.
    This helps to prevent client from timing out too early.
  When the server receives a REGISTER or FILEINFO_ACK from a client and
    calculates its round trip time, enforce a lower limit of 0.01 seconds.
    This prevent client from timing out too quickly.
  Occurrences of SIGPIPE while writing to a log could result in an infinite
    loop.  SIGPIPE is now ignored, relying on normal error handling instead.

Version 4.4 - 7/22/2014
  Added max rate option to TFMCC implementation
  Added -U option to server to specify the server's UID
  Removed stale UFTP3 congestion control code

Version 4.3.1 - 7/3/2014
  Have clients send an ABORT for all active sessions on shutdown
  Fixed #ifs that enable dual mode sockets
  Removed -O0 from BSD section of makefile

Version 4.3 - 5/27/2014
  Added support for ECN (Explicit Congestion Notification) in the TFMCC
    implementation in the server and client.  Proxy support is forthcoming.
    See the man pages for known supported systems.
  Fixed warning in encrypt_openssl.c when compiling under FreeBSD x64.
  Explicitly enable dual mode IPv4/IPv6 sockets when IPv6 is used on systems
    that support it.

Version 4.2 - 5/12/2014
  Added distinct exit codes for various error conditions
  In client and proxy, check if private address is already in use before joining
  Fixed log rolling under Windows

Version 4.1.5 - 3/1/2014
  Fixed casting bug in server TFMCC operations when calculating client rate.
  Fixed server proxy bug where group round trip time was being read from
    client messages when it should only be read from server messages.

Version 4.1.4 - 12/5/2013
  During a restart session, a bug caused the full file to be resent on the
    first pass, and client wouldn't send back NAKs for the first session.
    This has been fixed.
  Fixed incorrect reading of client ID lists in DONE, DONE_CONF, and CONG_CTRL
    messages.
  Added group ID and file ID to server logging when timestamps are enabled.
  Added more warning checks for Linux and corrected warnings.
  Cleaned up error checking code for malloc and calloc calls.

Version 4.1.3 - 10/13/2013
  Since 4.0, compilation failed on MacOSX.  This has been fixed.