1318b29a10
Version 5.0 - 4/22/2020 Major security updates. The key exchange and key derivation algorithms were modified and supported algorithms were pruned using TLS 1.3 as a basis. This includes: - HKDF used in multiple stages for key derivation from raw shared secrets. - Included addtional context in key derivation and signatures to protect against replay attacks and downgrade attacks. - Reduced set of supported EC curves to those supported by TLS 1.3 - Removed RSA key exchange which does not provide perfect forward secrecy. All key exchanges now use ECDH. - Removed support for SHA-1 hashes in key exchanges. - Supported symmetric ciphers are AES in AEAD mode (GCM or CCM). - Increased supported RSA key sizes Encrypted sessions are now enabled by default. It can be disabled by specifying "none" for the key type in the server's -Y option. Backward compatibility retained for version 4.x in clients and proxies. When communicating with a 4.x server, only allow algorithms and key exchange modes permitted in the new version. Clients and proxies no longer need to use signature keys that match the type and size used by the server. As a result, the -k and -K options to the client now only accept a single key instead of multiple. The proxy still supports multiple keys for 4.x compatibility, however only the first key listed is used for any version 5.x session. Proxies now send their keys in a separate message instead of injecting them in the ANNOUNCE sent by the server. This allows clients to be fully aware of proixes and allows them to authenticate servers and proxies separately, as well as Format of client's server list modified to specify the proxy that a server communicates through. Fingerprints listed in this file now always specify the server as opposed to having the proxy's key in some cases. Added -R option to client to specify a list of proxies along with their public key fingerprints. The old use of -R to specify a version 4.x response proxy has moved to -r. Previously, using -S in the client or proxy to specify a server list would automatically enable source specific multicast (SSM). The use of SSM is now enabled separately via the -o option on both the client and proxy. Fixed a bug that caused ECDSA signatures created on Linux with curve secp521r1 from being verified successfully on Windows. Fixed cleanup on clients and proxies to prevent occasional crashes on shutdown under Windows. Update timstamps in messages to use 64-bit microseconds since the epoch, addressing Y2038 issues.
31 lines
1.1 KiB
Makefile
31 lines
1.1 KiB
Makefile
# $NetBSD: Makefile,v 1.10 2020/11/24 13:25:14 nia Exp $
|
|
|
|
DISTNAME= uftp-5.0
|
|
CATEGORIES= net
|
|
MASTER_SITES= http://sourceforge.net/projects/uftp-multicast/files/source-tar/
|
|
|
|
MAINTAINER= pkgsrc-users@NetBSD.org
|
|
HOMEPAGE= http://uftp-multicast.sourceforge.net/
|
|
COMMENT= Encrypted multicast file transfer program
|
|
LICENSE= gnu-gpl-v3
|
|
|
|
USE_TOOLS+= gmake
|
|
NO_CONFIGURE= yes
|
|
MAKE_FILE= makefile
|
|
|
|
MAKE_ENV+= LIB="${COMPILER_RPATH_FLAG}${BUILDLINK_PREFIX.openssl}/lib"
|
|
|
|
CPPFLAGS.NetBSD+= -DHAS_GETIFADDRS -DNO_DUAL -DNO_MCAST_JOIN
|
|
|
|
INSTALLATION_DIRS+= bin sbin ${PKGMANDIR}/man1
|
|
|
|
do-install:
|
|
cd ${WRKSRC} && ${INSTALL_PROGRAM} uftp ${DESTDIR}${PREFIX}/bin
|
|
cd ${WRKSRC} && ${INSTALL_PROGRAM} uftpd ${DESTDIR}${PREFIX}/sbin
|
|
cd ${WRKSRC} && ${INSTALL_PROGRAM} uftpproxyd ${DESTDIR}${PREFIX}/sbin
|
|
cd ${WRKSRC} && ${INSTALL_PROGRAM} uftp_keymgt ${DESTDIR}${PREFIX}/bin
|
|
cd ${WRKSRC} && ${INSTALL_MAN} uftp.1 uftpd.1 uftpproxyd.1 uftp_keymgt.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1
|
|
|
|
.include "../../security/openssl/buildlink3.mk"
|
|
.include "../../mk/pthread.buildlink3.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|